devise_token_auth 1.0.0 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of devise_token_auth might be problematic. Click here for more details.
- checksums.yaml +5 -5
- data/README.md +2 -2
- data/app/controllers/devise_token_auth/application_controller.rb +0 -1
- data/app/controllers/devise_token_auth/concerns/resource_finder.rb +11 -12
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +15 -28
- data/app/controllers/devise_token_auth/confirmations_controller.rb +14 -19
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +46 -21
- data/app/controllers/devise_token_auth/passwords_controller.rb +15 -19
- data/app/controllers/devise_token_auth/registrations_controller.rb +31 -39
- data/app/controllers/devise_token_auth/unlocks_controller.rb +1 -1
- data/app/models/devise_token_auth/concerns/active_record_support.rb +34 -0
- data/app/models/devise_token_auth/concerns/mongoid_support.rb +19 -0
- data/app/models/devise_token_auth/concerns/user.rb +9 -23
- data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +2 -2
- data/app/validators/{email_validator.rb → devise_token_auth/email_validator.rb} +1 -1
- data/config/locales/he.yml +50 -0
- data/config/locales/ja.yml +1 -1
- data/lib/devise_token_auth.rb +5 -3
- data/lib/devise_token_auth/blacklist.rb +2 -0
- data/lib/devise_token_auth/version.rb +1 -1
- data/lib/generators/devise_token_auth/install_generator.rb +3 -87
- data/lib/generators/devise_token_auth/install_generator_helpers.rb +98 -0
- data/lib/generators/devise_token_auth/install_mongoid_generator.rb +46 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +0 -7
- data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +56 -0
- data/test/controllers/custom/custom_confirmations_controller_test.rb +1 -1
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +41 -20
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +2 -0
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +115 -94
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +31 -4
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +0 -38
- data/test/controllers/devise_token_auth/token_validations_controller_test.rb +2 -1
- data/test/dummy/app/{models → active_record}/lockable_user.rb +0 -0
- data/test/dummy/app/{models → active_record}/mang.rb +0 -0
- data/test/dummy/app/{models → active_record}/only_email_user.rb +0 -0
- data/test/dummy/app/{models → active_record}/scoped_user.rb +2 -2
- data/test/dummy/app/{models → active_record}/unconfirmable_user.rb +1 -2
- data/test/dummy/app/{models → active_record}/unregisterable_user.rb +3 -3
- data/test/dummy/app/active_record/user.rb +6 -0
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +1 -1
- data/test/dummy/app/models/{user.rb → concerns/favorite_color.rb} +7 -8
- data/test/dummy/app/mongoid/lockable_user.rb +38 -0
- data/test/dummy/app/mongoid/mang.rb +46 -0
- data/test/dummy/app/mongoid/only_email_user.rb +33 -0
- data/test/dummy/app/mongoid/scoped_user.rb +50 -0
- data/test/dummy/app/mongoid/unconfirmable_user.rb +44 -0
- data/test/dummy/app/mongoid/unregisterable_user.rb +47 -0
- data/test/dummy/app/mongoid/user.rb +49 -0
- data/test/dummy/config/application.rb +23 -1
- data/test/dummy/config/boot.rb +4 -0
- data/test/dummy/config/initializers/devise.rb +12 -0
- data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +0 -7
- data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +0 -7
- data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +0 -7
- data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +0 -7
- data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +0 -7
- data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +0 -7
- data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +0 -7
