devise_token_auth 0.1.43 → 1.2.0

data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb

@@ -0,0 +1,222 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+require 'fileutils'
+require 'generators/devise_token_auth/install_generator' if DEVISE_TOKEN_AUTH_ORM == :active_record
+require 'generators/devise_token_auth/install_mongoid_generator' if DEVISE_TOKEN_AUTH_ORM == :mongoid
+
+module DeviseTokenAuth
+  class InstallGeneratorTest < Rails::Generators::TestCase
+    tests InstallGenerator        if DEVISE_TOKEN_AUTH_ORM == :active_record
+    tests InstallMongoidGenerator if DEVISE_TOKEN_AUTH_ORM == :mongoid
+    destination Rails.root.join('tmp/generators')
+
+    # The namespaced user model for testing
+    let(:user_class) { 'Azpire::V1::HumanResource::User' }
+    let(:namespace_path) { user_class.underscore }
+    let(:table_name) { user_class.pluralize.underscore.gsub('/','_') }
+
+    describe 'user model with namespace, clean install' do
+      setup :prepare_destination
+
+      before do
+        run_generator %W[#{user_class} auth]
+      end
+
+      test 'user model (with namespace) is created, concern is included' do
+        assert_file "app/models/#{namespace_path}.rb" do |model|
+          assert_match(/include DeviseTokenAuth::Concerns::User/, model)
+        end
+      end
+
+      test 'initializer is created' do
+        assert_file 'config/initializers/devise_token_auth.rb'
+      end
+
+      test 'subsequent runs raise no errors' do
+        run_generator %W[#{user_class} auth]
+      end
+
+      if DEVISE_TOKEN_AUTH_ORM == :active_record
+        test 'migration is created for user model with namespace' do
+          assert_migration "db/migrate/devise_token_auth_create_#{table_name}.rb"
+        end
+
+        test 'migration file for user model with namespace contains rails version' do
+          if Rails::VERSION::MAJOR >= 5
+            assert_migration "db/migrate/devise_token_auth_create_#{table_name}.rb", /#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}/
+          else
+            assert_migration "db/migrate/devise_token_auth_create_#{table_name}.rb"
+          end
+        end
+
+        test 'add primary key type with rails 5 when specified in rails generator' do
+          run_generator %W[#{user_class} auth --primary_key_type=uuid --force]
+          if Rails::VERSION::MAJOR >= 5
+            assert_migration "db/migrate/devise_token_auth_create_#{table_name}.rb", /create_table\(:#{table_name}, id: :uuid\) do/
+          else
+            assert_migration "db/migrate/devise_token_auth_create_#{table_name}.rb", /create_table\(:#{table_name}\) do/
+          end
+        end
+      end
+    end
+
+    describe 'existing user model' do
+      setup :prepare_destination
+
+      before do
+        @dir = File.join(destination_root, 'app', 'models')
+
+        @fname = File.join(@dir, 'user.rb')
+
+        # make dir if not exists
+        FileUtils.mkdir_p(@dir)
+
+        case DEVISE_TOKEN_AUTH_ORM
+        when :active_record
+          # account for rails version 5
+          active_record_needle = (Rails::VERSION::MAJOR >= 5) ? 'ApplicationRecord' : 'ActiveRecord::Base'
+
+          @f = File.open(@fname, 'w') do |f|
+            f.write <<-RUBY
+              class User < #{active_record_needle}
+
+                def whatever
+                  puts 'whatever'
+                end
+              end
+            RUBY
+          end
+        when :mongoid
+          @f = File.open(@fname, 'w') do |f|
+            f.write <<-'RUBY'
+              class User
+
+                def whatever
+                  puts 'whatever'
+                end
+              end
+            RUBY
+          end
+        end
+
+        run_generator
+      end
+
+      test 'user concern is injected into existing model' do
+        assert_file 'app/models/user.rb' do |model|
+          assert_match(/include DeviseTokenAuth::Concerns::User/, model)
+        end
+      end
+
+      test 'subsequent runs do not modify file' do
+        run_generator
+        assert_file 'app/models/user.rb' do |model|
+          matches = model.scan(/include DeviseTokenAuth::Concerns::User/m).size
+          assert_equal 1, matches
+        end
+      end
+    end
+
+    describe 'routes' do
+      setup :prepare_destination
+
+      before do
+        @dir = File.join(destination_root, 'config')
+
+        @fname = File.join(@dir, 'routes.rb')
+
+        # make dir if not exists
+        FileUtils.mkdir_p(@dir)
+
+        @f = File.open(@fname, 'w') do |f|
+          f.write <<-RUBY
+            Rails.application.routes.draw do
+              patch '/chong', to: 'bong#index'
+            end
+          RUBY
+        end
+
+        run_generator %W[#{user_class} auth]
+      end
+
+      test 'route method for user model with namespace is appended to routes file' do
+        assert_file 'config/routes.rb' do |routes|
+          assert_match(/mount_devise_token_auth_for '#{user_class}', at: 'auth'/, routes)
+        end
+      end
+
+      test 'subsequent runs do not modify file' do
+        run_generator %W[#{user_class} auth]
+        assert_file 'config/routes.rb' do |routes|
+          matches = routes.scan(/mount_devise_token_auth_for '#{user_class}', at: 'auth'/m).size
+          assert_equal 1, matches
+        end
+      end
+
+      describe 'subsequent models' do
+        before do
+          run_generator %w[Mang mangs]
+        end
+
+        test 'route method is appended to routes file' do
+          assert_file 'config/routes.rb' do |routes|
+            assert_match(/mount_devise_token_auth_for 'Mang', at: 'mangs'/, routes)
+          end
+        end
+
+        test 'devise_for block is appended to routes file' do
+          assert_file 'config/routes.rb' do |routes|
+            assert_match(/as :mang do/, routes)
+            assert_match(/# Define routes for Mang within this block./, routes)
+          end
+        end
+
+        if DEVISE_TOKEN_AUTH_ORM == :active_record
+          test 'migration is created' do
+            assert_migration 'db/migrate/devise_token_auth_create_mangs.rb'
+          end
+        end
+      end
+    end
+
+    describe 'application controller' do
+      setup :prepare_destination
+
+      before do
+        @dir = File.join(destination_root, 'app', 'controllers')
+
+        @fname = File.join(@dir, 'application_controller.rb')
+
+        # make dir if not exists
+        FileUtils.mkdir_p(@dir)
+
+        @f = File.open(@fname, 'w') do |f|
+          f.write <<-RUBY
+            class ApplicationController < ActionController::Base
+              def whatever
+                'whatever'
+              end
+            end
+          RUBY
+        end
+
+        run_generator %W[#{user_class} auth]
+      end
+
+      test 'controller concern is appended to application controller' do
+        assert_file 'app/controllers/application_controller.rb' do |controller|
+          assert_match(/include DeviseTokenAuth::Concerns::SetUserByToken/, controller)
+        end
+      end
+
+      test 'subsequent runs do not modify file' do
+        run_generator %W[#{user_class} auth]
+        assert_file 'app/controllers/application_controller.rb' do |controller|
+          matches = controller.scan(/include DeviseTokenAuth::Concerns::SetUserByToken/m).size
+          assert_equal 1, matches
+        end
+      end
+    end
+  end
+end

