devise_token_auth 0.1.43 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/README.md +42 -895
- data/Rakefile +11 -4
- data/app/controllers/devise_token_auth/application_controller.rb +19 -8
- data/app/controllers/devise_token_auth/concerns/resource_finder.rb +26 -12
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +106 -85
- data/app/controllers/devise_token_auth/confirmations_controller.rb +73 -17
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +95 -51
- data/app/controllers/devise_token_auth/passwords_controller.rb +65 -57
- data/app/controllers/devise_token_auth/registrations_controller.rb +61 -61
- data/app/controllers/devise_token_auth/sessions_controller.rb +22 -18
- data/app/controllers/devise_token_auth/token_validations_controller.rb +5 -3
- data/app/controllers/devise_token_auth/unlocks_controller.rb +20 -16
- data/app/models/devise_token_auth/concerns/active_record_support.rb +14 -0
- data/app/models/devise_token_auth/concerns/confirmable_support.rb +28 -0
- data/app/models/devise_token_auth/concerns/mongoid_support.rb +19 -0
- data/app/models/devise_token_auth/concerns/tokens_serialization.rb +31 -0
- data/app/models/devise_token_auth/concerns/user.rb +92 -100
- data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +8 -3
- data/app/validators/{email_validator.rb → devise_token_auth_email_validator.rb} +5 -3
- data/app/views/devise_token_auth/omniauth_external_window.html.erb +1 -1
- data/config/locales/da-DK.yml +11 -9
- data/config/locales/de.yml +2 -0
- data/config/locales/en.yml +10 -0
- data/config/locales/es.yml +2 -0
- data/config/locales/fr.yml +2 -0
- data/config/locales/he.yml +52 -0
- data/config/locales/it.yml +2 -0
- data/config/locales/ja.yml +4 -2
- data/config/locales/ko.yml +51 -0
- data/config/locales/nl.yml +2 -0
- data/config/locales/pl.yml +6 -3
- data/config/locales/pt-BR.yml +2 -0
- data/config/locales/pt.yml +6 -3
- data/config/locales/ro.yml +2 -0
- data/config/locales/ru.yml +2 -0
- data/config/locales/sq.yml +2 -0
- data/config/locales/sv.yml +52 -0
- data/config/locales/uk.yml +2 -0
- data/config/locales/vi.yml +2 -0
- data/config/locales/zh-CN.yml +2 -0
- data/config/locales/zh-HK.yml +2 -0
- data/config/locales/zh-TW.yml +2 -0
- data/lib/devise_token_auth/blacklist.rb +6 -0
- data/lib/devise_token_auth/controllers/helpers.rb +21 -13
- data/lib/devise_token_auth/controllers/url_helpers.rb +2 -0
- data/lib/devise_token_auth/engine.rb +26 -14
- data/lib/devise_token_auth/errors.rb +8 -0
- data/lib/devise_token_auth/rails/routes.rb +37 -30
- data/lib/devise_token_auth/token_factory.rb +126 -0
- data/lib/devise_token_auth/url.rb +11 -4
- data/lib/devise_token_auth/version.rb +3 -1
- data/lib/devise_token_auth.rb +11 -5
- data/lib/generators/devise_token_auth/USAGE +2 -2
- data/lib/generators/devise_token_auth/install_generator.rb +36 -105
- data/lib/generators/devise_token_auth/install_generator_helpers.rb +98 -0
- data/lib/generators/devise_token_auth/install_mongoid_generator.rb +46 -0
- data/lib/generators/devise_token_auth/install_views_generator.rb +7 -5
- data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +12 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +8 -14
- data/lib/generators/devise_token_auth/templates/user.rb.erb +9 -0
- data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +56 -0
- data/lib/tasks/devise_token_auth_tasks.rake +2 -0
- data/test/controllers/custom/custom_confirmations_controller_test.rb +5 -1
- data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +4 -0
- data/test/controllers/custom/custom_passwords_controller_test.rb +6 -2
- data/test/controllers/custom/custom_registrations_controller_test.rb +17 -8
- data/test/controllers/custom/custom_sessions_controller_test.rb +7 -5
- data/test/controllers/custom/custom_token_validations_controller_test.rb +5 -3
- data/test/controllers/demo_group_controller_test.rb +4 -6
- data/test/controllers/demo_mang_controller_test.rb +3 -3
- data/test/controllers/demo_user_controller_test.rb +53 -25
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +159 -25
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +117 -47
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +309 -126
