devise 4.5.0 → 4.6.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of devise might be problematic. Click here for more details.

Files changed (195) hide show
  1. checksums.yaml +5 -5
  2. data/CHANGELOG.md +30 -1
  3. data/MIT-LICENSE +1 -1
  4. data/README.md +18 -0
  5. data/app/controllers/devise/passwords_controller.rb +1 -0
  6. data/app/controllers/devise/registrations_controller.rb +25 -7
  7. data/app/helpers/devise_helper.rb +10 -19
  8. data/app/views/devise/confirmations/new.html.erb +1 -1
  9. data/app/views/devise/passwords/edit.html.erb +1 -1
  10. data/app/views/devise/passwords/new.html.erb +1 -1
  11. data/app/views/devise/registrations/edit.html.erb +1 -1
  12. data/app/views/devise/registrations/new.html.erb +1 -1
  13. data/app/views/devise/sessions/new.html.erb +2 -2
  14. data/app/views/devise/shared/_error_messages.html.erb +15 -0
  15. data/app/views/devise/shared/_links.html.erb +7 -7
  16. data/app/views/devise/unlocks/new.html.erb +1 -1
  17. data/config/locales/en.yml +1 -0
  18. data/lib/devise.rb +4 -0
  19. data/lib/devise/controllers/helpers.rb +1 -1
  20. data/lib/devise/failure_app.rb +28 -3
  21. data/lib/devise/models/authenticatable.rb +7 -15
  22. data/lib/devise/models/confirmable.rb +4 -1
  23. data/lib/devise/models/database_authenticatable.rb +41 -6
  24. data/lib/devise/models/lockable.rb +2 -2
  25. data/lib/devise/models/registerable.rb +2 -0
  26. data/lib/devise/strategies/database_authenticatable.rb +3 -0
  27. data/lib/devise/test/controller_helpers.rb +1 -1
  28. data/lib/devise/version.rb +1 -1
  29. data/lib/generators/active_record/devise_generator.rb +4 -4
  30. data/lib/generators/devise/controllers_generator.rb +1 -1
  31. data/lib/generators/templates/devise.rb +12 -3
  32. data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +1 -1
  33. data/lib/generators/templates/simple_form_for/registrations/new.html.erb +1 -1
  34. metadata +5 -305
  35. data/.gitignore +0 -10
  36. data/.travis.yml +0 -69
  37. data/.yardopts +0 -9
  38. data/CODE_OF_CONDUCT.md +0 -22
  39. data/CONTRIBUTING.md +0 -79
  40. data/Gemfile +0 -39
  41. data/Gemfile.lock +0 -202
  42. data/ISSUE_TEMPLATE.md +0 -19
  43. data/Rakefile +0 -37
  44. data/bin/test +0 -13
  45. data/devise.gemspec +0 -28
  46. data/devise.png +0 -0
  47. data/gemfiles/Gemfile.rails-4.1-stable +0 -32
  48. data/gemfiles/Gemfile.rails-4.1-stable.lock +0 -171
  49. data/gemfiles/Gemfile.rails-4.2-stable +0 -32
  50. data/gemfiles/Gemfile.rails-4.2-stable.lock +0 -192
  51. data/gemfiles/Gemfile.rails-5.0-stable +0 -33
  52. data/gemfiles/Gemfile.rails-5.0-stable.lock +0 -192
  53. data/gemfiles/Gemfile.rails-5.2-rc1 +0 -26
  54. data/gemfiles/Gemfile.rails-5.2-rc1.lock +0 -201
  55. data/guides/bug_report_templates/integration_test.rb +0 -106
  56. data/test/controllers/custom_registrations_controller_test.rb +0 -42
  57. data/test/controllers/custom_strategy_test.rb +0 -66
  58. data/test/controllers/helper_methods_test.rb +0 -24
  59. data/test/controllers/helpers_test.rb +0 -318
  60. data/test/controllers/inherited_controller_i18n_messages_test.rb +0 -53
  61. data/test/controllers/internal_helpers_test.rb +0 -129
  62. data/test/controllers/load_hooks_controller_test.rb +0 -21
  63. data/test/controllers/passwords_controller_test.rb +0 -34
  64. data/test/controllers/sessions_controller_test.rb +0 -108
  65. data/test/controllers/url_helpers_test.rb +0 -67
  66. data/test/delegator_test.rb +0 -21
  67. data/test/devise_test.rb +0 -109
  68. data/test/failure_app_test.rb +0 -346
  69. data/test/generators/active_record_generator_test.rb +0 -130
  70. data/test/generators/controllers_generator_test.rb +0 -50
  71. data/test/generators/devise_generator_test.rb +0 -41
  72. data/test/generators/install_generator_test.rb +0 -26
  73. data/test/generators/mongoid_generator_test.rb +0 -25
