devise_jwt_auth 0.1.1 → 0.1.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +3 -3
- data/app/controllers/devise_jwt_auth/application_controller.rb +15 -13
- data/app/controllers/devise_jwt_auth/concerns/resource_finder.rb +2 -6
- data/app/controllers/devise_jwt_auth/concerns/{set_user_by_jwt_token.rb → set_user_by_token.rb} +23 -19
- data/app/controllers/devise_jwt_auth/confirmations_controller.rb +10 -19
- data/app/controllers/devise_jwt_auth/omniauth_callbacks_controller.rb +32 -33
- data/app/controllers/devise_jwt_auth/passwords_controller.rb +29 -19
- data/app/controllers/devise_jwt_auth/refresh_token_controller.rb +4 -1
- data/app/controllers/devise_jwt_auth/registrations_controller.rb +40 -21
- data/app/controllers/devise_jwt_auth/sessions_controller.rb +21 -21
- data/app/controllers/devise_jwt_auth/unlocks_controller.rb +5 -4
- data/app/models/devise_jwt_auth/concerns/active_record_support.rb +3 -0
- data/app/models/devise_jwt_auth/concerns/confirmable_support.rb +7 -4
- data/app/models/devise_jwt_auth/concerns/mongoid_support.rb +3 -0
- data/app/models/devise_jwt_auth/concerns/tokens_serialization.rb +4 -1
- data/app/models/devise_jwt_auth/concerns/user.rb +18 -9
- data/app/models/devise_jwt_auth/concerns/user_omniauth_callbacks.rb +11 -3
- data/app/validators/devise_jwt_auth_email_validator.rb +5 -4
- data/lib/devise_jwt_auth/blacklist.rb +2 -0
- data/lib/devise_jwt_auth/controllers/url_helpers.rb +1 -2
- data/lib/devise_jwt_auth/engine.rb +4 -4
- data/lib/devise_jwt_auth/rails/routes.rb +35 -24
- data/lib/devise_jwt_auth/token_factory.rb +3 -2
- data/lib/devise_jwt_auth/url.rb +2 -4
- data/lib/devise_jwt_auth/version.rb +1 -1
- data/lib/generators/devise_jwt_auth/install_generator.rb +7 -6
- data/lib/generators/devise_jwt_auth/install_generator_helpers.rb +27 -6
- data/lib/generators/devise_jwt_auth/install_mongoid_generator.rb +3 -2
- data/lib/generators/devise_jwt_auth/templates/devise_jwt_auth.rb +15 -16
- data/lib/generators/devise_jwt_auth/templates/devise_jwt_auth_create_users.rb.erb +15 -11
- data/lib/generators/devise_jwt_auth/templates/user.rb.erb +2 -2
- data/test/controllers/custom/custom_confirmations_controller_test.rb +2 -2
- data/test/controllers/custom/custom_passwords_controller_test.rb +4 -4
- data/test/controllers/custom/custom_refresh_token_controller_test.rb +2 -3
- data/test/controllers/custom/custom_registrations_controller_test.rb +2 -2
- data/test/controllers/demo_mang_controller_test.rb +206 -210
- data/test/controllers/demo_user_controller_test.rb +358 -374
- data/test/controllers/devise_jwt_auth/confirmations_controller_test.rb +5 -5
- data/test/controllers/devise_jwt_auth/omniauth_callbacks_controller_test.rb +6 -7
- data/test/controllers/devise_jwt_auth/passwords_controller_test.rb +11 -13
- data/test/controllers/devise_jwt_auth/refresh_token_controller_test.rb +8 -12
- data/test/controllers/devise_jwt_auth/registrations_controller_test.rb +23 -25
- data/test/controllers/devise_jwt_auth/sessions_controller_test.rb +32 -34
- data/test/controllers/devise_jwt_auth/unlocks_controller_test.rb +2 -2
