devise_token_auth 0.1.43 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/README.md +42 -895
- data/Rakefile +11 -4
- data/app/controllers/devise_token_auth/application_controller.rb +19 -8
- data/app/controllers/devise_token_auth/concerns/resource_finder.rb +26 -12
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +106 -85
- data/app/controllers/devise_token_auth/confirmations_controller.rb +73 -17
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +95 -51
- data/app/controllers/devise_token_auth/passwords_controller.rb +65 -57
- data/app/controllers/devise_token_auth/registrations_controller.rb +61 -61
- data/app/controllers/devise_token_auth/sessions_controller.rb +22 -18
- data/app/controllers/devise_token_auth/token_validations_controller.rb +5 -3
- data/app/controllers/devise_token_auth/unlocks_controller.rb +20 -16
- data/app/models/devise_token_auth/concerns/active_record_support.rb +14 -0
- data/app/models/devise_token_auth/concerns/confirmable_support.rb +28 -0
- data/app/models/devise_token_auth/concerns/mongoid_support.rb +19 -0
- data/app/models/devise_token_auth/concerns/tokens_serialization.rb +31 -0
- data/app/models/devise_token_auth/concerns/user.rb +92 -100
- data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +8 -3
- data/app/validators/{email_validator.rb → devise_token_auth_email_validator.rb} +5 -3
- data/app/views/devise_token_auth/omniauth_external_window.html.erb +1 -1
- data/config/locales/da-DK.yml +11 -9
- data/config/locales/de.yml +2 -0
- data/config/locales/en.yml +10 -0
- data/config/locales/es.yml +2 -0
- data/config/locales/fr.yml +2 -0
- data/config/locales/he.yml +52 -0
- data/config/locales/it.yml +2 -0
- data/config/locales/ja.yml +4 -2
- data/config/locales/ko.yml +51 -0
- data/config/locales/nl.yml +2 -0
- data/config/locales/pl.yml +6 -3
- data/config/locales/pt-BR.yml +2 -0
- data/config/locales/pt.yml +6 -3
- data/config/locales/ro.yml +2 -0
- data/config/locales/ru.yml +2 -0
- data/config/locales/sq.yml +2 -0
- data/config/locales/sv.yml +52 -0
- data/config/locales/uk.yml +2 -0
- data/config/locales/vi.yml +2 -0
- data/config/locales/zh-CN.yml +2 -0
- data/config/locales/zh-HK.yml +2 -0
- data/config/locales/zh-TW.yml +2 -0
- data/lib/devise_token_auth/blacklist.rb +6 -0
- data/lib/devise_token_auth/controllers/helpers.rb +21 -13
- data/lib/devise_token_auth/controllers/url_helpers.rb +2 -0
- data/lib/devise_token_auth/engine.rb +26 -14
- data/lib/devise_token_auth/errors.rb +8 -0
- data/lib/devise_token_auth/rails/routes.rb +37 -30
- data/lib/devise_token_auth/token_factory.rb +126 -0
- data/lib/devise_token_auth/url.rb +11 -4
- data/lib/devise_token_auth/version.rb +3 -1
- data/lib/devise_token_auth.rb +11 -5
- data/lib/generators/devise_token_auth/USAGE +2 -2
- data/lib/generators/devise_token_auth/install_generator.rb +36 -105
- data/lib/generators/devise_token_auth/install_generator_helpers.rb +98 -0
- data/lib/generators/devise_token_auth/install_mongoid_generator.rb +46 -0
- data/lib/generators/devise_token_auth/install_views_generator.rb +7 -5
- data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +12 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +8 -14
- data/lib/generators/devise_token_auth/templates/user.rb.erb +9 -0
- data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +56 -0
- data/lib/tasks/devise_token_auth_tasks.rake +2 -0
- data/test/controllers/custom/custom_confirmations_controller_test.rb +5 -1
- data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +4 -0
- data/test/controllers/custom/custom_passwords_controller_test.rb +6 -2
- data/test/controllers/custom/custom_registrations_controller_test.rb +17 -8
- data/test/controllers/custom/custom_sessions_controller_test.rb +7 -5
- data/test/controllers/custom/custom_token_validations_controller_test.rb +5 -3
- data/test/controllers/demo_group_controller_test.rb +4 -6
- data/test/controllers/demo_mang_controller_test.rb +3 -3
- data/test/controllers/demo_user_controller_test.rb +53 -25
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +159 -25
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +117 -47
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +309 -126
