devise 4.1.1 → 4.8.0

data/test/integration/lockable_test.rb

@@ -1,240 +0,0 @@
-require 'test_helper'
-
-class LockTest < Devise::IntegrationTest
-
-  def visit_user_unlock_with_token(unlock_token)
-    visit user_unlock_path(unlock_token: unlock_token)
-  end
-
-  def send_unlock_request
-    user = create_user(locked: true)
-    ActionMailer::Base.deliveries.clear
-
-    visit new_user_session_path
-    click_link "Didn't receive unlock instructions?"
-
-    Devise.stubs(:friendly_token).returns("abcdef")
-    fill_in 'email', with: user.email
-    click_button 'Resend unlock instructions'
-  end
-
-  test 'user should be able to request a new unlock token' do
-    send_unlock_request
-
-    assert_template 'sessions/new'
-    assert_contain 'You will receive an email with instructions for how to unlock your account in a few minutes'
-
-    mail = ActionMailer::Base.deliveries.last
-    assert_equal 1, ActionMailer::Base.deliveries.size
-    assert_equal ['please-change-me@config-initializers-devise.com'], mail.from
-    assert_match user_unlock_path(unlock_token: 'abcdef'), mail.body.encoded
-  end
-
-  test 'user should receive the instructions from a custom mailer' do
-    User.any_instance.stubs(:devise_mailer).returns(Users::Mailer)
-
-    send_unlock_request
-
-    assert_equal ['custom@example.com'], ActionMailer::Base.deliveries.first.from
-  end
-
-  test 'unlocked user should not be able to request a unlock token' do
-    user = create_user(locked: false)
-    ActionMailer::Base.deliveries.clear
-
-    visit new_user_session_path
-    click_link "Didn't receive unlock instructions?"
-
-    fill_in 'email', with: user.email
-    click_button 'Resend unlock instructions'
-
-    assert_template 'unlocks/new'
-    assert_contain 'not locked'
-    assert_equal 0, ActionMailer::Base.deliveries.size
-  end
-
-  test 'unlocked pages should not be available if email strategy is disabled' do
-    visit "/admin_area/sign_in"
-
-    assert_raise Webrat::NotFoundError do
-      click_link "Didn't receive unlock instructions?"
-    end
-
-    assert_raise NameError do
-      visit new_admin_unlock_path
-    end
-
-    assert_raise ActionController::RoutingError do
-      visit "/admin_area/unlock/new"
-    end
-  end
-
-  test 'user with invalid unlock token should not be able to unlock an account' do
-    visit_user_unlock_with_token('invalid_token')
-
-    assert_response :success
-    assert_current_url '/users/unlock?unlock_token=invalid_token'
-    assert_have_selector '#error_explanation'
-    assert_contain %r{Unlock token(.*)invalid}
-  end
-
-  test "locked user should be able to unlock account" do
-    user = create_user
-    raw  = user.lock_access!
-    visit_user_unlock_with_token(raw)
-
-    assert_current_url "/users/sign_in"
-    assert_contain 'Your account has been unlocked successfully. Please sign in to continue.'
-    assert_not user.reload.access_locked?
-  end
-
-  test "user should not send a new e-mail if already locked" do
-    user = create_user(locked: true)
-    user.failed_attempts = User.maximum_attempts + 1
-    user.save!
-
-    ActionMailer::Base.deliveries.clear
-
-    sign_in_as_user(password: "invalid")
-    assert_contain 'Your account is locked.'
-    assert ActionMailer::Base.deliveries.empty?
-  end
-
-  test 'error message is configurable by resource name' do
-    store_translations :en, devise: {
-        failure: {user: {locked: "You are locked!"}}
-    } do
-
-      user = create_user(locked: true)
-      user.failed_attempts = User.maximum_attempts + 1
-      user.save!
-
-      sign_in_as_user(password: "invalid")
-      assert_contain "You are locked!"