- data/test/controllers/overrides/confirmations_controller_test.rb +1 -1
- data/test/controllers/overrides/passwords_controller_test.rb +1 -1
- data/test/controllers/overrides/refresh_token_controller_test.rb +1 -2
- data/test/controllers/overrides/registrations_controller_test.rb +1 -1
- data/test/dummy/app/controllers/application_controller.rb +1 -1
- data/test/dummy/app/controllers/custom/refresh_token_controller.rb +2 -1
- data/test/dummy/app/controllers/custom/registrations_controller.rb +1 -1
- data/test/dummy/app/controllers/overrides/confirmations_controller.rb +4 -4
- data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +4 -4
- data/test/dummy/app/controllers/overrides/passwords_controller.rb +4 -4
- data/test/dummy/app/controllers/overrides/refresh_token_controller.rb +1 -1
- data/test/dummy/app/controllers/overrides/registrations_controller.rb +2 -2
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +2 -2
- data/test/dummy/app/models/concerns/favorite_color.rb +11 -9
- data/test/dummy/config.ru +2 -2
- data/test/dummy/config/application.rb +1 -0
- data/test/dummy/config/boot.rb +1 -1
- data/test/dummy/config/environments/test.rb +11 -7
- data/test/dummy/config/initializers/figaro.rb +1 -1
- data/test/dummy/config/initializers/omniauth.rb +2 -2
- data/test/dummy/config/routes.rb +8 -8
- data/test/dummy/db/migrate/{20140715061447_devise_token_auth_create_users.rb → 20140715061447_devise_jwt_auth_create_users.rb} +0 -0
- data/test/dummy/db/migrate/{20140715061805_devise_token_auth_create_mangs.rb → 20140715061805_devise_jwt_auth_create_mangs.rb} +0 -0
- data/test/dummy/db/migrate/{20141222035835_devise_token_auth_create_only_email_users.rb → 20141222035835_devise_jwt_auth_create_only_email_users.rb} +9 -9
- data/test/dummy/db/migrate/{20141222053502_devise_token_auth_create_unregisterable_users.rb → 20141222053502_devise_jwt_auth_create_unregisterable_users.rb} +0 -0
- data/test/dummy/db/migrate/{20150708104536_devise_token_auth_create_unconfirmable_users.rb → 20150708104536_devise_jwt_auth_create_unconfirmable_users.rb} +0 -0
- data/test/dummy/db/migrate/{20160103235141_devise_token_auth_create_scoped_users.rb → 20160103235141_devise_jwt_auth_create_scoped_users.rb} +0 -0
- data/test/dummy/db/migrate/{20160629184441_devise_token_auth_create_lockable_users.rb → 20160629184441_devise_jwt_auth_create_lockable_users.rb} +0 -0
- data/test/dummy/db/migrate/{20190924101113_devise_token_auth_create_confirmable_users.rb → 20190924101113_devise_jwt_auth_create_confirmable_users.rb} +6 -5
- data/test/dummy/db/schema.rb +170 -170
- data/test/dummy/tmp/generators/app/controllers/application_controller.rb +6 -0
- data/test/dummy/tmp/generators/app/models/user.rb +9 -0
- data/test/dummy/tmp/generators/config/initializers/devise_jwt_auth.rb +73 -0
- data/test/dummy/tmp/generators/db/migrate/20201006030349_devise_jwt_auth_create_users.rb +54 -0
- data/test/factories/users.rb +5 -3
- data/test/lib/devise_jwt_auth/token_factory_test.rb +6 -6
- data/test/lib/generators/devise_jwt_auth/install_generator_test.rb +3 -20
- data/test/lib/generators/devise_jwt_auth/install_generator_with_namespace_test.rb +4 -21
