devise_token_auth 0.1.20 → 0.1.21.alpha1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +274 -77
- data/app/controllers/devise_token_auth/auth_controller.rb +4 -1
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +8 -2
- data/app/controllers/devise_token_auth/confirmations_controller.rb +1 -1
- data/app/controllers/devise_token_auth/passwords_controller.rb +3 -3
- data/app/controllers/devise_token_auth/registrations_controller.rb +1 -1
- data/app/controllers/devise_token_auth/sessions_controller.rb +1 -1
- data/app/models/{user.rb → devise_token_auth/concerns/user.rb} +28 -23
- data/config/initializers/devise.rb +4 -64
- data/config/routes.rb +2 -14
- data/lib/devise_token_auth/engine.rb +5 -1
- data/lib/devise_token_auth/rails/routes.rb +36 -0
- data/lib/devise_token_auth/version.rb +1 -1
- data/lib/generators/devise_token_auth/USAGE +23 -5
- data/lib/generators/devise_token_auth/install_generator.rb +69 -5
- data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +5 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +56 -0
- data/lib/generators/devise_token_auth/templates/user.rb +3 -0
- data/test/controllers/demo_controller_test.rb +39 -4
- data/test/controllers/devise_token_auth/auth_controller_test.rb +98 -0
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +37 -2
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +38 -2
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +31 -4
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +32 -0
- data/test/dummy/app/assets/images/omniauth-provider-settings.png +0 -0
- data/test/dummy/app/models/mang.rb +3 -0
- data/test/dummy/app/models/user.rb +3 -0
- data/test/dummy/config/initializers/devise_token_auth.rb +5 -0
- data/test/dummy/config/routes.rb +16 -1
- data/test/dummy/db/development.sqlite3 +0 -0
- data/{lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb → test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb} +0 -0
- data/test/dummy/db/migrate/{20140714223034_devise_token_auth_create_users.rb → 20140715061805_devise_token_auth_create_mangs.rb} +7 -7
- data/test/dummy/db/schema.rb +35 -4
- data/test/dummy/db/test.sqlite3 +0 -0
- data/test/dummy/log/development.log +7601 -0
- data/test/dummy/log/test.log +128490 -0
- data/test/fixtures/mangs.yml +31 -0
- data/test/test_helper.rb +13 -9
- metadata +22 -8
@@ -14,4 +14,9 @@ DeviseTokenAuth.setup do |config|
|
|
14
14
|
# auth token. This setting determines how far apart the requests can be while
|
15
15
|
# still using the same auth token.
|
16
16
|
#config.batch_request_buffer_throttle = 5.seconds
|
17
|
+
|
18
|
+
# This route will be the prefix for all oauth2 redirect callbacks. For
|
19
|
+
# example, using the default '/omniauth', the github oauth2 provider will
|
20
|
+
# redirect successful authentications to '/omniauth/github/callback'
|
21
|
+
#config.omniauth_prefix = "/omniauth"
|
17
22
|
end
|
@@ -0,0 +1,56 @@
|
|
1
|
+
class DeviseTokenAuthCreate<%= user_class.pluralize %> < ActiveRecord::Migration
|
2
|
+
def change
|
3
|
+
create_table(:<%= user_class.pluralize.underscore %>) do |t|
|
4
|
+
## Database authenticatable
|
5
|
+
t.string :email
|
6
|
+
t.string :encrypted_password, :null => false, :default => ""
|
7
|
+
|
8
|
+
## Recoverable
|
9
|
+
t.string :reset_password_token
|
10
|
+
t.datetime :reset_password_sent_at
|
11
|
+
t.string :reset_password_redirect_url