  74. data/test/generators/views_generator_test.rb +0 -105
  75. data/test/helpers/devise_helper_test.rb +0 -51
  76. data/test/integration/authenticatable_test.rb +0 -706
  77. data/test/integration/confirmable_test.rb +0 -326
  78. data/test/integration/database_authenticatable_test.rb +0 -110
  79. data/test/integration/http_authenticatable_test.rb +0 -114
  80. data/test/integration/lockable_test.rb +0 -242
  81. data/test/integration/mounted_engine_test.rb +0 -38
  82. data/test/integration/omniauthable_test.rb +0 -148
  83. data/test/integration/recoverable_test.rb +0 -349
  84. data/test/integration/registerable_test.rb +0 -365
  85. data/test/integration/rememberable_test.rb +0 -219
  86. data/test/integration/timeoutable_test.rb +0 -186
  87. data/test/integration/trackable_test.rb +0 -99
  88. data/test/mailers/confirmation_instructions_test.rb +0 -117
  89. data/test/mailers/email_changed_test.rb +0 -132
  90. data/test/mailers/mailer_test.rb +0 -20
  91. data/test/mailers/reset_password_instructions_test.rb +0 -98
  92. data/test/mailers/unlock_instructions_test.rb +0 -93
  93. data/test/mapping_test.rb +0 -136
  94. data/test/models/authenticatable_test.rb +0 -25
  95. data/test/models/confirmable_test.rb +0 -549
  96. data/test/models/database_authenticatable_test.rb +0 -290
  97. data/test/models/lockable_test.rb +0 -352
  98. data/test/models/omniauthable_test.rb +0 -9
  99. data/test/models/recoverable_test.rb +0 -263
  100. data/test/models/registerable_test.rb +0 -9
  101. data/test/models/rememberable_test.rb +0 -184
  102. data/test/models/serializable_test.rb +0 -60
  103. data/test/models/timeoutable_test.rb +0 -53
  104. data/test/models/trackable_test.rb +0 -80
  105. data/test/models/validatable_test.rb +0 -121
  106. data/test/models_test.rb +0 -155
  107. data/test/omniauth/config_test.rb +0 -61
  108. data/test/omniauth/url_helpers_test.rb +0 -53
  109. data/test/orm/active_record.rb +0 -24
  110. data/test/orm/mongoid.rb +0 -15
  111. data/test/parameter_sanitizer_test.rb +0 -105
  112. data/test/rails_app/Rakefile +0 -6
  113. data/test/rails_app/app/active_record/admin.rb +0 -8
  114. data/test/rails_app/app/active_record/shim.rb +0 -4
  115. data/test/rails_app/app/active_record/user.rb +0 -20
  116. data/test/rails_app/app/active_record/user_on_engine.rb +0 -9
  117. data/test/rails_app/app/active_record/user_on_main_app.rb +0 -9
  118. data/test/rails_app/app/active_record/user_with_validations.rb +0 -12
  119. data/test/rails_app/app/active_record/user_without_email.rb +0 -10
  120. data/test/rails_app/app/controllers/admins/sessions_controller.rb +0 -8
  121. data/test/rails_app/app/controllers/admins_controller.rb +0 -8
  122. data/test/rails_app/app/controllers/application_controller.rb +0 -13
  123. data/test/rails_app/app/controllers/application_with_fake_engine.rb +0 -32
  124. data/test/rails_app/app/controllers/custom/registrations_controller.rb +0 -33
  125. data/test/rails_app/app/controllers/home_controller.rb +0 -31
  126. data/test/rails_app/app/controllers/publisher/registrations_controller.rb +0 -4
  127. data/test/rails_app/app/controllers/publisher/sessions_controller.rb +0 -4
  128. data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +0 -16
  129. data/test/rails_app/app/controllers/users_controller.rb +0 -33
  130. data/test/rails_app/app/helpers/application_helper.rb +0 -5
  131. data/test/rails_app/app/mailers/users/from_proc_mailer.rb +0 -5
  132. data/test/rails_app/app/mailers/users/mailer.rb +0 -5
  133. data/test/rails_app/app/mailers/users/reply_to_mailer.rb +0 -6
  134. data/test/rails_app/app/mongoid/admin.rb +0 -31
  135. data/test/rails_app/app/mongoid/shim.rb +0 -25
  136. data/test/rails_app/app/mongoid/user.rb +0 -50
  137. data/test/rails_app/app/mongoid/user_on_engine.rb +0 -41
