devise_token_auth 0.1.20 → 0.1.21.alpha1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +274 -77
- data/app/controllers/devise_token_auth/auth_controller.rb +4 -1
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +8 -2
- data/app/controllers/devise_token_auth/confirmations_controller.rb +1 -1
- data/app/controllers/devise_token_auth/passwords_controller.rb +3 -3
- data/app/controllers/devise_token_auth/registrations_controller.rb +1 -1
- data/app/controllers/devise_token_auth/sessions_controller.rb +1 -1
- data/app/models/{user.rb → devise_token_auth/concerns/user.rb} +28 -23
- data/config/initializers/devise.rb +4 -64
- data/config/routes.rb +2 -14
- data/lib/devise_token_auth/engine.rb +5 -1
- data/lib/devise_token_auth/rails/routes.rb +36 -0
- data/lib/devise_token_auth/version.rb +1 -1
- data/lib/generators/devise_token_auth/USAGE +23 -5
- data/lib/generators/devise_token_auth/install_generator.rb +69 -5
- data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +5 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +56 -0
- data/lib/generators/devise_token_auth/templates/user.rb +3 -0
- data/test/controllers/demo_controller_test.rb +39 -4
- data/test/controllers/devise_token_auth/auth_controller_test.rb +98 -0
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +37 -2
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +38 -2
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +31 -4
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +32 -0
- data/test/dummy/app/assets/images/omniauth-provider-settings.png +0 -0
- data/test/dummy/app/models/mang.rb +3 -0
- data/test/dummy/app/models/user.rb +3 -0
- data/test/dummy/config/initializers/devise_token_auth.rb +5 -0
- data/test/dummy/config/routes.rb +16 -1
- data/test/dummy/db/development.sqlite3 +0 -0
- data/{lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb → test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb} +0 -0
- data/test/dummy/db/migrate/{20140714223034_devise_token_auth_create_users.rb → 20140715061805_devise_token_auth_create_mangs.rb} +7 -7
- data/test/dummy/db/schema.rb +35 -4
- data/test/dummy/db/test.sqlite3 +0 -0
- data/test/dummy/log/development.log +7601 -0
- data/test/dummy/log/test.log +128490 -0
- data/test/fixtures/mangs.yml +31 -0
- data/test/test_helper.rb +13 -9
- metadata +22 -8
@@ -14,4 +14,9 @@ DeviseTokenAuth.setup do |config|
|
|
14
14
|
# auth token. This setting determines how far apart the requests can be while
|
15
15
|
# still using the same auth token.
|
16
16
|
#config.batch_request_buffer_throttle = 5.seconds
|
17
|
+
|
18
|
+
# This route will be the prefix for all oauth2 redirect callbacks. For
|
19
|
+
# example, using the default '/omniauth', the github oauth2 provider will
|
20
|
+
# redirect successful authentications to '/omniauth/github/callback'
|
21
|
+
#config.omniauth_prefix = "/omniauth"
|
17
22
|
end
|
@@ -0,0 +1,56 @@
|
|
1
|
+
class DeviseTokenAuthCreate<%= user_class.pluralize %> < ActiveRecord::Migration
|
2
|
+
def change
|
3
|
+
create_table(:<%= user_class.pluralize.underscore %>) do |t|
|
4
|
+
## Database authenticatable
|
5
|
+
t.string :email
|
6
|
+
t.string :encrypted_password, :null => false, :default => ""
|
7
|
+
|
8
|
+
## Recoverable
|
9
|
+
t.string :reset_password_token
|
10
|
+
t.datetime :reset_password_sent_at
|
11
|
+
t.string :reset_password_redirect_url
