devise_token_auth 0.1.37 → 0.1.38

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of devise_token_auth might be problematic. Click here for more details.

Files changed (50) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +4 -3
  3. data/app/controllers/devise_token_auth/application_controller.rb +24 -0
  4. data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +21 -4
  5. data/app/controllers/devise_token_auth/confirmations_controller.rb +1 -1
  6. data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +7 -5
  7. data/app/controllers/devise_token_auth/passwords_controller.rb +9 -10
  8. data/app/controllers/devise_token_auth/registrations_controller.rb +13 -13
  9. data/app/controllers/devise_token_auth/sessions_controller.rb +3 -3
  10. data/app/controllers/devise_token_auth/token_validations_controller.rb +3 -3
  11. data/app/models/devise_token_auth/concerns/user.rb +18 -35
  12. data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +28 -0
  13. data/config/initializers/devise.rb +1 -1
  14. data/config/locales/de.yml +1 -1
  15. data/config/locales/ja.yml +47 -0
  16. data/config/locales/nl.yml +31 -0
  17. data/lib/devise_token_auth/controllers/helpers.rb +6 -0
  18. data/lib/devise_token_auth/engine.rb +9 -1
  19. data/lib/devise_token_auth/rails/routes.rb +3 -2
  20. data/lib/devise_token_auth/version.rb +1 -1
  21. data/lib/generators/devise_token_auth/USAGE +1 -1
  22. data/lib/generators/devise_token_auth/install_generator.rb +3 -1
  23. data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +12 -1
  24. data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +1 -1
  25. data/test/controllers/demo_group_controller_test.rb +14 -1
  26. data/test/controllers/demo_user_controller_test.rb +54 -5
  27. data/test/controllers/devise_token_auth/confirmations_controller_test.rb +10 -6
  28. data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +1 -1
  29. data/test/controllers/devise_token_auth/passwords_controller_test.rb +3 -3
  30. data/test/controllers/devise_token_auth/registrations_controller_test.rb +9 -9
  31. data/test/controllers/devise_token_auth/sessions_controller_test.rb +15 -0
  32. data/test/controllers/overrides/passwords_controller_test.rb +1 -1
  33. data/test/dummy/app/controllers/custom/confirmations_controller.rb +1 -1
  34. data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb +1 -1
  35. data/test/dummy/app/controllers/custom/passwords_controller.rb +3 -3
  36. data/test/dummy/app/controllers/custom/registrations_controller.rb +2 -2
  37. data/test/dummy/app/controllers/custom/sessions_controller.rb +2 -2
  38. data/test/dummy/app/controllers/custom/token_validations_controller.rb +1 -1
  39. data/test/dummy/app/controllers/demo_user_controller.rb +13 -0
  40. data/test/dummy/app/controllers/overrides/registrations_controller.rb +1 -1
  41. data/test/dummy/config/application.rb +2 -0
  42. data/test/dummy/config/routes.rb +2 -0
  43. data/test/dummy/tmp/generators/app/models/user.rb +7 -0
  44. data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +48 -0
  45. data/test/dummy/tmp/generators/db/migrate/20160711201448_devise_token_auth_create_users.rb +54 -0
  46. data/test/lib/devise_token_auth/url_test.rb +19 -23
  47. data/test/test_helper.rb +1 -1
  48. metadata +16 -11
  49. data/test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb +0 -5
  50. data/test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb +0 -8
@@ -0,0 +1,28 @@
1
+ module DeviseTokenAuth::Concerns::UserOmniauthCallbacks
2
+ extend ActiveSupport::Concern
3
+
4
+ included do
5
+ validates :email, presence: true, email: true, if: Proc.new { |u| u.provider == 'email' }
6
+ validates_presence_of :uid, if: Proc.new { |u| u.provider != 'email' }
7
+
8
+ # only validate unique emails among email registration users
9
+ validate :unique_email_user, on: :create
10
+
11
+ # keep uid in sync with email
12
+ before_save :sync_uid
13
+ before_create :sync_uid
14
+ end
15
+
16
+ protected
17
+
18
+ # only validate unique email among users that registered by email
19
+ def unique_email_user
20
+ if provider == 'email' and self.class.where(provider: 'email', email: email).count > 0
21
+ errors.add(:email, I18n.t("errors.messages.already_in_use"))
22
+ end
23
+ end
24
+
25
+ def sync_uid
26
+ self.uid = email if provider == 'email'
27
+ end
28
+ end
@@ -142,7 +142,7 @@ Devise.setup do |config|
142
142
  # Email regex used to validate email formats. It simply asserts that
143
143
  # one (and only one) @ exists in the given string. This is mainly
144
144
  # to give user feedback and not to assert the e-mail validity.
145
- # config.email_regexp = /\A[^@]+@[^@]+\z/
145
+ config.email_regexp = /\A[^@\s]+@([^@\s]+\.)+[^@\W]+\z/
146
146
 