|
12
|
+
|
13
|
+
## Rememberable
|
14
|
+
t.datetime :remember_created_at
|
15
|
+
|
16
|
+
## Trackable
|
17
|
+
t.integer :sign_in_count, :default => 0, :null => false
|
18
|
+
t.datetime :current_sign_in_at
|
19
|
+
t.datetime :last_sign_in_at
|
20
|
+
t.string :current_sign_in_ip
|
21
|
+
t.string :last_sign_in_ip
|
22
|
+
|
23
|
+
## Confirmable
|
24
|
+
t.string :confirmation_token
|
25
|
+
t.datetime :confirmed_at
|
26
|
+
t.datetime :confirmation_sent_at
|
27
|
+
t.string :confirm_success_url
|
28
|
+
t.string :unconfirmed_email # Only if using reconfirmable
|
29
|
+
|
30
|
+
## Lockable
|
31
|
+
# t.integer :failed_attempts, :default => 0, :null => false # Only if lock strategy is :failed_attempts
|
32
|
+
# t.string :unlock_token # Only if unlock strategy is :email or :both
|
33
|
+
# t.datetime :locked_at
|
34
|
+
|
35
|
+
## User Info
|
36
|
+
t.string :name
|
37
|
+
t.string :nickname
|
38
|
+
t.string :image
|
39
|
+
|
40
|
+
## unique oauth id
|
41
|
+
t.string :provider
|
42
|
+
t.string :uid, :null => false, :default => ""
|
43
|
+
|
44
|
+
## Tokens
|
45
|
+
t.text :tokens
|
46
|
+
|
47
|
+
t.timestamps
|
48
|
+
end
|
49
|
+
|
50
|
+
add_index :<%= user_class.pluralize.underscore %>, :email
|
51
|
+
add_index :<%= user_class.pluralize.underscore %>, :uid, :unique => true
|
52
|
+
add_index :<%= user_class.pluralize.underscore %>, :reset_password_token, :unique => true
|
53
|
+
# add_index :<%= user_class.pluralize.underscore %>, :confirmation_token, :unique => true
|
54
|
+
# add_index :<%= user_class.pluralize.underscore %>, :unlock_token, :unique => true
|
55
|
+
end
|
56
|
+
end
|
@@ -8,10 +8,6 @@ require 'test_helper'
|
|
8
8
|
|
9
9
|
class DemoControllerTest < ActionController::TestCase
|
10
10
|
describe DemoController, "Token access" do
|
11
|
-
setup do
|
12
|
-
@routes = Dummy::Application.routes
|
13
|
-
end
|
14
|
-
|
15
11
|
before do
|
16
12
|
@user = users(:confirmed_email_user)
|
17
13
|
@user.skip_confirmation!
|
@@ -230,4 +226,43 @@ class DemoControllerTest < ActionController::TestCase
|
|
230
226
|
end
|
231
227
|
end
|
232
228
|
end
|
229
|
+
|
230
|
+
# test with non-standard user class
|
231
|
+
describe DemoController, "Alternate user class" do
|
232
|
+
setup do
|
233
|
+
@request.env['devise.mapping'] = Devise.mappings[:mang]
|
234
|
+
end
|
235
|
+
|
236
|
+
teardown do
|
237
|
+
@request.env['devise.mapping'] = Devise.mappings[:user]
|
238
|
+
end
|
239
|
+
|
240
|
+
before do
|
241
|
+
@user = mangs(:confirmed_email_user)
|
242
|
+
@user.skip_confirmation!
|
243
|
+
@user.save!
|
244
|
+
|
245
|
+
@auth_header = @user.create_new_auth_token
|
246
|
+
|
247
|
+
@token = @auth_header[/token=(.*?) /,1]
|
248
|
+
@client_id = @auth_header[/client=(.*?) /,1]
|
249
|
+
@expiry = @auth_header[/expiry=(.*?) /,1]
|
250
|
+
|
251
|
+
# ensure that request is not treated as batch request
|
252
|
+
age_token(@user, @client_id)
|
253
|
+
|
254
|
+
request.headers['Authorization'] = @auth_header
|
255
|
+
xhr :get, :members_only
|
256
|
+
|
257
|
+
@resp_auth_header = response.headers['Authorization']
|
258
|
+
@resp_token = @resp_auth_header[/token=(.*?) /,1]
|
259
|
+
@resp_client_id = @resp_auth_header[/client=(.*?) /,1]
|
260
|
+
@resp_expiry = @resp_auth_header[/expiry=(.*?) /,1]
|
261
|
+
@resp_uid = @resp_auth_header[/uid=(.*?)$/,1]
