devise 4.5.0 → 4.6.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of devise might be problematic. Click here for more details.

Files changed (195) hide show
  1. checksums.yaml +5 -5
  2. data/CHANGELOG.md +30 -1
  3. data/MIT-LICENSE +1 -1
  4. data/README.md +18 -0
  5. data/app/controllers/devise/passwords_controller.rb +1 -0
  6. data/app/controllers/devise/registrations_controller.rb +25 -7
  7. data/app/helpers/devise_helper.rb +10 -19
  8. data/app/views/devise/confirmations/new.html.erb +1 -1
  9. data/app/views/devise/passwords/edit.html.erb +1 -1
  10. data/app/views/devise/passwords/new.html.erb +1 -1
  11. data/app/views/devise/registrations/edit.html.erb +1 -1
  12. data/app/views/devise/registrations/new.html.erb +1 -1
  13. data/app/views/devise/sessions/new.html.erb +2 -2
  14. data/app/views/devise/shared/_error_messages.html.erb +15 -0
  15. data/app/views/devise/shared/_links.html.erb +7 -7
  16. data/app/views/devise/unlocks/new.html.erb +1 -1
  17. data/config/locales/en.yml +1 -0
  18. data/lib/devise.rb +4 -0
  19. data/lib/devise/controllers/helpers.rb +1 -1
  20. data/lib/devise/failure_app.rb +28 -3
  21. data/lib/devise/models/authenticatable.rb +7 -15
  22. data/lib/devise/models/confirmable.rb +4 -1
  23. data/lib/devise/models/database_authenticatable.rb +41 -6
  24. data/lib/devise/models/lockable.rb +2 -2
  25. data/lib/devise/models/registerable.rb +2 -0
  26. data/lib/devise/strategies/database_authenticatable.rb +3 -0
  27. data/lib/devise/test/controller_helpers.rb +1 -1
  28. data/lib/devise/version.rb +1 -1
  29. data/lib/generators/active_record/devise_generator.rb +4 -4
  30. data/lib/generators/devise/controllers_generator.rb +1 -1
  31. data/lib/generators/templates/devise.rb +12 -3
  32. data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +1 -1
  33. data/lib/generators/templates/simple_form_for/registrations/new.html.erb +1 -1
  34. metadata +5 -305
  35. data/.gitignore +0 -10
  36. data/.travis.yml +0 -69
  37. data/.yardopts +0 -9
  38. data/CODE_OF_CONDUCT.md +0 -22
  39. data/CONTRIBUTING.md +0 -79
  40. data/Gemfile +0 -39
  41. data/Gemfile.lock +0 -202
  42. data/ISSUE_TEMPLATE.md +0 -19
  43. data/Rakefile +0 -37
  44. data/bin/test +0 -13
  45. data/devise.gemspec +0 -28
  46. data/devise.png +0 -0
  47. data/gemfiles/Gemfile.rails-4.1-stable +0 -32
  48. data/gemfiles/Gemfile.rails-4.1-stable.lock +0 -171
  49. data/gemfiles/Gemfile.rails-4.2-stable +0 -32
  50. data/gemfiles/Gemfile.rails-4.2-stable.lock +0 -192
  51. data/gemfiles/Gemfile.rails-5.0-stable +0 -33
  52. data/gemfiles/Gemfile.rails-5.0-stable.lock +0 -192
  53. data/gemfiles/Gemfile.rails-5.2-rc1 +0 -26
  54. data/gemfiles/Gemfile.rails-5.2-rc1.lock +0 -201
  55. data/guides/bug_report_templates/integration_test.rb +0 -106
  56. data/test/controllers/custom_registrations_controller_test.rb +0 -42
  57. data/test/controllers/custom_strategy_test.rb +0 -66
  58. data/test/controllers/helper_methods_test.rb +0 -24
  59. data/test/controllers/helpers_test.rb +0 -318
  60. data/test/controllers/inherited_controller_i18n_messages_test.rb +0 -53
  61. data/test/controllers/internal_helpers_test.rb +0 -129
  62. data/test/controllers/load_hooks_controller_test.rb +0 -21
  63. data/test/controllers/passwords_controller_test.rb +0 -34
  64. data/test/controllers/sessions_controller_test.rb +0 -108
  65. data/test/controllers/url_helpers_test.rb +0 -67
  66. data/test/delegator_test.rb +0 -21
  67. data/test/devise_test.rb +0 -109
  68. data/test/failure_app_test.rb +0 -346
  69. data/test/generators/active_record_generator_test.rb +0 -130
  70. data/test/generators/controllers_generator_test.rb +0 -50
  71. data/test/generators/devise_generator_test.rb +0 -41
  72. data/test/generators/install_generator_test.rb +0 -26
  73. data/test/generators/mongoid_generator_test.rb +0 -25
