devise_jwt_auth 0.1.4 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/app/controllers/devise_jwt_auth/application_controller.rb +11 -22
- data/app/controllers/devise_jwt_auth/concerns/resource_finder.rb +3 -7
- data/app/controllers/devise_jwt_auth/concerns/set_user_by_token.rb +22 -18
- data/app/controllers/devise_jwt_auth/confirmations_controller.rb +10 -19
- data/app/controllers/devise_jwt_auth/omniauth_callbacks_controller.rb +38 -46
- data/app/controllers/devise_jwt_auth/passwords_controller.rb +34 -36
- data/app/controllers/devise_jwt_auth/refresh_token_controller.rb +4 -1
- data/app/controllers/devise_jwt_auth/registrations_controller.rb +40 -21
- data/app/controllers/devise_jwt_auth/sessions_controller.rb +21 -21
- data/app/controllers/devise_jwt_auth/unlocks_controller.rb +5 -4
- data/app/models/devise_jwt_auth/concerns/active_record_support.rb +3 -0
- data/app/models/devise_jwt_auth/concerns/confirmable_support.rb +7 -14
- data/app/models/devise_jwt_auth/concerns/mongoid_support.rb +3 -0
- data/app/models/devise_jwt_auth/concerns/tokens_serialization.rb +4 -1
- data/app/models/devise_jwt_auth/concerns/user.rb +18 -11
- data/app/models/devise_jwt_auth/concerns/user_omniauth_callbacks.rb +11 -3
- data/app/validators/devise_jwt_auth_email_validator.rb +12 -2
- data/app/views/devise/mailer/reset_password_instructions.html.erb +1 -1
- data/lib/devise_jwt_auth/blacklist.rb +3 -1
- data/lib/devise_jwt_auth/controllers/url_helpers.rb +1 -2
- data/lib/devise_jwt_auth/engine.rb +4 -4
- data/lib/devise_jwt_auth/rails/routes.rb +35 -24
- data/lib/devise_jwt_auth/token_factory.rb +3 -2
- data/lib/devise_jwt_auth/url.rb +2 -4
- data/lib/devise_jwt_auth/version.rb +1 -1
- data/lib/generators/devise_jwt_auth/USAGE +1 -1
- data/lib/generators/devise_jwt_auth/install_generator.rb +7 -6
- data/lib/generators/devise_jwt_auth/install_generator_helpers.rb +27 -6
- data/lib/generators/devise_jwt_auth/install_mongoid_generator.rb +3 -2
- data/lib/generators/devise_jwt_auth/templates/devise_jwt_auth.rb +6 -7
- data/lib/generators/devise_jwt_auth/templates/devise_jwt_auth_create_users.rb.erb +15 -11
- data/lib/generators/devise_jwt_auth/templates/user.rb.erb +2 -2
- data/test/controllers/custom/custom_confirmations_controller_test.rb +2 -2
- data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +1 -1
- data/test/controllers/custom/custom_passwords_controller_test.rb +8 -8
- data/test/controllers/custom/custom_refresh_token_controller_test.rb +2 -3
- data/test/controllers/custom/custom_registrations_controller_test.rb +2 -2
- data/test/controllers/demo_group_controller_test.rb +0 -24
- data/test/controllers/demo_mang_controller_test.rb +4 -224
- data/test/controllers/demo_user_controller_test.rb +6 -432
- data/test/controllers/devise_jwt_auth/confirmations_controller_test.rb +5 -5
- data/test/controllers/devise_jwt_auth/omniauth_callbacks_controller_test.rb +9 -10
- data/test/controllers/devise_jwt_auth/passwords_controller_test.rb +34 -35
- data/test/controllers/devise_jwt_auth/refresh_token_controller_test.rb +8 -12
- data/test/controllers/devise_jwt_auth/registrations_controller_test.rb +12 -26
- data/test/controllers/devise_jwt_auth/sessions_controller_test.rb +32 -34
- data/test/controllers/devise_jwt_auth/unlocks_controller_test.rb +2 -2
- data/test/controllers/overrides/confirmations_controller_test.rb +1 -1
- data/test/controllers/overrides/passwords_controller_test.rb +1 -6
- data/test/controllers/overrides/refresh_token_controller_test.rb +1 -2
- data/test/controllers/overrides/registrations_controller_test.rb +1 -1
- data/test/dummy/app/controllers/custom/refresh_token_controller.rb +2 -1
- data/test/dummy/app/controllers/custom/registrations_controller.rb +1 -1
- data/test/dummy/app/controllers/overrides/confirmations_controller.rb +3 -16
- data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +4 -4
- data/test/dummy/app/controllers/overrides/passwords_controller.rb +4 -16
- data/test/dummy/app/controllers/overrides/refresh_token_controller.rb +1 -1
