devise_token_auth 0.1.43 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise_token_auth might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/README.md +40 -894
- data/Rakefile +2 -0
- data/app/controllers/devise_token_auth/application_controller.rb +6 -0
- data/app/controllers/devise_token_auth/concerns/resource_finder.rb +2 -0
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +9 -14
- data/app/controllers/devise_token_auth/confirmations_controller.rb +3 -1
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +2 -0
- data/app/controllers/devise_token_auth/passwords_controller.rb +8 -14
- data/app/controllers/devise_token_auth/registrations_controller.rb +26 -21
- data/app/controllers/devise_token_auth/sessions_controller.rb +2 -0
- data/app/controllers/devise_token_auth/token_validations_controller.rb +2 -0
- data/app/controllers/devise_token_auth/unlocks_controller.rb +2 -0
- data/app/models/devise_token_auth/concerns/user.rb +41 -16
- data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +2 -0
- data/app/validators/email_validator.rb +3 -1
- data/config/initializers/devise.rb +2 -0
- data/config/locales/da-DK.yml +1 -1
- data/config/locales/sv.yml +50 -0
- data/lib/devise_token_auth.rb +3 -0
- data/lib/devise_token_auth/controllers/helpers.rb +2 -0
- data/lib/devise_token_auth/controllers/url_helpers.rb +2 -0
- data/lib/devise_token_auth/engine.rb +2 -0
- data/lib/devise_token_auth/errors.rb +7 -0
- data/lib/devise_token_auth/rails/routes.rb +2 -0
- data/lib/devise_token_auth/url.rb +2 -0
- data/lib/devise_token_auth/version.rb +3 -1
- data/lib/generators/devise_token_auth/USAGE +1 -1
- data/lib/generators/devise_token_auth/install_generator.rb +7 -5
- data/lib/generators/devise_token_auth/install_views_generator.rb +2 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +2 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +8 -7
- data/lib/generators/devise_token_auth/templates/user.rb +3 -1
- data/lib/tasks/devise_token_auth_tasks.rake +2 -0
- data/test/controllers/custom/custom_confirmations_controller_test.rb +2 -0
- data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +2 -0
- data/test/controllers/custom/custom_passwords_controller_test.rb +2 -0
- data/test/controllers/custom/custom_registrations_controller_test.rb +11 -0
- data/test/controllers/custom/custom_sessions_controller_test.rb +2 -0
- data/test/controllers/custom/custom_token_validations_controller_test.rb +2 -0
- data/test/controllers/demo_group_controller_test.rb +2 -0
- data/test/controllers/demo_mang_controller_test.rb +4 -1
- data/test/controllers/demo_user_controller_test.rb +47 -10
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +4 -6
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +7 -4
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +2 -0
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +3 -1
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +52 -0
- data/test/controllers/devise_token_auth/token_validations_controller_test.rb +2 -0
- data/test/controllers/devise_token_auth/unlocks_controller_test.rb +2 -0
- data/test/controllers/overrides/confirmations_controller_test.rb +2 -0
- data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +2 -0
- data/test/controllers/overrides/passwords_controller_test.rb +2 -0
- data/test/controllers/overrides/registrations_controller_test.rb +31 -27
- data/test/controllers/overrides/sessions_controller_test.rb +2 -0
