devise_token_auth 0.1.30.beta3 → 0.1.30.beta4

data/test/controllers/devise_token_auth/sessions_controller_test.rb

@@ -17,13 +17,25 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
 
       describe 'success' do
         before do
+          @old_sign_in_count      = @existing_user.sign_in_count
+          @old_current_sign_in_at = @existing_user.current_sign_in_at
+          @old_last_sign_in_at    = @existing_user.last_sign_in_at
+          @old_sign_in_ip         = @existing_user.current_sign_in_ip
+          @old_last_sign_in_ip    = @existing_user.last_sign_in_ip
+
           xhr :post, :create, {
             email: @existing_user.email,
             password: 'secret123'
           }
 
-          @user = assigns(:user)
+          @resource = assigns(:resource)
           @data = JSON.parse(response.body)
+
+          @new_sign_in_count      = @resource.sign_in_count
+          @new_current_sign_in_at = @resource.current_sign_in_at
+          @new_last_sign_in_at    = @resource.last_sign_in_at
+          @new_sign_in_ip         = @resource.current_sign_in_ip
+          @new_last_sign_in_ip    = @resource.last_sign_in_ip
         end
 
         test "request should succeed" do
@@ -33,8 +45,35 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
         test "request should return user data" do
           assert_equal @existing_user.email, @data['data']['email']
         end
+
+        describe 'trackable' do
+          test 'sign_in_count incrementns' do
+            assert_equal @old_sign_in_count + 1, @new_sign_in_count
+          end
+
+          test 'current_sign_in_at is updated' do
+            refute @old_current_sign_in_at
+            assert @new_current_sign_in_at
+          end
+
+          test 'last_sign_in_at is updated' do
+            refute @old_last_sign_in_at
+            assert @new_last_sign_in_at
+          end
+
+          test 'sign_in_ip is updated' do
+            refute @old_sign_in_ip
+            assert_equal "0.0.0.0", @new_sign_in_ip
+          end
+
+          test 'last_sign_in_ip is updated' do
+            refute @old_last_sign_in_ip
+            assert_equal "0.0.0.0", @new_last_sign_in_ip
+          end
+        end
       end
 
+
       describe 'authed user sign out' do
         before do
           @auth_headers = @existing_user.create_new_auth_token
@@ -70,7 +109,7 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
             password: 'bogus'
           }
 
-          @user = assigns(:user)
+          @resource = assigns(:resource)
           @data = JSON.parse(response.body)
         end
 
@@ -82,6 +121,30 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
           assert @data['errors']
         end
       end
+
+      describe 'case-insensitive email' do
+
+        before do
+          @resource_class = User
+          @request_params = {
+            email: @existing_user.email.upcase,
+            password: 'secret123'
+          }
+        end
+
+        test "request should succeed if configured" do
+          @resource_class.case_insensitive_keys = [:email]
+          xhr :post, :create, @request_params
+          assert_equal 200, response.status
+        end
+
+        test "request should fail if not configured" do
+          @resource_class.case_insensitive_keys = []
+          xhr :post, :create, @request_params
+          assert_equal 401, response.status
+        end
+
+      end
     end
 
     describe "Unconfirmed user" do
@@ -91,7 +154,7 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
           email: @unconfirmed_user.email,
           password: 'secret123'
         }
-        @user = assigns(:user)
+        @resource = assigns(:resource)
         @data = JSON.parse(response.body)
       end
 
@@ -110,7 +173,7 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
           email: -> { Faker::Internet.email },
           password: -> { Faker::Number.number(10) }
         }
-        @user = assigns(:user)
+        @resource = assigns(:resource)
         @data = JSON.parse(response.body)
       end
 
@@ -142,7 +205,7 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
           password: 'secret123'
         }
 
-        @user = assigns(:user)
+        @resource = assigns(:resource)
         @data = JSON.parse(response.body)
       end
 

data/test/controllers/overrides/omniauth_callbacks_controller_test.rb

@@ -26,7 +26,7 @@ class Overrides::OmniauthCallbacksControllerTest < ActionDispatch::IntegrationTe
         favorite_color: @favorite_color
       }
 
