RubyGems - devise_token_auth - Versions diffs - 0.1.43 → 1.2.0 - Mend

devise_token_auth 0.1.43 → 1.2.0

Files changed (183) hide show

data/test/controllers/overrides/passwords_controller_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 #  was the web request successful?
@@ -7,41 +9,34 @@ require 'test_helper'
 #  was the appropriate message delivered in the json payload?
 class Overrides::PasswordsControllerTest < ActionDispatch::IntegrationTest
+  include OverridesControllersRoutes
   describe Overrides::PasswordsController do
     before do
-      @resource = evil_users(:confirmed_email_user)
-      @redirect_url = Faker::Internet.url
+      @resource = create(:user, :confirmed)
       post '/evil_user_auth/password',
            params: {
              email: @resource.email,
-             redirect_url: @redirect_url
+             redirect_url: Faker::Internet.url
            }
-      @mail = ActionMailer::Base.deliveries.last
+      mail = ActionMailer::Base.deliveries.last
       @resource.reload
-      @mail_config_name  = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
-      @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
-      @mail_reset_token  = @mail.body.match(/reset_password_token=(.*)\"/)[1]
+      mail_reset_token  = mail.body.match(/reset_password_token=(.*)\"/)[1]
+      mail_redirect_url = CGI.unescape(mail.body.match(/redirect_url=([^&]*)&/)[1])
       get '/evil_user_auth/password/edit',
-          params: { reset_password_token: @mail_reset_token,
-                    redirect_url: @mail_redirect_url }
+          params: {
+            reset_password_token: mail_reset_token,
+            redirect_url: mail_redirect_url
+          }
       @resource.reload
-      raw_qs = response.location.split('?')[1]
-      @qs = Rack::Utils.parse_nested_query(raw_qs)
-      @access_token   = @qs['access-token']
-      @client         = @qs['client']
-      @client_id      = @qs['client_id']
-      @expiry         = @qs['expiry']
-      @override_proof = @qs['override_proof']
-      @reset_password = @qs['reset_password']
-      @token          = @qs['token']
-      @uid            = @qs['uid']
+      _, raw_query_string = response.location.split('?')
+      @query_string = Rack::Utils.parse_nested_query(raw_query_string)
     end
     test 'response should have success redirect status' do
@@ -49,18 +44,21 @@ class Overrides::PasswordsControllerTest < ActionDispatch::IntegrationTest
     end
     test 'response should contain auth params + override proof' do
-      assert @access_token
-      assert @client
-      assert @client_id
-      assert @expiry
-      assert @override_proof
-      assert @reset_password
-      assert @token
-      assert @uid
+      assert @query_string['access-token']
+      assert @query_string['client']
+      assert @query_string['client_id']
+      assert @query_string['expiry']
+      assert @query_string['override_proof']
+      assert @query_string['reset_password']
+      assert @query_string['token']
+      assert @query_string['uid']
     end
     test 'override proof is correct' do
-      assert_equal @override_proof, Overrides::PasswordsController::OVERRIDE_PROOF
+      assert_equal(
+        @query_string['override_proof'],
+        Overrides::PasswordsController::OVERRIDE_PROOF
+      )
     end
   end
 end

