devise_token_auth 0.1.43 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (183) hide show
  1. checksums.yaml +5 -5
  2. data/README.md +42 -895
  3. data/Rakefile +11 -4
  4. data/app/controllers/devise_token_auth/application_controller.rb +19 -8
  5. data/app/controllers/devise_token_auth/concerns/resource_finder.rb +26 -12
  6. data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +106 -85
  7. data/app/controllers/devise_token_auth/confirmations_controller.rb +73 -17
  8. data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +95 -51
  9. data/app/controllers/devise_token_auth/passwords_controller.rb +65 -57
  10. data/app/controllers/devise_token_auth/registrations_controller.rb +61 -61
  11. data/app/controllers/devise_token_auth/sessions_controller.rb +22 -18
  12. data/app/controllers/devise_token_auth/token_validations_controller.rb +5 -3
  13. data/app/controllers/devise_token_auth/unlocks_controller.rb +20 -16
  14. data/app/models/devise_token_auth/concerns/active_record_support.rb +14 -0
  15. data/app/models/devise_token_auth/concerns/confirmable_support.rb +28 -0
  16. data/app/models/devise_token_auth/concerns/mongoid_support.rb +19 -0
  17. data/app/models/devise_token_auth/concerns/tokens_serialization.rb +31 -0
  18. data/app/models/devise_token_auth/concerns/user.rb +92 -100
  19. data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +8 -3
  20. data/app/validators/{email_validator.rb → devise_token_auth_email_validator.rb} +5 -3
  21. data/app/views/devise_token_auth/omniauth_external_window.html.erb +1 -1
  22. data/config/locales/da-DK.yml +11 -9
  23. data/config/locales/de.yml +2 -0
  24. data/config/locales/en.yml +10 -0
  25. data/config/locales/es.yml +2 -0
  26. data/config/locales/fr.yml +2 -0
  27. data/config/locales/he.yml +52 -0
  28. data/config/locales/it.yml +2 -0
  29. data/config/locales/ja.yml +4 -2
  30. data/config/locales/ko.yml +51 -0
  31. data/config/locales/nl.yml +2 -0
  32. data/config/locales/pl.yml +6 -3
  33. data/config/locales/pt-BR.yml +2 -0
  34. data/config/locales/pt.yml +6 -3
  35. data/config/locales/ro.yml +2 -0
  36. data/config/locales/ru.yml +2 -0
  37. data/config/locales/sq.yml +2 -0
  38. data/config/locales/sv.yml +52 -0
  39. data/config/locales/uk.yml +2 -0
  40. data/config/locales/vi.yml +2 -0
  41. data/config/locales/zh-CN.yml +2 -0
  42. data/config/locales/zh-HK.yml +2 -0
  43. data/config/locales/zh-TW.yml +2 -0
  44. data/lib/devise_token_auth/blacklist.rb +6 -0
  45. data/lib/devise_token_auth/controllers/helpers.rb +21 -13
  46. data/lib/devise_token_auth/controllers/url_helpers.rb +2 -0
  47. data/lib/devise_token_auth/engine.rb +26 -14
  48. data/lib/devise_token_auth/errors.rb +8 -0
  49. data/lib/devise_token_auth/rails/routes.rb +37 -30
  50. data/lib/devise_token_auth/token_factory.rb +126 -0
  51. data/lib/devise_token_auth/url.rb +11 -4
  52. data/lib/devise_token_auth/version.rb +3 -1
  53. data/lib/devise_token_auth.rb +11 -5
  54. data/lib/generators/devise_token_auth/USAGE +2 -2
  55. data/lib/generators/devise_token_auth/install_generator.rb +36 -105
  56. data/lib/generators/devise_token_auth/install_generator_helpers.rb +98 -0
  57. data/lib/generators/devise_token_auth/install_mongoid_generator.rb +46 -0
  58. data/lib/generators/devise_token_auth/install_views_generator.rb +7 -5
  59. data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +12 -0
  60. data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +8 -14
  61. data/lib/generators/devise_token_auth/templates/user.rb.erb +9 -0
  62. data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +56 -0
  63. data/lib/tasks/devise_token_auth_tasks.rake +2 -0
  64. data/test/controllers/custom/custom_confirmations_controller_test.rb +5 -1
  65. data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +4 -0
  66. data/test/controllers/custom/custom_passwords_controller_test.rb +6 -2
  67. data/test/controllers/custom/custom_registrations_controller_test.rb +17 -8
  68. data/test/controllers/custom/custom_sessions_controller_test.rb +7 -5
  69. data/test/controllers/custom/custom_token_validations_controller_test.rb +5 -3
  70. data/test/controllers/demo_group_controller_test.rb +4 -6
  71. data/test/controllers/demo_mang_controller_test.rb +3 -3
  72. data/test/controllers/demo_user_controller_test.rb +53 -25
  73. data/test/controllers/devise_token_auth/confirmations_controller_test.rb +159 -25
  74. data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +117 -47
  75. data/test/controllers/devise_token_auth/passwords_controller_test.rb +309 -126
  76. data/test/controllers/devise_token_auth/registrations_controller_test.rb +65 -23
  77. data/test/controllers/devise_token_auth/sessions_controller_test.rb +93 -61
