devise_token_auth 0.1.30.beta3 → 0.1.30.beta4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +16 -2
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +9 -9
- data/app/controllers/devise_token_auth/confirmations_controller.rb +5 -5
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +10 -10
- data/app/controllers/devise_token_auth/passwords_controller.rb +34 -23
- data/app/controllers/devise_token_auth/registrations_controller.rb +10 -11
- data/app/controllers/devise_token_auth/sessions_controller.rb +23 -8
- data/app/controllers/devise_token_auth/token_validations_controller.rb +3 -3
- data/app/models/devise_token_auth/concerns/user.rb +1 -0
- data/app/views/devise_token_auth/omniauth_success.html.erb +1 -1
- data/lib/devise_token_auth/version.rb +1 -1
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +6 -6
- data/test/controllers/demo_group_controller_test.rb +14 -14
- data/test/controllers/demo_mang_controller_test.rb +25 -25
- data/test/controllers/demo_user_controller_test.rb +25 -25
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +6 -6
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +11 -11
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +110 -84
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +23 -23
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +68 -5
- data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +3 -3
- data/test/controllers/overrides/passwords_controller_test.rb +4 -4
- data/test/controllers/overrides/sessions_controller_test.rb +1 -1
- data/test/controllers/overrides/token_validations_controller_test.rb +5 -5
- data/test/dummy/app/controllers/demo_mang_controller.rb +2 -2
- data/test/dummy/app/controllers/demo_user_controller.rb +2 -2
- data/test/dummy/app/controllers/overrides/confirmations_controller.rb +5 -5
- data/test/dummy/app/controllers/overrides/passwords_controller.rb +6 -6
- data/test/dummy/app/controllers/overrides/registrations_controller.rb +4 -4
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +7 -7
- data/test/dummy/app/controllers/overrides/token_validations_controller.rb +3 -3
- data/test/dummy/config/application.yml +8 -0
- data/test/dummy/db/development.sqlite3 +0 -0
- data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +2 -2
- data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +2 -2
- data/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb +2 -2
- data/test/dummy/db/schema.rb +12 -9
- data/test/dummy/db/test.sqlite3 +0 -0
- data/test/dummy/log/development.log +1979 -0
- data/test/dummy/log/test.log +183708 -0
- data/test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
- data/test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
- data/test/models/user_test.rb +37 -27
- metadata +10 -10
- data/test/dummy/tmp/generators/app/models/user.rb +0 -7
- data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +0 -22
- data/test/dummy/tmp/generators/db/migrate/20141028214843_devise_token_auth_create_users.rb +0 -54
@@ -17,13 +17,25 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
|
|
17
17
|
|
18
18
|
describe 'success' do
|
19
19
|
before do
|
20
|
+
@old_sign_in_count = @existing_user.sign_in_count
|
21
|
+
@old_current_sign_in_at = @existing_user.current_sign_in_at
|
22
|
+
@old_last_sign_in_at = @existing_user.last_sign_in_at
|
23
|
+
@old_sign_in_ip = @existing_user.current_sign_in_ip
|
24
|
+
@old_last_sign_in_ip = @existing_user.last_sign_in_ip
|
25
|
+
|
20
26
|
xhr :post, :create, {
|
21
27
|
email: @existing_user.email,
|
22
28
|
password: 'secret123'
|