  74. data/test/generators/views_generator_test.rb +0 -105
  75. data/test/helpers/devise_helper_test.rb +0 -51
  76. data/test/integration/authenticatable_test.rb +0 -706
  77. data/test/integration/confirmable_test.rb +0 -326
  78. data/test/integration/database_authenticatable_test.rb +0 -110
  79. data/test/integration/http_authenticatable_test.rb +0 -114
  80. data/test/integration/lockable_test.rb +0 -242
  81. data/test/integration/mounted_engine_test.rb +0 -38
  82. data/test/integration/omniauthable_test.rb +0 -148
  83. data/test/integration/recoverable_test.rb +0 -349
  84. data/test/integration/registerable_test.rb +0 -365
  85. data/test/integration/rememberable_test.rb +0 -219
  86. data/test/integration/timeoutable_test.rb +0 -186
  87. data/test/integration/trackable_test.rb +0 -99
  88. data/test/mailers/confirmation_instructions_test.rb +0 -117
  89. data/test/mailers/email_changed_test.rb +0 -132
  90. data/test/mailers/mailer_test.rb +0 -20
  91. data/test/mailers/reset_password_instructions_test.rb +0 -98
  92. data/test/mailers/unlock_instructions_test.rb +0 -93
  93. data/test/mapping_test.rb +0 -136
  94. data/test/models/authenticatable_test.rb +0 -25
  95. data/test/models/confirmable_test.rb +0 -549
  96. data/test/models/database_authenticatable_test.rb +0 -290
  97. data/test/models/lockable_test.rb +0 -352
  98. data/test/models/omniauthable_test.rb +0 -9
  99. data/test/models/recoverable_test.rb +0 -263
  100. data/test/models/registerable_test.rb +0 -9
  101. data/test/models/rememberable_test.rb +0 -184
  102. data/test/models/serializable_test.rb +0 -60
  103. data/test/models/timeoutable_test.rb +0 -53
  104. data/test/models/trackable_test.rb +0 -80
  105. data/test/models/validatable_test.rb +0 -121
  106. data/test/models_test.rb +0 -155
  107. data/test/omniauth/config_test.rb +0 -61
  108. data/test/omniauth/url_helpers_test.rb +0 -53
  109. data/test/orm/active_record.rb +0 -24
  110. data/test/orm/mongoid.rb +0 -15
  111. data/test/parameter_sanitizer_test.rb +0 -105
  112. data/test/rails_app/Rakefile +0 -6
  113. data/test/rails_app/app/active_record/admin.rb +0 -8
  114. data/test/rails_app/app/active_record/shim.rb +0 -4
  115. data/test/rails_app/app/active_record/user.rb +0 -20
  116. data/test/rails_app/app/active_record/user_on_engine.rb +0 -9
  117. data/test/rails_app/app/active_record/user_on_main_app.rb +0 -9
  118. data/test/rails_app/app/active_record/user_with_validations.rb +0 -12
  119. data/test/rails_app/app/active_record/user_without_email.rb +0 -10
  120. data/test/rails_app/app/controllers/admins/sessions_controller.rb +0 -8
  121. data/test/rails_app/app/controllers/admins_controller.rb +0 -8
  122. data/test/rails_app/app/controllers/application_controller.rb +0 -13
  123. data/test/rails_app/app/controllers/application_with_fake_engine.rb +0 -32
  124. data/test/rails_app/app/controllers/custom/registrations_controller.rb +0 -33
  125. data/test/rails_app/app/controllers/home_controller.rb +0 -31
  126. data/test/rails_app/app/controllers/publisher/registrations_controller.rb +0 -4
  127. data/test/rails_app/app/controllers/publisher/sessions_controller.rb +0 -4
  128. data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +0 -16
  129. data/test/rails_app/app/controllers/users_controller.rb +0 -33
  130. data/test/rails_app/app/helpers/application_helper.rb +0 -5
  131. data/test/rails_app/app/mailers/users/from_proc_mailer.rb +0 -5
  132. data/test/rails_app/app/mailers/users/mailer.rb +0 -5
  133. data/test/rails_app/app/mailers/users/reply_to_mailer.rb +0 -6
  134. data/test/rails_app/app/mongoid/admin.rb +0 -31
  135. data/test/rails_app/app/mongoid/shim.rb +0 -25
  136. data/test/rails_app/app/mongoid/user.rb +0 -50
  137. data/test/rails_app/app/mongoid/user_on_engine.rb +0 -41