  78. data/test/controllers/devise_token_auth/token_validations_controller_test.rb +18 -6
  79. data/test/controllers/devise_token_auth/unlocks_controller_test.rb +24 -5
  80. data/test/controllers/overrides/confirmations_controller_test.rb +6 -2
  81. data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +5 -1
  82. data/test/controllers/overrides/passwords_controller_test.rb +27 -29
  83. data/test/controllers/overrides/registrations_controller_test.rb +33 -27
  84. data/test/controllers/overrides/sessions_controller_test.rb +6 -4
  85. data/test/controllers/overrides/token_validations_controller_test.rb +5 -3
  86. data/test/dummy/app/active_record/confirmable_user.rb +11 -0
  87. data/test/dummy/app/{models → active_record}/lockable_user.rb +2 -0
  88. data/test/dummy/app/{models → active_record}/mang.rb +2 -0
  89. data/test/dummy/app/{models → active_record}/only_email_user.rb +2 -0
  90. data/test/dummy/app/{models → active_record}/scoped_user.rb +4 -2
  91. data/test/dummy/app/{models → active_record}/unconfirmable_user.rb +3 -2
  92. data/test/dummy/app/active_record/unregisterable_user.rb +9 -0
  93. data/test/dummy/app/active_record/user.rb +6 -0
  94. data/test/dummy/app/controllers/application_controller.rb +2 -0
  95. data/test/dummy/app/controllers/auth_origin_controller.rb +2 -0
  96. data/test/dummy/app/controllers/custom/confirmations_controller.rb +2 -2
  97. data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb +2 -0
  98. data/test/dummy/app/controllers/custom/passwords_controller.rb +3 -4
  99. data/test/dummy/app/controllers/custom/registrations_controller.rb +3 -3
  100. data/test/dummy/app/controllers/custom/sessions_controller.rb +3 -3
  101. data/test/dummy/app/controllers/custom/token_validations_controller.rb +3 -3
  102. data/test/dummy/app/controllers/demo_group_controller.rb +2 -0
  103. data/test/dummy/app/controllers/demo_mang_controller.rb +2 -0
  104. data/test/dummy/app/controllers/demo_user_controller.rb +2 -0
  105. data/test/dummy/app/controllers/overrides/confirmations_controller.rb +8 -6
  106. data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +5 -3
  107. data/test/dummy/app/controllers/overrides/passwords_controller.rb +10 -8
  108. data/test/dummy/app/controllers/overrides/registrations_controller.rb +5 -3
  109. data/test/dummy/app/controllers/overrides/sessions_controller.rb +12 -12
  110. data/test/dummy/app/controllers/overrides/token_validations_controller.rb +5 -5
  111. data/test/dummy/app/helpers/application_helper.rb +1029 -1036
  112. data/test/dummy/app/models/{user.rb → concerns/favorite_color.rb} +8 -7
  113. data/test/dummy/app/mongoid/confirmable_user.rb +52 -0
  114. data/test/dummy/app/mongoid/lockable_user.rb +38 -0
  115. data/test/dummy/app/mongoid/mang.rb +46 -0
  116. data/test/dummy/app/mongoid/only_email_user.rb +33 -0
  117. data/test/dummy/app/mongoid/scoped_user.rb +50 -0
  118. data/test/dummy/app/mongoid/unconfirmable_user.rb +44 -0
  119. data/test/dummy/app/mongoid/unregisterable_user.rb +47 -0
  120. data/test/dummy/app/mongoid/user.rb +49 -0
  121. data/test/dummy/app/views/layouts/application.html.erb +0 -2
  122. data/test/dummy/config/application.rb +26 -3
  123. data/test/dummy/config/boot.rb +8 -2
  124. data/test/dummy/config/environment.rb +3 -1
  125. data/test/dummy/config/environments/development.rb +5 -13
  126. data/test/dummy/config/environments/production.rb +2 -16
  127. data/test/dummy/config/environments/test.rb +3 -1
  128. data/test/dummy/config/initializers/backtrace_silencers.rb +2 -0
  129. data/test/dummy/config/initializers/cookies_serializer.rb +3 -1
  130. data/test/dummy/config/initializers/devise.rb +287 -0
  131. data/test/dummy/config/initializers/devise_token_auth.rb +37 -4
  132. data/test/dummy/config/initializers/figaro.rb +3 -1
  133. data/test/dummy/config/initializers/filter_parameter_logging.rb +2 -0
  134. data/test/dummy/config/initializers/inflections.rb +2 -0
  135. data/test/dummy/config/initializers/mime_types.rb +2 -0
  136. data/test/dummy/config/initializers/omniauth.rb +5 -2
  137. data/test/dummy/config/initializers/session_store.rb +2 -0
  138. data/test/dummy/config/initializers/wrap_parameters.rb +2 -0
  139. data/test/dummy/config/routes.rb +14 -29
  140. data/test/dummy/config/spring.rb +2 -0
  141. data/test/dummy/config.ru +5 -3
  142. data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +9 -14
  143. data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +8 -13
  144. data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +2 -0
  145. data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +2 -0
  146. data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +6 -11
  147. data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +8 -13
  148. data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +8 -13
