devise 4.1.1 → 4.2.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.travis.yml +9 -7
- data/CHANGELOG.md +46 -2
- data/CONTRIBUTING.md +30 -7
- data/Gemfile +14 -7
- data/Gemfile.lock +96 -81
- data/README.md +89 -37
- data/app/controllers/devise/omniauth_callbacks_controller.rb +3 -3
- data/app/controllers/devise/registrations_controller.rb +3 -3
- data/app/views/devise/registrations/edit.html.erb +4 -0
- data/gemfiles/Gemfile.rails-4.1-stable +4 -4
- data/gemfiles/Gemfile.rails-4.1-stable.lock +27 -23
- data/gemfiles/Gemfile.rails-4.2-stable +4 -4
- data/gemfiles/Gemfile.rails-4.2-stable.lock +58 -54
- data/guides/bug_report_templates/integration_test.rb +104 -0
- data/lib/devise.rb +21 -14
- data/lib/devise/controllers/helpers.rb +12 -1
- data/lib/devise/controllers/rememberable.rb +1 -1
- data/lib/devise/controllers/sign_in_out.rb +25 -10
- data/lib/devise/failure_app.rb +25 -17
- data/lib/devise/hooks/proxy.rb +1 -1
- data/lib/devise/models/authenticatable.rb +23 -2
- data/lib/devise/models/confirmable.rb +13 -7
- data/lib/devise/models/database_authenticatable.rb +0 -5
- data/lib/devise/models/recoverable.rb +10 -15
- data/lib/devise/omniauth/url_helpers.rb +0 -51
- data/lib/devise/orm/active_record.rb +3 -1
- data/lib/devise/orm/mongoid.rb +4 -2
- data/lib/devise/parameter_sanitizer.rb +0 -55
- data/lib/devise/rails.rb +3 -1
- data/lib/devise/test/controller_helpers.rb +162 -0
- data/lib/devise/test/integration_helpers.rb +61 -0
- data/lib/devise/test_helpers.rb +5 -129
- data/lib/devise/version.rb +1 -1
- data/lib/generators/templates/README +1 -8
- data/lib/generators/templates/devise.rb +6 -0
- data/test/controllers/custom_registrations_controller_test.rb +1 -1
- data/test/controllers/custom_strategy_test.rb +1 -1
- data/test/controllers/helpers_test.rb +4 -4
- data/test/controllers/internal_helpers_test.rb +1 -1
- data/test/controllers/passwords_controller_test.rb +1 -1
- data/test/controllers/sessions_controller_test.rb +2 -2
- data/test/devise_test.rb +9 -9
- data/test/failure_app_test.rb +18 -0
- data/test/integration/authenticatable_test.rb +36 -36
- data/test/integration/confirmable_test.rb +7 -7
- data/test/integration/database_authenticatable_test.rb +5 -5
- data/test/integration/http_authenticatable_test.rb +2 -2
- data/test/integration/lockable_test.rb +1 -1
- data/test/integration/mounted_engine_test.rb +36 -0
- data/test/integration/omniauthable_test.rb +1 -1
- data/test/integration/recoverable_test.rb +4 -4
- data/test/integration/registerable_test.rb +12 -6
- data/test/integration/rememberable_test.rb +10 -10
- data/test/integration/timeoutable_test.rb +5 -5
- data/test/mapping_test.rb +1 -1
- data/test/models/confirmable_test.rb +33 -25
- data/test/models/database_authenticatable_test.rb +13 -13
- data/test/models/lockable_test.rb +16 -16
- data/test/models/omniauthable_test.rb +1 -1
- data/test/models/recoverable_test.rb +10 -10
- data/test/models/registerable_test.rb +1 -1
- data/test/models/rememberable_test.rb +16 -3
- data/test/models/serializable_test.rb +5 -0
- data/test/models/timeoutable_test.rb +7 -7
- data/test/models/trackable_test.rb +1 -1
- data/test/models/validatable_test.rb +1 -1
- data/test/models_test.rb +2 -2
- data/test/parameter_sanitizer_test.rb +0 -56
- data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +1 -1
- data/test/rails_app/config/environments/production.rb +3 -1
- data/test/rails_app/config/environments/test.rb +5 -6
- data/test/rails_app/db/migrate/20100401102949_create_tables.rb +5 -1
- data/test/support/assertions.rb +0 -11
- data/test/{test_helpers_test.rb → test/controller_helpers_test.rb} +2 -2
- data/test/test/integration_helpers_test.rb +32 -0
