devise_token_auth 0.1.28.beta6 → 0.1.28.beta7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (43) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +75 -20
  3. data/app/controllers/devise_token_auth/application_controller.rb +12 -0
  4. data/app/controllers/devise_token_auth/auth_controller.rb +1 -2
  5. data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +26 -10
  6. data/app/controllers/devise_token_auth/confirmations_controller.rb +1 -3
  7. data/app/controllers/devise_token_auth/passwords_controller.rb +11 -15
  8. data/app/controllers/devise_token_auth/registrations_controller.rb +16 -14
  9. data/app/controllers/devise_token_auth/sessions_controller.rb +2 -6
  10. data/app/models/devise_token_auth/concerns/user.rb +49 -1
  11. data/app/views/devise/mailer/confirmation_instructions.html.erb +1 -1
  12. data/app/views/devise/mailer/reset_password_instructions.html.erb +1 -1
  13. data/config/initializers/devise.rb +9 -0
  14. data/lib/devise_token_auth.rb +2 -0
  15. data/lib/devise_token_auth/controllers/helpers.rb +129 -0
  16. data/lib/devise_token_auth/controllers/url_helpers.rb +8 -0
  17. data/lib/devise_token_auth/engine.rb +4 -0
  18. data/lib/devise_token_auth/version.rb +1 -1
  19. data/test/controllers/demo_group_controller_test.rb +126 -0
  20. data/test/controllers/{demo_controller_test.rb → demo_mang_controller_test.rb} +32 -59
  21. data/test/controllers/demo_user_controller_test.rb +262 -0
  22. data/test/controllers/devise_token_auth/auth_controller_test.rb +1 -1
  23. data/test/controllers/devise_token_auth/confirmations_controller_test.rb +19 -6
  24. data/test/controllers/devise_token_auth/passwords_controller_test.rb +35 -7
  25. data/test/controllers/devise_token_auth/registrations_controller_test.rb +61 -8
  26. data/test/dummy/app/controllers/demo_group_controller.rb +13 -0
  27. data/test/dummy/app/controllers/demo_mang_controller.rb +12 -0
  28. data/test/dummy/app/controllers/demo_user_controller.rb +12 -0
  29. data/test/dummy/config/routes.rb +6 -5
  30. data/test/dummy/db/development.sqlite3 +0 -0
  31. data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +5 -0
  32. data/test/dummy/db/schema.rb +2 -3
  33. data/test/dummy/db/test.sqlite3 +0 -0
  34. data/test/dummy/log/development.log +3977 -0
  35. data/test/dummy/log/test.log +165539 -0
  36. data/test/dummy/tmp/generators/app/controllers/application_controller.rb +8 -0
  37. data/test/dummy/tmp/generators/app/models/user.rb +0 -4
  38. data/test/dummy/tmp/generators/db/migrate/{20140916215707_devise_token_auth_create_users.rb → 20140922164332_devise_token_auth_create_users.rb} +0 -0
  39. data/test/lib/generators/devise_token_auth/install_generator_test.rb +2 -2
  40. data/test/models/user_test.rb +0 -12
  41. data/test/test_helper.rb +9 -9
  42. metadata +22 -8
  43. data/test/dummy/app/controllers/demo_controller.rb +0 -16
@@ -0,0 +1,262 @@
1
+ require 'test_helper'
2
+
3
+ # was the web request successful?
4
+ # was the user redirected to the right page?
5
+ # was the user successfully authenticated?
6
+ # was the correct object stored in the response?
7
+ # was the appropriate message delivered in the json payload?
8
+
9
+ class DemoUserControllerTest < ActionDispatch::IntegrationTest
10
+ describe DemoUserController do
11
+ describe "Token access" do
12
+ before do
13
+ @user = users(:confirmed_email_user)
14
+ @user.skip_confirmation!
15
+ @user.save!
16
+
17
+ @auth_headers = @user.create_new_auth_token
18
+
19
+ @token = @auth_headers['access-token']
20
+ @client_id = @auth_headers['client']
21
+ @expiry = @auth_headers['expiry']