data/test/controllers/overrides/registrations_controller_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 #  was the web request successful?
@@ -7,34 +9,38 @@ require 'test_helper'
 #  was the appropriate message delivered in the json payload?
 class Overrides::RegistrationsControllerTest < ActionDispatch::IntegrationTest
-  describe Overrides::RegistrationsController do
-    setup do
-      @existing_user  = evil_users(:confirmed_email_user)
-      @auth_headers   = @existing_user.create_new_auth_token
-      @client_id      = @auth_headers['client']
-      @favorite_color = 'pink'
-      # ensure request is not treated as batch request
-      age_token(@existing_user, @client_id)
-      # test valid update param
-      @new_operating_thetan = 1_000_000
-      put '/evil_user_auth',
-          params: { favorite_color: @favorite_color },
-          headers: @auth_headers
+  include OverridesControllersRoutes
-      @data = JSON.parse(response.body)
-      @existing_user.reload
-    end
-    test 'user was updated' do
-      assert_equal @favorite_color, @existing_user.favorite_color
-    end
-    test 'controller was overridden' do
-      assert_equal Overrides::RegistrationsController::OVERRIDE_PROOF,
-                   @data['override_proof']
+  describe Overrides::RegistrationsController do
+    describe 'Succesful Registration update' do
+      before do
+        @existing_user  = create(:user, :confirmed)
+        @auth_headers   = @existing_user.create_new_auth_token
+        @client_id      = @auth_headers['client']
+        @favorite_color = 'pink'
+        # ensure request is not treated as batch request
+        age_token(@existing_user, @client_id)
+        # test valid update param
+        @new_operating_thetan = 1_000_000
+        put '/evil_user_auth',
+            params: { favorite_color: @favorite_color },
+            headers: @auth_headers
+        @data = JSON.parse(response.body)
+        @existing_user.reload
+      end
+      test 'user was updated' do
+        assert_equal @favorite_color, @existing_user.favorite_color
+      end
+      test 'controller was overridden' do
+        assert_equal Overrides::RegistrationsController::OVERRIDE_PROOF,
+                     @data['override_proof']
+      end
     end
   end
 end

data/test/controllers/overrides/sessions_controller_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 #  was the web request successful?
@@ -7,15 +9,15 @@ require 'test_helper'
 #  was the appropriate message delivered in the json payload?
 class Overrides::RegistrationsControllerTest < ActionDispatch::IntegrationTest
+  include OverridesControllersRoutes
   describe Overrides::RegistrationsController do
     before do
-      @existing_user = evil_users(:confirmed_email_user)
-      @existing_user.skip_confirmation!
-      @existing_user.save!
+      @existing_user = create(:user, :confirmed)
       post '/evil_user_auth/sign_in',
            params: { email: @existing_user.email,
-                     password: 'secret123' }
+                     password: @existing_user.password }
       @resource = assigns(:resource)
       @data = JSON.parse(response.body)

data/test/controllers/overrides/token_validations_controller_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 #  was the web request successful?
@@ -7,11 +9,11 @@ require 'test_helper'
 #  was the appropriate message delivered in the json payload?
 class Overrides::TokenValidationsControllerTest < ActionDispatch::IntegrationTest
+  include OverridesControllersRoutes
   describe Overrides::TokenValidationsController do
     before do
-      @resource = evil_users(:confirmed_email_user)
-      @resource.skip_confirmation!
-      @resource.save!
+      @resource = create(:user, :confirmed)
       @auth_headers = @resource.create_new_auth_token

data/test/dummy/app/active_record/confirmable_user.rb ADDED Viewed

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+class ConfirmableUser < ActiveRecord::Base
+  # Include default devise modules.
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable,
+         :validatable, :confirmable
+  DeviseTokenAuth.send_confirmation_email = true
+  include DeviseTokenAuth::Concerns::User
+  DeviseTokenAuth.send_confirmation_email = false
+end

data/test/dummy/app/{models → active_record}/lockable_user.rb RENAMED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 class LockableUser < ActiveRecord::Base
   # Include default devise modules.
   devise :database_authenticatable, :registerable, :lockable

data/test/dummy/app/{models → active_record}/mang.rb RENAMED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 class Mang < ActiveRecord::Base
   include DeviseTokenAuth::Concerns::User
 end

data/test/dummy/app/{models → active_record}/only_email_user.rb RENAMED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 class OnlyEmailUser < ActiveRecord::Base
   # Include default devise modules.
   devise :database_authenticatable, :registerable

data/test/dummy/app/{models → active_record}/scoped_user.rb RENAMED Viewed

@@ -1,7 +1,9 @@
+# frozen_string_literal: true
 class ScopedUser < ActiveRecord::Base
   # Include default devise modules.
   devise :database_authenticatable, :registerable,
-          :recoverable, :rememberable, :trackable, :validatable,
-          :confirmable, :omniauthable
+         :recoverable, :rememberable,
+         :validatable, :confirmable, :omniauthable
   include DeviseTokenAuth::Concerns::User
 end

data/test/dummy/app/{models → active_record}/unconfirmable_user.rb RENAMED Viewed

