RubyGems - devise_token_auth - Versions diffs - 0.1.42 → 0.1.43.beta1 - Mend

devise_token_auth 0.1.42 → 0.1.43.beta1

Potentially problematic release.

This version of devise_token_auth might be problematic. Click here for more details.

Files changed (69) hide show

data/test/controllers/demo_mang_controller_test.rb CHANGED Viewed

@@ -8,7 +8,7 @@ require 'test_helper'
 class DemoMangControllerTest < ActionDispatch::IntegrationTest
   describe DemoMangController do
-    describe "Token access" do
+    describe 'Token access' do
       before do
         @resource = mangs(:confirmed_email_user)
         @resource.skip_confirmation!
@@ -26,7 +26,9 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
           # ensure that request is not treated as batch request
           age_token(@resource, @client_id)
-          get '/demo/members_only_mang', {}, @auth_headers
+          get '/demo/members_only_mang',
+              params: {},
+              headers: @auth_headers
           @resp_token       = response.headers['access-token']
           @resp_client_id   = response.headers['client']
@@ -46,6 +48,10 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
           it 'should not define current_user' do
             refute_equal @resource, @controller.current_user
           end
+          it 'should define render_authenticate_error' do
+            assert @controller.methods.include?(:render_authenticate_error)
+          end
         end
         it 'should return success status' do
@@ -74,14 +80,16 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
             # ensure that request is not treated as batch request
             age_token(@resource, @client_id)
-            get '/demo/members_only_mang', {}, @auth_headers.merge({'access-token' => @resp_token})
+            get '/demo/members_only_mang',
+                params: {},
+                headers: @auth_headers.merge('access-token' => @resp_token)
           end
           it 'should not treat this request as a batch request' do
             refute assigns(:is_batch_request)
           end
-          it "should allow a new request to be made using new token" do
+          it 'should allow a new request to be made using new token' do
             assert_equal 200, response.status
           end
         end
@@ -89,7 +97,9 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
       describe 'failed request' do
         before do
-          get '/demo/members_only_mang', {}, @auth_headers.merge({'access-token' => "bogus"})
+          get '/demo/members_only_mang',
+              params: {},
+              headers: @auth_headers.merge('access-token' => 'bogus')
         end
         it 'should not return any auth headers' do
@@ -107,7 +117,9 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
           @resource.reload
           age_token(@resource, @client_id)
-          get '/demo/members_only_mang', {}, @auth_headers
+          get '/demo/members_only_mang',
+              params: {},
+              headers: @auth_headers
           @first_is_batch_request = assigns(:is_batch_request)
           @first_user = assigns(:resource).dup
@@ -118,7 +130,9 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
           age_token(@resource, @client_id)
           # use expired auth header
-          get '/demo/members_only_mang', {}, @auth_headers
+          get '/demo/members_only_mang',
+              params: {},
+              headers: @auth_headers
           @second_is_batch_request = assigns(:is_batch_request)
           @second_user = assigns(:resource).dup
@@ -164,15 +178,19 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
         describe 'success' do
           before do
             age_token(@resource, @client_id)
-            #request.headers.merge!(@auth_headers)
+            # request.headers.merge!(@auth_headers)
-            get '/demo/members_only_mang', {}, @auth_headers
+            get '/demo/members_only_mang',
+                params: {},
+                headers: @auth_headers
             @first_is_batch_request = assigns(:is_batch_request)
             @first_user = assigns(:resource)
             @first_access_token = response.headers['access-token']
-            get '/demo/members_only_mang', {}, @auth_headers
+            get '/demo/members_only_mang',
+                params: {},
+                headers: @auth_headers
             @second_is_batch_request = assigns(:is_batch_request)
             @second_user = assigns(:resource)
@@ -196,7 +214,7 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
           end
           it 'should not return auth headers for second (batched) requests' do
-            refute @second_access_token
+            assert_equal ' ', @second_access_token
           end
         end
@@ -205,7 +223,9 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
             @resource.reload
             age_token(@resource, @client_id)
-            get '/demo/members_only_mang', {}, @auth_headers
+            get '/demo/members_only_mang',
+                params: {},
+                headers: @auth_headers
             @first_is_batch_request = assigns(:is_batch_request)
             @first_user = assigns(:resource).dup
@@ -216,7 +236,9 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
             age_token(@resource, @client_id)
             # use expired auth header
-            get '/demo/members_only_mang', {}, @auth_headers
+            get '/demo/members_only_mang',
+                params: {},
+                headers: @auth_headers
             @second_is_batch_request = assigns(:is_batch_request)
             @second_user = assigns(:resource)
@@ -233,7 +255,7 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
           end
           it 'should not treat first request as batch request' do
-            refute @secord_is_batch_request
+            refute @second_is_batch_request
           end
           it 'should return auth headers from the first request' do
@@ -241,7 +263,7 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
           end
           it 'should not treat second request as batch request' do
-            refute @secord_is_batch_request
+            refute @second_is_batch_request
           end
           it 'should not return auth headers from the second request' do
@@ -260,4 +282,3 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
     end
   end
 end

