devise_token_auth 1.0.0 → 1.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/README.md +4 -2
- data/app/controllers/devise_token_auth/application_controller.rb +2 -3
- data/app/controllers/devise_token_auth/concerns/resource_finder.rb +11 -12
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +41 -57
- data/app/controllers/devise_token_auth/confirmations_controller.rb +63 -20
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +77 -29
- data/app/controllers/devise_token_auth/passwords_controller.rb +44 -30
- data/app/controllers/devise_token_auth/registrations_controller.rb +33 -40
- data/app/controllers/devise_token_auth/sessions_controller.rb +5 -5
- data/app/controllers/devise_token_auth/unlocks_controller.rb +4 -4
- data/app/models/devise_token_auth/concerns/active_record_support.rb +14 -0
- data/app/models/devise_token_auth/concerns/confirmable_support.rb +28 -0
- data/app/models/devise_token_auth/concerns/mongoid_support.rb +19 -0
- data/app/models/devise_token_auth/concerns/tokens_serialization.rb +31 -0
- data/app/models/devise_token_auth/concerns/user.rb +51 -70
- data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +6 -3
- data/app/validators/{email_validator.rb → devise_token_auth_email_validator.rb} +2 -2
- data/config/locales/da-DK.yml +2 -0
- data/config/locales/de.yml +2 -0
- data/config/locales/en.yml +7 -0
- data/config/locales/es.yml +2 -0
- data/config/locales/fr.yml +2 -0
- data/config/locales/he.yml +52 -0
- data/config/locales/it.yml +2 -0
- data/config/locales/ja.yml +4 -2
- data/config/locales/ko.yml +51 -0
- data/config/locales/nl.yml +2 -0
- data/config/locales/pl.yml +6 -3
- data/config/locales/pt-BR.yml +2 -0
- data/config/locales/pt.yml +6 -3
- data/config/locales/ro.yml +2 -0
- data/config/locales/ru.yml +2 -0
- data/config/locales/sq.yml +2 -0
- data/config/locales/sv.yml +2 -0
- data/config/locales/uk.yml +2 -0
- data/config/locales/vi.yml +2 -0
- data/config/locales/zh-CN.yml +2 -0
- data/config/locales/zh-HK.yml +2 -0
- data/config/locales/zh-TW.yml +2 -0
- data/lib/devise_token_auth/blacklist.rb +2 -0
- data/lib/devise_token_auth/controllers/helpers.rb +5 -9
- data/lib/devise_token_auth/engine.rb +7 -1
- data/lib/devise_token_auth/rails/routes.rb +16 -11
- data/lib/devise_token_auth/token_factory.rb +126 -0
- data/lib/devise_token_auth/url.rb +3 -0
- data/lib/devise_token_auth/version.rb +1 -1
- data/lib/devise_token_auth.rb +6 -3
- data/lib/generators/devise_token_auth/USAGE +1 -1
- data/lib/generators/devise_token_auth/install_generator.rb +7 -91
- data/lib/generators/devise_token_auth/install_generator_helpers.rb +98 -0
- data/lib/generators/devise_token_auth/install_mongoid_generator.rb +46 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +10 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +1 -8
- data/lib/generators/devise_token_auth/templates/user.rb.erb +2 -2
- data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +56 -0
- data/test/controllers/custom/custom_confirmations_controller_test.rb +1 -1
- data/test/controllers/demo_user_controller_test.rb +2 -2
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +83 -19
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +109 -42
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +227 -102
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +34 -7
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +0 -38