  149. data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +8 -13
  150. data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +8 -13
  151. data/test/dummy/{tmp/generators/db/migrate/20171014052631_devise_token_auth_create_users.rb → db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb} +8 -14
  152. data/test/dummy/db/schema.rb +11 -71
  153. data/test/dummy/lib/migration_database_helper.rb +15 -1
  154. data/test/dummy/tmp/generators/app/controllers/application_controller.rb +6 -0
  155. data/test/dummy/tmp/generators/app/models/azpire/v1/human_resource/user.rb +56 -0
  156. data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +12 -0
  157. data/test/factories/users.rb +41 -0
  158. data/test/lib/devise_token_auth/blacklist_test.rb +19 -0
  159. data/test/lib/devise_token_auth/rails/custom_routes_test.rb +29 -0
  160. data/test/lib/devise_token_auth/rails/routes_test.rb +87 -0
  161. data/test/lib/devise_token_auth/token_factory_test.rb +191 -0
  162. data/test/lib/devise_token_auth/url_test.rb +9 -7
  163. data/test/lib/generators/devise_token_auth/install_generator_test.rb +67 -37
  164. data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +222 -0
  165. data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +3 -1
  166. data/test/models/concerns/mongoid_support_test.rb +31 -0
  167. data/test/models/concerns/tokens_serialization_test.rb +104 -0
  168. data/test/models/confirmable_user_test.rb +35 -0
  169. data/test/models/only_email_user_test.rb +2 -8
  170. data/test/models/user_test.rb +18 -79
  171. data/test/support/controllers/routes.rb +43 -0
  172. data/test/test_helper.rb +83 -26
  173. metadata +153 -44
  174. data/config/initializers/devise.rb +0 -196
  175. data/lib/generators/devise_token_auth/templates/user.rb +0 -7
  176. data/test/dummy/app/models/evil_user.rb +0 -3
  177. data/test/dummy/app/models/nice_user.rb +0 -7
  178. data/test/dummy/app/models/unregisterable_user.rb +0 -7
  179. data/test/dummy/config/initializers/assets.rb +0 -8
  180. data/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb +0 -64
  181. data/test/dummy/db/migrate/20150409095712_devise_token_auth_create_nice_users.rb +0 -61
  182. data/test/dummy/tmp/generators/app/models/user.rb +0 -11
  183. data/test/integration/navigation_test.rb +0 -10
@@ -0,0 +1,56 @@
1
+ # frozen_string_literal: true
2
+
3
+ class <%= user_class %>
4
+ include Mongoid::Document
5
+ include Mongoid::Timestamps
6
+ include Mongoid::Locker
7
+
8
+ field :locker_locked_at, type: Time
9
+ field :locker_locked_until, type: Time
10
+
11
+ locker locked_at_field: :locker_locked_at,
12
+ locked_until_field: :locker_locked_until
13
+
14
+ ## Database authenticatable
15
+ field :email, type: String, default: ''
16
+ field :encrypted_password, type: String, default: ''
17
+
18
+ ## Recoverable
19
+ field :reset_password_token, type: String
20
+ field :reset_password_sent_at, type: Time
21
+ field :reset_password_redirect_url, type: String
22
+ field :allow_password_change, type: Boolean, default: false
23
+
24
+ ## Rememberable
25
+ field :remember_created_at, type: Time
26
+
27
+ ## Confirmable
28
+ field :confirmation_token, type: String
29
+ field :confirmed_at, type: Time
30
+ field :confirmation_sent_at, type: Time
31
+ field :unconfirmed_email, type: String # Only if using reconfirmable
32
+
33
+ ## Lockable
34
+ # field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts
35
+ # field :unlock_token, type: String # Only if unlock strategy is :email or :both
36
+ # field :locked_at, type: Time
37
+
38
+ ## Required
39
+ field :provider, type: String
40
+ field :uid, type: String, default: ''
41
+
42
+ ## Tokens
43
+ field :tokens, type: Hash, default: {}
44
+
45
+ # Include default devise modules. Others available are:
46
+ # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
47
+ devise :database_authenticatable, :registerable,
48
+ :recoverable, :rememberable, :validatable
49
+ include DeviseTokenAuth::Concerns::User
50
+
51
+ index({ email: 1 }, { name: 'email_index', unique: true, background: true })
52
+ index({ reset_password_token: 1 }, { name: 'reset_password_token_index', unique: true, sparse: true, background: true })
53
+ index({ confirmation_token: 1 }, { name: 'confirmation_token_index', unique: true, sparse: true, background: true })
54
+ index({ uid: 1, provider: 1}, { name: 'uid_provider_index', unique: true, background: true })
55
+ # index({ unlock_token: 1 }, { name: 'unlock_token_index', unique: true, sparse: true, background: true })
56
+ end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # desc "Explaining what the task does"
2
4
  # task :devise_token_auth do
3
5
  # # Task goes here
@@ -1,10 +1,14 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'test_helper'
2
4
 