|
12
|
+
|
13
|
+
## Rememberable
|
14
|
+
t.datetime :remember_created_at
|
15
|
+
|
16
|
+
## Trackable
|
17
|
+
t.integer :sign_in_count, :default => 0, :null => false
|
18
|
+
t.datetime :current_sign_in_at
|
19
|
+
t.datetime :last_sign_in_at
|
20
|
+
t.string :current_sign_in_ip
|
21
|
+
t.string :last_sign_in_ip
|
22
|
+
|
23
|
+
## Confirmable
|
24
|
+
t.string :confirmation_token
|
25
|
+
t.datetime :confirmed_at
|
26
|
+
t.datetime :confirmation_sent_at
|
27
|
+
t.string :confirm_success_url
|
28
|
+
t.string :unconfirmed_email # Only if using reconfirmable
|
29
|
+
|
30
|
+
## Lockable
|
31
|
+
# t.integer :failed_attempts, :default => 0, :null => false # Only if lock strategy is :failed_attempts
|
32
|
+
# t.string :unlock_token # Only if unlock strategy is :email or :both
|
33
|
+
# t.datetime :locked_at
|
34
|
+
|
35
|
+
## User Info
|
36
|
+
t.string :name
|
37
|
+
t.string :nickname
|
38
|
+
t.string :image
|
39
|
+
|
40
|
+
## unique oauth id
|
41
|
+
t.string :provider
|
42
|
+
t.string :uid, :null => false, :default => ""
|
43
|
+
|
44
|
+
## Tokens
|
45
|
+
t.text :tokens
|
46
|
+
|
47
|
+
t.timestamps
|
48
|
+
end
|
49
|
+
|
50
|
+
add_index :<%= user_class.pluralize.underscore %>, :email
|
51
|
+
add_index :<%= user_class.pluralize.underscore %>, :uid, :unique => true
|
52
|
+
add_index :<%= user_class.pluralize.underscore %>, :reset_password_token, :unique => true
|
53
|
+
# add_index :<%= user_class.pluralize.underscore %>, :confirmation_token, :unique => true
|
54
|
+
# add_index :<%= user_class.pluralize.underscore %>, :unlock_token, :unique => true
|
55
|
+
end
|
56
|
+
end
|
@@ -8,10 +8,6 @@ require 'test_helper'
|
|
8
8
|
|
9
9
|
class DemoControllerTest < ActionController::TestCase
|
10
10
|
describe DemoController, "Token access" do
|
11
|
-
setup do
|
12
|
-
@routes = Dummy::Application.routes
|
13
|
-
end
|
14
|
-
|
15
11
|
before do
|
16
12
|
@user = users(:confirmed_email_user)
|
17
13
|
@user.skip_confirmation!
|
@@ -230,4 +226,43 @@ class DemoControllerTest < ActionController::TestCase
|
|
230
226
|
end
|
231
227
|
end
|
232
228
|
end
|
229
|
+
|
230
|
+
# test with non-standard user class
|
231
|
+
describe DemoController, "Alternate user class" do
|
232
|
+
setup do
|
233
|
+
@request.env['devise.mapping'] = Devise.mappings[:mang]
|
234
|
+
end
|
235
|
+
|
236
|
+
teardown do
|
237
|
+
@request.env['devise.mapping'] = Devise.mappings[:user]
|
238
|
+
end
|
239
|
+
|
240
|
+
before do
|
241
|
+
@user = mangs(:confirmed_email_user)
|
242
|
+
@user.skip_confirmation!
|
243
|
+
@user.save!
|
244
|
+
|
245
|
+
@auth_header = @user.create_new_auth_token
|
246
|
+
|
247
|
+
@token = @auth_header[/token=(.*?) /,1]
|
248
|
+
@client_id = @auth_header[/client=(.*?) /,1]
|
249
|
+
@expiry = @auth_header[/expiry=(.*?) /,1]
|
250
|
+
|
251
|
+
# ensure that request is not treated as batch request
|
252
|
+
age_token(@user, @client_id)
|
253
|
+
|
254
|
+
request.headers['Authorization'] = @auth_header
|
255
|
+
xhr :get, :members_only
|
256
|
+
|
257
|
+
@resp_auth_header = response.headers['Authorization']
|
258
|
+
@resp_token = @resp_auth_header[/token=(.*?) /,1]
|
259
|
+
@resp_client_id = @resp_auth_header[/client=(.*?) /,1]
|
260
|
+
@resp_expiry = @resp_auth_header[/expiry=(.*?) /,1]
|
261
|
+
@resp_uid = @resp_auth_header[/uid=(.*?)$/,1]
