RubyGems - devise_token_auth - Versions diffs - 0.1.43 → 1.2.0 - Mend

devise_token_auth 0.1.43 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (183) hide show

data/test/controllers/overrides/passwords_controller_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 #  was the web request successful?
@@ -7,41 +9,34 @@ require 'test_helper'
 #  was the appropriate message delivered in the json payload?
 class Overrides::PasswordsControllerTest < ActionDispatch::IntegrationTest
+  include OverridesControllersRoutes
   describe Overrides::PasswordsController do
     before do
-      @resource = evil_users(:confirmed_email_user)
-      @redirect_url = Faker::Internet.url
+      @resource = create(:user, :confirmed)
       post '/evil_user_auth/password',
            params: {
              email: @resource.email,
-             redirect_url: @redirect_url
+             redirect_url: Faker::Internet.url
            }
-      @mail = ActionMailer::Base.deliveries.last
+      mail = ActionMailer::Base.deliveries.last
       @resource.reload
-      @mail_config_name  = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
-      @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
-      @mail_reset_token  = @mail.body.match(/reset_password_token=(.*)\"/)[1]
+      mail_reset_token  = mail.body.match(/reset_password_token=(.*)\"/)[1]
+      mail_redirect_url = CGI.unescape(mail.body.match(/redirect_url=([^&]*)&/)[1])
       get '/evil_user_auth/password/edit',
-          params: { reset_password_token: @mail_reset_token,
-                    redirect_url: @mail_redirect_url }
+          params: {
+            reset_password_token: mail_reset_token,
+            redirect_url: mail_redirect_url
+          }
       @resource.reload
-      raw_qs = response.location.split('?')[1]
-      @qs = Rack::Utils.parse_nested_query(raw_qs)
-      @access_token   = @qs['access-token']
-      @client         = @qs['client']
-      @client_id      = @qs['client_id']
-      @expiry         = @qs['expiry']
-      @override_proof = @qs['override_proof']
-      @reset_password = @qs['reset_password']
-      @token          = @qs['token']
-      @uid            = @qs['uid']
+      _, raw_query_string = response.location.split('?')
+      @query_string = Rack::Utils.parse_nested_query(raw_query_string)
     end
     test 'response should have success redirect status' do
@@ -49,18 +44,21 @@ class Overrides::PasswordsControllerTest < ActionDispatch::IntegrationTest
     end
     test 'response should contain auth params + override proof' do
-      assert @access_token
-      assert @client
-      assert @client_id
-      assert @expiry
-      assert @override_proof
-      assert @reset_password
-      assert @token
-      assert @uid
+      assert @query_string['access-token']
+      assert @query_string['client']
+      assert @query_string['client_id']
+      assert @query_string['expiry']
+      assert @query_string['override_proof']
+      assert @query_string['reset_password']
+      assert @query_string['token']
+      assert @query_string['uid']
     end
     test 'override proof is correct' do
-      assert_equal @override_proof, Overrides::PasswordsController::OVERRIDE_PROOF
+      assert_equal(
+        @query_string['override_proof'],
+        Overrides::PasswordsController::OVERRIDE_PROOF
+      )
     end
   end
 end