data/test/lib/generators/devise_token_auth/install_views_generator_test.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'test_helper'
 require 'fileutils'
 require 'generators/devise_token_auth/install_views_generator'
@@ -14,7 +16,7 @@ module DeviseTokenAuth
         run_generator
       end
 
-      test "files are copied" do
+      test 'files are copied' do
         assert_file 'app/views/devise/mailer/reset_password_instructions.html.erb'
         assert_file 'app/views/devise/mailer/confirmation_instructions.html.erb'
       end

data/test/models/concerns/mongoid_support_test.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+if DEVISE_TOKEN_AUTH_ORM == :mongoid
+  class DeviseTokenAuth::Concerns::MongoidSupportTest < ActiveSupport::TestCase
+    describe DeviseTokenAuth::Concerns::MongoidSupport do
+      before do
+        @user = create(:user)
+      end
+
+      describe '#as_json' do
+        test 'should be defined' do
+          assert @user.methods.include?(:as_json)
+        end
+
+        test 'should except _id attribute' do
+          refute @user.as_json.key?('_id')
+        end
+
+        test 'should return with id attribute' do
+          assert_equal @user._id.to_s, @user.as_json['id']
+        end
+
+        test 'should accept options' do
+          refute @user.as_json(except: [:created_at]).key?('created_at')
+        end
+      end
+    end
+  end
+end

