devise_token_auth 0.1.21.alpha1 → 0.1.21.alpha2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +12 -3
- data/lib/devise_token_auth/version.rb +1 -1
- data/lib/generators/devise_token_auth/USAGE +4 -0
- data/lib/generators/devise_token_auth/install_generator.rb +14 -0
- data/test/controllers/demo_controller_test.rb +170 -168
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +60 -58
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +147 -146
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +145 -143
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +81 -79
- data/test/dummy/db/test.sqlite3 +0 -0
- data/test/dummy/log/test.log +9354 -0
- metadata +3 -3
@@ -7,81 +7,83 @@ require 'test_helper'
|
|
7
7
|
# was the appropriate message delivered in the json payload?
|
8
8
|
|
9
9
|
class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
10
|
-
describe DeviseTokenAuth::ConfirmationsController
|
11
|
-
|
12
|
-
@new_user = users(:unconfirmed_email_user)
|
13
|
-
@new_user.send_confirmation_instructions
|
14
|
-
@mail = ActionMailer::Base.deliveries.last
|
15
|
-
@token = @mail.body.match(/confirmation_token=(.*)\"/)[1]
|
16
|
-
end
|
17
|
-
|
18
|
-
test 'should generate raw token' do
|
19
|
-
assert @token
|
20
|
-
end
|
21
|
-
|
22
|
-
test "should store token hash in user" do
|
23
|
-
assert @new_user.confirmation_token
|
24
|
-
end
|
25
|
-
|
26
|
-
describe "success" do
|
10
|
+
describe DeviseTokenAuth::ConfirmationsController do
|
11
|
+
describe "Confirmation" do
|
27
12
|
before do
|
28
|
-
|
29
|
-
@
|
13
|
+
@new_user = users(:unconfirmed_email_user)
|
14
|
+
@new_user.send_confirmation_instructions
|
15
|
+
@mail = ActionMailer::Base.deliveries.last
|
16
|
+
@token = @mail.body.match(/confirmation_token=(.*)\"/)[1]
|
30
17
|
end
|
31
18
|
|
32
|
-
test
|
33
|
-
assert @
|
19
|
+
test 'should generate raw token' do
|
20
|
+
assert @token
|
34
21
|
end
|
35
22
|
|
36
|
-
test "should
|
37
|
-
|
23
|
+
test "should store token hash in user" do
|
24
|
+
assert @new_user.confirmation_token
|
38
25
|
end
|
39
|
-
end
|
40
26
|
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
@user = assigns(:user)
|
47
|
-
refute @user.confirmed?
|
48
|
-
end
|
49
|
-
end
|
50
|
-
end
|
27
|
+
describe "success" do
|
28
|
+
before do
|
29
|
+
xhr :get, :show, {confirmation_token: @token}
|
30
|
+
@user = assigns(:user)
|
31
|
+
end
|
51
32
|
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
@request.env['devise.mapping'] = Devise.mappings[:mang]
|
56
|
-
end
|
33
|
+
test "user should now be confirmed" do
|
34
|
+
assert @user.confirmed?
|
35
|
+
end
|
57
36
|
|
58
|
-
|
59
|
-
|
60
|
-
|
37
|
+
test "should redirect to success url" do
|
38
|
+
assert_redirected_to(/^#{@user.confirm_success_url}/)
|
39
|
+
end
|
40
|
+
end
|
61
41
|
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
42
|
+
describe "failure" do
|
43
|
+
test "user should not be confirmed" do
|
44
|
+
assert_raises(ActionController::RoutingError) {
|
45
|
+
xhr :get, :show, {confirmation_token: "bogus"}
|
46
|
+
}
|
47
|
+
@user = assigns(:user)
|
48
|
+
refute @user.confirmed?