- data/test/dummy/app/controllers/overrides/registrations_controller.rb +2 -2
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +2 -2
- data/test/dummy/app/models/concerns/favorite_color.rb +11 -9
- data/test/dummy/config/application.rb +1 -0
- data/test/dummy/config/boot.rb +1 -1
- data/test/dummy/config/environments/development.rb +2 -2
- data/test/dummy/config/environments/test.rb +11 -7
- data/test/dummy/config/initializers/devise_jwt_auth.rb +1 -0
- data/test/dummy/config/initializers/figaro.rb +1 -1
- data/test/dummy/config/initializers/omniauth.rb +2 -2
- data/test/dummy/config/routes.rb +10 -8
- data/test/dummy/config.ru +2 -2
- data/test/dummy/db/migrate/20141222035835_devise_jwt_auth_create_only_email_users.rb +9 -9
- data/test/dummy/db/migrate/20190924101113_devise_jwt_auth_create_confirmable_users.rb +6 -5
- data/test/dummy/db/schema.rb +170 -170
- data/test/dummy/tmp/generators/app/models/user.rb +8 -0
- data/test/dummy/tmp/generators/config/initializers/devise_jwt_auth.rb +6 -7
- data/test/dummy/tmp/generators/db/migrate/{20200210193225_devise_jwt_auth_create_azpire_v1_human_resource_users.rb → 20220123023137_devise_jwt_auth_create_users.rb} +20 -17
- data/test/factories/users.rb +5 -3
- data/test/lib/devise_jwt_auth/blacklist_test.rb +2 -2
- data/test/lib/devise_jwt_auth/token_factory_test.rb +7 -7
- data/test/lib/generators/devise_jwt_auth/install_generator_test.rb +3 -20
- data/test/lib/generators/devise_jwt_auth/install_generator_with_namespace_test.rb +4 -21
- data/test/models/concerns/tokens_serialization_test.rb +68 -68
- data/test/models/user_test.rb +0 -38
- data/test/support/controllers/routes.rb +7 -5
- data/test/test_helper.rb +1 -1
- metadata +45 -71
- data/test/dummy/tmp/generators/app/models/azpire/v1/human_resource/user.rb +0 -9
@@ -13,7 +13,7 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
|
|
13
13
|
describe 'Password reset' do
|
14
14
|
before do
|
15
15
|
@resource = create(:user, :confirmed)
|
16
|
-
@redirect_url = 'http://ng-
|
16
|
+
@redirect_url = 'http://ng-jwt-auth.dev'
|
17
17
|
end
|
18
18
|
|
19
19
|
describe 'not email should return 401' do
|
@@ -66,7 +66,7 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
|
|
66
66
|
describe 'for edit' do
|
67
67
|
before do
|
68
68
|
get_reset_token
|
69
|
-
get :edit, params: { reset_password_token: @mail_reset_token}
|
69
|
+
get :edit, params: { reset_password_token: @mail_reset_token }
|
70
70
|
@data = JSON.parse(response.body)
|
71
71
|
end
|
72
72
|
|
@@ -109,7 +109,7 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
|
|
109
109
|
assert @data['errors']
|
110
110
|
assert_equal @data['errors'],
|
111
111
|
[I18n.t('devise_jwt_auth.passwords.user_not_found',
|
112
|
-
|
112
|
+
email: 'chester@cheet.ah')]
|
113
113
|
end
|
114
114
|
|
115
115
|
test 'response should not have refresh cookie' do
|
@@ -143,9 +143,9 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
|
|
143
143
|
@resource.reload
|
144
144
|
@data = JSON.parse(response.body)
|
145
145
|
|
146
|
-
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
146
|
+
# @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
147
147
|
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
148
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)
|
148
|
+
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)"/)[1]
|
149
149
|
end
|
150
150
|
|
151
151
|
test 'response should return success status' do
|
@@ -178,9 +178,9 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
|
|
178
178
|
assert_equal @redirect_url, @mail_redirect_url
|
179
179
|
end
|
180
180
|
|
181
|
-
test 'the client config name should fall back to "default"' do
|
182
|
-
|
183
|
-
end
|
181
|
+
# test 'the client config name should fall back to "default"' do
|
182
|
+
# assert_equal 'default', @mail_config_name
|
183
|
+
# end
|
184
184
|
|
185
185
|
test 'the email body should contain a link with reset token as a query param' do
|
186
186
|
user = User.reset_password_by_token(reset_password_token: @mail_reset_token)
