devise 4.4.3 → 4.9.2

data/guides/bug_report_templates/integration_test.rb

@@ -1,106 +0,0 @@
-# frozen_string_literal: true
-
-begin
-  require 'bundler/inline'
-rescue LoadError => e
-  $stderr.puts 'Bundler version 1.10 or later is required. Please update your Bundler'
-  raise e
-end
-
-gemfile(true) do
-  source 'https://rubygems.org'
-  # Activate the gem you are reporting the issue against.
-  gem 'rails', '~> 4.2.0'
-  gem 'devise', '~> 4.0'
-  gem 'sqlite3'
-  gem 'byebug'
-end
-
-require 'rack/test'
-require 'action_controller/railtie'
-require 'active_record'
-require 'devise/rails/routes'
-require 'devise/rails/warden_compat'
-
-ActiveRecord::Base.establish_connection( adapter: :sqlite3, database:  ':memory:')
-
-class DeviseCreateUsers < ActiveRecord::Migration
-  def change
-    create_table(:users) do |t|
-      t.string :email,              null: false
-      t.string :encrypted_password, null: true
-      t.timestamps null: false
-    end
-
-  end
-end
-
-Devise.setup do |config|
-  require 'devise/orm/active_record'
-  config.secret_key = 'secret_key_base'
-end
-
-class TestApp < Rails::Application
-  config.root = File.dirname(__FILE__)
-  config.session_store :cookie_store, key: 'cookie_store_key'
-  secrets.secret_token    = 'secret_token'
-  secrets.secret_key_base = 'secret_key_base'
-  config.eager_load = false
-
-  config.middleware.use Warden::Manager do |config|
-    Devise.warden_config = config
-  end
-
-  config.logger = Logger.new($stdout)
-  Rails.logger  = config.logger
-
-end
-
-Rails.application.initialize!
-
-DeviseCreateUsers.migrate(:up)
-
-class User < ActiveRecord::Base
-  devise :database_authenticatable
-end
-
-Rails.application.routes.draw do
-  devise_for :users
-
-  get '/' => 'test#index'
-end
-
-class ApplicationController < ActionController::Base
-end
-
-class TestController < ApplicationController
-  include Rails.application.routes.url_helpers
-
-  before_filter :authenticate_user!
-
-  def index
-    render plain: 'Home'
-  end
-end
-
-require 'minitest/autorun'
-
-class BugTest < ActionDispatch::IntegrationTest
-  include Rack::Test::Methods
-  include Warden::Test::Helpers
-
-  def test_returns_success
-    Warden.test_mode!
-
-    login_as User.create!(email: 'test@test.com', password: 'test123456', password_confirmation: 'test123456')
-
-    get '/'
-    assert last_response.ok?
-  end
-
-  private
-
-  def app
-    Rails.application
-  end
-end

data/test/controllers/custom_registrations_controller_test.rb

@@ -1,42 +0,0 @@
-# frozen_string_literal: true
-
-require 'test_helper'
-
-class CustomRegistrationsControllerTest < Devise::ControllerTestCase
-  tests Custom::RegistrationsController
-
-  include Devise::Test::ControllerHelpers
-
-  setup do
-    request.env["devise.mapping"] = Devise.mappings[:user]
-    @password = 'password'
-    @user = create_user(password: @password, password_confirmation: @password).tap(&:confirm)
-  end
-
-  test "yield resource to block on create success" do
-    post :create, params: { user: { email: "user@example.org", password: "password", password_confirmation: "password" } }
-    assert @controller.create_block_called?, "create failed to yield resource to provided block"
-  end
-
-  test "yield resource to block on create failure" do
-    post :create, params: { user: { } }
-    assert @controller.create_block_called?, "create failed to yield resource to provided block"
-  end
-
-  test "yield resource to block on update success" do
-    sign_in @user
-    put :update, params: { user: { current_password: @password } }
-    assert @controller.update_block_called?, "update failed to yield resource to provided block"
-  end
-
-  test "yield resource to block on update failure" do
-    sign_in @user
-    put :update, params: { user: { } }
-    assert @controller.update_block_called?, "update failed to yield resource to provided block"
-  end
-
-  test "yield resource to block on new" do
-    get :new
-    assert @controller.new_block_called?, "new failed to yield resource to provided block"
-  end
-end