  138. data/test/rails_app/app/mongoid/user_on_main_app.rb +0 -41
  139. data/test/rails_app/app/mongoid/user_with_validations.rb +0 -37
  140. data/test/rails_app/app/mongoid/user_without_email.rb +0 -35
  141. data/test/rails_app/app/views/admins/index.html.erb +0 -1
  142. data/test/rails_app/app/views/admins/sessions/new.html.erb +0 -2
  143. data/test/rails_app/app/views/home/admin_dashboard.html.erb +0 -1
  144. data/test/rails_app/app/views/home/index.html.erb +0 -1
  145. data/test/rails_app/app/views/home/join.html.erb +0 -1
  146. data/test/rails_app/app/views/home/private.html.erb +0 -1
  147. data/test/rails_app/app/views/home/user_dashboard.html.erb +0 -1
  148. data/test/rails_app/app/views/layouts/application.html.erb +0 -24
  149. data/test/rails_app/app/views/users/edit_form.html.erb +0 -1
  150. data/test/rails_app/app/views/users/index.html.erb +0 -1
  151. data/test/rails_app/app/views/users/mailer/confirmation_instructions.erb +0 -1
  152. data/test/rails_app/app/views/users/sessions/new.html.erb +0 -1
  153. data/test/rails_app/bin/bundle +0 -3
  154. data/test/rails_app/bin/rails +0 -4
  155. data/test/rails_app/bin/rake +0 -4
  156. data/test/rails_app/config.ru +0 -4
  157. data/test/rails_app/config/application.rb +0 -48
  158. data/test/rails_app/config/boot.rb +0 -27
  159. data/test/rails_app/config/database.yml +0 -18
  160. data/test/rails_app/config/environment.rb +0 -7
  161. data/test/rails_app/config/environments/development.rb +0 -32
  162. data/test/rails_app/config/environments/production.rb +0 -88
  163. data/test/rails_app/config/environments/test.rb +0 -47
  164. data/test/rails_app/config/initializers/backtrace_silencers.rb +0 -9
  165. data/test/rails_app/config/initializers/devise.rb +0 -187
  166. data/test/rails_app/config/initializers/inflections.rb +0 -4
  167. data/test/rails_app/config/initializers/secret_token.rb +0 -5
  168. data/test/rails_app/config/initializers/session_store.rb +0 -3
  169. data/test/rails_app/config/routes.rb +0 -128
  170. data/test/rails_app/db/migrate/20100401102949_create_tables.rb +0 -77
  171. data/test/rails_app/db/schema.rb +0 -57
  172. data/test/rails_app/lib/lazy_load_test_module.rb +0 -5
  173. data/test/rails_app/lib/shared_admin.rb +0 -23
  174. data/test/rails_app/lib/shared_user.rb +0 -32
  175. data/test/rails_app/lib/shared_user_without_email.rb +0 -28
  176. data/test/rails_app/lib/shared_user_without_omniauth.rb +0 -15
  177. data/test/rails_app/public/404.html +0 -26
  178. data/test/rails_app/public/422.html +0 -26
  179. data/test/rails_app/public/500.html +0 -26
  180. data/test/rails_app/public/favicon.ico +0 -0
  181. data/test/rails_test.rb +0 -11
  182. data/test/routes_test.rb +0 -281
  183. data/test/secret_key_finder_test.rb +0 -121
  184. data/test/support/action_controller/record_identifier.rb +0 -12
  185. data/test/support/assertions.rb +0 -30
  186. data/test/support/helpers.rb +0 -83
  187. data/test/support/http_method_compatibility.rb +0 -53
  188. data/test/support/integration.rb +0 -95
  189. data/test/support/locale/en.yml +0 -8
  190. data/test/support/mongoid.yml +0 -6
  191. data/test/support/webrat/integrations/rails.rb +0 -35
  192. data/test/test/controller_helpers_test.rb +0 -193
  193. data/test/test/integration_helpers_test.rb +0 -34
  194. data/test/test_helper.rb +0 -36
  195. data/test/test_models.rb +0 -35
@@ -1,290 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'test_helper'
4
- require 'test_models'
5
- require 'digest/sha1'
6
-
7
- class DatabaseAuthenticatableTest < ActiveSupport::TestCase
8
- def setup
9
- setup_mailer
10
- end
11
-
12
- test 'should downcase case insensitive keys when saving' do
13
- # case_insensitive_keys is set to :email by default.
14
- email = 'Foo@Bar.com'
15
- user = new_user(email: email)
16
-
17
- assert_equal email, user.email
18
- user.save!