22
+ end
23
+
24
+ describe 'successful request' do
25
+ before do
26
+ # ensure that request is not treated as batch request
27
+ age_token(@user, @client_id)
28
+
29
+ get '/demo/members_only', {}, @auth_headers
30
+
31
+ @resp_token = response.headers['access-token']
32
+ @resp_client_id = response.headers['client']
33
+ @resp_expiry = response.headers['expiry']
34
+ @resp_uid = response.headers['uid']
35
+ end
36
+
37
+ describe 'devise mappings' do
38
+ it 'should define current_user' do
39
+ assert_equal @user, @controller.current_user
40
+ end
41
+
42
+ it 'should define user_signed_in?' do
43
+ assert @controller.user_signed_in?
44
+ end
45
+
46
+ it 'should not define current_mang' do
47
+ refute_equal @user, @controller.current_mang
48
+ end
49
+ end
50
+
51
+ it 'should return success status' do
52
+ assert_equal 200, response.status
53
+ end
54
+
55
+ it 'should receive new token after successful request' do
56
+ refute_equal @token, @resp_token
57
+ end
58
+
59
+ it 'should preserve the client id from the first request' do
60
+ assert_equal @client_id, @resp_client_id
61
+ end
62
+
63
+ it "should return the user's uid in the auth header" do
64
+ assert_equal @user.uid, @resp_uid
65
+ end
66
+
67
+ it 'should not treat this request as a batch request' do
68
+ refute assigns(:is_batch_request)
69
+ end
70
+
71
+ describe 'subsequent requests' do
72
+ before do
73
+ @user.reload
74
+ # ensure that request is not treated as batch request
75
+ age_token(@user, @client_id)
76
+
77
+ get '/demo/members_only', {}, @auth_headers.merge({'access-token' => @resp_token})
78
+ end
79
+
80
+ it 'should not treat this request as a batch request' do
81
+ refute assigns(:is_batch_request)
82
+ end
83
+
84
+ it "should allow a new request to be made using new token" do
85
+ assert_equal 200, response.status
86
+ end
87
+ end
88
+ end
89
+
90
+ describe 'failed request' do
91
+ before do
92
+ get '/demo/members_only', {}, @auth_headers.merge({'access-token' => "bogus"})
93
+ end
94
+
95
+ it 'should not return any auth headers' do
96
+ refute response.headers['access-token']
97
+ end
98
+
99
+ it 'should return error: unauthorized status' do
100
+ assert_equal 401, response.status
101
+ end
102
+ end
103
+
104
+ describe 'disable change_headers_on_each_request' do
105
+ before do
106
+ DeviseTokenAuth.change_headers_on_each_request = false
107
+ @user.reload
108
+ age_token(@user, @client_id)
109
+
110
+ get '/demo/members_only', {}, @auth_headers
111
+
112
+ @first_is_batch_request = assigns(:is_batch_request)
113
+ @first_user = assigns(:user).dup
114
+ @first_access_token = response.headers['access-token']
115
+ @first_response_status = response.status
116
+
117
+ @user.reload
118
+ age_token(@user, @client_id)
119
+
120
+ # use expired auth header
121
+ get '/demo/members_only', {}, @auth_headers
122
+
123
+ @second_is_batch_request = assigns(:is_batch_request)
124
+ @second_user = assigns(:user).dup
125
+ @second_access_token = response.headers['access-token']
126
+ @second_response_status = response.status
127
+ end
128
+
129
+ after do
130
+ DeviseTokenAuth.change_headers_on_each_request = true
131
+ end
132
+
133
+ it 'should allow the first request through' do
134
+ assert_equal 200, @first_response_status
135
+ end
136
+
137
+ it 'should allow the second request through' do
138
+ assert_equal 200, @second_response_status
139
+ end
140
+
141
+ it 'should return auth headers from the first request' do
142
+ assert @first_access_token
143
+ end
144
+
145
+ it 'should not treat either requests as batch requests' do
146
+ refute @first_is_batch_request