- metadata +11 -6
- data/gemfiles/Gemfile.rails-5.0-beta +0 -37
- data/gemfiles/Gemfile.rails-5.0-beta.lock +0 -199
@@ -0,0 +1,61 @@
|
|
1
|
+
module Devise
|
2
|
+
# Devise::Test::IntegrationHelpers is a helper module for facilitating
|
3
|
+
# authentication on Rails integration tests to bypass the required steps for
|
4
|
+
# signin in or signin out a record.
|
5
|
+
#
|
6
|
+
# Examples
|
7
|
+
#
|
8
|
+
# class PostsTest < ActionDispatch::IntegrationTest
|
9
|
+
# include Devise::Test::IntegrationHelpers
|
10
|
+
#
|
11
|
+
# test 'authenticated users can see posts' do
|
12
|
+
# sign_in users(:bob)
|
13
|
+
#
|
14
|
+
# get '/posts'
|
15
|
+
# assert_response :success
|
16
|
+
# end
|
17
|
+
# end
|
18
|
+
module Test
|
19
|
+
module IntegrationHelpers
|
20
|
+
def self.included(base)
|
21
|
+
base.class_eval do
|
22
|
+
include Warden::Test::Helpers
|
23
|
+
|
24
|
+
setup :setup_integration_for_devise
|
25
|
+
teardown :teardown_integration_for_devise
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
# Signs in a specific resource, mimicking a successfull sign in
|
30
|
+
# operation through +Devise::SessionsController#create+.
|
31
|
+
#
|
32
|
+
# * +resource+ - The resource that should be authenticated
|
33
|
+
# * +scope+ - An optional +Symbol+ with the scope where the resource
|
34
|
+
# should be signed in with.
|
35
|
+
def sign_in(resource, scope: nil)
|
36
|
+
scope ||= Devise::Mapping.find_scope!(resource)
|
37
|
+
|
38
|
+
login_as(resource, scope: scope)
|
39
|
+
end
|
40
|
+
|
41
|
+
# Signs out a specific scope from the session.
|
42
|
+
#
|
43
|
+
# * +resource_or_scope+ - The resource or scope that should be signed out.
|
44
|
+
def sign_out(resource_or_scope)
|
45
|
+
scope = Devise::Mapping.find_scope!(resource_or_scope)
|
46
|
+
|
47
|
+
logout scope
|
48
|
+
end
|
49
|
+
|
50
|
+
protected
|
51
|
+
|
52
|
+
def setup_integration_for_devise
|
53
|
+
Warden.test_mode!
|
54
|
+
end
|
55
|
+
|
56
|
+
def teardown_integration_for_devise
|
57
|
+
Warden.test_reset!
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
data/lib/devise/test_helpers.rb
CHANGED
@@ -1,137 +1,13 @@
|
|
1
1
|
module Devise
|
2
|
-
# Devise::TestHelpers provides a facility to test controllers in isolation
|
3
|
-
# when using ActionController::TestCase allowing you to quickly sign_in or
|
4
|
-
# sign_out a user. Do not use Devise::TestHelpers in integration tests.
|
5
|
-
#
|
6
|
-
# Notice you should not test Warden specific behavior (like Warden callbacks)
|
7
|
-
# using Devise::TestHelpers since it is a stub of the actual behavior. Such
|
8
|
-
# callbacks should be tested in your integration suite instead.
|
9
2
|
module TestHelpers
|
10
3
|
def self.included(base)
|
11
4
|
base.class_eval do
|
12
|
-
|
5
|
+
ActiveSupport::Deprecation.warn <<-DEPRECATION
|
6
|
+
[Devise] including `Devise::TestHelpers` is deprecated and will be removed from Devise.
|
7
|
+
For controller tests, please include `Devise::Test::ControllerHelpers` instead.
|
8
|
+
DEPRECATION
|
9
|
+
include Devise::Test::ControllerHelpers
|
13
10
|
end
|
14
11
|
end
|
15
|
-
|
16
|
-
# Override process to consider warden.
|
17
|
-
def process(*)
|
18
|
-
# Make sure we always return @response, a la ActionController::TestCase::Behaviour#process, even if warden interrupts
|
19
|
-
_catch_warden { super } # || @response # _catch_warden will setup the @response object
|
20
|
-
|
21
|
-
# process needs to return the ActionDispath::TestResponse object
|
22
|
-
@response
|
23
|
-
end
|
24
|
-
|
25
|
-
# We need to set up the environment variables and the response in the controller.
|
26
|
-
def setup_controller_for_warden #:nodoc:
