devise_token_auth 0.1.43 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of devise_token_auth might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/README.md +40 -894
- data/Rakefile +2 -0
- data/app/controllers/devise_token_auth/application_controller.rb +6 -0
- data/app/controllers/devise_token_auth/concerns/resource_finder.rb +2 -0
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +9 -14
- data/app/controllers/devise_token_auth/confirmations_controller.rb +3 -1
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +2 -0
- data/app/controllers/devise_token_auth/passwords_controller.rb +8 -14
- data/app/controllers/devise_token_auth/registrations_controller.rb +26 -21
- data/app/controllers/devise_token_auth/sessions_controller.rb +2 -0
- data/app/controllers/devise_token_auth/token_validations_controller.rb +2 -0
- data/app/controllers/devise_token_auth/unlocks_controller.rb +2 -0
- data/app/models/devise_token_auth/concerns/user.rb +41 -16
- data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +2 -0
- data/app/validators/email_validator.rb +3 -1
- data/config/initializers/devise.rb +2 -0
- data/config/locales/da-DK.yml +1 -1
- data/config/locales/sv.yml +50 -0
- data/lib/devise_token_auth.rb +3 -0
- data/lib/devise_token_auth/controllers/helpers.rb +2 -0
- data/lib/devise_token_auth/controllers/url_helpers.rb +2 -0
- data/lib/devise_token_auth/engine.rb +2 -0
- data/lib/devise_token_auth/errors.rb +7 -0
- data/lib/devise_token_auth/rails/routes.rb +2 -0
- data/lib/devise_token_auth/url.rb +2 -0
- data/lib/devise_token_auth/version.rb +3 -1
- data/lib/generators/devise_token_auth/USAGE +1 -1
- data/lib/generators/devise_token_auth/install_generator.rb +7 -5
- data/lib/generators/devise_token_auth/install_views_generator.rb +2 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +2 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +8 -7
- data/lib/generators/devise_token_auth/templates/user.rb +3 -1
- data/lib/tasks/devise_token_auth_tasks.rake +2 -0
- data/test/controllers/custom/custom_confirmations_controller_test.rb +2 -0
- data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +2 -0
- data/test/controllers/custom/custom_passwords_controller_test.rb +2 -0
- data/test/controllers/custom/custom_registrations_controller_test.rb +11 -0
- data/test/controllers/custom/custom_sessions_controller_test.rb +2 -0
- data/test/controllers/custom/custom_token_validations_controller_test.rb +2 -0
- data/test/controllers/demo_group_controller_test.rb +2 -0
- data/test/controllers/demo_mang_controller_test.rb +4 -1
- data/test/controllers/demo_user_controller_test.rb +47 -10
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +4 -6
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +7 -4
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +2 -0
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +3 -1
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +52 -0
- data/test/controllers/devise_token_auth/token_validations_controller_test.rb +2 -0
- data/test/controllers/devise_token_auth/unlocks_controller_test.rb +2 -0
- data/test/controllers/overrides/confirmations_controller_test.rb +2 -0
- data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +2 -0
- data/test/controllers/overrides/passwords_controller_test.rb +2 -0
- data/test/controllers/overrides/registrations_controller_test.rb +31 -27
- data/test/controllers/overrides/sessions_controller_test.rb +2 -0
- data/test/controllers/overrides/token_validations_controller_test.rb +2 -0
- data/test/dummy/app/controllers/application_controller.rb +2 -0