|
@@ -209,9 +209,9 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
|
|
209
209
|
raw_qs = response.location.split('?')[1]
|
210
210
|
@qs = Rack::Utils.parse_nested_query(raw_qs)
|
211
211
|
|
212
|
-
@access_token = @qs[DeviseJwtAuth.access_token_name]
|
213
|
-
@reset_password = @qs['reset_password']
|
214
|
-
@refresh_token
|
212
|
+
# @access_token = @qs[DeviseJwtAuth.access_token_name]
|
213
|
+
# @reset_password = @qs['reset_password']
|
214
|
+
@refresh_token = response.cookies[DeviseJwtAuth.refresh_token_name]
|
215
215
|
end
|
216
216
|
|
217
217
|
test 'response should have success redirect status' do
|
@@ -219,14 +219,14 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
|
|
219
219
|
end
|
220
220
|
|
221
221
|
test 'response should contain auth params' do
|
222
|
-
assert @access_token
|
223
|
-
assert @reset_password
|
222
|
+
# assert @access_token
|
223
|
+
# assert @reset_password
|
224
224
|
assert @refresh_token
|
225
225
|
end
|
226
226
|
|
227
227
|
test 'access and refresh tokens should be valid' do
|
228
|
-
payload = DeviseJwtAuth::TokenFactory.decode_access_token(@access_token)
|
229
|
-
assert payload['sub']
|
228
|
+
# payload = DeviseJwtAuth::TokenFactory.decode_access_token(@access_token)
|
229
|
+
# assert payload['sub']
|
230
230
|
payload = DeviseJwtAuth::TokenFactory.decode_refresh_token(@refresh_token)
|
231
231
|
assert payload['sub']
|
232
232
|
end
|
@@ -237,7 +237,7 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
|
|
237
237
|
before do
|
238
238
|
@resource_class = User
|
239
239
|
@request_params = {
|
240
|
-
email:
|
240
|
+
email: @resource.email.upcase,
|
241
241
|
redirect_url: @redirect_url
|
242
242
|
}
|
243
243
|
end
|
@@ -264,13 +264,12 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
|
|
264
264
|
|
265
265
|
@mail = ActionMailer::Base.deliveries.last
|
266
266
|
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
267
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)
|
267
|
+
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)"/)[1]
|
268
268
|
|
269
269
|
@resource.reload
|
270
270
|
end
|
271
271
|
|
272
272
|
describe 'reset_password_token is valid' do
|
273
|
-
|
274
273
|
test 'mail_reset_token should be the same as reset_password_token' do
|
275
274
|
assert_equal Devise.token_generator.digest(self, :reset_password_token, @mail_reset_token), @resource.reset_password_token
|
276
275
|
end
|
@@ -341,7 +340,7 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
|
|
341
340
|
describe 'Using default_password_reset_url' do
|
342
341
|
before do
|
343
342
|
@resource = create(:user, :confirmed)
|
344
|
-
@redirect_url = 'http://ng-
|
343
|
+
@redirect_url = 'http://ng-jwt-auth.dev'
|
345
344
|
|
346
345
|
DeviseJwtAuth.default_password_reset_url = @redirect_url
|
347
346
|
|
@@ -492,7 +491,7 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
|
|
492
491
|
|
493
492
|
@mail = ActionMailer::Base.deliveries.last
|
494
493
|
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
495
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)
|
494
|
+
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)"/)[1]
|
496
495
|
|
497
496
|
# confirm via password reset email link
|
498
497
|
get :edit, params: { reset_password_token: @mail_reset_token,
|
@@ -568,10 +567,9 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
|
|
568
567
|
DeviseJwtAuth.require_client_password_reset_token = true
|
569
568
|
@redirect_url = 'http://client-app.dev'
|
570
569
|
get_reset_token
|
571
|
-
edit_url = CGI.unescape(@mail.body.match(/href
|
570
|
+
edit_url = CGI.unescape(@mail.body.match(/href="(.+)"/)[1])
|
572
571
|
query_parts = Rack::Utils.parse_nested_query(URI.parse(edit_url).query)
|
573
572
|
get :edit, params: query_parts
|
574
|
-
|
575
573
|
end
|
576
574
|
|
577
575
|
test 'reponse should be redirect' do
|
@@ -668,8 +666,8 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
|
|
668
666
|
|
669
667
|
describe 'without valid headers' do
|
670