19
- assert_equal email.downcase, user.email
20
- end
21
-
22
- test 'should downcase case insensitive keys that refer to virtual attributes when saving' do
23
- email = 'Foo@Bar1.com'
24
- confirmation = 'Foo@Bar1.com'
25
- attributes = valid_attributes(email: email, email_confirmation: confirmation)
26
- user = UserWithVirtualAttributes.new(attributes)
27
-
28
- assert_equal confirmation, user.email_confirmation
29
- user.save!
30
- assert_equal confirmation.downcase, user.email_confirmation
31
- end
32
-
33
- test 'should not mutate value assigned to case insensitive key' do
34
- email = 'Foo@Bar.com'
35
- original_email = email.dup
36
- user = new_user(email: email)
37
-
38
- user.save!
39
- assert_equal original_email, email
40
- end
41
-
42
- test 'should remove whitespace from strip whitespace keys when saving' do
43
- # strip_whitespace_keys is set to :email by default.
44
- email = ' foo@bar.com '
45
- user = new_user(email: email)
46
-
47
- assert_equal email, user.email
48
- user.save!
49
- assert_equal email.strip, user.email
50
- end
51
-
52
- test 'should not mutate value assigned to string whitespace key' do
53
- email = ' foo@bar.com '
54
- original_email = email.dup
55
- user = new_user(email: email)
56
-
57
- user.save!
58
- assert_equal original_email, email
59
- end
60
-
61
- test "doesn't throw exception when globally configured strip_whitespace_keys are not present on a model" do
62
- swap Devise, strip_whitespace_keys: [:fake_key] do
63
- assert_nothing_raised { create_user }
64
- end
65
- end
66
-
67
- test "doesn't throw exception when globally configured case_insensitive_keys are not present on a model" do
68
- swap Devise, case_insensitive_keys: [:fake_key] do
69
- assert_nothing_raised { create_user }
70
- end
71
- end
72
-
73
- test "param filter should not convert booleans and integer to strings" do
74
- conditions = { "login" => "foo@bar.com", "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => (1..10) }
75
- conditions = Devise::ParameterFilter.new([], []).filter(conditions)
76
- assert_equal( { "login" => "foo@bar.com", "bool1" => "true", "bool2" => "false", "fixnum" => "123", "will_be_converted" => "1..10" }, conditions)
77
- end
78
-
79
- test 'param filter should filter case_insensitive_keys as insensitive' do
80
- conditions = {'insensitive' => 'insensitive_VAL', 'sensitive' => 'sensitive_VAL'}
81
- conditions = Devise::ParameterFilter.new(['insensitive'], []).filter(conditions)
82
- assert_equal( {'insensitive' => 'insensitive_val', 'sensitive' => 'sensitive_VAL'}, conditions )
83
- end
84
-
85
- test 'param filter should filter strip_whitespace_keys stripping whitespaces' do
86
- conditions = {'strip_whitespace' => ' strip_whitespace_val ', 'do_not_strip_whitespace' => ' do_not_strip_whitespace_val '}
87
- conditions = Devise::ParameterFilter.new([], ['strip_whitespace']).filter(conditions)
88
- assert_equal( {'strip_whitespace' => 'strip_whitespace_val', 'do_not_strip_whitespace' => ' do_not_strip_whitespace_val '}, conditions )
89
- end
90
-
91
- test 'param filter should not add keys to filtered hash' do
92
- conditions = { 'present' => 'present_val' }
93
- conditions.default = ''
94
- conditions = Devise::ParameterFilter.new(['not_present'], []).filter(conditions)
95
- assert_equal({ 'present' => 'present_val' }, conditions)
96
- end
97
-
98
- test 'should respond to password and password confirmation' do
99
- user = new_user
100
- assert user.respond_to?(:password)
101
- assert user.respond_to?(:password_confirmation)
102
- end
103
-
104
- test 'should generate a hashed password while setting password' do
105
- user = new_user
106
- assert_present user.encrypted_password
107
- end
108
-
109
- test 'should support custom hashing methods' do
110
- user = UserWithCustomHashing.new(password: '654321')
111
- assert_equal user.encrypted_password, '123456'
112
- end
113
-
114
- test 'allow authenticatable_salt to work even with nil hashed password' do
115
- user = User.new
116
- user.encrypted_password = nil
117
- assert_nil user.authenticatable_salt
118
- end
119
-
120
- test 'should not generate a hashed password if password is blank' do
121
- assert_blank new_user(password: nil).encrypted_password
122
- assert_blank new_user(password: '').encrypted_password
123
- end
124
-
125
- test 'should hash password again if password has changed' do
126
- user = create_user
127
- encrypted_password = user.encrypted_password
128
- user.password = user.password_confirmation = 'new_password'
129
- user.save!