  138. data/test/rails_app/app/mongoid/user_on_main_app.rb +0 -41
  139. data/test/rails_app/app/mongoid/user_with_validations.rb +0 -37
  140. data/test/rails_app/app/mongoid/user_without_email.rb +0 -35
  141. data/test/rails_app/app/views/admins/index.html.erb +0 -1
  142. data/test/rails_app/app/views/admins/sessions/new.html.erb +0 -2
  143. data/test/rails_app/app/views/home/admin_dashboard.html.erb +0 -1
  144. data/test/rails_app/app/views/home/index.html.erb +0 -1
  145. data/test/rails_app/app/views/home/join.html.erb +0 -1
  146. data/test/rails_app/app/views/home/private.html.erb +0 -1
  147. data/test/rails_app/app/views/home/user_dashboard.html.erb +0 -1
  148. data/test/rails_app/app/views/layouts/application.html.erb +0 -24
  149. data/test/rails_app/app/views/users/edit_form.html.erb +0 -1
  150. data/test/rails_app/app/views/users/index.html.erb +0 -1
  151. data/test/rails_app/app/views/users/mailer/confirmation_instructions.erb +0 -1
  152. data/test/rails_app/app/views/users/sessions/new.html.erb +0 -1
  153. data/test/rails_app/bin/bundle +0 -3
  154. data/test/rails_app/bin/rails +0 -4
  155. data/test/rails_app/bin/rake +0 -4
  156. data/test/rails_app/config.ru +0 -4
  157. data/test/rails_app/config/application.rb +0 -48
  158. data/test/rails_app/config/boot.rb +0 -27
  159. data/test/rails_app/config/database.yml +0 -18
  160. data/test/rails_app/config/environment.rb +0 -7
  161. data/test/rails_app/config/environments/development.rb +0 -32
  162. data/test/rails_app/config/environments/production.rb +0 -88
  163. data/test/rails_app/config/environments/test.rb +0 -47
  164. data/test/rails_app/config/initializers/backtrace_silencers.rb +0 -9
  165. data/test/rails_app/config/initializers/devise.rb +0 -187
  166. data/test/rails_app/config/initializers/inflections.rb +0 -4
  167. data/test/rails_app/config/initializers/secret_token.rb +0 -5
  168. data/test/rails_app/config/initializers/session_store.rb +0 -3
  169. data/test/rails_app/config/routes.rb +0 -128
  170. data/test/rails_app/db/migrate/20100401102949_create_tables.rb +0 -77
  171. data/test/rails_app/db/schema.rb +0 -57
  172. data/test/rails_app/lib/lazy_load_test_module.rb +0 -5
  173. data/test/rails_app/lib/shared_admin.rb +0 -23
  174. data/test/rails_app/lib/shared_user.rb +0 -32
  175. data/test/rails_app/lib/shared_user_without_email.rb +0 -28
  176. data/test/rails_app/lib/shared_user_without_omniauth.rb +0 -15
  177. data/test/rails_app/public/404.html +0 -26
  178. data/test/rails_app/public/422.html +0 -26
  179. data/test/rails_app/public/500.html +0 -26
  180. data/test/rails_app/public/favicon.ico +0 -0
  181. data/test/rails_test.rb +0 -11
  182. data/test/routes_test.rb +0 -281
  183. data/test/secret_key_finder_test.rb +0 -121
  184. data/test/support/action_controller/record_identifier.rb +0 -12
  185. data/test/support/assertions.rb +0 -30
  186. data/test/support/helpers.rb +0 -83
  187. data/test/support/http_method_compatibility.rb +0 -53
  188. data/test/support/integration.rb +0 -95
  189. data/test/support/locale/en.yml +0 -8
  190. data/test/support/mongoid.yml +0 -6
  191. data/test/support/webrat/integrations/rails.rb +0 -35
  192. data/test/test/controller_helpers_test.rb +0 -193
  193. data/test/test/integration_helpers_test.rb +0 -34
  194. data/test/test_helper.rb +0 -36
  195. data/test/test_models.rb +0 -35
@@ -1,326 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'test_helper'
4
-
5
- class ConfirmationTest < Devise::IntegrationTest
6
-
7
- def visit_user_confirmation_with_token(confirmation_token)
8
- visit user_confirmation_path(confirmation_token: confirmation_token)
9
- end
10
-
11
- def resend_confirmation
12
- user = create_user(confirm: false)
13
- ActionMailer::Base.deliveries.clear
14
-
15
- visit new_user_session_path
16
- click_link "Didn't receive confirmation instructions?"