668
|
before do
|
671
|
-
|
672
|
-
|
669
|
+
@auth_headers = @resource.create_named_token_pair
|
670
|
+
new_password = Faker::Internet.password
|
673
671
|
|
674
672
|
put :update, params: { password: new_password,
|
675
673
|
password_confirmation: new_password }
|
@@ -800,7 +798,7 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
|
|
800
798
|
|
801
799
|
before do
|
802
800
|
@resource = create(:mang_user, :confirmed)
|
803
|
-
@redirect_url = 'http://ng-
|
801
|
+
@redirect_url = 'http://ng-jwt-auth.dev'
|
804
802
|
get_reset_token
|
805
803
|
end
|
806
804
|
|
@@ -818,7 +816,7 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
|
|
818
816
|
describe 'unconfirmed user' do
|
819
817
|
before do
|
820
818
|
@resource = create(:user)
|
821
|
-
@redirect_url = 'http://ng-
|
819
|
+
@redirect_url = 'http://ng-jwt-auth.dev'
|
822
820
|
|
823
821
|
get_reset_token
|
824
822
|
|
@@ -852,18 +850,19 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
|
|
852
850
|
describe 'alternate user type' do
|
853
851
|
before do
|
854
852
|
@resource = create(:user, :confirmed)
|
855
|
-
@redirect_url = 'http://ng-
|
856
|
-
@config_name = 'altUser'
|
853
|
+
@redirect_url = 'http://ng-jwt-auth.dev'
|
854
|
+
# @config_name = 'altUser'
|
857
855
|
|
858
856
|
params = { email: @resource.email,
|
859
|
-
|
860
|
-
|
857
|
+
redirect_url: @redirect_url,
|
858
|
+
# config_name: @config_name
|
859
|
+
}
|
861
860
|
get_reset_token params
|
862
861
|
end
|
863
862
|
|
864
|
-
test 'config_name param is included in the confirmation email link' do
|
865
|
-
|
866
|
-
end
|
863
|
+
# test 'config_name param is included in the confirmation email link' do
|
864
|
+
# assert_equal @config_name, @mail_config_name
|
865
|
+
# end
|
867
866
|
end
|
868
867
|
|
869
868
|
def get_reset_token(params = nil)
|
@@ -873,9 +872,9 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
|
|
873
872
|
@mail = ActionMailer::Base.deliveries.last
|
874
873
|
@resource.reload
|
875
874
|
|
876
|
-
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
875
|
+
# @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
877
876
|
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
878
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)
|
877
|
+
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)"/)[1]
|
879
878
|
end
|
880
879
|
end
|
881
880
|
end
|
@@ -8,8 +8,7 @@ class DeviseJwtAuth::RefreshTokenControllerTest < ActionDispatch::IntegrationTes
|
|
8
8
|
before do
|
9
9
|
@resource = create(:user, :confirmed)
|
10
10
|
@auth_headers = get_cookie_header(DeviseJwtAuth.refresh_token_name,
|
11
|
-
@resource.create_refresh_token
|
12
|
-
)
|
11
|
+
@resource.create_refresh_token)
|
13
12
|
get '/auth/refresh_token', params: {}, headers: @auth_headers
|
14
13
|
@resp = JSON.parse(response.body)
|
15
14
|
end
|
@@ -22,13 +21,12 @@ class DeviseJwtAuth::RefreshTokenControllerTest < ActionDispatch::IntegrationTes
|
|
22
21
|
assert @resp[DeviseJwtAuth.access_token_name]
|
23
22
|
end
|
24
23
|
end
|
25
|
-
|
24
|
+
|
26
25
|
describe 'unconfirmed user' do
|
27
26
|
before do
|
28
27
|
@resource = create(:user)
|
29
28
|
@auth_headers = get_cookie_header(DeviseJwtAuth.refresh_token_name,
|
30
|
-
@resource.create_refresh_token
|
31
|
-
)
|
29
|
+
@resource.create_refresh_token)
|
32
30
|
get '/auth/refresh_token', params: {}, headers: @auth_headers
|
33
31
|
@resp = JSON.parse(response.body)
|
34
32
|
end
|
@@ -41,19 +39,18 @@ class DeviseJwtAuth::RefreshTokenControllerTest < ActionDispatch::IntegrationTes
|
|
41
39
|
assert_nil @resp[DeviseJwtAuth.access_token_name]
|
42
40
|
end
|
43
41
|
end
|
44
|
-
|
42
|
+
|
45
43
|
describe 'an expired token' do
|
46
44
|
before do
|
47
45
|
@resource = create(:user, :confirmed)
|
48
46
|
@exp = (Time.now - 1.hour).to_i
|
49
47
|
@expired_token = @resource.create_refresh_token(exp: @exp)
|
50
48
|
@auth_headers = get_cookie_header(DeviseJwtAuth.refresh_token_name,
|
51
|
-
@expired_token
|
52
|
-
)
|
49
|
+
@expired_token)
|
53
50
|
