devise 4.5.0 → 4.6.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- checksums.yaml +5 -5
- data/CHANGELOG.md +30 -1
- data/MIT-LICENSE +1 -1
- data/README.md +18 -0
- data/app/controllers/devise/passwords_controller.rb +1 -0
- data/app/controllers/devise/registrations_controller.rb +25 -7
- data/app/helpers/devise_helper.rb +10 -19
- data/app/views/devise/confirmations/new.html.erb +1 -1
- data/app/views/devise/passwords/edit.html.erb +1 -1
- data/app/views/devise/passwords/new.html.erb +1 -1
- data/app/views/devise/registrations/edit.html.erb +1 -1
- data/app/views/devise/registrations/new.html.erb +1 -1
- data/app/views/devise/sessions/new.html.erb +2 -2
- data/app/views/devise/shared/_error_messages.html.erb +15 -0
- data/app/views/devise/shared/_links.html.erb +7 -7
- data/app/views/devise/unlocks/new.html.erb +1 -1
- data/config/locales/en.yml +1 -0
- data/lib/devise.rb +4 -0
- data/lib/devise/controllers/helpers.rb +1 -1
- data/lib/devise/failure_app.rb +28 -3
- data/lib/devise/models/authenticatable.rb +7 -15
- data/lib/devise/models/confirmable.rb +4 -1
- data/lib/devise/models/database_authenticatable.rb +41 -6
- data/lib/devise/models/lockable.rb +2 -2
- data/lib/devise/models/registerable.rb +2 -0
- data/lib/devise/strategies/database_authenticatable.rb +3 -0
- data/lib/devise/test/controller_helpers.rb +1 -1
- data/lib/devise/version.rb +1 -1
- data/lib/generators/active_record/devise_generator.rb +4 -4
- data/lib/generators/devise/controllers_generator.rb +1 -1
- data/lib/generators/templates/devise.rb +12 -3
- data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +1 -1
- data/lib/generators/templates/simple_form_for/registrations/new.html.erb +1 -1
- metadata +5 -305
- data/.gitignore +0 -10
- data/.travis.yml +0 -69
- data/.yardopts +0 -9
- data/CODE_OF_CONDUCT.md +0 -22
- data/CONTRIBUTING.md +0 -79
- data/Gemfile +0 -39
- data/Gemfile.lock +0 -202
- data/ISSUE_TEMPLATE.md +0 -19
- data/Rakefile +0 -37
- data/bin/test +0 -13
- data/devise.gemspec +0 -28
- data/devise.png +0 -0
- data/gemfiles/Gemfile.rails-4.1-stable +0 -32
- data/gemfiles/Gemfile.rails-4.1-stable.lock +0 -171
- data/gemfiles/Gemfile.rails-4.2-stable +0 -32
- data/gemfiles/Gemfile.rails-4.2-stable.lock +0 -192
- data/gemfiles/Gemfile.rails-5.0-stable +0 -33
- data/gemfiles/Gemfile.rails-5.0-stable.lock +0 -192
- data/gemfiles/Gemfile.rails-5.2-rc1 +0 -26
- data/gemfiles/Gemfile.rails-5.2-rc1.lock +0 -201
- data/guides/bug_report_templates/integration_test.rb +0 -106
- data/test/controllers/custom_registrations_controller_test.rb +0 -42
- data/test/controllers/custom_strategy_test.rb +0 -66
- data/test/controllers/helper_methods_test.rb +0 -24
- data/test/controllers/helpers_test.rb +0 -318
- data/test/controllers/inherited_controller_i18n_messages_test.rb +0 -53
- data/test/controllers/internal_helpers_test.rb +0 -129
- data/test/controllers/load_hooks_controller_test.rb +0 -21
- data/test/controllers/passwords_controller_test.rb +0 -34
- data/test/controllers/sessions_controller_test.rb +0 -108
- data/test/controllers/url_helpers_test.rb +0 -67
- data/test/delegator_test.rb +0 -21
- data/test/devise_test.rb +0 -109
- data/test/failure_app_test.rb +0 -346
- data/test/generators/active_record_generator_test.rb +0 -130
- data/test/generators/controllers_generator_test.rb +0 -50
- data/test/generators/devise_generator_test.rb +0 -41
- data/test/generators/install_generator_test.rb +0 -26
- data/test/generators/mongoid_generator_test.rb +0 -25
- data/test/generators/views_generator_test.rb +0 -105
- data/test/helpers/devise_helper_test.rb +0 -51
- data/test/integration/authenticatable_test.rb +0 -706
- data/test/integration/confirmable_test.rb +0 -326
- data/test/integration/database_authenticatable_test.rb +0 -110
- data/test/integration/http_authenticatable_test.rb +0 -114
- data/test/integration/lockable_test.rb +0 -242
- data/test/integration/mounted_engine_test.rb +0 -38
- data/test/integration/omniauthable_test.rb +0 -148
- data/test/integration/recoverable_test.rb +0 -349
- data/test/integration/registerable_test.rb +0 -365
- data/test/integration/rememberable_test.rb +0 -219
