devise 4.1.1 → 4.2.0

data/test/integration/confirmable_test.rb

@@ -41,12 +41,12 @@ class ConfirmationTest < Devise::IntegrationTest
   test 'user with valid confirmation token should not be able to confirm an account after the token has expired' do
     swap Devise, confirm_within: 3.days do
       user = create_user(confirm: false, confirmation_sent_at: 4.days.ago)
-      assert_not user.confirmed?
+      refute user.confirmed?
       visit_user_confirmation_with_token(user.raw_confirmation_token)
 
       assert_have_selector '#error_explanation'
       assert_contain %r{needs to be confirmed within 3 days}
-      assert_not user.reload.confirmed?
+      refute user.reload.confirmed?
       assert_current_url "/users/confirmation?confirmation_token=#{user.raw_confirmation_token}"
     end
   end
@@ -84,7 +84,7 @@ class ConfirmationTest < Devise::IntegrationTest
   test 'user with valid confirmation token should be able to confirm an account before the token has expired' do
     swap Devise, confirm_within: 3.days do
       user = create_user(confirm: false, confirmation_sent_at: 2.days.ago)
-      assert_not user.confirmed?
+      refute user.confirmed?
       visit_user_confirmation_with_token(user.raw_confirmation_token)
 
       assert_contain 'Your email address has been successfully confirmed.'
@@ -130,7 +130,7 @@ class ConfirmationTest < Devise::IntegrationTest
       sign_in_as_user(confirm: false)
 
       assert_contain 'You have to confirm your email address before continuing'
-      assert_not warden.authenticated?(:user)
+      refute warden.authenticated?(:user)
     end
   end
 
@@ -141,7 +141,7 @@ class ConfirmationTest < Devise::IntegrationTest
       end
 
       assert_contain 'Invalid Email or password'
-      assert_not warden.authenticated?(:user)
+      refute warden.authenticated?(:user)
     end
   end
 
@@ -284,7 +284,7 @@ class ConfirmationOnChangeTest < Devise::IntegrationTest
     assert_contain 'Your email address has been successfully confirmed.'
     assert_current_url '/admin_area/sign_in'
     assert admin.reload.confirmed?
-    assert_not admin.reload.pending_reconfirmation?
+    refute admin.reload.pending_reconfirmation?
   end
 
   test 'admin with previously valid confirmation token should not be able to confirm email after email changed again' do
@@ -306,7 +306,7 @@ class ConfirmationOnChangeTest < Devise::IntegrationTest
     assert_contain 'Your email address has been successfully confirmed.'
     assert_current_url '/admin_area/sign_in'
     assert admin.reload.confirmed?
-    assert_not admin.reload.pending_reconfirmation?
+    refute admin.reload.pending_reconfirmation?
   end
 
   test 'admin email should be unique also within unconfirmed_email' do

data/test/integration/database_authenticatable_test.rb

@@ -19,7 +19,7 @@ class DatabaseAuthenticationTest < Devise::IntegrationTest
         fill_in 'email', with: 'foo@bar.com'
       end
 
-      assert_not warden.authenticated?(:user)
+      refute warden.authenticated?(:user)
     end
   end
 
@@ -41,14 +41,14 @@ class DatabaseAuthenticationTest < Devise::IntegrationTest
         fill_in 'email', with: ' foo@bar.com '
       end
 
-      assert_not warden.authenticated?(:user)
+      refute warden.authenticated?(:user)
     end
   end
 
   test 'sign in should not authenticate if not using proper authentication keys' do
     swap Devise, authentication_keys: [:username] do
       sign_in_as_user
-      assert_not warden.authenticated?(:user)
+      refute warden.authenticated?(:user)
     end
   end
 
@@ -59,7 +59,7 @@ class DatabaseAuthenticationTest < Devise::IntegrationTest
       end
 
       assert_contain 'Invalid email address'
-      assert_not warden.authenticated?(:admin)
+      refute warden.authenticated?(:admin)
     end
   end
 
