devise_token_auth 0.1.32.beta10 → 0.1.32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +33 -31
- data/app/controllers/devise_token_auth/confirmations_controller.rb +2 -0
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +2 -0
- data/app/controllers/devise_token_auth/passwords_controller.rb +25 -14
- data/app/controllers/devise_token_auth/registrations_controller.rb +22 -11
- data/app/controllers/devise_token_auth/sessions_controller.rb +15 -9
- data/app/controllers/devise_token_auth/token_validations_controller.rb +2 -1
- data/app/models/devise_token_auth/concerns/user.rb +19 -14
- data/app/validators/email_validator.rb +1 -1
- data/config/locales/en.yml +30 -0
- data/config/locales/es.yml +30 -0
- data/config/locales/fr.yml +30 -0
- data/lib/devise_token_auth/engine.rb +10 -8
- data/lib/devise_token_auth/version.rb +1 -1
- data/lib/generators/devise_token_auth/install_generator.rb +28 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +6 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +2 -2
- data/test/controllers/custom/custom_confirmations_controller_test.rb +26 -0
- data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +29 -0
- data/test/controllers/custom/custom_passwords_controller_test.rb +66 -0
- data/test/controllers/custom/custom_registrations_controller_test.rb +1 -1
- data/test/controllers/custom/custom_sessions_controller_test.rb +30 -0
- data/test/controllers/custom/custom_token_validations_controller_test.rb +29 -0
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +159 -10
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +249 -58
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +80 -1
- data/test/controllers/devise_token_auth/token_validations_controller_test.rb +17 -0
- data/test/dummy/app/controllers/application_controller.rb +1 -0
- data/test/dummy/app/controllers/custom/confirmations_controller.rb +13 -0
- data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb +13 -0
- data/test/dummy/app/controllers/custom/passwords_controller.rb +35 -0
- data/test/dummy/app/controllers/custom/sessions_controller.rb +23 -0
- data/test/dummy/app/controllers/custom/token_validations_controller.rb +13 -0
- data/test/dummy/app/models/unconfirmable_user.rb +8 -0
- data/test/dummy/config/application.rb +1 -0
- data/test/dummy/config/routes.rb +8 -1
- data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +7 -1
- data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +7 -1
- data/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb +7 -1
- data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +7 -1
- data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +7 -1
- data/test/dummy/db/migrate/20150409095712_devise_token_auth_create_nice_users.rb +7 -1
- data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +60 -0
- data/test/dummy/db/schema.rb +89 -64
- data/test/dummy/db/test.sqlite3 +0 -0
- data/test/dummy/lib/migration_database_helper.rb +29 -0
- data/test/dummy/log/test.log +41319 -29566
- data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +6 -0
- data/test/dummy/tmp/generators/config/routes.rb +4 -0
- data/test/dummy/tmp/generators/db/migrate/{20150617175802_devise_token_auth_create_users.rb → 20150729144233_devise_token_auth_create_users.rb} +1 -1
- data/test/fixtures/unconfirmable_users.yml +9 -0
- data/test/fixtures/users.yml +12 -0
- data/test/models/user_test.rb +21 -0
- metadata +39 -13
- data/config/locales/devise.en.yml +0 -59
- data/test/dummy/db/development.sqlite3 +0 -0
- data/test/dummy/log/development.log +0 -473
- data/test/dummy/tmp/generators/app/controllers/application_controller.rb +0 -6
@@ -0,0 +1,29 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
class Custom::TokenValidationsControllerTest < ActionDispatch::IntegrationTest
|
4
|
+
|
5
|
+
describe Custom::TokenValidationsController do
|
6
|
+
|
7
|
+
before do
|
8
|
+
@resource = nice_users(:confirmed_email_user)
|
9
|
+
@resource.skip_confirmation!
|
10
|
+
@resource.save!