- data/test/controllers/overrides/token_validations_controller_test.rb +2 -0
- data/test/dummy/app/controllers/application_controller.rb +2 -0
- data/test/dummy/app/controllers/auth_origin_controller.rb +2 -0
- data/test/dummy/app/controllers/custom/confirmations_controller.rb +2 -0
- data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb +2 -0
- data/test/dummy/app/controllers/custom/passwords_controller.rb +2 -0
- data/test/dummy/app/controllers/custom/registrations_controller.rb +2 -1
- data/test/dummy/app/controllers/custom/sessions_controller.rb +2 -0
- data/test/dummy/app/controllers/custom/token_validations_controller.rb +2 -0
- data/test/dummy/app/controllers/demo_group_controller.rb +2 -0
- data/test/dummy/app/controllers/demo_mang_controller.rb +2 -0
- data/test/dummy/app/controllers/demo_user_controller.rb +2 -0
- data/test/dummy/app/controllers/overrides/confirmations_controller.rb +2 -0
- data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +2 -0
- data/test/dummy/app/controllers/overrides/passwords_controller.rb +2 -0
- data/test/dummy/app/controllers/overrides/registrations_controller.rb +2 -0
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +2 -0
- data/test/dummy/app/controllers/overrides/token_validations_controller.rb +2 -0
- data/test/dummy/app/helpers/application_helper.rb +2 -0
- data/test/dummy/app/models/evil_user.rb +2 -0
- data/test/dummy/app/models/lockable_user.rb +2 -0
- data/test/dummy/app/models/mang.rb +2 -0
- data/test/dummy/app/models/nice_user.rb +2 -0
- data/test/dummy/app/models/only_email_user.rb +2 -0
- data/test/dummy/app/models/scoped_user.rb +2 -0
- data/test/dummy/app/models/unconfirmable_user.rb +2 -0
- data/test/dummy/app/models/unregisterable_user.rb +2 -0
- data/test/dummy/app/models/user.rb +2 -0
- data/test/dummy/config/application.rb +2 -0
- data/test/dummy/config/boot.rb +2 -0
- data/test/dummy/config/environment.rb +2 -0
- data/test/dummy/config/environments/development.rb +2 -0
- data/test/dummy/config/environments/production.rb +2 -0
- data/test/dummy/config/environments/test.rb +2 -0
- data/test/dummy/config/initializers/assets.rb +2 -0
- data/test/dummy/config/initializers/backtrace_silencers.rb +2 -0
- data/test/dummy/config/initializers/cookies_serializer.rb +3 -1
- data/test/dummy/config/initializers/devise.rb +2 -0
- data/test/dummy/config/initializers/devise_token_auth.rb +2 -0
- data/test/dummy/config/initializers/figaro.rb +2 -0
- data/test/dummy/config/initializers/filter_parameter_logging.rb +2 -0
- data/test/dummy/config/initializers/inflections.rb +2 -0
- data/test/dummy/config/initializers/mime_types.rb +2 -0
- data/test/dummy/config/initializers/omniauth.rb +2 -0
- data/test/dummy/config/initializers/session_store.rb +2 -0
- data/test/dummy/config/initializers/wrap_parameters.rb +2 -0
- data/test/dummy/config/routes.rb +2 -0
- data/test/dummy/config/spring.rb +2 -0
- data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +2 -0
- data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +2 -0
- data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +2 -0
- data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +2 -0
- data/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb +2 -0
- data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +2 -0
- data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +2 -0
- data/test/dummy/db/migrate/20150409095712_devise_token_auth_create_nice_users.rb +2 -0