130
- assert_not_equal encrypted_password, user.encrypted_password
131
- end
132
-
133
- test 'should test for a valid password' do
134
- user = create_user
135
- assert user.valid_password?('12345678')
136
- refute user.valid_password?('654321')
137
- end
138
-
139
- test 'should not raise error with an empty password' do
140
- user = create_user
141
- user.encrypted_password = ''
142
- assert_nothing_raised { user.valid_password?('12345678') }
143
- end
144
-
145
- test 'should be an invalid password if the user has an empty password' do
146
- user = create_user
147
- user.encrypted_password = ''
148
- refute user.valid_password?('654321')
149
- end
150
-
151
- test 'should respond to current password' do
152
- assert new_user.respond_to?(:current_password)
153
- end
154
-
155
- test 'should update password with valid current password' do
156
- user = create_user
157
- assert user.update_with_password(current_password: '12345678',
158
- password: 'pass4321', password_confirmation: 'pass4321')
159
- assert user.reload.valid_password?('pass4321')
160
- end
161
-
162
- test 'should add an error to current password when it is invalid' do
163
- user = create_user
164
- refute user.update_with_password(current_password: 'other',
165
- password: 'pass4321', password_confirmation: 'pass4321')
166
- assert user.reload.valid_password?('12345678')
167
- assert_match "is invalid", user.errors[:current_password].join
168
- end
169
-
170
- test 'should add an error to current password when it is blank' do
171
- user = create_user
172
- refute user.update_with_password(password: 'pass4321',
173
- password_confirmation: 'pass4321')
174
- assert user.reload.valid_password?('12345678')
175
- assert_match "can't be blank", user.errors[:current_password].join
176
- end
177
-
178
- test 'should run validations even when current password is invalid or blank' do
179
- user = UserWithValidation.create!(valid_attributes)
180
- user.save
181
- assert user.persisted?
182
- refute user.update_with_password(username: "")
183
- assert_match "usertest", user.reload.username
184
- assert_match "can't be blank", user.errors[:username].join
185
- end
186
-
187
- test 'should ignore password and its confirmation if they are blank' do
188
- user = create_user
189
- assert user.update_with_password(current_password: '12345678', email: "new@example.com")
190
- assert_equal "new@example.com", user.email
191
- end
192
-
193
- test 'should not update password with invalid confirmation' do
194
- user = create_user
195
- refute user.update_with_password(current_password: '12345678',
196
- password: 'pass4321', password_confirmation: 'other')
197
- assert user.reload.valid_password?('12345678')
198
- end
199
-
200
- test 'should clean up password fields on failure' do
201
- user = create_user
202
- refute user.update_with_password(current_password: '12345678',
203
- password: 'pass4321', password_confirmation: 'other')
204
- assert user.password.blank?
205
- assert user.password_confirmation.blank?
206
- end
207
-
208
- test 'should update the user without password' do
209
- user = create_user
210
- user.update_without_password(email: 'new@example.com')
211
- assert_equal 'new@example.com', user.email
212
- end
213
-
214
- test 'should not update password without password' do
215
- user = create_user
216
- user.update_without_password(password: 'pass4321', password_confirmation: 'pass4321')
217
- assert !user.reload.valid_password?('pass4321')
218
- assert user.valid_password?('12345678')
219
- end
220
-
221
- test 'should destroy user if current password is valid' do
222
- user = create_user
223
- assert user.destroy_with_password('12345678')
224
- assert !user.persisted?
225
- end
226
-
227
- test 'should not destroy user with invalid password' do
228
- user = create_user
229
- refute user.destroy_with_password('other')
230
- assert user.persisted?
231
- assert_match "is invalid", user.errors[:current_password].join
232
- end
233
-
234
- test 'should not destroy user with blank password' do
235
- user = create_user
236
- refute user.destroy_with_password(nil)
237
- assert user.persisted?
