devise_token_auth 1.0.0 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise_token_auth might be problematic. Click here for more details.
- checksums.yaml +5 -5
- data/README.md +2 -2
- data/app/controllers/devise_token_auth/application_controller.rb +0 -1
- data/app/controllers/devise_token_auth/concerns/resource_finder.rb +11 -12
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +15 -28
- data/app/controllers/devise_token_auth/confirmations_controller.rb +14 -19
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +46 -21
- data/app/controllers/devise_token_auth/passwords_controller.rb +15 -19
- data/app/controllers/devise_token_auth/registrations_controller.rb +31 -39
- data/app/controllers/devise_token_auth/unlocks_controller.rb +1 -1
- data/app/models/devise_token_auth/concerns/active_record_support.rb +34 -0
- data/app/models/devise_token_auth/concerns/mongoid_support.rb +19 -0
- data/app/models/devise_token_auth/concerns/user.rb +9 -23
- data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +2 -2
- data/app/validators/{email_validator.rb → devise_token_auth/email_validator.rb} +1 -1
- data/config/locales/he.yml +50 -0
- data/config/locales/ja.yml +1 -1
- data/lib/devise_token_auth.rb +5 -3
- data/lib/devise_token_auth/blacklist.rb +2 -0
- data/lib/devise_token_auth/version.rb +1 -1
- data/lib/generators/devise_token_auth/install_generator.rb +3 -87
- data/lib/generators/devise_token_auth/install_generator_helpers.rb +98 -0
- data/lib/generators/devise_token_auth/install_mongoid_generator.rb +46 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +0 -7
- data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +56 -0
- data/test/controllers/custom/custom_confirmations_controller_test.rb +1 -1
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +41 -20
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +2 -0
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +115 -94
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +31 -4
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +0 -38
- data/test/controllers/devise_token_auth/token_validations_controller_test.rb +2 -1
- data/test/dummy/app/{models → active_record}/lockable_user.rb +0 -0
- data/test/dummy/app/{models → active_record}/mang.rb +0 -0
- data/test/dummy/app/{models → active_record}/only_email_user.rb +0 -0
- data/test/dummy/app/{models → active_record}/scoped_user.rb +2 -2
- data/test/dummy/app/{models → active_record}/unconfirmable_user.rb +1 -2
- data/test/dummy/app/{models → active_record}/unregisterable_user.rb +3 -3
- data/test/dummy/app/active_record/user.rb +6 -0
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +1 -1
- data/test/dummy/app/models/{user.rb → concerns/favorite_color.rb} +7 -8
- data/test/dummy/app/mongoid/lockable_user.rb +38 -0
- data/test/dummy/app/mongoid/mang.rb +46 -0
- data/test/dummy/app/mongoid/only_email_user.rb +33 -0
- data/test/dummy/app/mongoid/scoped_user.rb +50 -0
- data/test/dummy/app/mongoid/unconfirmable_user.rb +44 -0
- data/test/dummy/app/mongoid/unregisterable_user.rb +47 -0
- data/test/dummy/app/mongoid/user.rb +49 -0
- data/test/dummy/config/application.rb +23 -1
- data/test/dummy/config/boot.rb +4 -0
- data/test/dummy/config/initializers/devise.rb +12 -0
- data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +0 -7
- data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +0 -7
- data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +0 -7
- data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +0 -7
- data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +0 -7
- data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +0 -7
- data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +0 -7