@@ -69,7 +69,7 @@ class DatabaseAuthenticationTest < Devise::IntegrationTest
     end
 
     assert_contain 'Invalid Email or password'
-    assert_not warden.authenticated?(:admin)
+    refute warden.authenticated?(:admin)
   end
 
   test 'error message is configurable by resource name' do

data/test/integration/http_authenticatable_test.rb

@@ -65,7 +65,7 @@ class HttpAuthenticationTest < Devise::IntegrationTest
   end
 
   test 'it uses appropriate authentication_keys when configured with hash' do
-    swap Devise, authentication_keys: ActiveSupport::OrderedHash[:username, false, :email, false] do
+    swap Devise, authentication_keys: { username: false, email: false } do
       sign_in_as_new_user_with_http("usertest")
       assert_response :success
       assert_match '<email>user@test.com</email>', response.body
@@ -74,7 +74,7 @@ class HttpAuthenticationTest < Devise::IntegrationTest
   end
 
   test 'it uses the appropriate key when configured explicitly' do
-    swap Devise, authentication_keys: ActiveSupport::OrderedHash[:email, false, :username, false], http_authentication_key: :username do
+    swap Devise, authentication_keys: { email: false, username: false }, http_authentication_key: :username do
       sign_in_as_new_user_with_http("usertest")
       assert_response :success
       assert_match '<email>user@test.com</email>', response.body

data/test/integration/lockable_test.rb

@@ -85,7 +85,7 @@ class LockTest < Devise::IntegrationTest
 
     assert_current_url "/users/sign_in"
     assert_contain 'Your account has been unlocked successfully. Please sign in to continue.'
-    assert_not user.reload.access_locked?
+    refute user.reload.access_locked?
   end
 
   test "user should not send a new e-mail if already locked" do

data/test/integration/mounted_engine_test.rb

@@ -0,0 +1,36 @@
+require 'test_helper'
+
+class MyMountableEngine
+  def self.call(env)
+    ['200', { 'Content-Type' => 'text/html' }, ['Rendered content of MyMountableEngine']]
+  end
+end
+
+# If disable_clear_and_finalize is set to true, Rails will not clear other routes when calling
+# again the draw method. Look at the source code at:
+# http://www.rubydoc.info/docs/rails/ActionDispatch/Routing/RouteSet:draw
+Rails.application.routes.disable_clear_and_finalize = true
+
+Rails.application.routes.draw do
+  authenticate(:user) do
+    mount MyMountableEngine, at: '/mountable_engine'
+  end
+end
+
+class AuthenticatedMountedEngineTest < Devise::IntegrationTest
+  test 'redirects to the sign in page when not authenticated' do
+    get '/mountable_engine'
+    follow_redirect!
+
+    assert_response :ok
+    assert_contain 'You need to sign in or sign up before continuing.'
+  end
+
+  test 'renders the mounted engine when authenticated' do
+    sign_in_as_user
+    get '/mountable_engine'
+
+    assert_response :success
+    assert_contain 'Rendered content of MyMountableEngine'
+  end
+end

data/test/integration/omniauthable_test.rb

@@ -71,7 +71,7 @@ class OmniauthableIntegrationTest < Devise::IntegrationTest
     assert_current_url "/"
     assert_contain "You have signed up successfully."
     assert_contain "Hello User user@example.com"
-    assert_not session["devise.facebook_data"]
+    refute session["devise.facebook_data"]
   end
 
   test "cleans up session on cancel" do

data/test/integration/recoverable_test.rb

@@ -10,7 +10,7 @@ class PasswordTest < Devise::IntegrationTest
   def request_forgot_password(&block)
     visit_new_password_path
     assert_response :success
-    assert_not warden.authenticated?(:user)
+    refute warden.authenticated?(:user)
 