data/test/models/concerns/tokens_serialization_test.rb

@@ -0,0 +1,104 @@
+require 'test_helper'
+
+if DEVISE_TOKEN_AUTH_ORM == :active_record
+  describe 'DeviseTokenAuth::Concerns::TokensSerialization' do
+    let(:ts) { DeviseTokenAuth::Concerns::TokensSerialization }
+    let(:user) { FactoryBot.create(:user) }
+    let(:tokens) do
+      # Сreate all possible token's attributes combinations
+      user.create_token
+      2.times { user.create_new_auth_token(user.tokens.first[0]) }
+      user.create_new_auth_token
+      user.create_token
+
+      user.tokens
+    end
+
+    it 'is defined' do
+      assert_equal(ts.present?, true)
+      assert_kind_of(Module, ts)
+    end
+
+    describe '.load(json)' do
+
+      let(:json) { JSON.generate(tokens) }
+
+      let(:default) { {} }
+
+      it 'is defined' do
+        assert_respond_to(ts, :load)
+      end
+
+      it 'handles nil' do
+        assert_equal(ts.load(nil), default)
+      end
+
+      it 'handles string' do
+        assert_equal(ts.load(json), JSON.parse(json))
+      end
+
+      it 'returns object of undesirable class' do
+        assert_equal(ts.load([]), [])
+      end
+    end
+
+    describe '.dump(object)' do
+      let(:default) { 'null' }
+
+      it 'is defined' do
+        assert_respond_to(ts, :dump)
+      end
+
+      it 'handles nil' do
+        assert_equal(ts.dump(nil), default)
+      end
+
+      it 'handles empty hash' do
+        assert_equal(ts.dump({}), '{}')
+      end
+
+      it 'removes nil values' do
+        new_tokens = tokens.dup
+        new_tokens[new_tokens.first[0]][:kos] = nil
+
+        assert_equal(ts.dump(tokens), ts.dump(new_tokens))
+      end
+
+      describe 'updated_at' do
+        before do
+          @default_format = ::Time::DATE_FORMATS[:default]
+          ::Time::DATE_FORMATS[:default] = 'imprecise format'
+        end
+
+        after do
+          ::Time::DATE_FORMATS[:default] = @default_format
+        end
+
+        def updated_ats(tokens)
+          tokens.
+            values.
+            flat_map do |token|
+            [:updated_at, 'updated_at'].map do |key|
+              token[key]
+            end
+          end.
+          compact
+        end
+
+        it 'is defined' do
+          refute_empty updated_ats(tokens)
+        end
+
+        it 'uses iso8601' do
+          updated_ats(JSON.parse(ts.dump(tokens))).each do |updated_at|
+            Time.strptime(updated_at, '%Y-%m-%dT%H:%M:%SZ')
+          end
+        end
+
+        it 'does not rely on Time#to_s' do
+          refute_includes(updated_ats(tokens), 'imprecise format')
+        end
+      end
+    end
+  end
+end

data/test/models/confirmable_user_test.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class ConfirmableUserTest < ActiveSupport::TestCase
+  describe ConfirmableUser do
+    describe 'creation' do
+      test 'email should be saved' do
+        @resource = create(:confirmable_user)
+        assert @resource.email.present?
+      end
+    end
+
+    describe 'updating email' do
+      test 'new email should be saved to unconfirmed_email' do
+        @resource = create(:confirmable_user, email: 'old_address@example.com')
+        @resource.update(email: 'new_address@example.com')
+        assert @resource.unconfirmed_email == 'new_address@example.com'
+      end
+
+      test 'old email should be kept in email' do
+        @resource = create(:confirmable_user, email: 'old_address@example.com')
+        @resource.update(email: 'new_address@example.com')
+        assert @resource.email == 'old_address@example.com'
+      end
+
+      test 'confirmation_token should be changed' do
+        @resource = create(:confirmable_user, email: 'old_address@example.com')
+        old_token = @resource.confirmation_token
+        @resource.update(email: 'new_address@example.com')
+        assert @resource.confirmation_token != old_token
+      end
+    end
+  end
+end