data/test/controllers/overrides/registrations_controller_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 #  was the web request successful?
@@ -7,34 +9,38 @@ require 'test_helper'
 #  was the appropriate message delivered in the json payload?
 class Overrides::RegistrationsControllerTest < ActionDispatch::IntegrationTest
-  describe Overrides::RegistrationsController do
-    setup do
-      @existing_user  = evil_users(:confirmed_email_user)
-      @auth_headers   = @existing_user.create_new_auth_token
-      @client_id      = @auth_headers['client']
-      @favorite_color = 'pink'
-      # ensure request is not treated as batch request
-      age_token(@existing_user, @client_id)
-      # test valid update param
-      @new_operating_thetan = 1_000_000
-      put '/evil_user_auth',
-          params: { favorite_color: @favorite_color },
-          headers: @auth_headers
+  include OverridesControllersRoutes
-      @data = JSON.parse(response.body)
-      @existing_user.reload
-    end
-    test 'user was updated' do
-      assert_equal @favorite_color, @existing_user.favorite_color
-    end
-    test 'controller was overridden' do
-      assert_equal Overrides::RegistrationsController::OVERRIDE_PROOF,
-                   @data['override_proof']
+  describe Overrides::RegistrationsController do
+    describe 'Succesful Registration update' do
+      before do
+        @existing_user  = create(:user, :confirmed)
+        @auth_headers   = @existing_user.create_new_auth_token
+        @client_id      = @auth_headers['client']
+        @favorite_color = 'pink'
+        # ensure request is not treated as batch request
+        age_token(@existing_user, @client_id)
+        # test valid update param
+        @new_operating_thetan = 1_000_000
+        put '/evil_user_auth',
+            params: { favorite_color: @favorite_color },
+            headers: @auth_headers
+        @data = JSON.parse(response.body)
+        @existing_user.reload
+      end
+      test 'user was updated' do
+        assert_equal @favorite_color, @existing_user.favorite_color
+      end
+      test 'controller was overridden' do
+        assert_equal Overrides::RegistrationsController::OVERRIDE_PROOF,
+                     @data['override_proof']
+      end
     end
   end
 end

data/test/controllers/overrides/sessions_controller_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 #  was the web request successful?
@@ -7,15 +9,15 @@ require 'test_helper'
 #  was the appropriate message delivered in the json payload?
 class Overrides::RegistrationsControllerTest < ActionDispatch::IntegrationTest
+  include OverridesControllersRoutes
   describe Overrides::RegistrationsController do
     before do
-      @existing_user = evil_users(:confirmed_email_user)
-      @existing_user.skip_confirmation!
-      @existing_user.save!
+      @existing_user = create(:user, :confirmed)
       post '/evil_user_auth/sign_in',
            params: { email: @existing_user.email,
-                     password: 'secret123' }
+                     password: @existing_user.password }
       @resource = assigns(:resource)
       @data = JSON.parse(response.body)

data/test/controllers/overrides/token_validations_controller_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 #  was the web request successful?
@@ -7,11 +9,11 @@ require 'test_helper'
 #  was the appropriate message delivered in the json payload?
 class Overrides::TokenValidationsControllerTest < ActionDispatch::IntegrationTest
+  include OverridesControllersRoutes
   describe Overrides::TokenValidationsController do
     before do
-      @resource = evil_users(:confirmed_email_user)
-      @resource.skip_confirmation!
-      @resource.save!
+      @resource = create(:user, :confirmed)
       @auth_headers = @resource.create_new_auth_token

data/test/dummy/app/active_record/confirmable_user.rb ADDED Viewed

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+class ConfirmableUser < ActiveRecord::Base
+  # Include default devise modules.
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable,
+         :validatable, :confirmable
+  DeviseTokenAuth.send_confirmation_email = true
+  include DeviseTokenAuth::Concerns::User
+  DeviseTokenAuth.send_confirmation_email = false
+end

data/test/dummy/app/{models → active_record}/lockable_user.rb RENAMED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 class LockableUser < ActiveRecord::Base
   # Include default devise modules.
   devise :database_authenticatable, :registerable, :lockable

data/test/dummy/app/{models → active_record}/mang.rb RENAMED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 class Mang < ActiveRecord::Base
   include DeviseTokenAuth::Concerns::User
 end

data/test/dummy/app/{models → active_record}/only_email_user.rb RENAMED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 class OnlyEmailUser < ActiveRecord::Base
   # Include default devise modules.
   devise :database_authenticatable, :registerable

data/test/dummy/app/{models → active_record}/scoped_user.rb RENAMED Viewed

@@ -1,7 +1,9 @@
+# frozen_string_literal: true
 class ScopedUser < ActiveRecord::Base
   # Include default devise modules.
   devise :database_authenticatable, :registerable,
-          :recoverable, :rememberable, :trackable, :validatable,
-          :confirmable, :omniauthable
+         :recoverable, :rememberable,
+         :validatable, :confirmable, :omniauthable
   include DeviseTokenAuth::Concerns::User
 end

data/test/dummy/app/{models → active_record}/unconfirmable_user.rb RENAMED Viewed