147
147
  # ==> Configuration for :timeoutable
148
148
  # The time you want to timeout the user session without activity. After this
@@ -1,7 +1,7 @@
1
1
  de:
2
2
  devise_token_auth:
3
3
  sessions:
4
- not_confirmed: "Ein E-Mail zu Bestätigung wurde an Ihre Adresse '%{email}'' gesendet. Sie müssen den Anleitungsschritten im E-Mail folgen, um Ihren Account zu aktivieren"
4
+ not_confirmed: "Ein E-Mail zu Bestätigung wurde an Ihre Adresse '%{email}' gesendet. Sie müssen den Anleitungsschritten im E-Mail folgen, um Ihren Account zu aktivieren"
5
5
  bad_credentials: "Ungültige Anmeldeinformationen. Bitte versuchen Sie es erneut."
6
6
  not_supported: "Verwenden Sie POST /sign_in zur Anmeldung. GET wird nicht unterstützt."
7
7
  user_not_found: "Benutzer wurde nicht gefunden oder konnte nicht angemeldet werden."
@@ -0,0 +1,47 @@
1
+ ja:
2
+ devise_token_auth:
3
+ sessions:
4
+ not_confirmed: "'%{email}' に確認用のメールを送信しました。メール内の説明を読み、アカウントの有効化をしてください。"
5
+ bad_credentials: "ログイン用の認証情報が正しくありません。再度お試しください。"
6
+ not_supported: "/sign_in に GET はサポートされていません。POST をお使いください。"
7
+ user_not_found: "ユーザーが見つからないか、ログインしていません。"
8
+ token_validations:
9
+ invalid: "ログイン用の認証情報が正しくありません。"
10
+ registrations:
11
+ missing_confirm_success_url: "'confirm_success_url' パラメータが与えられていません。"
12
+ redirect_url_not_allowed: "'%{redirect_url}' へのリダイレクトは許可されていません。"
13
+ email_already_exists: "'%{email}' のアカウントはすでに存在しています。"
14
+ account_with_uid_destroyed: "'%{uid}' のアカウントは削除されました。"
15
+ account_to_destroy_not_found: "削除するアカウントが見つかりません。"
16
+ user_not_found: "ユーザーが見つかりません。"
17
+ passwords:
18
+ missing_email: "メールアドレスが与えられていません。"
19
+ missing_redirect_url: "リダイレクト URL が与えられていません。"
20
+ not_allowed_redirect_url: "'%{redirect_url}' へのリダイレクトは許可されていません。"
21
+ sended: "'%{email}' にパスワードリセットの案内が送信されました。"
22
+ user_not_found: "メールアドレス '%{email}' のユーザーが見つかりません。"
23
+ password_not_required: "このアカウントはパスワードを要求していません。'%{provider}' を利用してログインしてください。"
24
+ missing_passwords: "'Password', 'Password confirmation' パラメータが与えられていません。"
25
+ successfully_updated: "パスワードの更新に成功しました。"
26
+ errors:
27
+ messages:
28
+ already_in_use: "すでに利用されています。"
29
+ validate_sign_up_params: "リクエストボディに適切なアカウント新規登録データを送信してください。"
30
+ validate_account_update_params: "リクエストボディに適切なアカウント更新のデータを送信してください。"
31
+ not_email: "はメールアドレスではありません"
32
+ devise:
33
+ mailer:
34
+ confirmation_instructions:
35
+ confirm_link_msg: "下記のリンクからアカウントを有効化できます:"
36
+ confirm_account_link: "アカウントを有効化する"
37
+ reset_password_instructions:
38
+ request_reset_link_msg: "パスワード変更のリクエストが送信されました。下記のリンクからパスワードの変更をできます。"
39
+ password_change_link: "パスワードを変更する"
40
+ ignore_mail_msg: "もしこの内容に覚えがない場合は、このメールを無視してください。"
41
+ no_changes_msg: "上記のリンクにアクセスして新しいパスワードを作成するまで、現在のパスワードは変更されません。"
42
+ unlock_instructions:
43
+ account_lock_msg: "連続してログインに失敗したため、あなたのアカウントはロックされました。"
44
+ unlock_link_msg: "下記のリンクをクリックしてアカウントを有効化してください:"
45
+ unlock_link: "アカウントを有効化する"
46
+ hello: "こんにちは"
47
+ welcome: "ようこそ"
@@ -0,0 +1,31 @@
1
+ nl:
2
+ devise_token_auth:
3
+ sessions:
4
+ not_confirmed: "Een bevestingsmail is verzonden naar het adres '%{email}'. Volg de instructies in de mail om uw account te activeren."
5
+ bad_credentials: 'Ongeldige logingegevens.'
6
+ not_supported: "Gebruik POST /sign_in om in te loggen. GET wordt niet ondersteund."
7
+ user_not_found: "Gebruiker is niet gevonden of niet ingelogd."
8
+ token_validations:
9
+ invalid: "Ongeldige logingegevens."
10
+ registrations:
11
+ missing_confirm_success_url: "Parameter 'confirm_success_url' ontbreekt."
12
+ redirect_url_not_allowed: "Redirect naar '%{redirect_url}' niet toegestaan."
13
+ email_already_exists: "Er bestaat al een account voor het adres '%{email}'"
14
+ account_with_uid_destroyed: "Account met id '%{uid}' is verwijderd."
15
+ account_to_destroy_not_found: "Te verwijderen account niet gevonden."
16
+ user_not_found: "Gebruiker niet gevonden."
17
+ passwords:
18
+ missing_email: "Je moet een e-mailadres opgeven."
19
+ missing_redirect_url: "Redirect URL ontbreekt."
20
+ not_allowed_redirect_url: "Redirect naar '%{redirect_url}' niet toegestaan."
21
+ sended: "Er is een e-mail naar '%{email}' verstuurd met instructies om uw wachtwoord te resetten."
22
+ user_not_found: "Kan gebruiker met e-mail '%{email}' niet vinden."
23
+ password_not_required: "Voor dit account is geen wachtwoord nodig. Log in met uw '%{provider}' account."
24
+ missing_passwords: "De velden 'Wachtwoord' en 'Wachtwoord bevestiging' zijn verplicht."
25
+ successfully_updated: "Uw wachtwoord is aangepast."
26
+ errors:
27
+ messages:
28
+ already_in_use: "al in gebruik"
29
+ validate_sign_up_params: "Gegevens voor aanmaken van het account zijn niet geldig."
30
+ validate_account_update_params: "Gegevens voor updaten van het account zijn niet geldig."
31
+ not_email: "is geen geldig e-emailadres"
@@ -36,6 +36,12 @@ module DeviseTokenAuth
36
36
  mappings.each do |mapping|
37
37
  set_user_by_token(mapping)
38
38
  end
39
+
40
+ unless current_#{group_name}
41
+ return render json: {
42
+ errors: ["Authorized users only."]
43
+ }, status: 401
44
+ end
39
45
  end
40
46
  end
41
47
 
