deviseOne 1.0.0

data/test/controllers/internal_helpers_test.rb

@@ -0,0 +1,129 @@
+require 'test_helper'
+
+class MyController < DeviseController
+end
+
+class HelpersTest < ActionController::TestCase
+  tests MyController
+
+  def setup
+    @mock_warden = OpenStruct.new
+    @controller.request.env['warden'] = @mock_warden
+    @controller.request.env['devise.mapping'] = Devise.mappings[:user]
+  end
+
+  test 'get resource name from env' do
+    assert_equal :user, @controller.resource_name
+  end
+
+  test 'get resource class from env' do
+    assert_equal User, @controller.resource_class
+  end
+
+  test 'get resource instance variable from env' do
+    @controller.instance_variable_set(:@user, user = User.new)
+    assert_equal user, @controller.resource
+  end
+
+  test 'set resource instance variable from env' do
+    user = @controller.send(:resource_class).new
+    @controller.send(:resource=, user)
+
+    assert_equal user, @controller.send(:resource)
+    assert_equal user, @controller.instance_variable_get(:@user)
+  end
+
+  test 'get resource params from request params using resource name as key' do
+    user_params = {'email' => 'shirley@templar.com'}
+
+    params = if Devise.rails4?
+      # Stub controller name so strong parameters can filter properly.
+      # DeviseController does not allow any parameters by default.
+      @controller.stubs(:controller_name).returns(:sessions_controller)
+
+      ActionController::Parameters.new({'user' => user_params})
+    else
+      HashWithIndifferentAccess.new({'user' => user_params})
+    end
+    @controller.stubs(:params).returns(params)
+
+    assert_equal user_params, @controller.send(:resource_params)
+  end
+
+  test 'resources methods are not controller actions' do
+    assert @controller.class.action_methods.delete_if { |m| m.include? 'commenter' }.empty?
+  end
+
+  test 'require no authentication tests current mapping' do
+    @mock_warden.expects(:authenticate?).with(:rememberable, scope: :user).returns(true)
+    @mock_warden.expects(:user).with(:user).returns(User.new)
+    @controller.expects(:redirect_to).with(root_path)
+    @controller.send :require_no_authentication
+  end
+
+  test 'require no authentication only checks if already authenticated if no inputs strategies are available' do
+    Devise.mappings[:user].expects(:no_input_strategies).returns([])
+    @mock_warden.expects(:authenticate?).never
+    @mock_warden.expects(:authenticated?).with(:user).once.returns(true)
+    @mock_warden.expects(:user).with(:user).returns(User.new)
+    @controller.expects(:redirect_to).with(root_path)
+    @controller.send :require_no_authentication
+  end
+
+  test 'require no authentication sets a flash message' do
+    @mock_warden.expects(:authenticate?).with(:rememberable, scope: :user).returns(true)
+    @mock_warden.expects(:user).with(:user).returns(User.new)
+    @controller.expects(:redirect_to).with(root_path)
+    @controller.send :require_no_authentication
+    assert flash[:alert] == I18n.t("devise.failure.already_authenticated")
+  end
+
+  test 'signed in resource returns signed in resource for current scope' do
+    @mock_warden.expects(:authenticate).with(scope: :user).returns(User.new)
+    assert_kind_of User, @controller.signed_in_resource
+  end
+
+  test 'is a devise controller' do
+    assert @controller.devise_controller?
+  end
+
+  test 'does not issue blank flash messages' do
+    I18n.stubs(:t).returns('   ')
+    @controller.send :set_flash_message, :notice, :send_instructions
+    assert flash[:notice].nil?
+  end
+
+  test 'issues non-blank flash messages normally' do
+    I18n.stubs(:t).returns('non-blank')
+    @controller.send :set_flash_message, :notice, :send_instructions
+    assert_equal 'non-blank', flash[:notice]
+  end
+
+  test 'issues non-blank flash.now messages normally' do
+    I18n.stubs(:t).returns('non-blank')
+    @controller.send :set_flash_message, :notice, :send_instructions, { now: true }
+    assert_equal 'non-blank', flash.now[:notice]
+  end
+
+  test 'uses custom i18n options' do
+    @controller.stubs(:devise_i18n_options).returns(default: "devise custom options")
+    @controller.send :set_flash_message, :notice, :invalid_i18n_messagesend_instructions
+    assert_equal 'devise custom options', flash[:notice]
+  end
+
+  test 'allows custom i18n options to override resource_name' do
+    I18n.expects(:t).with("custom_resource_name.confirmed", anything)
+    @controller.stubs(:devise_i18n_options).returns(resource_name: "custom_resource_name")
+    @controller.send :set_flash_message, :notice, :confirmed
+  end
+
+  test 'navigational_formats not returning a wild card' do
+    MyController.send(:public, :navigational_formats)
+
+    swap Devise, navigational_formats: ['*/*', :html] do
+      assert_not @controller.navigational_formats.include?("*/*")
+    end
+
+    MyController.send(:protected, :navigational_formats)
+  end
+end