@@ -1,8 +1,9 @@
+# frozen_string_literal: true
 class UnconfirmableUser < ActiveRecord::Base
   # Include default devise modules.
   devise :database_authenticatable, :registerable,
          :recoverable, :rememberable,
-         :trackable, :validatable,
-         :omniauthable
+         :validatable, :omniauthable
   include DeviseTokenAuth::Concerns::User
 end

data/test/dummy/app/active_record/unregisterable_user.rb ADDED Viewed

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+class UnregisterableUser < ActiveRecord::Base
+  # Include default devise modules.
+  devise :database_authenticatable, :recoverable,
+         :validatable, :confirmable,
+         :omniauthable
+  include DeviseTokenAuth::Concerns::User
+end

data/test/dummy/app/active_record/user.rb ADDED Viewed

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+class User < ActiveRecord::Base
+  include DeviseTokenAuth::Concerns::User
+  include FavoriteColor
+end

data/test/dummy/app/controllers/application_controller.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 class ApplicationController < ActionController::Base
   include DeviseTokenAuth::Concerns::SetUserByToken

data/test/dummy/app/controllers/auth_origin_controller.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 class AuthOriginController < ApplicationController
   def redirected
     head :ok

data/test/dummy/app/controllers/custom/confirmations_controller.rb CHANGED Viewed

@@ -1,5 +1,6 @@
-class Custom::ConfirmationsController < DeviseTokenAuth::ConfirmationsController
+# frozen_string_literal: true
+class Custom::ConfirmationsController < DeviseTokenAuth::ConfirmationsController
   def show
     super do |resource|
       @show_block_called = true unless resource.nil?
@@ -9,5 +10,4 @@ class Custom::ConfirmationsController < DeviseTokenAuth::ConfirmationsController
   def show_block_called?
     @show_block_called == true
   end
 end

data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 class Custom::OmniauthCallbacksController < DeviseTokenAuth::OmniauthCallbacksController
   def omniauth_success
     super do |resource|

data/test/dummy/app/controllers/custom/passwords_controller.rb CHANGED Viewed

@@ -1,5 +1,6 @@
-class Custom::PasswordsController < DeviseTokenAuth::PasswordsController
+# frozen_string_literal: true
+class Custom::PasswordsController < DeviseTokenAuth::PasswordsController
   def create
     super do |resource|
       @create_block_called = true unless resource.nil?
@@ -33,8 +34,6 @@ class Custom::PasswordsController < DeviseTokenAuth::PasswordsController
   protected
   def render_update_success
-    render json: {custom: "foo"}
+    render json: { custom: 'foo' }
   end
 end

data/test/dummy/app/controllers/custom/registrations_controller.rb CHANGED Viewed

@@ -1,5 +1,6 @@
-class Custom::RegistrationsController < DeviseTokenAuth::RegistrationsController
+# frozen_string_literal: true
+class Custom::RegistrationsController < DeviseTokenAuth::RegistrationsController
   def create
     super do |resource|
       @create_block_called = true
@@ -33,7 +34,6 @@ class Custom::RegistrationsController < DeviseTokenAuth::RegistrationsController
   protected
   def render_create_success
-    render json: {custom: "foo"}
+    render json: { custom: 'foo' }
   end
 end

data/test/dummy/app/controllers/custom/sessions_controller.rb CHANGED Viewed

@@ -1,5 +1,6 @@
-class Custom::SessionsController < DeviseTokenAuth::SessionsController
+# frozen_string_literal: true
+class Custom::SessionsController < DeviseTokenAuth::SessionsController
   def create
     super do |resource|
       @create_block_called = true unless resource.nil?
@@ -23,7 +24,6 @@ class Custom::SessionsController < DeviseTokenAuth::SessionsController
   protected
   def render_create_success
-    render json: {custom: "foo"}
+    render json: { custom: 'foo' }
   end
 end

data/test/dummy/app/controllers/custom/token_validations_controller.rb CHANGED Viewed