@@ -19,7 +19,9 @@ module DeviseTokenAuth
19
19
  :redirect_whitelist,
20
20
  :check_current_password_before_update,
21
21
  :enable_standard_devise_support,
22
- :remove_tokens_after_password_reset
22
+ :remove_tokens_after_password_reset,
23
+ :default_callbacks,
24
+ :headers_names
23
25
 
24
26
  self.change_headers_on_each_request = true
25
27
  self.max_number_of_devices = 10
@@ -32,6 +34,12 @@ module DeviseTokenAuth
32
34
  self.check_current_password_before_update = false
33
35
  self.enable_standard_devise_support = false
34
36
  self.remove_tokens_after_password_reset = false
37
+ self.default_callbacks = true
38
+ self.headers_names = {:'access-token' => 'access-token',
39
+ :'client' => 'client',
40
+ :'expiry' => 'expiry',
41
+ :'uid' => 'uid',
42
+ :'token-type' => 'token-type' }
35
43
 
36
44
  def self.setup(&block)
37
45
  yield self
@@ -58,8 +58,8 @@ module ActionDispatch::Routing
58
58
  match "#{full_path}/failure", controller: omniauth_ctrl, action: "omniauth_failure", via: [:get]
59
59
  match "#{full_path}/:provider/callback", controller: omniauth_ctrl, action: "omniauth_success", via: [:get]
60
60
 