|
262
|
+
end
|
263
|
+
|
264
|
+
it 'should return success status' do
|
265
|
+
assert_equal 200, response.status
|
266
|
+
end
|
267
|
+
end
|
233
268
|
end
|
@@ -0,0 +1,98 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
# was the web request successful?
|
4
|
+
# was the user redirected to the right page?
|
5
|
+
# was the user successfully authenticated?
|
6
|
+
# was the correct object stored in the response?
|
7
|
+
# was the appropriate message delivered in the json payload?
|
8
|
+
|
9
|
+
class OmniauthTest < ActionDispatch::IntegrationTest
|
10
|
+
setup do
|
11
|
+
OmniAuth.config.test_mode = true
|
12
|
+
OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new({
|
13
|
+
:provider => 'facebook',
|
14
|
+
:uid => '123545',
|
15
|
+
:info => {
|
16
|
+
name: 'chong',
|
17
|
+
email: 'chongbong@aol.com'
|
18
|
+
}
|
19
|
+
})
|
20
|
+
end
|
21
|
+
|
22
|
+
before do
|
23
|
+
@redirect_url = "http://ng-token-auth.dev/"
|
24
|
+
end
|
25
|
+
|
26
|
+
describe 'default user model' do
|
27
|
+
describe 'from api to provider' do
|
28
|
+
before do
|
29
|
+
get_via_redirect '/auth/facebook', {
|
30
|
+
auth_origin_url: @redirect_url
|
31
|
+
}
|
32
|
+
|
33
|
+
@user = assigns(:user)
|
34
|
+
end
|
35
|
+
|
36
|
+
test 'status should be success' do
|
37
|
+
assert_equal 200, response.status
|
38
|
+
end
|
39
|
+
|
40
|
+
test 'request should determine the correct resource_class' do
|
41
|
+
assert_equal 'User', request.env['omniauth.params']['resource_class']
|
42
|
+
end
|
43
|
+
|
44
|
+
test 'request should pass correct redirect_url' do
|
45
|
+
assert_equal @redirect_url, request.env['omniauth.params']['auth_origin_url']
|
46
|
+
end
|
47
|
+
|
48
|
+
test 'user should have been created' do
|
49
|
+
assert @user
|
50
|
+
end
|
51
|
+
|
52
|
+
test 'user should be assigned info from provider' do
|
53
|
+
assert_equal 'chongbong@aol.com', @user.email
|
54
|
+
end
|
55
|
+
|
56
|
+
test 'user should be of the correct class' do
|
57
|
+
assert_equal User, @user.class
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
61
|
+
|
62
|
+
|
63
|
+
describe 'alternate user model' do
|
64
|
+
describe 'from api to provider' do
|
65
|
+
before do
|
66
|
+
get_via_redirect '/bong/facebook', {
|
67
|
+
auth_origin_url: @redirect_url
|
68
|
+
}
|
69
|
+
|
70
|
+
@user = assigns(:user)
|
71
|
+
end
|
72
|
+
|
73
|
+
test 'status should be success' do
|
74
|
+
assert_equal 200, response.status
|
75
|
+
end
|
76
|
+
|
77
|
+
test 'request should determine the correct resource_class' do
|
78
|
+
assert_equal 'Mang', request.env['omniauth.params']['resource_class']
|
79
|
+
end
|
80
|
+
|
81
|
+
test 'request should pass correct redirect_url' do
|
82
|
+
assert_equal @redirect_url, request.env['omniauth.params']['auth_origin_url']
|
83
|
+
end
|
84
|
+
|
85
|
+
test 'user should have been created' do
|
86
|
+
assert @user
|
87
|
+
end
|
88
|
+
|
89
|
+
test 'user should be assigned info from provider' do
|
90
|
+
assert_equal 'chongbong@aol.com', @user.email
|
91
|
+
end
|
92
|
+
|
93
|
+
test 'user should be of the correct class' do
|
94
|
+
assert_equal Mang, @user.class
|
95
|
+
end
|
96
|
+
end
|
97
|
+
end
|
98
|
+
end
|
@@ -8,8 +8,6 @@ require 'test_helper'
|
|
8
8
|
|
9
9
|
class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
10
10
|