23
29
|
}
|
24
30
|
|
25
|
-
@
|
31
|
+
@resource = assigns(:resource)
|
26
32
|
@data = JSON.parse(response.body)
|
33
|
+
|
34
|
+
@new_sign_in_count = @resource.sign_in_count
|
35
|
+
@new_current_sign_in_at = @resource.current_sign_in_at
|
36
|
+
@new_last_sign_in_at = @resource.last_sign_in_at
|
37
|
+
@new_sign_in_ip = @resource.current_sign_in_ip
|
38
|
+
@new_last_sign_in_ip = @resource.last_sign_in_ip
|
27
39
|
end
|
28
40
|
|
29
41
|
test "request should succeed" do
|
@@ -33,8 +45,35 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
|
|
33
45
|
test "request should return user data" do
|
34
46
|
assert_equal @existing_user.email, @data['data']['email']
|
35
47
|
end
|
48
|
+
|
49
|
+
describe 'trackable' do
|
50
|
+
test 'sign_in_count incrementns' do
|
51
|
+
assert_equal @old_sign_in_count + 1, @new_sign_in_count
|
52
|
+
end
|
53
|
+
|
54
|
+
test 'current_sign_in_at is updated' do
|
55
|
+
refute @old_current_sign_in_at
|
56
|
+
assert @new_current_sign_in_at
|
57
|
+
end
|
58
|
+
|
59
|
+
test 'last_sign_in_at is updated' do
|
60
|
+
refute @old_last_sign_in_at
|
61
|
+
assert @new_last_sign_in_at
|
62
|
+
end
|
63
|
+
|
64
|
+
test 'sign_in_ip is updated' do
|
65
|
+
refute @old_sign_in_ip
|
66
|
+
assert_equal "0.0.0.0", @new_sign_in_ip
|
67
|
+
end
|
68
|
+
|
69
|
+
test 'last_sign_in_ip is updated' do
|
70
|
+
refute @old_last_sign_in_ip
|
71
|
+
assert_equal "0.0.0.0", @new_last_sign_in_ip
|
72
|
+
end
|
73
|
+
end
|
36
74
|
end
|
37
75
|
|
76
|
+
|
38
77
|
describe 'authed user sign out' do
|
39
78
|
before do
|
40
79
|
@auth_headers = @existing_user.create_new_auth_token
|
@@ -70,7 +109,7 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
|
|
70
109
|
password: 'bogus'
|
71
110
|
}
|
72
111
|
|
73
|
-
@
|
112
|
+
@resource = assigns(:resource)
|
74
113
|
@data = JSON.parse(response.body)
|
75
114
|
end
|
76
115
|
|
@@ -82,6 +121,30 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
|
|
82
121
|
assert @data['errors']
|
83
122
|
end
|
84
123
|
end
|
124
|
+
|
125
|
+
describe 'case-insensitive email' do
|
126
|
+
|
127
|
+
before do
|
128
|
+
@resource_class = User
|
129
|
+
@request_params = {
|
130
|
+
email: @existing_user.email.upcase,
|
131
|
+
password: 'secret123'
|
132
|
+
}
|
133
|
+
end
|
134
|
+
|
135
|
+
test "request should succeed if configured" do
|
136
|
+
@resource_class.case_insensitive_keys = [:email]
|
137
|
+
xhr :post, :create, @request_params
|
138
|
+
assert_equal 200, response.status
|
139
|
+
end
|
140
|
+
|
141
|
+
test "request should fail if not configured" do
|
142
|
+
@resource_class.case_insensitive_keys = []
|
143
|
+
xhr :post, :create, @request_params
|
144
|
+
assert_equal 401, response.status
|
145
|
+
end
|
146
|
+
|
147
|
+
end
|
85
148
|
end
|
86
149
|
|
87
150
|
describe "Unconfirmed user" do
|
@@ -91,7 +154,7 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
|
|
91
154
|
email: @unconfirmed_user.email,
|
92
155
|
password: 'secret123'
|
93
156
|
}
|
94
|
-
@
|
157
|
+
@resource = assigns(:resource)
|
95
158
|
@data = JSON.parse(response.body)
|
96
159
|
end
|
97
160
|
|
@@ -110,7 +173,7 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
|
|
110
173
|
email: -> { Faker::Internet.email },
|
111
174
|
password: -> { Faker::Number.number(10) }
|
112
175
|
}
|
113
|
-
@
|
176
|
+
@resource = assigns(:resource)
|
114
177
|
@data = JSON.parse(response.body)
|
115
178
|
end
|
116
179
|
|
@@ -142,7 +205,7 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
|
|
142
205
|
password: 'secret123'
|
143