|
49
|
+
end
|
50
|
+
end
|
67
51
|
end
|
68
52
|
|
69
|
-
test
|
70
|
-
|
71
|
-
|
53
|
+
# test with non-standard user class
|
54
|
+
describe "Alternate user model" do
|
55
|
+
setup do
|
56
|
+
@request.env['devise.mapping'] = Devise.mappings[:mang]
|
57
|
+
end
|
72
58
|
|
73
|
-
|
74
|
-
|
75
|
-
|
59
|
+
teardown do
|
60
|
+
@request.env['devise.mapping'] = Devise.mappings[:user]
|
61
|
+
end
|
76
62
|
|
77
|
-
describe "success" do
|
78
63
|
before do
|
79
|
-
|
80
|
-
@
|
64
|
+
@new_user = mangs(:unconfirmed_email_user)
|
65
|
+
@new_user.send_confirmation_instructions
|
66
|
+
@mail = ActionMailer::Base.deliveries.last
|
67
|
+
@token = @mail.body.match(/confirmation_token=(.*)\"/)[1]
|
81
68
|
end
|
82
69
|
|
83
|
-
test
|
84
|
-
assert @
|
70
|
+
test 'should generate raw token' do
|
71
|
+
assert @token
|
72
|
+
end
|
73
|
+
|
74
|
+
test "should store token hash in user" do
|
75
|
+
assert @new_user.confirmation_token
|
76
|
+
end
|
77
|
+
|
78
|
+
describe "success" do
|
79
|
+
before do
|
80
|
+
xhr :get, :show, {confirmation_token: @token}
|
81
|
+
@user = assigns(:user)
|
82
|
+
end
|
83
|
+
|
84
|
+
test "user should now be confirmed" do
|
85
|
+
assert @user.confirmed?
|
86
|
+
end
|
85
87
|
end
|
86
88
|
end
|
87
89
|
end
|
@@ -7,197 +7,198 @@ require 'test_helper'
|
|
7
7
|
# was the appropriate message delivered in the json payload?
|
8
8
|
|
9
9
|
class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
10
|
-
describe DeviseTokenAuth::PasswordsController
|
11
|
-
|
12
|
-
@user = users(:confirmed_email_user)
|
13
|
-
@redirect_url = 'http://ng-token-auth.dev'
|
14
|
-
end
|
15
|
-
|
16
|
-
describe 'request password reset' do
|
10
|
+
describe DeviseTokenAuth::PasswordsController do
|
11
|
+
describe "Password reset" do
|
17
12
|
before do
|
18
|
-
|
19
|
-
|
20
|
-
redirect_url: @redirect_url
|
21
|
-
}
|
22
|
-
|
23
|
-
@mail = ActionMailer::Base.deliveries.last
|
24
|
-
@user.reload
|
25
|
-
|
26
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
27
|
-
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=(.*)&/)[1])
|
28
|
-
end
|
29
|
-
|
30
|
-
test 'response should return success status' do
|
31
|
-
assert_equal 200, response.status
|
32
|
-
end
|
33
|
-
|
34
|
-
test 'action should save password_reset_redirect_url to user table' do
|
35
|
-
assert_equal @redirect_url, @user.reset_password_redirect_url
|
36
|
-
end
|
37
|
-
|
38
|
-
test 'action should send an email' do
|
39
|
-
assert @mail
|
40
|
-
end
|
41
|
-
|
42
|
-
test 'the email should be addressed to the user' do
|
43
|
-
assert_equal @mail.to.first, @user.email
|
44
|
-
end
|
45
|
-
|
46
|
-
test 'the email body should contain a link with redirect url as a query param' do
|
47
|
-
assert_equal @redirect_url, @mail_redirect_url
|
48
|
-
end
|
49
|
-
|
50
|
-
test 'the email body should contain a link with reset token as a query param' do
|
51
|
-
user = User.reset_password_by_token({
|
52
|
-
reset_password_token: @mail_reset_token
|
53
|
-
})
|
54
|
-
|
55
|
-
assert_equal user.id, @user.id
|
13
|
+
@user = users(:confirmed_email_user)
|
14
|
+
@redirect_url = 'http://ng-token-auth.dev'
|
56
15
|
end
|
57
16
|
|
58
|
-
describe 'password reset
|
59
|
-
test 'request should not be authorized' do
|
60
|
-
assert_raises(ActionController::RoutingError) {
|
61
|
-
xhr :get, :edit, {
|
62
|
-
reset_password_token: 'bogus',
|
63
|
-
redirect_url: @mail_redirect_url
|
64
|
-
}
|
65
|
-
}
|
66
|
-
end
|
67
|
-
end
|
68
|
-
|
69
|
-
describe 'password reset link success' do
|
17
|
+
