devise_token_auth 0.1.20 → 0.1.21.alpha1

data/lib/generators/devise_token_auth/templates/devise_token_auth.rb

@@ -14,4 +14,9 @@ DeviseTokenAuth.setup do |config|
   # auth token. This setting determines how far apart the requests can be while
   # still using the same auth token.
   #config.batch_request_buffer_throttle = 5.seconds
+
+  # This route will be the prefix for all oauth2 redirect callbacks. For
+  # example, using the default '/omniauth', the github oauth2 provider will
+  # redirect successful authentications to '/omniauth/github/callback'
+  #config.omniauth_prefix = "/omniauth"
 end

data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb

@@ -0,0 +1,56 @@
+class DeviseTokenAuthCreate<%= user_class.pluralize %> < ActiveRecord::Migration
+  def change
+    create_table(:<%= user_class.pluralize.underscore %>) do |t|
+      ## Database authenticatable
+      t.string :email
+      t.string :encrypted_password, :null => false, :default => ""
+
+      ## Recoverable
+      t.string   :reset_password_token
+      t.datetime :reset_password_sent_at
+      t.string   :reset_password_redirect_url
+
+      ## Rememberable
+      t.datetime :remember_created_at
+
+      ## Trackable
+      t.integer  :sign_in_count, :default => 0, :null => false
+      t.datetime :current_sign_in_at
+      t.datetime :last_sign_in_at
+      t.string   :current_sign_in_ip
+      t.string   :last_sign_in_ip
+
+      ## Confirmable
+      t.string   :confirmation_token
+      t.datetime :confirmed_at
+      t.datetime :confirmation_sent_at
+      t.string   :confirm_success_url
+      t.string   :unconfirmed_email # Only if using reconfirmable
+
+      ## Lockable
+      # t.integer  :failed_attempts, :default => 0, :null => false # Only if lock strategy is :failed_attempts
+      # t.string   :unlock_token # Only if unlock strategy is :email or :both
+      # t.datetime :locked_at
+
+      ## User Info
+      t.string :name
+      t.string :nickname
+      t.string :image
+
+      ## unique oauth id
+      t.string :provider
+      t.string :uid, :null => false, :default => ""
+
+      ## Tokens
+      t.text :tokens
+
+      t.timestamps
+    end
+
+    add_index :<%= user_class.pluralize.underscore %>, :email
+    add_index :<%= user_class.pluralize.underscore %>, :uid,                  :unique => true
+    add_index :<%= user_class.pluralize.underscore %>, :reset_password_token, :unique => true
+    # add_index :<%= user_class.pluralize.underscore %>, :confirmation_token,   :unique => true
+    # add_index :<%= user_class.pluralize.underscore %>, :unlock_token,         :unique => true
+  end
+end

data/lib/generators/devise_token_auth/templates/user.rb

@@ -0,0 +1,3 @@
+class <%= user_class %> < ActiveRecord::Base
+  include DeviseTokenAuth::Concerns::User
+end

data/test/controllers/demo_controller_test.rb

@@ -8,10 +8,6 @@ require 'test_helper'
 
 class DemoControllerTest < ActionController::TestCase
   describe DemoController, "Token access" do
-    setup do
-      @routes = Dummy::Application.routes
-    end
-
     before do
       @user = users(:confirmed_email_user)
       @user.skip_confirmation!
@@ -230,4 +226,43 @@ class DemoControllerTest < ActionController::TestCase
       end
     end
   end
+
+  # test with non-standard user class
+  describe DemoController, "Alternate user class" do
+    setup do
+      @request.env['devise.mapping'] = Devise.mappings[:mang]
+    end
+
+    teardown do
+      @request.env['devise.mapping'] = Devise.mappings[:user]
+    end
+
+    before do
+      @user = mangs(:confirmed_email_user)
+      @user.skip_confirmation!
+      @user.save!
+
+      @auth_header = @user.create_new_auth_token
+
+      @token     = @auth_header[/token=(.*?) /,1]
+      @client_id = @auth_header[/client=(.*?) /,1]
+      @expiry    = @auth_header[/expiry=(.*?) /,1]
+
+      # ensure that request is not treated as batch request
+      age_token(@user, @client_id)
+
+      request.headers['Authorization'] = @auth_header
+      xhr :get, :members_only
+
+      @resp_auth_header = response.headers['Authorization']
+      @resp_token       = @resp_auth_header[/token=(.*?) /,1]
+      @resp_client_id   = @resp_auth_header[/client=(.*?) /,1]
+      @resp_expiry      = @resp_auth_header[/expiry=(.*?) /,1]
+      @resp_uid         = @resp_auth_header[/uid=(.*?)$/,1]
+    end
+
+    it 'should return success status' do
+      assert_equal 200, response.status
+    end
+  end
 end