|
27
|
-
@request.env['action_controller.instance'] = @controller
|
28
|
-
end
|
29
|
-
|
30
|
-
# Quick access to Warden::Proxy.
|
31
|
-
def warden #:nodoc:
|
32
|
-
@request.env['warden'] ||= begin
|
33
|
-
manager = Warden::Manager.new(nil) do |config|
|
34
|
-
config.merge! Devise.warden_config
|
35
|
-
end
|
36
|
-
Warden::Proxy.new(@request.env, manager)
|
37
|
-
end
|
38
|
-
end
|
39
|
-
|
40
|
-
# sign_in a given resource by storing its keys in the session.
|
41
|
-
# This method bypass any warden authentication callback.
|
42
|
-
#
|
43
|
-
# Examples:
|
44
|
-
#
|
45
|
-
# sign_in :user, @user # sign_in(scope, resource)
|
46
|
-
# sign_in @user # sign_in(resource)
|
47
|
-
#
|
48
|
-
def sign_in(resource_or_scope, resource=nil)
|
49
|
-
scope ||= Devise::Mapping.find_scope!(resource_or_scope)
|
50
|
-
resource ||= resource_or_scope
|
51
|
-
warden.instance_variable_get(:@users).delete(scope)
|
52
|
-
warden.session_serializer.store(resource, scope)
|
53
|
-
end
|
54
|
-
|
55
|
-
# Sign out a given resource or scope by calling logout on Warden.
|
56
|
-
# This method bypass any warden logout callback.
|
57
|
-
#
|
58
|
-
# Examples:
|
59
|
-
#
|
60
|
-
# sign_out :user # sign_out(scope)
|
61
|
-
# sign_out @user # sign_out(resource)
|
62
|
-
#
|
63
|
-
def sign_out(resource_or_scope)
|
64
|
-
scope = Devise::Mapping.find_scope!(resource_or_scope)
|
65
|
-
@controller.instance_variable_set(:"@current_#{scope}", nil)
|
66
|
-
user = warden.instance_variable_get(:@users).delete(scope)
|
67
|
-
warden.session_serializer.delete(scope, user)
|
68
|
-
end
|
69
|
-
|
70
|
-
protected
|
71
|
-
|
72
|
-
# Catch warden continuations and handle like the middleware would.
|
73
|
-
# Returns nil when interrupted, otherwise the normal result of the block.
|
74
|
-
def _catch_warden(&block)
|
75
|
-
result = catch(:warden, &block)
|
76
|
-
|
77
|
-
env = @controller.request.env
|
78
|
-
|
79
|
-
result ||= {}
|
80
|
-
|
81
|
-
# Set the response. In production, the rack result is returned
|
82
|
-
# from Warden::Manager#call, which the following is modelled on.
|
83
|
-
case result
|
84
|
-
when Array
|
85
|
-
if result.first == 401 && intercept_401?(env) # does this happen during testing?
|
86
|
-
_process_unauthenticated(env)
|
87
|
-
else
|
88
|
-
result
|
89
|
-
end
|
90
|
-
when Hash
|
91
|
-
_process_unauthenticated(env, result)
|
92
|
-
else
|
93
|
-
result
|
94
|
-
end
|
95
|
-
end
|
96
|
-
|
97
|
-
def _process_unauthenticated(env, options = {})
|
98
|
-
options[:action] ||= :unauthenticated
|
99
|
-
proxy = env['warden']
|
100
|
-
result = options[:result] || proxy.result
|
101
|
-
|
102
|
-
ret = case result
|
103
|
-
when :redirect
|
104
|
-
body = proxy.message || "You are being redirected to #{proxy.headers['Location']}"
|
105
|
-
[proxy.status, proxy.headers, [body]]
|
106
|
-
when :custom
|
107
|
-
proxy.custom_response
|
108
|
-
else
|
109
|
-
env["PATH_INFO"] = "/#{options[:action]}"
|
110
|
-
env["warden.options"] = options
|
111
|
-
Warden::Manager._run_callbacks(:before_failure, env, options)
|
112
|
-
|
113
|
-
status, headers, response = Devise.warden_config[:failure_app].call(env).to_a
|
114
|
-
@controller.response.headers.merge!(headers)
|
115
|
-
r_opts = { status: status, content_type: headers["Content-Type"], location: headers["Location"] }
|
116
|
-
r_opts[Rails.version.start_with?('5') ? :body : :text] = response.body
|
117
|
-
@controller.send :render, r_opts
|
118
|
-
nil # causes process return @response
|
119
|
-
end
|
120
|
-
|
121
|
-
# ensure that the controller response is set up. In production, this is
|
122
|
-
# not necessary since warden returns the results to rack. However, at
|
123
|
-
# testing time, we want the response to be available to the testing
|
124
|
-
# framework to verify what would be returned to rack.
|
125
|
-
if ret.is_a?(Array)
|
126
|
-
# ensure the controller response is set to our response.
|
127
|
-
@controller.response ||= @response
|
128
|
-
@response.status = ret.first
|
129
|
-
@response.headers.clear
|
130
|
-
ret.second.each { |k,v| @response[k] = v }
|
131
|
-
@response.body = ret.third
|
132
|
-
end
|
133
|
-
|
134
|
-
ret
|
135
|
-
end
|
136
12
|
end
|
137
13
|
end
|
data/lib/devise/version.rb
CHANGED
@@ -21,14 +21,7 @@ Some setup you must do manually if you haven't yet:
|
|
21
21
|
<p class="notice"><%= notice %></p>
|
22
22
|
<p class="alert"><%= alert %></p>
|
23
23
|
|
24
|
-
4.