147
+ refute @second_is_batch_request
148
+ end
149
+
150
+ it 'should return auth headers from the second request' do
151
+ assert @second_access_token
152
+ end
153
+
154
+ it 'should define user during first request' do
155
+ assert @first_user
156
+ end
157
+
158
+ it 'should define user during second request' do
159
+ assert @second_user
160
+ end
161
+ end
162
+
163
+ describe 'batch requests' do
164
+ describe 'success' do
165
+ before do
166
+ age_token(@user, @client_id)
167
+ #request.headers.merge!(@auth_headers)
168
+
169
+ get '/demo/members_only', {}, @auth_headers
170
+
171
+ @first_is_batch_request = assigns(:is_batch_request)
172
+ @first_user = assigns(:user)
173
+ @first_access_token = response.headers['access-token']
174
+
175
+ get '/demo/members_only', {}, @auth_headers
176
+
177
+ @second_is_batch_request = assigns(:is_batch_request)
178
+ @second_user = assigns(:user)
179
+ @second_access_token = response.headers['access-token']
180
+ end
181
+
182
+ it 'should allow both requests through' do
183
+ assert_equal 200, response.status
184
+ end
185
+
186
+ it 'should not treat the first request as a batch request' do
187
+ refute @first_is_batch_request
188
+ end
189
+
190
+ it 'should treat the second request as a batch request' do
191
+ assert @second_is_batch_request
192
+ end
193
+
194
+ it 'should return access token for first (non-batch) request' do
195
+ assert @first_access_token
196
+ end
197
+
198
+ it 'should NOT return auth headers for second (batched) requests' do
199
+ refute @second_access_token
200
+ end
201
+ end
202
+
203
+ describe 'time out' do
204
+ before do
205
+ @user.reload
206
+ age_token(@user, @client_id)
207
+
208
+ get '/demo/members_only', {}, @auth_headers
209
+
210
+ @first_is_batch_request = assigns(:is_batch_request)
211
+ @first_user = assigns(:user).dup
212
+ @first_access_token = response.headers['access-token']
213
+ @first_response_status = response.status
214
+
215
+ @user.reload
216
+ age_token(@user, @client_id)
217
+
218
+ # use expired auth header
219
+ get '/demo/members_only', {}, @auth_headers
220
+
221
+ @second_is_batch_request = assigns(:is_batch_request)
222
+ @second_user = assigns(:user)
223
+ @second_access_token = response.headers['access-token']
224
+ @second_response_status = response.status
225
+ end
226
+
227
+ it 'should allow the first request through' do
228
+ assert_equal 200, @first_response_status
229
+ end
230
+
231
+ it 'should not allow the second request through' do
232
+ assert_equal 401, @second_response_status
233
+ end
234
+
235
+ it 'should not treat first request as batch request' do
236
+ refute @secord_is_batch_request
237
+ end
238
+
239
+ it 'should return auth headers from the first request' do
240
+ assert @first_access_token
241
+ end
242
+
243
+ it 'should not treat second request as batch request' do
244
+ refute @secord_is_batch_request
245
+ end
246
+
247
+ it 'should not return auth headers from the second request' do
248
+ refute @second_access_token
249
+ end
250
+
251
+ it 'should define user during first request' do
252
+ assert @first_user
253
+ end
254
+
255
+ it 'should not define user during second request' do
256
+ refute @second_user
257
+ end
258
+ end
259
+ end
260
+ end
261
+ end
262
+ end
@@ -104,7 +104,7 @@ class OmniauthTest < ActionDispatch::IntegrationTest
104
104
  describe 'alternate user model' do
105
105
  describe 'from api to provider' do
106
106
  before do
107
- get_via_redirect '/bong/facebook', {
107
+ get_via_redirect '/mangs/facebook', {
108
108
  auth_origin_url: @redirect_url
109
109
  }
110
110
 