@@ -1,5 +1,6 @@
-class Custom::TokenValidationsController < DeviseTokenAuth::TokenValidationsController
+# frozen_string_literal: true
+class Custom::TokenValidationsController < DeviseTokenAuth::TokenValidationsController
   def validate_token
     super do |resource|
       @validate_token_block_called = true unless resource.nil?
@@ -13,7 +14,6 @@ class Custom::TokenValidationsController < DeviseTokenAuth::TokenValidationsCont
   protected
   def render_validate_token_success
-    render json: {custom: "foo"}
+    render json: { custom: 'foo' }
   end
 end

data/test/dummy/app/controllers/demo_group_controller.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 class DemoGroupController < ApplicationController
   devise_token_auth_group :member, contains: [:user, :mang]
   before_action :authenticate_member!

data/test/dummy/app/controllers/demo_mang_controller.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 class DemoMangController < ApplicationController
   before_action :authenticate_mang!

data/test/dummy/app/controllers/demo_user_controller.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 class DemoUserController < ApplicationController
   before_action :authenticate_user!

data/test/dummy/app/controllers/overrides/confirmations_controller.rb CHANGED Viewed

@@ -1,25 +1,27 @@
+# frozen_string_literal: true
 module Overrides
   class ConfirmationsController < DeviseTokenAuth::ConfirmationsController
     def show
       @resource = resource_class.confirm_by_token(params[:confirmation_token])
-      if @resource and @resource.id
-        client_id, token = @resource.create_token
+      if @resource && @resource.id
+        token = @resource.create_token
         @resource.save!
         redirect_header_options = {
           account_confirmation_success: true,
           config: params[:config],
-          override_proof: "(^^,)"
+          override_proof: '(^^,)'
         }
-        redirect_headers = build_redirect_headers(token,
-                                                  client_id,
+        redirect_headers = build_redirect_headers(token.token,
+                                                  token.client,
                                                   redirect_header_options)
         redirect_to(@resource.build_auth_url(params[:redirect_url],
                                              redirect_headers))
       else
-        raise ActionController::RoutingError.new('Not Found')
+        raise ActionController::RoutingError, 'Not Found'
       end
     end
   end

data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb CHANGED Viewed

@@ -1,14 +1,16 @@
+# frozen_string_literal: true
 module Overrides
   class OmniauthCallbacksController < DeviseTokenAuth::OmniauthCallbacksController
-    DEFAULT_NICKNAME = "stimpy"
+    DEFAULT_NICKNAME = 'stimpy'.freeze
     def assign_provider_attrs(user, auth_hash)
-      user.assign_attributes({
+      user.assign_attributes(
         nickname: DEFAULT_NICKNAME,
         name:     auth_hash['info']['name'],
         image:    auth_hash['info']['image'],
         email:    auth_hash['info']['email']
-      })
+      )
     end
   end
 end

data/test/dummy/app/controllers/overrides/passwords_controller.rb CHANGED Viewed

@@ -1,15 +1,17 @@
+# frozen_string_literal: true
 module Overrides
   class PasswordsController < DeviseTokenAuth::PasswordsController
-    OVERRIDE_PROOF = "(^^,)"
+    OVERRIDE_PROOF = '(^^,)'.freeze
     # this is where users arrive after visiting the email confirmation link
     def edit
-      @resource = resource_class.reset_password_by_token({
+      @resource = resource_class.reset_password_by_token(
         reset_password_token: resource_params[:reset_password_token]
-      })
+      )
-      if @resource and @resource.id
-        client_id, token = @resource.create_token
+      if @resource && @resource.id
+        token = @resource.create_token
         # ensure that user is confirmed
         @resource.skip_confirmation! unless @resource.confirmed_at
@@ -20,13 +22,13 @@ module Overrides
           override_proof: OVERRIDE_PROOF,
           reset_password: true
         }
-        redirect_headers = build_redirect_headers(token,
-                                                  client_id,
+        redirect_headers = build_redirect_headers(token.token,
+                                                  token.client,
                                                   redirect_header_options)
         redirect_to(@resource.build_auth_url(params[:redirect_url],
                                              redirect_headers))
       else
-        raise ActionController::RoutingError.new('Not Found')
+        raise ActionController::RoutingError, 'Not Found'
       end
     end
   end