data/test/controllers/devise_token_auth/auth_controller_test.rb

@@ -0,0 +1,98 @@
+require 'test_helper'
+
+#  was the web request successful?
+#  was the user redirected to the right page?
+#  was the user successfully authenticated?
+#  was the correct object stored in the response?
+#  was the appropriate message delivered in the json payload?
+
+class OmniauthTest < ActionDispatch::IntegrationTest
+  setup do
+    OmniAuth.config.test_mode = true
+    OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new({
+      :provider => 'facebook',
+      :uid => '123545',
+      :info => {
+        name: 'chong',
+        email: 'chongbong@aol.com'
+      }
+    })
+  end
+
+  before do
+    @redirect_url = "http://ng-token-auth.dev/"
+  end
+
+  describe 'default user model' do
+    describe 'from api to provider' do
+      before do
+        get_via_redirect '/auth/facebook', {
+          auth_origin_url: @redirect_url
+        }
+
+        @user = assigns(:user)
+      end
+
+      test 'status should be success' do
+        assert_equal 200, response.status
+      end
+
+      test 'request should determine the correct resource_class' do
+        assert_equal 'User', request.env['omniauth.params']['resource_class']
+      end
+
+      test 'request should pass correct redirect_url' do
+        assert_equal @redirect_url, request.env['omniauth.params']['auth_origin_url']
+      end
+
+      test 'user should have been created' do
+        assert @user
+      end
+
+      test 'user should be assigned info from provider' do
+        assert_equal 'chongbong@aol.com', @user.email
+      end
+
+      test 'user should be of the correct class' do
+        assert_equal User, @user.class
+      end
+    end
+  end
+
+
+  describe 'alternate user model' do
+    describe 'from api to provider' do
+      before do
+        get_via_redirect '/bong/facebook', {
+          auth_origin_url: @redirect_url
+        }
+
+        @user = assigns(:user)
+      end
+
+      test 'status should be success' do
+        assert_equal 200, response.status
+      end
+
+      test 'request should determine the correct resource_class' do
+        assert_equal 'Mang', request.env['omniauth.params']['resource_class']
+      end
+
+      test 'request should pass correct redirect_url' do
+        assert_equal @redirect_url, request.env['omniauth.params']['auth_origin_url']
+      end
+
+      test 'user should have been created' do
+        assert @user
+      end
+
+      test 'user should be assigned info from provider' do
+        assert_equal 'chongbong@aol.com', @user.email
+      end
+
+      test 'user should be of the correct class' do
+        assert_equal Mang, @user.class
+      end
+    end
+  end
+end

data/test/controllers/devise_token_auth/confirmations_controller_test.rb

@@ -8,8 +8,6 @@ require 'test_helper'
 
 class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
   describe DeviseTokenAuth::ConfirmationsController, "Confirmation" do
-    fixtures :users
-
     before do
       @new_user = users(:unconfirmed_email_user)
       @new_user.send_confirmation_instructions
@@ -50,4 +48,41 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
       end
     end
   end
+
+  # test with non-standard user class
+  describe DeviseTokenAuth::ConfirmationsController, "Alternate user class" do
+    setup do
+      @request.env['devise.mapping'] = Devise.mappings[:mang]
+    end
+
+    teardown do
+      @request.env['devise.mapping'] = Devise.mappings[:user]
+    end
+
+    before do
+      @new_user = mangs(:unconfirmed_email_user)
+      @new_user.send_confirmation_instructions
+      @mail  = ActionMailer::Base.deliveries.last
+      @token = @mail.body.match(/confirmation_token=(.*)\"/)[1]
+    end
+
+    test 'should generate raw token' do
+      assert @token
+    end
+
+    test "should store token hash in user" do
+      assert @new_user.confirmation_token
+    end
+
+    describe "success" do
+      before do
+        xhr :get, :show, {confirmation_token: @token}
+        @user = assigns(:user)
+      end
+
+      test "user should now be confirmed" do
+        assert @user.confirmed?
+      end
+    end
+  end
 end

data/test/controllers/devise_token_auth/passwords_controller_test.rb

@@ -8,8 +8,6 @@ require 'test_helper'
 