61
- match "#{DeviseTokenAuth.omniauth_prefix}/:provider/callback", controller: omniauth_ctrl, action: "redirect_callbacks", via: [:get]
62
- match "#{DeviseTokenAuth.omniauth_prefix}/failure", controller: omniauth_ctrl, action: "omniauth_failure", via: [:get]
61
+ match "#{DeviseTokenAuth.omniauth_prefix}/:provider/callback", controller: omniauth_ctrl, action: "redirect_callbacks", via: [:get, :post]
62
+ match "#{DeviseTokenAuth.omniauth_prefix}/failure", controller: omniauth_ctrl, action: "omniauth_failure", via: [:get, :post]
63
63
 
64
64
  # preserve the resource class thru oauth authentication by setting name of
65
65
  # resource as "resource_class" param
@@ -69,6 +69,7 @@ module ActionDispatch::Routing
69
69
 
70
70
  # append name of current resource
71
71
  qs["resource_class"] = [resource]
72
+ qs["namespace_name"] = [namespace_name] if namespace_name
72
73
 
73
74
  set_omniauth_path_prefix!(DeviseTokenAuth.omniauth_prefix)
74
75
 
@@ -1,3 +1,3 @@
1
1
  module DeviseTokenAuth
2
- VERSION = "0.1.37"
2
+ VERSION = "0.1.38"
3
3
  end
@@ -1,6 +1,6 @@
1
1
  Description:
2
2
  This generator will install all the necessary configuration and migration
3
- files for the devies_token_auth gem. See
3
+ files for the devise_token_auth gem. See
4
4
  https://github.com/lynndylanhurley/devise_token_auth for more information.
5
5
 
6
6
  Arguments:
@@ -29,7 +29,9 @@ module DeviseTokenAuth
29
29
  else
30
30
  inclusion = "include DeviseTokenAuth::Concerns::User"
31
31
  unless parse_file_for_line(fname, inclusion)
32
- inject_into_file fname, after: "class #{user_class} < ActiveRecord::Base\n" do <<-'RUBY'
32
+
33
+ active_record_needle = (Rails::VERSION::MAJOR == 5) ? 'ApplicationRecord' : 'ActiveRecord::Base'
34
+ inject_into_file fname, after: "class #{user_class} < #{active_record_needle}\n" do <<-'RUBY'
33
35
  # Include default devise modules.
34
36
  devise :database_authenticatable, :registerable,
35
37
  :recoverable, :rememberable, :trackable, :validatable,
@@ -30,8 +30,19 @@ DeviseTokenAuth.setup do |config|
30
30
  # password is updated.
31
31
  # config.check_current_password_before_update = :attributes
32
32
 
33
+ # By default we will use callbacks for single omniauth.
34
+ # It depends on fields like email, provider and uid.
35
+ # config.default_callbacks = true
36
+
37
+ # Makes it possible to change the headers names
38
+ # config.headers_names = {:'access-token' => 'access-token',
39
+ # :'client' => 'client',
40
+ # :'expiry' => 'expiry',
41
+ # :'uid' => 'uid',
42
+ # :'token-type' => 'token-type' }
43
+
33
44
  # By default, only Bearer Token authentication is implemented out of the box.
34
45
  # If, however, you wish to integrate with legacy Devise authentication, you can
35
46
  # do so by enabling this flag. NOTE: This feature is highly experimental!
36
- # enable_standard_devise_support = false
47
+ # config.enable_standard_devise_support = false
37
48
  end
@@ -16,7 +16,7 @@ class Custom::OmniauthCallbacksControllerTest < ActionDispatch::IntegrationTest
16
16
  })
17
17
  end
18
18
 
19
- test "yield resource to block on omniauth_sucess success" do
19
+ test "yield resource to block on omniauth_success success" do
20
20
  @redirect_url = "http://ng-token-auth.dev/"
21
21
  get_via_redirect '/nice_user_auth/facebook', {
22
22
  auth_origin_url: @redirect_url,
@@ -120,7 +120,20 @@ class DemoGroupControllerTest < ActionDispatch::IntegrationTest
120
120
  end
121
121
  end
122
122
  end
123
+
124
+ describe 'failed access' do
125
+ before do
126
+ get '/demo/members_only_group', {}, @mang_auth_headers.merge({'access-token' => "bogus"})
127
+ end
128
+
129
+ it 'should not return any auth headers' do
130
+ refute response.headers['access-token']
131
+ end
132
+
133
+ it 'should return error: unauthorized status' do
134
+ assert_equal 401, response.status
135
+ end
136
+ end
123
137
  end
124
138
  end
125
139
  end
126
-
@@ -315,17 +315,67 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
315
315
  assert 200, response.status
316
316
  end
317
317
 