@@ -12,14 +12,19 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
12
12
  before do
13
13
  @new_user = users(:unconfirmed_email_user)
14
14
  @new_user.send_confirmation_instructions
15
- @mail = ActionMailer::Base.deliveries.last
16
- @token = @mail.body.match(/confirmation_token=(.*)\"/)[1]
15
+ @mail = ActionMailer::Base.deliveries.last
16
+ @token = @mail.body.match(/confirmation_token=(.*)\"/)[1]
17
+ @client_config = @mail.body.match(/config=(.*)\&/)[1]
17
18
  end
18
19
 
19
20
  test 'should generate raw token' do
20
21
  assert @token
21
22
  end
22
23
 
24
+ test "should include config name as 'default' in confirmation link" do
25
+ assert_equal "default", @client_config
26
+ end
27
+
23
28
  test "should store token hash in user" do
24
29
  assert @new_user.confirmation_token
25
30
  end
@@ -61,16 +66,24 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
61
66
  end
62
67
 
63
68
  before do
64
- @new_user = mangs(:unconfirmed_email_user)
65
- @new_user.send_confirmation_instructions
66
- @mail = ActionMailer::Base.deliveries.last
67
- @token = @mail.body.match(/confirmation_token=(.*)\"/)[1]
69
+ @config_name = "altUser"
70
+ @new_user = mangs(:unconfirmed_email_user)
71
+
72
+ @new_user.send_confirmation_instructions(client_config: @config_name)
73
+
74
+ @mail = ActionMailer::Base.deliveries.last
75
+ @token = @mail.body.match(/confirmation_token=(.*)\"/)[1]
76
+ @client_config = @mail.body.match(/config=(.*)\&/)[1]
68
77
  end
69
78
 
70
79
  test 'should generate raw token' do
71
80
  assert @token
72
81
  end
73
82
 
83
+ test "should include config name in confirmation link" do
84
+ assert_equal @config_name, @client_config
85
+ end
86
+
74
87
  test "should store token hash in user" do
75
88
  assert @new_user.confirmation_token
76
89
  end
@@ -24,18 +24,15 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
24
24
  @mail = ActionMailer::Base.deliveries.last
25
25
  @user.reload
26
26
 
27
+ @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
28
+ @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
27
29
  @mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
28
- @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=(.*)&amp;/)[1])
29
30
  end
30
31
 
31
32
  test 'response should return success status' do
32
33
  assert_equal 200, response.status
33
34
  end
34
35
 
35
- test 'action should save password_reset_redirect_url to user table' do
36
- assert_equal @redirect_url, @user.reset_password_redirect_url
37
- end
38
-
39
36
  test 'action should send an email' do
40
37
  assert @mail
41
38
  end
@@ -48,6 +45,10 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
48
45
  assert_equal @redirect_url, @mail_redirect_url
49
46
  end
50
47
 
48
+ test 'the client config name should fall back to "default"' do
49
+ assert_equal 'default', @mail_config_name
50
+ end
51
+
51
52
  test 'the email body should contain a link with reset token as a query param' do
52
53
  user = User.reset_password_by_token({
53
54
  reset_password_token: @mail_reset_token
@@ -184,8 +185,9 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
184
185
  @mail = ActionMailer::Base.deliveries.last
185
186
  @user.reload
186
187
 
188
+ @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
189
+ @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
187
190
  @mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
188
- @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=(.*)&amp;/)[1])
189
191
  end
190
192
 
191
193
  test 'response should return success status' do
@@ -214,8 +216,9 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
214
216
  @mail = ActionMailer::Base.deliveries.last
215
217
  @user.reload
216
218
 
219
+ @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
220
+ @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
217
221
  @mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
218
- @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=(.*)&amp;/)[1])
219
222
 