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +65 -23
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +93 -61
- data/test/controllers/devise_token_auth/token_validations_controller_test.rb +18 -6
- data/test/controllers/devise_token_auth/unlocks_controller_test.rb +24 -5
- data/test/controllers/overrides/confirmations_controller_test.rb +6 -2
- data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +5 -1
- data/test/controllers/overrides/passwords_controller_test.rb +27 -29
- data/test/controllers/overrides/registrations_controller_test.rb +33 -27
- data/test/controllers/overrides/sessions_controller_test.rb +6 -4
- data/test/controllers/overrides/token_validations_controller_test.rb +5 -3
- data/test/dummy/app/active_record/confirmable_user.rb +11 -0
- data/test/dummy/app/{models → active_record}/lockable_user.rb +2 -0
- data/test/dummy/app/{models → active_record}/mang.rb +2 -0
- data/test/dummy/app/{models → active_record}/only_email_user.rb +2 -0
- data/test/dummy/app/{models → active_record}/scoped_user.rb +4 -2
- data/test/dummy/app/{models → active_record}/unconfirmable_user.rb +3 -2
- data/test/dummy/app/active_record/unregisterable_user.rb +9 -0
- data/test/dummy/app/active_record/user.rb +6 -0
- data/test/dummy/app/controllers/application_controller.rb +2 -0
- data/test/dummy/app/controllers/auth_origin_controller.rb +2 -0
- data/test/dummy/app/controllers/custom/confirmations_controller.rb +2 -2
- data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb +2 -0
- data/test/dummy/app/controllers/custom/passwords_controller.rb +3 -4
- data/test/dummy/app/controllers/custom/registrations_controller.rb +3 -3
- data/test/dummy/app/controllers/custom/sessions_controller.rb +3 -3
- data/test/dummy/app/controllers/custom/token_validations_controller.rb +3 -3
- data/test/dummy/app/controllers/demo_group_controller.rb +2 -0
- data/test/dummy/app/controllers/demo_mang_controller.rb +2 -0
- data/test/dummy/app/controllers/demo_user_controller.rb +2 -0
- data/test/dummy/app/controllers/overrides/confirmations_controller.rb +8 -6
- data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +5 -3
- data/test/dummy/app/controllers/overrides/passwords_controller.rb +10 -8
- data/test/dummy/app/controllers/overrides/registrations_controller.rb +5 -3
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +12 -12
- data/test/dummy/app/controllers/overrides/token_validations_controller.rb +5 -5
- data/test/dummy/app/helpers/application_helper.rb +1029 -1036
- data/test/dummy/app/models/{user.rb → concerns/favorite_color.rb} +8 -7
- data/test/dummy/app/mongoid/confirmable_user.rb +52 -0
- data/test/dummy/app/mongoid/lockable_user.rb +38 -0
- data/test/dummy/app/mongoid/mang.rb +46 -0
- data/test/dummy/app/mongoid/only_email_user.rb +33 -0
- data/test/dummy/app/mongoid/scoped_user.rb +50 -0
- data/test/dummy/app/mongoid/unconfirmable_user.rb +44 -0
- data/test/dummy/app/mongoid/unregisterable_user.rb +47 -0
- data/test/dummy/app/mongoid/user.rb +49 -0
- data/test/dummy/app/views/layouts/application.html.erb +0 -2
- data/test/dummy/config/application.rb +26 -3
- data/test/dummy/config/boot.rb +8 -2
- data/test/dummy/config/environment.rb +3 -1
- data/test/dummy/config/environments/development.rb +5 -13
- data/test/dummy/config/environments/production.rb +2 -16
- data/test/dummy/config/environments/test.rb +3 -1
- data/test/dummy/config/initializers/backtrace_silencers.rb +2 -0
- data/test/dummy/config/initializers/cookies_serializer.rb +3 -1
- data/test/dummy/config/initializers/devise.rb +287 -0
- data/test/dummy/config/initializers/devise_token_auth.rb +37 -4
- data/test/dummy/config/initializers/figaro.rb +3 -1
- data/test/dummy/config/initializers/filter_parameter_logging.rb +2 -0
- data/test/dummy/config/initializers/inflections.rb +2 -0
- data/test/dummy/config/initializers/mime_types.rb +2 -0
- data/test/dummy/config/initializers/omniauth.rb +5 -2
- data/test/dummy/config/initializers/session_store.rb +2 -0
- data/test/dummy/config/initializers/wrap_parameters.rb +2 -0
- data/test/dummy/config/routes.rb +14 -29
- data/test/dummy/config/spring.rb +2 -0
- data/test/dummy/config.ru +5 -3