17
-
18
- fill_in 'email', with: user.email
19
- click_button 'Resend confirmation instructions'
20
- end
21
-
22
- test 'user should be able to request a new confirmation' do
23
- resend_confirmation
24
-
25
- assert_current_url '/users/sign_in'
26
- assert_contain 'You will receive an email with instructions for how to confirm your email address in a few minutes'
27
- assert_equal 1, ActionMailer::Base.deliveries.size
28
- assert_equal ['please-change-me@config-initializers-devise.com'], ActionMailer::Base.deliveries.first.from
29
- end
30
-
31
- test 'user should receive a confirmation from a custom mailer' do
32
- User.any_instance.stubs(:devise_mailer).returns(Users::Mailer)
33
- resend_confirmation
34
- assert_equal ['custom@example.com'], ActionMailer::Base.deliveries.first.from
35
- end
36
-
37
- test 'user with invalid confirmation token should not be able to confirm an account' do
38
- visit_user_confirmation_with_token('invalid_confirmation')
39
- assert_have_selector '#error_explanation'
40
- assert_contain %r{Confirmation token(.*)invalid}
41
- end
42
-
43
- test 'user with valid confirmation token should not be able to confirm an account after the token has expired' do
44
- swap Devise, confirm_within: 3.days do
45
- user = create_user(confirm: false, confirmation_sent_at: 4.days.ago)
46
- refute user.confirmed?
47
- visit_user_confirmation_with_token(user.raw_confirmation_token)
48
-
49
- assert_have_selector '#error_explanation'
50
- assert_contain %r{needs to be confirmed within 3 days}
51
- refute user.reload.confirmed?
52
- assert_current_url "/users/confirmation?confirmation_token=#{user.raw_confirmation_token}"
53
- end
54
- end
55
-
56
- test 'user with valid confirmation token where the token has expired and with application router_name set to a different engine it should raise an error' do
57
- user = create_user(confirm: false, confirmation_sent_at: 4.days.ago)
58
-
59
- swap Devise, confirm_within: 3.days, router_name: :fake_engine do
60
- assert_raise ActionView::Template::Error do
61
- visit_user_confirmation_with_token(user.raw_confirmation_token)
62
- end
63
- end
64
- end
65
-
66
- test 'user with valid confirmation token where the token has expired and with application router_name set to a different engine and route overrides back to main it shows the path' do
67
- user = create_user(confirm: false, confirmation_sent_at: 4.days.ago)
68
-
69
- swap Devise, confirm_within: 3.days, router_name: :fake_engine do
70
- visit user_on_main_app_confirmation_path(confirmation_token: user.raw_confirmation_token)
71
-
72
- assert_current_url "/user_on_main_apps/confirmation?confirmation_token=#{user.raw_confirmation_token}"
73
- end
74
- end
75
-
76
- test 'user with valid confirmation token where the token has expired with router overrides different engine it shows the path' do
77
- user = create_user(confirm: false, confirmation_sent_at: 4.days.ago)
78
-
79
- swap Devise, confirm_within: 3.days do
80
- visit user_on_engine_confirmation_path(confirmation_token: user.raw_confirmation_token)
81
-
82
- assert_current_url "/user_on_engines/confirmation?confirmation_token=#{user.raw_confirmation_token}"
83
- end
84
- end
85
-
86
- test 'user with valid confirmation token should be able to confirm an account before the token has expired' do
87
- swap Devise, confirm_within: 3.days do
88
- user = create_user(confirm: false, confirmation_sent_at: 2.days.ago)
89
- refute user.confirmed?
90
- visit_user_confirmation_with_token(user.raw_confirmation_token)
91
-
92
- assert_contain 'Your email address has been successfully confirmed.'