|
25
|
-
|
26
|
-
config.assets.initialize_on_precompile = false
|
27
|
-
|
28
|
-
On config/application.rb forcing your application to not access the DB
|
29
|
-
or load models when precompiling your assets.
|
30
|
-
|
31
|
-
5. You can copy Devise views (for customization) to your app by running:
|
24
|
+
4. You can copy Devise views (for customization) to your app by running:
|
32
25
|
|
33
26
|
rails g devise:views
|
34
27
|
|
@@ -90,6 +90,12 @@ Devise.setup do |config|
|
|
90
90
|
# from the server. You can disable this option at your own risk.
|
91
91
|
# config.clean_up_csrf_token_on_authentication = true
|
92
92
|
|
93
|
+
# When false, Devise will not attempt to reload routes on eager load.
|
94
|
+
# This can reduce the time taken to boot the app but if your application
|
95
|
+
# requires the Devise mappings to be loaded during boot time the application
|
96
|
+
# won't boot properly.
|
97
|
+
# config.reload_routes = true
|
98
|
+
|
93
99
|
# ==> Configuration for :database_authenticatable
|
94
100
|
# For bcrypt, this is the cost for hashing the password and defaults to 11. If
|
95
101
|
# using other algorithms, it sets how many times you want the password to be hashed.
|
@@ -3,7 +3,7 @@ require 'test_helper'
|
|
3
3
|
class CustomRegistrationsControllerTest < Devise::ControllerTestCase
|
4
4
|
tests Custom::RegistrationsController
|
5
5
|
|
6
|
-
include Devise::
|
6
|
+
include Devise::Test::ControllerHelpers
|
7
7
|
|
8
8
|
setup do
|
9
9
|
request.env["devise.mapping"] = Devise.mappings[:user]
|
@@ -96,7 +96,7 @@ class ControllerAuthenticatableTest < Devise::ControllerTestCase
|
|
96
96
|
|
97
97
|
test 'proxy admin_signed_in? to authenticatewith admin scope' do
|
98
98
|
@mock_warden.expects(:authenticate).with(scope: :admin)
|
99
|
-
|
99
|
+
refute @controller.admin_signed_in?
|
100
100
|
end
|
101
101
|
|
102
102
|
test 'proxy publisher_account_signed_in? to authenticate with namespaced publisher account scope' do
|
@@ -150,11 +150,11 @@ class ControllerAuthenticatableTest < Devise::ControllerTestCase
|
|
150
150
|
@controller.sign_in(user, force: true)
|
151
151
|
end
|
152
152
|
|
153
|
-
test 'sign in
|
153
|
+
test 'bypass the sign in' do
|
154
154
|
user = User.new
|
155
155
|
@mock_warden.expects(:session_serializer).returns(serializer = mock())
|
156
156
|
serializer.expects(:store).with(user, :user)
|
157
|
-
@controller.
|
157
|
+
@controller.bypass_sign_in(user)
|
158
158
|
end
|
159
159
|
|
160
160
|
test 'sign out clears up any signed in user from all scopes' do
|
@@ -311,6 +311,6 @@ class ControllerAuthenticatableTest < Devise::ControllerTestCase
|
|
311
311
|
end
|
312
312
|
|
313
313
|
test 'is not a devise controller' do
|
314
|
-
|
314
|
+
refute @controller.devise_controller?