@@ -1,8 +1,9 @@
+# frozen_string_literal: true
 class UnconfirmableUser < ActiveRecord::Base
   # Include default devise modules.
   devise :database_authenticatable, :registerable,
          :recoverable, :rememberable,
-         :trackable, :validatable,
-         :omniauthable
+         :validatable, :omniauthable
   include DeviseTokenAuth::Concerns::User
 end

data/test/dummy/app/active_record/unregisterable_user.rb ADDED Viewed

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+class UnregisterableUser < ActiveRecord::Base
+  # Include default devise modules.
+  devise :database_authenticatable, :recoverable,
+         :validatable, :confirmable,
+         :omniauthable
+  include DeviseTokenAuth::Concerns::User
+end

data/test/dummy/app/active_record/user.rb ADDED Viewed

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+class User < ActiveRecord::Base
+  include DeviseTokenAuth::Concerns::User
+  include FavoriteColor
+end

data/test/dummy/app/controllers/application_controller.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 class ApplicationController < ActionController::Base
   include DeviseTokenAuth::Concerns::SetUserByToken

data/test/dummy/app/controllers/auth_origin_controller.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 class AuthOriginController < ApplicationController
   def redirected
     head :ok

data/test/dummy/app/controllers/custom/confirmations_controller.rb CHANGED Viewed

@@ -1,5 +1,6 @@
-class Custom::ConfirmationsController < DeviseTokenAuth::ConfirmationsController
+# frozen_string_literal: true
+class Custom::ConfirmationsController < DeviseTokenAuth::ConfirmationsController
   def show
     super do |resource|
       @show_block_called = true unless resource.nil?
@@ -9,5 +10,4 @@ class Custom::ConfirmationsController < DeviseTokenAuth::ConfirmationsController
   def show_block_called?
     @show_block_called == true
   end
 end

data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 class Custom::OmniauthCallbacksController < DeviseTokenAuth::OmniauthCallbacksController
   def omniauth_success
     super do |resource|

data/test/dummy/app/controllers/custom/passwords_controller.rb CHANGED Viewed

@@ -1,5 +1,6 @@
-class Custom::PasswordsController < DeviseTokenAuth::PasswordsController
+# frozen_string_literal: true
+class Custom::PasswordsController < DeviseTokenAuth::PasswordsController
   def create
     super do |resource|
       @create_block_called = true unless resource.nil?
@@ -33,8 +34,6 @@ class Custom::PasswordsController < DeviseTokenAuth::PasswordsController
   protected
   def render_update_success
-    render json: {custom: "foo"}
+    render json: { custom: 'foo' }
   end
 end

data/test/dummy/app/controllers/custom/registrations_controller.rb CHANGED Viewed

@@ -1,5 +1,6 @@
-class Custom::RegistrationsController < DeviseTokenAuth::RegistrationsController
+# frozen_string_literal: true
+class Custom::RegistrationsController < DeviseTokenAuth::RegistrationsController
   def create
     super do |resource|
       @create_block_called = true
@@ -33,7 +34,6 @@ class Custom::RegistrationsController < DeviseTokenAuth::RegistrationsController
   protected
   def render_create_success
-    render json: {custom: "foo"}
+    render json: { custom: 'foo' }
   end
 end

data/test/dummy/app/controllers/custom/sessions_controller.rb CHANGED Viewed

@@ -1,5 +1,6 @@
-class Custom::SessionsController < DeviseTokenAuth::SessionsController
+# frozen_string_literal: true
+class Custom::SessionsController < DeviseTokenAuth::SessionsController
   def create
     super do |resource|
       @create_block_called = true unless resource.nil?
@@ -23,7 +24,6 @@ class Custom::SessionsController < DeviseTokenAuth::SessionsController
   protected
   def render_create_success
-    render json: {custom: "foo"}
+    render json: { custom: 'foo' }
   end
 end

data/test/dummy/app/controllers/custom/token_validations_controller.rb CHANGED Viewed