data/test/controllers/demo_user_controller_test.rb CHANGED Viewed

@@ -9,7 +9,7 @@ require 'test_helper'
 class DemoUserControllerTest < ActionDispatch::IntegrationTest
   include Warden::Test::Helpers
   describe DemoUserController do
-    describe "Token access" do
+    describe 'Token access' do
       before do
         @resource = users(:confirmed_email_user)
         @resource.skip_confirmation!
@@ -27,7 +27,9 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
           # ensure that request is not treated as batch request
           age_token(@resource, @client_id)
-          get '/demo/members_only', {}, @auth_headers
+          get '/demo/members_only',
+              params: {},
+              headers: @auth_headers
           @resp_token       = response.headers['access-token']
           @resp_client_id   = response.headers['client']
@@ -47,6 +49,10 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
           it 'should not define current_mang' do
             refute_equal @resource, @controller.current_mang
           end
+          it 'should define render_authenticate_error' do
+            assert @controller.methods.include?(:render_authenticate_error)
+          end
         end
         it 'should return success status' do
@@ -75,14 +81,16 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
             # ensure that request is not treated as batch request
             age_token(@resource, @client_id)
-            get '/demo/members_only', {}, @auth_headers.merge({'access-token' => @resp_token})
+            get '/demo/members_only',
+                params: {},
+                headers: @auth_headers.merge('access-token' => @resp_token)
           end
           it 'should not treat this request as a batch request' do
             refute assigns(:is_batch_request)
           end
-          it "should allow a new request to be made using new token" do
+          it 'should allow a new request to be made using new token' do
             assert_equal 200, response.status
           end
         end
@@ -90,7 +98,9 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
       describe 'failed request' do
         before do
-          get '/demo/members_only', {}, @auth_headers.merge({'access-token' => "bogus"})
+          get '/demo/members_only',
+              params: {},
+              headers: @auth_headers.merge('access-token' => 'bogus')
         end
         it 'should not return any auth headers' do
@@ -108,7 +118,9 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
           @resource.reload
           age_token(@resource, @client_id)
-          get '/demo/members_only', {}, @auth_headers
+          get '/demo/members_only',
+              params: {},
+              headers: @auth_headers
           @first_is_batch_request = assigns(:is_batch_request)
           @first_user = assigns(:resource).dup
@@ -119,7 +131,9 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
           age_token(@resource, @client_id)
           # use expired auth header
-          get '/demo/members_only', {}, @auth_headers
+          get '/demo/members_only',
+              params: {},
+              headers: @auth_headers
           @second_is_batch_request = assigns(:is_batch_request)
           @second_user = assigns(:resource).dup
@@ -165,15 +179,19 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
         describe 'success' do
           before do
             age_token(@resource, @client_id)
-            #request.headers.merge!(@auth_headers)
+            # request.headers.merge!(@auth_headers)
-            get '/demo/members_only', {}, @auth_headers
+            get '/demo/members_only',
+                params: {},
+                headers: @auth_headers
             @first_is_batch_request = assigns(:is_batch_request)
             @first_user = assigns(:resource)
             @first_access_token = response.headers['access-token']
-            get '/demo/members_only', {}, @auth_headers
+            get '/demo/members_only',
+                params: {},
+                headers: @auth_headers
             @second_is_batch_request = assigns(:is_batch_request)
             @second_user = assigns(:resource)
@@ -197,7 +215,7 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
           end
           it 'should not return auth headers for second (batched) requests' do
-            refute @second_access_token
+            assert_equal ' ', @second_access_token
           end
         end
@@ -206,14 +224,18 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
             @resource.reload
             age_token(@resource, @client_id)
-            get '/demo/members_only', {}, @auth_headers
+            get '/demo/members_only',
+                params: {},
+                headers: @auth_headers
             @first_is_batch_request = assigns(:is_batch_request)
             @first_user = assigns(:resource).dup
             @first_access_token = response.headers['access-token']
             @first_response_status = response.status
-            get '/demo/members_only?unbatch=true', {}, @auth_headers
+            get '/demo/members_only?unbatch=true',
+                params: {},
+                headers: @auth_headers
             @second_is_batch_request = assigns(:is_batch_request)
             @second_user = assigns(:resource)
@@ -231,7 +253,9 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
             @resource.reload
             age_token(@resource, @client_id)
-            get '/demo/members_only', {}, @auth_headers
+            get '/demo/members_only',
+                params: {},
+                headers: @auth_headers
             @first_is_batch_request = assigns(:is_batch_request)
             @first_user = assigns(:resource).dup
@@ -242,7 +266,9 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