|
315
315
|
end
|
316
316
|
end
|
@@ -119,7 +119,7 @@ class HelpersTest < Devise::ControllerTestCase
|
|
119
119
|
MyController.send(:public, :navigational_formats)
|
120
120
|
|
121
121
|
swap Devise, navigational_formats: ['*/*', :html] do
|
122
|
-
|
122
|
+
refute @controller.navigational_formats.include?("*/*")
|
123
123
|
end
|
124
124
|
|
125
125
|
MyController.send(:protected, :navigational_formats)
|
@@ -2,7 +2,7 @@ require 'test_helper'
|
|
2
2
|
|
3
3
|
class SessionsControllerTest < Devise::ControllerTestCase
|
4
4
|
tests Devise::SessionsController
|
5
|
-
include Devise::
|
5
|
+
include Devise::Test::ControllerHelpers
|
6
6
|
|
7
7
|
test "#create doesn't raise unpermitted params when sign in fails" do
|
8
8
|
begin
|
@@ -94,7 +94,7 @@ class SessionsControllerTest < Devise::ControllerTestCase
|
|
94
94
|
User.class_eval { attr_protected :email }
|
95
95
|
|
96
96
|
begin
|
97
|
-
assert_nothing_raised
|
97
|
+
assert_nothing_raised do
|
98
98
|
get :new, user: { email: "allez viens!" }
|
99
99
|
end
|
100
100
|
ensure
|
data/test/devise_test.rb
CHANGED
@@ -67,18 +67,18 @@ class DeviseTest < ActiveSupport::TestCase
|
|
67
67
|
end
|
68
68
|
|
69
69
|
test 'add new module using the helper method' do
|
70
|
-
|
70
|
+
Devise.add_module(:coconut)
|
71
71
|
assert_equal 1, Devise::ALL.select { |v| v == :coconut }.size
|
72
|
-
|
73
|
-
|
72
|
+
refute Devise::STRATEGIES.include?(:coconut)
|
73
|
+
refute defined?(Devise::Models::Coconut)
|
74
74
|
Devise::ALL.delete(:coconut)
|
75
75
|
|
76
|
-
|
76
|
+
Devise.add_module(:banana, strategy: :fruits)
|
77
77
|
assert_equal :fruits, Devise::STRATEGIES[:banana]
|
78
78
|
Devise::ALL.delete(:banana)
|
79
79
|
Devise::STRATEGIES.delete(:banana)
|
80
80
|
|
81
|
-
|
81
|
+
Devise.add_module(:kivi, controller: :fruits)
|
82
82
|
assert_equal :fruits, Devise::CONTROLLERS[:kivi]
|
83
83
|
Devise::ALL.delete(:kivi)
|
84
84
|
Devise::CONTROLLERS.delete(:kivi)
|
@@ -86,11 +86,11 @@ class DeviseTest < ActiveSupport::TestCase
|
|
86
86
|
|
87
87
|
test 'should complain when comparing empty or different sized passes' do
|
88
88
|
[nil, ""].each do |empty|
|
89
|
-
|
90
|
-
|
91
|
-
|
89
|
+
refute Devise.secure_compare(empty, "something")
|
90
|
+
refute Devise.secure_compare("something", empty)
|
91
|
+
refute Devise.secure_compare(empty, empty)
|
92
92
|
end
|
93
|
-
|
93
|
+
refute Devise.secure_compare("size_1", "size_four")
|
94
94
|
end
|
95
95
|
|
96
96
|
test 'Devise.email_regexp should match valid email addresses' do
|
data/test/failure_app_test.rb
CHANGED
@@ -131,6 +131,24 @@ class FailureTest < ActiveSupport::TestCase
|
|
131
131
|
end
|
132
132
|
end
|
133
133
|
|
134
|
+
if Rails.application.config.action_controller.respond_to?(:relative_url_root)
|
135
|
+
test "returns to the default redirect location considering action_controller's relative url root" do
|
136
|
+
swap Rails.application.config.action_controller, relative_url_root: "/sample" do
|
137
|
+
call_failure
|
138
|
+
assert_equal 302, @response.first
|
139
|
+
assert_equal 'http://test.host/sample/users/sign_in', @response.second['Location']
|
140
|
+
end
|
141
|
+
end
|
142
|
+
|
143
|
+
test "returns to the default redirect location considering action_controller's relative url root and subdomain" do
|
144
|
+
swap Rails.application.config.action_controller, relative_url_root: "/sample" do
|
145
|
+
call_failure('warden.options' => { scope: :subdomain_user })
|
146
|
+
assert_equal 302, @response.first
|
147
|
+
assert_equal 'http://sub.test.host/sample/subdomain_users/sign_in', @response.second['Location']
|
148
|
+
end
|
149
|
+
end
|
150
|
+
end
|
151
|
+
|
134
152
|
test 'uses the proxy failure message as symbol' do
|
135
153
|
call_failure('warden' => OpenStruct.new(message: :invalid))
|
136
154
|
assert_equal 'Invalid Email or password.', @request.flash[:alert]
|
@@ -10,13 +10,13 @@ class AuthenticationSanityTest < Devise::IntegrationTest
|
|
10
10
|
test 'sign in as user should not authenticate admin scope' do
|
11
11
|
sign_in_as_user
|
12
12
|
assert warden.authenticated?(:user)
|
13
|
-
|
13
|
+
refute warden.authenticated?(:admin)
|
14
14
|
end
|
15
15
|
|
16
16
|
test 'sign in as admin should not authenticate user scope' do
|
17
17
|
sign_in_as_admin
|
18
18
|