- data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +2 -0
- data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +2 -0
- data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +2 -0
- data/test/dummy/lib/migration_database_helper.rb +15 -1
- data/test/dummy/tmp/generators/app/models/user.rb +5 -5
- data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +2 -0
- data/test/dummy/tmp/generators/db/migrate/{20171014052631_devise_token_auth_create_users.rb → 20180805205504_devise_token_auth_create_users.rb} +1 -0
- data/test/integration/navigation_test.rb +2 -0
- data/test/lib/devise_token_auth/url_test.rb +2 -0
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +2 -0
- data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +194 -0
- data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +2 -0
- data/test/models/only_email_user_test.rb +2 -0
- data/test/models/user_test.rb +6 -4
- data/test/test_helper.rb +30 -14
- metadata +23 -5
data/lib/devise_token_auth.rb
CHANGED
@@ -1,8 +1,11 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "devise"
|
2
4
|
require "devise_token_auth/engine"
|
3
5
|
require "devise_token_auth/controllers/helpers"
|
4
6
|
require "devise_token_auth/controllers/url_helpers"
|
5
7
|
require "devise_token_auth/url"
|
8
|
+
require "devise_token_auth/errors"
|
6
9
|
|
7
10
|
module DeviseTokenAuth
|
8
11
|
end
|
@@ -15,7 +15,7 @@ Example:
|
|
15
15
|
|
16
16
|
This will create:
|
17
17
|
config/initializers/devise_token_auth.rb
|
18
|
-
db/migrate/<%= Time.now.utc.strftime("%Y%m%d%H%M%S") %>_create_devise_token_auth_create_users.rb
|
18
|
+
db/migrate/<%= Time.zone.now.utc.strftime("%Y%m%d%H%M%S") %>_create_devise_token_auth_create_users.rb
|
19
19
|
app/models/user.rb
|
20
20
|
|
21
21
|
If 'app/models/user.rb' already exists, the following line will be inserted
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module DeviseTokenAuth
|
2
4
|
class InstallGenerator < Rails::Generators::Base
|
3
5
|
include Rails::Generators::Migration
|
@@ -12,12 +14,12 @@ module DeviseTokenAuth
|
|
12
14
|
end
|
13
15
|
|
14
16
|
def copy_migrations
|
15
|
-
if self.class.migration_exists?("db/migrate", "devise_token_auth_create_#{ user_class.underscore }")
|
16
|
-
say_status("skipped", "Migration 'devise_token_auth_create_#{ user_class.underscore }' already exists")
|
17
|
+
if self.class.migration_exists?("db/migrate", "devise_token_auth_create_#{ user_class.pluralize.gsub("::","").underscore }")
|
18
|
+
say_status("skipped", "Migration 'devise_token_auth_create_#{ user_class.pluralize.gsub("::","").underscore }' already exists")
|
17
19
|
else
|
18
20
|
migration_template(
|
19
21
|
"devise_token_auth_create_users.rb.erb",
|
20
|
-
"db/migrate/devise_token_auth_create_#{ user_class.pluralize.underscore }.rb"
|
22
|
+
"db/migrate/devise_token_auth_create_#{ user_class.pluralize.gsub("::","").underscore }.rb"
|
21
23
|
)
|
22
24
|
end
|
23
25
|
end
|
@@ -29,7 +31,7 @@ module DeviseTokenAuth
|
|
29
31
|
else
|
30
32
|
inclusion = "include DeviseTokenAuth::Concerns::User"
|
31
33
|
unless parse_file_for_line(fname, inclusion)
|
32
|
-
|
34
|
+
|
33
35
|
active_record_needle = (Rails::VERSION::MAJOR == 5) ? 'ApplicationRecord' : 'ActiveRecord::Base'
|
34
36
|
inject_into_file fname, after: "class #{user_class} < #{active_record_needle}\n" do <<-'RUBY'
|
35
37
|
# Include default devise modules.
|
@@ -101,7 +103,7 @@ module DeviseTokenAuth
|
|
101
103
|
private
|
102
104
|
|
103
105
|