- data/test/dummy/app/controllers/auth_origin_controller.rb +2 -0
- data/test/dummy/app/controllers/custom/confirmations_controller.rb +2 -0
- data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb +2 -0
- data/test/dummy/app/controllers/custom/passwords_controller.rb +2 -0
- data/test/dummy/app/controllers/custom/registrations_controller.rb +2 -1
- data/test/dummy/app/controllers/custom/sessions_controller.rb +2 -0
- data/test/dummy/app/controllers/custom/token_validations_controller.rb +2 -0
- data/test/dummy/app/controllers/demo_group_controller.rb +2 -0
- data/test/dummy/app/controllers/demo_mang_controller.rb +2 -0
- data/test/dummy/app/controllers/demo_user_controller.rb +2 -0
- data/test/dummy/app/controllers/overrides/confirmations_controller.rb +2 -0
- data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +2 -0
- data/test/dummy/app/controllers/overrides/passwords_controller.rb +2 -0
- data/test/dummy/app/controllers/overrides/registrations_controller.rb +2 -0
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +2 -0
- data/test/dummy/app/controllers/overrides/token_validations_controller.rb +2 -0
- data/test/dummy/app/helpers/application_helper.rb +2 -0
- data/test/dummy/app/models/evil_user.rb +2 -0
- data/test/dummy/app/models/lockable_user.rb +2 -0
- data/test/dummy/app/models/mang.rb +2 -0
- data/test/dummy/app/models/nice_user.rb +2 -0
- data/test/dummy/app/models/only_email_user.rb +2 -0
- data/test/dummy/app/models/scoped_user.rb +2 -0
- data/test/dummy/app/models/unconfirmable_user.rb +2 -0
- data/test/dummy/app/models/unregisterable_user.rb +2 -0
- data/test/dummy/app/models/user.rb +2 -0
- data/test/dummy/config/application.rb +2 -0
- data/test/dummy/config/boot.rb +2 -0
- data/test/dummy/config/environment.rb +2 -0
- data/test/dummy/config/environments/development.rb +2 -0
- data/test/dummy/config/environments/production.rb +2 -0
- data/test/dummy/config/environments/test.rb +2 -0
- data/test/dummy/config/initializers/assets.rb +2 -0
- data/test/dummy/config/initializers/backtrace_silencers.rb +2 -0
- data/test/dummy/config/initializers/cookies_serializer.rb +3 -1
- data/test/dummy/config/initializers/devise.rb +2 -0
- data/test/dummy/config/initializers/devise_token_auth.rb +2 -0
- data/test/dummy/config/initializers/figaro.rb +2 -0
- data/test/dummy/config/initializers/filter_parameter_logging.rb +2 -0
- data/test/dummy/config/initializers/inflections.rb +2 -0
- data/test/dummy/config/initializers/mime_types.rb +2 -0
- data/test/dummy/config/initializers/omniauth.rb +2 -0
- data/test/dummy/config/initializers/session_store.rb +2 -0
- data/test/dummy/config/initializers/wrap_parameters.rb +2 -0
- data/test/dummy/config/routes.rb +2 -0
- data/test/dummy/config/spring.rb +2 -0
- data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +2 -0
- data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +2 -0
- data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +2 -0
- data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +2 -0
- data/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb +2 -0
- data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +2 -0
- data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +2 -0
- data/test/dummy/db/migrate/20150409095712_devise_token_auth_create_nice_users.rb +2 -0
- data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +2 -0
- data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +2 -0
- data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +2 -0
- data/test/dummy/lib/migration_database_helper.rb +15 -1