- data/test/integration/timeoutable_test.rb +0 -186
- data/test/integration/trackable_test.rb +0 -99
- data/test/mailers/confirmation_instructions_test.rb +0 -117
- data/test/mailers/email_changed_test.rb +0 -132
- data/test/mailers/mailer_test.rb +0 -20
- data/test/mailers/reset_password_instructions_test.rb +0 -98
- data/test/mailers/unlock_instructions_test.rb +0 -93
- data/test/mapping_test.rb +0 -136
- data/test/models/authenticatable_test.rb +0 -25
- data/test/models/confirmable_test.rb +0 -549
- data/test/models/database_authenticatable_test.rb +0 -290
- data/test/models/lockable_test.rb +0 -352
- data/test/models/omniauthable_test.rb +0 -9
- data/test/models/recoverable_test.rb +0 -263
- data/test/models/registerable_test.rb +0 -9
- data/test/models/rememberable_test.rb +0 -184
- data/test/models/serializable_test.rb +0 -60
- data/test/models/timeoutable_test.rb +0 -53
- data/test/models/trackable_test.rb +0 -80
- data/test/models/validatable_test.rb +0 -121
- data/test/models_test.rb +0 -155
- data/test/omniauth/config_test.rb +0 -61
- data/test/omniauth/url_helpers_test.rb +0 -53
- data/test/orm/active_record.rb +0 -24
- data/test/orm/mongoid.rb +0 -15
- data/test/parameter_sanitizer_test.rb +0 -105
- data/test/rails_app/Rakefile +0 -6
- data/test/rails_app/app/active_record/admin.rb +0 -8
- data/test/rails_app/app/active_record/shim.rb +0 -4
- data/test/rails_app/app/active_record/user.rb +0 -20
- data/test/rails_app/app/active_record/user_on_engine.rb +0 -9
- data/test/rails_app/app/active_record/user_on_main_app.rb +0 -9
- data/test/rails_app/app/active_record/user_with_validations.rb +0 -12
- data/test/rails_app/app/active_record/user_without_email.rb +0 -10
- data/test/rails_app/app/controllers/admins/sessions_controller.rb +0 -8
- data/test/rails_app/app/controllers/admins_controller.rb +0 -8
- data/test/rails_app/app/controllers/application_controller.rb +0 -13
- data/test/rails_app/app/controllers/application_with_fake_engine.rb +0 -32
- data/test/rails_app/app/controllers/custom/registrations_controller.rb +0 -33
- data/test/rails_app/app/controllers/home_controller.rb +0 -31
- data/test/rails_app/app/controllers/publisher/registrations_controller.rb +0 -4
- data/test/rails_app/app/controllers/publisher/sessions_controller.rb +0 -4
- data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +0 -16
- data/test/rails_app/app/controllers/users_controller.rb +0 -33
- data/test/rails_app/app/helpers/application_helper.rb +0 -5
- data/test/rails_app/app/mailers/users/from_proc_mailer.rb +0 -5
- data/test/rails_app/app/mailers/users/mailer.rb +0 -5
- data/test/rails_app/app/mailers/users/reply_to_mailer.rb +0 -6
- data/test/rails_app/app/mongoid/admin.rb +0 -31
- data/test/rails_app/app/mongoid/shim.rb +0 -25
- data/test/rails_app/app/mongoid/user.rb +0 -50
- data/test/rails_app/app/mongoid/user_on_engine.rb +0 -41
- data/test/rails_app/app/mongoid/user_on_main_app.rb +0 -41
- data/test/rails_app/app/mongoid/user_with_validations.rb +0 -37
- data/test/rails_app/app/mongoid/user_without_email.rb +0 -35
- data/test/rails_app/app/views/admins/index.html.erb +0 -1
- data/test/rails_app/app/views/admins/sessions/new.html.erb +0 -2
- data/test/rails_app/app/views/home/admin_dashboard.html.erb +0 -1
- data/test/rails_app/app/views/home/index.html.erb +0 -1
- data/test/rails_app/app/views/home/join.html.erb +0 -1
- data/test/rails_app/app/views/home/private.html.erb +0 -1
- data/test/rails_app/app/views/home/user_dashboard.html.erb +0 -1
- data/test/rails_app/app/views/layouts/application.html.erb +0 -24
- data/test/rails_app/app/views/users/edit_form.html.erb +0 -1
- data/test/rails_app/app/views/users/index.html.erb +0 -1
- data/test/rails_app/app/views/users/mailer/confirmation_instructions.erb +0 -1
- data/test/rails_app/app/views/users/sessions/new.html.erb +0 -1
- data/test/rails_app/bin/bundle +0 -3
- data/test/rails_app/bin/rails +0 -4
- data/test/rails_app/bin/rake +0 -4
- data/test/rails_app/config.ru +0 -4
- data/test/rails_app/config/application.rb +0 -48
- data/test/rails_app/config/boot.rb +0 -27