|
11
|
+
|
12
|
+
@auth_headers = @resource.create_new_auth_token
|
13
|
+
|
14
|
+
@token = @auth_headers['access-token']
|
15
|
+
@client_id = @auth_headers['client']
|
16
|
+
@expiry = @auth_headers['expiry']
|
17
|
+
|
18
|
+
# ensure that request is not treated as batch request
|
19
|
+
age_token(@resource, @client_id)
|
20
|
+
end
|
21
|
+
|
22
|
+
test "yield resource to block on validate_token success" do
|
23
|
+
get '/nice_user_auth/validate_token', {}, @auth_headers
|
24
|
+
assert @controller.validate_token_block_called?, "validate_token failed to yield resource to provided block"
|
25
|
+
end
|
26
|
+
|
27
|
+
end
|
28
|
+
|
29
|
+
end
|
@@ -14,16 +14,65 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
14
14
|
@redirect_url = 'http://ng-token-auth.dev'
|
15
15
|
end
|
16
16
|
|
17
|
-
describe '
|
18
|
-
|
17
|
+
describe 'not email should return 401' do
|
18
|
+
before do
|
19
|
+
@auth_headers = @resource.create_new_auth_token
|
20
|
+
@new_password = Faker::Internet.password
|
21
|
+
|
19
22
|
xhr :post, :create, {
|
20
|
-
email: 'chester@cheet.ah',
|
21
23
|
redirect_url: @redirect_url
|
22
24
|
}
|
25
|
+
@data = JSON.parse(response.body)
|
26
|
+
end
|
27
|
+
|
28
|
+
test 'response should fail' do
|
29
|
+
assert_equal 401, response.status
|
30
|
+
end
|
31
|
+
test 'error message should be returned' do
|
32
|
+
assert @data["errors"]
|
33
|
+
assert_equal @data["errors"], [I18n.t("devise_token_auth.passwords.missing_email")]
|
34
|
+
end
|
35
|
+
end
|
36
|
+
describe 'not redirect_url should return 401' do
|
37
|
+
before do
|
38
|
+
@auth_headers = @resource.create_new_auth_token
|
39
|
+
@new_password = Faker::Internet.password
|
40
|
+
|
41
|
+
xhr :post, :create, {
|
42
|
+
email: 'chester@cheet.ah',
|
43
|
+
}
|
44
|
+
@data = JSON.parse(response.body)
|
45
|
+
end
|
46
|
+
|
47
|
+
test 'response should fail' do
|
48
|
+
assert_equal 401, response.status
|
49
|
+
end
|
50
|
+
test 'error message should be returned' do
|
51
|
+
assert @data["errors"]
|
52
|
+
assert_equal @data["errors"], [I18n.t("devise_token_auth.passwords.missing_redirect_url")]
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
56
|
+
describe 'request password reset' do
|
57
|
+
describe 'unknown user should return 404' do
|
58
|
+
before do
|
59
|
+
xhr :post, :create, {
|
60
|
+
email: 'chester@cheet.ah',
|
61
|
+
redirect_url: @redirect_url
|
62
|
+
}
|
63
|
+
@data = JSON.parse(response.body)
|
64
|
+
end
|
65
|
+
test 'unknown user should return 404' do
|
66
|
+
assert_equal 404, response.status
|
67
|
+
end
|
23
68
|
|
24
|
-
|
69
|
+
test 'errors should be returned' do
|
70
|
+
assert @data["errors"]
|
71
|
+
assert_equal @data["errors"], [I18n.t("devise_token_auth.passwords.user_not_found", email: 'chester@cheet.ah')]
|
72
|
+
end
|
25
73
|
end
|
26
74
|
|
75
|
+
|
27
76
|
describe 'case-sensitive email' do
|
28
77
|
before do
|
29
78
|
xhr :post, :create, {
|
@@ -33,6 +82,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
33
82
|
|
34
83
|
@mail = ActionMailer::Base.deliveries.last
|
35
84
|
@resource.reload
|
85
|
+
@data = JSON.parse(response.body)
|
36
86
|
|
37
87
|
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
38
88
|
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
@@ -43,6 +93,10 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
43
93
|
assert_equal 200, response.status