-    end
-  end
-
-  test "user should not be able to sign in when locked" do
-    store_translations :en, devise: {
-        failure: {user: {locked: "You are locked!"}}
-    } do
-
-      user = create_user(locked: true)
-      user.failed_attempts = User.maximum_attempts + 1
-      user.save!
-
-      sign_in_as_user(password: "123456")
-      assert_contain "You are locked!"
-    end
-  end
-
-  test 'user should be able to request a new unlock token via XML request' do
-    user = create_user(locked: true)
-    ActionMailer::Base.deliveries.clear
-
-    post user_unlock_path(format: 'xml'), params: { user: {email: user.email} }
-    assert_response :success
-    assert_equal response.body, {}.to_xml
-
-    assert_equal 1, ActionMailer::Base.deliveries.size
-  end
-
-  test 'unlocked user should not be able to request a unlock token via XML request' do
-    user = create_user(locked: false)
-    ActionMailer::Base.deliveries.clear
-
-    post user_unlock_path(format: 'xml'), params: { user: {email: user.email} }
-    assert_response :unprocessable_entity
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
-    assert_equal 0, ActionMailer::Base.deliveries.size
-  end
-
-  test 'user with valid unlock token should be able to unlock account via XML request' do
-    user = create_user()
-    raw  = user.lock_access!
-    assert user.access_locked?
-    get user_unlock_path(format: 'xml', unlock_token: raw)
-    assert_response :success
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
-  end
-
-
-  test 'user with invalid unlock token should not be able to unlock the account via XML request' do
-    get user_unlock_path(format: 'xml', unlock_token: 'invalid_token')
-    assert_response :unprocessable_entity
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
-  end
-
-  test "when using json to ask a unlock request, should not return the user" do
-    user = create_user(locked: true)
-    post user_unlock_path(format: "json", user: {email: user.email})
-    assert_response :success
-    assert_equal response.body, {}.to_json
-  end
-
-  test "in paranoid mode, when trying to unlock an user that exists it should not say that it exists if it is locked" do
-    swap Devise, paranoid: true do
-      user = create_user(locked: true)
-
-      visit new_user_session_path
-      click_link "Didn't receive unlock instructions?"
-
-      fill_in 'email', with: user.email
-      click_button 'Resend unlock instructions'
-
-      assert_current_url "/users/sign_in"
-      assert_contain "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
-    end
-  end
-
-  test "in paranoid mode, when trying to unlock an user that exists it should not say that it exists if it is not locked" do
-    swap Devise, paranoid: true do
-      user = create_user(locked: false)
-
-      visit new_user_session_path
-      click_link "Didn't receive unlock instructions?"
-
-      fill_in 'email', with: user.email
-      click_button 'Resend unlock instructions'
-
-      assert_current_url "/users/sign_in"
-      assert_contain "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
-    end
-  end
-
-  test "in paranoid mode, when trying to unlock an user that does not exists it should not say that it does not exists" do
-    swap Devise, paranoid: true do
-      visit new_user_session_path
-      click_link "Didn't receive unlock instructions?"