- data/test/rails_app/config/database.yml +0 -18
- data/test/rails_app/config/environment.rb +0 -7
- data/test/rails_app/config/environments/development.rb +0 -32
- data/test/rails_app/config/environments/production.rb +0 -88
- data/test/rails_app/config/environments/test.rb +0 -47
- data/test/rails_app/config/initializers/backtrace_silencers.rb +0 -9
- data/test/rails_app/config/initializers/devise.rb +0 -187
- data/test/rails_app/config/initializers/inflections.rb +0 -4
- data/test/rails_app/config/initializers/secret_token.rb +0 -5
- data/test/rails_app/config/initializers/session_store.rb +0 -3
- data/test/rails_app/config/routes.rb +0 -128
- data/test/rails_app/db/migrate/20100401102949_create_tables.rb +0 -77
- data/test/rails_app/db/schema.rb +0 -57
- data/test/rails_app/lib/lazy_load_test_module.rb +0 -5
- data/test/rails_app/lib/shared_admin.rb +0 -23
- data/test/rails_app/lib/shared_user.rb +0 -32
- data/test/rails_app/lib/shared_user_without_email.rb +0 -28
- data/test/rails_app/lib/shared_user_without_omniauth.rb +0 -15
- data/test/rails_app/public/404.html +0 -26
- data/test/rails_app/public/422.html +0 -26
- data/test/rails_app/public/500.html +0 -26
- data/test/rails_app/public/favicon.ico +0 -0
- data/test/rails_test.rb +0 -11
- data/test/routes_test.rb +0 -281
- data/test/secret_key_finder_test.rb +0 -121
- data/test/support/action_controller/record_identifier.rb +0 -12
- data/test/support/assertions.rb +0 -30
- data/test/support/helpers.rb +0 -83
- data/test/support/http_method_compatibility.rb +0 -53
- data/test/support/integration.rb +0 -95
- data/test/support/locale/en.yml +0 -8
- data/test/support/mongoid.yml +0 -6
- data/test/support/webrat/integrations/rails.rb +0 -35
- data/test/test/controller_helpers_test.rb +0 -193
- data/test/test/integration_helpers_test.rb +0 -34
- data/test/test_helper.rb +0 -36
- data/test/test_models.rb +0 -35
@@ -1,326 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require 'test_helper'
|
4
|
-
|
5
|
-
class ConfirmationTest < Devise::IntegrationTest
|
6
|
-
|
7
|
-
def visit_user_confirmation_with_token(confirmation_token)
|
8
|
-
visit user_confirmation_path(confirmation_token: confirmation_token)
|
9
|
-
end
|
10
|
-
|
11
|
-
def resend_confirmation
|
12
|
-
user = create_user(confirm: false)
|
13
|
-
ActionMailer::Base.deliveries.clear
|
14
|
-
|
15
|
-
visit new_user_session_path
|
16
|
-
click_link "Didn't receive confirmation instructions?"
|
17
|
-
|
18
|
-
fill_in 'email', with: user.email
|
19
|
-
click_button 'Resend confirmation instructions'
|
20
|
-
end
|
21
|
-
|
22
|
-
test 'user should be able to request a new confirmation' do
|
23
|
-
resend_confirmation
|
24
|
-
|
25
|
-
assert_current_url '/users/sign_in'
|
26
|
-
assert_contain 'You will receive an email with instructions for how to confirm your email address in a few minutes'
|
27
|
-
assert_equal 1, ActionMailer::Base.deliveries.size
|
28
|
-
assert_equal ['please-change-me@config-initializers-devise.com'], ActionMailer::Base.deliveries.first.from
|
29
|
-
end
|
30
|
-
|
31
|
-
test 'user should receive a confirmation from a custom mailer' do
|
32
|
-
User.any_instance.stubs(:devise_mailer).returns(Users::Mailer)
|
33
|
-
resend_confirmation
|
34
|
-
assert_equal ['custom@example.com'], ActionMailer::Base.deliveries.first.from
|
35
|
-
end
|
36
|
-
|
37
|
-
test 'user with invalid confirmation token should not be able to confirm an account' do
|
38
|
-
visit_user_confirmation_with_token('invalid_confirmation')
|
39
|
-
assert_have_selector '#error_explanation'
|
40
|
-
assert_contain %r{Confirmation token(.*)invalid}
|
41
|
-
end
|
42
|
-
|
43
|
-
test 'user with valid confirmation token should not be able to confirm an account after the token has expired' do
|
44
|
-
swap Devise, confirm_within: 3.days do
|
45
|
-
user = create_user(confirm: false, confirmation_sent_at: 4.days.ago)
|
46
|
-
refute user.confirmed?
|
47
|
-
visit_user_confirmation_with_token(user.raw_confirmation_token)
|
48
|
-
|
49
|
-
assert_have_selector '#error_explanation'
|
50
|
-
assert_contain %r{needs to be confirmed within 3 days}
|
51
|
-
refute user.reload.confirmed?