data/test/controllers/custom_strategy_test.rb

@@ -1,66 +0,0 @@
-# frozen_string_literal: true
-
-require 'test_helper'
-require 'ostruct'
-require 'warden/strategies/base'
-require 'devise/test_helpers'
-
-class CustomStrategyController < ActionController::Base
-  def new
-    warden.authenticate!(:custom_strategy)
-  end
-end
-
-# These tests are to prove that a warden strategy can successfully
-# return a custom response, including a specific status code and
-# custom http response headers. This does work in production,
-# however, at the time of writing this, the Devise test helpers do
-# not recognise the custom response and proceed to calling the
-# Failure App. This makes it impossible to write tests for a
-# strategy that return a custom response with Devise.
-class CustomStrategy < Warden::Strategies::Base
-  def authenticate!
-    custom_headers = { "X-FOO" => "BAR" }
-    response = Rack::Response.new("BAD REQUEST", 400, custom_headers)
-    custom! response.finish
-  end
-end
-
-class CustomStrategyTest < Devise::ControllerTestCase
-  tests CustomStrategyController
-
-  include Devise::Test::ControllerHelpers
-
-  setup do
-    Warden::Strategies.add(:custom_strategy, CustomStrategy)
-  end
-
-  teardown do
-    Warden::Strategies._strategies.delete(:custom_strategy)
-  end
-
-  test "custom strategy can return its own status code" do
-    ret = get :new
-
-    # check the returned rack array
-    # assert ret.is_a?(Array)
-    # assert_equal 400, ret.first
-    assert ret.is_a?(ActionDispatch::TestResponse)
-
-    # check the saved response as well. This is purely so that the response is available to the testing framework
-    # for verification. In production, the above array would be delivered directly to Rack.
-    assert_response 400
-  end
-
-  test "custom strategy can return custom headers" do
-    ret = get :new
-
-    # check the returned rack array
-    # assert ret.is_a?(Array)
-    # assert_equal ret.third['X-FOO'], 'BAR'
-    assert ret.is_a?(ActionDispatch::TestResponse)
-
-    # check the saved response headers as well.
-    assert_equal response.headers['X-FOO'], 'BAR'
-  end
-end

data/test/controllers/helper_methods_test.rb

@@ -1,24 +0,0 @@
-# frozen_string_literal: true
-
-require 'test_helper'
-
-class ApiController < ActionController::Metal
-  include Devise::Controllers::Helpers
-end
-
-class HelperMethodsTest < Devise::ControllerTestCase
-  tests ApiController
-
-  test 'includes Devise::Controllers::Helpers' do
-    assert_includes @controller.class.ancestors, Devise::Controllers::Helpers
-  end
-
-  test 'does not respond_to helper or helper_method' do
-    refute_respond_to @controller.class, :helper
-    refute_respond_to @controller.class, :helper_method
-  end
-
-  test 'defines methods like current_user' do
-    assert_respond_to @controller, :current_user
-  end
-end