- data/test/models/concerns/tokens_serialization_test.rb +68 -68
- data/test/models/user_test.rb +35 -37
- data/test/support/controllers/routes.rb +7 -5
- data/test/test_helper.rb +1 -1
- metadata +70 -76
@@ -5,38 +5,38 @@ DeviseJwtAuth.setup do |config|
|
|
5
5
|
# user. To receive new access tokens, you should either reauthenticate or
|
6
6
|
# use the HTTP only refresh cookie that is sent during the authentication
|
7
7
|
# process and make refresh token requests.
|
8
|
-
#
|
9
|
-
|
8
|
+
# config.send_new_access_token_on_each_request = false
|
9
|
+
|
10
10
|
# By default, refresh token HTTP Only cookies last for 2 weeks. These tokens
|
11
11
|
# are used for requesting shorter-lived acccess tokens.
|
12
|
-
#
|
12
|
+
# config.refresh_token_lifespan = 2.weeks
|
13
13
|
|
14
14
|
# By default, access tokens last for 15 minutes. These tokens are used to
|
15
15
|
# access protected resources. When these tokens expire, you need to
|
16
16
|
# reauthenticate the user or use a refresh token cookie to get a new access
|
17
17
|
# token.
|
18
|
-
#
|
18
|
+
# config.access_token_lifespan = 15.minutes
|
19
19
|
|
20
20
|
# This is the name of the HTTP Only cookie that will be sent to the client
|
21
21
|
# for the purpose of requesting new access tokens.
|
22
|
-
#
|
22
|
+
# config.refresh_token_name = 'refresh-token'
|
23
23
|
|
24
24
|
# This is the name of the token that will be sent in the JSON responses used
|
25
25
|
# for accessing protected resources. NEVER store this token in a cookie or
|
26
26
|
# any form of local storage on the client. Save it in memory as a javascript
|
27
27
|
# variable or in some kind of context manager like Redux. Send it in your
|
28
28
|
# request headers when you want to be authenticated.
|
29
|
-
#
|
29
|
+
# config.access_token_name = 'access-token'
|
30
30
|
|
31
31
|
# This is the refresh token encryption key. You should set this in an
|
32
32
|
# environment variable or secret key base that isn't store in a repository.
|
33
33
|
# Also, its a good idea to NOT use the same key for access tokens.
|
34
|
-
|
35
|
-
|
34
|
+
config.refresh_token_encryption_key = 'your-refresh-token-secret-key-here'
|
35
|
+
|
36
36
|
# This is the refresh token encryption key. You should set this in an
|
37
37
|
# environment variable or secret key base that isn't store in a repository.
|
38
38
|
# Also, its a good idea to NOT use the same key for access tokens.
|
39
|
-
|
39
|
+
config.access_token_encryption_key = 'your-access-token-secret-key-here'
|
40
40
|
|
41
41
|
# This route will be the prefix for all oauth2 redirect callbacks. For
|
42
42
|
# example, using the default '/omniauth', the github oauth2 provider will
|
@@ -64,11 +64,10 @@ DeviseJwtAuth.setup do |config|
|
|
64
64
|
# config.send_confirmation_email = true
|
65
65
|
|
66
66
|
# TODO: Document these settings
|
67
|
-
#
|
68
|
-
#
|
69
|
-
#
|
70
|
-
#
|
71
|
-
#
|
72
|
-
#
|
73
|
-
|
67
|
+
# config.default_confirm_success_url = nil
|
68
|
+
# config.default_password_reset_url = nil
|