- data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +9 -14
- data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +8 -13
- data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +2 -0
- data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +2 -0
- data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +6 -11
- data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +8 -13
- data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +8 -13
- data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +8 -13
- data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +8 -13
- data/test/dummy/{tmp/generators/db/migrate/20171014052631_devise_token_auth_create_users.rb → db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb} +8 -14
- data/test/dummy/db/schema.rb +11 -71
- data/test/dummy/lib/migration_database_helper.rb +15 -1
- data/test/dummy/tmp/generators/app/controllers/application_controller.rb +6 -0
- data/test/dummy/tmp/generators/app/models/azpire/v1/human_resource/user.rb +56 -0
- data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +12 -0
- data/test/factories/users.rb +41 -0
- data/test/lib/devise_token_auth/blacklist_test.rb +19 -0
- data/test/lib/devise_token_auth/rails/custom_routes_test.rb +29 -0
- data/test/lib/devise_token_auth/rails/routes_test.rb +87 -0
- data/test/lib/devise_token_auth/token_factory_test.rb +191 -0
- data/test/lib/devise_token_auth/url_test.rb +9 -7
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +67 -37
- data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +222 -0
- data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +3 -1
- data/test/models/concerns/mongoid_support_test.rb +31 -0
- data/test/models/concerns/tokens_serialization_test.rb +104 -0
- data/test/models/confirmable_user_test.rb +35 -0
- data/test/models/only_email_user_test.rb +2 -8
- data/test/models/user_test.rb +18 -79
- data/test/support/controllers/routes.rb +43 -0
- data/test/test_helper.rb +83 -26
- metadata +153 -44
- data/config/initializers/devise.rb +0 -196
- data/lib/generators/devise_token_auth/templates/user.rb +0 -7
- data/test/dummy/app/models/evil_user.rb +0 -3
- data/test/dummy/app/models/nice_user.rb +0 -7
- data/test/dummy/app/models/unregisterable_user.rb +0 -7
- data/test/dummy/config/initializers/assets.rb +0 -8
- data/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb +0 -64
- data/test/dummy/db/migrate/20150409095712_devise_token_auth_create_nice_users.rb +0 -61
- data/test/dummy/tmp/generators/app/models/user.rb +0 -11
- data/test/integration/navigation_test.rb +0 -10
@@ -0,0 +1,56 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
class <%= user_class %>
|
4
|
+
include Mongoid::Document
|
5
|
+
include Mongoid::Timestamps
|
6
|
+
include Mongoid::Locker
|
7
|
+
|
8
|
+
field :locker_locked_at, type: Time
|
9
|
+
field :locker_locked_until, type: Time
|
10
|
+
|
11
|
+
locker locked_at_field: :locker_locked_at,
|
12
|
+
locked_until_field: :locker_locked_until
|
13
|
+
|
14
|
+
## Database authenticatable
|
15
|
+
field :email, type: String, default: ''
|
16
|
+
field :encrypted_password, type: String, default: ''
|
17
|
+
|
18
|
+
## Recoverable
|
19
|
+
field :reset_password_token, type: String
|
20
|
+
field :reset_password_sent_at, type: Time
|
21
|
+
field :reset_password_redirect_url, type: String
|
22
|
+
field :allow_password_change, type: Boolean, default: false
|
23
|
+
|
24
|
+
## Rememberable
|
25
|
+
field :remember_created_at, type: Time
|
26
|
+
|
27
|
+
## Confirmable
|
28
|
+
field :confirmation_token, type: String
|
29
|
+
field :confirmed_at, type: Time
|
30
|
+
field :confirmation_sent_at, type: Time
|
31
|
+
field :unconfirmed_email, type: String # Only if using reconfirmable
|
32
|
+
|
33
|
+
## Lockable
|
34
|
+
# field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts
|
35
|
+
# field :unlock_token, type: String # Only if unlock strategy is :email or :both
|
36
|
+
# field :locked_at, type: Time
|
37
|
+
|
38
|
+
## Required
|
39
|
+
field :provider, type: String
|
40
|
+
field :uid, type: String, default: ''
|
41
|
+
|
42
|
+
## Tokens
|
43
|
+
field :tokens, type: Hash, default: {}
|
44
|
+
|
45
|
+