def self.next_migration_number(path)
|
104
|
-
Time.now.utc.strftime("%Y%m%d%H%M%S")
|
106
|
+
Time.zone.now.utc.strftime("%Y%m%d%H%M%S")
|
105
107
|
end
|
106
108
|
|
107
109
|
def insert_after_line(filename, line, str)
|
@@ -1,6 +1,7 @@
|
|
1
|
-
class DeviseTokenAuthCreate<%= user_class.pluralize %> < ActiveRecord::Migration<%= "[#{Rails::VERSION::STRING[0..2]}]" if Rails::VERSION::MAJOR > 4 %>
|
1
|
+
class DeviseTokenAuthCreate<%= user_class.pluralize.gsub("::","") %> < ActiveRecord::Migration<%= "[#{Rails::VERSION::STRING[0..2]}]" if Rails::VERSION::MAJOR > 4 %>
|
2
2
|
def change
|
3
|
-
|
3
|
+
<% table_name = @user_class.pluralize.gsub("::","").underscore %>
|
4
|
+
create_table(:<%= table_name %>) do |t|
|
4
5
|
## Required
|
5
6
|
t.string :provider, :null => false, :default => "email"
|
6
7
|
t.string :uid, :null => false, :default => ""
|
@@ -46,10 +47,10 @@ class DeviseTokenAuthCreate<%= user_class.pluralize %> < ActiveRecord::Migration
|
|
46
47
|
t.timestamps
|
47
48
|
end
|
48
49
|
|
49
|
-
add_index :<%=
|
50
|
-
add_index :<%=
|
51
|
-
add_index :<%=
|
52
|
-
add_index :<%=
|
53
|
-
# add_index :<%=
|
50
|
+
add_index :<%= table_name %>, :email, unique: true
|
51
|
+
add_index :<%= table_name %>, [:uid, :provider], unique: true
|
52
|
+
add_index :<%= table_name %>, :reset_password_token, unique: true
|
53
|
+
add_index :<%= table_name %>, :confirmation_token, unique: true
|
54
|
+
# add_index :<%= table_name %>, :unlock_token, unique: true
|
54
55
|
end
|
55
56
|
end
|
@@ -1,4 +1,6 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
class <%= user_class %> < ActiveRecord::Base
|
2
4
|
# Include default devise modules. Others available are:
|
3
5
|
# :confirmable, :lockable, :timeoutable and :omniauthable
|
4
6
|
devise :database_authenticatable, :registerable,
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
class Custom::RegistrationsControllerTest < ActionDispatch::IntegrationTest
|
@@ -50,5 +52,14 @@ class Custom::RegistrationsControllerTest < ActionDispatch::IntegrationTest
|
|
50
52
|
assert @controller.destroy_block_called?,
|
51
53
|
'destroy failed to yield resource to provided block'
|
52
54
|
end
|
55
|
+
|
56
|
+
describe 'when overriding #build_resource' do
|
57
|
+
test 'it fails' do
|
58
|
+
Custom::RegistrationsController.any_instance.stubs(:build_resource).returns(nil)
|
59
|
+
assert_raises DeviseTokenAuth::Errors::NoResourceDefinedError do
|
60
|
+
post '/nice_user_auth', params: @create_params
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
53
64
|
end
|
54
65
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
# was the web request successful?
|
@@ -214,7 +216,7 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
|
|
214
216
|
end
|
215
217
|
|
216
218
|
it 'should not return auth headers for second (batched) requests' do
|
217
|
-
|
219
|
+
refute @second_access_token
|
218
220
|
end
|
219
221
|
end
|
220
222
|
|
@@ -282,3 +284,4 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
|
|
282
284
|
end
|
283
285
|
end
|
284
286
|
end
|
287
|
+
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
# was the web request successful?
|
@@ -215,7 +217,7 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
|
|
215
217
|
end
|
216
218
|
|
217
219
|
it 'should not return auth headers for second (batched) requests' do
|
218
|
-
|
220
|
+
refute @second_access_token
|
219
221
|
end
|
220
222
|
end
|
221
223
|
|
@@ -407,6 +409,50 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