             age_token(@resource, @client_id)
             # use expired auth header
-            get '/demo/members_only', {}, @auth_headers
+            get '/demo/members_only',
+                params: {},
+                headers: @auth_headers
             @second_is_batch_request = assigns(:is_batch_request)
             @second_user = assigns(:resource)
@@ -259,7 +285,7 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
           end
           it 'should not treat first request as batch request' do
-            refute @secord_is_batch_request
+            refute @second_is_batch_request
           end
           it 'should return auth headers from the first request' do
@@ -267,7 +293,7 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
           end
           it 'should not treat second request as batch request' do
-            refute @secord_is_batch_request
+            refute @second_is_batch_request
           end
           it 'should not return auth headers from the second request' do
@@ -295,12 +321,12 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
           assert @resource.tokens.count > 1
           # password changed from new device
-          @resource.update_attributes({
-            password: 'newsecret123',
-            password_confirmation: 'newsecret123'
-          })
+          @resource.update_attributes(password: 'newsecret123',
+                                      password_confirmation: 'newsecret123')
-          get '/demo/members_only', {}, @auth_headers
+          get '/demo/members_only',
+              params: {},
+              headers: @auth_headers
         end
         after do
@@ -316,14 +342,13 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
         end
         describe 'another device should not be able to login' do
           it 'should return forbidden status' do
-            get '/demo/members_only', {}, @old_auth_headers
+            get '/demo/members_only',
+                params: {},
+                headers: @old_auth_headers
             assert 401, response.status
           end
         end
       end
       describe 'request including destroy of token' do
@@ -332,7 +357,9 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
             DeviseTokenAuth.change_headers_on_each_request = false
             age_token(@resource, @client_id)
-            get '/demo/members_only_remove_token', {}, @auth_headers
+            get '/demo/members_only_remove_token',
+                params: {},
+                headers: @auth_headers
           end
           after do
@@ -347,7 +374,9 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
         describe 'when change_headers_on_each_request is set to true' do
           before do
             age_token(@resource, @client_id)
-            get '/demo/members_only_remove_token', {}, @auth_headers
+            get '/demo/members_only_remove_token',
+                params: {},
+                headers: @auth_headers
           end
           it 'should not return auth-headers' do
@@ -364,7 +393,9 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
           client_id = auth_headers_modified['client']
           age_token(@resource, client_id)
-          get '/demo/members_only', {}, auth_headers_modified
+          get '/demo/members_only',
+              params: {},
+              headers: auth_headers_modified
           @resp_token = response.headers['new-access-token']
         end
@@ -379,7 +410,6 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
     end
     describe 'enable_standard_devise_support' do
       before do
         @resource = users(:confirmed_email_user)
         @auth_headers = @resource.create_new_auth_token
@@ -391,10 +421,12 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
           @resource = users(:second_confirmed_email_user)
           @resource.skip_confirmation!
           @resource.save!
-          login_as( @resource, :scope => :user)
+          login_as(@resource, scope: :user)
           # no auth headers sent, testing that warden authenticates correctly.
-          get '/demo/members_only', {}, nil
+          get '/demo/members_only',
+              params: {},
+              headers: nil
           @resp_token       = response.headers['access-token']
           @resp_client_id   = response.headers['client']
@@ -415,14 +447,13 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
             refute_equal @resource, @controller.current_mang
           end
           it 'should increase the number of tokens by a factor of 2 up to 11' do
             @first_token = @resource.tokens.keys.first
             DeviseTokenAuth.max_number_of_devices = 11
             (1..10).each do |n|
-              assert_equal [11, 2*n].min, @resource.reload.tokens.keys.length
-              get '/demo/members_only', {}, nil
+              assert_equal [11, 2 * n].min, @resource.reload.tokens.keys.length
+              get '/demo/members_only', params: {}, headers: nil
             end
             assert_not_includes @resource.reload.tokens.keys, @first_token
@@ -455,9 +486,11 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
           @resource = users(:second_confirmed_email_user)
           @resource.skip_confirmation!
           @resource.save!
-          login_as( @resource, :scope => :user)
+          login_as(@resource, scope: :user)
-          get '/demo/members_only', {}, @auth_headers
+          get '/demo/members_only',
+              params: {},
+              headers: @auth_headers
           @resp_token       = response.headers['access-token']
           @resp_client_id   = response.headers['client']
@@ -507,7 +540,6 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
           refute_equal @resp_uid, @auth_headers['uid']
         end
       end
     end
   end
 end