3
5
  class Custom::ConfirmationsControllerTest < ActionController::TestCase
4
6
  describe Custom::ConfirmationsController do
7
+ include CustomControllersRoutes
8
+
5
9
  before do
6
10
  @redirect_url = Faker::Internet.url
7
- @new_user = users(:unconfirmed_email_user)
11
+ @new_user = create(:user)
8
12
  @new_user.send_confirmation_instructions(redirect_url: @redirect_url)
9
13
  @mail = ActionMailer::Base.deliveries.last
10
14
  @token = @mail.body.match(/confirmation_token=([^&]*)&/)[1]
@@ -1,7 +1,11 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'test_helper'
2
4
 
3
5
  class Custom::OmniauthCallbacksControllerTest < ActionDispatch::IntegrationTest
4
6
  describe Custom::OmniauthCallbacksController do
7
+ include CustomControllersRoutes
8
+
5
9
  setup do
6
10
  OmniAuth.config.test_mode = true
7
11
  OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new(
@@ -1,9 +1,13 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'test_helper'
2
4
 
3
5
  class Custom::PasswordsControllerTest < ActionController::TestCase
4
6
  describe Custom::PasswordsController do
7
+ include CustomControllersRoutes
8
+
5
9
  before do
6
- @resource = users(:confirmed_email_user)
10
+ @resource = create(:user, :confirmed)
7
11
  @redirect_url = 'http://ng-token-auth.dev'
8
12
  end
9
13
 
@@ -24,7 +28,7 @@ class Custom::PasswordsControllerTest < ActionController::TestCase
24
28
  end
25
29
 
26
30
  test 'yield resource to block on edit success' do
27
- @resource = users(:unconfirmed_email_user)
31
+ @resource = create(:user)
28
32
  @redirect_url = 'http://ng-token-auth.dev'
29
33
 
30
34
  post :create,
@@ -1,17 +1,17 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'test_helper'
2
4
 