- data/test/controllers/devise_token_auth/token_validations_controller_test.rb +2 -1
- data/test/dummy/app/active_record/confirmable_user.rb +11 -0
- data/test/dummy/app/{models → active_record}/scoped_user.rb +2 -2
- data/test/dummy/app/{models → active_record}/unconfirmable_user.rb +1 -2
- data/test/dummy/app/{models → active_record}/unregisterable_user.rb +3 -3
- data/test/dummy/app/active_record/user.rb +6 -0
- data/test/dummy/app/controllers/overrides/confirmations_controller.rb +3 -3
- data/test/dummy/app/controllers/overrides/passwords_controller.rb +3 -3
- data/test/dummy/app/controllers/overrides/registrations_controller.rb +1 -1
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +2 -2
- data/test/dummy/app/models/{user.rb → concerns/favorite_color.rb} +7 -8
- data/test/dummy/app/mongoid/confirmable_user.rb +52 -0
- data/test/dummy/app/mongoid/lockable_user.rb +38 -0
- data/test/dummy/app/mongoid/mang.rb +46 -0
- data/test/dummy/app/mongoid/only_email_user.rb +33 -0
- data/test/dummy/app/mongoid/scoped_user.rb +50 -0
- data/test/dummy/app/mongoid/unconfirmable_user.rb +44 -0
- data/test/dummy/app/mongoid/unregisterable_user.rb +47 -0
- data/test/dummy/app/mongoid/user.rb +49 -0
- data/test/dummy/app/views/layouts/application.html.erb +0 -2
- data/test/dummy/config/application.rb +22 -1
- data/test/dummy/config/boot.rb +4 -0
- data/test/dummy/config/environments/development.rb +0 -10
- data/test/dummy/config/environments/production.rb +0 -16
- data/test/dummy/config/initializers/devise.rb +285 -0
- data/test/dummy/config/initializers/devise_token_auth.rb +35 -4
- data/test/dummy/config/initializers/figaro.rb +1 -1
- data/test/dummy/config/initializers/omniauth.rb +1 -0
- data/test/dummy/config/routes.rb +2 -0
- data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +0 -7
- data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +0 -7
- data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +0 -7
- data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +0 -7
- data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +0 -7
- data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +0 -7
- data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +0 -7
- data/test/dummy/db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb +49 -0
- data/test/dummy/db/schema.rb +26 -28
- data/test/dummy/tmp/generators/app/models/azpire/v1/human_resource/user.rb +9 -0
- data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +60 -0
- data/test/dummy/tmp/generators/db/migrate/20210126004321_devise_token_auth_create_azpire_v1_human_resource_users.rb +49 -0
- data/test/factories/users.rb +3 -2
- data/test/lib/devise_token_auth/blacklist_test.rb +11 -0
- data/test/lib/devise_token_auth/rails/custom_routes_test.rb +29 -0
- data/test/lib/devise_token_auth/rails/routes_test.rb +87 -0
- data/test/lib/devise_token_auth/token_factory_test.rb +191 -0
- data/test/lib/devise_token_auth/url_test.rb +2 -2
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +51 -31
- data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +51 -31
- data/test/models/concerns/mongoid_support_test.rb +31 -0
- data/test/models/concerns/tokens_serialization_test.rb +104 -0
- data/test/models/confirmable_user_test.rb +35 -0
- data/test/models/only_email_user_test.rb +0 -8
- data/test/models/user_test.rb +1 -33
- data/test/test_helper.rb +13 -3
- metadata +125 -32
- data/config/initializers/devise.rb +0 -198