-
-      fill_in 'email', with: "arandomemail@hotmail.com"
-      click_button 'Resend unlock instructions'
-
-      assert_not_contain "1 error prohibited this user from being saved:"
-      assert_not_contain "Email not found"
-      assert_current_url "/users/sign_in"
-
-      assert_contain "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
-
-    end
-  end
-
-  test "in paranoid mode, when locking a user that exists it should not say that the user was locked" do
-    swap Devise, paranoid: true, maximum_attempts: 1 do
-      user = create_user(locked: false)
-
-      visit new_user_session_path
-      fill_in 'email', with: user.email
-      fill_in 'password', with: "abadpassword"
-      click_button 'Log in'
-
-      fill_in 'email', with: user.email
-      fill_in 'password', with: "abadpassword"
-      click_button 'Log in'
-
-      assert_current_url "/users/sign_in"
-      assert_not_contain "locked"
-    end
-  end
-
-end

data/test/integration/omniauthable_test.rb

@@ -1,135 +0,0 @@
-require 'test_helper'
-
-
-class OmniauthableIntegrationTest < Devise::IntegrationTest
-  FACEBOOK_INFO = {
-    "id" => '12345',
-    "link" => 'http://facebook.com/josevalim',
-    "email" => 'user@example.com',
-    "first_name" => 'Jose',
-    "last_name" => 'Valim',
-    "website" => 'http://blog.plataformatec.com.br'
-  }
-
-  setup do
-    OmniAuth.config.test_mode = true
-    OmniAuth.config.mock_auth[:facebook] = {
-      "uid" => '12345',
-      "provider" => 'facebook',
-      "user_info" => {"nickname" => 'josevalim'},
-      "credentials" => {"token" => 'plataformatec'},
-      "extra" => {"user_hash" => FACEBOOK_INFO}
-    }
-    OmniAuth.config.add_camelization 'facebook', 'FaceBook'
-  end
-
-  teardown do
-    OmniAuth.config.camelizations.delete('facebook')
-    OmniAuth.config.test_mode = false
-  end
-
-  def stub_action!(name)
-    Users::OmniauthCallbacksController.class_eval do
-      alias_method :__old_facebook, :facebook
-      alias_method :facebook, name
-    end
-    yield
-  ensure
-    Users::OmniauthCallbacksController.class_eval do
-      alias_method :facebook, :__old_facebook
-    end
-  end
-
-  test "can access omniauth.auth in the env hash" do
-    visit "/users/sign_in"
-    click_link "Sign in with FaceBook"
-
-    json = ActiveSupport::JSON.decode(response.body)
-
-    assert_equal "12345",         json["uid"]
-    assert_equal "facebook",      json["provider"]
-    assert_equal "josevalim",     json["user_info"]["nickname"]
-    assert_equal FACEBOOK_INFO,   json["extra"]["user_hash"]
-    assert_equal "plataformatec", json["credentials"]["token"]
-  end
-
-  test "cleans up session on sign up" do
-    assert_no_difference "User.count" do
-      visit "/users/sign_in"
-      click_link "Sign in with FaceBook"
-    end
-
-    assert session["devise.facebook_data"]
-
-    assert_difference "User.count" do
-      visit "/users/sign_up"
-      fill_in "Password", with: "12345678"
-      fill_in "Password confirmation", with: "12345678"
-      click_button "Sign up"
-    end
-
-    assert_current_url "/"
-    assert_contain "You have signed up successfully."
-    assert_contain "Hello User user@example.com"
-    assert_not session["devise.facebook_data"]
-  end
-
-  test "cleans up session on cancel" do
-    assert_no_difference "User.count" do
-      visit "/users/sign_in"
-      click_link "Sign in with FaceBook"
-    end
-
-    assert session["devise.facebook_data"]
-    visit "/users/cancel"
-    assert !session["devise.facebook_data"]
-  end
-
-  test "cleans up session on sign in" do
-    assert_no_difference "User.count" do
-      visit "/users/sign_in"
-      click_link "Sign in with FaceBook"
-    end
-
-    assert session["devise.facebook_data"]
-    sign_in_as_user
-    assert !session["devise.facebook_data"]
-  end
-
-  test "sign in and send remember token if configured" do
-    visit "/users/sign_in"
-    click_link "Sign in with FaceBook"
-    assert_nil warden.cookies["remember_user_token"]
-
-    stub_action!(:sign_in_facebook) do
-      create_user
-      visit "/users/sign_in"
-      click_link "Sign in with FaceBook"
-      assert warden.authenticated?(:user)
-      assert warden.cookies["remember_user_token"]
-    end
-  end
-
-  test "generates a proper link when SCRIPT_NAME is set" do
-    header 'SCRIPT_NAME', '/q'
-    visit "/users/sign_in"
-    assert_select "a", href: "/q/users/auth/facebook"
-  end
-
-  test "handles callback error parameter according to the specification" do
-    OmniAuth.config.mock_auth[:facebook] = :access_denied
-    visit "/users/auth/facebook/callback?error=access_denied"
-    assert_current_url "/users/sign_in"
-    assert_contain 'Could not authenticate you from FaceBook because "Access denied".'