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +65 -23
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +93 -61
- data/test/controllers/devise_token_auth/token_validations_controller_test.rb +18 -6
- data/test/controllers/devise_token_auth/unlocks_controller_test.rb +24 -5
- data/test/controllers/overrides/confirmations_controller_test.rb +6 -2
- data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +5 -1
- data/test/controllers/overrides/passwords_controller_test.rb +27 -29
- data/test/controllers/overrides/registrations_controller_test.rb +33 -27
- data/test/controllers/overrides/sessions_controller_test.rb +6 -4
- data/test/controllers/overrides/token_validations_controller_test.rb +5 -3
- data/test/dummy/app/active_record/confirmable_user.rb +11 -0
- data/test/dummy/app/{models → active_record}/lockable_user.rb +2 -0
- data/test/dummy/app/{models → active_record}/mang.rb +2 -0
- data/test/dummy/app/{models → active_record}/only_email_user.rb +2 -0
- data/test/dummy/app/{models → active_record}/scoped_user.rb +4 -2
- data/test/dummy/app/{models → active_record}/unconfirmable_user.rb +3 -2
- data/test/dummy/app/active_record/unregisterable_user.rb +9 -0
- data/test/dummy/app/active_record/user.rb +6 -0
- data/test/dummy/app/controllers/application_controller.rb +2 -0
- data/test/dummy/app/controllers/auth_origin_controller.rb +2 -0
- data/test/dummy/app/controllers/custom/confirmations_controller.rb +2 -2
- data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb +2 -0
- data/test/dummy/app/controllers/custom/passwords_controller.rb +3 -4
- data/test/dummy/app/controllers/custom/registrations_controller.rb +3 -3
- data/test/dummy/app/controllers/custom/sessions_controller.rb +3 -3
- data/test/dummy/app/controllers/custom/token_validations_controller.rb +3 -3
- data/test/dummy/app/controllers/demo_group_controller.rb +2 -0
- data/test/dummy/app/controllers/demo_mang_controller.rb +2 -0
- data/test/dummy/app/controllers/demo_user_controller.rb +2 -0
- data/test/dummy/app/controllers/overrides/confirmations_controller.rb +8 -6
- data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +5 -3
- data/test/dummy/app/controllers/overrides/passwords_controller.rb +10 -8
- data/test/dummy/app/controllers/overrides/registrations_controller.rb +5 -3
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +12 -12
- data/test/dummy/app/controllers/overrides/token_validations_controller.rb +5 -5
- data/test/dummy/app/helpers/application_helper.rb +1029 -1036
- data/test/dummy/app/models/{user.rb → concerns/favorite_color.rb} +8 -7
- data/test/dummy/app/mongoid/confirmable_user.rb +52 -0
- data/test/dummy/app/mongoid/lockable_user.rb +38 -0
- data/test/dummy/app/mongoid/mang.rb +46 -0
- data/test/dummy/app/mongoid/only_email_user.rb +33 -0
- data/test/dummy/app/mongoid/scoped_user.rb +50 -0
- data/test/dummy/app/mongoid/unconfirmable_user.rb +44 -0
- data/test/dummy/app/mongoid/unregisterable_user.rb +47 -0
- data/test/dummy/app/mongoid/user.rb +49 -0
- data/test/dummy/app/views/layouts/application.html.erb +0 -2
- data/test/dummy/config/application.rb +26 -3
- data/test/dummy/config/boot.rb +8 -2
- data/test/dummy/config/environment.rb +3 -1
- data/test/dummy/config/environments/development.rb +5 -13
- data/test/dummy/config/environments/production.rb +2 -16
- data/test/dummy/config/environments/test.rb +3 -1
- data/test/dummy/config/initializers/backtrace_silencers.rb +2 -0
- data/test/dummy/config/initializers/cookies_serializer.rb +3 -1
- data/test/dummy/config/initializers/devise.rb +287 -0
- data/test/dummy/config/initializers/devise_token_auth.rb +37 -4
- data/test/dummy/config/initializers/figaro.rb +3 -1
- data/test/dummy/config/initializers/filter_parameter_logging.rb +2 -0
- data/test/dummy/config/initializers/inflections.rb +2 -0
- data/test/dummy/config/initializers/mime_types.rb +2 -0
- data/test/dummy/config/initializers/omniauth.rb +5 -2
- data/test/dummy/config/initializers/session_store.rb +2 -0
- data/test/dummy/config/initializers/wrap_parameters.rb +2 -0
- data/test/dummy/config/routes.rb +14 -29
- data/test/dummy/config/spring.rb +2 -0
- data/test/dummy/config.ru +5 -3