|
52
|
-
assert_current_url "/users/confirmation?confirmation_token=#{user.raw_confirmation_token}"
|
53
|
-
end
|
54
|
-
end
|
55
|
-
|
56
|
-
test 'user with valid confirmation token where the token has expired and with application router_name set to a different engine it should raise an error' do
|
57
|
-
user = create_user(confirm: false, confirmation_sent_at: 4.days.ago)
|
58
|
-
|
59
|
-
swap Devise, confirm_within: 3.days, router_name: :fake_engine do
|
60
|
-
assert_raise ActionView::Template::Error do
|
61
|
-
visit_user_confirmation_with_token(user.raw_confirmation_token)
|
62
|
-
end
|
63
|
-
end
|
64
|
-
end
|
65
|
-
|
66
|
-
test 'user with valid confirmation token where the token has expired and with application router_name set to a different engine and route overrides back to main it shows the path' do
|
67
|
-
user = create_user(confirm: false, confirmation_sent_at: 4.days.ago)
|
68
|
-
|
69
|
-
swap Devise, confirm_within: 3.days, router_name: :fake_engine do
|
70
|
-
visit user_on_main_app_confirmation_path(confirmation_token: user.raw_confirmation_token)
|
71
|
-
|
72
|
-
assert_current_url "/user_on_main_apps/confirmation?confirmation_token=#{user.raw_confirmation_token}"
|
73
|
-
end
|
74
|
-
end
|
75
|
-
|
76
|
-
test 'user with valid confirmation token where the token has expired with router overrides different engine it shows the path' do
|
77
|
-
user = create_user(confirm: false, confirmation_sent_at: 4.days.ago)
|
78
|
-
|
79
|
-
swap Devise, confirm_within: 3.days do
|
80
|
-
visit user_on_engine_confirmation_path(confirmation_token: user.raw_confirmation_token)
|
81
|
-
|
82
|
-
assert_current_url "/user_on_engines/confirmation?confirmation_token=#{user.raw_confirmation_token}"
|
83
|
-
end
|
84
|
-
end
|
85
|
-
|
86
|
-
test 'user with valid confirmation token should be able to confirm an account before the token has expired' do
|
87
|
-
swap Devise, confirm_within: 3.days do
|
88
|
-
user = create_user(confirm: false, confirmation_sent_at: 2.days.ago)
|
89
|
-
refute user.confirmed?
|
90
|
-
visit_user_confirmation_with_token(user.raw_confirmation_token)
|
91
|
-
|
92
|
-
assert_contain 'Your email address has been successfully confirmed.'
|
93
|
-
assert_current_url '/users/sign_in'
|
94
|
-
assert user.reload.confirmed?
|
95
|
-
end
|
96
|
-
end
|
97
|
-
|
98
|
-
test 'user should be redirected to a custom path after confirmation' do
|
99
|
-
Devise::ConfirmationsController.any_instance.stubs(:after_confirmation_path_for).returns("/?custom=1")
|
100
|
-
|
101
|
-
user = create_user(confirm: false)
|
102
|
-
visit_user_confirmation_with_token(user.raw_confirmation_token)
|
103
|
-
|
104
|
-
assert_current_url "/?custom=1"
|
105
|
-
end
|
106
|
-
|
107
|
-
test 'already confirmed user should not be able to confirm the account again' do
|
108
|
-
user = create_user(confirm: false)
|
109
|
-
user.confirmed_at = Time.now
|
110
|
-
user.save
|
111
|
-
visit_user_confirmation_with_token(user.raw_confirmation_token)
|
112
|
-
|
113
|
-
assert_have_selector '#error_explanation'
|
114
|
-
assert_contain 'already confirmed'
|
115
|
-
end
|
116
|
-
|
117
|
-
test 'already confirmed user should not be able to confirm the account again neither request confirmation' do
|
118
|
-
user = create_user(confirm: false)
|
119
|
-
user.confirmed_at = Time.now
|
120
|
-
user.save
|
121
|
-
|
122
|
-
visit_user_confirmation_with_token(user.raw_confirmation_token)
|
123
|
-
assert_contain 'already confirmed'
|
124
|
-
|
125
|
-
fill_in 'email', with: user.email
|
126
|
-
click_button 'Resend confirmation instructions'
|
127
|
-
assert_contain 'already confirmed'
|
128
|
-
end
|
129
|
-
|
130
|
-
test 'not confirmed user with setup to block without confirmation should not be able to sign in' do
|
131
|
-
swap Devise, allow_unconfirmed_access_for: 0.days do
|
132
|
-
sign_in_as_user(confirm: false)
|
133
|
-
|
134
|
-
assert_contain 'You have to confirm your email address before continuing'
|
135
|
-
refute warden.authenticated?(:user)
|
136
|
-
end
|
137
|
-
end
|
138
|
-
|
139
|
-
test 'not confirmed user should not see confirmation message if invalid credentials are given' do
|
140
|
-
swap Devise, allow_unconfirmed_access_for: 0.days do
|
141
|
-
sign_in_as_user(confirm: false) do
|
142
|
-
fill_in 'password', with: 'invalid'
|
143
|
-
end
|
144
|
-
|
145
|
-
assert_contain 'Invalid Email or password'
|
146
|
-
refute warden.authenticated?(:user)
|
147
|
-
end
|
148
|
-
end
|
149
|
-
|
150
|
-
test 'not confirmed user but configured with some days to confirm should be able to sign in' do
|
151
|
-
swap Devise, allow_unconfirmed_access_for: 1.day do
|
152
|
-
sign_in_as_user(confirm: false)
|
153
|
-
|
154
|
-
assert_response :success
|
155
|
-
assert warden.authenticated?(:user)
|
156
|
-
end
|
157
|
-
end
|
158
|
-
|
159
|
-
test 'unconfirmed but signed in user should be redirected to their root path' do
|
160
|
-
swap Devise, allow_unconfirmed_access_for: 1.day do
|
161
|
-
user = sign_in_as_user(confirm: false)
|
162
|
-
|
163
|
-
visit_user_confirmation_with_token(user.raw_confirmation_token)
|
164
|
-
assert_contain 'Your email address has been successfully confirmed.'