data/test/controllers/helpers_test.rb

@@ -1,318 +0,0 @@
-# frozen_string_literal: true
-
-require 'test_helper'
-require 'ostruct'
-
-class ControllerAuthenticatableTest < Devise::ControllerTestCase
-  tests ApplicationController
-
-  def setup
-    @mock_warden = OpenStruct.new
-    @controller.request.env['warden'] = @mock_warden
-  end
-
-  test 'provide access to warden instance' do
-    assert_equal @mock_warden, @controller.warden
-  end
-
-  test 'proxy signed_in?(scope) to authenticate?' do
-    @mock_warden.expects(:authenticate?).with(scope: :my_scope)
-    @controller.signed_in?(:my_scope)
-  end
-
-  test 'proxy signed_in?(nil) to authenticate?' do
-    Devise.mappings.keys.each do |scope| # :user, :admin, :manager
-      @mock_warden.expects(:authenticate?).with(scope: scope)
-    end
-    @controller.signed_in?
-  end
-
-  test 'proxy [group]_signed_in? to authenticate? with each scope' do
-    [:user, :admin].each do |scope|
-      @mock_warden.expects(:authenticate?).with(scope: scope).returns(false)
-    end
-    @controller.commenter_signed_in?
-  end
-
-  test 'proxy current_user to authenticate with user scope' do
-    @mock_warden.expects(:authenticate).with(scope: :user)
-    @controller.current_user
-  end
-
-  test 'proxy current_admin to authenticate with admin scope' do
-    @mock_warden.expects(:authenticate).with(scope: :admin)
-    @controller.current_admin
-  end
-
-  test 'proxy current_[group] to authenticate with each scope' do
-    [:user, :admin].each do |scope|
-      @mock_warden.expects(:authenticate).with(scope: scope).returns(nil)
-    end
-    @controller.current_commenter
-  end
-
-  test 'proxy current_[plural_group] to authenticate with each scope' do
-    [:user, :admin].each do |scope|
-      @mock_warden.expects(:authenticate).with(scope: scope)
-    end
-    @controller.current_commenters
-  end
-
-  test 'proxy current_publisher_account to authenticate with namespaced publisher account scope' do
-    @mock_warden.expects(:authenticate).with(scope: :publisher_account)
-    @controller.current_publisher_account
-  end
-
-  test 'proxy authenticate_user! to authenticate with user scope' do
-    @mock_warden.expects(:authenticate!).with(scope: :user)
-    @controller.authenticate_user!
-  end
-
-  test 'proxy authenticate_user! options to authenticate with user scope' do
-    @mock_warden.expects(:authenticate!).with(scope: :user, recall: "foo")
-    @controller.authenticate_user!(recall: "foo")
-  end
-
-  test 'proxy authenticate_admin! to authenticate with admin scope' do
-    @mock_warden.expects(:authenticate!).with(scope: :admin)
-    @controller.authenticate_admin!
-  end
-
-  test 'proxy authenticate_[group]! to authenticate!? with each scope' do
-    [:user, :admin].each do |scope|
-      @mock_warden.expects(:authenticate!).with(scope: scope)
-      @mock_warden.expects(:authenticate?).with(scope: scope).returns(false)
-    end
-    @controller.authenticate_commenter!
-  end
-
-  test 'proxy authenticate_publisher_account! to authenticate with namespaced publisher account scope' do
-    @mock_warden.expects(:authenticate!).with(scope: :publisher_account)
-    @controller.authenticate_publisher_account!
-  end
-
-  test 'proxy user_signed_in? to authenticate with user scope' do
-    @mock_warden.expects(:authenticate).with(scope: :user).returns("user")
-    assert @controller.user_signed_in?
-  end
-
-  test 'proxy admin_signed_in? to authenticatewith admin scope' do
-    @mock_warden.expects(:authenticate).with(scope: :admin)
-    refute @controller.admin_signed_in?
-  end
-
-  test 'proxy publisher_account_signed_in? to authenticate with namespaced publisher account scope' do
-    @mock_warden.expects(:authenticate).with(scope: :publisher_account)
-    @controller.publisher_account_signed_in?
-  end
-
-  test 'proxy user_session to session scope in warden' do
-    @mock_warden.expects(:authenticate).with(scope: :user).returns(true)
-    @mock_warden.expects(:session).with(:user).returns({})
-    @controller.user_session
-  end
-
-  test 'proxy admin_session to session scope in warden' do
-    @mock_warden.expects(:authenticate).with(scope: :admin).returns(true)
-    @mock_warden.expects(:session).with(:admin).returns({})
-    @controller.admin_session
-  end
-
-  test 'proxy publisher_account_session from namespaced scope to session scope in warden' do
-    @mock_warden.expects(:authenticate).with(scope: :publisher_account).returns(true)
-    @mock_warden.expects(:session).with(:publisher_account).returns({})
-    @controller.publisher_account_session
-  end
-
-  test 'sign in proxy to set_user on warden' do
-    user = User.new
-    @mock_warden.expects(:user).returns(nil)
-    @mock_warden.expects(:set_user).with(user, scope: :user).returns(true)
-    @controller.sign_in(:user, user)
-  end
-
-  test 'sign in accepts a resource as argument' do
-    user = User.new
-    @mock_warden.expects(:user).returns(nil)
-    @mock_warden.expects(:set_user).with(user, scope: :user).returns(true)
-    @controller.sign_in(user)
-  end
-
-  test 'does not sign in again if the user is already in' do
-    user = User.new
-    @mock_warden.expects(:user).returns(user)
-    @mock_warden.expects(:set_user).never
-    assert @controller.sign_in(user)
-  end
-
-  test 'sign in again when the user is already in only if force is given' do
-    user = User.new
-    @mock_warden.expects(:user).returns(user)
-    @mock_warden.expects(:set_user).with(user, scope: :user).returns(true)
-    @controller.sign_in(user, force: true)
-  end
-
-  test 'bypass the sign in' do
-    user = User.new
-    @mock_warden.expects(:session_serializer).returns(serializer = mock())
-    serializer.expects(:store).with(user, :user)
-    @controller.bypass_sign_in(user)
-  end
-
-  test 'sign out clears up any signed in user from all scopes' do
-    user = User.new
-    @mock_warden.expects(:user).times(Devise.mappings.size)
-    @mock_warden.expects(:logout).with().returns(true)
-    @controller.instance_variable_set(:@current_user, user)
-    @controller.instance_variable_set(:@current_admin, user)
-    @controller.sign_out
-    assert_nil @controller.instance_variable_get(:@current_user)
-    assert_nil @controller.instance_variable_get(:@current_admin)
-  end
-
-  test 'sign out logs out and clears up any signed in user by scope' do