data/test/controllers/devise_token_auth/confirmations_controller_test.rb CHANGED Viewed

@@ -14,13 +14,11 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
       [token, client_config]
     end
-    describe "Confirmation" do
+    describe 'Confirmation' do
       before do
         @redirect_url = Faker::Internet.url
         @new_user = users(:unconfirmed_email_user)
-        @new_user.send_confirmation_instructions({
-          redirect_url: @redirect_url
-        })
+        @new_user.send_confirmation_instructions(redirect_url: @redirect_url)
         mail = ActionMailer::Base.deliveries.last
         @token, @client_config = token_and_client_config_from(mail.body)
       end
@@ -30,33 +28,52 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
       end
       test "should include config name as 'default' in confirmation link" do
-        assert_equal "default", @client_config
+        assert_equal 'default', @client_config
       end
-      test "should store token hash in user" do
+      test 'should store token hash in user' do
         assert @new_user.confirmation_token
       end
-      describe "success" do
+      describe 'success' do
         before do
-          xhr :get, :show, {confirmation_token: @token, redirect_url: @redirect_url}
+          get :show,
+              params: { confirmation_token: @token,
+                        redirect_url: @redirect_url },
+              xhr: true
           @resource = assigns(:resource)
         end
-        test "user should now be confirmed" do
+        test 'user should now be confirmed' do
           assert @resource.confirmed?
         end
-        test "should redirect to success url" do
+        test 'should redirect to success url' do
           assert_redirected_to(/^#{@redirect_url}/)
         end
+        test 'the sign_in_count should be 1' do
+          assert @resource.sign_in_count == 1
+        end
+        test 'User shoud have the signed in info filled' do
+          assert @resource.current_sign_in_at?
+        end
+        test 'User shoud have the Last checkin filled' do
+          assert @resource.last_sign_in_at?
+        end
+        test 'user already confirmed' do
+          assert @resource.sign_in_count > 0 do
+            assert expiry == (Time.now + Time.now + 1.second).to_i
+          end
+        end
       end
-      describe "failure" do
-        test "user should not be confirmed" do
-          assert_raises(ActionController::RoutingError) {
-            xhr :get, :show, {confirmation_token: "bogus"}
-          }
+      describe 'failure' do
+        test 'user should not be confirmed' do
+          assert_raises(ActionController::RoutingError) do
+            get :show, params: { confirmation_token: 'bogus' }
+          end
           @resource = assigns(:resource)
           refute @resource.confirmed?
         end
@@ -64,7 +81,7 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
     end
     # test with non-standard user class
-    describe "Alternate user model" do
+    describe 'Alternate user model' do
       setup do
         @request.env['devise.mapping'] = Devise.mappings[:mang]
       end
@@ -74,7 +91,7 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
       end
       before do
-        @config_name = "altUser"
+        @config_name = 'altUser'
         @new_user    = mangs(:unconfirmed_email_user)
         @new_user.send_confirmation_instructions(client_config: @config_name)
@@ -87,22 +104,23 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
         assert @token
       end
-      test "should include config name in confirmation link" do
+      test 'should include config name in confirmation link' do
         assert_equal @config_name, @client_config
       end
-      test "should store token hash in user" do
+      test 'should store token hash in user' do
         assert @new_user.confirmation_token
       end
-      describe "success" do
+      describe 'success' do
         before do
           @redirect_url = Faker::Internet.url
-          xhr :get, :show, {confirmation_token: @token, redirect_url: @redirect_url}
+          get :show, params: { confirmation_token: @token,
+                               redirect_url: @redirect_url }
           @resource = assigns(:resource)
         end
-        test "user should now be confirmed" do
+        test 'user should now be confirmed' do
           assert @resource.confirmed?
         end
       end