- data/test/dummy/tmp/generators/app/models/user.rb +5 -5
- data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +2 -0
- data/test/dummy/tmp/generators/db/migrate/{20171014052631_devise_token_auth_create_users.rb → 20180805205504_devise_token_auth_create_users.rb} +1 -0
- data/test/integration/navigation_test.rb +2 -0
- data/test/lib/devise_token_auth/url_test.rb +2 -0
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +2 -0
- data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +194 -0
- data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +2 -0
- data/test/models/only_email_user_test.rb +2 -0
- data/test/models/user_test.rb +6 -4
- data/test/test_helper.rb +30 -14
- metadata +23 -5
data/lib/devise_token_auth.rb
CHANGED
|
@@ -1,8 +1,11 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require "devise"
|
|
2
4
|
require "devise_token_auth/engine"
|
|
3
5
|
require "devise_token_auth/controllers/helpers"
|
|
4
6
|
require "devise_token_auth/controllers/url_helpers"
|
|
5
7
|
require "devise_token_auth/url"
|
|
8
|
+
require "devise_token_auth/errors"
|
|
6
9
|
|
|
7
10
|
module DeviseTokenAuth
|
|
8
11
|
end
|
|
@@ -15,7 +15,7 @@ Example:
|
|
|
15
15
|
|
|
16
16
|
This will create:
|
|
17
17
|
config/initializers/devise_token_auth.rb
|
|
18
|
-
db/migrate/<%= Time.now.utc.strftime("%Y%m%d%H%M%S") %>_create_devise_token_auth_create_users.rb
|
|
18
|
+
db/migrate/<%= Time.zone.now.utc.strftime("%Y%m%d%H%M%S") %>_create_devise_token_auth_create_users.rb
|
|
19
19
|
app/models/user.rb
|
|
20
20
|
|
|
21
21
|
If 'app/models/user.rb' already exists, the following line will be inserted
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module DeviseTokenAuth
|
|
2
4
|
class InstallGenerator < Rails::Generators::Base
|
|
3
5
|
include Rails::Generators::Migration
|
|
@@ -12,12 +14,12 @@ module DeviseTokenAuth
|
|
|
12
14
|
end
|
|
13
15
|
|
|
14
16
|
def copy_migrations
|
|
15
|
-
if self.class.migration_exists?("db/migrate", "devise_token_auth_create_#{ user_class.underscore }")
|
|
16
|
-
say_status("skipped", "Migration 'devise_token_auth_create_#{ user_class.underscore }' already exists")
|
|
17
|
+
if self.class.migration_exists?("db/migrate", "devise_token_auth_create_#{ user_class.pluralize.gsub("::","").underscore }")
|
|
18
|
+
say_status("skipped", "Migration 'devise_token_auth_create_#{ user_class.pluralize.gsub("::","").underscore }' already exists")
|
|
17
19
|
else
|
|
18
20
|
migration_template(
|
|
19
21
|
"devise_token_auth_create_users.rb.erb",
|
|
20
|
-
"db/migrate/devise_token_auth_create_#{ user_class.pluralize.underscore }.rb"
|
|
22
|
+
"db/migrate/devise_token_auth_create_#{ user_class.pluralize.gsub("::","").underscore }.rb"
|
|
21
23
|
)
|
|
22
24
|
end
|
|
23
25
|
end
|
|
@@ -29,7 +31,7 @@ module DeviseTokenAuth
|
|
|
29
31
|
else
|
|
30
32
|
inclusion = "include DeviseTokenAuth::Concerns::User"
|
|
31
33
|
unless parse_file_for_line(fname, inclusion)
|
|
32
|
-
|
|
34
|
+
|
|
33
35
|
active_record_needle = (Rails::VERSION::MAJOR == 5) ? 'ApplicationRecord' : 'ActiveRecord::Base'
|
|
34
36
|
inject_into_file fname, after: "class #{user_class} < #{active_record_needle}\n" do <<-'RUBY'
|
|
35
37
|
# Include default devise modules.
|
|
@@ -101,7 +103,7 @@ module DeviseTokenAuth
|
|
|
101
103
|
private
|
|
102
104
|
|
|
103
105
|
def self.next_migration_number(path)
|
|
104
|
-
Time.now.utc.strftime("%Y%m%d%H%M%S")
|
|
106
|
+
Time.zone.now.utc.strftime("%Y%m%d%H%M%S")
|
|
105
107
|
end
|
|
106
108
|
|
|
107
109
|
def insert_after_line(filename, line, str)
|
|
@@ -1,6 +1,7 @@