- data/test/dummy/config/initializers/assets.rb +0 -10
- data/test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb +0 -5
- data/test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb +0 -8
- /data/test/dummy/app/{models → active_record}/lockable_user.rb +0 -0
- /data/test/dummy/app/{models → active_record}/mang.rb +0 -0
- /data/test/dummy/app/{models → active_record}/only_email_user.rb +0 -0
@@ -155,6 +155,8 @@ class OmniauthTest < ActionDispatch::IntegrationTest
|
|
155
155
|
describe 'with new user' do
|
156
156
|
before do
|
157
157
|
User.any_instance.expects(:new_record?).returns(true).at_least_once
|
158
|
+
# https://docs.mongodb.com/mongoid/master/tutorials/mongoid-documents/#notes-on-persistence
|
159
|
+
User.any_instance.expects(:save!).returns(true)
|
158
160
|
end
|
159
161
|
|
160
162
|
test 'response contains oauth_registration attr' do
|
@@ -315,60 +317,125 @@ class OmniauthTest < ActionDispatch::IntegrationTest
|
|
315
317
|
end
|
316
318
|
|
317
319
|
describe 'Using redirect_whitelist' do
|
318
|
-
before do
|
319
|
-
@user_email = 'slemp.diggler@sillybandz.gov'
|
320
|
-
OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new(
|
321
|
-
provider: 'facebook',
|
322
|
-
uid: '123545',
|
323
|
-
info: {
|
324
|
-
name: 'chong',
|
325
|
-
email: @user_email
|
326
|
-
}
|
327
|
-
)
|
328
|
-
@good_redirect_url = Faker::Internet.url
|
329
|
-
@bad_redirect_url = Faker::Internet.url
|
330
|
-
DeviseTokenAuth.redirect_whitelist = [@good_redirect_url]
|
331
|
-
end
|
332
320
|
|
333
|
-
|
334
|
-
|
335
|
-
|
321
|
+
describe "newWindow" do
|
322
|
+
before do
|
323
|
+
@user_email = 'slemp.diggler@sillybandz.gov'
|
324
|
+
OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new(
|
325
|
+
provider: 'facebook',
|
326
|
+
uid: '123545',
|
327
|
+
info: {
|
328
|
+
name: 'chong',
|
329
|
+
email: @user_email
|
330
|
+
}
|
331
|
+
)
|
332
|
+
@good_redirect_url = Faker::Internet.url
|
333
|
+
@bad_redirect_url = Faker::Internet.url
|
334
|
+
DeviseTokenAuth.redirect_whitelist = [@good_redirect_url]
|
335
|
+
end
|
336
336
|
|
337
|
-
|
338
|
-
|
339
|
-
|
340
|
-
omniauth_window_type: 'newWindow' }
|
337
|
+
teardown do
|
338
|
+
DeviseTokenAuth.redirect_whitelist = nil
|
339
|
+
end
|
341
340
|
|
342
|
-
|
341
|
+
test 'request using non-whitelisted redirect fail' do
|
342
|
+
get '/auth/facebook',
|
343
|
+
params: { auth_origin_url: @bad_redirect_url,
|
344
|
+
omniauth_window_type: 'newWindow' }
|
343
345
|
|
344
|
-
|
345
|
-
|
346
|
-
|
346
|
+
follow_all_redirects!
|
347
|
+
|
348
|
+
data = get_parsed_data_json
|
349
|
+
assert_equal "Redirect to '#{@bad_redirect_url}' not allowed.",
|
350
|
+
data['error']
|
351
|
+
end
|
352
|
+
|
353
|
+
test 'request to whitelisted redirect should succeed' do
|
354
|
+
get '/auth/facebook',
|
355
|
+
params: {
|
356
|
+
auth_origin_url: @good_redirect_url,
|
357
|
+
omniauth_window_type: 'newWindow'
|
358
|
+
}
|
359
|
+
|
360
|
+
follow_all_redirects!
|
361
|
+
|
362
|
+
data = get_parsed_data_json
|
363
|
+
assert_equal @user_email, data['email']
|
364
|
+
end
|
365
|
+
|
366
|
+
test 'should support wildcards' do
|
367
|
+
DeviseTokenAuth.redirect_whitelist = ["#{@good_redirect_url[0..8]}*"]
|
368
|
+
get '/auth/facebook',
|
369
|
+
params: { auth_origin_url: @good_redirect_url,
|
370
|
+
omniauth_window_type: 'newWindow' }
|
371
|
+
|
372
|
+
follow_all_redirects!