|
262
|
+
end
|
263
|
+
|
264
|
+
it 'should return success status' do
|
265
|
+
assert_equal 200, response.status
|
266
|
+
end
|
267
|
+
end
|
233
268
|
end
|
@@ -0,0 +1,98 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
# was the web request successful?
|
4
|
+
# was the user redirected to the right page?
|
5
|
+
# was the user successfully authenticated?
|
6
|
+
# was the correct object stored in the response?
|
7
|
+
# was the appropriate message delivered in the json payload?
|
8
|
+
|
9
|
+
class OmniauthTest < ActionDispatch::IntegrationTest
|
10
|
+
setup do
|
11
|
+
OmniAuth.config.test_mode = true
|
12
|
+
OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new({
|
13
|
+
:provider => 'facebook',
|
14
|
+
:uid => '123545',
|
15
|
+
:info => {
|
16
|
+
name: 'chong',
|
17
|
+
email: 'chongbong@aol.com'
|
18
|
+
}
|
19
|
+
})
|
20
|
+
end
|
21
|
+
|
22
|
+
before do
|
23
|
+
@redirect_url = "http://ng-token-auth.dev/"
|
24
|
+
end
|
25
|
+
|
26
|
+
describe 'default user model' do
|
27
|
+
describe 'from api to provider' do
|
28
|
+
before do
|
29
|
+
get_via_redirect '/auth/facebook', {
|
30
|
+
auth_origin_url: @redirect_url
|
31
|
+
}
|
32
|
+
|
33
|
+
@user = assigns(:user)
|
34
|
+
end
|
35
|
+
|
36
|
+
test 'status should be success' do
|
37
|
+
assert_equal 200, response.status
|
38
|
+
end
|
39
|
+
|
40
|
+
test 'request should determine the correct resource_class' do
|
41
|
+
assert_equal 'User', request.env['omniauth.params']['resource_class']
|
42
|
+
end
|
43
|
+
|
44
|
+
test 'request should pass correct redirect_url' do
|
45
|
+
assert_equal @redirect_url, request.env['omniauth.params']['auth_origin_url']
|
46
|
+
end
|
47
|
+
|
48
|
+
test 'user should have been created' do
|
49
|
+
assert @user
|
50
|
+
end
|
51
|
+
|
52
|
+
test 'user should be assigned info from provider' do
|
53
|
+
assert_equal 'chongbong@aol.com', @user.email
|
54
|
+
end
|
55
|
+
|
56
|
+
test 'user should be of the correct class' do
|
57
|
+
assert_equal User, @user.class
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
61
|
+
|
62
|
+
|
63
|
+
describe 'alternate user model' do
|
64
|
+
describe 'from api to provider' do
|
65
|
+
before do
|
66
|
+
get_via_redirect '/bong/facebook', {
|
67
|
+
auth_origin_url: @redirect_url
|
68
|
+
}
|
69
|
+
|
70
|
+
@user = assigns(:user)
|
71
|
+
end
|
72
|
+
|
73
|
+
test 'status should be success' do
|
74
|
+
assert_equal 200, response.status
|
75
|
+
end
|
76
|
+
|
77
|
+
test 'request should determine the correct resource_class' do
|
78
|
+
assert_equal 'Mang', request.env['omniauth.params']['resource_class']
|
79
|
+
end
|
80
|
+
|
81
|
+
test 'request should pass correct redirect_url' do
|
82
|
+
assert_equal @redirect_url, request.env['omniauth.params']['auth_origin_url']
|
83
|
+
end
|
84
|
+
|
85
|
+
test 'user should have been created' do
|
86
|
+
assert @user
|
87
|
+
end
|
88
|
+
|
89
|
+
test 'user should be assigned info from provider' do
|
90
|
+
assert_equal 'chongbong@aol.com', @user.email
|
91
|
+
end
|
92
|
+
|
93
|
+
test 'user should be of the correct class' do
|
94
|
+
assert_equal Mang, @user.class
|
95
|
+
end
|
96
|
+
end
|
97
|
+
end
|
98
|
+
end
|
@@ -8,8 +8,6 @@ require 'test_helper'
|
|
8
8
|
|
9
9
|
class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
10
10
|