- data/test/dummy/db/schema.rb +1 -28
- data/test/dummy/tmp/generators/app/models/azpire/v1/human_resource/user.rb +9 -0
- data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +50 -0
- data/test/dummy/tmp/generators/config/routes.rb +4 -0
- data/test/dummy/tmp/generators/db/migrate/20190112150327_devise_token_auth_create_azpire_v1_human_resource_users.rb +56 -0
- data/test/lib/devise_token_auth/blacklist_test.rb +11 -0
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +51 -31
- data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +51 -31
- data/test/models/concerns/mongoid_support_test.rb +31 -0
- data/test/models/only_email_user_test.rb +0 -8
- data/test/models/user_test.rb +1 -1
- data/test/test_helper.rb +12 -2
- metadata +91 -27
- data/config/initializers/devise.rb +0 -198
- data/test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb +0 -5
- data/test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb +0 -8
@@ -0,0 +1,46 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative 'install_generator_helpers'
|
4
|
+
|
5
|
+
module DeviseTokenAuth
|
6
|
+
class InstallMongoidGenerator < Rails::Generators::Base
|
7
|
+
include DeviseTokenAuth::InstallGeneratorHelpers
|
8
|
+
|
9
|
+
def create_user_model
|
10
|
+
fname = "app/models/#{user_class.underscore}.rb"
|
11
|
+
if File.exist?(File.join(destination_root, fname))
|
12
|
+
inclusion = 'include DeviseTokenAuth::Concerns::User'
|
13
|
+
unless parse_file_for_line(fname, inclusion)
|
14
|
+
inject_into_file fname, before: /end\s\z/ do <<-'RUBY'
|
15
|
+
|
16
|
+
include Mongoid::Locker
|
17
|
+
|
18
|
+
field :locker_locked_at, type: Time
|
19
|
+
field :locker_locked_until, type: Time
|
20
|
+
|
21
|
+
locker locked_at_field: :locker_locked_at,
|
22
|
+
locked_until_field: :locker_locked_until
|
23
|
+
|
24
|
+
## Required
|
25
|
+
field :provider, type: String
|
26
|
+
field :uid, type: String, default: ''
|
27
|
+
|
28
|
+
## Tokens
|
29
|
+
field :tokens, type: Hash, default: {}
|
30
|
+
|
31
|
+
# Include default devise modules. Others available are:
|
32
|
+
# :confirmable, :lockable, :timeoutable and :omniauthable
|
33
|
+
devise :database_authenticatable, :registerable,
|
34
|
+
:recoverable, :rememberable, :trackable, :validatable
|
35
|
+
include DeviseTokenAuth::Concerns::User
|
36
|
+
|
37
|
+
index({ uid: 1, provider: 1}, { name: 'uid_provider_index', unique: true, background: true })
|
38
|
+
RUBY
|
39
|
+
end
|
40
|
+
end
|
41
|
+
else
|
42
|
+
template('user_mongoid.rb.erb', fname)
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
@@ -17,13 +17,6 @@ class DeviseTokenAuthCreate<%= user_class.pluralize.gsub("::","") %> < ActiveRec
|
|
17
17
|
## Rememberable
|
18
18
|
t.datetime :remember_created_at
|
19
19
|
|
20
|
-
## Trackable
|
21
|
-
t.integer :sign_in_count, :default => 0, :null => false
|
22
|
-
t.datetime :current_sign_in_at
|
23
|
-
t.datetime :last_sign_in_at
|
24
|
-
t.string :current_sign_in_ip
|
25
|
-
t.string :last_sign_in_ip
|
26
|
-
|
27
20
|
## Confirmable
|
28
21
|
t.string :confirmation_token
|
29
22
|
t.datetime :confirmed_at
|
@@ -0,0 +1,56 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
class <%= user_class %>
|
4
|
+
include Mongoid::Document
|
5
|
+
include Mongoid::Timestamps
|
6
|
+
include Mongoid::Locker
|
7
|
+
|
8
|
+
field :locker_locked_at, type: Time
|
9
|
+
field :locker_locked_until, type: Time
|
10
|
+
|
11
|
+
locker locked_at_field: :locker_locked_at,
|
12
|
+
locked_until_field: :locker_locked_until
|
13
|
+
|
14
|
+
## Database authenticatable
|
15
|
+
field :email, type: String, default: ''
|
16
|
+
field :encrypted_password, type: String, default: ''
|
17
|
+
|
18
|
+
## Recoverable
|
19
|
+
field :reset_password_token, type: String