|
165
|
-
assert_current_url '/'
|
166
|
-
end
|
167
|
-
end
|
168
|
-
|
169
|
-
test 'user should be redirected to sign in page whenever signed in as another resource at same session already' do
|
170
|
-
sign_in_as_admin
|
171
|
-
|
172
|
-
user = create_user(confirm: false)
|
173
|
-
visit_user_confirmation_with_token(user.raw_confirmation_token)
|
174
|
-
|
175
|
-
assert_current_url '/users/sign_in'
|
176
|
-
end
|
177
|
-
|
178
|
-
test 'error message is configurable by resource name' do
|
179
|
-
store_translations :en, devise: {
|
180
|
-
failure: { user: { unconfirmed: "Not confirmed user" } }
|
181
|
-
} do
|
182
|
-
sign_in_as_user(confirm: false)
|
183
|
-
assert_contain 'Not confirmed user'
|
184
|
-
end
|
185
|
-
end
|
186
|
-
|
187
|
-
test 'resent confirmation token with valid E-Mail in XML format should return valid response' do
|
188
|
-
user = create_user(confirm: false)
|
189
|
-
post user_confirmation_path(format: 'xml'), params: { user: { email: user.email } }
|
190
|
-
assert_response :success
|
191
|
-
assert_equal response.body, {}.to_xml
|
192
|
-
end
|
193
|
-
|
194
|
-
test 'resent confirmation token with invalid E-Mail in XML format should return invalid response' do
|
195
|
-
create_user(confirm: false)
|
196
|
-
post user_confirmation_path(format: 'xml'), params: { user: { email: 'invalid.test@test.com' } }
|
197
|
-
assert_response :unprocessable_entity
|
198
|
-
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
|
199
|
-
end
|
200
|
-
|
201
|
-
test 'confirm account with valid confirmation token in XML format should return valid response' do
|
202
|
-
user = create_user(confirm: false)
|
203
|
-
get user_confirmation_path(confirmation_token: user.raw_confirmation_token, format: 'xml')
|
204
|
-
assert_response :success
|
205
|
-
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
|
206
|
-
end
|
207
|
-
|
208
|
-
test 'confirm account with invalid confirmation token in XML format should return invalid response' do
|
209
|
-
create_user(confirm: false)
|
210
|
-
get user_confirmation_path(confirmation_token: 'invalid_confirmation', format: 'xml')
|
211
|
-
assert_response :unprocessable_entity
|
212
|
-
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
|
213
|
-
end
|
214
|
-
|
215
|
-
test 'request an account confirmation account with JSON, should return an empty JSON' do
|
216
|
-
user = create_user(confirm: false)
|
217
|
-
|
218
|
-
post user_confirmation_path, params: { user: { email: user.email }, format: :json }
|
219
|
-
assert_response :success
|
220
|
-
assert_equal response.body, {}.to_json
|
221
|
-
end
|
222
|
-
|
223
|
-
test "when in paranoid mode and with a valid e-mail, should not say that the e-mail is valid" do
|
224
|
-
swap Devise, paranoid: true do
|
225
|
-
user = create_user(confirm: false)
|
226
|
-
visit new_user_session_path
|
227
|
-
|
228
|
-
click_link "Didn't receive confirmation instructions?"
|
229
|
-
fill_in 'email', with: user.email
|
230
|
-
click_button 'Resend confirmation instructions'
|
231
|
-
|
232
|
-
assert_contain "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes."
|
233
|
-
assert_current_url "/users/sign_in"
|
234
|
-
end
|
235
|
-
end
|
236
|
-
|
237
|
-
test "when in paranoid mode and with a invalid e-mail, should not say that the e-mail is invalid" do
|
238
|
-
swap Devise, paranoid: true do
|
239
|
-
visit new_user_session_path
|
240
|
-
|
241
|
-
click_link "Didn't receive confirmation instructions?"
|
242
|
-
fill_in 'email', with: "idonthavethisemail@gmail.com"
|
243
|
-
click_button 'Resend confirmation instructions'
|
244
|
-
|
245
|
-
assert_not_contain "1 error prohibited this user from being saved:"
|
246
|
-
assert_not_contain "Email not found"
|
247
|
-
|
248
|
-
assert_contain "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes."