- data/test/dummy/db/schema.rb +1 -28
- data/test/dummy/tmp/generators/app/models/azpire/v1/human_resource/user.rb +9 -0
- data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +50 -0
- data/test/dummy/tmp/generators/config/routes.rb +4 -0
- data/test/dummy/tmp/generators/db/migrate/20190112150327_devise_token_auth_create_azpire_v1_human_resource_users.rb +56 -0
- data/test/lib/devise_token_auth/blacklist_test.rb +11 -0
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +51 -31
- data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +51 -31
- data/test/models/concerns/mongoid_support_test.rb +31 -0
- data/test/models/only_email_user_test.rb +0 -8
- data/test/models/user_test.rb +1 -1
- data/test/test_helper.rb +12 -2
- metadata +91 -27
- data/config/initializers/devise.rb +0 -198
- data/test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb +0 -5
- data/test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb +0 -8
@@ -0,0 +1,46 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative 'install_generator_helpers'
|
4
|
+
|
5
|
+
module DeviseTokenAuth
|
6
|
+
class InstallMongoidGenerator < Rails::Generators::Base
|
7
|
+
include DeviseTokenAuth::InstallGeneratorHelpers
|
8
|
+
|
9
|
+
def create_user_model
|
10
|
+
fname = "app/models/#{user_class.underscore}.rb"
|
11
|
+
if File.exist?(File.join(destination_root, fname))
|
12
|
+
inclusion = 'include DeviseTokenAuth::Concerns::User'
|
13
|
+
unless parse_file_for_line(fname, inclusion)
|
14
|
+
inject_into_file fname, before: /end\s\z/ do <<-'RUBY'
|
15
|
+
|
16
|
+
include Mongoid::Locker
|
17
|
+
|
18
|
+
field :locker_locked_at, type: Time
|
19
|
+
field :locker_locked_until, type: Time
|
20
|
+
|
21
|
+
locker locked_at_field: :locker_locked_at,
|
22
|
+
locked_until_field: :locker_locked_until
|
23
|
+
|
24
|
+
## Required
|
25
|
+
field :provider, type: String
|
26
|
+
field :uid, type: String, default: ''
|
27
|
+
|
28
|
+
## Tokens
|
29
|
+
field :tokens, type: Hash, default: {}
|
30
|
+
|
31
|
+
# Include default devise modules. Others available are:
|
32
|
+
# :confirmable, :lockable, :timeoutable and :omniauthable
|
33
|
+
devise :database_authenticatable, :registerable,
|
34
|
+
:recoverable, :rememberable, :trackable, :validatable
|
35
|
+
include DeviseTokenAuth::Concerns::User
|
36
|
+
|
37
|
+
index({ uid: 1, provider: 1}, { name: 'uid_provider_index', unique: true, background: true })
|
38
|
+
RUBY
|
39
|
+
end
|
40
|
+
end
|
41
|
+
else
|
42
|
+
template('user_mongoid.rb.erb', fname)
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
@@ -17,13 +17,6 @@ class DeviseTokenAuthCreate<%= user_class.pluralize.gsub("::","") %> < ActiveRec
|
|
17
17
|
## Rememberable
|
18
18
|
t.datetime :remember_created_at
|
19
19
|
|
20
|
-
## Trackable
|
21
|
-
t.integer :sign_in_count, :default => 0, :null => false
|
22
|
-
t.datetime :current_sign_in_at
|
23
|
-
t.datetime :last_sign_in_at
|
24
|
-
t.string :current_sign_in_ip
|
25
|
-
t.string :last_sign_in_ip
|
26
|
-
|
27
20
|
## Confirmable
|
28
21
|
t.string :confirmation_token
|
29
22
|
t.datetime :confirmed_at
|
@@ -0,0 +1,56 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
class <%= user_class %>
|
4
|
+
include Mongoid::Document
|
5
|
+
include Mongoid::Timestamps
|
6
|
+
include Mongoid::Locker
|
7
|
+
|
8
|
+
field :locker_locked_at, type: Time
|
9
|
+
field :locker_locked_until, type: Time
|
10
|
+
|
11
|
+
locker locked_at_field: :locker_locked_at,
|
12
|
+
locked_until_field: :locker_locked_until
|
13
|
+
|
14
|
+
## Database authenticatable
|
15
|
+
field :email, type: String, default: ''
|
16
|
+
field :encrypted_password, type: String, default: ''
|
17
|
+
|
18
|
+
## Recoverable
|
19
|
+
field :reset_password_token, type: String