206
|
}
|
144
207
|
|
145
|
-
@
|
208
|
+
@resource = assigns(:resource)
|
146
209
|
@data = JSON.parse(response.body)
|
147
210
|
end
|
148
211
|
|
@@ -26,7 +26,7 @@ class Overrides::OmniauthCallbacksControllerTest < ActionDispatch::IntegrationTe
|
|
26
26
|
favorite_color: @favorite_color
|
27
27
|
}
|
28
28
|
|
29
|
-
@
|
29
|
+
@resource = assigns(:resource)
|
30
30
|
end
|
31
31
|
|
32
32
|
test 'request is successful' do
|
@@ -34,11 +34,11 @@ class Overrides::OmniauthCallbacksControllerTest < ActionDispatch::IntegrationTe
|
|
34
34
|
end
|
35
35
|
|
36
36
|
test 'controller was overridden' do
|
37
|
-
assert_equal @
|
37
|
+
assert_equal @resource.nickname, Overrides::OmniauthCallbacksController::DEFAULT_NICKNAME
|
38
38
|
end
|
39
39
|
|
40
40
|
test 'whitelisted param was allowed' do
|
41
|
-
assert_equal @favorite_color, @
|
41
|
+
assert_equal @favorite_color, @resource.favorite_color
|
42
42
|
end
|
43
43
|
end
|
44
44
|
end
|
@@ -9,16 +9,16 @@ require 'test_helper'
|
|
9
9
|
class Overrides::PasswordsControllerTest < ActionDispatch::IntegrationTest
|
10
10
|
describe Overrides::PasswordsController do
|
11
11
|
before do
|
12
|
-
@
|
12
|
+
@resource = evil_users(:confirmed_email_user)
|
13
13
|
@redirect_url = Faker::Internet.url
|
14
14
|
|
15
15
|
post "/evil_user_auth/password", {
|
16
|
-
email: @
|
16
|
+
email: @resource.email,
|
17
17
|
redirect_url: @redirect_url
|
18
18
|
}
|
19
19
|
|
20
20
|
@mail = ActionMailer::Base.deliveries.last
|
21
|
-
@
|
21
|
+
@resource.reload
|
22
22
|
|
23
23
|
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
24
24
|
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
@@ -29,7 +29,7 @@ class Overrides::PasswordsControllerTest < ActionDispatch::IntegrationTest
|
|
29
29
|
redirect_url: @mail_redirect_url
|
30
30
|
}
|
31
31
|
|
32
|
-
@
|
32
|
+
@resource.reload
|
33
33
|
|
34
34
|
raw_qs = response.location.split('?')[1]
|
35
35
|
@qs = Rack::Utils.parse_nested_query(raw_qs)
|
@@ -9,18 +9,18 @@ require 'test_helper'
|
|
9
9
|
class Overrides::TokenValidationsControllerTest < ActionDispatch::IntegrationTest
|
10
10
|
describe Overrides::TokenValidationsController do
|
11
11
|
before do
|
12
|
-
@
|
13
|
-
@
|
14
|
-
@
|
12
|
+
@resource = evil_users(:confirmed_email_user)
|
13
|
+
@resource.skip_confirmation!
|
14
|
+
@resource.save!
|
15
15
|
|
16
|
-
@auth_headers = @
|
16
|
+
@auth_headers = @resource.create_new_auth_token
|
17
17
|
|
18
18
|
@token = @auth_headers['access-token']
|
19
19
|
@client_id = @auth_headers['client']
|
20
20
|
@expiry = @auth_headers['expiry']
|
21
21
|
|
22
22
|
# ensure that request is not treated as batch request
|
23
|
-
age_token(@
|
23
|
+
age_token(@resource, @client_id)
|
24
24
|
|
25
25
|
get '/evil_user_auth/validate_token', {}, @auth_headers
|
26
26
|
|
@@ -1,23 +1,23 @@
|
|
1
1
|
module Overrides
|
2
2
|
class ConfirmationsController < DeviseTokenAuth::ConfirmationsController
|
3
3
|
def show
|
4
|
-
@
|
4
|
+
@resource = resource_class.confirm_by_token(params[:confirmation_token])
|
5
5
|
|
6
|
-
if @
|
6
|
+
if @resource and @resource.id
|
7
7
|
# create client id
|
8
8
|
client_id = SecureRandom.urlsafe_base64(nil, false)
|
9
9
|
token = SecureRandom.urlsafe_base64(nil, false)
|
10
10
|
token_hash = BCrypt::Password.create(token)
|
11
11
|
expiry = (Time.now + DeviseTokenAuth.token_lifespan).to_i
|
12
12
|
|
13
|
-
@
|
13
|
+
@resource.tokens[client_id] = {
|
14
14
|
token: token_hash,
|
15
15
|
expiry: expiry
|
16
16
|
}
|
17
17
|
|
18
|
-
@
|
18
|
+
@resource.save!