|
249
|
-
assert_current_url "/users/sign_in"
|
250
|
-
end
|
251
|
-
end
|
252
|
-
end
|
253
|
-
|
254
|
-
class ConfirmationOnChangeTest < Devise::IntegrationTest
|
255
|
-
def create_second_admin(options={})
|
256
|
-
@admin = nil
|
257
|
-
create_admin(options)
|
258
|
-
end
|
259
|
-
|
260
|
-
def visit_admin_confirmation_with_token(confirmation_token)
|
261
|
-
visit admin_confirmation_path(confirmation_token: confirmation_token)
|
262
|
-
end
|
263
|
-
|
264
|
-
test 'admin should be able to request a new confirmation after email changed' do
|
265
|
-
admin = create_admin
|
266
|
-
admin.update(email: 'new_test@example.com')
|
267
|
-
|
268
|
-
visit new_admin_session_path
|
269
|
-
click_link "Didn't receive confirmation instructions?"
|
270
|
-
|
271
|
-
fill_in 'email', with: admin.unconfirmed_email
|
272
|
-
assert_difference "ActionMailer::Base.deliveries.size" do
|
273
|
-
click_button 'Resend confirmation instructions'
|
274
|
-
end
|
275
|
-
|
276
|
-
assert_current_url '/admin_area/sign_in'
|
277
|
-
assert_contain 'You will receive an email with instructions for how to confirm your email address in a few minutes'
|
278
|
-
end
|
279
|
-
|
280
|
-
test 'admin with valid confirmation token should be able to confirm email after email changed' do
|
281
|
-
admin = create_admin
|
282
|
-
admin.update(email: 'new_test@example.com')
|
283
|
-
assert_equal 'new_test@example.com', admin.unconfirmed_email
|
284
|
-
visit_admin_confirmation_with_token(admin.raw_confirmation_token)
|
285
|
-
|
286
|
-
assert_contain 'Your email address has been successfully confirmed.'
|
287
|
-
assert_current_url '/admin_area/sign_in'
|
288
|
-
assert admin.reload.confirmed?
|
289
|
-
refute admin.reload.pending_reconfirmation?
|
290
|
-
end
|
291
|
-
|
292
|
-
test 'admin with previously valid confirmation token should not be able to confirm email after email changed again' do
|
293
|
-
admin = create_admin
|
294
|
-
admin.update(email: 'first_test@example.com')
|
295
|
-
assert_equal 'first_test@example.com', admin.unconfirmed_email
|
296
|
-
|
297
|
-
raw_confirmation_token = admin.raw_confirmation_token
|
298
|
-
admin = Admin.find(admin.id)
|
299
|
-
|
300
|
-
admin.update(email: 'second_test@example.com')
|
301
|
-
assert_equal 'second_test@example.com', admin.unconfirmed_email
|
302
|
-
|
303
|
-
visit_admin_confirmation_with_token(raw_confirmation_token)
|
304
|
-
assert_have_selector '#error_explanation'
|
305
|
-
assert_contain(/Confirmation token(.*)invalid/)
|
306
|
-
|
307
|
-
visit_admin_confirmation_with_token(admin.raw_confirmation_token)
|
308
|
-
assert_contain 'Your email address has been successfully confirmed.'
|
309
|
-
assert_current_url '/admin_area/sign_in'
|
310
|
-
assert admin.reload.confirmed?
|
311
|
-
refute admin.reload.pending_reconfirmation?
|
312
|
-
end
|
313
|
-
|
314
|
-
test 'admin email should be unique also within unconfirmed_email' do
|
315
|
-
admin = create_admin
|
316
|
-
admin.update(email: 'new_admin_test@example.com')
|
317
|
-
assert_equal 'new_admin_test@example.com', admin.unconfirmed_email
|
318
|
-
|
319
|
-
create_second_admin(email: "new_admin_test@example.com")
|
320
|
-
|
321
|
-
visit_admin_confirmation_with_token(admin.raw_confirmation_token)
|
322
|
-
assert_have_selector '#error_explanation'
|
323
|
-
assert_contain(/Email.*already.*taken/)
|
324
|
-
assert admin.reload.pending_reconfirmation?