assert warden.authenticated?(:admin)
|
19
|
-
|
19
|
+
refute warden.authenticated?(:user)
|
20
20
|
end
|
21
21
|
|
22
22
|
test 'sign in as both user and admin at same time' do
|
@@ -31,7 +31,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest
|
|
31
31
|
sign_in_as_user
|
32
32
|
sign_in_as_admin
|
33
33
|
delete destroy_user_session_path
|
34
|
-
|
34
|
+
refute warden.authenticated?(:user)
|
35
35
|
assert warden.authenticated?(:admin)
|
36
36
|
end
|
37
37
|
end
|
@@ -42,7 +42,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest
|
|
42
42
|
sign_in_as_admin
|
43
43
|
|
44
44
|
delete destroy_admin_session_path
|
45
|
-
|
45
|
+
refute warden.authenticated?(:admin)
|
46
46
|
assert warden.authenticated?(:user)
|
47
47
|
end
|
48
48
|
end
|
@@ -53,8 +53,8 @@ class AuthenticationSanityTest < Devise::IntegrationTest
|
|
53
53
|
sign_in_as_admin
|
54
54
|
|
55
55
|
delete destroy_user_session_path
|
56
|
-
|
57
|
-
|
56
|
+
refute warden.authenticated?(:user)
|
57
|
+
refute warden.authenticated?(:admin)
|
58
58
|
end
|
59
59
|
end
|
60
60
|
|
@@ -64,21 +64,21 @@ class AuthenticationSanityTest < Devise::IntegrationTest
|
|
64
64
|
sign_in_as_admin
|
65
65
|
|
66
66
|
delete destroy_admin_session_path
|
67
|
-
|
68
|
-
|
67
|
+
refute warden.authenticated?(:admin)
|
68
|
+
refute warden.authenticated?(:user)
|
69
69
|
end
|
70
70
|
end
|
71
71
|
|
72
72
|
test 'not signed in as admin should not be able to access admins actions' do
|
73
73
|
get admins_path
|
74
74
|
assert_redirected_to new_admin_session_path
|
75
|
-
|
75
|
+
refute warden.authenticated?(:admin)
|
76
76
|
end
|
77
77
|
|
78
78
|
test 'signed in as user should not be able to access admins actions' do
|
79
79
|
sign_in_as_user
|
80
80
|
assert warden.authenticated?(:user)
|
81
|
-
|
81
|
+
refute warden.authenticated?(:admin)
|
82
82
|
|
83
83
|
get admins_path
|
84
84
|
assert_redirected_to new_admin_session_path
|
@@ -87,7 +87,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest
|
|
87
87
|
test 'signed in as admin should be able to access admin actions' do
|
88
88
|
sign_in_as_admin
|
89
89
|
assert warden.authenticated?(:admin)
|
90
|
-
|
90
|
+
refute warden.authenticated?(:user)
|
91
91
|
|
92
92
|
get admins_path
|
93
93
|
|
@@ -115,7 +115,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest
|
|
115
115
|
|
116
116
|
get root_path
|
117
117
|
assert_contain 'Signed out successfully'
|
118
|
-
|
118
|
+
refute warden.authenticated?(:admin)
|
119
119
|
end
|
120
120
|
|
121
121
|
test 'unauthenticated admin set message on sign out' do
|
@@ -138,13 +138,13 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest
|
|
138
138
|
test 'not signed in should not be able to access private route (authenticate denied)' do
|
139
139
|
get private_path
|
140
140
|
assert_redirected_to new_admin_session_path
|
141
|
-
|
141
|
+
refute warden.authenticated?(:admin)
|
142
142
|
end
|
143
143
|
|
144
144
|
test 'signed in as user should not be able to access private route restricted to admins (authenticate denied)' do
|
145
145
|
sign_in_as_user
|
146
146
|
assert warden.authenticated?(:user)
|
147
|
-
|
147
|
+
refute warden.authenticated?(:admin)
|
148
148
|
get private_path
|
149
149
|
assert_redirected_to new_admin_session_path
|
150
150
|
end
|
@@ -152,7 +152,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest
|
|
152
152
|
test 'signed in as admin should be able to access private route restricted to admins (authenticate accepted)' do
|
153
153
|
sign_in_as_admin
|
154
154
|
assert warden.authenticated?(:admin)
|
155
|
-
|
155
|
+
refute warden.authenticated?(:user)
|
156
156
|
|
157
157
|
get private_path
|
158
158
|
|
@@ -164,7 +164,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest
|
|
164
164
|
test 'signed in as inactive admin should not be able to access private/active route restricted to active admins (authenticate denied)' do
|
165
165
|
sign_in_as_admin(active: false)
|
166
166
|
assert warden.authenticated?(:admin)
|
167
|
-
|
167
|
+
refute warden.authenticated?(:user)
|
168
168
|
|
169
169
|
assert_raises ActionController::RoutingError do
|
170
170
|
get "/private/active"
|
@@ -174,7 +174,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest
|
|
174
174
|