-      @user = assigns(:user)
+      @resource = assigns(:resource)
     end
 
     test 'request is successful' do
@@ -34,11 +34,11 @@ class Overrides::OmniauthCallbacksControllerTest < ActionDispatch::IntegrationTe
     end
 
     test 'controller was overridden' do
-      assert_equal @user.nickname, Overrides::OmniauthCallbacksController::DEFAULT_NICKNAME
+      assert_equal @resource.nickname, Overrides::OmniauthCallbacksController::DEFAULT_NICKNAME
     end
 
     test 'whitelisted param was allowed' do
-      assert_equal @favorite_color, @user.favorite_color
+      assert_equal @favorite_color, @resource.favorite_color
     end
   end
 end

data/test/controllers/overrides/passwords_controller_test.rb

@@ -9,16 +9,16 @@ require 'test_helper'
 class Overrides::PasswordsControllerTest < ActionDispatch::IntegrationTest
   describe Overrides::PasswordsController do
     before do
-      @user = evil_users(:confirmed_email_user)
+      @resource = evil_users(:confirmed_email_user)
       @redirect_url = Faker::Internet.url
 
       post "/evil_user_auth/password", {
-        email:        @user.email,
+        email:        @resource.email,
         redirect_url: @redirect_url
       }
 
       @mail = ActionMailer::Base.deliveries.last
-      @user.reload
+      @resource.reload
 
       @mail_config_name  = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
       @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
@@ -29,7 +29,7 @@ class Overrides::PasswordsControllerTest < ActionDispatch::IntegrationTest
         redirect_url: @mail_redirect_url
       }
 
-      @user.reload
+      @resource.reload
 
       raw_qs = response.location.split('?')[1]
       @qs = Rack::Utils.parse_nested_query(raw_qs)

data/test/controllers/overrides/sessions_controller_test.rb

@@ -18,7 +18,7 @@ class Overrides::RegistrationsControllerTest < ActionDispatch::IntegrationTest
         password: 'secret123'
       }
 
-      @user = assigns(:user)
+      @resource = assigns(:resource)
       @data = JSON.parse(response.body)
     end
 

data/test/controllers/overrides/token_validations_controller_test.rb

@@ -9,18 +9,18 @@ require 'test_helper'
 class Overrides::TokenValidationsControllerTest < ActionDispatch::IntegrationTest
   describe Overrides::TokenValidationsController do
     before do
-      @user = evil_users(:confirmed_email_user)
-      @user.skip_confirmation!
-      @user.save!
+      @resource = evil_users(:confirmed_email_user)
+      @resource.skip_confirmation!
+      @resource.save!
 
-      @auth_headers = @user.create_new_auth_token
+      @auth_headers = @resource.create_new_auth_token
 
       @token     = @auth_headers['access-token']
       @client_id = @auth_headers['client']
       @expiry    = @auth_headers['expiry']
 
       # ensure that request is not treated as batch request
-      age_token(@user, @client_id)
+      age_token(@resource, @client_id)
 
       get '/evil_user_auth/validate_token', {}, @auth_headers
 

data/test/dummy/app/controllers/demo_mang_controller.rb

@@ -4,8 +4,8 @@ class DemoMangController < ApplicationController
   def members_only
     render json: {
       data: {
-        message: "Welcome #{@user.name}",
-        user: @user
+        message: "Welcome #{current_mang.name}",
+        user: current_mang
       }
     }, status: 200
   end

data/test/dummy/app/controllers/demo_user_controller.rb

@@ -4,8 +4,8 @@ class DemoUserController < ApplicationController
   def members_only
     render json: {
       data: {
-        message: "Welcome #{@user.name}",
-        user: @user
+        message: "Welcome #{current_user.name}",
+        user: current_user
       }
     }, status: 200
   end

data/test/dummy/app/controllers/overrides/confirmations_controller.rb

@@ -1,23 +1,23 @@
 module Overrides
   class ConfirmationsController < DeviseTokenAuth::ConfirmationsController
     def show
-      @user = resource_class.confirm_by_token(params[:confirmation_token])
+      @resource = resource_class.confirm_by_token(params[:confirmation_token])
 
-      if @user and @user.id
+      if @resource and @resource.id
         # create client id
         client_id  = SecureRandom.urlsafe_base64(nil, false)
         token      = SecureRandom.urlsafe_base64(nil, false)
         token_hash = BCrypt::Password.create(token)
         expiry     = (Time.now + DeviseTokenAuth.token_lifespan).to_i
 
-        @user.tokens[client_id] = {
+        @resource.tokens[client_id] = {
           token:  token_hash,
           expiry: expiry
         }
 
-        @user.save!
+        @resource.save!
 
