RubyGems - deviseOne - Versions diffs - 1.0.0 - Mend

deviseOne 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (246) hide show

checksums.yaml +7 -0
data/.gitignore +12 -0
data/.travis.yml +38 -0
data/.yardopts +9 -0
data/CHANGELOG.md +1117 -0
data/CONTRIBUTING.md +14 -0
data/Gemfile +29 -0
data/Gemfile.lock +199 -0
data/MIT-LICENSE +20 -0
data/README.md +529 -0
data/Rakefile +35 -0
data/app/controllers/devise/confirmations_controller.rb +47 -0
data/app/controllers/devise/omniauth_callbacks_controller.rb +30 -0
data/app/controllers/devise/passwords_controller.rb +71 -0
data/app/controllers/devise/registrations_controller.rb +143 -0
data/app/controllers/devise/sessions_controller.rb +166 -0
data/app/controllers/devise/unlocks_controller.rb +46 -0
data/app/controllers/devise_controller.rb +193 -0
data/app/helpers/devise_helper.rb +25 -0
data/app/mailers/devise/mailer.rb +20 -0
data/app/views/devise/confirmations/new.html.erb +16 -0
data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
data/app/views/devise/passwords/edit.html.erb +25 -0
data/app/views/devise/passwords/new.html.erb +16 -0
data/app/views/devise/registrations/edit.html.erb +39 -0
data/app/views/devise/registrations/new.html.erb +29 -0
data/app/views/devise/sessions/new.html.erb +27 -0
data/app/views/devise/shared/_links.html.erb +21 -0
data/app/views/devise/unlocks/new.html.erb +16 -0
data/config/locales/en.yml +70 -0
data/devise.gemspec +33 -0
data/devise.png +0 -0
data/gemfiles/Gemfile.rails-3.2-stable +29 -0
data/gemfiles/Gemfile.rails-3.2-stable.lock +169 -0
data/gemfiles/Gemfile.rails-4.0-stable +29 -0
data/gemfiles/Gemfile.rails-4.0-stable.lock +165 -0
data/gemfiles/Gemfile.rails-4.1-stable +29 -0
data/gemfiles/Gemfile.rails-4.1-stable.lock +170 -0
data/lib/devise.rb +499 -0
data/lib/devise/controllers/helpers.rb +284 -0
data/lib/devise/controllers/rememberable.rb +47 -0
data/lib/devise/controllers/scoped_views.rb +17 -0
data/lib/devise/controllers/sign_in_out.rb +102 -0
data/lib/devise/controllers/store_location.rb +58 -0
data/lib/devise/controllers/url_helpers.rb +69 -0
data/lib/devise/delegator.rb +16 -0
data/lib/devise/failure_app.rb +212 -0
data/lib/devise/hooks/activatable.rb +10 -0
data/lib/devise/hooks/csrf_cleaner.rb +7 -0
data/lib/devise/hooks/forgetable.rb +9 -0
data/lib/devise/hooks/lockable.rb +7 -0
data/lib/devise/hooks/proxy.rb +21 -0
data/lib/devise/hooks/rememberable.rb +7 -0
data/lib/devise/hooks/timeoutable.rb +35 -0
data/lib/devise/hooks/trackable.rb +9 -0
data/lib/devise/mailers/helpers.rb +90 -0
data/lib/devise/mapping.rb +175 -0
data/lib/devise/models.rb +119 -0
data/lib/devise/models/authenticatable.rb +290 -0
data/lib/devise/models/confirmable.rb +305 -0
data/lib/devise/models/database_authenticatable.rb +164 -0
data/lib/devise/models/lockable.rb +196 -0
data/lib/devise/models/omniauthable.rb +27 -0
data/lib/devise/models/recoverable.rb +157 -0
data/lib/devise/models/registerable.rb +25 -0
data/lib/devise/models/rememberable.rb +142 -0
data/lib/devise/models/timeoutable.rb +49 -0
data/lib/devise/models/trackable.rb +38 -0
data/lib/devise/models/validatable.rb +66 -0
data/lib/devise/modules.rb +28 -0
data/lib/devise/omniauth.rb +28 -0
data/lib/devise/omniauth/config.rb +45 -0
data/lib/devise/omniauth/url_helpers.rb +18 -0
data/lib/devise/orm/active_record.rb +3 -0
data/lib/devise/orm/mongoid.rb +3 -0
data/lib/devise/parameter_filter.rb +40 -0
data/lib/devise/parameter_sanitizer.rb +99 -0
data/lib/devise/rails.rb +56 -0
data/lib/devise/rails/routes.rb +495 -0
data/lib/devise/rails/warden_compat.rb +22 -0
data/lib/devise/strategies/authenticatable.rb +173 -0