data/test/models/only_email_user_test.rb

@@ -1,15 +1,9 @@
+# frozen_string_literal: true
+
 require 'test_helper'
 
 class OnlyEmailUserTest < ActiveSupport::TestCase
   describe OnlyEmailUser do
-    test 'trackable is disabled' do
-      refute OnlyEmailUser.method_defined?(:sign_in_count)
-      refute OnlyEmailUser.method_defined?(:current_sign_in_at)
-      refute OnlyEmailUser.method_defined?(:last_sign_in_at)
-      refute OnlyEmailUser.method_defined?(:current_sign_in_ip)
-      refute OnlyEmailUser.method_defined?(:last_sign_in_ip)
-    end
-
     test 'confirmable is disabled' do
       refute OnlyEmailUser.method_defined?(:confirmation_token)
       refute OnlyEmailUser.method_defined?(:confirmed_at)

data/test/models/user_test.rb

@@ -1,22 +1,19 @@
+# frozen_string_literal: true
+
 require 'test_helper'
 
 class UserTest < ActiveSupport::TestCase
   describe User do
-    before do
-      @password    = Faker::Internet.password(10, 20)
-      @email       = Faker::Internet.email
-      @success_url = Faker::Internet.url
-      @resource    = User.new()
-    end
-
     describe 'serialization' do
       test 'hash should not include sensitive info' do
+        @resource = build(:user)
         refute @resource.as_json[:tokens]
       end
     end
 
     describe 'creation' do
       test 'save fails if uid is missing' do
+        @resource = User.new
         @resource.uid = nil
         @resource.save
 
@@ -26,53 +23,35 @@ class UserTest < ActiveSupport::TestCase
 
     describe 'email registration' do
       test 'model should not save if email is blank' do
-        @resource.provider              = 'email'
-        @resource.password              = @password
-        @resource.password_confirmation = @password
+        @resource = build(:user, email: nil)
 
         refute @resource.save
-        assert @resource.errors.messages[:email] == [I18n.t("errors.messages.blank")]
+        assert @resource.errors.messages[:email] == [I18n.t('errors.messages.blank')]
       end
 
       test 'model should not save if email is not an email' do
-        @resource.provider              = 'email'
-        @resource.email                 = '@example.com'
-        @resource.password              = @password
-        @resource.password_confirmation = @password
+        @resource = build(:user, email: '@example.com')
 
         refute @resource.save
-        assert @resource.errors.messages[:email] == [I18n.t("errors.messages.not_email")]
+        assert @resource.errors.messages[:email] == [I18n.t('errors.messages.not_email')]
       end
     end
 
     describe 'email uniqueness' do
       test 'model should not save if email is taken' do
-        provider = 'email'
-
-        User.create(
-          email: @email,
-          provider: provider,
-          password: @password,
-          password_confirmation: @password
-        )
-
-        @resource.email                 = @email
-        @resource.provider              = provider
-        @resource.password              = @password
-        @resource.password_confirmation = @password
+        user_attributes = attributes_for(:user)
+        create(:user, user_attributes)
+        @resource = build(:user, user_attributes)
 
         refute @resource.save
-        assert @resource.errors.messages[:email] == [I18n.t('errors.messages.taken')]
+        assert @resource.errors.messages[:email].first.include? 'taken'
         assert @resource.errors.messages[:email].none? { |e| e =~ /translation missing/ }
       end
     end
 
     describe 'oauth2 authentication' do
       test 'model should save even if email is blank' do
-        @resource.provider              = 'facebook'
-        @resource.uid                   = 123
-        @resource.password              = @password
-        @resource.password_confirmation = @password
+        @resource = build(:user, :facebook, email: nil)
 
         assert @resource.save
         assert @resource.errors.messages[:email].blank?
@@ -81,9 +60,7 @@ class UserTest < ActiveSupport::TestCase
 
     describe 'token expiry' do
       before do
-        @resource = users(:confirmed_email_user)
-        @resource.skip_confirmation!
-        @resource.save!
+        @resource = create(:user, :confirmed)
 