|
20
|
+
field :reset_password_sent_at, type: Time
|
21
|
+
field :reset_password_redirect_url, type: String
|
22
|
+
field :allow_password_change, type: Boolean, default: false
|
23
|
+
|
24
|
+
## Rememberable
|
25
|
+
field :remember_created_at, type: Time
|
26
|
+
|
27
|
+
## Confirmable
|
28
|
+
field :confirmation_token, type: String
|
29
|
+
field :confirmed_at, type: Time
|
30
|
+
field :confirmation_sent_at, type: Time
|
31
|
+
field :unconfirmed_email, type: String # Only if using reconfirmable
|
32
|
+
|
33
|
+
## Lockable
|
34
|
+
# field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts
|
35
|
+
# field :unlock_token, type: String # Only if unlock strategy is :email or :both
|
36
|
+
# field :locked_at, type: Time
|
37
|
+
|
38
|
+
## Required
|
39
|
+
field :provider, type: String
|
40
|
+
field :uid, type: String, default: ''
|
41
|
+
|
42
|
+
## Tokens
|
43
|
+
field :tokens, type: Hash, default: {}
|
44
|
+
|
45
|
+
# Include default devise modules. Others available are:
|
46
|
+
# :confirmable, :lockable, :timeoutable and :omniauthable
|
47
|
+
devise :database_authenticatable, :registerable,
|
48
|
+
:recoverable, :rememberable, :trackable, :validatable
|
49
|
+
include DeviseTokenAuth::Concerns::User
|
50
|
+
|
51
|
+
index({ email: 1 }, { name: 'email_index', unique: true, background: true })
|
52
|
+
index({ reset_password_token: 1 }, { name: 'reset_password_token_index', unique: true, sparse: true, background: true })
|
53
|
+
index({ confirmation_token: 1 }, { name: 'confirmation_token_index', unique: true, sparse: true, background: true })
|
54
|
+
index({ uid: 1, provider: 1}, { name: 'uid_provider_index', unique: true, background: true })
|
55
|
+
# index({ unlock_token: 1 }, { name: 'unlock_token_index', unique: true, sparse: true, background: true })
|
56
|
+
end
|
@@ -23,6 +23,7 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
|
23
23
|
@new_user.send_confirmation_instructions(redirect_url: @redirect_url)
|
24
24
|
mail = ActionMailer::Base.deliveries.last
|
25
25
|
@token, @client_config = token_and_client_config_from(mail.body)
|
26
|
+
@token_params = %w[access-token client client_id config expiry token uid]
|
26
27
|
end
|
27
28
|
|
28
29
|
test 'should generate raw token' do
|
@@ -38,32 +39,52 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
|
38
39
|
end
|
39
40
|
|
40
41
|
describe 'success' do
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
42
|
+
describe 'when authenticated' do
|
43
|
+
before do
|
44
|
+
sign_in(@new_user)
|
45
|
+
get :show,
|
46
|
+
params: { confirmation_token: @token,
|
47
|
+
redirect_url: @redirect_url },
|
48
|
+
xhr: true
|
49
|
+
@resource = assigns(:resource)
|
50
|
+
end
|
48
51
|
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
+
test 'user should now be confirmed' do
|
53
|
+
assert @resource.confirmed?
|
54
|
+
end
|
52
55
|
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
+
test 'should redirect to success url' do
|
57
|
+
assert_redirected_to(/^#{@redirect_url}/)
|
58
|
+
end
|
56
59
|
|
57
|
-
|
58
|
-
|
60
|
+
test 'redirect url includes token params' do
|
61
|
+
assert @token_params.all? { |param| response.body.include?(param) }
|
62
|
+
assert response.body.include?('account_confirmation_success')
|
63
|
+
end
|
59
64
|
end
|
60
65
|
|
61
|
-
|
62
|
-
|
63
|
-
|
66
|
+
describe 'when unauthenticated' do
|
67
|
+
before do
|
68
|
+
sign_out(@new_user)
|
69
|
+
get :show,
|
70
|
+
params: { confirmation_token: @token,
|
71
|
+
redirect_url: @redirect_url },
|
72
|
+
xhr: true
|
73
|
+
@resource = assigns(:resource)
|
74
|
+
end
|
64
75
|
|
65
|
-
|
66
|
-
|
76
|
+
test 'user should now be confirmed' do
|
77
|
+
assert @resource.confirmed?