get '/auth/refresh_token', params: {}, headers: @auth_headers
|
54
51
|
@resp = JSON.parse(response.body)
|
55
52
|
end
|
56
|
-
|
53
|
+
|
57
54
|
it 'response error' do
|
58
55
|
assert_equal 401, response.status
|
59
56
|
end
|
@@ -66,12 +63,11 @@ class DeviseJwtAuth::RefreshTokenControllerTest < ActionDispatch::IntegrationTes
|
|
66
63
|
describe 'an invalid refresh token' do
|
67
64
|
before do
|
68
65
|
@auth_headers = get_cookie_header(DeviseJwtAuth.refresh_token_name,
|
69
|
-
|
70
|
-
)
|
66
|
+
'invalid-token')
|
71
67
|
get '/auth/refresh_token', params: {}, headers: @auth_headers
|
72
68
|
@resp = JSON.parse(response.body)
|
73
69
|
end
|
74
|
-
|
70
|
+
|
75
71
|
it 'response error' do
|
76
72
|
assert_equal 401, response.status
|
77
73
|
end
|
@@ -105,7 +105,7 @@ class DeviseJwtAuth::RegistrationsControllerTest < ActionDispatch::IntegrationTe
|
|
105
105
|
|
106
106
|
@data = JSON.parse(response.body)
|
107
107
|
end
|
108
|
-
|
108
|
+
|
109
109
|
test 'an access token should be returned' do
|
110
110
|
assert @data[DeviseJwtAuth.access_token_name]
|
111
111
|
end
|
@@ -185,7 +185,7 @@ class DeviseJwtAuth::RegistrationsControllerTest < ActionDispatch::IntegrationTe
|
|
185
185
|
unpermitted_param: '(x_x)' }
|
186
186
|
|
187
187
|
@data = JSON.parse(response.body)
|
188
|
-
|
188
|
+
|
189
189
|
assert_equal 422, response.status
|
190
190
|
assert_nil @data[DeviseJwtAuth.access_token_name]
|
191
191
|
assert_nil response.cookies[DeviseJwtAuth.refresh_token_name]
|
@@ -223,17 +223,17 @@ class DeviseJwtAuth::RegistrationsControllerTest < ActionDispatch::IntegrationTe
|
|
223
223
|
@resource = assigns(:resource)
|
224
224
|
@data = JSON.parse(response.body)
|
225
225
|
@mail = ActionMailer::Base.deliveries.last
|
226
|
-
@sent_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)(
|
226
|
+
@sent_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)(&|")/)[1])
|
227
227
|
end
|
228
|
-
|
228
|
+
|
229
229
|
teardown do
|
230
230
|
DeviseJwtAuth.default_confirm_success_url = nil
|
231
231
|
end
|
232
|
-
|
232
|
+
|
233
233
|
test 'request should be successful' do
|
234
234
|
assert_equal 200, response.status
|
235
235
|
end
|
236
|
-
|
236
|
+
|
237
237
|
test 'email contains the default redirect url' do
|
238
238
|
assert_equal @redirect_url, @sent_redirect_url
|
239
239
|
end
|
@@ -310,7 +310,7 @@ class DeviseJwtAuth::RegistrationsControllerTest < ActionDispatch::IntegrationTe
|
|
310
310
|
@mail = ActionMailer::Base.deliveries.last
|
311
311
|
|
312
312
|
@mail_reset_token = @mail.body.match(/confirmation_token=([^&]*)&/)[1]
|
313
|
-
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=(.*)
|
313
|
+
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=(.*)"/)[1])
|
314
314
|
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
315
315
|
end
|
316
316
|
|
@@ -449,10 +449,10 @@ class DeviseJwtAuth::RegistrationsControllerTest < ActionDispatch::IntegrationTe
|
|
449
449
|
before do
|
450
450
|
@existing_user = create(:user, :confirmed)
|
451
451
|
@auth_headers = @existing_user.create_named_token_pair
|
452
|
-
|
452
|
+
# @client_id = @auth_headers['client']
|
453
453
|
|
454
454
|
# ensure request is not treated as batch request
|
455
|
-
#age_token(@existing_user, @client_id)
|
455
|
+
# age_token(@existing_user, @client_id)
|
456
456
|
|
457
457
|
delete '/auth', params: {}, headers: @auth_headers
|
458
458
|
|
@@ -495,7 +495,7 @@ class DeviseJwtAuth::RegistrationsControllerTest < ActionDispatch::IntegrationTe
|
|
495
495
|
describe 'Update user account' do
|
496
496
|
describe 'existing user' do
|
497
497
|
before do
|
498
|
-
@existing_user = create(:user, :confirmed)
|
498
|
+
@existing_user = create(:user, :confirmed)
|
499
499
|
@auth_headers = @existing_user.create_named_token_pair
|
500
500
|
|
501
501
|
# @client_id = @auth_headers['client']
|
@@ -799,7 +799,7 @@ class DeviseJwtAuth::RegistrationsControllerTest < ActionDispatch::IntegrationTe
|
|
799
799
|
@resource.skip_confirmation!
|
800
800
|
@resource.save!