data/lib/devise/strategies/base.rb +20 -0
data/lib/devise/strategies/database_authenticatable.rb +24 -0
data/lib/devise/strategies/rememberable.rb +59 -0
data/lib/devise/test_helpers.rb +132 -0
data/lib/devise/time_inflector.rb +14 -0
data/lib/devise/token_generator.rb +70 -0
data/lib/devise/version.rb +3 -0
data/lib/generators/active_record/devise_generator.rb +91 -0
data/lib/generators/active_record/templates/migration.rb +18 -0
data/lib/generators/active_record/templates/migration_existing.rb +25 -0
data/lib/generators/devise/controllers_generator.rb +44 -0
data/lib/generators/devise/devise_generator.rb +26 -0
data/lib/generators/devise/install_generator.rb +29 -0
data/lib/generators/devise/orm_helpers.rb +51 -0
data/lib/generators/devise/views_generator.rb +135 -0
data/lib/generators/mongoid/devise_generator.rb +55 -0
data/lib/generators/templates/README +35 -0
data/lib/generators/templates/controllers/README +14 -0
data/lib/generators/templates/controllers/confirmations_controller.rb +28 -0
data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +28 -0
data/lib/generators/templates/controllers/passwords_controller.rb +32 -0
data/lib/generators/templates/controllers/registrations_controller.rb +60 -0
data/lib/generators/templates/controllers/sessions_controller.rb +25 -0
data/lib/generators/templates/controllers/unlocks_controller.rb +28 -0
data/lib/generators/templates/devise.rb +263 -0
data/lib/generators/templates/markerb/confirmation_instructions.markerb +5 -0
data/lib/generators/templates/markerb/reset_password_instructions.markerb +8 -0
data/lib/generators/templates/markerb/unlock_instructions.markerb +7 -0
data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +16 -0
data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +19 -0
data/lib/generators/templates/simple_form_for/passwords/new.html.erb +15 -0
data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +27 -0
data/lib/generators/templates/simple_form_for/registrations/new.html.erb +17 -0
data/lib/generators/templates/simple_form_for/sessions/new.html.erb +15 -0
data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +16 -0
data/script/cached-bundle +49 -0
data/script/s3-put +71 -0
data/test/controllers/custom_registrations_controller_test.rb +35 -0
data/test/controllers/custom_strategy_test.rb +62 -0
data/test/controllers/helpers_test.rb +316 -0
data/test/controllers/internal_helpers_test.rb +129 -0
data/test/controllers/load_hooks_controller_test.rb +19 -0
data/test/controllers/passwords_controller_test.rb +31 -0
data/test/controllers/sessions_controller_test.rb +102 -0
data/test/controllers/url_helpers_test.rb +65 -0
data/test/delegator_test.rb +19 -0
data/test/devise_test.rb +107 -0
data/test/failure_app_test.rb +275 -0
data/test/generators/active_record_generator_test.rb +109 -0
data/test/generators/controllers_generator_test.rb +48 -0
data/test/generators/devise_generator_test.rb +39 -0
data/test/generators/install_generator_test.rb +13 -0
data/test/generators/mongoid_generator_test.rb +23 -0
data/test/generators/views_generator_test.rb +96 -0
data/test/helpers/devise_helper_test.rb +49 -0
data/test/integration/authenticatable_test.rb +731 -0
data/test/integration/confirmable_test.rb +324 -0
data/test/integration/database_authenticatable_test.rb +94 -0
data/test/integration/http_authenticatable_test.rb +105 -0
data/test/integration/lockable_test.rb +239 -0
data/test/integration/omniauthable_test.rb +133 -0
data/test/integration/recoverable_test.rb +334 -0
data/test/integration/registerable_test.rb +361 -0
data/test/integration/rememberable_test.rb +176 -0
data/test/integration/timeoutable_test.rb +189 -0