@@ -1,5 +1,6 @@
-class Custom::TokenValidationsController < DeviseTokenAuth::TokenValidationsController
+# frozen_string_literal: true
+class Custom::TokenValidationsController < DeviseTokenAuth::TokenValidationsController
   def validate_token
     super do |resource|
       @validate_token_block_called = true unless resource.nil?
@@ -13,7 +14,6 @@ class Custom::TokenValidationsController < DeviseTokenAuth::TokenValidationsCont
   protected
   def render_validate_token_success
-    render json: {custom: "foo"}
+    render json: { custom: 'foo' }
   end
 end

data/test/dummy/app/controllers/demo_group_controller.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 class DemoGroupController < ApplicationController
   devise_token_auth_group :member, contains: [:user, :mang]
   before_action :authenticate_member!

data/test/dummy/app/controllers/demo_mang_controller.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 class DemoMangController < ApplicationController
   before_action :authenticate_mang!

data/test/dummy/app/controllers/demo_user_controller.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 class DemoUserController < ApplicationController
   before_action :authenticate_user!

data/test/dummy/app/controllers/overrides/confirmations_controller.rb CHANGED Viewed

@@ -1,25 +1,27 @@
+# frozen_string_literal: true
 module Overrides
   class ConfirmationsController < DeviseTokenAuth::ConfirmationsController
     def show
       @resource = resource_class.confirm_by_token(params[:confirmation_token])
-      if @resource and @resource.id
-        client_id, token = @resource.create_token
+      if @resource && @resource.id
+        token = @resource.create_token
         @resource.save!
         redirect_header_options = {
           account_confirmation_success: true,
           config: params[:config],
-          override_proof: "(^^,)"
+          override_proof: '(^^,)'
         }
-        redirect_headers = build_redirect_headers(token,
-                                                  client_id,
+        redirect_headers = build_redirect_headers(token.token,
+                                                  token.client,
                                                   redirect_header_options)
         redirect_to(@resource.build_auth_url(params[:redirect_url],
                                              redirect_headers))
       else
-        raise ActionController::RoutingError.new('Not Found')
+        raise ActionController::RoutingError, 'Not Found'
       end
     end
   end

data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb CHANGED Viewed

@@ -1,14 +1,16 @@
+# frozen_string_literal: true
 module Overrides
   class OmniauthCallbacksController < DeviseTokenAuth::OmniauthCallbacksController
-    DEFAULT_NICKNAME = "stimpy"
+    DEFAULT_NICKNAME = 'stimpy'.freeze
     def assign_provider_attrs(user, auth_hash)
-      user.assign_attributes({
+      user.assign_attributes(
         nickname: DEFAULT_NICKNAME,
         name:     auth_hash['info']['name'],
         image:    auth_hash['info']['image'],
         email:    auth_hash['info']['email']
-      })
+      )
     end
   end
 end

data/test/dummy/app/controllers/overrides/passwords_controller.rb CHANGED Viewed

@@ -1,15 +1,17 @@
+# frozen_string_literal: true
 module Overrides
   class PasswordsController < DeviseTokenAuth::PasswordsController
-    OVERRIDE_PROOF = "(^^,)"
+    OVERRIDE_PROOF = '(^^,)'.freeze
     # this is where users arrive after visiting the email confirmation link
     def edit
-      @resource = resource_class.reset_password_by_token({
+      @resource = resource_class.reset_password_by_token(
         reset_password_token: resource_params[:reset_password_token]
-      })
+      )
-      if @resource and @resource.id
-        client_id, token = @resource.create_token
+      if @resource && @resource.id
+        token = @resource.create_token
         # ensure that user is confirmed
         @resource.skip_confirmation! unless @resource.confirmed_at
@@ -20,13 +22,13 @@ module Overrides
           override_proof: OVERRIDE_PROOF,
           reset_password: true
         }
-        redirect_headers = build_redirect_headers(token,
-                                                  client_id,
+        redirect_headers = build_redirect_headers(token.token,
+                                                  token.client,
                                                   redirect_header_options)
         redirect_to(@resource.build_auth_url(params[:redirect_url],
                                              redirect_headers))
       else
-        raise ActionController::RoutingError.new('Not Found')
+        raise ActionController::RoutingError, 'Not Found'
       end
     end
   end