-  end
-
-  test "handles other exceptions from OmniAuth" do
-    OmniAuth.config.mock_auth[:facebook] = :invalid_credentials
-
-    visit "/users/sign_in"
-    click_link "Sign in with FaceBook"
-
-    assert_current_url "/users/sign_in"
-    assert_contain 'Could not authenticate you from FaceBook because "Invalid credentials".'
-  end
-end

data/test/integration/recoverable_test.rb

@@ -1,347 +0,0 @@
-require 'test_helper'
-
-class PasswordTest < Devise::IntegrationTest
-
-  def visit_new_password_path
-    visit new_user_session_path
-    click_link 'Forgot your password?'
-  end
-
-  def request_forgot_password(&block)
-    visit_new_password_path
-    assert_response :success
-    assert_not warden.authenticated?(:user)
-
-    fill_in 'email', with: 'user@test.com'
-    yield if block_given?
-
-    Devise.stubs(:friendly_token).returns("abcdef")
-    click_button 'Send me reset password instructions'
-  end
-
-  def reset_password(options={}, &block)
-    unless options[:visit] == false
-      visit edit_user_password_path(reset_password_token: options[:reset_password_token] || "abcdef")
-      assert_response :success
-    end
-
-    fill_in 'New password', with: '987654321'
-    fill_in 'Confirm new password', with: '987654321'
-    yield if block_given?
-    click_button 'Change my password'
-  end
-
-  test 'reset password with email of different case should succeed when email is in the list of case insensitive keys' do
-    create_user(email: 'Foo@Bar.com')
-
-    request_forgot_password do
-      fill_in 'email', with: 'foo@bar.com'
-    end
-
-    assert_current_url '/users/sign_in'
-    assert_contain 'You will receive an email with instructions on how to reset your password in a few minutes.'
-  end
-
-  test 'reset password with email should send an email from a custom mailer' do
-    create_user(email: 'Foo@Bar.com')
-
-    User.any_instance.stubs(:devise_mailer).returns(Users::Mailer)
-    request_forgot_password do
-      fill_in 'email', with: 'foo@bar.com'
-    end
-
-    mail = ActionMailer::Base.deliveries.last
-    assert_equal ['custom@example.com'], mail.from
-    assert_match edit_user_password_path(reset_password_token: 'abcdef'), mail.body.encoded
-  end
-
-  test 'reset password with email of different case should fail when email is NOT the list of case insensitive keys' do
-    swap Devise, case_insensitive_keys: [] do
-      create_user(email: 'Foo@Bar.com')
-
-      request_forgot_password do
-        fill_in 'email', with: 'foo@bar.com'
-      end
-
-      assert_response :success
-      assert_current_url '/users/password'
-      assert_have_selector "input[type=email][value='foo@bar.com']"
-      assert_contain 'not found'
-    end
-  end
-
-  test 'reset password with email with extra whitespace should succeed when email is in the list of strip whitespace keys' do
-    create_user(email: 'foo@bar.com')
-
-    request_forgot_password do
-      fill_in 'email', with: ' foo@bar.com '
-    end
-
-    assert_current_url '/users/sign_in'
-    assert_contain 'You will receive an email with instructions on how to reset your password in a few minutes.'
-  end
-
-  test 'reset password with email with extra whitespace should fail when email is NOT the list of strip whitespace keys' do
-    swap Devise, strip_whitespace_keys: [] do
-      create_user(email: 'foo@bar.com')
-
-      request_forgot_password do
-        fill_in 'email', with: ' foo@bar.com '
-      end
-
-      assert_response :success
-      assert_current_url '/users/password'
-      assert_have_selector "input[type=email][value=' foo@bar.com ']"
-      assert_contain 'not found'
-    end
-  end
-
-  test 'authenticated user should not be able to visit forgot password page' do
-    sign_in_as_user
-    assert warden.authenticated?(:user)
-
-    get new_user_password_path
-
-    assert_response :redirect
-    assert_redirected_to root_path
-  end
-
-  test 'not authenticated user should be able to request a forgot password' do
-    create_user
-    request_forgot_password
-
-    assert_current_url '/users/sign_in'
-    assert_contain 'You will receive an email with instructions on how to reset your password in a few minutes.'