|
78
|
+
end
|
79
|
+
|
80
|
+
test 'should redirect to success url' do
|
81
|
+
assert_redirected_to(/^#{@redirect_url}/)
|
82
|
+
end
|
83
|
+
|
84
|
+
test 'redirect url does not include token params' do
|
85
|
+
refute @token_params.any? { |param| response.body.include?(param) }
|
86
|
+
assert response.body.include?('account_confirmation_success')
|
87
|
+
end
|
67
88
|
end
|
68
89
|
end
|
69
90
|
|
@@ -155,6 +155,8 @@ class OmniauthTest < ActionDispatch::IntegrationTest
|
|
155
155
|
describe 'with new user' do
|
156
156
|
before do
|
157
157
|
User.any_instance.expects(:new_record?).returns(true).at_least_once
|
158
|
+
# https://docs.mongodb.com/mongoid/master/tutorials/mongoid-documents/#notes-on-persistence
|
159
|
+
User.any_instance.expects(:save!).returns(true)
|
158
160
|
end
|
159
161
|
|
160
162
|
test 'response contains oauth_registration attr' do
|
@@ -41,22 +41,46 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
41
41
|
before do
|
42
42
|
@auth_headers = @resource.create_new_auth_token
|
43
43
|
@new_password = Faker::Internet.password
|
44
|
-
|
45
|
-
post :create,
|
46
|
-
params: { email: 'chester@cheet.ah' }
|
47
|
-
@data = JSON.parse(response.body)
|
48
44
|
end
|
49
45
|
|
50
|
-
|
51
|
-
|
46
|
+
describe 'for create' do
|
47
|
+
before do
|
48
|
+
post :create,
|
49
|
+
params: { email: 'chester@cheet.ah' }
|
50
|
+
@data = JSON.parse(response.body)
|
51
|
+
end
|
52
|
+
|
53
|
+
test 'response should fail' do
|
54
|
+
assert_equal 401, response.status
|
55
|
+
end
|
56
|
+
|
57
|
+
test 'error message should be returned' do
|
58
|
+
assert @data['errors']
|
59
|
+
assert_equal(
|
60
|
+
@data['errors'],
|
61
|
+
[I18n.t('devise_token_auth.passwords.missing_redirect_url')]
|
62
|
+
)
|
63
|
+
end
|
52
64
|
end
|
53
65
|
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
@
|
58
|
-
|
59
|
-
|
66
|
+
describe 'for edit' do
|
67
|
+
before do
|
68
|
+
get_reset_token
|
69
|
+
get :edit, params: { reset_password_token: @mail_reset_token}
|
70
|
+
@data = JSON.parse(response.body)
|
71
|
+
end
|
72
|
+
|
73
|
+
test 'response should fail' do
|
74
|
+
assert_equal 401, response.status
|
75
|
+
end
|
76
|
+
|
77
|
+
test 'error message should be returned' do
|
78
|
+
assert @data['errors']
|
79
|
+
assert_equal(
|
80
|
+
@data['errors'],
|
81
|
+
[I18n.t('devise_token_auth.passwords.missing_redirect_url')]
|
82
|
+
)
|
83
|
+
end
|
60
84
|
end
|
61
85
|
end
|
62
86
|
|
@@ -235,14 +259,14 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
235
259
|
assert_equal Devise.token_generator.digest(self, :reset_password_token, @mail_reset_token), @resource.reset_password_token
|
236
260
|
end
|
237
261
|
|
238
|
-
test 'reset_password_token should be rewritten by origin mail_reset_token' do
|
262
|
+
test 'reset_password_token should not be rewritten by origin mail_reset_token' do
|
239
263
|
get :edit, params: {
|
240
264
|
reset_password_token: @mail_reset_token,
|
241
265
|
redirect_url: @mail_redirect_url
|
242
266
|
}
|
243
267
|
@resource.reload
|
244
268
|
|
245
|
-
assert_equal @mail_reset_token, @resource.reset_password_token
|
269
|
+
assert_equal Devise.token_generator.digest(self, :reset_password_token, @mail_reset_token), @resource.reset_password_token
|
246
270
|
end
|
247
271
|
|
248
272
|
test 'response should return success status' do
|
@@ -254,26 +278,6 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
254
278
|
assert_equal 302, response.status
|
255
279
|
end
|
256
280
|
|
257
|
-
test 'reset_password_token should be valid only one first time' do
|
258
|
-
get :edit, params: {
|
259
|
-
reset_password_token: @mail_reset_token,
|
260
|
-
redirect_url: @mail_redirect_url
|
261
|
-
}
|
262
|
-
|
263
|
-
@resource.reload
|
264
|
-
assert_equal @mail_reset_token, @resource.reset_password_token
|
265
|
-
|
266
|
-
assert_raises(ActionController::RoutingError) {
|
267
|
-
get :edit, params: {
|
268