|
|
407
409
|
DeviseTokenAuth.headers_names[:'access-token'] = 'access-token'
|
408
410
|
end
|
409
411
|
end
|
412
|
+
|
413
|
+
describe 'maximum concurrent devices per user' do
|
414
|
+
before do
|
415
|
+
# Set the max_number_of_devices to a lower number
|
416
|
+
# to expedite tests! (Default is 10)
|
417
|
+
DeviseTokenAuth.max_number_of_devices = 5
|
418
|
+
end
|
419
|
+
|
420
|
+
it 'should limit the maximum number of concurrent devices' do
|
421
|
+
# increment the number of devices until the maximum is exceeded
|
422
|
+
1.upto(DeviseTokenAuth.max_number_of_devices + 1).each do |n|
|
423
|
+
|
424
|
+
assert_equal(
|
425
|
+
[n, DeviseTokenAuth.max_number_of_devices].min,
|
426
|
+
@resource.reload.tokens.length
|
427
|
+
)
|
428
|
+
|
429
|
+
# Add a new device (and token) ahead of the next iteration
|
430
|
+
@resource.create_new_auth_token
|
431
|
+
|
432
|
+
end
|
433
|
+
end
|
434
|
+
|
435
|
+
it 'should drop the oldest token when the maximum number of devices is exceeded' do
|
436
|
+
# create the maximum number of tokens
|
437
|
+
1.upto(DeviseTokenAuth.max_number_of_devices).each do
|
438
|
+
@resource.create_new_auth_token
|
439
|
+
end
|
440
|
+
|
441
|
+
# get the oldest token client_id
|
442
|
+
oldest_client_id, = @resource.reload.tokens.min_by do |cid, v|
|
443
|
+
v[:expiry] || v["expiry"]
|
444
|
+
end # => [ 'CLIENT_ID', {token: ...} ]
|
445
|
+
|
446
|
+
# create another token, thereby dropping the oldest token
|
447
|
+
@resource.create_new_auth_token
|
448
|
+
|
449
|
+
assert_not_includes @resource.reload.tokens.keys, oldest_client_id
|
450
|
+
end
|
451
|
+
|
452
|
+
after do
|
453
|
+
DeviseTokenAuth.max_number_of_devices = 10
|
454
|
+
end
|
455
|
+
end
|
410
456
|
end
|
411
457
|
|
412
458
|
describe 'bypass_sign_in' do
|
@@ -503,17 +549,8 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
|
|
503
549
|
refute_equal @resource, @controller.current_mang
|
504
550
|
end
|
505
551
|
|
506
|
-
it 'should increase the number of tokens by a factor of 2 up to 11' do
|
507
|
-
@first_token = @resource.tokens.keys.first
|
508
552
|
|
509
|
-
DeviseTokenAuth.max_number_of_devices = 11
|
510
|
-
(1..10).each do |n|
|
511
|
-
assert_equal [11, 2 * n].min, @resource.reload.tokens.keys.length
|
512
|
-
get '/demo/members_only', params: {}, headers: nil
|
513
|
-
end
|
514
553
|
|
515
|
-
assert_not_includes @resource.reload.tokens.keys, @first_token
|
516
|
-
end
|
517
554
|
end
|
518
555
|
|
519
556
|
it 'should return success status' do
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
# was the web request successful?
|
@@ -55,18 +57,14 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
|
55
57
|
test 'the sign_in_count should be 1' do
|
56
58
|
assert @resource.sign_in_count == 1
|
57
59
|
end
|
60
|
+
|
58
61
|
test 'User shoud have the signed in info filled' do
|
59
62
|
assert @resource.current_sign_in_at?
|
60
63
|
end
|
64
|
+
|
61
65
|
test 'User shoud have the Last checkin filled' do
|
62
66
|
assert @resource.last_sign_in_at?
|
63
67
|
end
|
64
|
-
|
65
|
-
test 'user already confirmed' do
|
66
|
-
assert @resource.sign_in_count > 0 do
|
67
|
-
assert expiry == (Time.now + Time.now + 1.second).to_i
|
68
|
-
end
|
69
|
-
end
|
70
68
|
end
|
71
69
|
|
72
70
|
describe 'failure' do
|
@@ -1,6 +1,6 @@
|
|
1
|
-
|
2
|
-
require 'mocha/test_unit'
|
1
|
+
# frozen_string_literal: true
|
3
2
|
|
3
|
+
require 'test_helper'