describe DeviseTokenAuth::ConfirmationsController, "Confirmation" do
|
11
|
-
fixtures :users
|
12
|
-
|
13
11
|
before do
|
14
12
|
@new_user = users(:unconfirmed_email_user)
|
15
13
|
@new_user.send_confirmation_instructions
|
@@ -50,4 +48,41 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
|
50
48
|
end
|
51
49
|
end
|
52
50
|
end
|
51
|
+
|
52
|
+
# test with non-standard user class
|
53
|
+
describe DeviseTokenAuth::ConfirmationsController, "Alternate user class" do
|
54
|
+
setup do
|
55
|
+
@request.env['devise.mapping'] = Devise.mappings[:mang]
|
56
|
+
end
|
57
|
+
|
58
|
+
teardown do
|
59
|
+
@request.env['devise.mapping'] = Devise.mappings[:user]
|
60
|
+
end
|
61
|
+
|
62
|
+
before do
|
63
|
+
@new_user = mangs(:unconfirmed_email_user)
|
64
|
+
@new_user.send_confirmation_instructions
|
65
|
+
@mail = ActionMailer::Base.deliveries.last
|
66
|
+
@token = @mail.body.match(/confirmation_token=(.*)\"/)[1]
|
67
|
+
end
|
68
|
+
|
69
|
+
test 'should generate raw token' do
|
70
|
+
assert @token
|
71
|
+
end
|
72
|
+
|
73
|
+
test "should store token hash in user" do
|
74
|
+
assert @new_user.confirmation_token
|
75
|
+
end
|
76
|
+
|
77
|
+
describe "success" do
|
78
|
+
before do
|
79
|
+
xhr :get, :show, {confirmation_token: @token}
|
80
|
+
@user = assigns(:user)
|
81
|
+
end
|
82
|
+
|
83
|
+
test "user should now be confirmed" do
|
84
|
+
assert @user.confirmed?
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
53
88
|
end
|
@@ -8,8 +8,6 @@ require 'test_helper'
|
|
8
8
|
|
9
9
|
class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
10
10
|
describe DeviseTokenAuth::PasswordsController, "Password reset" do
|
11
|
-
fixtures :users
|
12
|
-
|
13
11
|
before do
|
14
12
|
@user = users(:confirmed_email_user)
|
15
13
|
@redirect_url = 'http://ng-token-auth.dev'
|
@@ -163,5 +161,43 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
163
161
|
end
|
164
162
|
end
|
165
163
|
end
|
164
|
+
|
165
|
+
describe DeviseTokenAuth::PasswordsController, "Alternate user class" do
|
166
|
+
setup do
|
167
|
+
@request.env['devise.mapping'] = Devise.mappings[:mang]
|
168
|
+
end
|
169
|
+
|
170
|
+
teardown do
|
171
|
+
@request.env['devise.mapping'] = Devise.mappings[:user]
|
172
|
+
end
|
173
|
+
|
174
|
+
before do
|
175
|
+
@user = mangs(:confirmed_email_user)
|
176
|
+
@redirect_url = 'http://ng-token-auth.dev'
|
177
|
+
|
178
|
+
xhr :post, :create, {
|
179
|
+
email: @user.email,
|
180
|
+
redirect_url: @redirect_url
|
181
|
+
}
|
182
|
+
|
183
|
+
@mail = ActionMailer::Base.deliveries.last
|
184
|
+
@user.reload
|
185
|
+
|
186
|
+
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
187
|
+
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=(.*)&/)[1])
|
188
|
+
end
|
189
|
+
|
190
|
+
test 'response should return success status' do
|
191
|
+
assert_equal 200, response.status
|
192
|
+
end
|
193
|
+
|
194
|
+
test 'the email body should contain a link with reset token as a query param' do
|
195
|
+
user = Mang.reset_password_by_token({
|
196
|
+
reset_password_token: @mail_reset_token
|
197
|
+
})
|
198
|
+
|
199
|
+
assert_equal user.id, @user.id
|
200
|
+
end
|
201
|
+
end
|
166
202
|
end
|
167
203
|
|
@@ -73,8 +73,6 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionController::TestCase
|
|
73
73
|
end
|
74
74
|
|
75
75
|
describe DeviseTokenAuth::RegistrationsController, "Existing users" do