|
20
|
+
field :reset_password_sent_at, type: Time
|
21
|
+
field :reset_password_redirect_url, type: String
|
22
|
+
field :allow_password_change, type: Boolean, default: false
|
23
|
+
|
24
|
+
## Rememberable
|
25
|
+
field :remember_created_at, type: Time
|
26
|
+
|
27
|
+
## Confirmable
|
28
|
+
field :confirmation_token, type: String
|
29
|
+
field :confirmed_at, type: Time
|
30
|
+
field :confirmation_sent_at, type: Time
|
31
|
+
field :unconfirmed_email, type: String # Only if using reconfirmable
|
32
|
+
|
33
|
+
## Lockable
|
34
|
+
# field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts
|
35
|
+
# field :unlock_token, type: String # Only if unlock strategy is :email or :both
|
36
|
+
# field :locked_at, type: Time
|
37
|
+
|
38
|
+
## Required
|
39
|
+
field :provider, type: String
|
40
|
+
field :uid, type: String, default: ''
|
41
|
+
|
42
|
+
## Tokens
|
43
|
+
field :tokens, type: Hash, default: {}
|
44
|
+
|
45
|
+
# Include default devise modules. Others available are:
|
46
|
+
# :confirmable, :lockable, :timeoutable and :omniauthable
|
47
|
+
devise :database_authenticatable, :registerable,
|
48
|
+
:recoverable, :rememberable, :trackable, :validatable
|
49
|
+
include DeviseTokenAuth::Concerns::User
|
50
|
+
|
51
|
+
index({ email: 1 }, { name: 'email_index', unique: true, background: true })
|
52
|
+
index({ reset_password_token: 1 }, { name: 'reset_password_token_index', unique: true, sparse: true, background: true })
|
53
|
+
index({ confirmation_token: 1 }, { name: 'confirmation_token_index', unique: true, sparse: true, background: true })
|
54
|
+
index({ uid: 1, provider: 1}, { name: 'uid_provider_index', unique: true, background: true })
|
55
|
+
# index({ unlock_token: 1 }, { name: 'unlock_token_index', unique: true, sparse: true, background: true })
|
56
|
+
end
|
@@ -23,6 +23,7 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
|
23
23
|
@new_user.send_confirmation_instructions(redirect_url: @redirect_url)
|
24
24
|
mail = ActionMailer::Base.deliveries.last
|
25
25
|
@token, @client_config = token_and_client_config_from(mail.body)
|
26
|
+
@token_params = %w[access-token client client_id config expiry token uid]
|
26
27
|
end
|
27
28
|
|
28
29
|
test 'should generate raw token' do
|
@@ -38,32 +39,52 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
|
38
39
|
end
|
39
40
|
|
40
41
|
describe 'success' do
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
42
|
+
describe 'when authenticated' do
|
43
|
+
before do
|
44
|
+
sign_in(@new_user)
|
45
|
+
get :show,
|
46
|
+
params: { confirmation_token: @token,
|
47
|
+
redirect_url: @redirect_url },
|
48
|
+
xhr: true
|
49
|
+
@resource = assigns(:resource)
|
50
|
+
end
|
48
51
|
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
+
test 'user should now be confirmed' do
|
53
|
+
assert @resource.confirmed?
|
54
|
+
end
|
52
55
|
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
+
test 'should redirect to success url' do
|
57
|
+
assert_redirected_to(/^#{@redirect_url}/)
|
58
|
+
end
|
56
59
|
|
57
|
-
|
58
|
-
|
60
|
+
test 'redirect url includes token params' do
|
61
|
+
assert @token_params.all? { |param| response.body.include?(param) }
|
62
|
+
assert response.body.include?('account_confirmation_success')
|
63
|
+
end
|
59
64
|
end
|
60
65
|
|
61
|
-
|
62
|
-
|
63
|
-
|
66
|
+
describe 'when unauthenticated' do
|
67
|
+
before do
|
68
|
+
sign_out(@new_user)
|
69
|
+
get :show,
|
70
|
+
params: { confirmation_token: @token,
|
71
|
+
redirect_url: @redirect_url },
|
72
|
+
xhr: true
|
73
|
+
@resource = assigns(:resource)
|
74
|
+
end
|
64
75
|
|
65
|
-
|
66
|
-
|
76
|
+
test 'user should now be confirmed' do
|
77
|
+
assert @resource.confirmed?