|
44
94
|
end
|
45
95
|
|
96
|
+
test 'response should contains message' do
|
97
|
+
assert_equal @data["message"], I18n.t("devise_token_auth.passwords.sended", email: @resource.email)
|
98
|
+
end
|
99
|
+
|
46
100
|
test 'action should send an email' do
|
47
101
|
assert @mail
|
48
102
|
end
|
@@ -68,13 +122,13 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
68
122
|
end
|
69
123
|
|
70
124
|
describe 'password reset link failure' do
|
71
|
-
test '
|
72
|
-
|
73
|
-
xhr :get, :edit, {
|
125
|
+
test 'respone should return 404' do
|
126
|
+
xhr :get, :edit, {
|
74
127
|
reset_password_token: 'bogus',
|
75
128
|
redirect_url: @mail_redirect_url
|
76
|
-
}
|
77
129
|
}
|
130
|
+
|
131
|
+
assert_equal 404, response.status
|
78
132
|
end
|
79
133
|
end
|
80
134
|
|
@@ -203,6 +257,66 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
203
257
|
|
204
258
|
assert_equal 403, response.status
|
205
259
|
end
|
260
|
+
test "request to non-whitelisted redirect should return error message" do
|
261
|
+
xhr :post, :create, {
|
262
|
+
email: @resource.email,
|
263
|
+
redirect_url: @bad_redirect_url
|
264
|
+
}
|
265
|
+
|
266
|
+
@data = JSON.parse(response.body)
|
267
|
+
assert @data["errors"]
|
268
|
+
assert_equal @data["errors"], [I18n.t("devise_token_auth.passwords.not_allowed_redirect_url", redirect_url: @bad_redirect_url)]
|
269
|
+
end
|
270
|
+
end
|
271
|
+
|
272
|
+
describe "change password with current password required" do
|
273
|
+
before do
|
274
|
+
DeviseTokenAuth.check_current_password_before_update = :password
|
275
|
+
end
|
276
|
+
|
277
|
+
after do
|
278
|
+
DeviseTokenAuth.check_current_password_before_update = false
|
279
|
+
end
|
280
|
+
|
281
|
+
describe 'success' do
|
282
|
+
before do
|
283
|
+
@auth_headers = @resource.create_new_auth_token
|
284
|
+
request.headers.merge!(@auth_headers)
|
285
|
+
@new_password = Faker::Internet.password
|
286
|
+
@resource.update password: 'secret123', password_confirmation: 'secret123'
|
287
|
+
|
288
|
+
xhr :put, :update, {
|
289
|
+
password: @new_password,
|
290
|
+
password_confirmation: @new_password,
|
291
|
+
current_password: 'secret123'
|
292
|
+
}
|
293
|
+
|
294
|
+
@data = JSON.parse(response.body)
|
295
|
+
@resource.reload
|
296
|
+
end
|
297
|
+
|
298
|
+
test "request should be successful" do
|
299
|
+
assert_equal 200, response.status
|
300
|
+
end
|
301
|
+
end
|
302
|
+
|
303
|
+
describe 'current password mismatch error' do
|
304
|
+
before do
|
305
|
+
@auth_headers = @resource.create_new_auth_token
|
306
|
+
request.headers.merge!(@auth_headers)
|
307
|
+
@new_password = Faker::Internet.password
|
308
|
+
|
309
|
+
xhr :put, :update, {
|
310
|
+
password: @new_password,
|
311
|
+
password_confirmation: @new_password,
|
312
|
+
current_password: 'not_very_secret321'
|
313
|
+
}
|
314
|
+
end
|
315
|
+
|
316
|
+
test 'response should fail unauthorized' do
|
317
|
+
assert_equal 422, response.status
|
318
|
+
end
|
319
|
+
end
|
206
320
|
end
|
207
321
|
|
208
322
|
describe "change password" do
|
@@ -217,6 +331,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
217
331
|
password_confirmation: @new_password
|
218
332
|
}
|
219
333
|
|
334
|
+
@data = JSON.parse(response.body)
|
220
335
|
@resource.reload
|
221
336
|
end
|
222
337
|
|
@@ -224,6 +339,11 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