- data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +9 -14
- data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +8 -13
- data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +2 -0
- data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +2 -0
- data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +6 -11
- data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +8 -13
- data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +8 -13
- data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +8 -13
- data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +8 -13
- data/test/dummy/{tmp/generators/db/migrate/20171014052631_devise_token_auth_create_users.rb → db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb} +8 -14
- data/test/dummy/db/schema.rb +11 -71
- data/test/dummy/lib/migration_database_helper.rb +15 -1
- data/test/dummy/tmp/generators/app/controllers/application_controller.rb +6 -0
- data/test/dummy/tmp/generators/app/models/azpire/v1/human_resource/user.rb +56 -0
- data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +12 -0
- data/test/factories/users.rb +41 -0
- data/test/lib/devise_token_auth/blacklist_test.rb +19 -0
- data/test/lib/devise_token_auth/rails/custom_routes_test.rb +29 -0
- data/test/lib/devise_token_auth/rails/routes_test.rb +87 -0
- data/test/lib/devise_token_auth/token_factory_test.rb +191 -0
- data/test/lib/devise_token_auth/url_test.rb +9 -7
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +67 -37
- data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +222 -0
- data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +3 -1
- data/test/models/concerns/mongoid_support_test.rb +31 -0
- data/test/models/concerns/tokens_serialization_test.rb +104 -0
- data/test/models/confirmable_user_test.rb +35 -0
- data/test/models/only_email_user_test.rb +2 -8
- data/test/models/user_test.rb +18 -79
- data/test/support/controllers/routes.rb +43 -0
- data/test/test_helper.rb +83 -26
- metadata +153 -44
- data/config/initializers/devise.rb +0 -196
- data/lib/generators/devise_token_auth/templates/user.rb +0 -7
- data/test/dummy/app/models/evil_user.rb +0 -3
- data/test/dummy/app/models/nice_user.rb +0 -7
- data/test/dummy/app/models/unregisterable_user.rb +0 -7
- data/test/dummy/config/initializers/assets.rb +0 -8
- data/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb +0 -64
- data/test/dummy/db/migrate/20150409095712_devise_token_auth_create_nice_users.rb +0 -61
- data/test/dummy/tmp/generators/app/models/user.rb +0 -11
- data/test/integration/navigation_test.rb +0 -10
@@ -0,0 +1,56 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
class <%= user_class %>
|
4
|
+
include Mongoid::Document
|
5
|
+
include Mongoid::Timestamps
|
6
|
+
include Mongoid::Locker
|
7
|
+
|
8
|
+
field :locker_locked_at, type: Time
|
9
|
+
field :locker_locked_until, type: Time
|
10
|
+
|
11
|
+
locker locked_at_field: :locker_locked_at,
|
12
|
+
locked_until_field: :locker_locked_until
|
13
|
+
|
14
|
+
## Database authenticatable
|
15
|
+
field :email, type: String, default: ''
|
16
|
+
field :encrypted_password, type: String, default: ''
|
17
|
+
|
18
|
+
## Recoverable
|
19
|
+
field :reset_password_token, type: String
|
20
|
+
field :reset_password_sent_at, type: Time
|
21
|
+
field :reset_password_redirect_url, type: String
|
22
|
+
field :allow_password_change, type: Boolean, default: false
|
23
|
+
|
24
|
+
## Rememberable
|
25
|
+
field :remember_created_at, type: Time
|
26
|
+
|
27
|
+
## Confirmable
|
28
|
+
field :confirmation_token, type: String
|
29
|
+
field :confirmed_at, type: Time
|
30
|
+
field :confirmation_sent_at, type: Time
|
31
|
+
field :unconfirmed_email, type: String # Only if using reconfirmable
|
32
|
+
|
33
|
+
## Lockable
|
34
|
+
# field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts
|
35
|
+
# field :unlock_token, type: String # Only if unlock strategy is :email or :both
|
36
|
+
# field :locked_at, type: Time
|
37
|
+
|
38
|
+
## Required
|
39
|
+
field :provider, type: String
|
40
|
+
field :uid, type: String, default: ''
|
41
|
+
|
42
|
+
## Tokens
|
43
|
+
field :tokens, type: Hash, default: {}
|
44
|
+
|
45
|
+