data/test/integration/trackable_test.rb +92 -0
data/test/mailers/confirmation_instructions_test.rb +115 -0
data/test/mailers/reset_password_instructions_test.rb +96 -0
data/test/mailers/unlock_instructions_test.rb +91 -0
data/test/mapping_test.rb +128 -0
data/test/models/authenticatable_test.rb +23 -0
data/test/models/confirmable_test.rb +461 -0
data/test/models/database_authenticatable_test.rb +249 -0
data/test/models/lockable_test.rb +328 -0
data/test/models/omniauthable_test.rb +7 -0
data/test/models/recoverable_test.rb +205 -0
data/test/models/registerable_test.rb +7 -0
data/test/models/rememberable_test.rb +198 -0
data/test/models/serializable_test.rb +49 -0
data/test/models/timeoutable_test.rb +51 -0
data/test/models/trackable_test.rb +41 -0
data/test/models/validatable_test.rb +127 -0
data/test/models_test.rb +144 -0
data/test/omniauth/config_test.rb +57 -0
data/test/omniauth/url_helpers_test.rb +54 -0
data/test/orm/active_record.rb +10 -0
data/test/orm/mongoid.rb +13 -0
data/test/parameter_sanitizer_test.rb +81 -0
data/test/rails_app/Rakefile +6 -0
data/test/rails_app/app/active_record/admin.rb +6 -0
data/test/rails_app/app/active_record/shim.rb +2 -0
data/test/rails_app/app/active_record/user.rb +6 -0
data/test/rails_app/app/active_record/user_on_engine.rb +7 -0
data/test/rails_app/app/active_record/user_on_main_app.rb +7 -0
data/test/rails_app/app/controllers/admins/sessions_controller.rb +6 -0
data/test/rails_app/app/controllers/admins_controller.rb +11 -0
data/test/rails_app/app/controllers/application_controller.rb +12 -0
data/test/rails_app/app/controllers/application_with_fake_engine.rb +30 -0
data/test/rails_app/app/controllers/custom/registrations_controller.rb +21 -0
data/test/rails_app/app/controllers/home_controller.rb +25 -0
data/test/rails_app/app/controllers/publisher/registrations_controller.rb +2 -0
data/test/rails_app/app/controllers/publisher/sessions_controller.rb +2 -0
data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +14 -0
data/test/rails_app/app/controllers/users_controller.rb +31 -0
data/test/rails_app/app/helpers/application_helper.rb +3 -0
data/test/rails_app/app/mailers/users/from_proc_mailer.rb +3 -0
data/test/rails_app/app/mailers/users/mailer.rb +3 -0
data/test/rails_app/app/mailers/users/reply_to_mailer.rb +4 -0
data/test/rails_app/app/mongoid/admin.rb +29 -0
data/test/rails_app/app/mongoid/shim.rb +23 -0
data/test/rails_app/app/mongoid/user.rb +39 -0
data/test/rails_app/app/mongoid/user_on_engine.rb +39 -0
data/test/rails_app/app/mongoid/user_on_main_app.rb +39 -0
data/test/rails_app/app/views/admins/index.html.erb +1 -0
data/test/rails_app/app/views/admins/sessions/new.html.erb +2 -0
data/test/rails_app/app/views/home/admin_dashboard.html.erb +1 -0
data/test/rails_app/app/views/home/index.html.erb +1 -0
data/test/rails_app/app/views/home/join.html.erb +1 -0
data/test/rails_app/app/views/home/private.html.erb +1 -0
data/test/rails_app/app/views/home/user_dashboard.html.erb +1 -0
data/test/rails_app/app/views/layouts/application.html.erb +24 -0
data/test/rails_app/app/views/users/edit_form.html.erb +1 -0
data/test/rails_app/app/views/users/index.html.erb +1 -0
data/test/rails_app/app/views/users/mailer/confirmation_instructions.erb +1 -0
data/test/rails_app/app/views/users/sessions/new.html.erb +1 -0
data/test/rails_app/bin/bundle +3 -0
data/test/rails_app/bin/rails +4 -0
data/test/rails_app/bin/rake +4 -0
data/test/rails_app/config.ru +4 -0
data/test/rails_app/config/application.rb +40 -0
data/test/rails_app/config/boot.rb +14 -0
data/test/rails_app/config/database.yml +18 -0
data/test/rails_app/config/environment.rb +5 -0
