RubyGems - devise_token_auth - Versions diffs - 1.0.0 → 1.1.0 - Mend

devise_token_auth 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of devise_token_auth might be problematic. Click here for more details.

Files changed (74) hide show

data/test/controllers/devise_token_auth/registrations_controller_test.rb CHANGED

@@ -83,6 +83,33 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
       end
     end
+    describe 'using allow_unconfirmed_access_for' do
+      before do
+        @original_duration = Devise.allow_unconfirmed_access_for
+        Devise.allow_unconfirmed_access_for = nil
+        post '/auth',
+             params: {
+               email: Faker::Internet.email,
+               password: 'secret123',
+               password_confirmation: 'secret123',
+               confirm_success_url: Faker::Internet.url,
+               unpermitted_param: '(x_x)'
+             }
+      end
+      test 'auth headers were returned in response' do
+        assert response.headers['access-token']
+        assert response.headers['token-type']
+        assert response.headers['client']
+        assert response.headers['expiry']
+        assert response.headers['uid']
+      end
+      after do
+        Devise.allow_unconfirmed_access_for = @original_duration
+      end
+    end
     describe 'using "+" in email' do
       test 'can use + sign in email addresses' do
         @plus_email = 'ak+testing@gmail.com'
@@ -305,7 +332,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
       end
       test 'user should not have been created' do
-        assert_nil @resource.id
+        refute @resource.persisted?
       end
       test 'error should be returned in the response' do
@@ -333,7 +360,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
       end
       test 'user should not have been created' do
-        assert_nil @resource.id
+        refute @resource.persisted?
       end
       test 'error should be returned in the response' do
@@ -362,7 +389,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
       end
       test 'user should have been created' do
-        assert_nil @resource.id
+        refute @resource.persisted?
       end
       test 'error should be returned in the response' do
@@ -393,7 +420,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
       end
       test 'user should have been created' do
-        assert_nil @resource.id
+        refute @resource.persisted?
       end
       test 'error should be returned in the response' do

data/test/controllers/devise_token_auth/sessions_controller_test.rb CHANGED

@@ -17,12 +17,6 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
       describe 'success' do
         before do
-          @old_sign_in_count      = @existing_user.sign_in_count
-          @old_current_sign_in_at = @existing_user.current_sign_in_at
-          @old_last_sign_in_at    = @existing_user.last_sign_in_at
-          @old_sign_in_ip         = @existing_user.current_sign_in_ip
-          @old_last_sign_in_ip    = @existing_user.last_sign_in_ip
           post :create,
                params: {
                  email: @existing_user.email,
@@ -31,12 +25,6 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
           @resource = assigns(:resource)
           @data = JSON.parse(response.body)
-          @new_sign_in_count      = @resource.sign_in_count
-          @new_current_sign_in_at = @resource.current_sign_in_at
-          @new_last_sign_in_at    = @resource.last_sign_in_at
-          @new_sign_in_ip         = @resource.current_sign_in_ip
-          @new_last_sign_in_ip    = @resource.last_sign_in_ip
         end
         test 'request should succeed' do
@@ -47,32 +35,6 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
           assert_equal @existing_user.email, @data['data']['email']
         end
-        describe 'trackable' do
-          test 'sign_in_count incrementns' do
-            assert_equal @old_sign_in_count + 1, @new_sign_in_count
-          end
-          test 'current_sign_in_at is updated' do
-            refute @old_current_sign_in_at
-            assert @new_current_sign_in_at
-          end
-          test 'last_sign_in_at is updated' do
-            refute @old_last_sign_in_at
-            assert @new_last_sign_in_at
-          end
-          test 'sign_in_ip is updated' do
-            refute @old_sign_in_ip
-            assert_equal '0.0.0.0', @new_sign_in_ip
-          end
-          test 'last_sign_in_ip is updated' do
-            refute @old_last_sign_in_ip
-            assert_equal '0.0.0.0', @new_last_sign_in_ip
-          end
-        end
         describe "with multiple clients and headers don't change in each request" do
           before do
             # Set the max_number_of_devices to a lower number

data/test/controllers/devise_token_auth/token_validations_controller_test.rb CHANGED

@@ -47,7 +47,8 @@ class DeviseTokenAuth::TokenValidationsControllerTest < ActionDispatch::Integrat
     describe 'with invalid user' do
       before do
-        @resource.update_column :email, 'invalid'
+        @resource.update_column(:email, 'invalid') if DEVISE_TOKEN_AUTH_ORM == :active_record
+        @resource.set(email: 'invalid') if DEVISE_TOKEN_AUTH_ORM == :mongoid
       end
       test 'request should raise invalid model error' do

data/test/dummy/app/{models → active_record}/lockable_user.rb RENAMED

File without changes

data/test/dummy/app/{models → active_record}/mang.rb RENAMED

File without changes

data/test/dummy/app/{models → active_record}/only_email_user.rb RENAMED

File without changes

data/test/dummy/app/{models → active_record}/scoped_user.rb RENAMED

@@ -3,7 +3,7 @@
 class ScopedUser < ActiveRecord::Base
   # Include default devise modules.
   devise :database_authenticatable, :registerable,
-         :recoverable, :rememberable, :trackable, :validatable,
-         :confirmable, :omniauthable
+         :recoverable, :rememberable,
+         :validatable, :confirmable, :omniauthable
   include DeviseTokenAuth::Concerns::User
 end