3
5
  class Custom::RegistrationsControllerTest < ActionDispatch::IntegrationTest
4
6
  describe Custom::RegistrationsController do
5
- setup do
6
- @create_params = {
7
- email: Faker::Internet.email,
8
- password: 'secret123',
9
- password_confirmation: 'secret123',
7
+ include CustomControllersRoutes
8
+
9
+ before do
10
+ @create_params = attributes_for(:user,
10
11
  confirm_success_url: Faker::Internet.url,
11
- unpermitted_param: '(x_x)'
12
- }
12
+ unpermitted_param: '(x_x)')
13
13
 
14
- @existing_user = nice_users(:confirmed_email_user)
14
+ @existing_user = create(:user, :confirmed)
15
15
  @auth_headers = @existing_user.create_new_auth_token
16
16
  @client_id = @auth_headers['client']
17
17
 
@@ -50,5 +50,14 @@ class Custom::RegistrationsControllerTest < ActionDispatch::IntegrationTest
50
50
  assert @controller.destroy_block_called?,
51
51
  'destroy failed to yield resource to provided block'
52
52
  end
53
+
54
+ describe 'when overriding #build_resource' do
55
+ test 'it fails' do
56
+ Custom::RegistrationsController.any_instance.stubs(:build_resource).returns(nil)
57
+ assert_raises DeviseTokenAuth::Errors::NoResourceDefinedError do
58
+ post '/nice_user_auth', params: @create_params
59
+ end
60
+ end
61
+ end
53
62
  end
54
63
  end
@@ -1,18 +1,20 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'test_helper'
2
4
 
3
5
  class Custom::SessionsControllerTest < ActionController::TestCase
4
6
  describe Custom::SessionsController do
7
+ include CustomControllersRoutes
8
+
5
9
  before do
6
- @existing_user = users(:confirmed_email_user)
7
- @existing_user.skip_confirmation!
8
- @existing_user.save!
10
+ @existing_user = create(:user, :confirmed)
9
11
  end
10
12
 
11
13
  test 'yield resource to block on create success' do
12
14
  post :create,
13
15
  params: {
14
16
  email: @existing_user.email,
15
- password: 'secret123'
17
+ password: @existing_user.password
16
18
  }
17
19
  assert @controller.create_block_called?,
18
20
  'create failed to yield resource to provided block'
@@ -29,7 +31,7 @@ class Custom::SessionsControllerTest < ActionController::TestCase
29
31
  test 'render method override' do
30
32
  post :create,
31
33
  params: { email: @existing_user.email,
32
- password: 'secret123' }
34
+ password: @existing_user.password }
33
35
  @data = JSON.parse(response.body)
34
36
  assert_equal @data['custom'], 'foo'
35
37
  end
@@ -1,11 +1,13 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'test_helper'
2
4
 
3
5
  class Custom::TokenValidationsControllerTest < ActionDispatch::IntegrationTest
4
6
  describe Custom::TokenValidationsController do
7
+ include CustomControllersRoutes
8
+
5
9
  before do
6
- @resource = nice_users(:confirmed_email_user)
7
- @resource.skip_confirmation!
8
- @resource.save!
10
+ @resource = create(:user, :confirmed)
9
11
 
10
12
  @auth_headers = @resource.create_new_auth_token
11
13
 
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'test_helper'
2
4
 
3
5
  # was the web request successful?
@@ -11,9 +13,7 @@ class DemoGroupControllerTest < ActionDispatch::IntegrationTest
11
13
  describe 'Token access' do
12
14
  before do
13
15
  # user
14
- @resource = users(:confirmed_email_user)
15
- @resource.skip_confirmation!
16
- @resource.save!
16
+ @resource = create(:user, :confirmed)
17
17
 
18
18
  @resource_auth_headers = @resource.create_new_auth_token
19
19
 
@@ -22,9 +22,7 @@ class DemoGroupControllerTest < ActionDispatch::IntegrationTest
22
22
  @resource_expiry = @resource_auth_headers['expiry']
23
23
 
24
24
  # mang
25
- @mang = mangs(:confirmed_email_user)
26
- @mang.skip_confirmation!
27
- @mang.save!
25
+ @mang = create(:mang_user, :confirmed)
28
26
 