data/test/rails_app/config/environments/development.rb +30 -0
data/test/rails_app/config/environments/production.rb +80 -0
data/test/rails_app/config/environments/test.rb +36 -0
data/test/rails_app/config/initializers/backtrace_silencers.rb +7 -0
data/test/rails_app/config/initializers/devise.rb +180 -0
data/test/rails_app/config/initializers/inflections.rb +2 -0
data/test/rails_app/config/initializers/secret_token.rb +8 -0
data/test/rails_app/config/initializers/session_store.rb +1 -0
data/test/rails_app/config/routes.rb +122 -0
data/test/rails_app/db/migrate/20100401102949_create_tables.rb +71 -0
data/test/rails_app/db/schema.rb +55 -0
data/test/rails_app/lib/shared_admin.rb +17 -0
data/test/rails_app/lib/shared_user.rb +29 -0
data/test/rails_app/lib/shared_user_without_omniauth.rb +13 -0
data/test/rails_app/public/404.html +26 -0
data/test/rails_app/public/422.html +26 -0
data/test/rails_app/public/500.html +26 -0
data/test/rails_app/public/favicon.ico +0 -0
data/test/routes_test.rb +264 -0
data/test/support/action_controller/record_identifier.rb +10 -0
data/test/support/assertions.rb +39 -0
data/test/support/helpers.rb +73 -0
data/test/support/integration.rb +92 -0
data/test/support/locale/en.yml +8 -0
data/test/support/mongoid.yml +6 -0
data/test/support/webrat/integrations/rails.rb +24 -0
data/test/test_helper.rb +34 -0
data/test/test_helpers_test.rb +163 -0
data/test/test_models.rb +33 -0
metadata +531 -0

data/test/integration/registerable_test.rb ADDED

@@ -0,0 +1,361 @@
+require 'test_helper'
+class RegistrationTest < ActionDispatch::IntegrationTest
+=begin
+  test 'a guest admin should be able to sign in successfully' do
+    get new_admin_session_path
+    click_link 'Sign up'
+    assert_template 'registrations/new'
+    fill_in 'email', with: 'new_user@test.com'
+    fill_in 'password', with: 'new_user123'
+    fill_in 'password confirmation', with: 'new_user123'
+    click_button 'Sign up'
+    assert_contain 'You have signed up successfully'
+    assert warden.authenticated?(:admin)
+    assert_current_url "/admin_area/home"
+    admin = Admin.to_adapter.find_first(order: [:id, :desc])
+    assert_equal admin.email, 'new_user@test.com'
+  end
+  test 'a guest admin should be able to sign in and be redirected to a custom location' do
+    Devise::RegistrationsController.any_instance.stubs(:after_sign_up_path_for).returns("/?custom=1")
+    get new_admin_session_path
+    click_link 'Sign up'
+    fill_in 'email', with: 'new_user@test.com'
+    fill_in 'password', with: 'new_user123'
+    fill_in 'password confirmation', with: 'new_user123'
+    click_button 'Sign up'
+    assert_contain 'Welcome! You have signed up successfully.'
+    assert warden.authenticated?(:admin)
+    assert_current_url "/?custom=1"
+  end
+  test 'a guest admin should not see a warning about minimum password length' do
+    get new_admin_session_path
+    assert_not_contain 'characters minimum'
+  end
+  def user_sign_up
+    ActionMailer::Base.deliveries.clear
+    get new_user_registration_path
+    fill_in 'email', with: 'new_user@test.com'
+    fill_in 'password', with: 'new_user123'
+    fill_in 'password confirmation', with: 'new_user123'
+    click_button 'Sign up'
+  end
+  test 'a guest user should see a warning about minimum password length' do
+    get new_user_registration_path
+    assert_contain '7 characters minimum'
+  end
+  test 'a guest user should be able to sign up successfully and be blocked by confirmation' do
+    user_sign_up
+    assert_contain 'A message with a confirmation link has been sent to your email address. Please follow the link to activate your account.'