69
|
+
# config.redirect_whitelist = nil
|
70
|
+
# config.update_token_version_after_password_reset = true
|
71
|
+
# config.bypass_sign_in = true
|
72
|
+
# config.require_client_password_reset_token = false
|
74
73
|
end
|
@@ -2,12 +2,18 @@
|
|
2
2
|
|
3
3
|
class DeviseJwtAuthCreate<%= user_class.pluralize.gsub("::","") %> < ActiveRecord::Migration<%= "[#{Rails::VERSION::STRING[0..2]}]" if Rails::VERSION::MAJOR > 4 %>
|
4
4
|
def change
|
5
|
-
<% table_name = @user_class.pluralize.gsub("::","").underscore
|
6
|
-
|
5
|
+
<% table_name = @user_class.pluralize.gsub("::","").underscore -%>
|
6
|
+
create_table(:<%= table_name %><%= primary_key_type %>) do |t|
|
7
7
|
## Required
|
8
8
|
t.string :provider, null: false, default: 'email'
|
9
9
|
t.string :uid, null: false, default: ''
|
10
10
|
|
11
|
+
## User Info
|
12
|
+
t.string :name
|
13
|
+
t.string :nickname
|
14
|
+
t.string :image
|
15
|
+
t.string :email
|
16
|
+
|
11
17
|
## Database authenticatable
|
12
18
|
t.string :encrypted_password, null: false, default: ''
|
13
19
|
|
@@ -19,6 +25,13 @@ class DeviseJwtAuthCreate<%= user_class.pluralize.gsub("::","") %> < ActiveRecor
|
|
19
25
|
## Rememberable
|
20
26
|
t.datetime :remember_created_at
|
21
27
|
|
28
|
+
## Trackable
|
29
|
+
# t.integer :sign_in_count, default: 0, null: false
|
30
|
+
# t.datetime :current_sign_in_at
|
31
|
+
# t.datetime :last_sign_in_at
|
32
|
+
# t.<%= ip_column %> :current_sign_in_ip
|
33
|
+
# t.<%= ip_column %> :last_sign_in_ip
|
34
|
+
|
22
35
|
## Confirmable
|
23
36
|
t.string :confirmation_token
|
24
37
|
t.datetime :confirmed_at
|
@@ -30,15 +43,6 @@ class DeviseJwtAuthCreate<%= user_class.pluralize.gsub("::","") %> < ActiveRecor
|
|
30
43
|
# t.string :unlock_token # Only if unlock strategy is :email or :both
|
31
44
|
# t.datetime :locked_at
|
32
45
|
|
33
|
-
## User Info
|
34
|
-
t.string :name
|
35
|
-
t.string :nickname
|
36
|
-
t.string :image
|
37
|
-
t.string :email
|
38
|
-
|
39
|
-
## Tokens
|
40
|
-
<%= json_supported_database? ? 't.json :tokens' : 't.text :tokens' %>
|
41
|
-
|
42
46
|
t.timestamps
|
43
47
|
end
|
44
48
|
|
@@ -2,8 +2,8 @@
|
|
2
2
|
|
3
3
|
class <%= user_class %> < ActiveRecord::Base
|
4
4
|
# Include default devise modules. Others available are:
|
5
|
-
# :confirmable, :lockable, :timeoutable and :omniauthable
|
5
|
+
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
|
6
6
|
devise :database_authenticatable, :registerable,
|
7
|
-
:recoverable, :rememberable, :
|
7
|
+
:recoverable, :rememberable, :validatable
|
8
8
|
include DeviseJwtAuth::Concerns::User
|
9
9
|
end
|
@@ -10,8 +10,8 @@ class Custom::ConfirmationsControllerTest < ActionController::TestCase
|
|
10
10
|
@redirect_url = Faker::Internet.url
|
11
11
|
@new_user = create(:user)
|
12
12
|
@new_user.send_confirmation_instructions(redirect_url: @redirect_url)
|
13
|
-
@mail
|
14
|
-
@token
|
13
|
+
@mail = ActionMailer::Base.deliveries.last
|
14
|
+
@token = @mail.body.match(/confirmation_token=([^&]*)&/)[1]
|