data/test/controllers/load_hooks_controller_test.rb

@@ -0,0 +1,19 @@
+require 'test_helper'
+
+class LoadHooksControllerTest < ActionController::TestCase
+  setup do
+    ActiveSupport.on_load(:devise_controller) do
+      define_method :defined_by_load_hook do
+        puts 'I am defined dynamically by activesupport load hook'
+      end
+    end
+  end
+
+  teardown do
+    DeviseController.class_eval { undef :defined_by_load_hook }
+  end
+
+  test 'load hook called when controller is loaded' do
+    assert DeviseController.instance_methods.include? :defined_by_load_hook
+  end
+end

data/test/controllers/passwords_controller_test.rb

@@ -0,0 +1,31 @@
+require 'test_helper'
+
+class PasswordsControllerTest < ActionController::TestCase
+  tests Devise::PasswordsController
+  include Devise::TestHelpers
+
+  setup do
+    request.env["devise.mapping"] = Devise.mappings[:user]
+    @user = create_user.tap(&:confirm!)
+    @raw  = @user.send_reset_password_instructions
+  end
+
+  def put_update_with_params
+    put :update, "user" => {
+      "reset_password_token" => @raw, "password" => "1234567", "password_confirmation" => "1234567"
+    }
+  end
+
+  test 'redirect to after_sign_in_path_for if after_resetting_password_path_for is not overridden' do
+    put_update_with_params
+    assert_redirected_to "http://test.host/"
+  end
+
+  test 'redirect accordingly if after_resetting_password_path_for is overridden' do
+    custom_path = "http://custom.path/"
+    Devise::PasswordsController.any_instance.stubs(:after_resetting_password_path_for).with(@user).returns(custom_path)
+
+    put_update_with_params
+    assert_redirected_to custom_path
+  end
+end

data/test/controllers/sessions_controller_test.rb

@@ -0,0 +1,102 @@
+require 'test_helper'
+
+class SessionsControllerTest < ActionController::TestCase
+  tests Devise::SessionsController
+  include Devise::TestHelpers
+
+  test "#create doesn't raise unpermitted params when sign in fails" do
+    begin
+      subscriber = ActiveSupport::Notifications.subscribe /unpermitted_parameters/ do |name, start, finish, id, payload|
+        flunk "Unpermitted params: #{payload}"
+      end
+      request.env["devise.mapping"] = Devise.mappings[:user]
+      request.session["user_return_to"] = 'foo.bar'
+      create_user
+      post :create, user: {
+        email: "wrong@email.com",
+        password: "wrongpassword"
+      }
+      assert_equal 302, @response.status
+    ensure
+      ActiveSupport::Notifications.unsubscribe(subscriber)
+    end
+  end
+
+  test "#create works even with scoped views" do
+    swap Devise, scoped_views: true do
+      request.env["devise.mapping"] = Devise.mappings[:user]
+      post :create
+      assert_equal 200, @response.status
+      assert_template "users/sessions/new"
+    end
+  end
+
+  test "#create delete the url stored in the session if the requested format is navigational" do
+    request.env["devise.mapping"] = Devise.mappings[:user]
+    request.session["user_return_to"] = 'foo.bar'
+
+    user = create_user
+    user.confirm!
+    post :create, user: {
+      email: user.email,
+      password: user.password
+    }
+
+    assert_nil request.session["user_return_to"]
+  end
+
+  test "#create doesn't delete the url stored in the session if the requested format is not navigational" do
+    request.env["devise.mapping"] = Devise.mappings[:user]
+    request.session["user_return_to"] = 'foo.bar'
+
+    user = create_user
+    user.confirm!
+    post :create, format: 'json', user: {
+      email: user.email,
+      password: user.password
+    }
+
+    assert_equal 'foo.bar', request.session["user_return_to"]
+  end
+
+  test "#create doesn't raise exception after Warden authentication fails when TestHelpers included" do
+    request.env["devise.mapping"] = Devise.mappings[:user]
+    post :create, user: {
+      email: "nosuchuser@example.com",
+      password: "wevdude"
+    }
+    assert_equal 302, @response.status
+  end
+
+  test "#destroy doesn't set the flash if the requested format is not navigational" do
+    request.env["devise.mapping"] = Devise.mappings[:user]
+    user = create_user
+    user.confirm!
+    post :create, format: 'json', user: {
+      email: user.email,
+      password: user.password
+    }
+
+    delete :destroy, format: 'json'
+    assert flash[:notice].blank?, "flash[:notice] should be blank, not #{flash[:notice].inspect}"
+    assert_equal 204, @response.status
+  end
+
+  if defined?(ActiveRecord) && ActiveRecord::Base.respond_to?(:mass_assignment_sanitizer)
+    test "#new doesn't raise mass-assignment exception even if sign-in key is attr_protected" do
+      request.env["devise.mapping"] = Devise.mappings[:user]
+
+      ActiveRecord::Base.mass_assignment_sanitizer = :strict
+      User.class_eval { attr_protected :email }
+
+      begin
+        assert_nothing_raised ActiveModel::MassAssignmentSecurity::Error do
+          get :new, user: { email: "allez viens!" }
+        end
+      ensure
+        ActiveRecord::Base.mass_assignment_sanitizer = :logger
+        User.class_eval { attr_accessible :email }
+      end
+    end
+  end
+end