+    assert_not_contain 'You have to confirm your account before continuing'
+    assert_current_url "/"
+    assert_not warden.authenticated?(:user)
+    user = User.to_adapter.find_first(order: [:id, :desc])
+    assert_equal user.email, 'new_user@test.com'
+    assert_not user.confirmed?
+  end
+  test 'a guest user should receive the confirmation instructions from the default mailer' do
+    user_sign_up
+    assert_equal ['please-change-me@config-initializers-devise.com'], ActionMailer::Base.deliveries.first.from
+  end
+  test 'a guest user should receive the confirmation instructions from a custom mailer' do
+    User.any_instance.stubs(:devise_mailer).returns(Users::Mailer)
+    user_sign_up
+    assert_equal ['custom@example.com'], ActionMailer::Base.deliveries.first.from
+  end
+  test 'a guest user should be blocked by confirmation and redirected to a custom path' do
+    Devise::RegistrationsController.any_instance.stubs(:after_inactive_sign_up_path_for).returns("/?custom=1")
+    get new_user_registration_path
+    fill_in 'email', with: 'new_user@test.com'
+    fill_in 'password', with: 'new_user123'
+    fill_in 'password confirmation', with: 'new_user123'
+    click_button 'Sign up'
+    assert_current_url "/?custom=1"
+    assert_not warden.authenticated?(:user)
+  end
+  test 'a guest user cannot sign up with invalid information' do
+    # Dirty tracking behavior prevents email validations from being applied:
+    #    https://github.com/mongoid/mongoid/issues/756
+    (pending "Fails on Mongoid < 2.1"; break) if defined?(Mongoid) && Mongoid::VERSION.to_f < 2.1
+    get new_user_registration_path
+    fill_in 'email', with: 'invalid_email'
+    fill_in 'password', with: 'new_user123'
+    fill_in 'password confirmation', with: 'new_user321'
+    click_button 'Sign up'
+    assert_template 'registrations/new'
+    assert_have_selector '#error_explanation'
+    assert_contain "Email is invalid"
+    assert_contain Devise.rails4? ?
+      "Password confirmation doesn't match Password" : "Password doesn't match confirmation"
+    assert_contain "2 errors prohibited"
+    assert_nil User.to_adapter.find_first
+    assert_not warden.authenticated?(:user)
+  end
+  test 'a guest should not sign up with email/password that already exists' do
+    # Dirty tracking behavior prevents email validations from being applied:
+    #    https://github.com/mongoid/mongoid/issues/756
+    (pending "Fails on Mongoid < 2.1"; break) if defined?(Mongoid) && Mongoid::VERSION.to_f < 2.1
+    create_user
+    get new_user_registration_path
+    fill_in 'email', with: 'user@test.com'
+    fill_in 'password', with: '123456'
+    fill_in 'password confirmation', with: '123456'
+    click_button 'Sign up'
+    assert_current_url '/users'
+    assert_contain(/Email.*already.*taken/)
+    assert_not warden.authenticated?(:user)
+  end
+  test 'a guest should not be able to change account' do
+    get edit_user_registration_path
+    assert_redirected_to new_user_session_path
+    follow_redirect!
+    assert_contain 'You need to sign in or sign up before continuing.'
+  end
+  test 'a signed in user should not be able to access sign up' do
+    sign_in_as_user
+    get new_user_registration_path
+    assert_redirected_to root_path
+  end
+  test 'a signed in user should be able to edit their account' do
+    sign_in_as_user
+    get edit_user_registration_path
+    fill_in 'email', with: 'user.new@example.com'
+    fill_in 'current password', with: '12345678'
+    click_button 'Update'
+    assert_current_url '/'
+    assert_contain 'Your account has been updated successfully.'