|
373
|
+
|
374
|
+
data = get_parsed_data_json
|
375
|
+
assert_equal @user_email, data['email']
|
376
|
+
end
|
347
377
|
end
|
348
378
|
|
349
|
-
|
350
|
-
|
351
|
-
|
352
|
-
|
353
|
-
|
379
|
+
describe "sameWindow" do
|
380
|
+
before do
|
381
|
+
@user_email = 'slemp.diggler@sillybandz.gov'
|
382
|
+
OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new(
|
383
|
+
provider: 'facebook',
|
384
|
+
uid: '123545',
|
385
|
+
info: {
|
386
|
+
name: 'chong',
|
387
|
+
email: @user_email
|
354
388
|
}
|
389
|
+
)
|
390
|
+
@good_redirect_url = '/auth_origin'
|
391
|
+
@bad_redirect_url = Faker::Internet.url
|
392
|
+
DeviseTokenAuth.redirect_whitelist = [@good_redirect_url]
|
393
|
+
end
|
355
394
|
|
356
|
-
|
395
|
+
teardown do
|
396
|
+
DeviseTokenAuth.redirect_whitelist = nil
|
397
|
+
end
|
357
398
|
|
358
|
-
|
359
|
-
|
360
|
-
|
399
|
+
test 'request using non-whitelisted redirect fail' do
|
400
|
+
get '/auth/facebook',
|
401
|
+
params: { auth_origin_url: @bad_redirect_url,
|
402
|
+
omniauth_window_type: 'sameWindow' }
|
361
403
|
|
362
|
-
|
363
|
-
|
364
|
-
|
365
|
-
|
366
|
-
|
404
|
+
follow_all_redirects!
|
405
|
+
|
406
|
+
assert_equal 200, response.status
|
407
|
+
assert_equal true, response.body.include?("Redirect to '#{@bad_redirect_url}' not allowed")
|
408
|
+
end
|
409
|
+
|
410
|
+
test 'request to whitelisted redirect should succeed' do
|
411
|
+
get '/auth/facebook',
|
412
|
+
params: {
|
413
|
+
auth_origin_url: '/auth_origin',
|
414
|
+
omniauth_window_type: 'sameWindow'
|
415
|
+
}
|
416
|
+
|
417
|
+
follow_all_redirects!
|
418
|
+
|
419
|
+
assert_equal 200, response.status
|
420
|
+
assert_equal false, response.body.include?("Redirect to '#{@good_redirect_url}' not allowed")
|
421
|
+
end
|
422
|
+
|
423
|
+
test 'should support wildcards' do
|
424
|
+
DeviseTokenAuth.redirect_whitelist = ["#{@good_redirect_url[0..8]}*"]
|
425
|
+
get '/auth/facebook',
|
426
|
+
params: {
|
427
|
+
auth_origin_url: '/auth_origin',
|
428
|
+
omniauth_window_type: 'sameWindow'
|
429
|
+
}
|
430
|
+
|
431
|
+
follow_all_redirects!
|
432
|
+
|
433
|
+
assert_equal 200, response.status
|
434
|
+
assert_equal false, response.body.include?("Redirect to '#{@good_redirect_url}' not allowed")
|
435
|
+
end
|
367
436
|
|
368
|
-
follow_all_redirects!
|
369
437
|
|
370
|
-
data = get_parsed_data_json
|
371
|
-
assert_equal @user_email, data['email']
|
372
438
|
end
|
439
|
+
|
373
440
|
end
|
374
441
|
end
|
@@ -41,22 +41,46 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
41
41
|
before do
|
42
42
|
@auth_headers = @resource.create_new_auth_token
|
43
43
|
@new_password = Faker::Internet.password
|
44
|
-
|
45
|
-
post :create,
|
46
|
-
params: { email: 'chester@cheet.ah' }
|
47
|
-
@data = JSON.parse(response.body)
|
48
44
|
end
|
49
45
|
|
50
|
-
|
51
|
-
|
46
|
+
describe 'for create' do
|
47
|
+
before do
|
48
|
+
post :create,
|
49
|
+
params: { email: 'chester@cheet.ah' }
|
50
|
+
@data = JSON.parse(response.body)
|
51
|
+
end
|
52
|
+
|
53
|
+
test 'response should fail' do
|
54
|
+
assert_equal 401, response.status
|
55
|
+
end
|
56
|
+
|
57
|
+
test 'error message should be returned' do
|
58
|
+
assert @data['errors']
|
59
|
+
assert_equal(
|
60
|
+
@data['errors'],
|
61
|
+
[I18n.t('devise_token_auth.passwords.missing_redirect_url')]
|
62
|
+
)
|
63
|
+
end
|
52
64
|
end
|
53
65
|
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
@
|
58
|
-