data/test/controllers/url_helpers_test.rb

@@ -0,0 +1,65 @@
+require 'test_helper'
+
+class RoutesTest < ActionController::TestCase
+  tests ApplicationController
+
+  def assert_path_and_url(name, prepend_path=nil)
+    @request.path = '/users/session'
+    prepend_path = "#{prepend_path}_" if prepend_path
+
+    # Resource param
+    assert_equal @controller.send(:"#{prepend_path}#{name}_path", :user),
+                 send(:"#{prepend_path}user_#{name}_path")
+    assert_equal @controller.send(:"#{prepend_path}#{name}_url", :user),
+                 send(:"#{prepend_path}user_#{name}_url")
+
+    # With string
+    assert_equal @controller.send(:"#{prepend_path}#{name}_path", "user"),
+                 send(:"#{prepend_path}user_#{name}_path")
+    assert_equal @controller.send(:"#{prepend_path}#{name}_url", "user"),
+                 send(:"#{prepend_path}user_#{name}_url")
+
+    # Default url params
+    assert_equal @controller.send(:"#{prepend_path}#{name}_path", :user, param: 123),
+                 send(:"#{prepend_path}user_#{name}_path", param: 123)
+    assert_equal @controller.send(:"#{prepend_path}#{name}_url", :user, param: 123),
+                 send(:"#{prepend_path}user_#{name}_url", param: 123)
+
+    @request.path = nil
+    # With an object
+    assert_equal @controller.send(:"#{prepend_path}#{name}_path", User.new),
+                 send(:"#{prepend_path}user_#{name}_path")
+    assert_equal @controller.send(:"#{prepend_path}#{name}_url", User.new),
+                 send(:"#{prepend_path}user_#{name}_url")
+  end
+
+
+  test 'should alias session to mapped user session' do
+    assert_path_and_url :session
+    assert_path_and_url :session, :new
+    assert_path_and_url :session, :destroy
+  end
+
+  test 'should alias password to mapped user password' do
+    assert_path_and_url :password
+    assert_path_and_url :password, :new
+    assert_path_and_url :password, :edit
+  end
+
+  test 'should alias confirmation to mapped user confirmation' do
+    assert_path_and_url :confirmation
+    assert_path_and_url :confirmation, :new
+  end
+
+  test 'should alias unlock to mapped user unlock' do
+    assert_path_and_url :unlock
+    assert_path_and_url :unlock, :new
+  end
+
+  test 'should alias registration to mapped user registration' do
+    assert_path_and_url :registration
+    assert_path_and_url :registration, :new
+    assert_path_and_url :registration, :edit
+    assert_path_and_url :registration, :cancel
+  end
+end