-  end
-
-  test 'not authenticated user with invalid email should receive an error message' do
-    request_forgot_password do
-      fill_in 'email', with: 'invalid.test@test.com'
-    end
-
-    assert_response :success
-    assert_current_url '/users/password'
-    assert_have_selector "input[type=email][value='invalid.test@test.com']"
-    assert_contain 'not found'
-  end
-
-  test 'authenticated user should not be able to visit edit password page' do
-    sign_in_as_user
-    get edit_user_password_path
-    assert_response :redirect
-    assert_redirected_to root_path
-    assert warden.authenticated?(:user)
-  end
-
-  test 'not authenticated user without a reset password token should not be able to visit the page' do
-    get edit_user_password_path
-    assert_response :redirect
-    assert_redirected_to "/users/sign_in"
-  end
-
-  test 'not authenticated user with invalid reset password token should not be able to change their password' do
-    user = create_user
-    reset_password reset_password_token: 'invalid_reset_password'
-
-    assert_response :success
-    assert_current_url '/users/password'
-    assert_have_selector '#error_explanation'
-    assert_contain %r{Reset password token(.*)invalid}
-    assert_not user.reload.valid_password?('987654321')
-  end
-
-  test 'not authenticated user with valid reset password token but invalid password should not be able to change their password' do
-    user = create_user
-    request_forgot_password
-    reset_password do
-      fill_in 'Confirm new password', with: 'other_password'
-    end
-
-    assert_response :success
-    assert_current_url '/users/password'
-    assert_have_selector '#error_explanation'
-    assert_contain "Password confirmation doesn't match Password"
-    assert_not user.reload.valid_password?('987654321')
-  end
-
-  test 'not authenticated user with valid data should be able to change their password' do
-    user = create_user
-    request_forgot_password
-    reset_password
-
-    assert_current_url '/'
-    assert_contain 'Your password has been changed successfully. You are now signed in.'
-    assert user.reload.valid_password?('987654321')
-  end
-
-  test 'after entering invalid data user should still be able to change their password' do
-    user = create_user
-    request_forgot_password
-
-    reset_password {  fill_in 'Confirm new password', with: 'other_password' }
-    assert_response :success
-    assert_have_selector '#error_explanation'
-    assert_not user.reload.valid_password?('987654321')
-
-    reset_password visit: false
-    assert_contain 'Your password has been changed successfully.'
-    assert user.reload.valid_password?('987654321')
-  end
-
-  test 'sign in user automatically after changing its password' do
-    create_user
-    request_forgot_password
-    reset_password
-
-    assert warden.authenticated?(:user)
-  end
-
-  test 'does not sign in user automatically after changing its password if config.sign_in_after_reset_password is false' do
-    swap Devise, sign_in_after_reset_password: false do
-      create_user
-      request_forgot_password
-      reset_password
-
-      assert_contain 'Your password has been changed successfully.'
-      assert_not_contain 'You are now signed in.'
-      assert_equal new_user_session_path, @request.path
-      assert !warden.authenticated?(:user)
-    end
-  end
-
-  test 'does not sign in user automatically after changing its password if it\'s locked and unlock strategy is :none or :time' do
-    [:none, :time].each do |strategy|
-      swap Devise, unlock_strategy: strategy do
-        create_user(locked: true)
-        request_forgot_password
-        reset_password
-
-        assert_contain 'Your password has been changed successfully.'
-        assert_not_contain 'You are now signed in.'
-        assert_equal new_user_session_path, @request.path
-        assert !warden.authenticated?(:user)
-      end
-    end
-  end
-
-  test 'unlocks and signs in locked user automatically after changing it\'s password if unlock strategy is :email' do
-    swap Devise, unlock_strategy: :email do
-      user = create_user(locked: true)
-      request_forgot_password
-      reset_password
-
-      assert_contain 'Your password has been changed successfully.'