238
- assert_match "can't be blank", user.errors[:current_password].join
239
- end
240
-
241
- test 'should not email on password change' do
242
- user = create_user
243
- assert_email_not_sent do
244
- assert user.update(password: 'newpass', password_confirmation: 'newpass')
245
- end
246
- end
247
-
248
- test 'should notify previous email on email change when configured' do
249
- swap Devise, send_email_changed_notification: true do
250
- user = create_user
251
- original_email = user.email
252
- assert_email_sent original_email do
253
- assert user.update(email: 'new-email@example.com')
254
- end
255
- assert_match original_email, ActionMailer::Base.deliveries.last.body.encoded
256
- end
257
- end
258
-
259
- test 'should notify email on password change when configured' do
260
- swap Devise, send_password_change_notification: true do
261
- user = create_user
262
- assert_email_sent user.email do
263
- assert user.update(password: 'newpass', password_confirmation: 'newpass')
264
- end
265
- assert_match user.email, ActionMailer::Base.deliveries.last.body.encoded
266
- end
267
- end
268
-
269
- test 'downcase_keys with validation' do
270
- User.create(email: "HEllO@example.com", password: "123456")
271
- user = User.create(email: "HEllO@example.com", password: "123456")
272
- assert !user.valid?
273
- end
274
-
275
- test 'required_fields should be encryptable_password and the email field by default' do
276
- assert_equal Devise::Models::DatabaseAuthenticatable.required_fields(User), [
277
- :encrypted_password,
278
- :email
279
- ]
280
- end
281
-
282
- test 'required_fields should be encryptable_password and the login when the login is on authentication_keys' do
283
- swap Devise, authentication_keys: [:login] do
284
- assert_equal Devise::Models::DatabaseAuthenticatable.required_fields(User), [
285
- :encrypted_password,
286
- :login
287
- ]
288
- end
289
- end
290
- end
@@ -1,352 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'test_helper'
4
-
5
- class LockableTest < ActiveSupport::TestCase
6
- def setup
7
- setup_mailer
8
- end
9
-
10
- test "should respect maximum attempts configuration" do
11
- user = create_user
12
- user.confirm
13
- swap Devise, maximum_attempts: 2 do
14
- 2.times { user.valid_for_authentication?{ false } }
15
- assert user.reload.access_locked?
16
- end
17
- end
18
-
19
- test "should increment failed_attempts on successful validation if the user is already locked" do
20
- user = create_user
21
- user.confirm
22
-
23
- swap Devise, maximum_attempts: 2 do
24
- 2.times { user.valid_for_authentication?{ false } }
25
- assert user.reload.access_locked?
26
- end
27
-
28
- user.valid_for_authentication?{ true }
29
- assert_equal 3, user.reload.failed_attempts
30
- end
31
-
32
- test "should not touch failed_attempts if lock_strategy is none" do
33
- user = create_user
34
- user.confirm
35
- swap Devise, lock_strategy: :none, maximum_attempts: 2 do
36
- 3.times { user.valid_for_authentication?{ false } }
37
- assert !user.access_locked?
38
- assert_equal 0, user.failed_attempts
39
- end
40
- end
41
-
42
- test 'should be valid for authentication with a unlocked user' do
43
- user = create_user
44
- user.lock_access!
45
- user.unlock_access!
46
- assert user.valid_for_authentication?{ true }
47
- end
48
-
49
- test "should verify whether a user is locked or not" do
50
- user = create_user
51
- refute user.access_locked?
52
- user.lock_access!
53
- assert user.access_locked?
54
- end
55
-
56
- test "active_for_authentication? should be the opposite of locked?" do
57
- user = create_user
58
- user.confirm
59
- assert user.active_for_authentication?
60
- user.lock_access!
61
- refute user.active_for_authentication?
62
- end
63
-
64
- test "should unlock a user by cleaning locked_at, failed_attempts and unlock_token" do
65
- user = create_user
66
- user.lock_access!
67
- assert_not_nil user.reload.locked_at
68
- assert_not_nil user.reload.unlock_token
69
-
70
- user.unlock_access!
71
- assert_nil user.reload.locked_at
72
- assert_nil user.reload.unlock_token
73
- assert_equal 0, user.reload.failed_attempts
74
- end
75
-
76
- test "new user should not be locked and should have zero failed_attempts" do
77
- refute new_user.access_locked?
78
- assert_equal 0, create_user.failed_attempts
79
- end
80
-
81
- test "should unlock user after unlock_in period" do
82
- swap Devise, unlock_in: 3.hours do
83
- user = new_user
84
- user.locked_at = 2.hours.ago
85
- assert user.access_locked?
86
-
87
- Devise.unlock_in = 1.hour
88
- refute user.access_locked?
89
- end
90
- end
91
-
92
- test "should not unlock in 'unlock_in' if :time unlock strategy is not set" do
93
- swap Devise, unlock_strategy: :email do
94
- user = new_user
95
- user.locked_at = 2.hours.ago
96
- assert user.access_locked?
97
- end
98
- end
99
-
100
- test "should set unlock_token when locking" do
101
- user = create_user
102
- assert_nil user.unlock_token
103
- user.lock_access!