test 'signed in as active admin should be able to access private/active route restricted to active admins (authenticate accepted)' do
|
175
175
|
sign_in_as_admin(active: true)
|
176
176
|
assert warden.authenticated?(:admin)
|
177
|
-
|
177
|
+
refute warden.authenticated?(:user)
|
178
178
|
|
179
179
|
get private_active_path
|
180
180
|
|
@@ -186,7 +186,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest
|
|
186
186
|
test 'signed in as admin should get admin dashboard (authenticated accepted)' do
|
187
187
|
sign_in_as_admin
|
188
188
|
assert warden.authenticated?(:admin)
|
189
|
-
|
189
|
+
refute warden.authenticated?(:user)
|
190
190
|
|
191
191
|
get dashboard_path
|
192
192
|
|
@@ -198,7 +198,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest
|
|
198
198
|
test 'signed in as user should get user dashboard (authenticated accepted)' do
|
199
199
|
sign_in_as_user
|
200
200
|
assert warden.authenticated?(:user)
|
201
|
-
|
201
|
+
refute warden.authenticated?(:admin)
|
202
202
|
|
203
203
|
get dashboard_path
|
204
204
|
|
@@ -216,7 +216,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest
|
|
216
216
|
test 'signed in as inactive admin should not be able to access dashboard/active route restricted to active admins (authenticated denied)' do
|
217
217
|
sign_in_as_admin(active: false)
|
218
218
|
assert warden.authenticated?(:admin)
|
219
|
-
|
219
|
+
refute warden.authenticated?(:user)
|
220
220
|
|
221
221
|
assert_raises ActionController::RoutingError do
|
222
222
|
get "/dashboard/active"
|
@@ -226,7 +226,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest
|
|
226
226
|
test 'signed in as active admin should be able to access dashboard/active route restricted to active admins (authenticated accepted)' do
|
227
227
|
sign_in_as_admin(active: true)
|
228
228
|
assert warden.authenticated?(:admin)
|
229
|
-
|
229
|
+
refute warden.authenticated?(:user)
|
230
230
|
|
231
231
|
get dashboard_active_path
|
232
232
|
|
@@ -238,7 +238,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest
|
|
238
238
|
test 'signed in user should not see unauthenticated page (unauthenticated denied)' do
|
239
239
|
sign_in_as_user
|
240
240
|
assert warden.authenticated?(:user)
|
241
|
-
|
241
|
+
refute warden.authenticated?(:admin)
|
242
242
|
|
243
243
|
assert_raises ActionController::RoutingError do
|
244
244
|
get join_path
|
@@ -404,13 +404,13 @@ class AuthenticationOthersTest < Devise::IntegrationTest
|
|
404
404
|
test 'handles unverified requests gets rid of caches' do
|
405
405
|
swap ApplicationController, allow_forgery_protection: true do
|
406
406
|
post exhibit_user_url(1)
|
407
|
-
|
407
|
+
refute warden.authenticated?(:user)
|
408
408
|
|
409
409
|
sign_in_as_user
|
410
410
|
assert warden.authenticated?(:user)
|
411
411
|
|
412
412
|
post exhibit_user_url(1)
|
413
|
-
|
413
|
+
refute warden.authenticated?(:user)
|
414
414
|
assert_equal "User is not authenticated", response.body
|
415
415
|
end
|
416
416
|
end
|
@@ -473,7 +473,7 @@ class AuthenticationOthersTest < Devise::IntegrationTest
|
|
473
473
|
test 'uses the mapping from router' do
|
474
474
|
sign_in_as_user visit: "/as/sign_in"
|
475
475
|
assert warden.authenticated?(:user)
|
476
|
-
|
476
|
+
refute warden.authenticated?(:admin)
|
477
477
|
end
|
478
478
|
|
479
479
|
test 'sign in with xml format returns xml response' do
|
@@ -515,14 +515,14 @@ class AuthenticationOthersTest < Devise::IntegrationTest
|
|
515
515
|
sign_in_as_user
|
516
516
|
delete destroy_user_session_path(format: 'xml')
|
517
517
|
assert_response :no_content
|
518
|
-
|
518
|
+
refute warden.authenticated?(:user)
|
519
519
|
end
|
520
520
|
|
521
521
|
test 'sign out with json format returns no content' do
|
522
522
|
sign_in_as_user
|
523
523
|
delete destroy_user_session_path(format: 'json')
|
524
524
|
assert_response :no_content
|
525
|
-
|
525
|
+
refute warden.authenticated?(:user)
|
526
526
|
end
|
527
527
|
|
528
528
|
test 'sign out with non-navigational format via XHR does not redirect' do
|
@@ -530,7 +530,7 @@ class AuthenticationOthersTest < Devise::IntegrationTest
|
|
530
530
|
sign_in_as_admin
|
531
531
|
get destroy_sign_out_via_get_session_path, xhr: true, headers: { "HTTP_ACCEPT" => "application/json,text/javascript,*/*" } # NOTE: Bug is triggered by combination of XHR and */*.