data/test/delegator_test.rb

@@ -0,0 +1,19 @@
+require 'test_helper'
+
+class DelegatorTest < ActiveSupport::TestCase
+  def delegator
+    Devise::Delegator.new
+  end
+
+  test 'failure_app returns default failure app if no warden options in env' do
+    assert_equal Devise::FailureApp, delegator.failure_app({})
+  end
+
+  test 'failure_app returns default failure app if no scope in warden options' do
+    assert_equal Devise::FailureApp, delegator.failure_app({"warden.options" => {}})
+  end
+
+  test 'failure_app returns associated failure app by scope in the given environment' do
+    assert_kind_of Proc, delegator.failure_app({"warden.options" => {scope: "manager"}})
+  end
+end

data/test/devise_test.rb

@@ -0,0 +1,107 @@
+require 'test_helper'
+
+module Devise
+  def self.yield_and_restore
+    @@warden_configured = nil
+    c, b = @@warden_config, @@warden_config_blocks
+    yield
+  ensure
+    @@warden_config, @@warden_config_blocks = c, b
+  end
+end
+
+class DeviseTest < ActiveSupport::TestCase
+  test 'bcrypt on the class' do
+    password = "super secret"
+    klass    = Struct.new(:pepper, :stretches).new("blahblah", 2)
+    hash     = Devise.bcrypt(klass, password)
+    assert_equal ::BCrypt::Password.create(hash), hash
+
+    klass    = Struct.new(:pepper, :stretches).new("bla", 2)
+    hash     = Devise.bcrypt(klass, password)
+    assert_not_equal ::BCrypt::Password.new(hash), hash
+  end
+
+  test 'model options can be configured through Devise' do
+    swap Devise, allow_unconfirmed_access_for: 113, pepper: "foo" do
+      assert_equal 113, Devise.allow_unconfirmed_access_for
+      assert_equal "foo", Devise.pepper
+    end
+  end
+
+  test 'setup block yields self' do
+    Devise.setup do |config|
+      assert_equal Devise, config
+    end
+  end
+
+  test 'stores warden configuration' do
+    assert_kind_of Devise::Delegator, Devise.warden_config.failure_app
+    assert_equal :user, Devise.warden_config.default_scope
+  end
+
+  test 'warden manager user configuration through a block' do
+    Devise.yield_and_restore do
+      executed = false
+      Devise.warden do |config|
+        executed = true
+        assert_kind_of Warden::Config, config
+      end
+
+      Devise.configure_warden!
+      assert executed
+    end
+  end
+
+  test 'warden manager user configuration through multiple blocks' do
+    Devise.yield_and_restore do
+      executed = 0
+
+      3.times do
+        Devise.warden { |config| executed += 1 }
+      end
+
+      Devise.configure_warden!
+      assert_equal 3, executed
+    end
+  end
+
+  test 'add new module using the helper method' do
+    assert_nothing_raised(Exception) { Devise.add_module(:coconut) }
+    assert_equal 1, Devise::ALL.select { |v| v == :coconut }.size
+    assert_not Devise::STRATEGIES.include?(:coconut)
+    assert_not defined?(Devise::Models::Coconut)
+    Devise::ALL.delete(:coconut)
+
+    assert_nothing_raised(Exception) { Devise.add_module(:banana, strategy: :fruits) }
+    assert_equal :fruits, Devise::STRATEGIES[:banana]
+    Devise::ALL.delete(:banana)
+    Devise::STRATEGIES.delete(:banana)
+
+    assert_nothing_raised(Exception) { Devise.add_module(:kivi, controller: :fruits) }
+    assert_equal :fruits, Devise::CONTROLLERS[:kivi]
+    Devise::ALL.delete(:kivi)
+    Devise::CONTROLLERS.delete(:kivi)
+  end
+
+  test 'should complain when comparing empty or different sized passes' do
+    [nil, ""].each do |empty|
+      assert_not Devise.secure_compare(empty, "something")
+      assert_not Devise.secure_compare("something", empty)
+      assert_not Devise.secure_compare(empty, empty)
+    end
+    assert_not Devise.secure_compare("size_1", "size_four")
+  end
+
+  test 'Devise.email_regexp should match valid email addresses' do
+    valid_emails = ["test@example.com", "jo@jo.co", "f4$_m@you.com", "testing.example@example.com.ua"]
+    non_valid_emails = ["rex", "test@go,com", "test user@example.com", "test_user@example server.com"]
+
+    valid_emails.each do |email|
+      assert_match Devise.email_regexp, email
+    end
+    non_valid_emails.each do |email|
+      assert_no_match Devise.email_regexp, email
+    end
+  end
+end