         @auth_headers = @resource.create_new_auth_token
 
@@ -94,50 +71,14 @@ class UserTest < ActiveSupport::TestCase
       test 'should properly indicate whether token is current' do
         assert @resource.token_is_current?(@token, @client_id)
         # we want to update the expiry without forcing a cleanup (see below)
-        @resource.tokens[@client_id]['expiry'] = Time.now.to_i - 10.seconds
+        @resource.tokens[@client_id]['expiry'] = Time.zone.now.to_i - 10.seconds
         refute @resource.token_is_current?(@token, @client_id)
       end
     end
 
-    describe 'user specific token lifespan' do
-      before do
-        @resource = users(:confirmed_email_user)
-        @resource.skip_confirmation!
-        @resource.save!
-
-        auth_headers = @resource.create_new_auth_token
-        @token_global     = auth_headers['access-token']
-        @client_id_global = auth_headers['client']
-
-        def @resource.token_lifespan
-          1.minute
-        end
-
-        auth_headers = @resource.create_new_auth_token
-        @token_specific     = auth_headers['access-token']
-        @client_id_specific = auth_headers['client']
-      end
-
-      test 'works per user' do
-        assert @resource.token_is_current?(@token_global, @client_id_global)
-
-        time = Time.now.to_i
-        expiry_global = @resource.tokens[@client_id_global]['expiry']
-
-        assert expiry_global > time + DeviseTokenAuth.token_lifespan - 5.seconds
-        assert expiry_global < time + DeviseTokenAuth.token_lifespan + 5.seconds
-
-        expiry_specific = @resource.tokens[@client_id_specific]['expiry']
-        assert expiry_specific > time + 55.seconds
-        assert expiry_specific < time + 65.seconds
-      end
-    end
-
     describe 'expired tokens are destroyed on save' do
       before do
-        @resource = users(:confirmed_email_user)
-        @resource.skip_confirmation!
-        @resource.save!
+        @resource = create(:user, :confirmed)
 
         @old_auth_headers = @resource.create_new_auth_token
         @new_auth_headers = @resource.create_new_auth_token
@@ -149,15 +90,13 @@ class UserTest < ActiveSupport::TestCase
       end
 
       test 'current token was not removed' do
-        assert @resource.tokens[@new_auth_headers["client"]]
+        assert @resource.tokens[@new_auth_headers['client']]
       end
     end
 
     describe 'nil tokens are handled properly' do
       before do
-        @resource = users(:confirmed_email_user)
-        @resource.skip_confirmation!
-        @resource.save!
+        @resource = create(:user, :confirmed)
       end
 
       test 'tokens can be set to nil' do

data/test/support/controllers/routes.rb

@@ -0,0 +1,43 @@
+class Module
+  include Minitest::Spec::DSL
+end
+
+module ControllerRoutesAfterBlock
+  after do
+    Rails.application.reload_routes!
+  end
+end
+
+module CustomControllersRoutes
+  include ControllerRoutesAfterBlock
+
+  before do
+    Rails.application.routes.draw do
+      mount_devise_token_auth_for 'User', at: 'nice_user_auth', controllers: {
+        registrations: 'custom/registrations',
+        confirmations: 'custom/confirmations',
+        passwords: 'custom/passwords',
+        sessions: 'custom/sessions',
+        token_validations: 'custom/token_validations',
+        omniauth_callbacks: 'custom/omniauth_callbacks'
+      }
+    end
+  end
+end
+
+module OverridesControllersRoutes
+  include ControllerRoutesAfterBlock
+
+  before do
+    Rails.application.routes.draw do
+      mount_devise_token_auth_for 'User', at: 'evil_user_auth', controllers: {
+        confirmations:      'overrides/confirmations',
+        passwords:          'overrides/passwords',
+        omniauth_callbacks: 'overrides/omniauth_callbacks',
+        registrations:      'overrides/registrations',
+        sessions:           'overrides/sessions',
+        token_validations:  'overrides/token_validations'
+      }
+    end
+  end
+end