# Include default devise modules. Others available are:
|
46
|
+
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
|
47
|
+
devise :database_authenticatable, :registerable,
|
48
|
+
:recoverable, :rememberable, :validatable
|
49
|
+
include DeviseTokenAuth::Concerns::User
|
50
|
+
|
51
|
+
index({ email: 1 }, { name: 'email_index', unique: true, background: true })
|
52
|
+
index({ reset_password_token: 1 }, { name: 'reset_password_token_index', unique: true, sparse: true, background: true })
|
53
|
+
index({ confirmation_token: 1 }, { name: 'confirmation_token_index', unique: true, sparse: true, background: true })
|
54
|
+
index({ uid: 1, provider: 1}, { name: 'uid_provider_index', unique: true, background: true })
|
55
|
+
# index({ unlock_token: 1 }, { name: 'unlock_token_index', unique: true, sparse: true, background: true })
|
56
|
+
end
|
@@ -1,10 +1,14 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
class Custom::ConfirmationsControllerTest < ActionController::TestCase
|
4
6
|
describe Custom::ConfirmationsController do
|
7
|
+
include CustomControllersRoutes
|
8
|
+
|
5
9
|
before do
|
6
10
|
@redirect_url = Faker::Internet.url
|
7
|
-
@new_user =
|
11
|
+
@new_user = create(:user)
|
8
12
|
@new_user.send_confirmation_instructions(redirect_url: @redirect_url)
|
9
13
|
@mail = ActionMailer::Base.deliveries.last
|
10
14
|
@token = @mail.body.match(/confirmation_token=([^&]*)&/)[1]
|
@@ -1,7 +1,11 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
class Custom::OmniauthCallbacksControllerTest < ActionDispatch::IntegrationTest
|
4
6
|
describe Custom::OmniauthCallbacksController do
|
7
|
+
include CustomControllersRoutes
|
8
|
+
|
5
9
|
setup do
|
6
10
|
OmniAuth.config.test_mode = true
|
7
11
|
OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new(
|
@@ -1,9 +1,13 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
class Custom::PasswordsControllerTest < ActionController::TestCase
|
4
6
|
describe Custom::PasswordsController do
|
7
|
+
include CustomControllersRoutes
|
8
|
+
|
5
9
|
before do
|
6
|
-
@resource =
|
10
|
+
@resource = create(:user, :confirmed)
|
7
11
|
@redirect_url = 'http://ng-token-auth.dev'
|
8
12
|
end
|
9
13
|
|
@@ -24,7 +28,7 @@ class Custom::PasswordsControllerTest < ActionController::TestCase
|
|
24
28
|
end
|
25
29
|
|
26
30
|
test 'yield resource to block on edit success' do
|
27
|
-
@resource =
|
31
|
+
@resource = create(:user)
|
28
32
|
@redirect_url = 'http://ng-token-auth.dev'
|
29
33
|
|
30
34
|
post :create,
|
@@ -1,17 +1,17 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
class Custom::RegistrationsControllerTest < ActionDispatch::IntegrationTest
|
4
6
|
describe Custom::RegistrationsController do
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
password_confirmation: 'secret123',
|
7
|
+
include CustomControllersRoutes
|
8
|
+
|
9
|
+
before do
|
10
|
+
@create_params = attributes_for(:user,
|
10
11
|
confirm_success_url: Faker::Internet.url,
|
11
|
-
unpermitted_param: '(x_x)'
|
12
|
-
}
|
12
|
+
unpermitted_param: '(x_x)')
|
13
13
|
|
14
|
-
@existing_user =
|
14
|
+
@existing_user = create(:user, :confirmed)
|
15
15
|
@auth_headers = @existing_user.create_new_auth_token
|
16
16
|
@client_id = @auth_headers['client']
|
17
17
|
|
@@ -50,5 +50,14 @@ class Custom::RegistrationsControllerTest < ActionDispatch::IntegrationTest
|
|
50
50
|
assert @controller.destroy_block_called?,
|
51
51
|
'destroy failed to yield resource to provided block'
|
52
52
|
end
|
53
|
+
|
54
|
+
describe 'when overriding #build_resource' do
|
55
|
+
test 'it fails' do
|
56
|
+
Custom::RegistrationsController.any_instance.stubs(:build_resource).returns(nil)
|
57
|
+
assert_raises DeviseTokenAuth::Errors::NoResourceDefinedError do
|
58
|
+
post '/nice_user_auth', params: @create_params
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
53
62
|
end
|
54
63
|
end
|
@@ -1,18 +1,20 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
class Custom::SessionsControllerTest < ActionController::TestCase
|
4
6
|
describe Custom::SessionsController do
|
7
|
+
include CustomControllersRoutes
|
8
|
+
|
5
9
|
before do
|
6
|
-
@existing_user =
|
7
|
-
@existing_user.skip_confirmation!