|
325
|
-
end
|
326
|
-
end
|
@@ -1,110 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require 'test_helper'
|
4
|
-
|
5
|
-
class DatabaseAuthenticationTest < Devise::IntegrationTest
|
6
|
-
test 'sign in with email of different case should succeed when email is in the list of case insensitive keys' do
|
7
|
-
create_user(email: 'Foo@Bar.com')
|
8
|
-
|
9
|
-
sign_in_as_user do
|
10
|
-
fill_in 'email', with: 'foo@bar.com'
|
11
|
-
end
|
12
|
-
|
13
|
-
assert warden.authenticated?(:user)
|
14
|
-
end
|
15
|
-
|
16
|
-
test 'sign in with email of different case should fail when email is NOT the list of case insensitive keys' do
|
17
|
-
swap Devise, case_insensitive_keys: [] do
|
18
|
-
create_user(email: 'Foo@Bar.com')
|
19
|
-
|
20
|
-
sign_in_as_user do
|
21
|
-
fill_in 'email', with: 'foo@bar.com'
|
22
|
-
end
|
23
|
-
|
24
|
-
refute warden.authenticated?(:user)
|
25
|
-
end
|
26
|
-
end
|
27
|
-
|
28
|
-
test 'sign in with email including extra spaces should succeed when email is in the list of strip whitespace keys' do
|
29
|
-
create_user(email: ' foo@bar.com ')
|
30
|
-
|
31
|
-
sign_in_as_user do
|
32
|
-
fill_in 'email', with: 'foo@bar.com'
|
33
|
-
end
|
34
|
-
|
35
|
-
assert warden.authenticated?(:user)
|
36
|
-
end
|
37
|
-
|
38
|
-
test 'sign in with email including extra spaces should fail when email is NOT the list of strip whitespace keys' do
|
39
|
-
swap Devise, strip_whitespace_keys: [] do
|
40
|
-
create_user(email: 'foo@bar.com')
|
41
|
-
|
42
|
-
sign_in_as_user do
|
43
|
-
fill_in 'email', with: ' foo@bar.com '
|
44
|
-
end
|
45
|
-
|
46
|
-
refute warden.authenticated?(:user)
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
test 'sign in should not authenticate if not using proper authentication keys' do
|
51
|
-
swap Devise, authentication_keys: [:username] do
|
52
|
-
sign_in_as_user
|
53
|
-
refute warden.authenticated?(:user)
|
54
|
-
end
|
55
|
-
end
|
56
|
-
|
57
|
-
test 'sign in with invalid email should return to sign in form with error message' do
|
58
|
-
store_translations :en, devise: { failure: { admin: { not_found_in_database: 'Invalid email address' } } } do
|
59
|
-
sign_in_as_admin do
|
60
|
-
fill_in 'email', with: 'wrongemail@test.com'
|
61
|
-
end
|
62
|
-
|
63
|
-
assert_contain 'Invalid email address'
|
64
|
-
refute warden.authenticated?(:admin)
|
65
|
-
end
|
66
|
-
end
|
67
|
-
|
68
|
-
test 'sign in with invalid pasword should return to sign in form with error message' do
|
69
|
-
sign_in_as_admin do
|
70
|
-
fill_in 'password', with: 'abcdef'
|
71
|
-
end
|
72
|
-
|
73
|
-
assert_contain 'Invalid Email or password'
|
74
|
-
refute warden.authenticated?(:admin)
|
75
|
-
end
|
76
|
-
|
77
|
-
test 'when in paranoid mode and without a valid e-mail' do
|
78
|
-
swap Devise, paranoid: true do
|
79
|
-
store_translations :en, devise: { failure: { not_found_in_database: 'Not found in database' } } do
|
80
|
-
sign_in_as_user do
|
81
|
-
fill_in 'email', with: 'wrongemail@test.com'
|
82
|
-
end
|
83
|
-
|
84
|
-
assert_not_contain 'Not found in database'
|
85
|
-
assert_contain 'Invalid Email or password.'
|
86
|
-
end
|
87
|
-
end
|
88
|
-
end
|
89
|
-
|
90
|
-
test 'error message is configurable by resource name' do
|
91
|
-
store_translations :en, devise: { failure: { admin: { invalid: "Invalid credentials" } } } do
|
92
|
-
sign_in_as_admin do
|
93
|
-
fill_in 'password', with: 'abcdef'
|
94
|
-
end
|
95
|
-
|
96
|
-
assert_contain 'Invalid credentials'
|
97
|
-
end
|
98
|
-
end
|
99
|
-
|
100
|
-
test 'valid sign in calls after_database_authentication callback' do
|
101
|
-
user = create_user(email: ' foo@bar.com ')
|
102
|
-
|
103
|
-
User.expects(:find_for_database_authentication).returns user
|
104
|
-
user.expects :after_database_authentication
|
105
|
-
|
106
|
-
sign_in_as_user do
|
107
|
-
fill_in 'email', with: 'foo@bar.com'
|
108
|
-
end
|
109
|
-
end
|
110
|
-
end
|
@@ -1,114 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require 'test_helper'
|
4
|
-
|
5
|
-
class HttpAuthenticationTest < Devise::IntegrationTest
|
6
|
-
test 'sign in with HTTP should not run model validations' do
|
7
|
-
sign_in_as_new_user_with_http
|
8
|
-
|
9
|
-
refute User.validations_performed
|
10
|
-
end
|
11
|
-
|
12
|
-
test 'handles unverified requests gets rid of caches but continues signed in' do
|
13
|