data/test/dummy/app/controllers/overrides/registrations_controller.rb CHANGED Viewed

@@ -1,10 +1,12 @@
+# frozen_string_literal: true
 module Overrides
   class RegistrationsController < DeviseTokenAuth::RegistrationsController
-    OVERRIDE_PROOF = "(^^,)"
+    OVERRIDE_PROOF = '(^^,)'.freeze
     def update
       if @resource
-        if @resource.update_attributes(account_update_params)
+        if @resource.update(account_update_params)
           render json: {
             status: 'success',
             data:   @resource.as_json,
@@ -19,7 +21,7 @@ module Overrides
       else
         render json: {
           status: 'error',
-          errors: ["User not found."]
+          errors: ['User not found.']
         }, status: 404
       end
     end

data/test/dummy/app/controllers/overrides/sessions_controller.rb CHANGED Viewed

@@ -1,34 +1,34 @@
+# frozen_string_literal: true
 module Overrides
   class SessionsController < DeviseTokenAuth::SessionsController
-    OVERRIDE_PROOF = "(^^,)"
+    OVERRIDE_PROOF = '(^^,)'.freeze
     def create
-      @resource = resource_class.find_by(email: resource_params[:email])
+      @resource = resource_class.dta_find_by(email: resource_params[:email])
-      if @resource and valid_params?(:email, resource_params[:email]) and @resource.valid_password?(resource_params[:password]) and @resource.confirmed?
-        @client_id, @token = @resource.create_token
+      if @resource && valid_params?(:email, resource_params[:email]) && @resource.valid_password?(resource_params[:password]) && @resource.confirmed?
+        @token = @resource.create_token
         @resource.save
         render json: {
-          data: @resource.as_json(except: [
-            :tokens, :created_at, :updated_at
-          ]),
+          data: @resource.as_json(except: %i[tokens created_at updated_at]),
           override_proof: OVERRIDE_PROOF
         }
-      elsif @resource and not @resource.confirmed?
+      elsif @resource && (not @resource.confirmed?)
         render json: {
           success: false,
           errors: [
-            "A confirmation email was sent to your account at #{@resource.email}. "+
-            "You must follow the instructions in the email before your account "+
-            "can be activated"
+            "A confirmation email was sent to your account at #{@resource.email}. "\
+            'You must follow the instructions in the email before your account '\
+            'can be activated'
           ]
         }, status: 401
       else
         render json: {
-          errors: ["Invalid login credentials. Please try again."]
+          errors: ['Invalid login credentials. Please try again.']
         }, status: 401
       end
     end

data/test/dummy/app/controllers/overrides/token_validations_controller.rb CHANGED Viewed

@@ -1,21 +1,21 @@
+# frozen_string_literal: true
 module Overrides
   class TokenValidationsController < DeviseTokenAuth::TokenValidationsController
-    OVERRIDE_PROOF = '(^^,)'
+    OVERRIDE_PROOF = '(^^,)'.freeze
     def validate_token
       # @resource will have been set by set_user_by_token concern
       if @resource
         render json: {
           success: true,
-          data: @resource.as_json(except: [
-            :tokens, :created_at, :updated_at
-          ]),
+          data: @resource.as_json(except: %i[tokens created_at updated_at]),
           override_proof: OVERRIDE_PROOF
         }
       else
         render json: {
           success: false,
-          errors: ["Invalid login credentials"]
+          errors: ['Invalid login credentials']
         }, status: 401
       end
     end