15
15
|
@client_config = @mail.body.match(/config=([^&]*)&/)[1]
|
16
16
|
|
17
17
|
get :show,
|
@@ -13,7 +13,7 @@ class Custom::PasswordsControllerTest < ActionController::TestCase
|
|
13
13
|
|
14
14
|
test 'yield resource to block on create success' do
|
15
15
|
post :create,
|
16
|
-
params: { email:
|
16
|
+
params: { email: @resource.email,
|
17
17
|
redirect_url: @redirect_url }
|
18
18
|
|
19
19
|
@mail = ActionMailer::Base.deliveries.last
|
@@ -21,7 +21,7 @@ class Custom::PasswordsControllerTest < ActionController::TestCase
|
|
21
21
|
|
22
22
|
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
23
23
|
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
24
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)
|
24
|
+
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)"/)[1]
|
25
25
|
|
26
26
|
assert @controller.create_block_called?,
|
27
27
|
'create failed to yield resource to provided block'
|
@@ -32,7 +32,7 @@ class Custom::PasswordsControllerTest < ActionController::TestCase
|
|
32
32
|
@redirect_url = 'http://ng-token-auth.dev'
|
33
33
|
|
34
34
|
post :create,
|
35
|
-
params: { email:
|
35
|
+
params: { email: @resource.email,
|
36
36
|
redirect_url: @redirect_url },
|
37
37
|
xhr: true
|
38
38
|
|
@@ -41,7 +41,7 @@ class Custom::PasswordsControllerTest < ActionController::TestCase
|
|
41
41
|
|
42
42
|
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
43
43
|
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
44
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)
|
44
|
+
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)"/)[1]
|
45
45
|
|
46
46
|
get :edit,
|
47
47
|
params: { reset_password_token: @mail_reset_token,
|
@@ -9,8 +9,7 @@ class Custom::RefreshTokenControllerTest < ActionDispatch::IntegrationTest
|
|
9
9
|
before do
|
10
10
|
@resource = create(:user, :confirmed)
|
11
11
|
@auth_headers = get_cookie_header(DeviseJwtAuth.refresh_token_name,
|
12
|
-
@resource.create_refresh_token
|
13
|
-
)
|
12
|
+
@resource.create_refresh_token)
|
14
13
|
end
|
15
14
|
|
16
15
|
test 'yield resource to block on refresh_token success' do
|
@@ -33,4 +32,4 @@ class Custom::RefreshTokenControllerTest < ActionDispatch::IntegrationTest
|
|
33
32
|
assert_equal @data['custom'], 'foo'
|
34
33
|
end
|
35
34
|
end
|
36
|
-
end
|
35
|
+
end
|
@@ -8,8 +8,8 @@ class Custom::RegistrationsControllerTest < ActionDispatch::IntegrationTest
|
|
8
8
|
|
9
9
|
before do
|
10
10
|
@create_params = attributes_for(:user,
|
11
|
-
|
12
|
-
|
11
|
+
confirm_success_url: Faker::Internet.url,
|
12
|
+
unpermitted_param: '(x_x)')
|
13
13
|
|
14
14
|
@existing_user = create(:user, :confirmed)
|
15
15
|
@auth_headers = @existing_user.create_named_token_pair
|
@@ -39,61 +39,59 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
|
|
39
39
|
it 'should define current_mang' do
|
40
40
|
assert_equal @resource, @controller.current_mang
|
41
41
|
end
|
42
|
-
|
42
|
+
|
43
43
|
it 'should define mang_signed_in?' do
|
44
44
|
assert @controller.mang_signed_in?