|
76
|
-
fixtures :users
|
77
|
-
|
78
76
|
before do
|
79
77
|
@existing_user = users(:confirmed_email_user)
|
80
78
|
|
@@ -104,8 +102,6 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionController::TestCase
|
|
104
102
|
|
105
103
|
|
106
104
|
describe DeviseTokenAuth::RegistrationsController, "Ouath user has existing email" do
|
107
|
-
fixtures :users
|
108
|
-
|
109
105
|
before do
|
110
106
|
@existing_user = users(:duplicate_email_facebook_user)
|
111
107
|
|
@@ -132,4 +128,35 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionController::TestCase
|
|
132
128
|
assert @data['data']['email']
|
133
129
|
end
|
134
130
|
end
|
131
|
+
|
132
|
+
describe DeviseTokenAuth::RegistrationsController, "Alternate user class" do
|
133
|
+
setup do
|
134
|
+
@request.env['devise.mapping'] = Devise.mappings[:mang]
|
135
|
+
end
|
136
|
+
|
137
|
+
teardown do
|
138
|
+
@request.env['devise.mapping'] = Devise.mappings[:user]
|
139
|
+
end
|
140
|
+
|
141
|
+
before do
|
142
|
+
xhr :post, :create, {
|
143
|
+
email: -> { Faker::Internet.email },
|
144
|
+
password: "secret123",
|
145
|
+
password_confirmation: "secret123",
|
146
|
+
confirm_success_url: -> { Faker::Internet.url }
|
147
|
+
}
|
148
|
+
|
149
|
+
@user = assigns(:resource)
|
150
|
+
@data = JSON.parse(response.body)
|
151
|
+
@mail = ActionMailer::Base.deliveries.last
|
152
|
+
end
|
153
|
+
|
154
|
+
test "request should be successful" do
|
155
|
+
assert_equal 200, response.status
|
156
|
+
end
|
157
|
+
|
158
|
+
test "use should be a Mang" do
|
159
|
+
assert_equal "Mang", @user.class.name
|
160
|
+
end
|
161
|
+
end
|
135
162
|
end
|
@@ -93,4 +93,36 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
|
|
93
93
|
assert @data['errors']
|
94
94
|
end
|
95
95
|
end
|
96
|
+
|
97
|
+
describe DeviseTokenAuth::SessionsController, "Alternate user class" do
|
98
|
+
setup do
|
99
|
+
@request.env['devise.mapping'] = Devise.mappings[:mang]
|
100
|
+
end
|
101
|
+
|
102
|
+
teardown do
|
103
|
+
@request.env['devise.mapping'] = Devise.mappings[:user]
|
104
|
+
end
|
105
|
+
|
106
|
+
before do
|
107
|
+
@existing_user = mangs(:confirmed_email_user)
|
108
|
+
@existing_user.skip_confirmation!
|
109
|
+
@existing_user.save!
|
110
|
+
|
111
|
+
xhr :post, :create, {
|
112
|
+
email: @existing_user.email,
|
113
|
+
password: 'secret123'
|
114
|
+
}
|
115
|
+
|
116
|
+
@user = assigns(:user)
|
117
|
+
@data = JSON.parse(response.body)
|
118
|
+
end
|
119
|
+
|
120
|
+
test "request should succeed" do
|
121
|
+
assert_equal 200, response.status
|
122
|
+
end
|
123
|
+
|
124
|
+
test "request should return user data" do
|
125
|
+
assert_equal @existing_user.email, @data['data']['email']
|
126
|
+
end
|
127
|
+
end
|
96
128
|
end
|
Binary file
|
@@ -14,4 +14,9 @@ DeviseTokenAuth.setup do |config|
|
|
14
14
|
# auth token. This setting determines how far apart the requests can be while
|
15
15
|
# still using the same auth token.
|
16
16
|
#config.batch_request_buffer_throttle = 5.seconds
|
17
|
+
|
18
|
+
# This route will be the prefix for all oauth2 redirect callbacks. For
|
19
|
+
# example, using the default '/omniauth', the github oauth2 provider will
|
20
|
+
# redirect successful authentications to '/omniauth/github/callback'
|
21
|
+
#config.omniauth_prefix = "/omniauth"
|
17
22
|
end
|