describe 'request password reset' do
|
70
18
|
before do
|
71
|
-
xhr :
|
72
|
-
|
73
|
-
redirect_url: @
|
19
|
+
xhr :post, :create, {
|
20
|
+
email: @user.email,
|
21
|
+
redirect_url: @redirect_url
|
74
22
|
}
|
75
23
|
|
24
|
+
@mail = ActionMailer::Base.deliveries.last
|
76
25
|
@user.reload
|
77
26
|
|
78
|
-
@
|
79
|
-
@
|
27
|
+
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
28
|
+
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=(.*)&/)[1])
|
29
|
+
end
|
80
30
|
|
81
|
-
|
82
|
-
|
83
|
-
@reset_password = @qs["reset_password"].first
|
84
|
-
@token = @qs["token"].first
|
85
|
-
@uid = @qs["uid"].first
|
31
|
+
test 'response should return success status' do
|
32
|
+
assert_equal 200, response.status
|
86
33
|
end
|
87
34
|
|
88
|
-
test '
|
89
|
-
assert_equal
|
35
|
+
test 'action should save password_reset_redirect_url to user table' do
|
36
|
+
assert_equal @redirect_url, @user.reset_password_redirect_url
|
90
37
|
end
|
91
38
|
|
92
|
-
test '
|
93
|
-
assert @
|
94
|
-
assert @expiry
|
95
|
-
assert @reset_password
|
96
|
-
assert @token
|
97
|
-
assert @uid
|
39
|
+
test 'action should send an email' do
|
40
|
+
assert @mail
|
98
41
|
end
|
99
42
|
|
100
|
-
test '
|
101
|
-
|
43
|
+
test 'the email should be addressed to the user' do
|
44
|
+
assert_equal @mail.to.first, @user.email
|
102
45
|
end
|
103
|
-
end
|
104
|
-
end
|
105
46
|
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
@auth_header = @user.create_new_auth_token
|
110
|
-
request.headers['Authorization'] = @auth_header
|
111
|
-
@new_password = Faker::Internet.password
|
47
|
+
test 'the email body should contain a link with redirect url as a query param' do
|
48
|
+
assert_equal @redirect_url, @mail_redirect_url
|
49
|
+
end
|
112
50
|
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
}
|
51
|
+
test 'the email body should contain a link with reset token as a query param' do
|
52
|
+
user = User.reset_password_by_token({
|
53
|
+
reset_password_token: @mail_reset_token
|
54
|
+
})
|
117
55
|
|
118
|
-
@user.
|
56
|
+
assert_equal user.id, @user.id
|
119
57
|
end
|
120
58
|
|
121
|
-
|
122
|
-
|
59
|
+
describe 'password reset link failure' do
|
60
|
+
test 'request should not be authorized' do
|
61
|
+
assert_raises(ActionController::RoutingError) {
|
62
|
+
xhr :get, :edit, {
|
63
|
+
reset_password_token: 'bogus',
|
64
|
+
redirect_url: @mail_redirect_url
|
65
|
+
}
|
66
|
+
}
|
67
|
+
end
|
123
68
|
end
|
124
69
|
|
125
|
-
|
126
|
-
|
70
|
+
describe 'password reset link success' do
|
71
|
+
before do
|
72
|
+
xhr :get, :edit, {
|
73
|
+
reset_password_token: @mail_reset_token,
|
74
|
+
redirect_url: @mail_redirect_url
|
75
|
+
}
|
76
|
+
|
77
|
+
@user.reload
|
78
|
+
|
79
|
+
@uri = URI.parse(response.location)
|
80
|
+
@qs = CGI::parse(@uri.query)
|
81
|
+
|
82
|
+
@client_id = @qs["client_id"].first
|
83
|
+
@expiry = @qs["expiry"].first
|
84
|
+
@reset_password = @qs["reset_password"].first
|
85
|
+
@token = @qs["token"].first
|
86
|
+
@uid = @qs["uid"].first
|
87
|
+
end
|
88
|
+
|
89
|
+
test 'respones should have success redirect status' do
|
90
|
+
assert_equal 302, response.status
|
91
|
+
end
|
92
|
+
|
93
|
+
test 'response should contain auth params' do
|
94
|
+
assert @client_id
|
95
|
+
assert @expiry
|
96
|
+
assert @reset_password
|
97
|
+
assert @token
|
98
|
+
assert @uid
|
99
|
+
end
|
100
|
+
|
101
|
+
test 'response auth params should be valid' do
|
102
|
+
assert @user.valid_token?(@token, @client_id)
|
103
|
+
end
|
127
104
|
end
|
128
105
|
end
|
129
106
|
|