104
- assert_not_nil user.unlock_token
105
- end
106
-
107
- test "should never generate the same unlock token for different users" do
108
- unlock_tokens = []
109
- 3.times do
110
- user = create_user
111
- user.lock_access!
112
- token = user.unlock_token
113
- assert !unlock_tokens.include?(token)
114
- unlock_tokens << token
115
- end
116
- end
117
-
118
- test "should not generate unlock_token when :email is not an unlock strategy" do
119
- swap Devise, unlock_strategy: :time do
120
- user = create_user
121
- user.lock_access!
122
- assert_nil user.unlock_token
123
- end
124
- end
125
-
126
- test "should send email with unlock instructions when :email is an unlock strategy" do
127
- swap Devise, unlock_strategy: :email do
128
- user = create_user
129
- assert_email_sent do
130
- user.lock_access!
131
- end
132
- end
133
- end
134
-
135
- test "doesn't send email when you pass option send_instructions to false" do
136
- swap Devise, unlock_strategy: :email do
137
- user = create_user
138
- assert_email_not_sent do
139
- user.lock_access! send_instructions: false
140
- end
141
- end
142
- end
143
-
144
- test "sends email when you pass options other than send_instructions" do
145
- swap Devise, unlock_strategy: :email do
146
- user = create_user
147
- assert_email_sent do
148
- user.lock_access! foo: :bar, bar: :foo
149
- end
150
- end
151
- end
152
-
153
- test "should not send email with unlock instructions when :email is not an unlock strategy" do
154
- swap Devise, unlock_strategy: :time do
155
- user = create_user
156
- assert_email_not_sent do
157
- user.lock_access!
158
- end
159
- end
160
- end
161
-
162
- test 'should find and unlock a user automatically based on raw token' do
163
- user = create_user
164
- raw = user.send_unlock_instructions
165
- locked_user = User.unlock_access_by_token(raw)
166
- assert_equal locked_user, user
167
- refute user.reload.access_locked?
168
- end
169
-
170
- test 'should return a new record with errors when a invalid token is given' do
171
- locked_user = User.unlock_access_by_token('invalid_token')
172
- refute locked_user.persisted?
173
- assert_equal "is invalid", locked_user.errors[:unlock_token].join
174
- end
175
-
176
- test 'should return a new record with errors when a blank token is given' do
177
- locked_user = User.unlock_access_by_token('')
178
- refute locked_user.persisted?
179
- assert_equal "can't be blank", locked_user.errors[:unlock_token].join
180
- end
181
-
182
- test 'should find a user to send unlock instructions' do
183
- user = create_user
184
- user.lock_access!
185
- unlock_user = User.send_unlock_instructions(email: user.email)
186
- assert_equal unlock_user, user
187
- end
188
-
189
- test 'should return a new user if no email was found' do
190
- unlock_user = User.send_unlock_instructions(email: "invalid@example.com")
191
- refute unlock_user.persisted?
192
- end
193
-
194
- test 'should add error to new user email if no email was found' do
195
- unlock_user = User.send_unlock_instructions(email: "invalid@example.com")
196
- assert_equal 'not found', unlock_user.errors[:email].join
197
- end
198
-
199
- test 'should find a user to send unlock instructions by authentication_keys' do
200
- swap Devise, authentication_keys: [:username, :email] do
201
- user = create_user
202
- unlock_user = User.send_unlock_instructions(email: user.email, username: user.username)
203
- assert_equal unlock_user, user
204
- end
205
- end
206
-
207
- test 'should require all unlock_keys' do
208
- swap Devise, unlock_keys: [:username, :email] do
209
- user = create_user
210
- unlock_user = User.send_unlock_instructions(email: user.email)
211
- refute unlock_user.persisted?
212
- assert_equal "can't be blank", unlock_user.errors[:username].join
213
- end
214
- end
215
-
216
- test 'should not be able to send instructions if the user is not locked' do
217
- user = create_user
218
- refute user.resend_unlock_instructions
219
- refute user.access_locked?
220
- assert_equal 'was not locked', user.errors[:email].join
221
- end
222
-
223
- test 'should not be able to send instructions if the user if not locked and have username as unlock key' do
224
- swap Devise, unlock_keys: [:username] do
225
- user = create_user
226
- refute user.resend_unlock_instructions
227
- refute user.access_locked?