318
- describe 'another device should not be abble to login' do
318
+ describe 'another device should not be able to login' do
319
319
 
320
320
  it 'should return forbidden status' do
321
321
  get '/demo/members_only', {}, @old_auth_headers
322
322
  assert 401, response.status
323
323
  end
324
-
324
+
325
+ end
326
+
327
+ end
328
+
329
+ describe 'request including destroy of token' do
330
+ describe 'when change_headers_on_each_request is set to false' do
331
+ before do
332
+ DeviseTokenAuth.change_headers_on_each_request = false
333
+ age_token(@resource, @client_id)
334
+
335
+ get '/demo/members_only_remove_token', {}, @auth_headers
336
+ end
337
+
338
+ after do
339
+ DeviseTokenAuth.change_headers_on_each_request = true
340
+ end
341
+
342
+ it 'should not return auth-headers' do
343
+ refute response.headers['access-token']
344
+ end
325
345
  end
326
346
 
347
+ describe 'when change_headers_on_each_request is set to true' do
348
+ before do
349
+ age_token(@resource, @client_id)
350
+ get '/demo/members_only_remove_token', {}, @auth_headers
351
+ end
352
+
353
+ it 'should not return auth-headers' do
354
+ refute response.headers['access-token']
355
+ end
356
+ end
327
357
  end
328
358
 
359
+ describe 'when access-token name has been changed' do
360
+ before do
361
+ # ensure that request is not treated as batch request
362
+ DeviseTokenAuth.headers_names[:'access-token'] = 'new-access-token'
363
+ auth_headers_modified = @resource.create_new_auth_token
364
+ client_id = auth_headers_modified['client']
365
+ age_token(@resource, client_id)
366
+
367
+ get '/demo/members_only', {}, auth_headers_modified
368
+ @resp_token = response.headers['new-access-token']
369
+ end
370
+
371
+ it 'should have "new-access-token" header' do
372
+ assert @resp_token.present?
373
+ end
374
+
375
+ after do
376
+ DeviseTokenAuth.headers_names[:'access-token'] = 'access-token'
377
+ end
378
+ end
329
379
  end
330
380
 
331
381
  describe 'enable_standard_devise_support' do
@@ -364,8 +414,8 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
364
414
  it 'should not define current_mang' do
365
415
  refute_equal @resource, @controller.current_mang
366
416
  end
367
-
368
-
417
+
418
+
369
419
  it 'should increase the number of tokens by a factor of 2 up to 11' do
370
420
  @first_token = @resource.tokens.keys.first
371
421
 
@@ -459,6 +509,5 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
459
509
  end
460
510
 
461
511
  end
462
-
463
512
  end
464
513
  end
@@ -8,6 +8,12 @@ require 'test_helper'
8
8
 
9
9
  class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
10
10
  describe DeviseTokenAuth::ConfirmationsController do
11
+ def token_and_client_config_from(body)
12
+ token = body.match(/confirmation_token=([^&]*)&/)[1]
13
+ client_config = body.match(/config=([^&]*)&/)[1]
14
+ [token, client_config]
15
+ end
16
+
11
17
  describe "Confirmation" do
12
18
  before do
13
19
  @redirect_url = Faker::Internet.url
@@ -15,9 +21,8 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
15
21
  @new_user.send_confirmation_instructions({
16
22
  redirect_url: @redirect_url
17
23
  })
18
- @mail = ActionMailer::Base.deliveries.last
19
- @token = @mail.body.match(/confirmation_token=([^&]*)&/)[1]
20
- @client_config = @mail.body.match(/config=([^&]*)&/)[1]
24
+ mail = ActionMailer::Base.deliveries.last
25
+ @token, @client_config = token_and_client_config_from(mail.body)
21
26
  end
22
27
 
23
28
  test 'should generate raw token' do
@@ -74,9 +79,8 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
74
79
 