|
801
801
|
@auth_headers = @resource.create_named_token_pair
|
802
|
-
|
802
|
+
|
803
803
|
# @client_id = @auth_headers['client']
|
804
804
|
|
805
805
|
# ensure request is not treated as batch request
|
@@ -832,7 +832,7 @@ class DeviseJwtAuth::RegistrationsControllerTest < ActionDispatch::IntegrationTe
|
|
832
832
|
@resource.reload
|
833
833
|
|
834
834
|
@mail_reset_token = @mail.body.match(/confirmation_token=([^&]*)&/)[1]
|
835
|
-
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=(.*)
|
835
|
+
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=(.*)"/)[1])
|
836
836
|
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
837
837
|
end
|
838
838
|
|
@@ -879,20 +879,6 @@ class DeviseJwtAuth::RegistrationsControllerTest < ActionDispatch::IntegrationTe
|
|
879
879
|
test 'user was confirmed' do
|
880
880
|
assert @resource.confirmed?
|
881
881
|
end
|
882
|
-
|
883
|
-
=begin
|
884
|
-
test 'auth headers were returned in response' do
|
885
|
-
assert response.headers['access-token']
|
886
|
-
assert response.headers['token-type']
|
887
|
-
assert response.headers['client']
|
888
|
-
assert response.headers['expiry']
|
889
|
-
assert response.headers['uid']
|
890
|
-
end
|
891
|
-
|
892
|
-
test 'response token is valid' do
|
893
|
-
assert @resource.valid_token?(@token, @client_id)
|
894
|
-
end
|
895
|
-
=end
|
896
882
|
end
|
897
883
|
|
898
884
|
describe 'User with only :database_authenticatable and :registerable included' do
|
@@ -141,7 +141,8 @@ class DeviseJwtAuth::SessionsControllerTest < ActionController::TestCase
|
|
141
141
|
assert_nil @data[DeviseJwtAuth.access_token_name]
|
142
142
|
end
|
143
143
|
|
144
|
-
test 'response should
|
144
|
+
test 'response should delete refresh token from client' do
|
145
|
+
assert_equal true, response.cookies.keys.include?(DeviseJwtAuth.refresh_token_name)
|
145
146
|
assert_nil response.cookies[DeviseJwtAuth.refresh_token_name]
|
146
147
|
end
|
147
148
|
|
@@ -174,7 +175,7 @@ class DeviseJwtAuth::SessionsControllerTest < ActionController::TestCase
|
|
174
175
|
|
175
176
|
test 'response should not have refresh token' do
|
176
177
|
assert_nil response.cookies[DeviseJwtAuth.refresh_token_name]
|
177
|
-
end
|
178
|
+
end
|
178
179
|
end
|
179
180
|
|
180
181
|
describe 'failure' do
|
@@ -206,37 +207,35 @@ class DeviseJwtAuth::SessionsControllerTest < ActionController::TestCase
|
|
206
207
|
end
|
207
208
|
end
|
208
209
|
|
209
|
-
|
210
|
-
|
211
|
-
|
212
|
-
|
213
|
-
|
214
|
-
|
215
|
-
|
216
|
-
|
217
|
-
|
218
|
-
|
219
|
-
|
220
|
-
|
221
|
-
|
222
|
-
|
223
|
-
|
224
|
-
|
225
|
-
|
226
|
-
|
227
|
-
|
228
|
-
|
229
|
-
|
230
|
-
|
231
|
-
|
232
|
-
|
233
|
-
|
234
|
-
|
235
|
-
|
236
|
-
|
237
|
-
|
238
|
-
end
|
239
|
-
=end
|
210
|
+
# describe 'failure with bad password when change_headers_on_each_request false' do
|
211
|
+
# before do
|
212
|
+
# DeviseJwtAuth.change_headers_on_each_request = false
|
213
|
+
#
|
214
|
+
# # accessing current_user calls through set_user_by_token,
|
215
|
+
# # which initializes client_id
|
216
|
+
# @controller.current_user
|
217
|
+
#
|
218
|
+
# post :create,
|
219
|
+
# params: { email: @existing_user.email,
|
220
|
+
# password: 'bogus' }
|
221
|
+
#
|
222
|
+
# @resource = assigns(:resource)
|
223
|
+
# @data = JSON.parse(response.body)
|
224
|
+
# end
|
225
|
+
#
|
226
|
+
# test 'request should fail' do
|
227
|
+
# assert_equal 401, response.status
|
228
|
+
# end
|
229
|
+
#
|
230
|
+
# test 'response should contain errors' do
|
231
|
+
# assert @data['errors']
|
232
|
+
# assert_equal @data['errors'], [I18n.t('devise_jwt_auth.sessions.bad_credentials')]
|
233
|
+
# end
|
234
|
+
#
|
235
|
+
# after do
|
236
|
+
# DeviseJwtAuth.change_headers_on_each_request = true
|