29
27
  @mang_auth_headers = @mang.create_new_auth_token
30
28
 
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'test_helper'
2
4
 
3
5
  # was the web request successful?
@@ -10,9 +12,7 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
10
12
  describe DemoMangController do
11
13
  describe 'Token access' do
12
14
  before do
13
- @resource = mangs(:confirmed_email_user)
14
- @resource.skip_confirmation!
15
- @resource.save!
15
+ @resource = create(:mang_user, :confirmed)
16
16
 
17
17
  @auth_headers = @resource.create_new_auth_token
18
18
 
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'test_helper'
2
4
 
3
5
  # was the web request successful?
@@ -11,9 +13,7 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
11
13
  describe DemoUserController do
12
14
  describe 'Token access' do
13
15
  before do
14
- @resource = users(:confirmed_email_user)
15
- @resource.skip_confirmation!
16
- @resource.save!
16
+ @resource = create(:user, :confirmed)
17
17
 
18
18
  @auth_headers = @resource.create_new_auth_token
19
19
 
@@ -321,8 +321,8 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
321
321
  assert @resource.tokens.count > 1
322
322
 
323
323
  # password changed from new device
324
- @resource.update_attributes(password: 'newsecret123',
325
- password_confirmation: 'newsecret123')
324
+ @resource.update(password: 'newsecret123',
325
+ password_confirmation: 'newsecret123')
326
326
 
327
327
  get '/demo/members_only',
328
328
  params: {},
@@ -407,12 +407,55 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
407
407
  DeviseTokenAuth.headers_names[:'access-token'] = 'access-token'
408
408
  end
409
409
  end
410
+
411
+ describe 'maximum concurrent devices per user' do
412
+ before do
413
+ # Set the max_number_of_devices to a lower number
414
+ # to expedite tests! (Default is 10)
415
+ DeviseTokenAuth.max_number_of_devices = 5
416
+ end
417
+
418
+ it 'should limit the maximum number of concurrent devices' do
419
+ # increment the number of devices until the maximum is exceeded
420
+ 1.upto(DeviseTokenAuth.max_number_of_devices + 1).each do |n|
421
+
422
+ assert_equal(
423
+ [n, DeviseTokenAuth.max_number_of_devices].min,
424
+ @resource.reload.tokens.length
425
+ )
426
+
427
+ # Add a new device (and token) ahead of the next iteration
428
+ @resource.create_new_auth_token
429
+
430
+ end
431
+ end
432
+
433
+ it 'should drop the oldest token when the maximum number of devices is exceeded' do
434
+ # create the maximum number of tokens
435
+ 1.upto(DeviseTokenAuth.max_number_of_devices).each do
436
+ @resource.create_new_auth_token
437
+ end
438
+
439
+ # get the oldest token client_id
440
+ oldest_client_id, = @resource.reload.tokens.min_by do |cid, v|
441
+ v[:expiry] || v['expiry']
442
+ end # => [ 'CLIENT_ID', {token: ...} ]
443
+
444
+ # create another token, thereby dropping the oldest token
445
+ @resource.create_new_auth_token
446
+
447
+ assert_not_includes @resource.reload.tokens.keys, oldest_client_id
448
+ end
449
+
450
+ after do
451
+ DeviseTokenAuth.max_number_of_devices = 10
452
+ end
453
+ end
410
454
  end
411
455
 
412
456
  describe 'bypass_sign_in' do
413
457
  before do
414
- @resource = users(:unconfirmed_email_user)
415
- @resource.save!
458
+ @resource = create(:user)
416
459
 
417
460
  @auth_headers = @resource.create_new_auth_token
418
461
 
@@ -467,16 +510,14 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
467
510
 
468
511
  describe 'enable_standard_devise_support' do
469
512
  before do
470
- @resource = users(:confirmed_email_user)
513
+ @resource = create(:user, :confirmed)
471
514
  @auth_headers = @resource.create_new_auth_token
472
515
  DeviseTokenAuth.enable_standard_devise_support = true
473
516
  end
474
517
 
475
518
  describe 'Existing Warden authentication' do
476
519
  before do
477
- @resource = users(:second_confirmed_email_user)
478
- @resource.skip_confirmation!
479
- @resource.save!
520
+ @resource = create(:user, :confirmed)
480
521
  login_as(@resource, scope: :user)
481
522
 
482
523
  # no auth headers sent, testing that warden authenticates correctly.
@@ -503,17 +544,6 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
503
544
  refute_equal @resource, @controller.current_mang
504
545
  end
505
546
 