|
78
|
+
end
|
79
|
+
|
80
|
+
test 'should redirect to success url' do
|
81
|
+
assert_redirected_to(/^#{@redirect_url}/)
|
82
|
+
end
|
83
|
+
|
84
|
+
test 'redirect url does not include token params' do
|
85
|
+
refute @token_params.any? { |param| response.body.include?(param) }
|
86
|
+
assert response.body.include?('account_confirmation_success')
|
87
|
+
end
|
67
88
|
end
|
68
89
|
end
|
69
90
|
|
@@ -155,6 +155,8 @@ class OmniauthTest < ActionDispatch::IntegrationTest
|
|
155
155
|
describe 'with new user' do
|
156
156
|
before do
|
157
157
|
User.any_instance.expects(:new_record?).returns(true).at_least_once
|
158
|
+
# https://docs.mongodb.com/mongoid/master/tutorials/mongoid-documents/#notes-on-persistence
|
159
|
+
User.any_instance.expects(:save!).returns(true)
|
158
160
|
end
|
159
161
|
|
160
162
|
test 'response contains oauth_registration attr' do
|
@@ -41,22 +41,46 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
41
41
|
before do
|
42
42
|
@auth_headers = @resource.create_new_auth_token
|
43
43
|
@new_password = Faker::Internet.password
|
44
|
-
|
45
|
-
post :create,
|
46
|
-
params: { email: 'chester@cheet.ah' }
|
47
|
-
@data = JSON.parse(response.body)
|
48
44
|
end
|
49
45
|
|
50
|
-
|
51
|
-
|
46
|
+
describe 'for create' do
|
47
|
+
before do
|
48
|
+
post :create,
|
49
|
+
params: { email: 'chester@cheet.ah' }
|
50
|
+
@data = JSON.parse(response.body)
|
51
|
+
end
|
52
|
+
|
53
|
+
test 'response should fail' do
|
54
|
+
assert_equal 401, response.status
|
55
|
+
end
|
56
|
+
|
57
|
+
test 'error message should be returned' do
|
58
|
+
assert @data['errors']
|
59
|
+
assert_equal(
|
60
|
+
@data['errors'],
|
61
|
+
[I18n.t('devise_token_auth.passwords.missing_redirect_url')]
|
62
|
+
)
|
63
|
+
end
|
52
64
|
end
|
53
65
|
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
@
|
58
|
-
|
59
|
-
|
66
|
+
describe 'for edit' do
|
67
|
+
before do
|
68
|
+
get_reset_token
|
69
|
+
get :edit, params: { reset_password_token: @mail_reset_token}
|
70
|
+
@data = JSON.parse(response.body)
|
71
|
+
end
|
72
|
+
|
73
|
+
test 'response should fail' do
|
74
|
+
assert_equal 401, response.status
|
75
|
+
end
|
76
|
+
|
77
|
+
test 'error message should be returned' do
|
78
|
+
assert @data['errors']
|
79
|
+
assert_equal(
|
80
|
+
@data['errors'],
|
81
|
+
[I18n.t('devise_token_auth.passwords.missing_redirect_url')]
|
82
|
+
)
|
83
|
+
end
|
60
84
|
end
|
61
85
|
end
|
62
86
|
|
@@ -235,14 +259,14 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
235
259
|
assert_equal Devise.token_generator.digest(self, :reset_password_token, @mail_reset_token), @resource.reset_password_token
|
236
260
|
end
|
237
261
|
|
238
|
-
test 'reset_password_token should be rewritten by origin mail_reset_token' do
|
262
|
+
test 'reset_password_token should not be rewritten by origin mail_reset_token' do
|
239
263
|
get :edit, params: {
|
240
264
|
reset_password_token: @mail_reset_token,
|
241
265
|
redirect_url: @mail_redirect_url
|
242
266
|
}
|
243
267
|
@resource.reload
|
244
268
|
|
245
|
-
assert_equal @mail_reset_token, @resource.reset_password_token
|
269
|
+
assert_equal Devise.token_generator.digest(self, :reset_password_token, @mail_reset_token), @resource.reset_password_token
|
246
270
|
end
|
247
271
|
|
248
272
|
test 'response should return success status' do
|
@@ -254,26 +278,6 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
254
278
|
assert_equal 302, response.status
|
255
279
|
end
|
256
280
|
|
257
|
-
test 'reset_password_token should be valid only one first time' do
|
258
|
-
get :edit, params: {
|
259
|
-
reset_password_token: @mail_reset_token,
|
260
|
-
redirect_url: @mail_redirect_url
|
261
|
-
}
|
262
|
-
|
263
|
-
@resource.reload
|
264
|
-
assert_equal @mail_reset_token, @resource.reset_password_token
|
265
|
-
|
266
|
-
assert_raises(ActionController::RoutingError) {
|
267
|
-
get :edit, params: {
|
268