+    assert_equal "user.new@example.com", User.to_adapter.find_first.email
+  end
+  test 'a signed in user should still be able to use the website after changing their password' do
+    sign_in_as_user
+    get edit_user_registration_path
+    fill_in 'password', with: '1234567890'
+    fill_in 'password confirmation', with: '1234567890'
+    fill_in 'current password', with: '12345678'
+    click_button 'Update'
+    assert_contain 'Your account has been updated successfully.'
+    get users_path
+    assert warden.authenticated?(:user)
+  end
+  test 'a signed in user should not change their current user with invalid password' do
+    sign_in_as_user
+    get edit_user_registration_path
+    fill_in 'email', with: 'user.new@example.com'
+    fill_in 'current password', with: 'invalid'
+    click_button 'Update'
+    assert_template 'registrations/edit'
+    assert_contain 'user@test.com'
+    assert_have_selector 'form input[value="user.new@example.com"]'
+    assert_equal "user@test.com", User.to_adapter.find_first.email
+  end
+  test 'a signed in user should be able to edit their password' do
+    sign_in_as_user
+    get edit_user_registration_path
+    fill_in 'password', with: 'pass1234'
+    fill_in 'password confirmation', with: 'pass1234'
+    fill_in 'current password', with: '12345678'
+    click_button 'Update'
+    assert_current_url '/'
+    assert_contain 'Your account has been updated successfully.'
+    assert User.to_adapter.find_first.valid_password?('pass1234')
+  end
+  test 'a signed in user should not be able to edit their password with invalid confirmation' do
+    sign_in_as_user
+    get edit_user_registration_path
+    fill_in 'password', with: 'pas123'
+    fill_in 'password confirmation', with: ''
+    fill_in 'current password', with: '12345678'
+    click_button 'Update'
+    assert_contain Devise.rails4? ?
+      "Password confirmation doesn't match Password" : "Password doesn't match confirmation"
+    assert_not User.to_adapter.find_first.valid_password?('pas123')
+  end
+  test 'a signed in user should be able to cancel their account' do
+    sign_in_as_user
+    get edit_user_registration_path
+    click_button "Cancel my account"
+    assert_contain "Bye! Your account has been successfully cancelled. We hope to see you again soon."
+    assert User.to_adapter.find_all.empty?
+  end
+  test 'a user should be able to cancel sign up by deleting data in the session' do
+    get "/set"
+    assert_equal "something", @request.session["devise.foo_bar"]
+    get "/users/sign_up"
+    assert_equal "something", @request.session["devise.foo_bar"]
+    get "/users/cancel"
+    assert_nil @request.session["devise.foo_bar"]
+    assert_redirected_to new_user_registration_path
+  end
+  test 'a user with XML sign up stub' do
+    get new_user_registration_path(format: 'xml')
+    assert_response :success
+    assert_match %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>), response.body
+    assert_no_match(/<confirmation-token/, response.body)
+  end
+  test 'a user with JSON sign up stub' do
+    get new_user_registration_path(format: 'json')
+    assert_response :success
+    assert_match %({"user":), response.body
+    assert_no_match(/"confirmation_token"/, response.body)
+  end
+  test 'an admin sign up with valid information in XML format should return valid response' do
+    post admin_registration_path(format: 'xml'), admin: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' }
+    assert_response :success
+    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<admin>)
+    admin = Admin.to_adapter.find_first(order: [:id, :desc])
+    assert_equal admin.email, 'new_user@test.com'
+  end
+  test 'a user sign up with valid information in XML format should return valid response' do
+    post user_registration_path(format: 'xml'), user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' }
+    assert_response :success
+    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
+    user = User.to_adapter.find_first(order: [:id, :desc])
+    assert_equal user.email, 'new_user@test.com'
+  end
+  test 'a user sign up with invalid information in XML format should return invalid response' do
+    post user_registration_path(format: 'xml'), user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'invalid' }
+    assert_response :unprocessable_entity
+    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
+  end
+  test 'a user update information with valid data in XML format should return valid response' do
+    user = sign_in_as_user
+    put user_registration_path(format: 'xml'), user: { current_password: '12345678', email: 'user.new@test.com' }
+    assert_response :success
+    assert_equal user.reload.email, 'user.new@test.com'
+  end
+  test 'a user update information with invalid data in XML format should return invalid response' do
