devise_token_auth 0.1.42 → 0.1.43.beta1

data/test/controllers/devise_token_auth/token_validations_controller_test.rb

@@ -21,51 +21,50 @@ class DeviseTokenAuth::TokenValidationsControllerTest < ActionDispatch::Integrat
 
       # ensure that request is not treated as batch request
       age_token(@resource, @client_id)
-
     end
 
     describe 'vanilla user' do
       before do
-        get '/auth/validate_token', {}, @auth_headers
+        get '/auth/validate_token', params: {}, headers: @auth_headers
         @resp = JSON.parse(response.body)
       end
 
-      test "token valid" do
+      test 'token valid' do
         assert_equal 200, response.status
       end
     end
 
     describe 'using namespaces' do
       before do
-        get '/api/v1/auth/validate_token', {}, @auth_headers
+        get '/api/v1/auth/validate_token', params: {}, headers: @auth_headers
         @resp = JSON.parse(response.body)
       end
 
-      test "token valid" do
+      test 'token valid' do
         assert_equal 200, response.status
       end
     end
 
     describe 'failure' do
       before do
-        get '/api/v1/auth/validate_token', {}, @auth_headers.merge({"access-token" => "12345"})
+        get '/api/v1/auth/validate_token',
+            params: {},
+            headers: @auth_headers.merge('access-token' => '12345')
         @resp = JSON.parse(response.body)
       end
 
-      test "request should fail" do
+      test 'request should fail' do
         assert_equal 401, response.status
       end
 
-      test "response should contain errors" do
+      test 'response should contain errors' do
         assert @resp['errors']
-        assert_equal @resp['errors'], [I18n.t("devise_token_auth.token_validations.invalid")]
+        assert_equal @resp['errors'], [I18n.t('devise_token_auth.token_validations.invalid')]
       end
     end
-
   end
 
   describe 'using namespaces with unused resource' do
-
     before do
       @resource = scoped_users(:confirmed_email_user)
       @resource.skip_confirmation!
@@ -81,11 +80,11 @@ class DeviseTokenAuth::TokenValidationsControllerTest < ActionDispatch::Integrat
       age_token(@resource, @client_id)
     end
 
-    test "should be successful" do
-      get '/api_v2/auth/validate_token', {}, @auth_headers
+    test 'should be successful' do
+      get '/api_v2/auth/validate_token',
+          params: {},
+          headers: @auth_headers
       assert_equal 200, response.status
     end
-
   end
-
 end