# Include default devise modules. Others available are:
|
46
|
+
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
|
47
|
+
devise :database_authenticatable, :registerable,
|
48
|
+
:recoverable, :rememberable, :validatable
|
49
|
+
include DeviseTokenAuth::Concerns::User
|
50
|
+
|
51
|
+
index({ email: 1 }, { name: 'email_index', unique: true, background: true })
|
52
|
+
index({ reset_password_token: 1 }, { name: 'reset_password_token_index', unique: true, sparse: true, background: true })
|
53
|
+
index({ confirmation_token: 1 }, { name: 'confirmation_token_index', unique: true, sparse: true, background: true })
|
54
|
+
index({ uid: 1, provider: 1}, { name: 'uid_provider_index', unique: true, background: true })
|
55
|
+
# index({ unlock_token: 1 }, { name: 'unlock_token_index', unique: true, sparse: true, background: true })
|
56
|
+
end
|
@@ -1,10 +1,14 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
class Custom::ConfirmationsControllerTest < ActionController::TestCase
|
4
6
|
describe Custom::ConfirmationsController do
|
7
|
+
include CustomControllersRoutes
|
8
|
+
|
5
9
|
before do
|
6
10
|
@redirect_url = Faker::Internet.url
|
7
|
-
@new_user =
|
11
|
+
@new_user = create(:user)
|
8
12
|
@new_user.send_confirmation_instructions(redirect_url: @redirect_url)
|
9
13
|
@mail = ActionMailer::Base.deliveries.last
|
10
14
|
@token = @mail.body.match(/confirmation_token=([^&]*)&/)[1]
|
@@ -1,7 +1,11 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
class Custom::OmniauthCallbacksControllerTest < ActionDispatch::IntegrationTest
|
4
6
|
describe Custom::OmniauthCallbacksController do
|
7
|
+
include CustomControllersRoutes
|
8
|
+
|
5
9
|
setup do
|
6
10
|
OmniAuth.config.test_mode = true
|
7
11
|
OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new(
|
@@ -1,9 +1,13 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
class Custom::PasswordsControllerTest < ActionController::TestCase
|
4
6
|
describe Custom::PasswordsController do
|
7
|
+
include CustomControllersRoutes
|
8
|
+
|
5
9
|
before do
|
6
|
-
@resource =
|
10
|
+
@resource = create(:user, :confirmed)
|
7
11
|
@redirect_url = 'http://ng-token-auth.dev'
|
8
12
|
end
|
9
13
|
|
@@ -24,7 +28,7 @@ class Custom::PasswordsControllerTest < ActionController::TestCase
|
|
24
28
|
end
|
25
29
|
|
26
30
|
test 'yield resource to block on edit success' do
|
27
|
-
@resource =
|
31
|
+
@resource = create(:user)
|
28
32
|
@redirect_url = 'http://ng-token-auth.dev'
|
29
33
|
|
30
34
|
post :create,
|
@@ -1,17 +1,17 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
class Custom::RegistrationsControllerTest < ActionDispatch::IntegrationTest
|
4
6
|
describe Custom::RegistrationsController do
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
password_confirmation: 'secret123',
|
7
|
+
include CustomControllersRoutes
|
8
|
+
|
9
|
+
before do
|
10
|
+
@create_params = attributes_for(:user,
|
10
11
|
confirm_success_url: Faker::Internet.url,
|
11
|
-
unpermitted_param: '(x_x)'
|
12
|
-
}
|
12
|
+
unpermitted_param: '(x_x)')
|
13
13
|
|
14
|
-
@existing_user =
|
14
|
+
@existing_user = create(:user, :confirmed)
|
15
15
|
@auth_headers = @existing_user.create_new_auth_token
|
16
16
|
@client_id = @auth_headers['client']
|
17
17
|
|
@@ -50,5 +50,14 @@ class Custom::RegistrationsControllerTest < ActionDispatch::IntegrationTest
|
|
50
50
|
assert @controller.destroy_block_called?,
|
51
51
|
'destroy failed to yield resource to provided block'
|
52
52
|
end
|
53
|
+
|
54
|
+
describe 'when overriding #build_resource' do
|
55
|
+
test 'it fails' do
|
56
|
+
Custom::RegistrationsController.any_instance.stubs(:build_resource).returns(nil)
|
57
|
+
assert_raises DeviseTokenAuth::Errors::NoResourceDefinedError do
|
58
|
+
post '/nice_user_auth', params: @create_params
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
53
62
|
end
|
54
63
|
end
|
@@ -1,18 +1,20 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
class Custom::SessionsControllerTest < ActionController::TestCase
|
4
6
|
describe Custom::SessionsController do
|
7
|
+
include CustomControllersRoutes
|
8
|
+
|
5
9
|
before do
|
6
|
-
@existing_user =
|
7
|
-
@existing_user.skip_confirmation!