|
19
19
|
|
20
|
-
redirect_to(@
|
20
|
+
redirect_to(@resource.build_auth_url(params[:redirect_url], {
|
21
21
|
token: token,
|
22
22
|
client_id: client_id,
|
23
23
|
account_confirmation_success: true,
|
@@ -4,27 +4,27 @@ module Overrides
|
|
4
4
|
|
5
5
|
# this is where users arrive after visiting the email confirmation link
|
6
6
|
def edit
|
7
|
-
@
|
7
|
+
@resource = resource_class.reset_password_by_token({
|
8
8
|
reset_password_token: resource_params[:reset_password_token]
|
9
9
|
})
|
10
10
|
|
11
|
-
if @
|
11
|
+
if @resource and @resource.id
|
12
12
|
client_id = SecureRandom.urlsafe_base64(nil, false)
|
13
13
|
token = SecureRandom.urlsafe_base64(nil, false)
|
14
14
|
token_hash = BCrypt::Password.create(token)
|
15
15
|
expiry = (Time.now + DeviseTokenAuth.token_lifespan).to_i
|
16
16
|
|
17
|
-
@
|
17
|
+
@resource.tokens[client_id] = {
|
18
18
|
token: token_hash,
|
19
19
|
expiry: expiry
|
20
20
|
}
|
21
21
|
|
22
22
|
# ensure that user is confirmed
|
23
|
-
@
|
23
|
+
@resource.skip_confirmation! unless @resource.confirmed_at
|
24
24
|
|
25
|
-
@
|
25
|
+
@resource.save!
|
26
26
|
|
27
|
-
redirect_to(@
|
27
|
+
redirect_to(@resource.build_auth_url(params[:redirect_url], {
|
28
28
|
token: token,
|
29
29
|
client_id: client_id,
|
30
30
|
reset_password: true,
|
@@ -3,17 +3,17 @@ module Overrides
|
|
3
3
|
OVERRIDE_PROOF = "(^^,)"
|
4
4
|
|
5
5
|
def update
|
6
|
-
if @
|
7
|
-
if @
|
6
|
+
if @resource
|
7
|
+
if @resource.update_attributes(account_update_params)
|
8
8
|
render json: {
|
9
9
|
status: 'success',
|
10
|
-
data: @
|
10
|
+
data: @resource.as_json,
|
11
11
|
override_proof: OVERRIDE_PROOF
|
12
12
|
}
|
13
13
|
else
|
14
14
|
render json: {
|
15
15
|
status: 'error',
|
16
|
-
errors: @
|
16
|
+
errors: @resource.errors
|
17
17
|
}, status: 403
|
18
18
|
end
|
19
19
|
else
|
@@ -3,31 +3,31 @@ module Overrides
|
|
3
3
|
OVERRIDE_PROOF = "(^^,)"
|
4
4
|
|
5
5
|
def create
|
6
|
-
@
|
6
|
+
@resource = resource_class.find_by_email(resource_params[:email])
|
7
7
|
|
8
|
-
if @
|
8
|
+
if @resource and valid_params? and @resource.valid_password?(resource_params[:password]) and @resource.confirmed?
|
9
9
|
# create client id
|
10
10
|
@client_id = SecureRandom.urlsafe_base64(nil, false)
|
11
11
|
@token = SecureRandom.urlsafe_base64(nil, false)
|
12
12
|
|
13
|
-
@
|
13
|
+
@resource.tokens[@client_id] = {
|
14
14
|
token: BCrypt::Password.create(@token),
|
15
15
|
expiry: (Time.now + DeviseTokenAuth.token_lifespan).to_i
|
16
16
|
}
|
17
|
-
@
|
17
|
+
@resource.save
|
18
18
|
|
19
19
|
render json: {
|
20
|
-
data: @
|
20
|
+
data: @resource.as_json(except: [
|
21
21
|
:tokens, :created_at, :updated_at
|
22
22
|
]),
|
23
23
|
override_proof: OVERRIDE_PROOF
|
24
24
|
}
|
25
25
|
|
26
|
-
elsif @
|
26
|
+
elsif @resource and not @resource.confirmed?