 class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
   describe DeviseTokenAuth::PasswordsController, "Password reset" do
-    fixtures :users
-
     before do
       @user = users(:confirmed_email_user)
       @redirect_url = 'http://ng-token-auth.dev'
@@ -163,5 +161,43 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
       end
     end
   end
+
+  describe DeviseTokenAuth::PasswordsController, "Alternate user class" do
+    setup do
+      @request.env['devise.mapping'] = Devise.mappings[:mang]
+    end
+
+    teardown do
+      @request.env['devise.mapping'] = Devise.mappings[:user]
+    end
+
+    before do
+      @user = mangs(:confirmed_email_user)
+      @redirect_url = 'http://ng-token-auth.dev'
+
+      xhr :post, :create, {
+        email:        @user.email,
+        redirect_url: @redirect_url
+      }
+
+      @mail = ActionMailer::Base.deliveries.last
+      @user.reload
+
+      @mail_reset_token  = @mail.body.match(/reset_password_token=(.*)\"/)[1]
+      @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=(.*)&amp;/)[1])
+    end
+
+    test 'response should return success status' do
+      assert_equal 200, response.status
+    end
+
+    test 'the email body should contain a link with reset token as a query param' do
+      user = Mang.reset_password_by_token({
+        reset_password_token: @mail_reset_token
+      })
+
+      assert_equal user.id, @user.id
+    end
+  end
 end
 

data/test/controllers/devise_token_auth/registrations_controller_test.rb

@@ -73,8 +73,6 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionController::TestCase
   end
 
   describe DeviseTokenAuth::RegistrationsController, "Existing users" do
-    fixtures :users
-
     before do
       @existing_user = users(:confirmed_email_user)
 
@@ -104,8 +102,6 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionController::TestCase
 
 
   describe DeviseTokenAuth::RegistrationsController, "Ouath user has existing email" do
-    fixtures :users
-
     before do
       @existing_user = users(:duplicate_email_facebook_user)
 
@@ -132,4 +128,35 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionController::TestCase
       assert @data['data']['email']
     end
   end
+
+  describe DeviseTokenAuth::RegistrationsController, "Alternate user class" do
+    setup do
+      @request.env['devise.mapping'] = Devise.mappings[:mang]
+    end
+
+    teardown do
+      @request.env['devise.mapping'] = Devise.mappings[:user]
+    end
+
+    before do
+      xhr :post, :create, {
+        email: -> { Faker::Internet.email },
+        password: "secret123",
+        password_confirmation: "secret123",
+        confirm_success_url: -> { Faker::Internet.url }
+      }
+
+      @user = assigns(:resource)
+      @data = JSON.parse(response.body)
+      @mail = ActionMailer::Base.deliveries.last
+    end
+
+    test "request should be successful" do
+      assert_equal 200, response.status
+    end
+
+    test "use should be a Mang" do
+      assert_equal "Mang", @user.class.name
+    end
+  end
 end

data/test/controllers/devise_token_auth/sessions_controller_test.rb

@@ -93,4 +93,36 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
       assert @data['errors']
     end
   end
+
+  describe DeviseTokenAuth::SessionsController, "Alternate user class" do
+    setup do
+      @request.env['devise.mapping'] = Devise.mappings[:mang]
+    end
+
+    teardown do
+      @request.env['devise.mapping'] = Devise.mappings[:user]
+    end
+
+    before do
+      @existing_user = mangs(:confirmed_email_user)
+      @existing_user.skip_confirmation!
+      @existing_user.save!
+
+      xhr :post, :create, {
+        email: @existing_user.email,
+        password: 'secret123'
+      }
+
+      @user = assigns(:user)
+      @data = JSON.parse(response.body)
+    end
+
+    test "request should succeed" do
+      assert_equal 200, response.status
+    end
+
+    test "request should return user data" do
+      assert_equal @existing_user.email, @data['data']['email']
+    end
+  end
 end

data/test/dummy/app/models/mang.rb

@@ -0,0 +1,3 @@
+class Mang < ActiveRecord::Base
+  include DeviseTokenAuth::Concerns::User
+end

data/test/dummy/app/models/user.rb

@@ -0,0 +1,3 @@
+class User < ActiveRecord::Base
+  include DeviseTokenAuth::Concerns::User
+end

data/test/dummy/config/initializers/devise_token_auth.rb

@@ -14,4 +14,9 @@ DeviseTokenAuth.setup do |config|
   # auth token. This setting determines how far apart the requests can be while
   # still using the same auth token.
   #config.batch_request_buffer_throttle = 5.seconds
+
+  # This route will be the prefix for all oauth2 redirect callbacks. For
+  # example, using the default '/omniauth', the github oauth2 provider will
+  # redirect successful authentications to '/omniauth/github/callback'
+  #config.omniauth_prefix = "/omniauth"
 end