93
- assert_current_url '/users/sign_in'
94
- assert user.reload.confirmed?
95
- end
96
- end
97
-
98
- test 'user should be redirected to a custom path after confirmation' do
99
- Devise::ConfirmationsController.any_instance.stubs(:after_confirmation_path_for).returns("/?custom=1")
100
-
101
- user = create_user(confirm: false)
102
- visit_user_confirmation_with_token(user.raw_confirmation_token)
103
-
104
- assert_current_url "/?custom=1"
105
- end
106
-
107
- test 'already confirmed user should not be able to confirm the account again' do
108
- user = create_user(confirm: false)
109
- user.confirmed_at = Time.now
110
- user.save
111
- visit_user_confirmation_with_token(user.raw_confirmation_token)
112
-
113
- assert_have_selector '#error_explanation'
114
- assert_contain 'already confirmed'
115
- end
116
-
117
- test 'already confirmed user should not be able to confirm the account again neither request confirmation' do
118
- user = create_user(confirm: false)
119
- user.confirmed_at = Time.now
120
- user.save
121
-
122
- visit_user_confirmation_with_token(user.raw_confirmation_token)
123
- assert_contain 'already confirmed'
124
-
125
- fill_in 'email', with: user.email
126
- click_button 'Resend confirmation instructions'
127
- assert_contain 'already confirmed'
128
- end
129
-
130
- test 'not confirmed user with setup to block without confirmation should not be able to sign in' do
131
- swap Devise, allow_unconfirmed_access_for: 0.days do
132
- sign_in_as_user(confirm: false)
133
-
134
- assert_contain 'You have to confirm your email address before continuing'
135
- refute warden.authenticated?(:user)
136
- end
137
- end
138
-
139
- test 'not confirmed user should not see confirmation message if invalid credentials are given' do
140
- swap Devise, allow_unconfirmed_access_for: 0.days do
141
- sign_in_as_user(confirm: false) do
142
- fill_in 'password', with: 'invalid'
143
- end
144
-
145
- assert_contain 'Invalid Email or password'
146
- refute warden.authenticated?(:user)
147
- end
148
- end
149
-
150
- test 'not confirmed user but configured with some days to confirm should be able to sign in' do
151
- swap Devise, allow_unconfirmed_access_for: 1.day do
152
- sign_in_as_user(confirm: false)
153
-
154
- assert_response :success
155
- assert warden.authenticated?(:user)
156
- end
157
- end
158
-
159
- test 'unconfirmed but signed in user should be redirected to their root path' do
160
- swap Devise, allow_unconfirmed_access_for: 1.day do
161
- user = sign_in_as_user(confirm: false)
162
-
163
- visit_user_confirmation_with_token(user.raw_confirmation_token)
164
- assert_contain 'Your email address has been successfully confirmed.'
165
- assert_current_url '/'
166
- end
167
- end
168
-
169
- test 'user should be redirected to sign in page whenever signed in as another resource at same session already' do
170
- sign_in_as_admin
171
-
172
- user = create_user(confirm: false)
173
- visit_user_confirmation_with_token(user.raw_confirmation_token)
174
-
175
- assert_current_url '/users/sign_in'
176
- end
177
-
178
- test 'error message is configurable by resource name' do
179
- store_translations :en, devise: {
180
- failure: { user: { unconfirmed: "Not confirmed user" } }
181
- } do
182
- sign_in_as_user(confirm: false)
183
- assert_contain 'Not confirmed user'
184
- end
185
- end
186
-
187
- test 'resent confirmation token with valid E-Mail in XML format should return valid response' do
188
- user = create_user(confirm: false)
189
- post user_confirmation_path(format: 'xml'), params: { user: { email: user.email } }
190
- assert_response :success
191
- assert_equal response.body, {}.to_xml
192
- end
193
-
194
- test 'resent confirmation token with invalid E-Mail in XML format should return invalid response' do
195
- create_user(confirm: false)
196
- post user_confirmation_path(format: 'xml'), params: { user: { email: 'invalid.test@test.com' } }
197
- assert_response :unprocessable_entity
198
- assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
199
- end
200
-
201
- test 'confirm account with valid confirmation token in XML format should return valid response' do
202
- user = create_user(confirm: false)
203
- get user_confirmation_path(confirmation_token: user.raw_confirmation_token, format: 'xml')
204
- assert_response :success
205
- assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
206
- end
207
-
208
- test 'confirm account with invalid confirmation token in XML format should return invalid response' do
209
- create_user(confirm: false)
210
- get user_confirmation_path(confirmation_token: 'invalid_confirmation', format: 'xml')
211
- assert_response :unprocessable_entity
212
- assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
213
- end
214
-
215
- test 'request an account confirmation account with JSON, should return an empty JSON' do
216
- user = create_user(confirm: false)
217
-
218
- post user_confirmation_path, params: { user: { email: user.email }, format: :json }
219
- assert_response :success
220
- assert_equal response.body, {}.to_json
221
- end
222
-
223
- test "when in paranoid mode and with a valid e-mail, should not say that the e-mail is valid" do
224
- swap Devise, paranoid: true do
225
- user = create_user(confirm: false)
226
- visit new_user_session_path
227
-
228
- click_link "Didn't receive confirmation instructions?"