|
8
|
-
@existing_user.save!
|
10
|
+
@existing_user = create(:user, :confirmed)
|
9
11
|
end
|
10
12
|
|
11
13
|
test 'yield resource to block on create success' do
|
12
14
|
post :create,
|
13
15
|
params: {
|
14
16
|
email: @existing_user.email,
|
15
|
-
password:
|
17
|
+
password: @existing_user.password
|
16
18
|
}
|
17
19
|
assert @controller.create_block_called?,
|
18
20
|
'create failed to yield resource to provided block'
|
@@ -29,7 +31,7 @@ class Custom::SessionsControllerTest < ActionController::TestCase
|
|
29
31
|
test 'render method override' do
|
30
32
|
post :create,
|
31
33
|
params: { email: @existing_user.email,
|
32
|
-
password:
|
34
|
+
password: @existing_user.password }
|
33
35
|
@data = JSON.parse(response.body)
|
34
36
|
assert_equal @data['custom'], 'foo'
|
35
37
|
end
|
@@ -1,11 +1,13 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
class Custom::TokenValidationsControllerTest < ActionDispatch::IntegrationTest
|
4
6
|
describe Custom::TokenValidationsController do
|
7
|
+
include CustomControllersRoutes
|
8
|
+
|
5
9
|
before do
|
6
|
-
@resource =
|
7
|
-
@resource.skip_confirmation!
|
8
|
-
@resource.save!
|
10
|
+
@resource = create(:user, :confirmed)
|
9
11
|
|
10
12
|
@auth_headers = @resource.create_new_auth_token
|
11
13
|
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
# was the web request successful?
|
@@ -11,9 +13,7 @@ class DemoGroupControllerTest < ActionDispatch::IntegrationTest
|
|
11
13
|
describe 'Token access' do
|
12
14
|
before do
|
13
15
|
# user
|
14
|
-
@resource =
|
15
|
-
@resource.skip_confirmation!
|
16
|
-
@resource.save!
|
16
|
+
@resource = create(:user, :confirmed)
|
17
17
|
|
18
18
|
@resource_auth_headers = @resource.create_new_auth_token
|
19
19
|
|
@@ -22,9 +22,7 @@ class DemoGroupControllerTest < ActionDispatch::IntegrationTest
|
|
22
22
|
@resource_expiry = @resource_auth_headers['expiry']
|
23
23
|
|
24
24
|
# mang
|
25
|
-
@mang =
|
26
|
-
@mang.skip_confirmation!
|
27
|
-
@mang.save!
|
25
|
+
@mang = create(:mang_user, :confirmed)
|
28
26
|
|
29
27
|
@mang_auth_headers = @mang.create_new_auth_token
|
30
28
|
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
# was the web request successful?
|
@@ -10,9 +12,7 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
|
|
10
12
|
describe DemoMangController do
|
11
13
|
describe 'Token access' do
|
12
14
|
before do
|
13
|
-
@resource =
|
14
|
-
@resource.skip_confirmation!
|
15
|
-
@resource.save!
|
15
|
+
@resource = create(:mang_user, :confirmed)
|
16
16
|
|
17
17
|
@auth_headers = @resource.create_new_auth_token
|
18
18
|
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
# was the web request successful?
|
@@ -11,9 +13,7 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
|
|
11
13
|
describe DemoUserController do
|
12
14
|
describe 'Token access' do
|
13
15
|
before do
|
14
|
-
@resource =
|
15
|
-
@resource.skip_confirmation!
|
16
|
-
@resource.save!
|
16
|
+
@resource = create(:user, :confirmed)
|
17
17
|
|
18
18
|
@auth_headers = @resource.create_new_auth_token
|
19
19
|
|
@@ -321,8 +321,8 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
|
|
321
321
|
assert @resource.tokens.count > 1
|
322
322
|
|
323
323
|
# password changed from new device
|
324
|
-
@resource.