237
|
+
# end
|
238
|
+
# end
|
240
239
|
|
241
240
|
describe 'case-insensitive email' do
|
242
241
|
before do
|
@@ -284,7 +283,6 @@ class DeviseJwtAuth::SessionsControllerTest < ActionController::TestCase
|
|
284
283
|
@data = JSON.parse(response.body)
|
285
284
|
|
286
285
|
assert_equal 200, response.status
|
287
|
-
# p 'DATA', @data.inspect
|
288
286
|
assert @data[DeviseJwtAuth.access_token_name]
|
289
287
|
assert response.cookies[DeviseJwtAuth.refresh_token_name]
|
290
288
|
end
|
@@ -95,7 +95,7 @@ class DeviseJwtAuth::UnlocksControllerTest < ActionController::TestCase
|
|
95
95
|
@data = JSON.parse(response.body)
|
96
96
|
|
97
97
|
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
98
|
-
@mail_reset_token = @mail.body.match(/unlock_token=(.*)
|
98
|
+
@mail_reset_token = @mail.body.match(/unlock_token=(.*)"/)[1]
|
99
99
|
end
|
100
100
|
|
101
101
|
test 'response should return success status' do
|
@@ -161,7 +161,7 @@ class DeviseJwtAuth::UnlocksControllerTest < ActionController::TestCase
|
|
161
161
|
before do
|
162
162
|
@resource_class = LockableUser
|
163
163
|
@request_params = {
|
164
|
-
email:
|
164
|
+
email: @resource.email.upcase
|
165
165
|
}
|
166
166
|
end
|
167
167
|
|
@@ -20,7 +20,7 @@ class Overrides::ConfirmationsControllerTest < ActionDispatch::IntegrationTest
|
|
20
20
|
@new_user.send_confirmation_instructions(redirect_url: @redirect_url)
|
21
21
|
|
22
22
|
@mail = ActionMailer::Base.deliveries.last
|
23
|
-
@confirmation_path = @mail.body.match(/localhost([
|
23
|
+
@confirmation_path = @mail.body.match(/localhost([^"]*)"/)[1]
|
24
24
|
|
25
25
|
# visit confirmation link
|
26
26
|
get @confirmation_path
|
@@ -24,7 +24,7 @@ class Overrides::PasswordsControllerTest < ActionDispatch::IntegrationTest
|
|
24
24
|
mail = ActionMailer::Base.deliveries.last
|
25
25
|
@resource.reload
|
26
26
|
|
27
|
-
mail_reset_token = mail.body.match(/reset_password_token=(.*)
|
27
|
+
mail_reset_token = mail.body.match(/reset_password_token=(.*)"/)[1]
|
28
28
|
mail_redirect_url = CGI.unescape(mail.body.match(/redirect_url=([^&]*)&/)[1])
|
29
29
|
|
30
30
|
get '/evil_user_auth/password/edit',
|
@@ -46,13 +46,8 @@ class Overrides::PasswordsControllerTest < ActionDispatch::IntegrationTest
|
|
46
46
|
test 'response should contain auth params + override proof' do
|
47
47
|
# TODO: remove access-token and keep uid?
|
48
48
|
assert @query_string['access-token']
|
49
|
-
# assert @query_string['client']
|
50
|
-
# assert @query_string['client_id']
|
51
|
-
# assert @query_string['expiry']
|
52
49
|
assert @query_string['override_proof']
|
53
50
|
assert @query_string['reset_password']
|
54
|
-
# assert @query_string['token']
|
55
|
-
# assert @query_string['uid']
|
56
51
|
end
|
57
52
|
|
58
53
|
test 'override proof is correct' do
|
@@ -15,8 +15,7 @@ class Overrides::RefreshTokenControllerTest < ActionDispatch::IntegrationTest
|
|
15
15
|
before do
|
16
16
|
@resource = create(:user, :confirmed)
|
17
17
|
@auth_headers = get_cookie_header(DeviseJwtAuth.refresh_token_name,
|
18
|
-
|
19
|
-
)
|
18
|
+
@resource.create_refresh_token)
|
20
19
|
|
21
20
|
get '/evil_user_auth/refresh_token',
|
22
21
|
params: {},
|
@@ -14,7 +14,7 @@ class Overrides::RegistrationsControllerTest < ActionDispatch::IntegrationTest
|
|
14
14
|
describe Overrides::RegistrationsController do
|
15
15
|
describe 'Succesful Registration update' do
|
16
16
|
before do
|
17
|
-
@existing_user
|
17
|
+
@existing_user = create(:user, :confirmed)
|
18
18
|
@auth_headers = @existing_user.create_named_token_pair
|
19
19
|
|
20
20
|
# @client_id = @auth_headers['client']
|
@@ -5,30 +5,17 @@ module Overrides
|
|
5
5
|
def show
|
6
6
|
@resource = resource_class.confirm_by_token(params[:confirmation_token])