506
- it 'should increase the number of tokens by a factor of 2 up to 11' do
507
- @first_token = @resource.tokens.keys.first
508
-
509
- DeviseTokenAuth.max_number_of_devices = 11
510
- (1..10).each do |n|
511
- assert_equal [11, 2 * n].min, @resource.reload.tokens.keys.length
512
- get '/demo/members_only', params: {}, headers: nil
513
- end
514
-
515
- assert_not_includes @resource.reload.tokens.keys, @first_token
516
- end
517
547
  end
518
548
 
519
549
  it 'should return success status' do
@@ -539,9 +569,7 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
539
569
 
540
570
  describe 'existing Warden authentication with ignored token data' do
541
571
  before do
542
- @resource = users(:second_confirmed_email_user)
543
- @resource.skip_confirmation!
544
- @resource.save!
572
+ @resource = create(:user, :confirmed)
545
573
  login_as(@resource, scope: :user)
546
574
 
547
575
  get '/demo/members_only',
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'test_helper'
2
4
 
3
5
  # was the web request successful?
@@ -17,10 +19,11 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
17
19
  describe 'Confirmation' do
18
20
  before do
19
21
  @redirect_url = Faker::Internet.url
20
- @new_user = users(:unconfirmed_email_user)
22
+ @new_user = create(:user)
21
23
  @new_user.send_confirmation_instructions(redirect_url: @redirect_url)
22
24
  mail = ActionMailer::Base.deliveries.last
23
25
  @token, @client_config = token_and_client_config_from(mail.body)
26
+ @token_params = %w[access-token client client_id config expiry token uid]
24
27
  end
25
28
 
26
29
  test 'should generate raw token' do
@@ -36,35 +39,154 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
36
39
  end
37
40
 
38
41
  describe 'success' do
39
- before do
40
- get :show,
41
- params: { confirmation_token: @token,
42
- redirect_url: @redirect_url },
43
- xhr: true
44
- @resource = assigns(:resource)
45
- end
42
+ describe 'when authenticated' do
43
+ before do
44
+ sign_in(@new_user)
45
+ get :show,
46
+ params: { confirmation_token: @token,
47
+ redirect_url: @redirect_url },
48
+ xhr: true
49
+ @resource = assigns(:resource)
50
+ end
46
51
 
47
- test 'user should now be confirmed' do
48
- assert @resource.confirmed?
49
- end
52
+ test 'user should now be confirmed' do
53
+ assert @resource.confirmed?
54
+ end
50
55
 
51
- test 'should redirect to success url' do
52
- assert_redirected_to(/^#{@redirect_url}/)
53
- end
56
+ test 'should save the authentication token' do
57
+ assert @resource.reload.tokens.present?
58
+ end
54
59
 