75
80
  @new_user.send_confirmation_instructions(client_config: @config_name)
76
81
 
77
- @mail = ActionMailer::Base.deliveries.last
78
- @token = @mail.body.match(/confirmation_token=(.*)\"/)[1]
79
- @client_config = @mail.body.match(/config=(.*)\&/)[1]
82
+ mail = ActionMailer::Base.deliveries.last
83
+ @token, @client_config = token_and_client_config_from(mail.body)
80
84
  end
81
85
 
82
86
  test 'should generate raw token' do
@@ -263,7 +263,7 @@ class OmniauthTest < ActionDispatch::IntegrationTest
263
263
  assert_equal({"error"=>"invalid_credentials", "message"=>"authFailure"}, data)
264
264
  end
265
265
 
266
- test 'renders somethign with no auth_origin_url' do
266
+ test 'renders something with no auth_origin_url' do
267
267
  get_via_redirect '/auth/facebook'
268
268
  assert_equal 200, response.status
269
269
  assert_select "body", "invalid_credentials"
@@ -256,7 +256,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
256
256
  redirect_url: @bad_redirect_url
257
257
  }
258
258
 
259
- assert_equal 403, response.status
259
+ assert_equal 422, response.status
260
260
  end
261
261
  test "request to non-whitelisted redirect should return error message" do
262
262
  xhr :post, :create, {
@@ -380,8 +380,8 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
380
380
  end
381
381
 
382
382
  test "request should return success message" do
383
- assert @data["data"]["message"]
384
- assert_equal @data["data"]["message"], I18n.t("devise_token_auth.passwords.successfully_updated")
383
+ assert @data["message"]
384
+ assert_equal @data["message"], I18n.t("devise_token_auth.passwords.successfully_updated")
385
385
  end
386
386
 
387
387
  test "new password should authenticate user" do
@@ -131,7 +131,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
131
131
  }
132
132
  @data = JSON.parse(response.body)
133
133
 
134
- assert_equal 403, response.status
134
+ assert_equal 422, response.status
135
135
  assert @data["errors"]
136
136
  assert_equal @data["errors"], [I18n.t("devise_token_auth.registrations.redirect_url_not_allowed", redirect_url: @bad_redirect_url)]
137
137
  end
@@ -147,7 +147,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
147
147
  unpermitted_param: '(x_x)'
148
148
  }
149
149
 
150
- assert_equal 403, response.status
150
+ assert_equal 422, response.status
151
151
  end
152
152
 
153
153
  test "request to non-whitelisted redirect should fail" do
@@ -311,7 +311,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
311
311
  end
312
312
 
313
313
  test "request should not be successful" do
314
- assert_equal 403, response.status
314
+ assert_equal 422, response.status
315
315
  end
316
316
 
317
317
  test "user should not have been created" do
@@ -340,7 +340,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
340
340
  end
341
341
 
342
342
  test "request should not be successful" do
343
- assert_equal 403, response.status
343
+ assert_equal 422, response.status
344
344
  end
345
345
 
346
346
  test "user should not have been created" do
@@ -370,7 +370,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
370
370
  end
371
371
 
372
372
  test "request should not be successful" do
373
- assert_equal 403, response.status
373
+ assert_equal 422, response.status
374
374
  end
375
375
 
376
376
  test "user should have been created" do
@@ -402,7 +402,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
402
402
  end
403
403
 
404
404
  test "request should not be successful" do
405
- assert_equal 403, response.status
405
+ assert_equal 422, response.status
406
406
  end
407
407
 
408
408
  test "user should have been created" do
@@ -563,7 +563,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
563
563
  end
564
564
 
565
565
  test "Request was NOT successful" do
566
- assert_equal 403, response.status
566
+ assert_equal 422, response.status
567
567
  end
568
568
 
569
569
  test "Errors were provided with response" do
@@ -627,7 +627,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
627
627
 
628
628
  test "Request was NOT successful" do
629
629
  put "/auth", @request_params, @auth_headers
630
- assert_equal 403, response.status
630
+ assert_equal 422, response.status
631
631
  end
632
632
  end
633
633
  end
@@ -671,7 +671,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
671
671
 
672
672
  test "Request was NOT successful" do
673
673
  put "/auth", @request_params, @auth_headers
674
- assert_equal 403, response.status
674
+ assert_equal 422, response.status
675
675
  end
676
676
  end
677
677
  end