|
-
reset_password_token: @mail_reset_token,
|
269
|
-
redirect_url: @mail_redirect_url
|
270
|
-
}
|
271
|
-
}
|
272
|
-
|
273
|
-
@resource.reload
|
274
|
-
assert_equal @mail_reset_token, @resource.reset_password_token
|
275
|
-
end
|
276
|
-
|
277
281
|
test 'reset_password_sent_at should be valid' do
|
278
282
|
assert_equal @resource.reset_password_period_valid?, true
|
279
283
|
|
@@ -283,7 +287,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
283
287
|
}
|
284
288
|
|
285
289
|
@resource.reload
|
286
|
-
assert_equal @mail_reset_token, @resource.reset_password_token
|
290
|
+
assert_equal Devise.token_generator.digest(self, :reset_password_token, @mail_reset_token), @resource.reset_password_token
|
287
291
|
end
|
288
292
|
|
289
293
|
test 'reset_password_sent_at should be expired' do
|
@@ -354,8 +358,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
354
358
|
|
355
359
|
describe 'Using redirect_whitelist' do
|
356
360
|
before do
|
357
|
-
@
|
358
|
-
@good_redirect_url = Faker::Internet.url
|
361
|
+
@good_redirect_url = @redirect_url
|
359
362
|
@bad_redirect_url = Faker::Internet.url
|
360
363
|
DeviseTokenAuth.redirect_whitelist = [@good_redirect_url]
|
361
364
|
end
|
@@ -364,31 +367,65 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
364
367
|
DeviseTokenAuth.redirect_whitelist = nil
|
365
368
|
end
|
366
369
|
|
367
|
-
|
368
|
-
|
369
|
-
|
370
|
-
|
370
|
+
describe 'for create' do
|
371
|
+
test 'request to whitelisted redirect should be successful' do
|
372
|
+
post :create,
|
373
|
+
params: { email: @resource.email,
|
374
|
+
redirect_url: @good_redirect_url }
|
371
375
|
|
372
|
-
|
373
|
-
|
376
|
+
assert_equal 200, response.status
|
377
|
+
end
|
374
378
|
|
375
|
-
|
376
|
-
|
377
|
-
|
378
|
-
|
379
|
+
test 'request to non-whitelisted redirect should fail' do
|
380
|
+
post :create,
|
381
|
+
params: { email: @resource.email,
|
382
|
+
redirect_url: @bad_redirect_url }
|
383
|
+
|
384
|
+
assert_equal 422, response.status
|
385
|
+
end
|
386
|
+
|
387
|
+
test 'request to non-whitelisted redirect should return error message' do
|
388
|
+
post :create,
|
389
|
+
params: { email: @resource.email,
|
390
|
+
redirect_url: @bad_redirect_url }
|
379
391
|
|
380
|
-
|
392
|
+
@data = JSON.parse(response.body)
|
393
|
+
assert @data['errors']
|
394
|
+
assert_equal @data['errors'],
|
395
|
+
[I18n.t('devise_token_auth.passwords.not_allowed_redirect_url',
|
396
|
+
redirect_url: @bad_redirect_url)]
|
397
|
+
end
|
381
398
|
end
|
382
|
-
test 'request to non-whitelisted redirect should return error message' do
|
383
|
-
post :create,
|
384
|
-
params: { email: @resource.email,
|
385
|
-
redirect_url: @bad_redirect_url }
|
386
399
|
|
387
|
-
|
388
|
-
|
389
|
-
|
390
|
-
|
391
|
-
|
400
|
+
describe 'for edit' do
|
401
|
+
before do
|
402
|
+
@auth_headers = @resource.create_new_auth_token
|
403
|
+
@new_password = Faker::Internet.password
|
404
|
+
|
405
|
+
get_reset_token
|
406
|
+
end
|
407
|
+
|
408
|
+
test 'request to whitelisted redirect should be successful' do
|
409
|
+
get :edit, params: { reset_password_token: @mail_reset_token, redirect_url: @good_redirect_url }
|
410
|
+
|
411
|
+
assert_equal 302, response.status
|
412
|
+
end
|
413
|
+
|
414
|
+
test 'request to non-whitelisted redirect should fail' do
|
415
|
+
get :edit, params: { reset_password_token: @mail_reset_token, redirect_url: @bad_redirect_url }
|
416
|
+
|
417
|
+
assert_equal 422, response.status
|
418
|
+
end
|
419
|
+
|
420
|
+
test 'request to non-whitelisted redirect should return error message' do
|
421
|
+
get :edit, params: { reset_password_token: @mail_reset_token, redirect_url: @bad_redirect_url }
|
422
|
+
|
423
|
+
@data = JSON.parse(response.body)
|
424
|
+
assert @data['errors']
|
425
|
+
assert_equal @data['errors'],
|
426
|
+
[I18n.t('devise_token_auth.passwords.not_allowed_redirect_url',
|
427
|
+