describe DeviseTokenAuth::ConfirmationsController, "Confirmation" do
|
11
|
-
fixtures :users
|
12
|
-
|
13
11
|
before do
|
14
12
|
@new_user = users(:unconfirmed_email_user)
|
15
13
|
@new_user.send_confirmation_instructions
|
@@ -50,4 +48,41 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
|
50
48
|
end
|
51
49
|
end
|
52
50
|
end
|
51
|
+
|
52
|
+
# test with non-standard user class
|
53
|
+
describe DeviseTokenAuth::ConfirmationsController, "Alternate user class" do
|
54
|
+
setup do
|
55
|
+
@request.env['devise.mapping'] = Devise.mappings[:mang]
|
56
|
+
end
|
57
|
+
|
58
|
+
teardown do
|
59
|
+
@request.env['devise.mapping'] = Devise.mappings[:user]
|
60
|
+
end
|
61
|
+
|
62
|
+
before do
|
63
|
+
@new_user = mangs(:unconfirmed_email_user)
|
64
|
+
@new_user.send_confirmation_instructions
|
65
|
+
@mail = ActionMailer::Base.deliveries.last
|
66
|
+
@token = @mail.body.match(/confirmation_token=(.*)\"/)[1]
|
67
|
+
end
|
68
|
+
|
69
|
+
test 'should generate raw token' do
|
70
|
+
assert @token
|
71
|
+
end
|
72
|
+
|
73
|
+
test "should store token hash in user" do
|
74
|
+
assert @new_user.confirmation_token
|
75
|
+
end
|
76
|
+
|
77
|
+
describe "success" do
|
78
|
+
before do
|
79
|
+
xhr :get, :show, {confirmation_token: @token}
|
80
|
+
@user = assigns(:user)
|
81
|
+
end
|
82
|
+
|
83
|
+
test "user should now be confirmed" do
|
84
|
+
assert @user.confirmed?
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
53
88
|
end
|
@@ -8,8 +8,6 @@ require 'test_helper'
|
|
8
8
|
|
9
9
|
class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
10
10
|
describe DeviseTokenAuth::PasswordsController, "Password reset" do
|
11
|
-
fixtures :users
|
12
|
-
|
13
11
|
before do
|
14
12
|
@user = users(:confirmed_email_user)
|
15
13
|
@redirect_url = 'http://ng-token-auth.dev'
|
@@ -163,5 +161,43 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
163
161
|
end
|
164
162
|
end
|
165
163
|
end
|
164
|
+
|
165
|
+
describe DeviseTokenAuth::PasswordsController, "Alternate user class" do
|
166
|
+
setup do
|
167
|
+
@request.env['devise.mapping'] = Devise.mappings[:mang]
|
168
|
+
end
|
169
|
+
|
170
|
+
teardown do
|
171
|
+
@request.env['devise.mapping'] = Devise.mappings[:user]
|
172
|
+
end
|
173
|
+
|
174
|
+
before do
|
175
|
+
@user = mangs(:confirmed_email_user)
|
176
|
+
@redirect_url = 'http://ng-token-auth.dev'
|
177
|
+
|
178
|
+
xhr :post, :create, {
|
179
|
+
email: @user.email,
|
180
|
+
redirect_url: @redirect_url
|
181
|
+
}
|
182
|
+
|
183
|
+
@mail = ActionMailer::Base.deliveries.last
|
184
|
+
@user.reload
|
185
|
+
|
186
|
+
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
187
|
+
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=(.*)&/)[1])
|
188
|
+
end
|
189
|
+
|
190
|
+
test 'response should return success status' do
|
191
|
+
assert_equal 200, response.status
|
192
|
+
end
|
193
|
+
|
194
|
+
test 'the email body should contain a link with reset token as a query param' do
|
195
|
+
user = Mang.reset_password_by_token({
|
196
|
+
reset_password_token: @mail_reset_token
|
197
|
+
})
|
198
|
+
|
199
|
+
assert_equal user.id, @user.id
|
200
|
+
end
|
201
|
+
end
|
166
202
|
end
|
167
203
|
|
@@ -73,8 +73,6 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionController::TestCase
|
|
73
73
|
end
|
74
74
|
|
75
75
|
describe DeviseTokenAuth::RegistrationsController, "Existing users" do