229
- fill_in 'email', with: user.email
230
- click_button 'Resend confirmation instructions'
231
-
232
- assert_contain "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes."
233
- assert_current_url "/users/sign_in"
234
- end
235
- end
236
-
237
- test "when in paranoid mode and with a invalid e-mail, should not say that the e-mail is invalid" do
238
- swap Devise, paranoid: true do
239
- visit new_user_session_path
240
-
241
- click_link "Didn't receive confirmation instructions?"
242
- fill_in 'email', with: "idonthavethisemail@gmail.com"
243
- click_button 'Resend confirmation instructions'
244
-
245
- assert_not_contain "1 error prohibited this user from being saved:"
246
- assert_not_contain "Email not found"
247
-
248
- assert_contain "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes."
249
- assert_current_url "/users/sign_in"
250
- end
251
- end
252
- end
253
-
254
- class ConfirmationOnChangeTest < Devise::IntegrationTest
255
- def create_second_admin(options={})
256
- @admin = nil
257
- create_admin(options)
258
- end
259
-
260
- def visit_admin_confirmation_with_token(confirmation_token)
261
- visit admin_confirmation_path(confirmation_token: confirmation_token)
262
- end
263
-
264
- test 'admin should be able to request a new confirmation after email changed' do
265
- admin = create_admin
266
- admin.update(email: 'new_test@example.com')
267
-
268
- visit new_admin_session_path
269
- click_link "Didn't receive confirmation instructions?"
270
-
271
- fill_in 'email', with: admin.unconfirmed_email
272
- assert_difference "ActionMailer::Base.deliveries.size" do
273
- click_button 'Resend confirmation instructions'
274
- end
275
-
276
- assert_current_url '/admin_area/sign_in'
277
- assert_contain 'You will receive an email with instructions for how to confirm your email address in a few minutes'
278
- end
279
-
280
- test 'admin with valid confirmation token should be able to confirm email after email changed' do
281
- admin = create_admin
282
- admin.update(email: 'new_test@example.com')
283
- assert_equal 'new_test@example.com', admin.unconfirmed_email
284
- visit_admin_confirmation_with_token(admin.raw_confirmation_token)
285
-
286
- assert_contain 'Your email address has been successfully confirmed.'
287
- assert_current_url '/admin_area/sign_in'
288
- assert admin.reload.confirmed?
289
- refute admin.reload.pending_reconfirmation?
290
- end
291
-
292
- test 'admin with previously valid confirmation token should not be able to confirm email after email changed again' do
293
- admin = create_admin
294
- admin.update(email: 'first_test@example.com')
295
- assert_equal 'first_test@example.com', admin.unconfirmed_email
296
-
297
- raw_confirmation_token = admin.raw_confirmation_token
298
- admin = Admin.find(admin.id)
299
-
300
- admin.update(email: 'second_test@example.com')
301
- assert_equal 'second_test@example.com', admin.unconfirmed_email
302
-
303
- visit_admin_confirmation_with_token(raw_confirmation_token)
304
- assert_have_selector '#error_explanation'
305
- assert_contain(/Confirmation token(.*)invalid/)
306
-
307
- visit_admin_confirmation_with_token(admin.raw_confirmation_token)
308
- assert_contain 'Your email address has been successfully confirmed.'
309
- assert_current_url '/admin_area/sign_in'
310
- assert admin.reload.confirmed?
311
- refute admin.reload.pending_reconfirmation?