220
223
  xhr :get, :edit, {
221
224
  reset_password_token: @mail_reset_token,
@@ -229,5 +232,30 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
229
232
  assert @user.confirmed_at
230
233
  end
231
234
  end
235
+
236
+ describe 'alternate user type' do
237
+ before do
238
+ @user = users(:confirmed_email_user)
239
+ @redirect_url = 'http://ng-token-auth.dev'
240
+ @config_name = "altUser"
241
+
242
+ xhr :post, :create, {
243
+ email: @user.email,
244
+ redirect_url: @redirect_url,
245
+ config_name: @config_name
246
+ }
247
+
248
+ @mail = ActionMailer::Base.deliveries.last
249
+ @user.reload
250
+
251
+ @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
252
+ @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
253
+ @mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
254
+ end
255
+
256
+ test 'config_name param is included in the confirmation email link' do
257
+ assert_equal @config_name, @mail_config_name
258
+ end
259
+ end
232
260
  end
233
261
  end
@@ -39,10 +39,6 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionController::TestCase
39
39
  assert @data['data']['email']
40
40
  end
41
41
 
42
- test "confirm_success_url be allowed by strong params" do
43
- assert @data['data']['confirm_success_url']
44
- end
45
-
46
42
  test "new user should receive confirmation email" do
47
43
  assert_equal @user.email, @mail['to'].to_s
48
44
  end
@@ -54,21 +50,41 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionController::TestCase
54
50
 
55
51
  describe "Adding extra params" do
56
52
  before do
53
+ @redirect_url = Faker::Internet.url
54
+ @operating_thetan = 2
55
+
57
56
  xhr :post, :create, {
58
57
  email: Faker::Internet.email,
59
58
  password: "secret123",
60
59
  password_confirmation: "secret123",
61
- confirm_success_url: Faker::Internet.url,
62
- operating_thetan: 2
60
+ confirm_success_url: @redirect_url,
61
+ favorite_color: @fav_color,
62
+ operating_thetan: @operating_thetan
63
63
  }
64
64
 
65
65
  @user = assigns(:resource)
66
66
  @data = JSON.parse(response.body)
67
67
  @mail = ActionMailer::Base.deliveries.last
68
+
69
+ @mail_reset_token = @mail.body.match(/confirmation_token=([^&]*)&/)[1]
70
+ @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=(.*)\"/)[1])
71
+ @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
72
+ end
73
+
74
+ test 'redirect_url is included as param in email' do
75
+ assert_equal @redirect_url, @mail_redirect_url
76
+ end
77
+
78
+ test "additional sign_up params should be considered" do
79
+ assert_equal @operating_thetan, @user.operating_thetan
80
+ end
81
+
82
+ test 'config_name param is included in the confirmation email link' do
83
+ assert @mail_config_name
68
84
  end
69
85
 
70
- test "Additional sign_up params should be considered" do
71
- assert_equal 2, @user.operating_thetan
86
+ test "client config name falls back to 'default'" do
87
+ assert_equal "default", @mail_config_name
72
88
  end
73
89
  end
74
90
 
@@ -334,5 +350,42 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionController::TestCase
334
350
  refute Mang.where(id: @user.id).first
335
351
  end
336
352
  end
353
+
354
+
355
+ describe "Passing client config name" do
356
+ setup do
357
+ @request.env['devise.mapping'] = Devise.mappings[:mang]
358
+ end
359
+
360
+ teardown do
361
+ @request.env['devise.mapping'] = Devise.mappings[:user]
362
+ end
363
+
364
+ before do
365
+ @config_name = 'altUser'
366
+
367
+ xhr :post, :create, {
368
+ email: Faker::Internet.email,
369
+ password: "secret123",
370
+ password_confirmation: "secret123",
371
+ confirm_success_url: Faker::Internet.url,
372
+ config_name: @config_name
373
+ }
374
+
375
+ @user = assigns(:resource)
376
+ @data = JSON.parse(response.body)
377
+ @mail = ActionMailer::Base.deliveries.last
378
+
379
+ @user.reload
380
+
381
+ @mail_reset_token = @mail.body.match(/confirmation_token=([^&]*)&/)[1]
382
+ @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=(.*)\"/)[1])
383
+ @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
384
+ end
385
+
386
+ test 'config_name param is included in the confirmation email link' do
387
+ assert_equal @config_name, @mail_config_name
388
+ end
389
+ end
337
390
  end
338
391
  end