     fill_in 'email', with: 'user@test.com'
     yield if block_given?
@@ -147,7 +147,7 @@ class PasswordTest < Devise::IntegrationTest
     assert_current_url '/users/password'
     assert_have_selector '#error_explanation'
     assert_contain %r{Reset password token(.*)invalid}
-    assert_not user.reload.valid_password?('987654321')
+    refute user.reload.valid_password?('987654321')
   end
 
   test 'not authenticated user with valid reset password token but invalid password should not be able to change their password' do
@@ -161,7 +161,7 @@ class PasswordTest < Devise::IntegrationTest
     assert_current_url '/users/password'
     assert_have_selector '#error_explanation'
     assert_contain "Password confirmation doesn't match Password"
-    assert_not user.reload.valid_password?('987654321')
+    refute user.reload.valid_password?('987654321')
   end
 
   test 'not authenticated user with valid data should be able to change their password' do
@@ -181,7 +181,7 @@ class PasswordTest < Devise::IntegrationTest
     reset_password {  fill_in 'Confirm new password', with: 'other_password' }
     assert_response :success
     assert_have_selector '#error_explanation'
-    assert_not user.reload.valid_password?('987654321')
+    refute user.reload.valid_password?('987654321')
 
     reset_password visit: false
     assert_contain 'Your password has been changed successfully.'

data/test/integration/registerable_test.rb

@@ -64,11 +64,11 @@ class RegistrationTest < Devise::IntegrationTest
     assert_not_contain 'You have to confirm your account before continuing'
     assert_current_url "/"
 
-    assert_not warden.authenticated?(:user)
+    refute warden.authenticated?(:user)
 
     user = User.to_adapter.find_first(order: [:id, :desc])
     assert_equal user.email, 'new_user@test.com'
-    assert_not user.confirmed?
+    refute user.confirmed?
   end
 
   test 'a guest user should receive the confirmation instructions from the default mailer' do
@@ -92,7 +92,7 @@ class RegistrationTest < Devise::IntegrationTest
     click_button 'Sign up'
 
     assert_current_url "/?custom=1"
-    assert_not warden.authenticated?(:user)
+    refute warden.authenticated?(:user)
   end
 
   test 'a guest user cannot sign up with invalid information' do
@@ -114,7 +114,7 @@ class RegistrationTest < Devise::IntegrationTest
     assert_contain "2 errors prohibited"
     assert_nil User.to_adapter.find_first
 
-    assert_not warden.authenticated?(:user)
+    refute warden.authenticated?(:user)
   end
 
   test 'a guest should not sign up with email/password that already exists' do
@@ -133,7 +133,7 @@ class RegistrationTest < Devise::IntegrationTest
     assert_current_url '/users'
     assert_contain(/Email.*already.*taken/)
 
-    assert_not warden.authenticated?(:user)
+    refute warden.authenticated?(:user)
   end
 
   test 'a guest should not be able to change account' do
@@ -217,7 +217,13 @@ class RegistrationTest < Devise::IntegrationTest
     click_button 'Update'
 
     assert_contain "Password confirmation doesn't match Password"
-    assert_not User.to_adapter.find_first.valid_password?('pas123')
+    refute User.to_adapter.find_first.valid_password?('pas123')
+  end
+  
+  test 'a signed in user should see a warning about minimum password length' do
+    sign_in_as_user
+    get edit_user_registration_path
+    assert_contain 'characters minimum'
   end
 
   test 'a signed in user should be able to cancel their account' do

data/test/integration/rememberable_test.rb

@@ -33,12 +33,12 @@ class RememberMeTest < Devise::IntegrationTest
   test 'handle unverified requests gets rid of caches' do
     swap ApplicationController, allow_forgery_protection: true do
       post exhibit_user_url(1)
-      assert_not warden.authenticated?(:user)
+      refute warden.authenticated?(:user)
 
       create_user_and_remember
       post exhibit_user_url(1)
       assert_equal "User is not authenticated", response.body
-      assert_not warden.authenticated?(:user)
+      refute warden.authenticated?(:user)
     end
   end
 