224
339
|
assert_equal 200, response.status
|
225
340
|
end
|
226
341
|
|
342
|
+
test "request should return success message" do
|
343
|
+
assert @data["data"]["message"]
|
344
|
+
assert_equal @data["data"]["message"], I18n.t("devise_token_auth.passwords.successfully_updated")
|
345
|
+
end
|
346
|
+
|
227
347
|
test "new password should authenticate user" do
|
228
348
|
assert @resource.valid_password?(@new_password)
|
229
349
|
end
|
@@ -327,9 +447,38 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
327
447
|
|
328
448
|
@resource.reload
|
329
449
|
end
|
450
|
+
end
|
451
|
+
describe 'unconfirmable user' do
|
452
|
+
setup do
|
453
|
+
@request.env['devise.mapping'] = Devise.mappings[:unconfirmable_user]
|
454
|
+
end
|
455
|
+
|
456
|
+
teardown do
|
457
|
+
@request.env['devise.mapping'] = Devise.mappings[:user]
|
458
|
+
end
|
459
|
+
|
460
|
+
before do
|
461
|
+
@resource = unconfirmable_users(:user)
|
462
|
+
@redirect_url = 'http://ng-token-auth.dev'
|
463
|
+
|
464
|
+
xhr :post, :create, {
|
465
|
+
email: @resource.email,
|
466
|
+
redirect_url: @redirect_url
|
467
|
+
}
|
330
468
|
|
331
|
-
|
332
|
-
|
469
|
+
@mail = ActionMailer::Base.deliveries.last
|
470
|
+
@resource.reload
|
471
|
+
|
472
|
+
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
473
|
+
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
474
|
+
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
475
|
+
|
476
|
+
xhr :get, :edit, {
|
477
|
+
reset_password_token: @mail_reset_token,
|
478
|
+
redirect_url: @mail_redirect_url
|
479
|
+
}
|
480
|
+
|
481
|
+
@resource.reload
|
333
482
|
end
|
334
483
|
end
|
335
484
|
|
@@ -129,8 +129,38 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
|
|
129
129
|
confirm_success_url: @bad_redirect_url,
|
130
130
|
unpermitted_param: '(x_x)'
|
131
131
|
}
|
132
|
+
@data = JSON.parse(response.body)
|
132
133
|
|
133
134
|
assert_equal 403, response.status
|
135
|
+
assert @data["errors"]
|
136
|
+
assert_equal @data["errors"], [I18n.t("devise_token_auth.registrations.redirect_url_not_allowed", redirect_url: @bad_redirect_url)]
|
137
|
+
end
|
138
|
+
end
|
139
|
+
|
140
|
+
describe 'failure if not redirecturl' do
|
141
|
+
|
142
|
+
test "request should fail if not redirect_url" do
|
143
|
+
post '/auth', {
|
144
|
+
email: Faker::Internet.email,
|
145
|
+
password: "secret123",
|
146
|
+
password_confirmation: "secret123",
|
147
|
+
unpermitted_param: '(x_x)'
|
148
|
+
}
|
149
|
+
|
150
|
+
assert_equal 403, response.status
|
151
|
+
end
|
152
|
+
|
153
|
+
test "request to non-whitelisted redirect should fail" do
|
154
|
+
post '/auth', {
|
155
|
+
email: Faker::Internet.email,
|
156
|
+
password: "secret123",
|
157
|
+
password_confirmation: "secret123",
|
158
|
+
unpermitted_param: '(x_x)'
|
159
|
+
}
|
160
|
+
@data = JSON.parse(response.body)
|
161
|
+
|
162
|
+
assert @data["errors"]
|
163
|
+
assert_equal @data["errors"], [I18n.t("devise_token_auth.registrations.missing_confirm_success_url")]
|
134
164
|
end
|
135
165
|
end
|
136
166
|
|
@@ -297,6 +327,35 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
|
|
297
327
|
end
|
298
328
|
end
|
299
329
|
|
330
|
+
describe 'missing email' do
|
331
|
+
before do
|
332
|
+
post '/auth', {
|
333
|
+
password: "secret123",
|
334
|
+
password_confirmation: "secret123",
|
335
|
+
confirm_success_url: Faker::Internet.url