|
325
|
-
|
324
|
+
@resource.update(password: 'newsecret123',
|
325
|
+
password_confirmation: 'newsecret123')
|
326
326
|
|
327
327
|
get '/demo/members_only',
|
328
328
|
params: {},
|
@@ -407,12 +407,55 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
|
|
407
407
|
DeviseTokenAuth.headers_names[:'access-token'] = 'access-token'
|
408
408
|
end
|
409
409
|
end
|
410
|
+
|
411
|
+
describe 'maximum concurrent devices per user' do
|
412
|
+
before do
|
413
|
+
# Set the max_number_of_devices to a lower number
|
414
|
+
# to expedite tests! (Default is 10)
|
415
|
+
DeviseTokenAuth.max_number_of_devices = 5
|
416
|
+
end
|
417
|
+
|
418
|
+
it 'should limit the maximum number of concurrent devices' do
|
419
|
+
# increment the number of devices until the maximum is exceeded
|
420
|
+
1.upto(DeviseTokenAuth.max_number_of_devices + 1).each do |n|
|
421
|
+
|
422
|
+
assert_equal(
|
423
|
+
[n, DeviseTokenAuth.max_number_of_devices].min,
|
424
|
+
@resource.reload.tokens.length
|
425
|
+
)
|
426
|
+
|
427
|
+
# Add a new device (and token) ahead of the next iteration
|
428
|
+
@resource.create_new_auth_token
|
429
|
+
|
430
|
+
end
|
431
|
+
end
|
432
|
+
|
433
|
+
it 'should drop the oldest token when the maximum number of devices is exceeded' do
|
434
|
+
# create the maximum number of tokens
|
435
|
+
1.upto(DeviseTokenAuth.max_number_of_devices).each do
|
436
|
+
@resource.create_new_auth_token
|
437
|
+
end
|
438
|
+
|
439
|
+
# get the oldest token client_id
|
440
|
+
oldest_client_id, = @resource.reload.tokens.min_by do |cid, v|
|
441
|
+
v[:expiry] || v['expiry']
|
442
|
+
end # => [ 'CLIENT_ID', {token: ...} ]
|
443
|
+
|
444
|
+
# create another token, thereby dropping the oldest token
|
445
|
+
@resource.create_new_auth_token
|
446
|
+
|
447
|
+
assert_not_includes @resource.reload.tokens.keys, oldest_client_id
|
448
|
+
end
|
449
|
+
|
450
|
+
after do
|
451
|
+
DeviseTokenAuth.max_number_of_devices = 10
|
452
|
+
end
|
453
|
+
end
|
410
454
|
end
|
411
455
|
|
412
456
|
describe 'bypass_sign_in' do
|
413
457
|
before do
|
414
|
-
@resource =
|
415
|
-
@resource.save!
|
458
|
+
@resource = create(:user)
|
416
459
|
|
417
460
|
@auth_headers = @resource.create_new_auth_token
|
418
461
|
|
@@ -467,16 +510,14 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
|
|
467
510
|
|
468
511
|
describe 'enable_standard_devise_support' do
|
469
512
|
before do
|
470
|
-
@resource =
|
513
|
+
@resource = create(:user, :confirmed)
|
471
514
|
@auth_headers = @resource.create_new_auth_token
|
472
515
|
DeviseTokenAuth.enable_standard_devise_support = true
|
473
516
|
end
|
474
517
|
|
475
518
|
describe 'Existing Warden authentication' do
|
476
519
|
before do
|
477
|
-
@resource =
|
478
|
-
@resource.skip_confirmation!
|
479
|
-
@resource.save!
|
520
|
+
@resource = create(:user, :confirmed)
|
480
521
|
login_as(@resource, scope: :user)
|
481
522
|
|
482
523
|
# no auth headers sent, testing that warden authenticates correctly.
|
@@ -503,17 +544,6 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
|
|
503
544
|
refute_equal @resource, @controller.current_mang
|
504
545
|
end
|
505
546
|
|
506
|
-
it 'should increase the number of tokens by a factor of 2 up to 11' do
|
507
|
-
@first_token = @resource.tokens.keys.first
|
508
|
-
|
509
|
-
DeviseTokenAuth.max_number_of_devices = 11
|
510
|
-
(1..10).each do |n|
|
511
|
-
assert_equal [11, 2 * n].min, @resource.reload.tokens.keys.length
|
512
|
-
get '/demo/members_only', params: {}, headers: nil
|
513
|
-
end
|
514
|
-
|
515
|
-
assert_not_includes @resource.reload.tokens.keys, @first_token
|
516
|
-
end
|
517
547
|
end
|
518
548
|
|
519
549
|
it 'should return success status' do
|
@@ -539,9 +569,7 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
|
|
539
569
|
|
540
570
|
describe 'existing Warden authentication with ignored token data' do
|
541
571
|
before do
|
542
|
-
@resource =
|
543
|
-
@resource.skip_confirmation!