-        redirect_to(@user.build_auth_url(params[:redirect_url], {
+        redirect_to(@resource.build_auth_url(params[:redirect_url], {
           token:                        token,
           client_id:                    client_id,
           account_confirmation_success: true,

data/test/dummy/app/controllers/overrides/passwords_controller.rb

@@ -4,27 +4,27 @@ module Overrides
 
     # this is where users arrive after visiting the email confirmation link
     def edit
-      @user = resource_class.reset_password_by_token({
+      @resource = resource_class.reset_password_by_token({
         reset_password_token: resource_params[:reset_password_token]
       })
 
-      if @user and @user.id
+      if @resource and @resource.id
         client_id  = SecureRandom.urlsafe_base64(nil, false)
         token      = SecureRandom.urlsafe_base64(nil, false)
         token_hash = BCrypt::Password.create(token)
         expiry     = (Time.now + DeviseTokenAuth.token_lifespan).to_i
 
-        @user.tokens[client_id] = {
+        @resource.tokens[client_id] = {
           token:  token_hash,
           expiry: expiry
         }
 
         # ensure that user is confirmed
-        @user.skip_confirmation! unless @user.confirmed_at
+        @resource.skip_confirmation! unless @resource.confirmed_at
 
-        @user.save!
+        @resource.save!
 
-        redirect_to(@user.build_auth_url(params[:redirect_url], {
+        redirect_to(@resource.build_auth_url(params[:redirect_url], {
           token:          token,
           client_id:      client_id,
           reset_password: true,

data/test/dummy/app/controllers/overrides/registrations_controller.rb

@@ -3,17 +3,17 @@ module Overrides
     OVERRIDE_PROOF = "(^^,)"
 
     def update
-      if @user
-        if @user.update_attributes(account_update_params)
+      if @resource
+        if @resource.update_attributes(account_update_params)
           render json: {
             status: 'success',
-            data:   @user.as_json,
+            data:   @resource.as_json,
             override_proof: OVERRIDE_PROOF
           }
         else
           render json: {
             status: 'error',
-            errors: @user.errors
+            errors: @resource.errors
           }, status: 403
         end
       else

data/test/dummy/app/controllers/overrides/sessions_controller.rb

@@ -3,31 +3,31 @@ module Overrides
     OVERRIDE_PROOF = "(^^,)"
 
     def create
-      @user = resource_class.find_by_email(resource_params[:email])
+      @resource = resource_class.find_by_email(resource_params[:email])
 
-      if @user and valid_params? and @user.valid_password?(resource_params[:password]) and @user.confirmed?
+      if @resource and valid_params? and @resource.valid_password?(resource_params[:password]) and @resource.confirmed?
         # create client id
         @client_id = SecureRandom.urlsafe_base64(nil, false)
         @token     = SecureRandom.urlsafe_base64(nil, false)
 
-        @user.tokens[@client_id] = {
+        @resource.tokens[@client_id] = {
           token: BCrypt::Password.create(@token),
           expiry: (Time.now + DeviseTokenAuth.token_lifespan).to_i
         }
-        @user.save
+        @resource.save
 
         render json: {
-          data: @user.as_json(except: [
+          data: @resource.as_json(except: [
             :tokens, :created_at, :updated_at
           ]),
           override_proof: OVERRIDE_PROOF
         }
 
-      elsif @user and not @user.confirmed?
+      elsif @resource and not @resource.confirmed?
         render json: {
           success: false,
           errors: [
-            "A confirmation email was sent to your account at #{@user.email}. "+
+            "A confirmation email was sent to your account at #{@resource.email}. "+
             "You must follow the instructions in the email before your account "+
             "can be activated"
           ]

data/test/dummy/app/controllers/overrides/token_validations_controller.rb

@@ -3,11 +3,11 @@ module Overrides
     OVERRIDE_PROOF = '(^^,)'
 
     def validate_token
-      # @user will have been set by set_user_by_token concern
-      if @user
+      # @resource will have been set by set_user_by_token concern
+      if @resource
         render json: {
           success: true,
-          data: @user.as_json(except: [
+          data: @resource.as_json(except: [
             :tokens, :created_at, :updated_at
           ]),
           override_proof: OVERRIDE_PROOF

data/test/dummy/config/application.yml

@@ -0,0 +1,8 @@
+GITHUB_KEY:    4c78f513d7a412319c52
+GITHUB_SECRET: 6b82c1ea92425022d95d9dbcb75289b24417e626
+
+FACEBOOK_KEY:    515818101878894
+FACEBOOK_SECRET: d7cfef7cfa485dd30f10c237a97a0a8d
+
+GOOGLE_KEY:    xxx
+GOOGLE_SECRET: yyy