312
- end
313
-
314
- test 'admin email should be unique also within unconfirmed_email' do
315
- admin = create_admin
316
- admin.update(email: 'new_admin_test@example.com')
317
- assert_equal 'new_admin_test@example.com', admin.unconfirmed_email
318
-
319
- create_second_admin(email: "new_admin_test@example.com")
320
-
321
- visit_admin_confirmation_with_token(admin.raw_confirmation_token)
322
- assert_have_selector '#error_explanation'
323
- assert_contain(/Email.*already.*taken/)
324
- assert admin.reload.pending_reconfirmation?
325
- end
326
- end
@@ -1,110 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'test_helper'
4
-
5
- class DatabaseAuthenticationTest < Devise::IntegrationTest
6
- test 'sign in with email of different case should succeed when email is in the list of case insensitive keys' do
7
- create_user(email: 'Foo@Bar.com')
8
-
9
- sign_in_as_user do
10
- fill_in 'email', with: 'foo@bar.com'
11
- end
12
-
13
- assert warden.authenticated?(:user)
14
- end
15
-
16
- test 'sign in with email of different case should fail when email is NOT the list of case insensitive keys' do
17
- swap Devise, case_insensitive_keys: [] do
18
- create_user(email: 'Foo@Bar.com')
19
-
20
- sign_in_as_user do
21
- fill_in 'email', with: 'foo@bar.com'
22
- end
23
-
24
- refute warden.authenticated?(:user)
25
- end
26
- end
27
-
28
- test 'sign in with email including extra spaces should succeed when email is in the list of strip whitespace keys' do
29
- create_user(email: ' foo@bar.com ')
30
-
31
- sign_in_as_user do
32
- fill_in 'email', with: 'foo@bar.com'
33
- end
34
-
35
- assert warden.authenticated?(:user)
36
- end
37
-
38
- test 'sign in with email including extra spaces should fail when email is NOT the list of strip whitespace keys' do
39
- swap Devise, strip_whitespace_keys: [] do
40
- create_user(email: 'foo@bar.com')
41
-
42
- sign_in_as_user do
43
- fill_in 'email', with: ' foo@bar.com '
44
- end
45
-
46
- refute warden.authenticated?(:user)
47
- end
48
- end
49
-
50
- test 'sign in should not authenticate if not using proper authentication keys' do
51
- swap Devise, authentication_keys: [:username] do
52
- sign_in_as_user
53
- refute warden.authenticated?(:user)
54
- end
55
- end
56
-
57
- test 'sign in with invalid email should return to sign in form with error message' do
58
- store_translations :en, devise: { failure: { admin: { not_found_in_database: 'Invalid email address' } } } do
59
- sign_in_as_admin do
60
- fill_in 'email', with: 'wrongemail@test.com'
61
- end
62
-
63
- assert_contain 'Invalid email address'
64
- refute warden.authenticated?(:admin)
65
- end
66
- end
67
-
68
- test 'sign in with invalid pasword should return to sign in form with error message' do
69
- sign_in_as_admin do
70
- fill_in 'password', with: 'abcdef'
71
- end
72
-
73
- assert_contain 'Invalid Email or password'
74
- refute warden.authenticated?(:admin)
75
- end
76
-
77
- test 'when in paranoid mode and without a valid e-mail' do
78
- swap Devise, paranoid: true do
79
- store_translations :en, devise: { failure: { not_found_in_database: 'Not found in database' } } do
80
- sign_in_as_user do
81
- fill_in 'email', with: 'wrongemail@test.com'
82
- end
83
-
84
- assert_not_contain 'Not found in database'
85
- assert_contain 'Invalid Email or password.'