|
76
|
-
fixtures :users
|
77
|
-
|
78
76
|
before do
|
79
77
|
@existing_user = users(:confirmed_email_user)
|
80
78
|
|
@@ -104,8 +102,6 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionController::TestCase
|
|
104
102
|
|
105
103
|
|
106
104
|
describe DeviseTokenAuth::RegistrationsController, "Ouath user has existing email" do
|
107
|
-
fixtures :users
|
108
|
-
|
109
105
|
before do
|
110
106
|
@existing_user = users(:duplicate_email_facebook_user)
|
111
107
|
|
@@ -132,4 +128,35 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionController::TestCase
|
|
132
128
|
assert @data['data']['email']
|
133
129
|
end
|
134
130
|
end
|
131
|
+
|
132
|
+
describe DeviseTokenAuth::RegistrationsController, "Alternate user class" do
|
133
|
+
setup do
|
134
|
+
@request.env['devise.mapping'] = Devise.mappings[:mang]
|
135
|
+
end
|
136
|
+
|
137
|
+
teardown do
|
138
|
+
@request.env['devise.mapping'] = Devise.mappings[:user]
|
139
|
+
end
|
140
|
+
|
141
|
+
before do
|
142
|
+
xhr :post, :create, {
|
143
|
+
email: -> { Faker::Internet.email },
|
144
|
+
password: "secret123",
|
145
|
+
password_confirmation: "secret123",
|
146
|
+
confirm_success_url: -> { Faker::Internet.url }
|
147
|
+
}
|
148
|
+
|
149
|
+
@user = assigns(:resource)
|
150
|
+
@data = JSON.parse(response.body)
|
151
|
+
@mail = ActionMailer::Base.deliveries.last
|
152
|
+
end
|
153
|
+
|
154
|
+
test "request should be successful" do
|
155
|
+
assert_equal 200, response.status
|
156
|
+
end
|
157
|
+
|
158
|
+
test "use should be a Mang" do
|
159
|
+
assert_equal "Mang", @user.class.name
|
160
|
+
end
|
161
|
+
end
|
135
162
|
end
|
@@ -93,4 +93,36 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
|
|
93
93
|
assert @data['errors']
|
94
94
|
end
|
95
95
|
end
|
96
|
+
|
97
|
+
describe DeviseTokenAuth::SessionsController, "Alternate user class" do
|
98
|
+
setup do
|
99
|
+
@request.env['devise.mapping'] = Devise.mappings[:mang]
|
100
|
+
end
|
101
|
+
|
102
|
+
teardown do
|
103
|
+
@request.env['devise.mapping'] = Devise.mappings[:user]
|
104
|
+
end
|
105
|
+
|
106
|
+
before do
|
107
|
+
@existing_user = mangs(:confirmed_email_user)
|
108
|
+
@existing_user.skip_confirmation!
|
109
|
+
@existing_user.save!
|
110
|
+
|
111
|
+
xhr :post, :create, {
|
112
|
+
email: @existing_user.email,
|
113
|
+
password: 'secret123'
|
114
|
+
}
|
115
|
+
|
116
|
+
@user = assigns(:user)
|
117
|
+
@data = JSON.parse(response.body)
|
118
|
+
end
|
119
|
+
|
120
|
+
test "request should succeed" do
|
121
|
+
assert_equal 200, response.status
|
122
|
+
end
|
123
|
+
|
124
|
+
test "request should return user data" do
|
125
|
+
assert_equal @existing_user.email, @data['data']['email']
|
126
|
+
end
|
127
|
+
end
|
96
128
|
end
|
Binary file
|
@@ -14,4 +14,9 @@ DeviseTokenAuth.setup do |config|
|
|
14
14
|
# auth token. This setting determines how far apart the requests can be while
|
15
15
|
# still using the same auth token.
|
16
16
|
#config.batch_request_buffer_throttle = 5.seconds
|
17
|
+
|
18
|
+
# This route will be the prefix for all oauth2 redirect callbacks. For
|
19
|
+
# example, using the default '/omniauth', the github oauth2 provider will
|
20
|
+
# redirect successful authentications to '/omniauth/github/callback'
|
21
|
+
#config.omniauth_prefix = "/omniauth"
|
17
22
|
end
|