@@ -51,8 +51,8 @@ class RememberMeTest < Devise::IntegrationTest
           authenticity_token: "oops",
           user: { email: "jose.valim@gmail.com", password: "123456", remember_me: "1" }
         }
-      assert_not warden.authenticated?(:user)
-      assert_not request.cookies['remember_user_token']
+      refute warden.authenticated?(:user)
+      refute request.cookies['remember_user_token']
     end
   end
 
@@ -158,13 +158,13 @@ class RememberMeTest < Devise::IntegrationTest
     get root_path
     assert_response :success
     assert warden.authenticated?(:user)
-    assert_not warden.authenticated?(:admin)
+    refute warden.authenticated?(:admin)
   end
 
   test 'do not remember with invalid token' do
     create_user_and_remember('add')
     get users_path
-    assert_not warden.authenticated?(:user)
+    refute warden.authenticated?(:user)
     assert_redirected_to new_user_session_path
   end
 
@@ -172,7 +172,7 @@ class RememberMeTest < Devise::IntegrationTest
     create_user_and_remember
     swap Devise, remember_for: 0.days do
       get users_path
-      assert_not warden.authenticated?(:user)
+      refute warden.authenticated?(:user)
       assert_redirected_to new_user_session_path
     end
   end
@@ -183,11 +183,11 @@ class RememberMeTest < Devise::IntegrationTest
     assert warden.authenticated?(:user)
 
     delete destroy_user_session_path
-    assert_not warden.authenticated?(:user)
+    refute warden.authenticated?(:user)
     assert_nil warden.cookies['remember_user_token']
 
     get users_path
-    assert_not warden.authenticated?(:user)
+    refute warden.authenticated?(:user)
   end
 
   test 'changing user password expires remember me token' do
@@ -197,7 +197,7 @@ class RememberMeTest < Devise::IntegrationTest
     user.save!
 
     get users_path
-    assert_not warden.authenticated?(:user)
+    refute warden.authenticated?(:user)
   end
 
   test 'valid sign in calls after_remembered callback' do

data/test/integration/timeoutable_test.rb

@@ -56,7 +56,7 @@ class SessionTimeoutTest < Devise::IntegrationTest
 
       get users_path
       assert_redirected_to users_path
-      assert_not warden.authenticated?(:user)
+      refute warden.authenticated?(:user)
       assert warden.authenticated?(:admin)
     end
   end
@@ -70,8 +70,8 @@ class SessionTimeoutTest < Devise::IntegrationTest
       assert_not_nil last_request_at
 
       get root_path
-      assert_not warden.authenticated?(:user)
-      assert_not warden.authenticated?(:admin)
+      refute warden.authenticated?(:user)
+      refute warden.authenticated?(:admin)
     end
   end
 
@@ -108,7 +108,7 @@ class SessionTimeoutTest < Devise::IntegrationTest
 
     assert_response :success
     assert_contain 'Sign in'
-    assert_not warden.authenticated?(:user)
+    refute warden.authenticated?(:user)
   end
 
   test 'time out is not triggered on sign in' do
@@ -134,7 +134,7 @@ class SessionTimeoutTest < Devise::IntegrationTest
       get expire_user_path(user)
       get users_path
       assert_redirected_to users_path
-      assert_not warden.authenticated?(:user)
+      refute warden.authenticated?(:user)
     end
   end
 

data/test/mapping_test.rb

@@ -115,7 +115,7 @@ class MappingTest < ActiveSupport::TestCase
     assert mapping.authenticatable?
     assert mapping.recoverable?
     assert mapping.lockable?
-    assert_not mapping.omniauthable?
+    refute mapping.omniauthable?
   end
 
   test 'find mapping by path' do

data/test/models/confirmable_test.rb

@@ -28,9 +28,9 @@ class ConfirmableTest < ActiveSupport::TestCase
   end
 
   test 'should verify whether a user is confirmed or not' do
-    assert_not new_user.confirmed?
+    refute new_user.confirmed?
     user = create_user
-    assert_not user.confirmed?
+    refute user.confirmed?
     user.confirm
     assert user.confirmed?
   end
@@ -40,7 +40,7 @@ class ConfirmableTest < ActiveSupport::TestCase
     assert user.confirm
     assert_blank user.errors[:email]
 