|
336
|
+
}
|
337
|
+
|
338
|
+
@resource = assigns(:resource)
|
339
|
+
@data = JSON.parse(response.body)
|
340
|
+
end
|
341
|
+
|
342
|
+
test "request should not be successful" do
|
343
|
+
assert_equal 403, response.status
|
344
|
+
end
|
345
|
+
|
346
|
+
test "user should not have been created" do
|
347
|
+
assert_nil @resource.id
|
348
|
+
end
|
349
|
+
|
350
|
+
test "error should be returned in the response" do
|
351
|
+
assert @data['errors'].length
|
352
|
+
end
|
353
|
+
|
354
|
+
test "full_messages should be included in error hash" do
|
355
|
+
assert @data['errors']['full_messages'].length
|
356
|
+
end
|
357
|
+
end
|
358
|
+
|
300
359
|
describe "Mismatched passwords" do
|
301
360
|
before do
|
302
361
|
post '/auth', {
|
@@ -375,6 +434,10 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
|
|
375
434
|
assert_equal 200, response.status
|
376
435
|
end
|
377
436
|
|
437
|
+
test "message should be returned" do
|
438
|
+
assert @data["message"]
|
439
|
+
assert_equal @data["message"], I18n.t("devise_token_auth.registrations.account_with_uid_destroyed", uid: @existing_user.uid)
|
440
|
+
end
|
378
441
|
test "existing user should be deleted" do
|
379
442
|
refute User.where(id: @existing_user.id).first
|
380
443
|
end
|
@@ -389,6 +452,11 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
|
|
389
452
|
test 'request returns 404 (not found) status' do
|
390
453
|
assert_equal 404, response.status
|
391
454
|
end
|
455
|
+
|
456
|
+
test 'error should be returned' do
|
457
|
+
assert @data['errors'].length
|
458
|
+
assert_equal @data['errors'], [I18n.t("devise_token_auth.registrations.account_to_destroy_not_found")]
|
459
|
+
end
|
392
460
|
end
|
393
461
|
end
|
394
462
|
|
@@ -404,89 +472,207 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
|
|
404
472
|
age_token(@existing_user, @client_id)
|
405
473
|
end
|
406
474
|
|
407
|
-
describe "
|
408
|
-
|
409
|
-
|
410
|
-
|
411
|
-
|
412
|
-
|
413
|
-
|
414
|
-
|
415
|
-
|
416
|
-
|
475
|
+
describe "without password check" do
|
476
|
+
describe "success" do
|
477
|
+
before do
|
478
|
+
# test valid update param
|
479
|
+
@resource_class = User
|
480
|
+
@new_operating_thetan = 1000000
|
481
|
+
@email = "AlternatingCase2@example.com"
|
482
|
+
@request_params = {
|
483
|
+
operating_thetan: @new_operating_thetan,
|
484
|
+
email: @email
|
485
|
+
}
|
486
|
+
end
|
487
|
+
|
488
|
+
test "Request was successful" do
|
489
|
+
put "/auth", @request_params, @auth_headers
|
490
|
+
assert_equal 200, response.status
|
491
|
+
end
|
492
|
+
|
493
|
+
test "Case sensitive attributes update" do
|
494
|
+
@resource_class.case_insensitive_keys = []
|
495
|
+
put "/auth", @request_params, @auth_headers
|
496
|
+
@data = JSON.parse(response.body)
|
497
|
+
@existing_user.reload
|
498
|
+
assert_equal @new_operating_thetan, @existing_user.operating_thetan
|
499
|
+
assert_equal @email, @existing_user.email
|
500
|
+
assert_equal @email, @existing_user.uid
|
501
|
+
end
|
502
|
+
|
503
|
+
test "Case insensitive attributes update" do
|
504
|
+
@resource_class.case_insensitive_keys = [:email]
|
505
|
+
put "/auth", @request_params, @auth_headers
|
506
|
+
@data = JSON.parse(response.body)
|
507
|
+
@existing_user.reload
|
508
|
+
assert_equal @new_operating_thetan, @existing_user.operating_thetan
|
509
|
+