|
8
|
-
@existing_user.save!
|
10
|
+
@existing_user = create(:user, :confirmed)
|
9
11
|
end
|
10
12
|
|
11
13
|
test 'yield resource to block on create success' do
|
12
14
|
post :create,
|
13
15
|
params: {
|
14
16
|
email: @existing_user.email,
|
15
|
-
password:
|
17
|
+
password: @existing_user.password
|
16
18
|
}
|
17
19
|
assert @controller.create_block_called?,
|
18
20
|
'create failed to yield resource to provided block'
|
@@ -29,7 +31,7 @@ class Custom::SessionsControllerTest < ActionController::TestCase
|
|
29
31
|
test 'render method override' do
|
30
32
|
post :create,
|
31
33
|
params: { email: @existing_user.email,
|
32
|
-
password:
|
34
|
+
password: @existing_user.password }
|
33
35
|
@data = JSON.parse(response.body)
|
34
36
|
assert_equal @data['custom'], 'foo'
|
35
37
|
end
|
@@ -1,11 +1,13 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
class Custom::TokenValidationsControllerTest < ActionDispatch::IntegrationTest
|
4
6
|
describe Custom::TokenValidationsController do
|
7
|
+
include CustomControllersRoutes
|
8
|
+
|
5
9
|
before do
|
6
|
-
@resource =
|
7
|
-
@resource.skip_confirmation!
|
8
|
-
@resource.save!
|
10
|
+
@resource = create(:user, :confirmed)
|
9
11
|
|
10
12
|
@auth_headers = @resource.create_new_auth_token
|
11
13
|
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
# was the web request successful?
|
@@ -11,9 +13,7 @@ class DemoGroupControllerTest < ActionDispatch::IntegrationTest
|
|
11
13
|
describe 'Token access' do
|
12
14
|
before do
|
13
15
|
# user
|
14
|
-
@resource =
|
15
|
-
@resource.skip_confirmation!
|
16
|
-
@resource.save!
|
16
|
+
@resource = create(:user, :confirmed)
|
17
17
|
|
18
18
|
@resource_auth_headers = @resource.create_new_auth_token
|
19
19
|
|
@@ -22,9 +22,7 @@ class DemoGroupControllerTest < ActionDispatch::IntegrationTest
|
|
22
22
|
@resource_expiry = @resource_auth_headers['expiry']
|
23
23
|
|
24
24
|
# mang
|
25
|
-
@mang =
|
26
|
-
@mang.skip_confirmation!
|
27
|
-
@mang.save!
|
25
|
+
@mang = create(:mang_user, :confirmed)
|
28
26
|
|
29
27
|
@mang_auth_headers = @mang.create_new_auth_token
|
30
28
|
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
# was the web request successful?
|
@@ -10,9 +12,7 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
|
|
10
12
|
describe DemoMangController do
|
11
13
|
describe 'Token access' do
|
12
14
|
before do
|
13
|
-
@resource =
|
14
|
-
@resource.skip_confirmation!
|
15
|
-
@resource.save!
|
15
|
+
@resource = create(:mang_user, :confirmed)
|
16
16
|
|
17
17
|
@auth_headers = @resource.create_new_auth_token
|
18
18
|
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
# was the web request successful?
|
@@ -11,9 +13,7 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
|
|
11
13
|
describe DemoUserController do
|
12
14
|
describe 'Token access' do
|
13
15
|
before do
|
14
|
-
@resource =
|
15
|
-
@resource.skip_confirmation!
|
16
|
-
@resource.save!
|
16
|
+
@resource = create(:user, :confirmed)
|
17
17
|
|
18
18
|
@auth_headers = @resource.create_new_auth_token
|
19
19
|
|
@@ -321,8 +321,8 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
|
|
321
321
|
assert @resource.tokens.count > 1
|
322
322
|
|
323
323
|
# password changed from new device
|
324
|
-
@resource.