|
|
|
1
|
-
class DeviseTokenAuthCreate<%= user_class.pluralize %> < ActiveRecord::Migration<%= "[#{Rails::VERSION::STRING[0..2]}]" if Rails::VERSION::MAJOR > 4 %>
|
|
1
|
+
class DeviseTokenAuthCreate<%= user_class.pluralize.gsub("::","") %> < ActiveRecord::Migration<%= "[#{Rails::VERSION::STRING[0..2]}]" if Rails::VERSION::MAJOR > 4 %>
|
|
2
2
|
def change
|
|
3
|
-
|
|
3
|
+
<% table_name = @user_class.pluralize.gsub("::","").underscore %>
|
|
4
|
+
create_table(:<%= table_name %>) do |t|
|
|
4
5
|
## Required
|
|
5
6
|
t.string :provider, :null => false, :default => "email"
|
|
6
7
|
t.string :uid, :null => false, :default => ""
|
|
@@ -46,10 +47,10 @@ class DeviseTokenAuthCreate<%= user_class.pluralize %> < ActiveRecord::Migration
|
|
|
46
47
|
t.timestamps
|
|
47
48
|
end
|
|
48
49
|
|
|
49
|
-
add_index :<%=
|
|
50
|
-
add_index :<%=
|
|
51
|
-
add_index :<%=
|
|
52
|
-
add_index :<%=
|
|
53
|
-
# add_index :<%=
|
|
50
|
+
add_index :<%= table_name %>, :email, unique: true
|
|
51
|
+
add_index :<%= table_name %>, [:uid, :provider], unique: true
|
|
52
|
+
add_index :<%= table_name %>, :reset_password_token, unique: true
|
|
53
|
+
add_index :<%= table_name %>, :confirmation_token, unique: true
|
|
54
|
+
# add_index :<%= table_name %>, :unlock_token, unique: true
|
|
54
55
|
end
|
|
55
56
|
end
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
class <%= user_class %> < ActiveRecord::Base
|
|
2
4
|
# Include default devise modules. Others available are:
|
|
3
5
|
# :confirmable, :lockable, :timeoutable and :omniauthable
|
|
4
6
|
devise :database_authenticatable, :registerable,
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'test_helper'
|
|
2
4
|
|
|
3
5
|
class Custom::RegistrationsControllerTest < ActionDispatch::IntegrationTest
|
|
@@ -50,5 +52,14 @@ class Custom::RegistrationsControllerTest < ActionDispatch::IntegrationTest
|
|
|
50
52
|
assert @controller.destroy_block_called?,
|
|
51
53
|
'destroy failed to yield resource to provided block'
|
|
52
54
|
end
|
|
55
|
+
|
|
56
|
+
describe 'when overriding #build_resource' do
|
|
57
|
+
test 'it fails' do
|
|
58
|
+
Custom::RegistrationsController.any_instance.stubs(:build_resource).returns(nil)
|
|
59
|
+
assert_raises DeviseTokenAuth::Errors::NoResourceDefinedError do
|
|
60
|
+
post '/nice_user_auth', params: @create_params
|
|
61
|
+
end
|
|
62
|
+
end
|
|
63
|
+
end
|
|
53
64
|
end
|
|
54
65
|
end
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'test_helper'
|
|
2
4
|
|
|
3
5
|
# was the web request successful?
|
|
@@ -214,7 +216,7 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
|
|
|
214
216
|
end
|
|
215
217
|
|
|
216
218
|
it 'should not return auth headers for second (batched) requests' do
|
|
217
|
-
|
|
219
|
+
refute @second_access_token
|
|
218
220
|
end
|
|
219
221
|
end
|
|
220
222
|
|
|
@@ -282,3 +284,4 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
|
|
|
282
284
|
end
|
|
283
285
|
end
|
|
284
286
|
end
|
|
287
|
+
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'test_helper'
|
|
2
4
|
|
|
3
5
|
# was the web request successful?
|
|
@@ -215,7 +217,7 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
|
|
|
215
217
|
end
|
|
216
218
|
|
|
217
219
|
it 'should not return auth headers for second (batched) requests' do
|
|
218
|
-
|
|
220
|
+
refute @second_access_token
|
|
219
221
|
end
|
|
220
222
|
end
|
|
221
223
|
|
|
@@ -407,6 +409,50 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
|
|
|
407
409
|
DeviseTokenAuth.headers_names[:'access-token'] = 'access-token'
|
|
408
410
|
end