130
|
-
describe
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
107
|
+
describe "change password" do
|
108
|
+
describe 'success' do
|
109
|
+
before do
|
110
|
+
@auth_header = @user.create_new_auth_token
|
111
|
+
request.headers['Authorization'] = @auth_header
|
112
|
+
@new_password = Faker::Internet.password
|
135
113
|
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
114
|
+
xhr :put, :update, {
|
115
|
+
password: @new_password,
|
116
|
+
password_confirmation: @new_password
|
117
|
+
}
|
118
|
+
|
119
|
+
@user.reload
|
120
|
+
end
|
121
|
+
|
122
|
+
test "request should be successful" do
|
123
|
+
assert_equal 200, response.status
|
124
|
+
end
|
141
125
|
|
142
|
-
|
143
|
-
|
126
|
+
test "new password should authenticate user" do
|
127
|
+
assert @user.valid_password?(@new_password)
|
128
|
+
end
|
144
129
|
end
|
145
|
-
end
|
146
130
|
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
131
|
+
describe 'password mismatch error' do
|
132
|
+
before do
|
133
|
+
@auth_header = @user.create_new_auth_token
|
134
|
+
request.headers['Authorization'] = @auth_header
|
135
|
+
@new_password = Faker::Internet.password
|
151
136
|
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
137
|
+
xhr :put, :update, {
|
138
|
+
password: 'chong',
|
139
|
+
password_confirmation: 'bong'
|
140
|
+
}
|
141
|
+
end
|
142
|
+
|
143
|
+
test 'response should fail' do
|
144
|
+
assert_equal 422, response.status
|
145
|
+
end
|
156
146
|
end
|
157
147
|
|
158
|
-
|
159
|
-
|
148
|
+
describe 'unauthorized user' do
|
149
|
+
before do
|
150
|
+
@auth_header = @user.create_new_auth_token
|
151
|
+
@new_password = Faker::Internet.password
|
152
|
+
|
153
|
+
xhr :put, :update, {
|
154
|
+
password: @new_password,
|
155
|
+
password_confirmation: @new_password
|
156
|
+
}
|
157
|
+
end
|
158
|
+
|
159
|
+
test 'response should fail' do
|
160
|
+
assert_equal 401, response.status
|
161
|
+
end
|
160
162
|
end
|
161
163
|
end
|
162
164
|
end
|
163
|
-
end
|
164
165
|
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
|
166
|
+
describe "Alternate user class" do
|
167
|
+
setup do
|
168
|
+
@request.env['devise.mapping'] = Devise.mappings[:mang]
|
169
|
+
end
|
169
170
|
|
170
|
-
|
171
|
-
|
172
|
-
|
171
|
+
teardown do
|
172
|
+
@request.env['devise.mapping'] = Devise.mappings[:user]
|
173
|
+
end
|
173
174
|
|
174
|
-
|
175
|
-
|
176
|
-
|
175
|
+
before do
|
176
|
+
@user = mangs(:confirmed_email_user)
|
177
|
+
@redirect_url = 'http://ng-token-auth.dev'
|
177
178
|
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
|
179
|
+
xhr :post, :create, {
|
180
|
+
email: @user.email,
|
181
|
+
redirect_url: @redirect_url
|
182
|
+
}
|
182
183
|
|
183
|
-
|
184
|
-
|
184
|
+
@mail = ActionMailer::Base.deliveries.last
|
185
|
+
@user.reload
|
185
186
|
|
186
|
-
|
187
|
-
|
188
|
-
|
187
|
+
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
188
|
+
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=(.*)&/)[1])
|
189
|
+
end
|
189
190
|
|
190
|
-
|
191
|
-
|
192
|
-
|
191
|
+
test 'response should return success status' do
|
192
|
+
assert_equal 200, response.status
|
193
|
+
end
|
193
194
|
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
|
195
|
+
test 'the email body should contain a link with reset token as a query param' do
|
196
|
+
user = Mang.reset_password_by_token({
|
197
|
+
reset_password_token: @mail_reset_token
|
198
|
+
})
|
198
199
|
|
199
|
-
|
200
|
+
assert_equal user.id, @user.id
|
201
|
+
end
|
200
202
|
end
|
201
203
|
end
|
202
204
|
end
|
203
|
-
|