|
325
|
-
|
324
|
+
@resource.update(password: 'newsecret123',
|
325
|
+
password_confirmation: 'newsecret123')
|
326
326
|
|
327
327
|
get '/demo/members_only',
|
328
328
|
params: {},
|
@@ -407,12 +407,55 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
|
|
407
407
|
DeviseTokenAuth.headers_names[:'access-token'] = 'access-token'
|
408
408
|
end
|
409
409
|
end
|
410
|
+
|
411
|
+
describe 'maximum concurrent devices per user' do
|
412
|
+
before do
|
413
|
+
# Set the max_number_of_devices to a lower number
|
414
|
+
# to expedite tests! (Default is 10)
|
415
|
+
DeviseTokenAuth.max_number_of_devices = 5
|
416
|
+
end
|
417
|
+
|
418
|
+
it 'should limit the maximum number of concurrent devices' do
|
419
|
+
# increment the number of devices until the maximum is exceeded
|
420
|
+
1.upto(DeviseTokenAuth.max_number_of_devices + 1).each do |n|
|
421
|
+
|
422
|
+
assert_equal(
|
423
|
+
[n, DeviseTokenAuth.max_number_of_devices].min,
|
424
|
+
@resource.reload.tokens.length
|
425
|
+
)
|
426
|
+
|
427
|
+
# Add a new device (and token) ahead of the next iteration
|
428
|
+
@resource.create_new_auth_token
|
429
|
+
|
430
|
+
end
|
431
|
+
end
|
432
|
+
|
433
|
+
it 'should drop the oldest token when the maximum number of devices is exceeded' do
|
434
|
+
# create the maximum number of tokens
|
435
|
+
1.upto(DeviseTokenAuth.max_number_of_devices).each do
|
436
|
+
@resource.create_new_auth_token
|
437
|
+
end
|
438
|
+
|
439
|
+
# get the oldest token client_id
|
440
|
+
oldest_client_id, = @resource.reload.tokens.min_by do |cid, v|
|
441
|
+
v[:expiry] || v['expiry']
|
442
|
+
end # => [ 'CLIENT_ID', {token: ...} ]
|
443
|
+
|
444
|
+
# create another token, thereby dropping the oldest token
|
445
|
+
@resource.create_new_auth_token
|
446
|
+
|
447
|
+
assert_not_includes @resource.reload.tokens.keys, oldest_client_id
|
448
|
+
end
|
449
|
+
|
450
|
+
after do
|
451
|
+
DeviseTokenAuth.max_number_of_devices = 10
|
452
|
+
end
|
453
|
+
end
|
410
454
|
end
|
411
455
|
|
412
456
|
describe 'bypass_sign_in' do
|
413
457
|
before do
|
414
|
-
@resource =
|
415
|
-
@resource.save!
|
458
|
+
@resource = create(:user)
|
416
459
|
|
417
460
|
@auth_headers = @resource.create_new_auth_token
|
418
461
|
|
@@ -467,16 +510,14 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
|
|
467
510
|
|
468
511
|
describe 'enable_standard_devise_support' do
|
469
512
|
before do
|
470
|
-
@resource =
|
513
|
+
@resource = create(:user, :confirmed)
|
471
514
|
@auth_headers = @resource.create_new_auth_token
|
472
515
|
DeviseTokenAuth.enable_standard_devise_support = true
|
473
516
|
end
|
474
517
|
|
475
518
|
describe 'Existing Warden authentication' do
|
476
519
|
before do
|
477
|
-
@resource =
|
478
|
-
@resource.skip_confirmation!
|
479
|
-
@resource.save!
|
520
|
+
@resource = create(:user, :confirmed)
|
480
521
|
login_as(@resource, scope: :user)
|
481
522
|
|
482
523
|
# no auth headers sent, testing that warden authenticates correctly.
|
@@ -503,17 +544,6 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
|
|
503
544
|
refute_equal @resource, @controller.current_mang
|
504
545
|
end
|
505
546
|
|
506
|
-
it 'should increase the number of tokens by a factor of 2 up to 11' do
|
507
|
-
@first_token = @resource.tokens.keys.first
|
508
|
-
|
509
|
-
DeviseTokenAuth.max_number_of_devices = 11
|
510
|
-
(1..10).each do |n|
|
511
|
-
assert_equal [11, 2 * n].min, @resource.reload.tokens.keys.length
|
512
|
-
get '/demo/members_only', params: {}, headers: nil
|
513
|
-
end
|
514
|
-
|
515
|
-
assert_not_includes @resource.reload.tokens.keys, @first_token
|
516
|
-
end
|
517
547
|
end
|
518
548
|
|
519
549
|
it 'should return success status' do
|
@@ -539,9 +569,7 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
|
|
539
569
|
|
540
570
|
describe 'existing Warden authentication with ignored token data' do
|
541
571
|
before do
|
542
|
-
@resource =
|
543
|
-
@resource.skip_confirmation!