228
- assert_equal 'was not locked', user.errors[:username].join
229
- end
230
- end
231
-
232
- test 'should unlock account if lock has expired and increase attempts on failure' do
233
- swap Devise, unlock_in: 1.minute do
234
- user = create_user
235
- user.confirm
236
-
237
- user.failed_attempts = 2
238
- user.locked_at = 2.minutes.ago
239
-
240
- user.valid_for_authentication? { false }
241
- assert_equal 1, user.failed_attempts
242
- end
243
- end
244
-
245
- test 'should unlock account if lock has expired on success' do
246
- swap Devise, unlock_in: 1.minute do
247
- user = create_user
248
- user.confirm
249
-
250
- user.failed_attempts = 2
251
- user.locked_at = 2.minutes.ago
252
-
253
- user.valid_for_authentication? { true }
254
- assert_equal 0, user.failed_attempts
255
- assert_nil user.locked_at
256
- end
257
- end
258
-
259
- test 'required_fields should contain the all the fields when all the strategies are enabled' do
260
- swap Devise, unlock_strategy: :both do
261
- swap Devise, lock_strategy: :failed_attempts do
262
- assert_equal Devise::Models::Lockable.required_fields(User), [
263
- :failed_attempts,
264
- :locked_at,
265
- :unlock_token
266
- ]
267
- end
268
- end
269
- end
270
-
271
- test 'required_fields should contain only failed_attempts and locked_at when the strategies are time and failed_attempts are enabled' do
272
- swap Devise, unlock_strategy: :time do
273
- swap Devise, lock_strategy: :failed_attempts do
274
- assert_equal Devise::Models::Lockable.required_fields(User), [
275
- :failed_attempts,
276
- :locked_at
277
- ]
278
- end
279
- end
280
- end
281
-
282
- test 'required_fields should contain only failed_attempts and unlock_token when the strategies are token and failed_attempts are enabled' do
283
- swap Devise, unlock_strategy: :email do
284
- swap Devise, lock_strategy: :failed_attempts do
285
- assert_equal Devise::Models::Lockable.required_fields(User), [
286
- :failed_attempts,
287
- :unlock_token
288
- ]
289
- end
290
- end
291
- end
292
-
293
- test 'should not return a locked unauthenticated message if in paranoid mode' do
294
- swap Devise, paranoid: :true do
295
- user = create_user
296
- user.failed_attempts = Devise.maximum_attempts + 1
297
- user.lock_access!
298
-
299
- assert_equal :invalid, user.unauthenticated_message
300
- end
301
- end
302
-
303
- test 'should return last attempt message if user made next-to-last attempt of password entering' do
304
- swap Devise, last_attempt_warning: true, lock_strategy: :failed_attempts do
305
- user = create_user
306
- user.failed_attempts = Devise.maximum_attempts - 2
307
- assert_equal :invalid, user.unauthenticated_message
308
-
309
- user.failed_attempts = Devise.maximum_attempts - 1
310
- assert_equal :last_attempt, user.unauthenticated_message
311
-
312
- user.failed_attempts = Devise.maximum_attempts
313
- assert_equal :locked, user.unauthenticated_message
314
- end
315
- end
316
-
317
- test 'should not return last attempt message if last_attempt_warning is disabled' do
318
- swap Devise, last_attempt_warning: false, lock_strategy: :failed_attempts do
319
- user = create_user
320
- user.failed_attempts = Devise.maximum_attempts - 1
321
- assert_equal :invalid, user.unauthenticated_message
322
- end
323
- end
324
-
325
- test 'should return locked message if user was programatically locked' do
326
- user = create_user
327
- user.lock_access!
328
- assert_equal :locked, user.unauthenticated_message
329
- end
330
-
331
- test 'unlock_strategy_enabled? should return true for both, email, and time strategies if :both is used' do
332
- swap Devise, unlock_strategy: :both do
333
- user = create_user
334
- assert_equal true, user.unlock_strategy_enabled?(:both)
335
- assert_equal true, user.unlock_strategy_enabled?(:time)
336
- assert_equal true, user.unlock_strategy_enabled?(:email)
337
- assert_equal false, user.unlock_strategy_enabled?(:none)
338
- assert_equal false, user.unlock_strategy_enabled?(:an_undefined_strategy)
339
- end
340
- end
341
-
342
- test 'unlock_strategy_enabled? should return true only for the configured strategy' do
343
- swap Devise, unlock_strategy: :email do
344
- user = create_user
345
- assert_equal false, user.unlock_strategy_enabled?(:both)
346
- assert_equal false, user.unlock_strategy_enabled?(:time)
347
- assert_equal true, user.unlock_strategy_enabled?(:email)
348
- assert_equal false, user.unlock_strategy_enabled?(:none)
349
- assert_equal false, user.unlock_strategy_enabled?(:an_undefined_strategy)
350
- end
351
- end
352
- end