data/test/dummy/app/{models → active_record}/unconfirmable_user.rb RENAMED

@@ -4,7 +4,6 @@ class UnconfirmableUser < ActiveRecord::Base
   # Include default devise modules.
   devise :database_authenticatable, :registerable,
          :recoverable, :rememberable,
-         :trackable, :validatable,
-         :omniauthable
+         :validatable, :omniauthable
   include DeviseTokenAuth::Concerns::User
 end

data/test/dummy/app/{models → active_record}/unregisterable_user.rb RENAMED

@@ -2,8 +2,8 @@
 class UnregisterableUser < ActiveRecord::Base
   # Include default devise modules.
-  devise :database_authenticatable,
-         :recoverable, :trackable, :validatable,
-         :confirmable, :omniauthable
+  devise :database_authenticatable, :recoverable,
+         :validatable, :confirmable,
+         :omniauthable
   include DeviseTokenAuth::Concerns::User
 end

data/test/dummy/app/active_record/user.rb ADDED

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+class User < ActiveRecord::Base
+  include DeviseTokenAuth::Concerns::User
+  include FavoriteColor
+end

data/test/dummy/app/controllers/overrides/sessions_controller.rb CHANGED

@@ -5,7 +5,7 @@ module Overrides
     OVERRIDE_PROOF = '(^^,)'.freeze
     def create
-      @resource = resource_class.find_by(email: resource_params[:email])
+      @resource = resource_class.dta_find_by(email: resource_params[:email])
       if @resource && valid_params?(:email, resource_params[:email]) && @resource.valid_password?(resource_params[:password]) && @resource.confirmed?
         @client_id, @token = @resource.create_token

data/test/dummy/app/models/{user.rb → concerns/favorite_color.rb} RENAMED

@@ -1,13 +1,12 @@
-# frozen_string_literal: true
-class User < ActiveRecord::Base
-  include DeviseTokenAuth::Concerns::User
-  validates :operating_thetan, numericality: true, allow_nil: true
-  validate :ensure_correct_favorite_color
+module FavoriteColor
+  extend ActiveSupport::Concern
+  included do
+    validates :operating_thetan, numericality: true, allow_nil: true
+    validate :ensure_correct_favorite_color
+  end
   def ensure_correct_favorite_color
     if favorite_color && (favorite_color != '')
       unless ApplicationHelper::COLOR_NAMES.any?{ |s| s.casecmp(favorite_color)==0 }
         matches = ApplicationHelper::COLOR_SEARCH.search(favorite_color)

data/test/dummy/app/mongoid/lockable_user.rb ADDED

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+class LockableUser
+  include Mongoid::Document
+  include Mongoid::Timestamps
+  include Mongoid::Locker
+  field :locker_locked_at, type: Time
+  field :locker_locked_until, type: Time
+  locker locked_at_field: :locker_locked_at,
+         locked_until_field: :locker_locked_until
+  ## User Info
+  field :name,      type: String
+  field :nickname,  type: String
+  field :image,     type: String
+  ## Database authenticatable
+  field :email,              type: String, default: ''
+  field :encrypted_password, type: String, default: ''
+  ## Lockable
+  field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts
+  field :unlock_token,    type: String # Only if unlock strategy is :email or :both
+  field :locked_at,       type: Time
+  ## Required
+  field :provider, type: String
+  field :uid,      type: String, default: ''
+  ## Tokens
+  field :tokens, type: Hash, default: {}
+  # Include default devise modules.
+  devise :database_authenticatable, :registerable, :lockable
+  include DeviseTokenAuth::Concerns::User
+end

data/test/dummy/app/mongoid/mang.rb ADDED

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+class Mang
+  include Mongoid::Document
+  include Mongoid::Timestamps
+  include Mongoid::Locker
+  field :locker_locked_at, type: Time
+  field :locker_locked_until, type: Time
+  locker locked_at_field: :locker_locked_at,
+         locked_until_field: :locker_locked_until
+  ## User Info
+  field :name,      type: String
+  field :nickname,  type: String
+  field :image,     type: String
+  ## Database authenticatable
+  field :email,              type: String, default: ''
+  field :encrypted_password, type: String, default: ''
+  ## Recoverable
+  field :reset_password_token,        type: String
+  field :reset_password_sent_at,      type: Time
+  field :reset_password_redirect_url, type: String
+  field :allow_password_change,       type: Boolean, default: false
+  ## Rememberable
+  field :remember_created_at, type: Time
+  ## Confirmable
+  field :confirmation_token,   type: String
+  field :confirmed_at,         type: Time
+  field :confirmation_sent_at, type: Time
+  field :unconfirmed_email,    type: String # Only if using reconfirmable
+  ## Required
+  field :provider, type: String
+  field :uid,      type: String, default: ''
+  ## Tokens
+  field :tokens, type: Hash, default: {}
+  include DeviseTokenAuth::Concerns::User
+end