|
544
|
-
@resource.save!
|
572
|
+
@resource = create(:user, :confirmed)
|
545
573
|
login_as(@resource, scope: :user)
|
546
574
|
|
547
575
|
get '/demo/members_only',
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'test_helper'
|
2
4
|
|
3
5
|
# was the web request successful?
|
@@ -17,10 +19,11 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
|
17
19
|
describe 'Confirmation' do
|
18
20
|
before do
|
19
21
|
@redirect_url = Faker::Internet.url
|
20
|
-
@new_user =
|
22
|
+
@new_user = create(:user)
|
21
23
|
@new_user.send_confirmation_instructions(redirect_url: @redirect_url)
|
22
24
|
mail = ActionMailer::Base.deliveries.last
|
23
25
|
@token, @client_config = token_and_client_config_from(mail.body)
|
26
|
+
@token_params = %w[access-token client client_id config expiry token uid]
|
24
27
|
end
|
25
28
|
|
26
29
|
test 'should generate raw token' do
|
@@ -36,35 +39,154 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
|
36
39
|
end
|
37
40
|
|
38
41
|
describe 'success' do
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
42
|
+
describe 'when authenticated' do
|
43
|
+
before do
|
44
|
+
sign_in(@new_user)
|
45
|
+
get :show,
|
46
|
+
params: { confirmation_token: @token,
|
47
|
+
redirect_url: @redirect_url },
|
48
|
+
xhr: true
|
49
|
+
@resource = assigns(:resource)
|
50
|
+
end
|
46
51
|
|
47
|
-
|
48
|
-
|
49
|
-
|
52
|
+
test 'user should now be confirmed' do
|
53
|
+
assert @resource.confirmed?
|
54
|
+
end
|
50
55
|
|
51
|
-
|
52
|
-
|
53
|
-
|
56
|
+
test 'should save the authentication token' do
|
57
|
+
assert @resource.reload.tokens.present?
|
58
|
+
end
|
54
59
|
|
55
|
-
|
56
|
-
|
60
|
+
test 'should redirect to success url' do
|
61
|
+
assert_redirected_to(/^#{@redirect_url}/)
|
62
|
+
end
|
63
|
+
|
64
|
+
test 'redirect url includes token params' do
|
65
|
+
assert @token_params.all? { |param| response.body.include?(param) }
|
66
|
+
assert response.body.include?('account_confirmation_success')
|
67
|
+
end
|
57
68
|
end
|
58
|
-
|
59
|
-
|
69
|
+
|
70
|
+
describe 'when unauthenticated' do
|
71
|
+
before do
|
72
|
+
sign_out(@new_user)
|
73
|
+
get :show,
|
74
|
+
params: { confirmation_token: @token,
|
75
|
+
redirect_url: @redirect_url },
|
76
|
+
xhr: true
|
77
|
+
@resource = assigns(:resource)
|
78
|
+
end
|
79
|
+
|
80
|
+
test 'user should now be confirmed' do
|
81
|
+
assert @resource.confirmed?
|
82
|
+
end
|
83
|
+
|
84
|
+
test 'should redirect to success url' do
|
85
|
+
assert_redirected_to(/^#{@redirect_url}/)
|
86
|
+
end
|
87
|
+
|
88
|
+
test 'redirect url does not include token params' do
|
89
|
+
refute @token_params.any? { |param| response.body.include?(param) }
|
90
|
+
assert response.body.include?('account_confirmation_success')
|
91
|
+
end
|
60
92
|
end
|
61
|
-
|
62
|
-
|
93
|
+
|
94
|
+
describe 'resend confirmation' do
|
95
|
+
describe 'without paranoid mode' do
|
96
|
+
|
97
|
+
describe 'on success' do
|
98
|
+
before do
|
99
|
+
post :create,
|
100
|
+
params: { email: @new_user.email,
|
101
|
+
redirect_url: @redirect_url },
|
102
|
+
xhr: true
|
103
|
+
@resource = assigns(:resource)
|
104
|
+
@data = JSON.parse(response.body)
|
105
|
+
@mail = ActionMailer::Base.deliveries.last
|
106
|
+
@token, @client_config = token_and_client_config_from(@mail.body)
|
107
|
+
end
|
108
|
+
|
109
|
+
test 'user should not be confirmed' do
|
110
|
+
assert_nil @resource.confirmed_at
|
111
|
+
end
|
112
|
+
|
113
|
+
test 'should generate raw token' do
|
114
|
+
assert @token
|
115
|
+