data/test/controllers/devise_token_auth/unlocks_controller_test.rb

@@ -0,0 +1,194 @@
+require 'test_helper'
+
+#  was the web request successful?
+#  was the user redirected to the right page?
+#  was the user successfully authenticated?
+#  was the correct object stored in the response?
+#  was the appropriate message delivered in the json payload?
+
+class DeviseTokenAuth::UnlocksControllerTest < ActionController::TestCase
+  describe DeviseTokenAuth::UnlocksController do
+    setup do
+      @request.env['devise.mapping'] = Devise.mappings[:lockable_user]
+    end
+
+    teardown do
+      @request.env['devise.mapping'] = Devise.mappings[:user]
+    end
+
+    before do
+      @original_lock_strategy = Devise.lock_strategy
+      @original_unlock_strategy = Devise.unlock_strategy
+      @original_maximum_attempts = Devise.maximum_attempts
+      Devise.lock_strategy = :failed_attempts
+      Devise.unlock_strategy = :email
+      Devise.maximum_attempts = 5
+    end
+
+    after do
+      Devise.lock_strategy = @original_lock_strategy
+      Devise.maximum_attempts = @original_maximum_attempts
+      Devise.unlock_strategy = @original_unlock_strategy
+    end
+
+    describe 'Unlocking user' do
+      before do
+        @resource = lockable_users(:unlocked_user)
+      end
+
+      describe 'request unlock without email' do
+        before do
+          @auth_headers = @resource.create_new_auth_token
+          @new_password = Faker::Internet.password
+
+          post :create
+          @data = JSON.parse(response.body)
+        end
+
+        test 'response should fail' do
+          assert_equal 401, response.status
+        end
+        test 'error message should be returned' do
+          assert @data['errors']
+          assert_equal @data['errors'], [I18n.t('devise_token_auth.passwords.missing_email')]
+        end
+      end
+
+      describe 'request unlock' do
+        describe 'unknown user should return 404' do
+          before do
+            post :create, params: { email: 'chester@cheet.ah' }
+            @data = JSON.parse(response.body)
+          end
+          test 'unknown user should return 404' do
+            assert_equal 404, response.status
+          end
+
+          test 'errors should be returned' do
+            assert @data['errors']
+            assert_equal @data['errors'],
+                         [I18n.t('devise_token_auth.passwords.user_not_found',
+                                 email: 'chester@cheet.ah')]
+          end
+        end
+
+        describe 'successfully requested unlock' do
+          before do
+            post :create, params: { email: @resource.email }
+
+            @data = JSON.parse(response.body)
+          end
+
+          test 'response should not contain extra data' do
+            assert_nil @data['data']
+          end
+        end
+
+        describe 'case-sensitive email' do
+          before do
+            post :create, params: { email: @resource.email }
+
+            @mail = ActionMailer::Base.deliveries.last
+            @resource.reload
+            @data = JSON.parse(response.body)
+
+            @mail_config_name  = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
+            @mail_reset_token  = @mail.body.match(/unlock_token=(.*)\"/)[1]
+          end
+
+          test 'response should return success status' do
+            assert_equal 200, response.status
+          end
+
+          test 'response should contains message' do
+            assert_equal @data['message'], I18n.t('devise_token_auth.unlocks.sended', email: @resource.email)
+          end
+
+          test 'action should send an email' do
+            assert @mail
+          end
+
+          test 'the email should be addressed to the user' do
+            assert_equal @mail.to.first, @resource.email
+          end
+
+          test 'the client config name should fall back to "default"' do
+            assert_equal 'default', @mail_config_name
+          end
+
+          test 'the email body should contain a link with reset token as a query param' do
+            user = LockableUser.unlock_access_by_token(@mail_reset_token)
+            assert_equal user.id, @resource.id
+          end
+
+          describe 'unlock link failure' do
+            test 'response should return 404' do
+              assert_raises(ActionController::RoutingError) do
+                get :show, params: { unlock_token: 'bogus' }
+              end
+            end
+          end
+
+          describe 'password reset link success' do
+            before do
+              get :show, params: { unlock_token: @mail_reset_token }
+
+              @resource.reload
+
+              raw_qs = response.location.split('?')[1]
+              @qs = Rack::Utils.parse_nested_query(raw_qs)
+
+              @access_token   = @qs['access-token']
+              @client         = @qs['client']
+              @client_id      = @qs['client_id']
+              @expiry         = @qs['expiry']
+              @token          = @qs['token']
+              @uid            = @qs['uid']
+              @unlock         = @qs['unlock']
+            end
+
+            test 'respones should have success redirect status' do
+              assert_equal 302, response.status
+            end
+
+            test 'response should contain auth params' do
+              assert @access_token
+              assert @client
+              assert @client_id
+              assert @expiry
+              assert @token
+              assert @uid
+              assert @unlock
+            end
+
+            test 'response auth params should be valid' do
+              assert @resource.valid_token?(@token, @client_id)
+              assert @resource.valid_token?(@access_token, @client)
+            end
+          end
+        end
+
+        describe 'case-insensitive email' do
+          before do
+            @resource_class = LockableUser
+            @request_params = {
+              email:        @resource.email.upcase
+            }
+          end
+
+          test 'response should return success status if configured' do
+            @resource_class.case_insensitive_keys = [:email]
+            post :create, params: @request_params
+            assert_equal 200, response.status
+          end
+
+          test 'response should return failure status if not configured' do
+            @resource_class.case_insensitive_keys = []
+            post :create, params: @request_params
+            assert_equal 404, response.status
+          end
+        end
+      end
+    end
+  end
+end

data/test/controllers/overrides/confirmations_controller_test.rb

@@ -10,14 +10,12 @@ class Overrides::ConfirmationsControllerTest < ActionDispatch::IntegrationTest
   describe Overrides::ConfirmationsController do
     before do
       @redirect_url = Faker::Internet.url
-      @new_user     = evil_users(:unconfirmed_email_user)
+      @new_user = evil_users(:unconfirmed_email_user)
 
       # generate + send email
-      @new_user.send_confirmation_instructions({
-        redirect_url: @redirect_url
-      })
+      @new_user.send_confirmation_instructions(redirect_url: @redirect_url)
 
-      @mail              = ActionMailer::Base.deliveries.last
+      @mail = ActionMailer::Base.deliveries.last
       @confirmation_path = @mail.body.match(/localhost([^\"]*)\"/)[1]
 
       # visit confirmation link
@@ -27,16 +25,17 @@ class Overrides::ConfirmationsControllerTest < ActionDispatch::IntegrationTest
       @new_user.reload
     end
 
-    test "user is confirmed" do
+    test 'user is confirmed' do
       assert @new_user.confirmed?
     end
 
-    test "user can be authenticated via confirmation link" do
+    test 'user can be authenticated via confirmation link' do
       # hard coded in override controller
-      override_proof_str = "(^^,)"
+      override_proof_str = '(^^,)'
 
       # ensure present in redirect URL
-      override_proof_param = URI.unescape(response.headers["Location"].match(/override_proof=([^&]*)&/)[1])
+      override_proof_param = URI.unescape(response.headers['Location']
+                                .match(/override_proof=([^&]*)&/)[1])
 
       assert_equal override_proof_str, override_proof_param
     end

data/test/controllers/overrides/omniauth_callbacks_controller_test.rb

@@ -10,22 +10,25 @@ class Overrides::OmniauthCallbacksControllerTest < ActionDispatch::IntegrationTe
   describe Overrides::OmniauthCallbacksController do
     setup do
       OmniAuth.config.test_mode = true
-      OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new({
-        :provider => 'facebook',
-        :uid => '123545',
-        :info => {
+      OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new(
+        provider: 'facebook',
+        uid: '123545',
+        info: {
           name: 'chong',
           email: 'chongbong@aol.com'
         }
-      })
+      )
 