+    user = sign_in_as_user
+    put user_registration_path(format: 'xml'), user: { current_password: 'invalid', email: 'user.new@test.com' }
+    assert_response :unprocessable_entity
+    assert_equal user.reload.email, 'user@test.com'
+  end
+  test 'a user cancel their account in XML format should return valid response' do
+    sign_in_as_user
+    delete user_registration_path(format: 'xml')
+    assert_response :success
+    assert_equal User.to_adapter.find_all.size, 0
+  end
+end
+class ReconfirmableRegistrationTest < ActionDispatch::IntegrationTest
+  test 'a signed in admin should see a more appropriate flash message when editing their account if reconfirmable is enabled' do
+    sign_in_as_admin
+    get edit_admin_registration_path
+    fill_in 'email', with: 'admin.new@example.com'
+    fill_in 'current password', with: '123456'
+    click_button 'Update'
+    assert_current_url '/admin_area/home'
+    assert_contain 'but we need to verify your new email address'
+    assert_equal 'admin.new@example.com', Admin.to_adapter.find_first.unconfirmed_email
+    get edit_admin_registration_path
+    assert_contain 'Currently waiting confirmation for: admin.new@example.com'
+  end
+  test 'a signed in admin should not see a reconfirmation message if they did not change their password' do
+    sign_in_as_admin
+    get edit_admin_registration_path
+    fill_in 'password', with: 'pas123'
+    fill_in 'password confirmation', with: 'pas123'
+    fill_in 'current password', with: '123456'
+    click_button 'Update'
+    assert_current_url '/admin_area/home'
+    assert_contain 'Your account has been updated successfully.'
+    assert Admin.to_adapter.find_first.valid_password?('pas123')
+  end
+  test 'a signed in admin should not see a reconfirmation message if they did not change their email, despite having an unconfirmed email' do
+    sign_in_as_admin
+    get edit_admin_registration_path
+    fill_in 'email', with: 'admin.new@example.com'
+    fill_in 'current password', with: '123456'
+    click_button 'Update'
+    get edit_admin_registration_path
+    fill_in 'password', with: 'pas123'
+    fill_in 'password confirmation', with: 'pas123'
+    fill_in 'current password', with: '123456'
+    click_button 'Update'
+    assert_current_url '/admin_area/home'
+    assert_contain 'Your account has been updated successfully.'
+    assert_equal "admin.new@example.com", Admin.to_adapter.find_first.unconfirmed_email
+    assert Admin.to_adapter.find_first.valid_password?('pas123')
+  end
+=end
+end

data/test/integration/rememberable_test.rb ADDED

@@ -0,0 +1,176 @@
+require 'test_helper'
+class RememberMeTest < ActionDispatch::IntegrationTest
+  def create_user_and_remember(add_to_token='')
+    user = create_user
+    user.remember_me!
+    raw_cookie = User.serialize_into_cookie(user).tap { |a| a.last << add_to_token }
+    cookies['remember_user_token'] = generate_signed_cookie(raw_cookie)
+    user
+  end
+  def generate_signed_cookie(raw_cookie)
+    request = ActionDispatch::TestRequest.new
+    request.cookie_jar.signed['raw_cookie'] = raw_cookie
+    request.cookie_jar['raw_cookie']
+  end
+  def signed_cookie(key)
+    controller.send(:cookies).signed[key]
+  end
+  def cookie_expires(key)
+    cookie  = response.headers["Set-Cookie"].split("\n").grep(/^#{key}/).first
+    expires = cookie.split(";").map(&:strip).grep(/^expires=/).first
+    Time.parse(expires).utc
+  end
+  test 'do not remember the user if they have not checked remember me option' do
+    sign_in_as_user
+    assert_nil request.cookies["remember_user_cookie"]
+  end
+  test 'handle unverified requests gets rid of caches' do
+    swap ApplicationController, allow_forgery_protection: true do
+      post exhibit_user_url(1)
+      assert_not warden.authenticated?(:user)
+      create_user_and_remember
+      post exhibit_user_url(1)
+      assert_equal "User is not authenticated", response.body
+      assert_not warden.authenticated?(:user)
+    end
+  end
+  test 'handle unverified requests does not create cookies on sign in' do
+    swap ApplicationController, allow_forgery_protection: true do
+      get new_user_session_path
+      assert request.session[:_csrf_token]
+      post user_session_path, authenticity_token: "oops", user:
+           { email: "jose.valim@gmail.com", password: "123456", remember_me: "1" }
+      assert_not warden.authenticated?(:user)
+      assert_not request.cookies['remember_user_token']
+    end
+  end
+  test 'generate remember token after sign in' do
+    sign_in_as_user remember_me: true
+    assert request.cookies['remember_user_token']
+  end
+  test 'generate remember token after sign in setting cookie options' do
+    # We test this by asserting the cookie is not sent after the redirect
+    # since we changed the domain. This is the only difference with the
+    # previous test.