-    user = User.new
-    @mock_warden.expects(:user).with(scope: :user, run_callbacks: false).returns(user)
-    @mock_warden.expects(:logout).with(:user).returns(true)
-    @mock_warden.expects(:clear_strategies_cache!).with(scope: :user).returns(true)
-    @controller.instance_variable_set(:@current_user, user)
-    @controller.sign_out(:user)
-    assert_nil @controller.instance_variable_get(:@current_user)
-  end
-
-  test 'sign out accepts a resource as argument' do
-    @mock_warden.expects(:user).with(scope: :user, run_callbacks: false).returns(true)
-    @mock_warden.expects(:logout).with(:user).returns(true)
-    @mock_warden.expects(:clear_strategies_cache!).with(scope: :user).returns(true)
-    @controller.sign_out(User.new)
-  end
-
-  test 'sign out without args proxy to sign out all scopes' do
-    @mock_warden.expects(:user).times(Devise.mappings.size)
-    @mock_warden.expects(:logout).with().returns(true)
-    @mock_warden.expects(:clear_strategies_cache!).with().returns(true)
-    @controller.sign_out
-  end
-
-  test 'sign out everybody proxy to logout on warden' do
-    @mock_warden.expects(:user).times(Devise.mappings.size)
-    @mock_warden.expects(:logout).with().returns(true)
-    @controller.sign_out_all_scopes
-  end
-
-  test 'stored location for returns the location for a given scope' do
-    assert_nil @controller.stored_location_for(:user)
-    @controller.session[:"user_return_to"] = "/foo.bar"
-    assert_equal "/foo.bar", @controller.stored_location_for(:user)
-  end
-
-  test 'stored location for accepts a resource as argument' do
-    assert_nil @controller.stored_location_for(:user)
-    @controller.session[:"user_return_to"] = "/foo.bar"
-    assert_equal "/foo.bar", @controller.stored_location_for(User.new)
-  end
-
-  test 'stored location cleans information after reading' do
-    @controller.session[:"user_return_to"] = "/foo.bar"
-    assert_equal "/foo.bar", @controller.stored_location_for(:user)
-    assert_nil @controller.session[:"user_return_to"]
-  end
-
-  test 'store location for stores a location to redirect back to' do
-    assert_nil @controller.stored_location_for(:user)
-    @controller.store_location_for(:user, "/foo.bar")
-    assert_equal "/foo.bar", @controller.stored_location_for(:user)
-  end
-
-  test 'store bad location for stores a location to redirect back to' do
-    assert_nil @controller.stored_location_for(:user)
-    @controller.store_location_for(:user, "/foo.bar\">Carry")
-    assert_nil @controller.stored_location_for(:user)
-  end
-
-  test 'store location for accepts a resource as argument' do
-    @controller.store_location_for(User.new, "/foo.bar")
-    assert_equal "/foo.bar", @controller.stored_location_for(User.new)
-  end
-
-  test 'store location for stores paths' do
-    @controller.store_location_for(:user, "//host/foo.bar")
-    assert_equal "/foo.bar", @controller.stored_location_for(:user)
-    @controller.store_location_for(:user, "///foo.bar")
-    assert_equal "/foo.bar", @controller.stored_location_for(:user)
-  end
-
-  test 'store location for stores query string' do
-    @controller.store_location_for(:user, "/foo?bar=baz")
-    assert_equal "/foo?bar=baz", @controller.stored_location_for(:user)
-  end
-
-  test 'store location for stores fragments' do
-    @controller.store_location_for(:user, "/foo#bar")
-    assert_equal "/foo#bar", @controller.stored_location_for(:user)
-  end
-
-  test 'after sign in path defaults to root path if none by was specified for the given scope' do
-    assert_equal root_path, @controller.after_sign_in_path_for(:user)
-  end
-
-  test 'after sign in path defaults to the scoped root path' do
-    assert_equal admin_root_path, @controller.after_sign_in_path_for(:admin)
-  end
-
-  test 'after sign out path defaults to the root path' do
-    assert_equal root_path, @controller.after_sign_out_path_for(:admin)
-    assert_equal root_path, @controller.after_sign_out_path_for(:user)
-  end
-
-  test 'sign in and redirect uses the stored location' do
-    user = User.new
-    @controller.session[:user_return_to] = "/foo.bar"
-    @mock_warden.expects(:user).with(:user).returns(nil)
-    @mock_warden.expects(:set_user).with(user, scope: :user).returns(true)
-    @controller.expects(:redirect_to).with("/foo.bar")
-    @controller.sign_in_and_redirect(user)
-  end
-
-  test 'sign in and redirect uses the configured after sign in path' do
-    admin = Admin.new
-    @mock_warden.expects(:user).with(:admin).returns(nil)
-    @mock_warden.expects(:set_user).with(admin, scope: :admin).returns(true)
-    @controller.expects(:redirect_to).with(admin_root_path)
-    @controller.sign_in_and_redirect(admin)
-  end
-
-  test 'sign in and redirect does not sign in again if user is already signed' do
-    admin = Admin.new
-    @mock_warden.expects(:user).with(:admin).returns(admin)
-    @mock_warden.expects(:set_user).never
-    @controller.expects(:redirect_to).with(admin_root_path)
-    @controller.sign_in_and_redirect(admin)
-  end
-
-  test 'sign out and redirect uses the configured after sign out path when signing out only the current scope' do
-    swap Devise, sign_out_all_scopes: false do
-      @mock_warden.expects(:user).with(scope: :admin, run_callbacks: false).returns(true)
-      @mock_warden.expects(:logout).with(:admin).returns(true)
-      @mock_warden.expects(:clear_strategies_cache!).with(scope: :admin).returns(true)
-      @controller.expects(:redirect_to).with(admin_root_path)
-      @controller.instance_eval "def after_sign_out_path_for(resource); admin_root_path; end"
-      @controller.sign_out_and_redirect(:admin)
-    end
-  end
-
-  test 'sign out and redirect uses the configured after sign out path when signing out all scopes' do
-    swap Devise, sign_out_all_scopes: true do
-      @mock_warden.expects(:user).times(Devise.mappings.size)
-      @mock_warden.expects(:logout).with().returns(true)
-      @mock_warden.expects(:clear_strategies_cache!).with().returns(true)
-      @controller.expects(:redirect_to).with(admin_root_path)
-      @controller.instance_eval "def after_sign_out_path_for(resource); admin_root_path; end"
-      @controller.sign_out_and_redirect(:admin)
-    end
-  end
-
-  test 'is not a devise controller' do
-    refute @controller.devise_controller?
-  end
-end