|
-
reset_password_token: @mail_reset_token,
|
269
|
-
redirect_url: @mail_redirect_url
|
270
|
-
}
|
271
|
-
}
|
272
|
-
|
273
|
-
@resource.reload
|
274
|
-
assert_equal @mail_reset_token, @resource.reset_password_token
|
275
|
-
end
|
276
|
-
|
277
281
|
test 'reset_password_sent_at should be valid' do
|
278
282
|
assert_equal @resource.reset_password_period_valid?, true
|
279
283
|
|
@@ -283,7 +287,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
283
287
|
}
|
284
288
|
|
285
289
|
@resource.reload
|
286
|
-
assert_equal @mail_reset_token, @resource.reset_password_token
|
290
|
+
assert_equal Devise.token_generator.digest(self, :reset_password_token, @mail_reset_token), @resource.reset_password_token
|
287
291
|
end
|
288
292
|
|
289
293
|
test 'reset_password_sent_at should be expired' do
|
@@ -354,8 +358,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
354
358
|
|
355
359
|
describe 'Using redirect_whitelist' do
|
356
360
|
before do
|
357
|
-
@
|
358
|
-
@good_redirect_url = Faker::Internet.url
|
361
|
+
@good_redirect_url = @redirect_url
|
359
362
|
@bad_redirect_url = Faker::Internet.url
|
360
363
|
DeviseTokenAuth.redirect_whitelist = [@good_redirect_url]
|
361
364
|
end
|
@@ -364,31 +367,65 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
364
367
|
DeviseTokenAuth.redirect_whitelist = nil
|
365
368
|
end
|
366
369
|
|
367
|
-
|
368
|
-
|
369
|
-
|
370
|
-
|
370
|
+
describe 'for create' do
|
371
|
+
test 'request to whitelisted redirect should be successful' do
|
372
|
+
post :create,
|
373
|
+
params: { email: @resource.email,
|
374
|
+
redirect_url: @good_redirect_url }
|
371
375
|
|
372
|
-
|
373
|
-
|
376
|
+
assert_equal 200, response.status
|
377
|
+
end
|
374
378
|
|
375
|
-
|
376
|
-
|
377
|
-
|
378
|
-
|
379
|
+
test 'request to non-whitelisted redirect should fail' do
|
380
|
+
post :create,
|
381
|
+
params: { email: @resource.email,
|
382
|
+
redirect_url: @bad_redirect_url }
|
383
|
+
|
384
|
+
assert_equal 422, response.status
|
385
|
+
end
|
386
|
+
|
387
|
+
test 'request to non-whitelisted redirect should return error message' do
|
388
|
+
post :create,
|
389
|
+
params: { email: @resource.email,
|
390
|
+
redirect_url: @bad_redirect_url }
|
379
391
|
|
380
|
-
|
392
|
+
@data = JSON.parse(response.body)
|
393
|
+
assert @data['errors']
|
394
|
+
assert_equal @data['errors'],
|
395
|
+
[I18n.t('devise_token_auth.passwords.not_allowed_redirect_url',
|
396
|
+
redirect_url: @bad_redirect_url)]
|
397
|
+
end
|
381
398
|
end
|
382
|
-
test 'request to non-whitelisted redirect should return error message' do
|
383
|
-
post :create,
|
384
|
-
params: { email: @resource.email,
|
385
|
-
redirect_url: @bad_redirect_url }
|
386
399
|
|
387
|
-
|
388
|
-
|
389
|
-
|
390
|
-
|
391
|
-
|
400
|
+
describe 'for edit' do
|
401
|
+
before do
|
402
|
+
@auth_headers = @resource.create_new_auth_token
|
403
|
+
@new_password = Faker::Internet.password
|
404
|
+
|
405
|
+
get_reset_token
|
406
|
+
end
|
407
|
+
|
408
|
+
test 'request to whitelisted redirect should be successful' do
|
409
|
+
get :edit, params: { reset_password_token: @mail_reset_token, redirect_url: @good_redirect_url }
|
410
|
+
|
411
|
+
assert_equal 302, response.status
|
412
|
+
end
|
413
|
+
|
414
|
+
test 'request to non-whitelisted redirect should fail' do
|
415
|
+
get :edit, params: { reset_password_token: @mail_reset_token, redirect_url: @bad_redirect_url }
|
416
|
+
|
417
|
+
assert_equal 422, response.status
|
418
|
+
end
|
419
|
+
|
420
|
+
test 'request to non-whitelisted redirect should return error message' do
|
421
|
+
get :edit, params: { reset_password_token: @mail_reset_token, redirect_url: @bad_redirect_url }
|
422
|
+
|
423
|
+
@data = JSON.parse(response.body)
|
424
|
+
assert @data['errors']
|
425
|
+
assert_equal @data['errors'],
|
426
|
+
[I18n.t('devise_token_auth.passwords.not_allowed_redirect_url',
|
427
|
+