|
532
532
|
assert_response :no_content
|
533
|
-
|
533
|
+
refute warden.authenticated?(:user)
|
534
534
|
end
|
535
535
|
end
|
536
536
|
|
@@ -540,7 +540,7 @@ class AuthenticationOthersTest < Devise::IntegrationTest
|
|
540
540
|
sign_in_as_user
|
541
541
|
delete destroy_user_session_path, xhr: true, headers: { "HTTP_ACCEPT" => "text/html,*/*" }
|
542
542
|
assert_response :redirect
|
543
|
-
|
543
|
+
refute warden.authenticated?(:user)
|
544
544
|
end
|
545
545
|
end
|
546
546
|
end
|
@@ -550,7 +550,7 @@ class AuthenticationKeysTest < Devise::IntegrationTest
|
|
550
550
|
swap Devise, authentication_keys: [:subdomain] do
|
551
551
|
sign_in_as_user
|
552
552
|
assert_contain "Invalid Subdomain or password."
|
553
|
-
|
553
|
+
refute warden.authenticated?(:user)
|
554
554
|
end
|
555
555
|
end
|
556
556
|
|
@@ -579,7 +579,7 @@ class AuthenticationRequestKeysTest < Devise::IntegrationTest
|
|
579
579
|
sign_in_as_user
|
580
580
|
end
|
581
581
|
|
582
|
-
|
582
|
+
refute warden.authenticated?(:user)
|
583
583
|
end
|
584
584
|
end
|
585
585
|
|
@@ -589,7 +589,7 @@ class AuthenticationRequestKeysTest < Devise::IntegrationTest
|
|
589
589
|
swap Devise, request_keys: [:subdomain] do
|
590
590
|
sign_in_as_user
|
591
591
|
assert_contain "Invalid Email or password."
|
592
|
-
|
592
|
+
refute warden.authenticated?(:user)
|
593
593
|
end
|
594
594
|
end
|
595
595
|
|
@@ -612,7 +612,7 @@ class AuthenticationSignOutViaTest < Devise::IntegrationTest
|
|
612
612
|
test 'allow sign out via delete when sign_out_via provides only delete' do
|
613
613
|
sign_in!(:sign_out_via_delete)
|
614
614
|
delete destroy_sign_out_via_delete_session_path
|
615
|
-
|
615
|
+
refute warden.authenticated?(:sign_out_via_delete)
|
616
616
|
end
|
617
617
|
|
618
618
|
test 'do not allow sign out via get when sign_out_via provides only delete' do
|
@@ -626,7 +626,7 @@ class AuthenticationSignOutViaTest < Devise::IntegrationTest
|
|
626
626
|
test 'allow sign out via post when sign_out_via provides only post' do
|
627
627
|
sign_in!(:sign_out_via_post)
|
628
628
|
post destroy_sign_out_via_post_session_path
|
629
|
-
|
629
|
+
refute warden.authenticated?(:sign_out_via_post)
|
630
630
|
end
|
631
631
|
|
632
632
|
test 'do not allow sign out via get when sign_out_via provides only post' do
|
@@ -640,13 +640,13 @@ class AuthenticationSignOutViaTest < Devise::IntegrationTest
|
|
640
640
|
test 'allow sign out via delete when sign_out_via provides delete and post' do
|
641
641
|
sign_in!(:sign_out_via_delete_or_post)
|
642
642
|
delete destroy_sign_out_via_delete_or_post_session_path
|
643
|
-
|
643
|
+
refute warden.authenticated?(:sign_out_via_delete_or_post)
|
644
644
|
end
|
645
645
|
|
646
646
|
test 'allow sign out via post when sign_out_via provides delete and post' do
|
647
647
|
sign_in!(:sign_out_via_delete_or_post)
|
648
648
|
post destroy_sign_out_via_delete_or_post_session_path
|
649
|
-
|
649
|
+
refute warden.authenticated?(:sign_out_via_delete_or_post)
|
650
650
|
end
|
651
651
|
|
652
652
|
test 'do not allow sign out via get when sign_out_via provides delete and post' do
|