|
544
|
-
@resource.save!
|
572
|
+
@resource = create(:user, :confirmed)
|
545
573
|
login_as(@resource, scope: :user)
|
546
574
|
|
547
575
|
get '/demo/members_only',
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
# was the web request successful?
|
@@ -17,10 +19,11 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
|
17
19
|
describe 'Confirmation' do
|
18
20
|
before do
|
19
21
|
@redirect_url = Faker::Internet.url
|
20
|
-
@new_user =
|
22
|
+
@new_user = create(:user)
|
21
23
|
@new_user.send_confirmation_instructions(redirect_url: @redirect_url)
|
22
24
|
mail = ActionMailer::Base.deliveries.last
|
23
25
|
@token, @client_config = token_and_client_config_from(mail.body)
|
26
|
+
@token_params = %w[access-token client client_id config expiry token uid]
|
24
27
|
end
|
25
28
|
|
26
29
|
test 'should generate raw token' do
|
@@ -36,35 +39,154 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
|
36
39
|
end
|
37
40
|
|
38
41
|
describe 'success' do
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
42
|
+
describe 'when authenticated' do
|
43
|
+
before do
|
44
|
+
sign_in(@new_user)
|
45
|
+
get :show,
|
46
|
+
params: { confirmation_token: @token,
|
47
|
+
redirect_url: @redirect_url },
|
48
|
+
xhr: true
|
49
|
+
@resource = assigns(:resource)
|
50
|
+
end
|
46
51
|
|
47
|
-
|
48
|
-
|
49
|
-
|
52
|
+
test 'user should now be confirmed' do
|
53
|
+
assert @resource.confirmed?
|
54
|
+
end
|
50
55
|
|
51
|
-
|
52
|
-
|
53
|
-
|
56
|
+
test 'should save the authentication token' do
|
57
|
+
assert @resource.reload.tokens.present?
|
58
|
+
end
|
54
59
|
|
55
|
-
|
56
|
-
|
60
|
+
test 'should redirect to success url' do
|
61
|
+
assert_redirected_to(/^#{@redirect_url}/)
|
62
|
+
end
|
63
|
+
|
64
|
+
test 'redirect url includes token params' do
|
65
|
+
assert @token_params.all? { |param| response.body.include?(param) }
|
66
|
+
assert response.body.include?('account_confirmation_success')
|
67
|
+
end
|
57
68
|
end
|
58
|
-
|
59
|
-
|
69
|
+
|
70
|
+
describe 'when unauthenticated' do
|
71
|
+
before do
|
72
|
+
sign_out(@new_user)
|
73
|
+
get :show,
|
74
|
+
params: { confirmation_token: @token,
|
75
|
+
redirect_url: @redirect_url },
|
76
|
+
xhr: true
|
77
|
+
@resource = assigns(:resource)
|
78
|
+
end
|
79
|
+
|
80
|
+
test 'user should now be confirmed' do
|
81
|
+
assert @resource.confirmed?
|
82
|
+
end
|
83
|
+
|
84
|
+
test 'should redirect to success url' do
|
85
|
+
assert_redirected_to(/^#{@redirect_url}/)
|
86
|
+
end
|
87
|
+
|
88
|
+
test 'redirect url does not include token params' do
|
89
|
+
refute @token_params.any? { |param| response.body.include?(param) }
|
90
|
+
assert response.body.include?('account_confirmation_success')
|
91
|
+
end
|
60
92
|
end
|
61
|
-
|
62
|
-
|
93
|
+
|
94
|
+
describe 'resend confirmation' do
|
95
|
+
describe 'without paranoid mode' do
|
96
|
+
|
97
|
+
describe 'on success' do
|
98
|
+
before do
|
99
|
+
post :create,
|
100
|
+
params: { email: @new_user.email,
|
101
|
+
redirect_url: @redirect_url },
|
102
|
+
xhr: true
|
103
|
+
@resource = assigns(:resource)
|
104
|
+
@data = JSON.parse(response.body)
|
105
|
+
@mail = ActionMailer::Base.deliveries.last
|
106
|
+
@token, @client_config = token_and_client_config_from(@mail.body)
|
107
|
+
end
|
108
|
+
|
109
|
+
test 'user should not be confirmed' do
|
110
|
+
assert_nil @resource.confirmed_at
|
111
|
+
end
|
112
|
+
|
113
|
+
test 'should generate raw token' do
|
114
|
+
assert @token
|
115
|
+
assert_equal @new_user.confirmation_token, @token