data/test/dummy/app/mongoid/only_email_user.rb ADDED

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+class OnlyEmailUser
+  include Mongoid::Document
+  include Mongoid::Timestamps
+  include Mongoid::Locker
+  field :locker_locked_at, type: Time
+  field :locker_locked_until, type: Time
+  locker locked_at_field: :locker_locked_at,
+         locked_until_field: :locker_locked_until
+  ## User Info
+  field :name,      type: String
+  field :nickname,  type: String
+  field :image,     type: String
+  ## Database authenticatable
+  field :email,              type: String, default: ''
+  field :encrypted_password, type: String, default: ''
+  ## Required
+  field :provider, type: String
+  field :uid,      type: String, default: ''
+  ## Tokens
+  field :tokens, type: Hash, default: {}
+  # Include default devise modules.
+  devise :database_authenticatable, :registerable
+  include DeviseTokenAuth::Concerns::User
+end

data/test/dummy/app/mongoid/scoped_user.rb ADDED

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+class ScopedUser
+  include Mongoid::Document
+  include Mongoid::Timestamps
+  include Mongoid::Locker
+  field :locker_locked_at, type: Time
+  field :locker_locked_until, type: Time
+  locker locked_at_field: :locker_locked_at,
+         locked_until_field: :locker_locked_until
+  ## User Info
+  field :name,      type: String
+  field :nickname,  type: String
+  field :image,     type: String
+  ## Database authenticatable
+  field :email,              type: String, default: ''
+  field :encrypted_password, type: String, default: ''
+  ## Recoverable
+  field :reset_password_token,        type: String
+  field :reset_password_sent_at,      type: Time
+  field :reset_password_redirect_url, type: String
+  field :allow_password_change,       type: Boolean, default: false
+  ## Rememberable
+  field :remember_created_at, type: Time
+  ## Confirmable
+  field :confirmation_token,   type: String
+  field :confirmed_at,         type: Time
+  field :confirmation_sent_at, type: Time
+  field :unconfirmed_email,    type: String # Only if using reconfirmable
+  ## Required
+  field :provider, type: String
+  field :uid,      type: String, default: ''
+  ## Tokens
+  field :tokens, type: Hash, default: {}
+  # Include default devise modules.
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :trackable,
+         :validatable, :confirmable, :omniauthable
+  include DeviseTokenAuth::Concerns::User
+end

data/test/dummy/app/mongoid/unconfirmable_user.rb ADDED

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+class UnconfirmableUser
+  include Mongoid::Document
+  include Mongoid::Timestamps
+  include Mongoid::Locker
+  field :locker_locked_at, type: Time
+  field :locker_locked_until, type: Time
+  locker locked_at_field: :locker_locked_at,
+         locked_until_field: :locker_locked_until
+  ## User Info
+  field :name,      type: String
+  field :nickname,  type: String
+  field :image,     type: String
+  ## Database authenticatable
+  field :email,              type: String, default: ''
+  field :encrypted_password, type: String, default: ''
+  ## Recoverable
+  field :reset_password_token,        type: String
+  field :reset_password_sent_at,      type: Time
+  field :reset_password_redirect_url, type: String
+  field :allow_password_change,       type: Boolean, default: false
+  ## Rememberable
+  field :remember_created_at, type: Time
+  ## Required
+  field :provider, type: String
+  field :uid,      type: String, default: ''
+  ## Tokens
+  field :tokens, type: Hash, default: {}
+  # Include default devise modules.
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :trackable,
+         :validatable, :omniauthable
+  include DeviseTokenAuth::Concerns::User
+end

data/test/dummy/app/mongoid/unregisterable_user.rb ADDED

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+class UnregisterableUser
+  include Mongoid::Document
+  include Mongoid::Timestamps
+  include Mongoid::Locker
+  field :locker_locked_at, type: Time
+  field :locker_locked_until, type: Time
+  locker locked_at_field: :locker_locked_at,
+         locked_until_field: :locker_locked_until
+  ## User Info
+  field :name,      type: String
+  field :nickname,  type: String
+  field :image,     type: String
+  ## Database authenticatable
+  field :email,              type: String, default: ''
+  field :encrypted_password, type: String, default: ''
+  ## Recoverable
+  field :reset_password_token,        type: String
+  field :reset_password_sent_at,      type: Time
+  field :reset_password_redirect_url, type: String
+  field :allow_password_change,       type: Boolean, default: false
+  ## Confirmable
+  field :confirmation_token,   type: String
+  field :confirmed_at,         type: Time
+  field :confirmation_sent_at, type: Time
+  field :unconfirmed_email,    type: String # Only if using reconfirmable
+  ## Required
+  field :provider, type: String
+  field :uid,      type: String, default: ''
+  ## Tokens
+  field :tokens, type: Hash, default: {}
+  # Include default devise modules.
+  devise :database_authenticatable, :recoverable,
+         :trackable, :validatable, :confirmable,
+         :omniauthable
+  include DeviseTokenAuth::Concerns::User
+end