data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb

@@ -48,9 +48,9 @@ class DeviseTokenAuthCreateUsers < ActiveRecord::Migration
     end
 
     add_index :users, :email
-    add_index :users, :uid,                  :unique => true
+    add_index :users, [:uid, :provider],     :unique => true
     add_index :users, :reset_password_token, :unique => true
-    # add_index :users, :confirmation_token,   :unique => true
+    add_index :users, :confirmation_token,   :unique => true
     # add_index :users, :unlock_token,         :unique => true
   end
 end

data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb

@@ -48,9 +48,9 @@ class DeviseTokenAuthCreateMangs < ActiveRecord::Migration
     end
 
     add_index :mangs, :email
-    add_index :mangs, :uid,                  :unique => true
+    add_index :mangs, [:uid, :provider],     :unique => true
     add_index :mangs, :reset_password_token, :unique => true
-    # add_index :mangs, :confirmation_token,   :unique => true
+    add_index :mangs, :confirmation_token,   :unique => true
     # add_index :mangs, :unlock_token,         :unique => true
   end
 end

data/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb

@@ -49,9 +49,9 @@ class DeviseTokenAuthCreateEvilUsers < ActiveRecord::Migration
     end
 
     add_index :evil_users, :email
-    add_index :evil_users, :uid,                  :unique => true
+    add_index :evil_users, [:uid, :provider],     :unique => true
     add_index :evil_users, :reset_password_token, :unique => true
-    # add_index :evil_users, :confirmation_token,   :unique => true
+    add_index :evil_users, :confirmation_token,   :unique => true
     # add_index :evil_users, :unlock_token,         :unique => true
   end
 end

data/test/dummy/db/schema.rb

@@ -39,9 +39,10 @@ ActiveRecord::Schema.define(version: 20140928231203) do
     t.datetime "updated_at"
   end
 
-  add_index "evil_users", ["email"], name: "index_evil_users_on_email"
-  add_index "evil_users", ["reset_password_token"], name: "index_evil_users_on_reset_password_token", unique: true
-  add_index "evil_users", ["uid"], name: "index_evil_users_on_uid", unique: true
+  add_index "evil_users", ["confirmation_token"], name: "index_evil_users_on_confirmation_token", unique: true, using: :btree
+  add_index "evil_users", ["email"], name: "index_evil_users_on_email", using: :btree
+  add_index "evil_users", ["reset_password_token"], name: "index_evil_users_on_reset_password_token", unique: true, using: :btree
+  add_index "evil_users", ["uid", "provider"], name: "index_evil_users_on_uid_and_provider", unique: true, using: :btree
 
   create_table "mangs", force: true do |t|
     t.string   "email"
@@ -71,9 +72,10 @@ ActiveRecord::Schema.define(version: 20140928231203) do
     t.string   "favorite_color"
   end
 
-  add_index "mangs", ["email"], name: "index_mangs_on_email"
-  add_index "mangs", ["reset_password_token"], name: "index_mangs_on_reset_password_token", unique: true
-  add_index "mangs", ["uid"], name: "index_mangs_on_uid", unique: true
+  add_index "mangs", ["confirmation_token"], name: "index_mangs_on_confirmation_token", unique: true, using: :btree
+  add_index "mangs", ["email"], name: "index_mangs_on_email", using: :btree
+  add_index "mangs", ["reset_password_token"], name: "index_mangs_on_reset_password_token", unique: true, using: :btree
+  add_index "mangs", ["uid", "provider"], name: "index_mangs_on_uid_and_provider", unique: true, using: :btree
 
   create_table "users", force: true do |t|
     t.string   "email"
@@ -104,8 +106,9 @@ ActiveRecord::Schema.define(version: 20140928231203) do
     t.string   "favorite_color"
   end
 
-  add_index "users", ["email"], name: "index_users_on_email"
-  add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
-  add_index "users", ["uid"], name: "index_users_on_uid", unique: true
+  add_index "users", ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true, using: :btree
+  add_index "users", ["email"], name: "index_users_on_email", using: :btree
+  add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true, using: :btree
+  add_index "users", ["uid", "provider"], name: "index_users_on_uid_and_provider", unique: true, using: :btree
 
 end