|
45
45
|
end
|
46
|
-
|
46
|
+
|
47
47
|
it 'should not define current_user' do
|
48
48
|
refute_equal @resource, @controller.current_user
|
49
49
|
end
|
50
|
-
|
50
|
+
|
51
51
|
it 'should define render_authenticate_error' do
|
52
52
|
assert @controller.methods.include?(:render_authenticate_error)
|
53
53
|
end
|
54
54
|
end
|
55
|
-
|
55
|
+
|
56
56
|
it 'should return success status' do
|
57
57
|
assert_equal 200, response.status
|
58
58
|
end
|
59
|
-
|
60
|
-
=begin
|
61
|
-
it 'should receive new token after successful request' do
|
62
|
-
refute_equal @token, @resp_token
|
63
|
-
end
|
64
59
|
|
65
|
-
it 'should
|
66
|
-
|
67
|
-
end
|
68
|
-
|
69
|
-
it
|
70
|
-
|
71
|
-
end
|
72
|
-
|
73
|
-
it
|
74
|
-
|
75
|
-
end
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
60
|
+
# it 'should receive new token after successful request' do
|
61
|
+
# refute_equal @token, @resp_token
|
62
|
+
# end
|
63
|
+
#
|
64
|
+
# it 'should preserve the client id from the first request' do
|
65
|
+
# assert_equal @client_id, @resp_client_id
|
66
|
+
# end
|
67
|
+
#
|
68
|
+
# it "should return the user's uid in the auth header" do
|
69
|
+
# assert_equal @resource.uid, @resp_uid
|
70
|
+
# end
|
71
|
+
#
|
72
|
+
# it 'should not treat this request as a batch request' do
|
73
|
+
# refute assigns(:is_batch_request)
|
74
|
+
# end
|
75
|
+
#
|
76
|
+
# describe 'subsequent requests' do
|
77
|
+
# before do
|
78
|
+
# @resource.reload
|
79
|
+
# # ensure that request is not treated as batch request
|
80
|
+
# # age_token(@resource, @client_id)
|
81
|
+
#
|
82
|
+
# get '/demo/members_only_mang',
|
83
|
+
# params: {},
|
84
|
+
# headers: @auth_headers.merge('access-token' => @resp_token)
|
85
|
+
# end
|
86
|
+
#
|
87
|
+
# it 'should not treat this request as a batch request' do
|
88
|
+
# refute assigns(:is_batch_request)
|
89
|
+
# end
|
90
|
+
#
|
91
|
+
# it 'should allow a new request to be made using new token' do
|
92
|
+
# assert_equal 200, response.status
|
93
|
+
# end
|
94
|
+
# end
|
97
95
|
end
|
98
96
|
|
99
97
|
describe 'failed request' do
|
@@ -112,175 +110,173 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
|
|
112
110
|
end
|
113
111
|
end
|
114
112
|
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
|
175
|
-
|
176
|
-
|
177
|
-
|
178
|
-
|
179
|
-
describe '
|
180
|
-
|
181
|
-
|
182
|
-
|
183
|
-
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
|
190
|
-
|
191
|
-
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
|
198
|
-
|
199
|
-
|
200
|
-
|
201
|
-
|
202
|
-
|
203
|
-
|
204
|
-
|
205
|
-
|
206
|
-
|
207
|
-
|
208
|
-
|
209
|
-
|
210
|
-
|
211
|
-
|
212
|
-
|
213
|
-
|
214
|
-
|
215
|
-
|
216
|
-
|
217
|
-
|
218
|
-
|
219
|
-
|
220
|
-
|
221
|
-
|
222
|
-
|
223
|
-
|
224
|
-
|
225
|
-
|
226
|
-
|
227
|
-
|
228
|
-
|
229
|
-
|
230
|
-
|
231
|
-
|
232
|
-
|
233
|
-
|
234
|
-
|
235
|
-
|
236
|
-
|
237
|
-
|
238
|
-
|
239
|
-
|
240
|
-
|
241
|
-
|
242
|
-
|
243
|
-
|
244
|
-
|
245
|
-
|
246
|
-
|
247
|
-
|
248
|
-
|
249
|
-
|
250
|
-
|
251
|
-
|
252
|
-
|
253
|
-
|
254
|
-
|
255
|
-
|
256
|
-
|