+    swap Devise, rememberable_options: { domain: "omg.somewhere.com" } do
+      sign_in_as_user remember_me: true
+      assert_nil request.cookies["remember_user_token"]
+    end
+  end
+  test 'generate remember token with a custom key' do
+    swap Devise, rememberable_options: { key: "v1lat_token" } do
+      sign_in_as_user remember_me: true
+      assert request.cookies["v1lat_token"]
+    end
+  end
+  test 'generate remember token after sign in setting session options' do
+    begin
+      Rails.configuration.session_options[:domain] = "omg.somewhere.com"
+      sign_in_as_user remember_me: true
+      assert_nil request.cookies["remember_user_token"]
+    ensure
+      Rails.configuration.session_options.delete(:domain)
+    end
+  end
+  test 'remember the user before sign in' do
+    user = create_user_and_remember
+    get users_path
+    assert_response :success
+    assert warden.authenticated?(:user)
+    assert warden.user(:user) == user
+    assert_match /remember_user_token[^\n]*HttpOnly/, response.headers["Set-Cookie"], "Expected Set-Cookie header in response to set HttpOnly flag on remember_user_token cookie."
+  end
+  test 'remember the user before sign up and redirect them to their home' do
+    create_user_and_remember
+    get new_user_registration_path
+    assert warden.authenticated?(:user)
+    assert_redirected_to root_path
+  end
+  test 'does not extend remember period through sign in' do
+    swap Devise, extend_remember_period: true, remember_for: 1.year do
+      user = create_user
+      user.remember_me!
+      user.remember_created_at = old = 10.days.ago
+      user.save
+      sign_in_as_user remember_me: true
+      user.reload
+      assert warden.user(:user) == user
+      assert_equal old.to_i, user.remember_created_at.to_i
+    end
+  end
+  test 'do not remember other scopes' do
+    create_user_and_remember
+    get root_path
+    assert_response :success
+    assert warden.authenticated?(:user)
+    assert_not warden.authenticated?(:admin)
+  end
+  test 'do not remember with invalid token' do
+    create_user_and_remember('add')
+    get users_path
+    assert_not warden.authenticated?(:user)
+    assert_redirected_to new_user_session_path
+  end
+  test 'do not remember with expired token' do
+    create_user_and_remember
+    swap Devise, remember_for: 0 do
+      get users_path
+      assert_not warden.authenticated?(:user)
+      assert_redirected_to new_user_session_path
+    end
+  end
+  test 'do not remember the user anymore after forget' do
+    create_user_and_remember
+    get users_path
+    assert warden.authenticated?(:user)
+    get destroy_user_session_path
+    assert_not warden.authenticated?(:user)
+    assert_nil warden.cookies['remember_user_token']
+    get users_path
+    assert_not warden.authenticated?(:user)
+  end
+  test 'changing user password expires remember me token' do
+    user = create_user_and_remember
+    user.password = "another_password"
+    user.password_confirmation = "another_password"
+    user.save!
+    get users_path
+    assert_not warden.authenticated?(:user)
+  end
+  test 'valid sign in calls after_remembered callback' do
+    user = create_user_and_remember
+    User.expects(:serialize_from_cookie).returns user
+    user.expects :after_remembered
+    get new_user_registration_path
+  end
+end