|
|
409
411
|
end
|
|
412
|
+
|
|
413
|
+
describe 'maximum concurrent devices per user' do
|
|
414
|
+
before do
|
|
415
|
+
# Set the max_number_of_devices to a lower number
|
|
416
|
+
# to expedite tests! (Default is 10)
|
|
417
|
+
DeviseTokenAuth.max_number_of_devices = 5
|
|
418
|
+
end
|
|
419
|
+
|
|
420
|
+
it 'should limit the maximum number of concurrent devices' do
|
|
421
|
+
# increment the number of devices until the maximum is exceeded
|
|
422
|
+
1.upto(DeviseTokenAuth.max_number_of_devices + 1).each do |n|
|
|
423
|
+
|
|
424
|
+
assert_equal(
|
|
425
|
+
[n, DeviseTokenAuth.max_number_of_devices].min,
|
|
426
|
+
@resource.reload.tokens.length
|
|
427
|
+
)
|
|
428
|
+
|
|
429
|
+
# Add a new device (and token) ahead of the next iteration
|
|
430
|
+
@resource.create_new_auth_token
|
|
431
|
+
|
|
432
|
+
end
|
|
433
|
+
end
|
|
434
|
+
|
|
435
|
+
it 'should drop the oldest token when the maximum number of devices is exceeded' do
|
|
436
|
+
# create the maximum number of tokens
|
|
437
|
+
1.upto(DeviseTokenAuth.max_number_of_devices).each do
|
|
438
|
+
@resource.create_new_auth_token
|
|
439
|
+
end
|
|
440
|
+
|
|
441
|
+
# get the oldest token client_id
|
|
442
|
+
oldest_client_id, = @resource.reload.tokens.min_by do |cid, v|
|
|
443
|
+
v[:expiry] || v["expiry"]
|
|
444
|
+
end # => [ 'CLIENT_ID', {token: ...} ]
|
|
445
|
+
|
|
446
|
+
# create another token, thereby dropping the oldest token
|
|
447
|
+
@resource.create_new_auth_token
|
|
448
|
+
|
|
449
|
+
assert_not_includes @resource.reload.tokens.keys, oldest_client_id
|
|
450
|
+
end
|
|
451
|
+
|
|
452
|
+
after do
|
|
453
|
+
DeviseTokenAuth.max_number_of_devices = 10
|
|
454
|
+
end
|
|
455
|
+
end
|
|
410
456
|
end
|
|
411
457
|
|
|
412
458
|
describe 'bypass_sign_in' do
|
|
@@ -503,17 +549,8 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
|
|
|
503
549
|
refute_equal @resource, @controller.current_mang
|
|
504
550
|
end
|
|
505
551
|
|
|
506
|
-
it 'should increase the number of tokens by a factor of 2 up to 11' do
|
|
507
|
-
@first_token = @resource.tokens.keys.first
|
|
508
552
|
|
|
509
|
-
DeviseTokenAuth.max_number_of_devices = 11
|
|
510
|
-
(1..10).each do |n|
|
|
511
|
-
assert_equal [11, 2 * n].min, @resource.reload.tokens.keys.length
|
|
512
|
-
get '/demo/members_only', params: {}, headers: nil
|
|
513
|
-
end
|
|
514
553
|
|
|
515
|
-
assert_not_includes @resource.reload.tokens.keys, @first_token
|
|
516
|
-
end
|
|
517
554
|
end
|
|
518
555
|
|
|
519
556
|
it 'should return success status' do
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'test_helper'
|
|
2
4
|
|
|
3
5
|
# was the web request successful?
|
|
@@ -55,18 +57,14 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
|
|
55
57
|
test 'the sign_in_count should be 1' do
|
|
56
58
|
assert @resource.sign_in_count == 1
|
|
57
59
|
end
|
|
60
|
+
|
|
58
61
|
test 'User shoud have the signed in info filled' do
|
|
59
62
|
assert @resource.current_sign_in_at?
|
|
60
63
|
end
|
|
64
|
+
|
|
61
65
|
test 'User shoud have the Last checkin filled' do
|
|
62
66
|
assert @resource.last_sign_in_at?
|
|
63
67
|
end
|
|
64
|
-
|
|
65
|
-
test 'user already confirmed' do
|
|
66
|
-
assert @resource.sign_in_count > 0 do
|
|
67
|
-
assert expiry == (Time.now + Time.now + 1.second).to_i
|
|
68
|
-
end
|
|
69
|
-
end
|
|
70
68
|
end
|
|
71
69
|
|
|
72
70
|
describe 'failure' do
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
|
|
2
|
-
require 'mocha/test_unit'
|
|
1
|
+
# frozen_string_literal: true
|
|
3
2
|
|
|
3
|
+
require 'test_helper'