|
4
4
|
# was the web request successful?
|
5
5
|
# was the user redirected to the right page?
|
6
6
|
# was the user successfully authenticated?
|
@@ -57,7 +57,7 @@ class OmniauthTest < ActionDispatch::IntegrationTest
|
|
57
57
|
expiry = controller.auth_params[:expiry]
|
58
58
|
|
59
59
|
# the expiry should have been set
|
60
|
-
assert_equal expiry, @resource.tokens[client_id]['expiry']
|
60
|
+
assert_equal expiry, @resource.tokens[client_id]['expiry'] || @resource.tokens[client_id][:expiry]
|
61
61
|
|
62
62
|
# the token sent down to the client should now be valid
|
63
63
|
assert @resource.valid_token?(token, client_id)
|
@@ -70,7 +70,10 @@ class OmniauthTest < ActionDispatch::IntegrationTest
|
|
70
70
|
end
|
71
71
|
|
72
72
|
test 'sign_in was called' do
|
73
|
-
|
73
|
+
DeviseTokenAuth::OmniauthCallbacksController.any_instance\
|
74
|
+
.expects(:sign_in).with(
|
75
|
+
:user, instance_of(User), has_entries(store: false, bypass: false)
|
76
|
+
)
|
74
77
|
get_success
|
75
78
|
end
|
76
79
|
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
# was the web request successful?
|
@@ -177,7 +179,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
|
|
177
179
|
@resource = assigns(:resource)
|
178
180
|
@data = JSON.parse(response.body)
|
179
181
|
@mail = ActionMailer::Base.deliveries.last
|
180
|
-
@sent_redirect_url =
|
182
|
+
@sent_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)(&|\")/)[1])
|
181
183
|
end
|
182
184
|
|
183
185
|
teardown do
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
# was the web request successful?
|
@@ -72,6 +74,56 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
|
|
72
74
|
assert_equal '0.0.0.0', @new_last_sign_in_ip
|
73
75
|
end
|
74
76
|
end
|
77
|
+
|
78
|
+
describe "with multiple clients and headers don't change in each request" do
|
79
|
+
before do
|
80
|
+
# Set the max_number_of_devices to a lower number
|
81
|
+
# to expedite tests! (Default is 10)
|
82
|
+
DeviseTokenAuth.max_number_of_devices = 2
|
83
|
+
DeviseTokenAuth.change_headers_on_each_request = false
|
84
|
+
|
85
|
+
@user_session_params = {
|
86
|
+
email: @existing_user.email,
|
87
|
+
password: 'secret123'
|
88
|
+
}
|
89
|
+
end
|
90
|
+
|
91
|
+
test 'should limit the maximum number of concurrent devices' do
|
92
|
+
# increment the number of devices until the maximum is exceeded
|
93
|
+
1.upto(DeviseTokenAuth.max_number_of_devices + 1).each do |n|
|
94
|
+
initial_tokens = @existing_user.reload.tokens
|
95
|
+
|
96
|
+
assert_equal(
|
97
|
+
[n, DeviseTokenAuth.max_number_of_devices].min,
|
98
|
+
@existing_user.reload.tokens.length
|
99
|
+
)
|
100
|
+
|
101
|
+
# Already have the max number of devices
|
102
|
+
post :create, params: @user_session_params
|
103
|
+
|
104
|
+
# A session for a new device maintains the max number of concurrent devices
|
105
|
+
refute_equal initial_tokens, @existing_user.reload.tokens
|
106
|
+
end
|
107
|
+
end
|
108
|
+
|
109
|
+
test 'should drop old tokens when max number of devices is exceeded' do
|
110
|
+
1.upto(DeviseTokenAuth.max_number_of_devices).each do |n|
|
111
|
+
post :create, params: @user_session_params
|
112
|
+
end
|
113
|
+
|
114
|
+
oldest_token, _ = @existing_user.reload.tokens \
|
115
|
+
.min_by { |cid, v| v[:expiry] || v["expiry"] }
|
116
|
+
|
117
|
+
post :create, params: @user_session_params
|
118
|
+
|
119
|
+
assert_not_includes @existing_user.reload.tokens.keys, oldest_token
|
120
|
+
end
|
121
|
+
|
122
|
+
after do
|
123
|
+
DeviseTokenAuth.max_number_of_devices = 10
|
124
|
+
DeviseTokenAuth.change_headers_on_each_request = true
|
125
|
+
end
|
126
|
+
end
|
75
127
|
end
|
76
128
|
|
77
129
|
describe 'get sign_in is not supported' do
|