-      @favorite_color = "gray"
+      @favorite_color = 'gray'
 
-      get_via_redirect '/evil_user_auth/facebook', {
-        auth_origin_url: Faker::Internet.url,
-        favorite_color: @favorite_color,
-        omniauth_window_type: 'newWindow'
-      }
+      get '/evil_user_auth/facebook',
+          params: {
+            auth_origin_url: Faker::Internet.url,
+            favorite_color: @favorite_color,
+            omniauth_window_type: 'newWindow'
+          }
+
+      follow_all_redirects!
 
       @resource = assigns(:resource)
     end
@@ -35,7 +38,8 @@ class Overrides::OmniauthCallbacksControllerTest < ActionDispatch::IntegrationTe
     end
 
     test 'controller was overridden' do
-      assert_equal @resource.nickname, Overrides::OmniauthCallbacksController::DEFAULT_NICKNAME
+      assert_equal @resource.nickname,
+                   Overrides::OmniauthCallbacksController::DEFAULT_NICKNAME
     end
 
     test 'whitelisted param was allowed' do

data/test/controllers/overrides/passwords_controller_test.rb

@@ -12,10 +12,11 @@ class Overrides::PasswordsControllerTest < ActionDispatch::IntegrationTest
       @resource = evil_users(:confirmed_email_user)
       @redirect_url = Faker::Internet.url
 
-      post "/evil_user_auth/password", {
-        email:        @resource.email,
-        redirect_url: @redirect_url
-      }
+      post '/evil_user_auth/password',
+           params: {
+             email: @resource.email,
+             redirect_url: @redirect_url
+           }
 
       @mail = ActionMailer::Base.deliveries.last
       @resource.reload
@@ -24,22 +25,23 @@ class Overrides::PasswordsControllerTest < ActionDispatch::IntegrationTest
       @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
       @mail_reset_token  = @mail.body.match(/reset_password_token=(.*)\"/)[1]
 
-      get '/evil_user_auth/password/edit', {
-        reset_password_token: @mail_reset_token,
-        redirect_url: @mail_redirect_url
-      }
+      get '/evil_user_auth/password/edit',
+          params: { reset_password_token: @mail_reset_token,
+                    redirect_url: @mail_redirect_url }
 
       @resource.reload
 
       raw_qs = response.location.split('?')[1]
       @qs = Rack::Utils.parse_nested_query(raw_qs)
 
-      @client_id      = @qs["client_id"]
-      @expiry         = @qs["expiry"]
-      @reset_password = @qs["reset_password"]
-      @token          = @qs["token"]
-      @uid            = @qs["uid"]
-      @override_proof = @qs["override_proof"]
+      @access_token   = @qs['access-token']
+      @client         = @qs['client']
+      @client_id      = @qs['client_id']
+      @expiry         = @qs['expiry']
+      @override_proof = @qs['override_proof']
+      @reset_password = @qs['reset_password']
+      @token          = @qs['token']
+      @uid            = @qs['uid']
     end
 
     test 'response should have success redirect status' do
@@ -47,12 +49,14 @@ class Overrides::PasswordsControllerTest < ActionDispatch::IntegrationTest
     end
 
     test 'response should contain auth params + override proof' do
+      assert @access_token
+      assert @client
       assert @client_id
       assert @expiry
+      assert @override_proof
       assert @reset_password
       assert @token
       assert @uid
-      assert @override_proof
     end
 
     test 'override proof is correct' do

data/test/controllers/overrides/registrations_controller_test.rb

@@ -12,18 +12,17 @@ class Overrides::RegistrationsControllerTest < ActionDispatch::IntegrationTest
       @existing_user  = evil_users(:confirmed_email_user)
       @auth_headers   = @existing_user.create_new_auth_token
       @client_id      = @auth_headers['client']
-      @favorite_color = "pink"
-
+      @favorite_color = 'pink'
 
       # ensure request is not treated as batch request
       age_token(@existing_user, @client_id)
 
       # test valid update param
-      @new_operating_thetan = 1000000
+      @new_operating_thetan = 1_000_000
 
-      put '/evil_user_auth', {
-        favorite_color: @favorite_color
-      }, @auth_headers
+      put '/evil_user_auth',
+          params: { favorite_color: @favorite_color },
+          headers: @auth_headers
 
       @data = JSON.parse(response.body)
       @existing_user.reload
@@ -34,7 +33,8 @@ class Overrides::RegistrationsControllerTest < ActionDispatch::IntegrationTest
     end
 
     test 'controller was overridden' do
-      assert_equal Overrides::RegistrationsController::OVERRIDE_PROOF, @data["override_proof"]
+      assert_equal Overrides::RegistrationsController::OVERRIDE_PROOF,
+                   @data['override_proof']
     end
   end
 end