-      assert !user.reload.access_locked?
-      assert warden.authenticated?(:user)
-    end
-  end
-
-  test 'unlocks and signs in locked user automatically after changing it\'s password if unlock strategy is :both' do
-    swap Devise, unlock_strategy: :both do
-      user = create_user(locked: true)
-      request_forgot_password
-      reset_password
-
-      assert_contain 'Your password has been changed successfully.'
-      assert !user.reload.access_locked?
-      assert warden.authenticated?(:user)
-    end
-  end
-
-  test 'reset password request with valid E-Mail in XML format should return valid response' do
-    create_user
-    post user_password_path(format: 'xml'), params: { user: {email: "user@test.com"} }
-    assert_response :success
-    assert_equal response.body, { }.to_xml
-  end
-
-  test 'reset password request with invalid E-Mail in XML format should return valid response' do
-    create_user
-    post user_password_path(format: 'xml'), params: { user: {email: "invalid.test@test.com"} }
-    assert_response :unprocessable_entity
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
-  end
-
-  test 'reset password request with invalid E-Mail in XML format should return empty and valid response' do
-    swap Devise, paranoid: true do
-      create_user
-      post user_password_path(format: 'xml'), params: { user: {email: "invalid@test.com"} }
-      assert_response :success
-      assert_equal response.body, { }.to_xml
-    end
-  end
-
-  test 'change password with valid parameters in XML format should return valid response' do
-    create_user
-    request_forgot_password
-    put user_password_path(format: 'xml'), params: { user: {
-      reset_password_token: 'abcdef', password: '987654321', password_confirmation: '987654321'
-      }
-    }
-    assert_response :success
-    assert warden.authenticated?(:user)
-  end
-
-  test 'change password with invalid token in XML format should return invalid response' do
-    create_user
-    request_forgot_password
-    put user_password_path(format: 'xml'), params: { user: {reset_password_token: 'invalid.token', password: '987654321', password_confirmation: '987654321'} }
-    assert_response :unprocessable_entity
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
-  end
-
-  test 'change password with invalid new password in XML format should return invalid response' do
-    user = create_user
-    request_forgot_password
-    put user_password_path(format: 'xml'), params: { user: {reset_password_token: user.reload.reset_password_token, password: '', password_confirmation: '987654321'} }
-    assert_response :unprocessable_entity
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
-  end
-
-  test "when using json requests to ask a confirmable request, should not return the object" do
-    user = create_user(confirm: false)
-
-    post user_password_path(format: :json), params: { user: { email: user.email } }
-
-    assert_response :success
-    assert_equal response.body, "{}"
-  end
-
-  test "when in paranoid mode and with an invalid e-mail, asking to reset a password should display a message that does not indicates that the e-mail does not exists in the database" do
-    swap Devise, paranoid: true do
-      visit_new_password_path
-      fill_in "email", with: "arandomemail@test.com"
-      click_button 'Send me reset password instructions'
-
-      assert_not_contain "1 error prohibited this user from being saved:"
-      assert_not_contain "Email not found"
-      assert_contain "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
-      assert_current_url "/users/sign_in"
-    end
-  end
-
-  test "when in paranoid mode and with a valid e-mail, asking to reset password should display a message that does not indicates that the email exists in the database and redirect to the failure route" do
-    swap Devise, paranoid: true do
-      user = create_user
-      visit_new_password_path
-      fill_in 'email', with: user.email
-      click_button 'Send me reset password instructions'
-
-      assert_contain "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
-      assert_current_url "/users/sign_in"
-    end
-  end
-
-  test "after recovering a password, should set failed attempts to 0" do
-    user = create_user
-    user.update_attribute(:failed_attempts, 10)
-
-    assert_equal 10, user.failed_attempts
-    request_forgot_password
-    reset_password
-
-    assert warden.authenticated?(:user)
-    user.reload
-    assert_equal 0, user.failed_attempts
-  end
-end