assert_equal @email.downcase, @existing_user.email
|
510
|
+
assert_equal @email.downcase, @existing_user.uid
|
511
|
+
end
|
512
|
+
|
513
|
+
test "Supply current password" do
|
514
|
+
@request_params.merge!(
|
515
|
+
current_password: "secret123",
|
516
|
+
email: "new.email@example.com",
|
517
|
+
)
|
518
|
+
|
519
|
+
put "/auth", @request_params, @auth_headers
|
520
|
+
@data = JSON.parse(response.body)
|
521
|
+
@existing_user.reload
|
522
|
+
assert_equal @existing_user.email, "new.email@example.com"
|
523
|
+
end
|
417
524
|
end
|
418
525
|
|
419
|
-
|
420
|
-
|
421
|
-
|
422
|
-
|
526
|
+
describe 'validate non-empty body' do
|
527
|
+
before do
|
528
|
+
# get the email so we can check it wasn't updated
|
529
|
+
@email = @existing_user.email
|
530
|
+
put '/auth', {}, @auth_headers
|
531
|
+
|
532
|
+
@data = JSON.parse(response.body)
|
533
|
+
@existing_user.reload
|
534
|
+
end
|
535
|
+
|
536
|
+
test 'request should fail' do
|
537
|
+
assert_equal 422, response.status
|
538
|
+
end
|
539
|
+
|
540
|
+
test 'returns error message' do
|
541
|
+
assert_not_empty @data['errors']
|
542
|
+
end
|
423
543
|
|
424
|
-
|
425
|
-
|
426
|
-
|
427
|
-
|
428
|
-
|
429
|
-
|
430
|
-
|
431
|
-
assert_equal @email, @existing_user.uid
|
544
|
+
test 'return error status' do
|
545
|
+
assert_equal 'error', @data['status']
|
546
|
+
end
|
547
|
+
|
548
|
+
test 'user should not have been saved' do
|
549
|
+
assert_equal @email, @existing_user.email
|
550
|
+
end
|
432
551
|
end
|
433
552
|
|
434
|
-
|
435
|
-
|
436
|
-
|
437
|
-
|
438
|
-
|
439
|
-
|
440
|
-
|
441
|
-
|
553
|
+
describe "error" do
|
554
|
+
before do
|
555
|
+
# test invalid update param
|
556
|
+
@new_operating_thetan = "blegh"
|
557
|
+
put "/auth", {
|
558
|
+
operating_thetan: @new_operating_thetan
|
559
|
+
}, @auth_headers
|
560
|
+
|
561
|
+
@data = JSON.parse(response.body)
|
562
|
+
@existing_user.reload
|
563
|
+
end
|
564
|
+
|
565
|
+
test "Request was NOT successful" do
|
566
|
+
assert_equal 403, response.status
|
567
|
+
end
|
568
|
+
|
569
|
+
test "Errors were provided with response" do
|
570
|
+
assert @data["errors"].length
|
571
|
+
end
|
442
572
|
end
|
443
573
|
end
|
444
574
|
|
445
|
-
describe
|
575
|
+
describe "with password check for password update only" do
|
446
576
|
before do
|
447
|
-
|
448
|
-
@email = @existing_user.email
|
449
|
-
put '/auth', {}, @auth_headers
|
450
|
-
|
451
|
-
@data = JSON.parse(response.body)
|
452
|
-
@existing_user.reload
|
577
|
+
DeviseTokenAuth.check_current_password_before_update = :password
|
453
578
|
end
|
454
579
|
|
455
|
-
|
456
|
-
|
580
|
+
after do
|
581
|
+
DeviseTokenAuth.check_current_password_before_update = false
|
457
582
|
end
|
458
583
|
|
459
|
-
|
460
|
-
|
584
|
+
describe "success without password update" do
|
585
|
+
before do
|
586
|
+
# test valid update param
|
587
|
+
@resource_class = User
|
588
|
+
@new_operating_thetan = 1000000
|
589
|
+
@email = "AlternatingCase2@example.com"
|
590
|
+
@request_params = {
|
591
|
+
operating_thetan: @new_operating_thetan,
|
592
|
+
email: @email
|
593
|
+
}
|
594
|
+
end
|
595
|
+
|
596
|
+
test "Request was successful" do
|
597
|
+
put "/auth", @request_params, @auth_headers
|
598
|
+
assert_equal 200, response.status
|
599
|
+
end
|
461
600
|
end
|
462
601
|
|
463
|
-
|
464
|
-
|
602
|
+
describe "success with password update" do