redirect_url: @bad_redirect_url)]
|
428
|
+
end
|
392
429
|
end
|
393
430
|
end
|
394
431
|
|
@@ -509,6 +546,10 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
509
546
|
test 'new password should authenticate user' do
|
510
547
|
assert @resource.valid_password?(@new_password)
|
511
548
|
end
|
549
|
+
|
550
|
+
test 'reset_password_token should be removed' do
|
551
|
+
assert_nil @resource.reset_password_token
|
552
|
+
end
|
512
553
|
end
|
513
554
|
|
514
555
|
describe 'password mismatch error' do
|
@@ -554,16 +595,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
554
595
|
before do
|
555
596
|
@resource = create(:mang_user, :confirmed)
|
556
597
|
@redirect_url = 'http://ng-token-auth.dev'
|
557
|
-
|
558
|
-
post :create, params: { email: @resource.email,
|
559
|
-
redirect_url: @redirect_url }
|
560
|
-
|
561
|
-
@mail = ActionMailer::Base.deliveries.last
|
562
|
-
@resource.reload
|
563
|
-
|
564
|
-
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
565
|
-
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
566
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
598
|
+
get_reset_token
|
567
599
|
end
|
568
600
|
|
569
601
|
test 'response should return success status' do
|
@@ -582,15 +614,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
582
614
|
@resource = create(:user)
|
583
615
|
@redirect_url = 'http://ng-token-auth.dev'
|
584
616
|
|
585
|
-
|
586
|
-
redirect_url: @redirect_url }
|
587
|
-
|
588
|
-
@mail = ActionMailer::Base.deliveries.last
|
589
|
-
@resource.reload
|
590
|
-
|
591
|
-
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
592
|
-
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
593
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
617
|
+
get_reset_token
|
594
618
|
|
595
619
|
get :edit, params: { reset_password_token: @mail_reset_token,
|
596
620
|
redirect_url: @mail_redirect_url }
|
@@ -610,17 +634,8 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
610
634
|
|
611
635
|
before do
|
612
636
|
@resource = unconfirmable_users(:user)
|
613
|
-
@redirect_url = 'http://ng-token-auth.dev'
|
614
|
-
|
615
|
-
post :create, params: { email: @resource.email,
|
616
|
-
redirect_url: @redirect_url }
|
617
|
-
|
618
|
-
@mail = ActionMailer::Base.deliveries.last
|
619
|
-
@resource.reload
|
620
637
|
|
621
|
-
|
622
|
-
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
623
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
638
|
+
get_reset_token
|
624
639
|
|
625
640
|
get :edit, params: { reset_password_token: @mail_reset_token,
|
626
641
|
redirect_url: @mail_redirect_url }
|
@@ -635,21 +650,27 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
635
650
|
@redirect_url = 'http://ng-token-auth.dev'
|
636
651
|
@config_name = 'altUser'
|
637
652
|
|
638
|
-
|
653
|
+
params = { email: @resource.email,
|
639
654
|
redirect_url: @redirect_url,
|
640
655
|
config_name: @config_name }
|
641
|
-
|
642
|
-
@mail = ActionMailer::Base.deliveries.last
|
643
|
-
@resource.reload
|
644
|
-
|
645
|
-
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
646
|
-
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
647
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
656
|
+
get_reset_token params
|
648
657
|
end
|
649
658
|
|
650
659
|
test 'config_name param is included in the confirmation email link' do
|
651
660
|
assert_equal @config_name, @mail_config_name
|
652
661
|
end
|
653
662
|
end
|
663
|
+
|
664
|
+
def get_reset_token(params = nil)
|
665
|
+
params ||= { email: @resource.email, redirect_url: @redirect_url }
|
666
|
+
post :create, params: params
|
667
|
+
|
668
|
+
@mail = ActionMailer::Base.deliveries.last
|
669
|
+
@resource.reload
|
670
|
+
|
671
|
+
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
672
|
+
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
673
|
+
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
674
|
+
end
|
654
675
|
end
|
655
676
|
end
|