257
|
-
|
258
|
-
|
259
|
-
|
260
|
-
|
261
|
-
|
262
|
-
|
263
|
-
|
264
|
-
|
265
|
-
|
266
|
-
|
267
|
-
|
268
|
-
|
269
|
-
|
270
|
-
|
271
|
-
|
272
|
-
|
273
|
-
|
274
|
-
|
275
|
-
|
276
|
-
|
277
|
-
|
278
|
-
|
279
|
-
|
280
|
-
|
281
|
-
|
282
|
-
end
|
283
|
-
=end
|
113
|
+
# describe 'disable change_headers_on_each_request' do
|
114
|
+
# before do
|
115
|
+
# DeviseJwtAuth.change_headers_on_each_request = false
|
116
|
+
# @resource.reload
|
117
|
+
# # age_token(@resource, @client_id)
|
118
|
+
#
|
119
|
+
# get '/demo/members_only_mang',
|
120
|
+
# params: {},
|
121
|
+
# headers: @auth_headers
|
122
|
+
#
|
123
|
+
# @first_is_batch_request = assigns(:is_batch_request)
|
124
|
+
# @first_user = assigns(:resource).dup
|
125
|
+
# @first_access_token = response.headers['access-token']
|
126
|
+
# @first_response_status = response.status
|
127
|
+
#
|
128
|
+
# @resource.reload
|
129
|
+
# # age_token(@resource, @client_id)
|
130
|
+
#
|
131
|
+
# # use expired auth header
|
132
|
+
# get '/demo/members_only_mang',
|
133
|
+
# params: {},
|
134
|
+
# headers: @auth_headers
|
135
|
+
#
|
136
|
+
# @second_is_batch_request = assigns(:is_batch_request)
|
137
|
+
# @second_user = assigns(:resource).dup
|
138
|
+
# @second_access_token = response.headers['access-token']
|
139
|
+
# @second_response_status = response.status
|
140
|
+
# end
|
141
|
+
#
|
142
|
+
# after do
|
143
|
+
# DeviseJwtAuth.change_headers_on_each_request = true
|
144
|
+
# end
|
145
|
+
#
|
146
|
+
# it 'should allow the first request through' do
|
147
|
+
# assert_equal 200, @first_response_status
|
148
|
+
# end
|
149
|
+
#
|
150
|
+
# it 'should allow the second request through' do
|
151
|
+
# assert_equal 200, @second_response_status
|
152
|
+
# end
|
153
|
+
#
|
154
|
+
# it 'should return auth headers from the first request' do
|
155
|
+
# assert @first_access_token
|
156
|
+
# end
|
157
|
+
#
|
158
|
+
# it 'should not treat either requests as batch requests' do
|
159
|
+
# refute @first_is_batch_request
|
160
|
+
# refute @second_is_batch_request
|
161
|
+
# end
|
162
|
+
#
|
163
|
+
# it 'should return auth headers from the second request' do
|
164
|
+
# assert @second_access_token
|
165
|
+
# end
|
166
|
+
#
|
167
|
+
# it 'should define user during first request' do
|
168
|
+
# assert @first_user
|
169
|
+
# end
|
170
|
+
#
|
171
|
+
# it 'should define user during second request' do
|
172
|
+
# assert @second_user
|
173
|
+
# end
|
174
|
+
# end
|
175
|
+
#
|
176
|
+
# describe 'batch requests' do
|
177
|
+
# describe 'success' do
|
178
|
+
# before do
|
179
|
+
# # age_token(@resource, @client_id)
|
180
|
+
#
|
181
|
+
# get '/demo/members_only_mang',
|
182
|
+
# params: {},
|
183
|
+
# headers: @auth_headers
|
184
|
+
#
|
185
|
+
# @first_is_batch_request = assigns(:is_batch_request)
|
186
|
+
# @first_user = assigns(:resource)
|
187
|
+
# @first_access_token = response.headers['access-token']
|
188
|
+
#
|
189
|
+
# get '/demo/members_only_mang',
|
190
|
+
# params: {},
|
191
|
+
# headers: @auth_headers
|
192
|
+
#
|
193
|
+