-    assert_not user.confirm
+    refute user.confirm
     assert_equal "was already confirmed, please try signing in", user.errors[:email].join
   end
 
@@ -54,13 +54,13 @@ class ConfirmableTest < ActiveSupport::TestCase
 
   test 'should return a new record with errors when a invalid token is given' do
     confirmed_user = User.confirm_by_token('invalid_confirmation_token')
-    assert_not confirmed_user.persisted?
+    refute confirmed_user.persisted?
     assert_equal "is invalid", confirmed_user.errors[:confirmation_token].join
   end
 
   test 'should return a new record with errors when a blank token is given' do
     confirmed_user = User.confirm_by_token('')
-    assert_not confirmed_user.persisted?
+    refute confirmed_user.persisted?
     assert_equal "can't be blank", confirmed_user.errors[:confirmation_token].join
   end
 
@@ -114,7 +114,7 @@ class ConfirmableTest < ActiveSupport::TestCase
 
     assert_email_not_sent do
       user.save!
-      assert_not user.confirmed?
+      refute user.confirmed?
     end
   end
 
@@ -134,7 +134,7 @@ class ConfirmableTest < ActiveSupport::TestCase
 
   test 'should return a new user if no email was found' do
     confirmation_user = User.send_confirmation_instructions(email: "invalid@example.com")
-    assert_not confirmation_user.persisted?
+    refute confirmation_user.persisted?
   end
 
   test 'should add error to new user email if no email was found' do
@@ -181,7 +181,7 @@ class ConfirmableTest < ActiveSupport::TestCase
   test 'should not be able to send instructions if the user is already confirmed' do
     user = create_user
     user.confirm
-    assert_not user.resend_confirmation_instructions
+    refute user.resend_confirmation_instructions
     assert user.confirmed?
     assert_equal 'was already confirmed, please try signing in', user.errors[:email].join
   end
@@ -190,7 +190,7 @@ class ConfirmableTest < ActiveSupport::TestCase
     swap Devise, allow_unconfirmed_access_for: 1.day do
       user = create_user
       user.confirmation_sent_at = 2.days.ago
-      assert_not user.active_for_authentication?
+      refute user.active_for_authentication?
 
       Devise.allow_unconfirmed_access_for = 3.days
       assert user.active_for_authentication?
@@ -206,14 +206,14 @@ class ConfirmableTest < ActiveSupport::TestCase
       assert user.active_for_authentication?
 
       user.confirmation_sent_at = 5.days.ago
-      assert_not user.active_for_authentication?
+      refute user.active_for_authentication?
     end
   end
 
   test 'should be active when already confirmed' do
     user = create_user
-    assert_not user.confirmed?
-    assert_not user.active_for_authentication?
+    refute user.confirmed?
+    refute user.active_for_authentication?
 