-
swap ApplicationController, allow_forgery_protection: true do
|
14
|
-
create_user
|
15
|
-
post exhibit_user_url(1), headers: { "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("user@test.com:12345678")}" }
|
16
|
-
assert warden.authenticated?(:user)
|
17
|
-
assert_equal "User is authenticated", response.body
|
18
|
-
end
|
19
|
-
end
|
20
|
-
|
21
|
-
test 'sign in should authenticate with http' do
|
22
|
-
swap Devise, skip_session_storage: [] do
|
23
|
-
sign_in_as_new_user_with_http
|
24
|
-
assert_response 200
|
25
|
-
assert_match '<email>user@test.com</email>', response.body
|
26
|
-
assert warden.authenticated?(:user)
|
27
|
-
|
28
|
-
get users_path(format: :xml)
|
29
|
-
assert_response 200
|
30
|
-
end
|
31
|
-
end
|
32
|
-
|
33
|
-
test 'sign in should authenticate with http but not emit a cookie if skipping session storage' do
|
34
|
-
swap Devise, skip_session_storage: [:http_auth] do
|
35
|
-
sign_in_as_new_user_with_http
|
36
|
-
assert_response 200
|
37
|
-
assert_match '<email>user@test.com</email>', response.body
|
38
|
-
assert warden.authenticated?(:user)
|
39
|
-
|
40
|
-
get users_path(format: :xml)
|
41
|
-
assert_response 401
|
42
|
-
end
|
43
|
-
end
|
44
|
-
|
45
|
-
test 'returns a custom response with www-authenticate header on failures' do
|
46
|
-
sign_in_as_new_user_with_http("unknown")
|
47
|
-
assert_equal 401, status
|
48
|
-
assert_equal 'Basic realm="Application"', headers["WWW-Authenticate"]
|
49
|
-
end
|
50
|
-
|
51
|
-
test 'uses the request format as response content type' do
|
52
|
-
sign_in_as_new_user_with_http("unknown")
|
53
|
-
assert_equal 401, status
|
54
|
-
assert_equal "application/xml; charset=utf-8", headers["Content-Type"]
|
55
|
-
assert_match "<error>Invalid Email or password.</error>", response.body
|
56
|
-
end
|
57
|
-
|
58
|
-
test 'returns a custom response with www-authenticate and chosen realm' do
|
59
|
-
swap Devise, http_authentication_realm: "MyApp" do
|
60
|
-
sign_in_as_new_user_with_http("unknown")
|
61
|
-
assert_equal 401, status
|
62
|
-
assert_equal 'Basic realm="MyApp"', headers["WWW-Authenticate"]
|
63
|
-
end
|
64
|
-
end
|
65
|
-
|
66
|
-
test 'sign in should authenticate with http even with specific authentication keys' do
|
67
|
-
swap Devise, authentication_keys: [:username] do
|
68
|
-
sign_in_as_new_user_with_http("usertest")
|
69
|
-
assert_response :success
|
70
|
-
assert_match '<email>user@test.com</email>', response.body
|
71
|
-
assert warden.authenticated?(:user)
|
72
|
-
end
|
73
|
-
end
|
74
|
-
|
75
|
-
test 'it uses appropriate authentication_keys when configured with hash' do
|
76
|
-
swap Devise, authentication_keys: { username: false, email: false } do
|
77
|
-
sign_in_as_new_user_with_http("usertest")
|
78
|
-
assert_response :success
|
79
|
-
assert_match '<email>user@test.com</email>', response.body
|
80
|
-
assert warden.authenticated?(:user)
|
81
|
-
end
|
82
|
-
end
|
83
|
-
|
84
|
-
test 'it uses the appropriate key when configured explicitly' do
|
85
|
-
swap Devise, authentication_keys: { email: false, username: false }, http_authentication_key: :username do
|
86
|
-
sign_in_as_new_user_with_http("usertest")
|
87
|
-
assert_response :success
|
88
|
-
assert_match '<email>user@test.com</email>', response.body
|
89
|
-
assert warden.authenticated?(:user)
|
90
|
-
end
|
91
|
-
end
|
92
|
-
|
93
|
-
test 'test request with oauth2 header doesnt get mistaken for basic authentication' do
|
94
|
-
swap Devise, http_authenticatable: true do
|
95
|
-
add_oauth2_header
|
96
|
-
assert_equal 401, status
|
97
|
-
assert_equal 'Basic realm="Application"', headers["WWW-Authenticate"]
|
98
|
-
end
|
99
|
-
end
|
100
|
-
|
101
|
-
private
|
102
|
-
def sign_in_as_new_user_with_http(username="user@test.com", password="12345678")
|
103
|
-
user = create_user
|
104
|
-
get users_path(format: :xml), headers: { "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{username}:#{password}")}" }
|
105
|
-
user
|
106
|
-
end
|
107
|
-
|
108
|
-
# Sign in with oauth2 token. This is just to test that it isn't misinterpreted as basic authentication
|
109
|
-
def add_oauth2_header
|
110
|
-
user = create_user
|
111
|
-
get users_path(format: :xml), headers: { "HTTP_AUTHORIZATION" => "OAuth #{Base64.encode64("#{user.email}:12345678")}" }
|
112
|
-
end
|
113
|
-
|
114
|
-
end
|