55
- test 'the sign_in_count should be 1' do
56
- assert @resource.sign_in_count == 1
60
+ test 'should redirect to success url' do
61
+ assert_redirected_to(/^#{@redirect_url}/)
62
+ end
63
+
64
+ test 'redirect url includes token params' do
65
+ assert @token_params.all? { |param| response.body.include?(param) }
66
+ assert response.body.include?('account_confirmation_success')
67
+ end
57
68
  end
58
- test 'User shoud have the signed in info filled' do
59
- assert @resource.current_sign_in_at?
69
+
70
+ describe 'when unauthenticated' do
71
+ before do
72
+ sign_out(@new_user)
73
+ get :show,
74
+ params: { confirmation_token: @token,
75
+ redirect_url: @redirect_url },
76
+ xhr: true
77
+ @resource = assigns(:resource)
78
+ end
79
+
80
+ test 'user should now be confirmed' do
81
+ assert @resource.confirmed?
82
+ end
83
+
84
+ test 'should redirect to success url' do
85
+ assert_redirected_to(/^#{@redirect_url}/)
86
+ end
87
+
88
+ test 'redirect url does not include token params' do
89
+ refute @token_params.any? { |param| response.body.include?(param) }
90
+ assert response.body.include?('account_confirmation_success')
91
+ end
60
92
  end
61
- test 'User shoud have the Last checkin filled' do
62
- assert @resource.last_sign_in_at?
93
+
94
+ describe 'resend confirmation' do
95
+ describe 'without paranoid mode' do
96
+
97
+ describe 'on success' do
98
+ before do
99
+ post :create,
100
+ params: { email: @new_user.email,
101
+ redirect_url: @redirect_url },
102
+ xhr: true
103
+ @resource = assigns(:resource)
104
+ @data = JSON.parse(response.body)
105
+ @mail = ActionMailer::Base.deliveries.last
106
+ @token, @client_config = token_and_client_config_from(@mail.body)
107
+ end
108
+
109
+ test 'user should not be confirmed' do
110
+ assert_nil @resource.confirmed_at
111
+ end
112
+
113
+ test 'should generate raw token' do
114
+ assert @token
115
+ assert_equal @new_user.confirmation_token, @token
116
+ end
117
+
118
+ test 'user should receive confirmation email' do
119
+ assert_equal @resource.email, @mail['to'].to_s
120
+ end
121
+
122
+ test 'response should contain message' do
123
+ assert_equal @data['message'], I18n.t('devise_token_auth.confirmations.sended', email: @resource.email)
124
+ end
125
+ end
126
+
127
+ describe 'on failure' do
128
+ before do
129
+ post :create,
130
+ params: { email: 'chester@cheet.ah',
131
+ redirect_url: @redirect_url },
132
+ xhr: true
133
+ @data = JSON.parse(response.body)
134
+ end
135
+
136
+ test 'response should contain errors' do
137
+ assert_equal @data['errors'], [I18n.t('devise_token_auth.confirmations.user_not_found', email: 'chester@cheet.ah')]
138
+ end
139
+ end
140
+ end
63
141
  end
64
-
65
- test 'user already confirmed' do
66
- assert @resource.sign_in_count > 0 do
67
- assert expiry == (Time.now + Time.now + 1.second).to_i
142
+
143
+ describe 'with paranoid mode' do
144
+ describe 'on success' do
145
+ before do
146
+ swap Devise, paranoid: true do
147
+ post :create,
148
+ params: { email: @new_user.email,
149
+ redirect_url: @redirect_url },
150
+ xhr: true
151
+ @resource = assigns(:resource)
152
+ @data = JSON.parse(response.body)
153
+ @mail = ActionMailer::Base.deliveries.last
154
+ @token, @client_config = token_and_client_config_from(@mail.body)
155
+ end
156
+ end
157
+
158
+ test 'user should not be confirmed' do
159
+ assert_nil @resource.confirmed_at
160
+ end
161
+
162
+ test 'should generate raw token' do
163
+ assert @token
164
+ assert_equal @new_user.confirmation_token, @token
165
+ end
166
+
167
+ test 'user should receive confirmation email' do
168
+ assert_equal @resource.email, @mail['to'].to_s
169
+ end
170
+
171
+ test 'response should contain message' do
172
+ assert_equal @data['message'], I18n.t('devise_token_auth.confirmations.sended_paranoid', email: @resource.email)
173
+ end
174
+ end
175
+
176
+ describe 'on failure' do
177
+ before do
178
+ swap Devise, paranoid: true do
179
+ post :create,
180
+ params: { email: 'chester@cheet.ah',
181
+ redirect_url: @redirect_url },
182
+ xhr: true
183
+ @data = JSON.parse(response.body)
184
+ end
185
+ end
186
+
187
+ test 'response should contain errors' do
188
+ assert_equal @data['errors'], [I18n.t('devise_token_auth.confirmations.sended_paranoid')]
189
+ end
68
190
  end
69
191
  end
70
192
  end
@@ -77,6 +199,18 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
77
199
  @resource = assigns(:resource)
78
200
  refute @resource.confirmed?
79
201
  end
202
+
203
+ test 'request resend confirmation without email' do
204
+ post :create, params: { email: nil }, xhr: true
205
+
206
+ assert_equal 401, response.status
207
+ end
208
+
209
+ test 'user should not be found on resend confirmation request' do
210
+ post :create, params: { email: 'bogus' }, xhr: true
211
+
212
+ assert_equal 404, response.status
213
+ end
80
214
  end
81
215
  end
82
216
 
@@ -92,7 +226,7 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
92
226
 
93
227
  before do
94
228
  @config_name = 'altUser'
95
- @new_user = mangs(:unconfirmed_email_user)
229
+ @new_user = create(:mang_user)
96
230
 
97
231
  @new_user.send_confirmation_instructions(client_config: @config_name)
98
232