|
|
4
4
|
# was the web request successful?
|
|
5
5
|
# was the user redirected to the right page?
|
|
6
6
|
# was the user successfully authenticated?
|
|
@@ -57,7 +57,7 @@ class OmniauthTest < ActionDispatch::IntegrationTest
|
|
|
57
57
|
expiry = controller.auth_params[:expiry]
|
|
58
58
|
|
|
59
59
|
# the expiry should have been set
|
|
60
|
-
assert_equal expiry, @resource.tokens[client_id]['expiry']
|
|
60
|
+
assert_equal expiry, @resource.tokens[client_id]['expiry'] || @resource.tokens[client_id][:expiry]
|
|
61
61
|
|
|
62
62
|
# the token sent down to the client should now be valid
|
|
63
63
|
assert @resource.valid_token?(token, client_id)
|
|
@@ -70,7 +70,10 @@ class OmniauthTest < ActionDispatch::IntegrationTest
|
|
|
70
70
|
end
|
|
71
71
|
|
|
72
72
|
test 'sign_in was called' do
|
|
73
|
-
|
|
73
|
+
DeviseTokenAuth::OmniauthCallbacksController.any_instance\
|
|
74
|
+
.expects(:sign_in).with(
|
|
75
|
+
:user, instance_of(User), has_entries(store: false, bypass: false)
|
|
76
|
+
)
|
|
74
77
|
get_success
|
|
75
78
|
end
|
|
76
79
|
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'test_helper'
|
|
2
4
|
|
|
3
5
|
# was the web request successful?
|
|
@@ -177,7 +179,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
|
|
|
177
179
|
@resource = assigns(:resource)
|
|
178
180
|
@data = JSON.parse(response.body)
|
|
179
181
|
@mail = ActionMailer::Base.deliveries.last
|
|
180
|
-
@sent_redirect_url =
|
|
182
|
+
@sent_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)(&|\")/)[1])
|
|
181
183
|
end
|
|
182
184
|
|
|
183
185
|
teardown do
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'test_helper'
|
|
2
4
|
|
|
3
5
|
# was the web request successful?
|
|
@@ -72,6 +74,56 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
|
|
|
72
74
|
assert_equal '0.0.0.0', @new_last_sign_in_ip
|
|
73
75
|
end
|
|
74
76
|
end
|
|
77
|
+
|
|
78
|
+
describe "with multiple clients and headers don't change in each request" do
|
|
79
|
+
before do
|
|
80
|
+
# Set the max_number_of_devices to a lower number
|
|
81
|
+
# to expedite tests! (Default is 10)
|
|
82
|
+
DeviseTokenAuth.max_number_of_devices = 2
|
|
83
|
+
DeviseTokenAuth.change_headers_on_each_request = false
|
|
84
|
+
|
|
85
|
+
@user_session_params = {
|
|
86
|
+
email: @existing_user.email,
|
|
87
|
+
password: 'secret123'
|
|
88
|
+
}
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
test 'should limit the maximum number of concurrent devices' do
|
|
92
|
+
# increment the number of devices until the maximum is exceeded
|
|
93
|
+
1.upto(DeviseTokenAuth.max_number_of_devices + 1).each do |n|
|
|
94
|
+
initial_tokens = @existing_user.reload.tokens
|
|
95
|
+
|
|
96
|
+
assert_equal(
|
|
97
|
+
[n, DeviseTokenAuth.max_number_of_devices].min,
|
|
98
|
+
@existing_user.reload.tokens.length
|
|
99
|
+
)
|
|
100
|
+
|
|
101
|
+
# Already have the max number of devices
|
|
102
|
+
post :create, params: @user_session_params
|
|
103
|
+
|
|
104
|
+
# A session for a new device maintains the max number of concurrent devices
|
|
105
|
+
refute_equal initial_tokens, @existing_user.reload.tokens
|
|
106
|
+
end
|
|
107
|
+
end
|
|
108
|
+
|
|
109
|
+
test 'should drop old tokens when max number of devices is exceeded' do
|
|
110
|
+
1.upto(DeviseTokenAuth.max_number_of_devices).each do |n|
|
|
111
|
+
post :create, params: @user_session_params
|
|
112
|
+
end
|
|
113
|
+
|
|
114
|
+
oldest_token, _ = @existing_user.reload.tokens \
|
|
115
|
+
.min_by { |cid, v| v[:expiry] || v["expiry"] }
|
|
116
|
+
|
|
117
|
+
post :create, params: @user_session_params
|
|
118
|
+
|
|
119
|
+
assert_not_includes @existing_user.reload.tokens.keys, oldest_token
|
|
120
|
+
end
|
|
121
|
+
|
|
122
|
+
after do
|
|
123
|
+
DeviseTokenAuth.max_number_of_devices = 10
|
|
124
|
+
DeviseTokenAuth.change_headers_on_each_request = true
|
|
125
|
+
end
|
|
126
|
+
end
|
|
75
127
|
end
|
|
76
128
|
|
|
77
129
|
describe 'get sign_in is not supported' do
|