|
27
27
|
render json: {
|
28
28
|
success: false,
|
29
29
|
errors: [
|
30
|
-
"A confirmation email was sent to your account at #{@
|
30
|
+
"A confirmation email was sent to your account at #{@resource.email}. "+
|
31
31
|
"You must follow the instructions in the email before your account "+
|
32
32
|
"can be activated"
|
33
33
|
]
|
@@ -3,11 +3,11 @@ module Overrides
|
|
3
3
|
OVERRIDE_PROOF = '(^^,)'
|
4
4
|
|
5
5
|
def validate_token
|
6
|
-
# @
|
7
|
-
if @
|
6
|
+
# @resource will have been set by set_user_by_token concern
|
7
|
+
if @resource
|
8
8
|
render json: {
|
9
9
|
success: true,
|
10
|
-
data: @
|
10
|
+
data: @resource.as_json(except: [
|
11
11
|
:tokens, :created_at, :updated_at
|
12
12
|
]),
|
13
13
|
override_proof: OVERRIDE_PROOF
|
Binary file
|
@@ -48,9 +48,9 @@ class DeviseTokenAuthCreateUsers < ActiveRecord::Migration
|
|
48
48
|
end
|
49
49
|
|
50
50
|
add_index :users, :email
|
51
|
-
add_index :users, :uid,
|
51
|
+
add_index :users, [:uid, :provider], :unique => true
|
52
52
|
add_index :users, :reset_password_token, :unique => true
|
53
|
-
|
53
|
+
add_index :users, :confirmation_token, :unique => true
|
54
54
|
# add_index :users, :unlock_token, :unique => true
|
55
55
|
end
|
56
56
|
end
|
@@ -48,9 +48,9 @@ class DeviseTokenAuthCreateMangs < ActiveRecord::Migration
|
|
48
48
|
end
|
49
49
|
|
50
50
|
add_index :mangs, :email
|
51
|
-
add_index :mangs, :uid,
|
51
|
+
add_index :mangs, [:uid, :provider], :unique => true
|
52
52
|
add_index :mangs, :reset_password_token, :unique => true
|
53
|
-
|
53
|
+
add_index :mangs, :confirmation_token, :unique => true
|
54
54
|
# add_index :mangs, :unlock_token, :unique => true
|
55
55
|
end
|
56
56
|
end
|
@@ -49,9 +49,9 @@ class DeviseTokenAuthCreateEvilUsers < ActiveRecord::Migration
|
|
49
49
|
end
|
50
50
|
|
51
51
|
add_index :evil_users, :email
|
52
|
-
add_index :evil_users, :uid,
|
52
|
+
add_index :evil_users, [:uid, :provider], :unique => true
|
53
53
|
add_index :evil_users, :reset_password_token, :unique => true
|
54
|
-
|
54
|
+
add_index :evil_users, :confirmation_token, :unique => true
|
55
55
|
# add_index :evil_users, :unlock_token, :unique => true
|
56
56
|
end
|
57
57
|
end
|
data/test/dummy/db/schema.rb
CHANGED
@@ -39,9 +39,10 @@ ActiveRecord::Schema.define(version: 20140928231203) do
|
|
39
39
|
t.datetime "updated_at"
|
40
40
|
end
|
41
41
|
|
42
|
-
add_index "evil_users", ["
|
43
|
-
add_index "evil_users", ["
|
44
|
-
add_index "evil_users", ["
|
42
|
+
add_index "evil_users", ["confirmation_token"], name: "index_evil_users_on_confirmation_token", unique: true, using: :btree
|
43
|
+
add_index "evil_users", ["email"], name: "index_evil_users_on_email", using: :btree
|
44
|
+
add_index "evil_users", ["reset_password_token"], name: "index_evil_users_on_reset_password_token", unique: true, using: :btree
|
45
|
+
add_index "evil_users", ["uid", "provider"], name: "index_evil_users_on_uid_and_provider", unique: true, using: :btree
|
45
46
|
|
46
47
|
create_table "mangs", force: true do |t|
|
47
48
|
t.string "email"
|
@@ -71,9 +72,10 @@ ActiveRecord::Schema.define(version: 20140928231203) do
|
|
71
72
|
t.string "favorite_color"
|
72
73
|
end
|
73
74
|
|
74
|
-
add_index "mangs", ["
|
75
|
-
add_index "mangs", ["
|
76
|
-
add_index "mangs", ["
|
75
|
+
add_index "mangs", ["confirmation_token"], name: "index_mangs_on_confirmation_token", unique: true, using: :btree
|
76
|
+
add_index "mangs", ["email"], name: "index_mangs_on_email", using: :btree
|
77
|
+
add_index "mangs", ["reset_password_token"], name: "index_mangs_on_reset_password_token", unique: true, using: :btree
|
78
|
+
add_index "mangs", ["uid", "provider"], name: "index_mangs_on_uid_and_provider", unique: true, using: :btree
|
77
79
|
|
78
80
|
create_table "users", force: true do |t|
|
79
81
|
t.string "email"
|
@@ -104,8 +106,9 @@ ActiveRecord::Schema.define(version: 20140928231203) do
|
|
104
106
|
t.string "favorite_color"
|
105
107
|
end
|
106
108
|
|
107
|
-
add_index "users", ["
|
108
|
-
add_index "users", ["
|
109
|
-
add_index "users", ["
|
109
|
+
add_index "users", ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true, using: :btree
|
110
|
+
add_index "users", ["email"], name: "index_users_on_email", using: :btree
|
111
|
+
add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true, using: :btree
|
112
|
+
add_index "users", ["uid", "provider"], name: "index_users_on_uid_and_provider", unique: true, using: :btree
|
110
113
|
|
111
114
|
end
|