data/test/dummy/app/controllers/overrides/registrations_controller.rb CHANGED Viewed

@@ -1,10 +1,12 @@
+# frozen_string_literal: true
 module Overrides
   class RegistrationsController < DeviseTokenAuth::RegistrationsController
-    OVERRIDE_PROOF = "(^^,)"
+    OVERRIDE_PROOF = '(^^,)'.freeze
     def update
       if @resource
-        if @resource.update_attributes(account_update_params)
+        if @resource.update(account_update_params)
           render json: {
             status: 'success',
             data:   @resource.as_json,
@@ -19,7 +21,7 @@ module Overrides
       else
         render json: {
           status: 'error',
-          errors: ["User not found."]
+          errors: ['User not found.']
         }, status: 404
       end
     end

data/test/dummy/app/controllers/overrides/sessions_controller.rb CHANGED Viewed

@@ -1,34 +1,34 @@
+# frozen_string_literal: true
 module Overrides
   class SessionsController < DeviseTokenAuth::SessionsController
-    OVERRIDE_PROOF = "(^^,)"
+    OVERRIDE_PROOF = '(^^,)'.freeze
     def create
-      @resource = resource_class.find_by(email: resource_params[:email])
+      @resource = resource_class.dta_find_by(email: resource_params[:email])
-      if @resource and valid_params?(:email, resource_params[:email]) and @resource.valid_password?(resource_params[:password]) and @resource.confirmed?
-        @client_id, @token = @resource.create_token
+      if @resource && valid_params?(:email, resource_params[:email]) && @resource.valid_password?(resource_params[:password]) && @resource.confirmed?
+        @token = @resource.create_token
         @resource.save
         render json: {
-          data: @resource.as_json(except: [
-            :tokens, :created_at, :updated_at
-          ]),
+          data: @resource.as_json(except: %i[tokens created_at updated_at]),
           override_proof: OVERRIDE_PROOF
         }
-      elsif @resource and not @resource.confirmed?
+      elsif @resource && (not @resource.confirmed?)
         render json: {
           success: false,
           errors: [
-            "A confirmation email was sent to your account at #{@resource.email}. "+
-            "You must follow the instructions in the email before your account "+
-            "can be activated"
+            "A confirmation email was sent to your account at #{@resource.email}. "\
+            'You must follow the instructions in the email before your account '\
+            'can be activated'
           ]
         }, status: 401
       else
         render json: {
-          errors: ["Invalid login credentials. Please try again."]
+          errors: ['Invalid login credentials. Please try again.']
         }, status: 401
       end
     end

data/test/dummy/app/controllers/overrides/token_validations_controller.rb CHANGED Viewed

@@ -1,21 +1,21 @@
+# frozen_string_literal: true
 module Overrides
   class TokenValidationsController < DeviseTokenAuth::TokenValidationsController
-    OVERRIDE_PROOF = '(^^,)'
+    OVERRIDE_PROOF = '(^^,)'.freeze
     def validate_token
       # @resource will have been set by set_user_by_token concern
       if @resource
         render json: {
           success: true,
-          data: @resource.as_json(except: [
-            :tokens, :created_at, :updated_at
-          ]),
+          data: @resource.as_json(except: %i[tokens created_at updated_at]),
           override_proof: OVERRIDE_PROOF
         }
       else
         render json: {
           success: false,
-          errors: ["Invalid login credentials"]
+          errors: ['Invalid login credentials']
         }, status: 401
       end
     end