# @second_is_batch_request = assigns(:is_batch_request)
|
194
|
+
# @second_user = assigns(:resource)
|
195
|
+
# @second_access_token = response.headers['access-token']
|
196
|
+
# end
|
197
|
+
#
|
198
|
+
# it 'should allow both requests through' do
|
199
|
+
# assert_equal 200, response.status
|
200
|
+
# end
|
201
|
+
#
|
202
|
+
# it 'should not treat the first request as a batch request' do
|
203
|
+
# refute @first_is_batch_request
|
204
|
+
# end
|
205
|
+
#
|
206
|
+
# it 'should treat the second request as a batch request' do
|
207
|
+
# assert @second_is_batch_request
|
208
|
+
# end
|
209
|
+
#
|
210
|
+
# it 'should return access token for first (non-batch) request' do
|
211
|
+
# assert @first_access_token
|
212
|
+
# end
|
213
|
+
#
|
214
|
+
# it 'should not return auth headers for second (batched) requests' do
|
215
|
+
# assert_equal ' ', @second_access_token
|
216
|
+
# end
|
217
|
+
# end
|
218
|
+
#
|
219
|
+
# describe 'time out' do
|
220
|
+
# before do
|
221
|
+
# @resource.reload
|
222
|
+
# # age_token(@resource, @client_id)
|
223
|
+
#
|
224
|
+
# get '/demo/members_only_mang',
|
225
|
+
# params: {},
|
226
|
+
# headers: @auth_headers
|
227
|
+
#
|
228
|
+
# @first_is_batch_request = assigns(:is_batch_request)
|
229
|
+
# @first_user = assigns(:resource).dup
|
230
|
+
# @first_access_token = response.headers['access-token']
|
231
|
+
# @first_response_status = response.status
|
232
|
+
#
|
233
|
+
# @resource.reload
|
234
|
+
# # age_token(@resource, @client_id)
|
235
|
+
#
|
236
|
+
# # use expired auth header
|
237
|
+
# get '/demo/members_only_mang',
|
238
|
+
# params: {},
|
239
|
+
# headers: @auth_headers
|
240
|
+
#
|
241
|
+
# @second_is_batch_request = assigns(:is_batch_request)
|
242
|
+
# @second_user = assigns(:resource)
|
243
|
+
# @second_access_token = response.headers['access-token']
|
244
|
+
# @second_response_status = response.status
|
245
|
+
# end
|
246
|
+
#
|
247
|
+
# it 'should allow the first request through' do
|
248
|
+
# assert_equal 200, @first_response_status
|
249
|
+
# end
|
250
|
+
#
|
251
|
+
# it 'should not allow the second request through' do
|
252
|
+
# assert_equal 401, @second_response_status
|
253
|
+
# end
|
254
|
+
#
|
255
|
+
# it 'should not treat first request as batch request' do
|
256
|
+
# refute @second_is_batch_request
|
257
|
+
# end
|
258
|
+
#
|
259
|
+
# it 'should return auth headers from the first request' do
|
260
|
+
# assert @first_access_token
|
261
|
+
# end
|
262
|
+
#
|
263
|
+
# it 'should not treat second request as batch request' do
|
264
|
+
# refute @second_is_batch_request
|
265
|
+
# end
|
266
|
+
#
|
267
|
+
# it 'should not return auth headers from the second request' do
|
268
|
+
# refute @second_access_token
|
269
|
+
# end
|
270
|
+
#
|
271
|
+
# it 'should define user during first request' do
|
272
|
+
# assert @first_user
|
273
|
+
# end
|
274
|
+
#
|
275
|
+
# it 'should not define user during second request' do
|
276
|
+
# refute @second_user
|
277
|
+
# end
|
278
|
+
# end
|
279
|
+
# end
|
284
280
|
end
|
285
281
|
end
|
286
282
|
end
|