assert_equal @new_user.confirmation_token, @token
|
116
|
+
end
|
117
|
+
|
118
|
+
test 'user should receive confirmation email' do
|
119
|
+
assert_equal @resource.email, @mail['to'].to_s
|
120
|
+
end
|
121
|
+
|
122
|
+
test 'response should contain message' do
|
123
|
+
assert_equal @data['message'], I18n.t('devise_token_auth.confirmations.sended', email: @resource.email)
|
124
|
+
end
|
125
|
+
end
|
126
|
+
|
127
|
+
describe 'on failure' do
|
128
|
+
before do
|
129
|
+
post :create,
|
130
|
+
params: { email: 'chester@cheet.ah',
|
131
|
+
redirect_url: @redirect_url },
|
132
|
+
xhr: true
|
133
|
+
@data = JSON.parse(response.body)
|
134
|
+
end
|
135
|
+
|
136
|
+
test 'response should contain errors' do
|
137
|
+
assert_equal @data['errors'], [I18n.t('devise_token_auth.confirmations.user_not_found', email: 'chester@cheet.ah')]
|
138
|
+
end
|
139
|
+
end
|
140
|
+
end
|
63
141
|
end
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
142
|
+
|
143
|
+
describe 'with paranoid mode' do
|
144
|
+
describe 'on success' do
|
145
|
+
before do
|
146
|
+
swap Devise, paranoid: true do
|
147
|
+
post :create,
|
148
|
+
params: { email: @new_user.email,
|
149
|
+
redirect_url: @redirect_url },
|
150
|
+
xhr: true
|
151
|
+
@resource = assigns(:resource)
|
152
|
+
@data = JSON.parse(response.body)
|
153
|
+
@mail = ActionMailer::Base.deliveries.last
|
154
|
+
@token, @client_config = token_and_client_config_from(@mail.body)
|
155
|
+
end
|
156
|
+
end
|
157
|
+
|
158
|
+
test 'user should not be confirmed' do
|
159
|
+
assert_nil @resource.confirmed_at
|
160
|
+
end
|
161
|
+
|
162
|
+
test 'should generate raw token' do
|
163
|
+
assert @token
|
164
|
+
assert_equal @new_user.confirmation_token, @token
|
165
|
+
end
|
166
|
+
|
167
|
+
test 'user should receive confirmation email' do
|
168
|
+
assert_equal @resource.email, @mail['to'].to_s
|
169
|
+
end
|
170
|
+
|
171
|
+
test 'response should contain message' do
|
172
|
+
assert_equal @data['message'], I18n.t('devise_token_auth.confirmations.sended_paranoid', email: @resource.email)
|
173
|
+
end
|
174
|
+
end
|
175
|
+
|
176
|
+
describe 'on failure' do
|
177
|
+
before do
|
178
|
+
swap Devise, paranoid: true do
|
179
|
+
post :create,
|
180
|
+
params: { email: 'chester@cheet.ah',
|
181
|
+
redirect_url: @redirect_url },
|
182
|
+
xhr: true
|
183
|
+
@data = JSON.parse(response.body)
|
184
|
+
end
|
185
|
+
end
|
186
|
+
|
187
|
+
test 'response should contain errors' do
|
188
|
+
assert_equal @data['errors'], [I18n.t('devise_token_auth.confirmations.sended_paranoid')]
|
189
|
+
end
|
68
190
|
end
|
69
191
|
end
|
70
192
|
end
|
@@ -77,6 +199,18 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
|
77
199
|
@resource = assigns(:resource)
|
78
200
|
refute @resource.confirmed?
|
79
201
|
end
|
202
|
+
|
203
|
+
test 'request resend confirmation without email' do
|
204
|
+
post :create, params: { email: nil }, xhr: true
|
205
|
+
|
206
|
+
assert_equal 401, response.status
|
207
|
+
end
|
208
|
+
|
209
|
+
test 'user should not be found on resend confirmation request' do
|
210
|
+
post :create, params: { email: 'bogus' }, xhr: true
|
211
|
+
|
212
|
+
assert_equal 404, response.status
|
213
|
+
end
|
80
214
|
end
|
81
215
|
end
|
82
216
|
|
@@ -92,7 +226,7 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
|
92
226
|
|
93
227
|
before do
|
94
228
|
@config_name = 'altUser'
|
95
|
-
@new_user =
|
229
|
+
@new_user = create(:mang_user)
|
96
230
|
|
97
231
|
@new_user.send_confirmation_instructions(client_config: @config_name)
|
98
232
|
|