     user.confirm
     assert user.confirmed?
@@ -224,7 +224,7 @@ class ConfirmableTest < ActiveSupport::TestCase
     Devise.allow_unconfirmed_access_for = 0.days
     user = create_user
     user.confirmation_sent_at = Time.zone.today
-    assert_not user.active_for_authentication?
+    refute user.active_for_authentication?
   end
 
   test 'should be active when we set allow_unconfirmed_access_for to nil' do
@@ -239,7 +239,7 @@ class ConfirmableTest < ActiveSupport::TestCase
     user = create_user
     user.confirmation_sent_at = nil
     user.save
-    assert_not user.reload.active_for_authentication?
+    refute user.reload.active_for_authentication?
   end
 
   test 'should be active without confirmation when confirmation is not required' do
@@ -272,7 +272,7 @@ class ConfirmableTest < ActiveSupport::TestCase
     swap Devise, confirmation_keys: [:username, :email] do
       user = create_user
       confirm_user = User.send_confirmation_instructions(email: user.email)
-      assert_not confirm_user.persisted?
+      refute confirm_user.persisted?
       assert_equal "can't be blank", confirm_user.errors[:username].join
     end
   end
@@ -297,7 +297,7 @@ class ConfirmableTest < ActiveSupport::TestCase
 
   test 'should not accept confirmation email token after 4 days when expiration is set to 3 days' do
     swap Devise, confirm_within: 3.days do
-      assert_not confirm_user_by_token_with_confirmation_sent_at(4.days.ago)
+      refute confirm_user_by_token_with_confirmation_sent_at(4.days.ago)
     end
   end
 
@@ -337,14 +337,14 @@ class ConfirmableTest < ActiveSupport::TestCase
       self.username = self.username.to_s + 'updated'
     end
     old = user.username
-    assert_not user.confirm
+    refute user.confirm
     assert_equal user.username, old
   end
 
   test 'should always perform validations upon confirm when ensure valid true' do
     admin = create_admin
     admin.stubs(:valid?).returns(false)
-    assert_not admin.confirm(ensure_valid: true)
+    refute admin.confirm(ensure_valid: true)
   end
 end
 
@@ -370,7 +370,7 @@ class ReconfirmableTest < ActiveSupport::TestCase
     admin.skip_reconfirmation!
     assert admin.update_attributes(email: 'new_test@example.com')
     assert admin.confirmed?
-    assert_not admin.pending_reconfirmation?
+    refute admin.pending_reconfirmation?
     assert_equal original_token, admin.confirmation_token
   end
 
@@ -461,7 +461,7 @@ class ReconfirmableTest < ActiveSupport::TestCase
 
   test 'should return a new admin if no email or unconfirmed_email was found' do
     confirmation_admin = Admin.send_confirmation_instructions(email: "invalid@email.com")
-    assert_not confirmation_admin.persisted?
+    refute confirmation_admin.persisted?
   end
 
   test 'should add error to new admin email if no email or unconfirmed_email was found' do
@@ -479,18 +479,18 @@ class ReconfirmableTest < ActiveSupport::TestCase
   end
 
   test 'required_fields should contain the fields that Devise uses' do
-    assert_same_content Devise::Models::Confirmable.required_fields(User), [
-      :confirmation_sent_at,
+    assert_equal Devise::Models::Confirmable.required_fields(User), [
       :confirmation_token,
-      :confirmed_at
+      :confirmed_at,
+      :confirmation_sent_at
     ]
   end
 
   test 'required_fields should also contain unconfirmable when reconfirmable_email is true' do
-    assert_same_content Devise::Models::Confirmable.required_fields(Admin), [
-      :confirmation_sent_at,
+    assert_equal Devise::Models::Confirmable.required_fields(Admin), [
       :confirmation_token,
       :confirmed_at,
+      :confirmation_sent_at,
       :unconfirmed_email
     ]
   end
@@ -508,4 +508,12 @@ class ReconfirmableTest < ActiveSupport::TestCase
     admin = Admin::WithSaveInCallback.create(valid_attributes.except(:username))
     assert !admin.pending_reconfirmation?
   end
+
+  test 'should require reconfirmation after creating a record and updating the email' do
+    admin = create_admin
+    assert !admin.instance_variable_get(:@bypass_confirmation_postpone)
+    admin.email = "new_test@email.com"
+    admin.save
+    assert admin.pending_reconfirmation?
+  end
 end