|
603
|
+
before do
|
604
|
+
@existing_user.update password: 'secret123', password_confirmation: 'secret123'
|
605
|
+
@request_params = {
|
606
|
+
password: 'the_new_secret456',
|
607
|
+
password_confirmation: 'the_new_secret456',
|
608
|
+
current_password: 'secret123'
|
609
|
+
}
|
610
|
+
end
|
611
|
+
|
612
|
+
test "Request was successful" do
|
613
|
+
put "/auth", @request_params, @auth_headers
|
614
|
+
assert_equal 200, response.status
|
615
|
+
end
|
465
616
|
end
|
466
617
|
|
467
|
-
|
468
|
-
|
618
|
+
describe "error with password mismatch" do
|
619
|
+
before do
|
620
|
+
@existing_user.update password: 'secret123', password_confirmation: 'secret123'
|
621
|
+
@request_params = {
|
622
|
+
password: 'the_new_secret456',
|
623
|
+
password_confirmation: 'the_new_secret456',
|
624
|
+
current_password: 'not_so_secret321'
|
625
|
+
}
|
626
|
+
end
|
627
|
+
|
628
|
+
test "Request was NOT successful" do
|
629
|
+
put "/auth", @request_params, @auth_headers
|
630
|
+
assert_equal 403, response.status
|
631
|
+
end
|
469
632
|
end
|
470
633
|
end
|
471
634
|
|
472
|
-
describe "
|
635
|
+
describe "with password check for all attributes" do
|
473
636
|
before do
|
474
|
-
|
475
|
-
@new_operating_thetan =
|
476
|
-
|
477
|
-
operating_thetan: @new_operating_thetan
|
478
|
-
}, @auth_headers
|
479
|
-
|
480
|
-
@data = JSON.parse(response.body)
|
481
|
-
@existing_user.reload
|
637
|
+
DeviseTokenAuth.check_current_password_before_update = :password
|
638
|
+
@new_operating_thetan = 1000000
|
639
|
+
@email = "AlternatingCase2@example.com"
|
482
640
|
end
|
483
641
|
|
484
|
-
|
485
|
-
|
642
|
+
after do
|
643
|
+
DeviseTokenAuth.check_current_password_before_update = false
|
486
644
|
end
|
487
645
|
|
488
|
-
|
489
|
-
|
646
|
+
describe "success with password update" do
|
647
|
+
before do
|
648
|
+
@existing_user.update password: 'secret123', password_confirmation: 'secret123'
|
649
|
+
@request_params = {
|
650
|
+
operating_thetan: @new_operating_thetan,
|
651
|
+
email: @email,
|
652
|
+
current_password: 'secret123'
|
653
|
+
}
|
654
|
+
end
|
655
|
+
|
656
|
+
test "Request was successful" do
|
657
|
+
put "/auth", @request_params, @auth_headers
|
658
|
+
assert_equal 200, response.status
|
659
|
+
end
|
660
|
+
end
|
661
|
+
|
662
|
+
describe "error with password mismatch" do
|
663
|
+
before do
|
664
|
+
@existing_user.update password: 'secret123', password_confirmation: 'secret123'
|
665
|
+
@request_params = {
|
666
|
+
operating_thetan: @new_operating_thetan,
|
667
|
+
email: @email,
|
668
|
+
current_password: 'not_so_secret321'
|
669
|
+
}
|
670
|
+
end
|
671
|
+
|
672
|
+
test "Request was NOT successful" do
|
673
|
+
put "/auth", @request_params, @auth_headers
|
674
|
+
assert_equal 403, response.status
|
675
|
+
end
|
490
676
|
end
|
491
677
|
end
|
492
678
|
end
|
@@ -515,6 +701,11 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
|
|
515
701
|
assert_equal 404, response.status
|
516
702
|
end
|
517
703
|
|
704
|
+
test "error should be returned" do
|
705
|
+
assert @data["errors"].length
|
706
|
+
assert_equal @data["errors"], [I18n.t("devise_token_auth.registrations.user_not_found")]
|
707
|
+
end
|
708
|
+
|
518
709
|
test "User should not be updated" do
|
519
710
|
refute_equal @new_operating_thetan, @existing_user.operating_thetan
|
520
711
|
end
|