|
116
|
+
end
|
117
|
+
|
118
|
+
test 'user should receive confirmation email' do
|
119
|
+
assert_equal @resource.email, @mail['to'].to_s
|
120
|
+
end
|
121
|
+
|
122
|
+
test 'response should contain message' do
|
123
|
+
assert_equal @data['message'], I18n.t('devise_token_auth.confirmations.sended', email: @resource.email)
|
124
|
+
end
|
125
|
+
end
|
126
|
+
|
127
|
+
describe 'on failure' do
|
128
|
+
before do
|
129
|
+
post :create,
|
130
|
+
params: { email: 'chester@cheet.ah',
|
131
|
+
redirect_url: @redirect_url },
|
132
|
+
xhr: true
|
133
|
+
@data = JSON.parse(response.body)
|
134
|
+
end
|
135
|
+
|
136
|
+
test 'response should contain errors' do
|
137
|
+
assert_equal @data['errors'], [I18n.t('devise_token_auth.confirmations.user_not_found', email: 'chester@cheet.ah')]
|
138
|
+
end
|
139
|
+
end
|
140
|
+
end
|
63
141
|
end
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
142
|
+
|
143
|
+
describe 'with paranoid mode' do
|
144
|
+
describe 'on success' do
|
145
|
+
before do
|
146
|
+
swap Devise, paranoid: true do
|
147
|
+
post :create,
|
148
|
+
params: { email: @new_user.email,
|
149
|
+
redirect_url: @redirect_url },
|
150
|
+
xhr: true
|
151
|
+
@resource = assigns(:resource)
|
152
|
+
@data = JSON.parse(response.body)
|
153
|
+
@mail = ActionMailer::Base.deliveries.last
|
154
|
+
@token, @client_config = token_and_client_config_from(@mail.body)
|
155
|
+
end
|
156
|
+
end
|
157
|
+
|
158
|
+
test 'user should not be confirmed' do
|
159
|
+
assert_nil @resource.confirmed_at
|
160
|
+
end
|
161
|
+
|
162
|
+
test 'should generate raw token' do
|
163
|
+
assert @token
|
164
|
+
assert_equal @new_user.confirmation_token, @token
|
165
|
+
end
|
166
|
+
|
167
|
+
test 'user should receive confirmation email' do
|
168
|
+
assert_equal @resource.email, @mail['to'].to_s
|
169
|
+
end
|
170
|
+
|
171
|
+
test 'response should contain message' do
|
172
|
+
assert_equal @data['message'], I18n.t('devise_token_auth.confirmations.sended_paranoid', email: @resource.email)
|
173
|
+
end
|
174
|
+
end
|
175
|
+
|
176
|
+
describe 'on failure' do
|
177
|
+
before do
|
178
|
+
swap Devise, paranoid: true do
|
179
|
+
post :create,
|
180
|
+
params: { email: 'chester@cheet.ah',
|
181
|
+
redirect_url: @redirect_url },
|
182
|
+
xhr: true
|
183
|
+
@data = JSON.parse(response.body)
|
184
|
+
end
|
185
|
+
end
|
186
|
+
|
187
|
+
test 'response should contain errors' do
|
188
|
+
assert_equal @data['errors'], [I18n.t('devise_token_auth.confirmations.sended_paranoid')]
|
189
|
+
end
|
68
190
|
end
|
69
191
|
end
|
70
192
|
end
|
@@ -77,6 +199,18 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
|
77
199
|
@resource = assigns(:resource)
|
78
200
|
refute @resource.confirmed?
|
79
201
|
end
|
202
|
+
|
203
|
+
test 'request resend confirmation without email' do
|
204
|
+
post :create, params: { email: nil }, xhr: true
|
205
|
+
|
206
|
+
assert_equal 401, response.status
|
207
|
+
end
|
208
|
+
|
209
|
+
test 'user should not be found on resend confirmation request' do
|
210
|
+
post :create, params: { email: 'bogus' }, xhr: true
|
211
|
+
|
212
|
+
assert_equal 404, response.status
|
213
|
+
end
|
80
214
|
end
|
81
215
|
end
|
82
216
|
|
@@ -92,7 +226,7 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
|
92
226
|
|
93
227
|
before do
|
94
228
|
@config_name = 'altUser'
|
95
|
-
@new_user =
|
229
|
+
@new_user = create(:mang_user)
|
96
230
|
|
97
231
|
@new_user.send_confirmation_instructions(client_config: @config_name)
|
98
232
|
|