86
- end
87
- end
88
- end
89
-
90
- test 'error message is configurable by resource name' do
91
- store_translations :en, devise: { failure: { admin: { invalid: "Invalid credentials" } } } do
92
- sign_in_as_admin do
93
- fill_in 'password', with: 'abcdef'
94
- end
95
-
96
- assert_contain 'Invalid credentials'
97
- end
98
- end
99
-
100
- test 'valid sign in calls after_database_authentication callback' do
101
- user = create_user(email: ' foo@bar.com ')
102
-
103
- User.expects(:find_for_database_authentication).returns user
104
- user.expects :after_database_authentication
105
-
106
- sign_in_as_user do
107
- fill_in 'email', with: 'foo@bar.com'
108
- end
109
- end
110
- end
@@ -1,114 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'test_helper'
4
-
5
- class HttpAuthenticationTest < Devise::IntegrationTest
6
- test 'sign in with HTTP should not run model validations' do
7
- sign_in_as_new_user_with_http
8
-
9
- refute User.validations_performed
10
- end
11
-
12
- test 'handles unverified requests gets rid of caches but continues signed in' do
13
- swap ApplicationController, allow_forgery_protection: true do
14
- create_user
15
- post exhibit_user_url(1), headers: { "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("user@test.com:12345678")}" }
16
- assert warden.authenticated?(:user)
17
- assert_equal "User is authenticated", response.body
18
- end
19
- end
20
-
21
- test 'sign in should authenticate with http' do
22
- swap Devise, skip_session_storage: [] do
23
- sign_in_as_new_user_with_http
24
- assert_response 200
25
- assert_match '<email>user@test.com</email>', response.body
26
- assert warden.authenticated?(:user)
27
-
28
- get users_path(format: :xml)
29
- assert_response 200
30
- end
31
- end
32
-
33
- test 'sign in should authenticate with http but not emit a cookie if skipping session storage' do
34
- swap Devise, skip_session_storage: [:http_auth] do
35
- sign_in_as_new_user_with_http
36
- assert_response 200
37
- assert_match '<email>user@test.com</email>', response.body
38
- assert warden.authenticated?(:user)
39
-
40
- get users_path(format: :xml)
41
- assert_response 401
42
- end
43
- end
44
-
45
- test 'returns a custom response with www-authenticate header on failures' do
46
- sign_in_as_new_user_with_http("unknown")
47
- assert_equal 401, status
48
- assert_equal 'Basic realm="Application"', headers["WWW-Authenticate"]
49
- end
50
-
51
- test 'uses the request format as response content type' do
52
- sign_in_as_new_user_with_http("unknown")
53
- assert_equal 401, status
54
- assert_equal "application/xml; charset=utf-8", headers["Content-Type"]
55
- assert_match "<error>Invalid Email or password.</error>", response.body
56
- end
57
-
58
- test 'returns a custom response with www-authenticate and chosen realm' do
59
- swap Devise, http_authentication_realm: "MyApp" do
60
- sign_in_as_new_user_with_http("unknown")
61
- assert_equal 401, status
62
- assert_equal 'Basic realm="MyApp"', headers["WWW-Authenticate"]
63
- end
64
- end
65
-
66
- test 'sign in should authenticate with http even with specific authentication keys' do
67
- swap Devise, authentication_keys: [:username] do
68
- sign_in_as_new_user_with_http("usertest")
69
- assert_response :success
70
- assert_match '<email>user@test.com</email>', response.body
71
- assert warden.authenticated?(:user)
72
- end
73
- end
74
-
75
- test 'it uses appropriate authentication_keys when configured with hash' do
76
- swap Devise, authentication_keys: { username: false, email: false } do
77
- sign_in_as_new_user_with_http("usertest")
78
- assert_response :success
79
- assert_match '<email>user@test.com</email>', response.body
80
- assert warden.authenticated?(:user)
81
- end
82
- end
83
-
84
- test 'it uses the appropriate key when configured explicitly' do
85
- swap Devise, authentication_keys: { email: false, username: false }, http_authentication_key: :username do
86
- sign_in_as_new_user_with_http("usertest")
87
- assert_response :success
88
- assert_match '<email>user@test.com</email>', response.body
89
- assert warden.authenticated?(:user)
90
- end
91
- end
92
-
93
- test 'test request with oauth2 header doesnt get mistaken for basic authentication' do
94
- swap Devise, http_authenticatable: true do
95
- add_oauth2_header
96
- assert_equal 401, status
97
- assert_equal 'Basic realm="Application"', headers["WWW-Authenticate"]
98
- end
99
- end
100
-
101
- private
102
- def sign_in_as_new_user_with_http(username="user@test.com", password="12345678")
103
- user = create_user
104
- get users_path(format: :xml), headers: { "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{username}:#{password}")}" }
105
- user
106
- end
107
-
108
- # Sign in with oauth2 token. This is just to test that it isn't misinterpreted as basic authentication
109
- def add_oauth2_header
110
- user = create_user
111
- get users_path(format: :xml), headers: { "HTTP_AUTHORIZATION" => "OAuth #{Base64.encode64("#{user.email}:12345678")}" }
112
- end
113
-
114
- end