|
7
7
|
|
8
|
-
if @resource
|
9
|
-
# token = @resource.create_token
|
10
|
-
# @resource.save!
|
11
|
-
|
8
|
+
if @resource&.id
|
12
9
|
update_refresh_token_cookie
|
13
10
|
redirect_header_options = {
|
14
11
|
account_confirmation_success: true,
|
15
12
|
config: params[:config],
|
16
13
|
override_proof: '(^^,)'
|
17
14
|
}
|
18
|
-
redirect_headers = @resource.create_named_token_pair
|
19
|
-
merge(redirect_header_options)
|
15
|
+
redirect_headers = @resource.create_named_token_pair
|
16
|
+
.merge(redirect_header_options)
|
20
17
|
redirect_to_link = DeviseJwtAuth::Url.generate(params[:redirect_url], redirect_headers)
|
21
18
|
redirect_to redirect_to_link
|
22
|
-
# redirect_header_options = {
|
23
|
-
# account_confirmation_success: true,
|
24
|
-
# config: params[:config],
|
25
|
-
# override_proof: '(^^,)'
|
26
|
-
# }
|
27
|
-
# redirect_headers = build_redirect_headers(token.token,
|
28
|
-
# token.client,
|
29
|
-
# redirect_header_options)
|
30
|
-
# redirect_to(@resource.build_auth_url(params[:redirect_url],
|
31
|
-
# redirect_headers))
|
32
19
|
else
|
33
20
|
raise ActionController::RoutingError, 'Not Found'
|
34
21
|
end
|
@@ -2,14 +2,14 @@
|
|
2
2
|
|
3
3
|
module Overrides
|
4
4
|
class OmniauthCallbacksController < DeviseJwtAuth::OmniauthCallbacksController
|
5
|
-
DEFAULT_NICKNAME = 'stimpy'
|
5
|
+
DEFAULT_NICKNAME = 'stimpy'
|
6
6
|
|
7
7
|
def assign_provider_attrs(user, auth_hash)
|
8
8
|
user.assign_attributes(
|
9
9
|
nickname: DEFAULT_NICKNAME,
|
10
|
-
name:
|
11
|
-
image:
|
12
|
-
email:
|
10
|
+
name: auth_hash['info']['name'],
|
11
|
+
image: auth_hash['info']['image'],
|
12
|
+
email: auth_hash['info']['email']
|
13
13
|
)
|
14
14
|
end
|
15
15
|
end
|
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
module Overrides
|
4
4
|
class PasswordsController < DeviseJwtAuth::PasswordsController
|
5
|
-
OVERRIDE_PROOF = '(^^,)'
|
5
|
+
OVERRIDE_PROOF = '(^^,)'
|
6
6
|
|
7
7
|
# this is where users arrive after visiting the email confirmation link
|
8
8
|
def edit
|
@@ -10,9 +10,7 @@ module Overrides
|
|
10
10
|
reset_password_token: resource_params[:reset_password_token]
|
11
11
|
)
|
12
12
|
|
13
|
-
if @resource
|
14
|
-
# token = @resource.create_token
|
15
|
-
|
13
|
+
if @resource&.id
|
16
14
|
# ensure that user is confirmed
|
17
15
|
@resource.skip_confirmation! unless @resource.confirmed_at
|
18
16
|
|
@@ -23,20 +21,10 @@ module Overrides
|
|
23
21
|
override_proof: OVERRIDE_PROOF,
|
24
22
|
reset_password: true
|
25
23
|
}
|
26
|
-
redirect_headers = @resource.create_named_token_pair
|
27
|
-
merge(redirect_header_options)
|
24
|
+
redirect_headers = @resource.create_named_token_pair
|
25
|
+
.merge(redirect_header_options)
|
28
26
|
redirect_to_link = DeviseJwtAuth::Url.generate(params[:redirect_url], redirect_headers)
|
29
27
|
redirect_to redirect_to_link
|
30
|
-
|
31
|
-
# redirect_header_options = {
|
32
|
-
# override_proof: OVERRIDE_PROOF,
|
33
|
-
# reset_password: true
|
34
|
-
# }
|
35
|
-
# redirect_headers = build_redirect_headers(token.token,
|
36
|
-
# token.client,
|
37
|
-
# redirect_header_options)
|
38
|
-
# redirect_to(@resource.build_auth_url(params[:redirect_url],
|
39
|
-
# redirect_headers))
|
40
28
|
else
|
41
29
|
raise ActionController::RoutingError, 'Not Found'
|
42
30
|
end
|