data/test/controllers/inherited_controller_i18n_messages_test.rb

@@ -1,53 +0,0 @@
-# frozen_string_literal: true
-
-require 'test_helper'
-
-class SessionsInheritedController < Devise::SessionsController
-  def test_i18n_scope
-    set_flash_message(:notice, :signed_in)
-  end
-end
-
-class AnotherInheritedController < SessionsInheritedController
-  protected
-
-  def translation_scope
-    'another'
-  end
-end
-
-class InheritedControllerTest < Devise::ControllerTestCase
-  tests SessionsInheritedController
-
-  def setup
-    @mock_warden = OpenStruct.new
-    @controller.request.env['warden'] = @mock_warden
-    @controller.request.env['devise.mapping'] = Devise.mappings[:user]
-  end
-
-  test 'I18n scope is inherited from Devise::Sessions' do
-    I18n.expects(:t).with do |message, options|
-      message == 'user.signed_in' &&
-        options[:scope] == 'devise.sessions'
-    end
-    @controller.test_i18n_scope
-  end
-end
-
-class AnotherInheritedControllerTest < Devise::ControllerTestCase
-  tests AnotherInheritedController
-
-  def setup
-    @mock_warden = OpenStruct.new
-    @controller.request.env['warden'] = @mock_warden
-    @controller.request.env['devise.mapping'] = Devise.mappings[:user]
-  end
-
-  test 'I18n scope is overridden' do
-    I18n.expects(:t).with do |message, options|
-      message == 'user.signed_in' &&
-        options[:scope] == 'another'
-    end
-    @controller.test_i18n_scope
-  end
-end