redirect_url: @bad_redirect_url)]
|
428
|
+
end
|
392
429
|
end
|
393
430
|
end
|
394
431
|
|
@@ -509,6 +546,10 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
509
546
|
test 'new password should authenticate user' do
|
510
547
|
assert @resource.valid_password?(@new_password)
|
511
548
|
end
|
549
|
+
|
550
|
+
test 'reset_password_token should be removed' do
|
551
|
+
assert_nil @resource.reset_password_token
|
552
|
+
end
|
512
553
|
end
|
513
554
|
|
514
555
|
describe 'password mismatch error' do
|
@@ -554,16 +595,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
554
595
|
before do
|
555
596
|
@resource = create(:mang_user, :confirmed)
|
556
597
|
@redirect_url = 'http://ng-token-auth.dev'
|
557
|
-
|
558
|
-
post :create, params: { email: @resource.email,
|
559
|
-
redirect_url: @redirect_url }
|
560
|
-
|
561
|
-
@mail = ActionMailer::Base.deliveries.last
|
562
|
-
@resource.reload
|
563
|
-
|
564
|
-
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
565
|
-
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
566
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
598
|
+
get_reset_token
|
567
599
|
end
|
568
600
|
|
569
601
|
test 'response should return success status' do
|
@@ -582,15 +614,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
582
614
|
@resource = create(:user)
|
583
615
|
@redirect_url = 'http://ng-token-auth.dev'
|
584
616
|
|
585
|
-
|
586
|
-
redirect_url: @redirect_url }
|
587
|
-
|
588
|
-
@mail = ActionMailer::Base.deliveries.last
|
589
|
-
@resource.reload
|
590
|
-
|
591
|
-
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
592
|
-
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
593
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
617
|
+
get_reset_token
|
594
618
|
|
595
619
|
get :edit, params: { reset_password_token: @mail_reset_token,
|
596
620
|
redirect_url: @mail_redirect_url }
|
@@ -610,17 +634,8 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
610
634
|
|
611
635
|
before do
|
612
636
|
@resource = unconfirmable_users(:user)
|
613
|
-
@redirect_url = 'http://ng-token-auth.dev'
|
614
|
-
|
615
|
-
post :create, params: { email: @resource.email,
|
616
|
-
redirect_url: @redirect_url }
|
617
|
-
|
618
|
-
@mail = ActionMailer::Base.deliveries.last
|
619
|
-
@resource.reload
|
620
637
|
|
621
|
-
|
622
|
-
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
623
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
638
|
+
get_reset_token
|
624
639
|
|
625
640
|
get :edit, params: { reset_password_token: @mail_reset_token,
|
626
641
|
redirect_url: @mail_redirect_url }
|
@@ -635,21 +650,27 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
635
650
|
@redirect_url = 'http://ng-token-auth.dev'
|
636
651
|
@config_name = 'altUser'
|
637
652
|
|
638
|
-
|
653
|
+
params = { email: @resource.email,
|
639
654
|
redirect_url: @redirect_url,
|
640
655
|
config_name: @config_name }
|
641
|
-
|
642
|
-
@mail = ActionMailer::Base.deliveries.last
|
643
|
-
@resource.reload
|
644
|
-
|
645
|
-
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
646
|
-
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
647
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
656
|
+
get_reset_token params
|
648
657
|
end
|
649
658
|
|
650
659
|
test 'config_name param is included in the confirmation email link' do
|
651
660
|
assert_equal @config_name, @mail_config_name
|
652
661
|
end
|
653
662
|
end
|
663
|
+
|
664
|
+
def get_reset_token(params = nil)
|
665
|
+
params ||= { email: @resource.email, redirect_url: @redirect_url }
|
666
|
+
post :create, params: params
|
667
|
+
|
668
|
+
@mail = ActionMailer::Base.deliveries.last
|
669
|
+
@resource.reload
|
670
|
+
|
671
|
+
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
672
|
+
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
673
|
+
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
674
|
+
end
|
654
675
|
end
|
655
676
|
end
|