|
59
|
-
|
66
|
+
describe 'for edit' do
|
67
|
+
before do
|
68
|
+
get_reset_token
|
69
|
+
get :edit, params: { reset_password_token: @mail_reset_token}
|
70
|
+
@data = JSON.parse(response.body)
|
71
|
+
end
|
72
|
+
|
73
|
+
test 'response should fail' do
|
74
|
+
assert_equal 401, response.status
|
75
|
+
end
|
76
|
+
|
77
|
+
test 'error message should be returned' do
|
78
|
+
assert @data['errors']
|
79
|
+
assert_equal(
|
80
|
+
@data['errors'],
|
81
|
+
[I18n.t('devise_token_auth.passwords.missing_redirect_url')]
|
82
|
+
)
|
83
|
+
end
|
60
84
|
end
|
61
85
|
end
|
62
86
|
|
@@ -215,10 +239,10 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
215
239
|
end
|
216
240
|
end
|
217
241
|
|
218
|
-
describe '
|
242
|
+
describe 'Checking reset_password_token' do
|
219
243
|
before do
|
220
244
|
post :create, params: {
|
221
|
-
email:
|
245
|
+
email: @resource.email,
|
222
246
|
redirect_url: @redirect_url
|
223
247
|
}
|
224
248
|
|
@@ -235,14 +259,14 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
235
259
|
assert_equal Devise.token_generator.digest(self, :reset_password_token, @mail_reset_token), @resource.reset_password_token
|
236
260
|
end
|
237
261
|
|
238
|
-
test 'reset_password_token should be rewritten by origin mail_reset_token' do
|
262
|
+
test 'reset_password_token should not be rewritten by origin mail_reset_token' do
|
239
263
|
get :edit, params: {
|
240
264
|
reset_password_token: @mail_reset_token,
|
241
265
|
redirect_url: @mail_redirect_url
|
242
266
|
}
|
243
267
|
@resource.reload
|
244
268
|
|
245
|
-
assert_equal @mail_reset_token, @resource.reset_password_token
|
269
|
+
assert_equal Devise.token_generator.digest(self, :reset_password_token, @mail_reset_token), @resource.reset_password_token
|
246
270
|
end
|
247
271
|
|
248
272
|
test 'response should return success status' do
|
@@ -254,26 +278,6 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
254
278
|
assert_equal 302, response.status
|
255
279
|
end
|
256
280
|
|
257
|
-
test 'reset_password_token should be valid only one first time' do
|
258
|
-
get :edit, params: {
|
259
|
-
reset_password_token: @mail_reset_token,
|
260
|
-
redirect_url: @mail_redirect_url
|
261
|
-
}
|
262
|
-
|
263
|
-
@resource.reload
|
264
|
-
assert_equal @mail_reset_token, @resource.reset_password_token
|
265
|
-
|
266
|
-
assert_raises(ActionController::RoutingError) {
|
267
|
-
get :edit, params: {
|
268
|
-
reset_password_token: @mail_reset_token,
|
269
|
-
redirect_url: @mail_redirect_url
|
270
|
-
}
|
271
|
-
}
|
272
|
-
|
273
|
-
@resource.reload
|
274
|
-
assert_equal @mail_reset_token, @resource.reset_password_token
|
275
|
-
end
|
276
|
-
|
277
281
|
test 'reset_password_sent_at should be valid' do
|
278
282
|
assert_equal @resource.reset_password_period_valid?, true
|
279
283
|
|
@@ -283,7 +287,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
283
287
|
}
|
284
288
|
|
285
289
|
@resource.reload
|
286
|
-
assert_equal @mail_reset_token, @resource.reset_password_token
|
290
|
+
assert_equal Devise.token_generator.digest(self, :reset_password_token, @mail_reset_token), @resource.reset_password_token
|
287
291
|
end
|
288
292
|
|
289
293
|
test 'reset_password_sent_at should be expired' do
|
@@ -354,8 +358,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
354
358
|
|
355
359
|
describe 'Using redirect_whitelist' do
|
356
360
|
before do
|
357
|
-
@
|
358
|
-
@good_redirect_url = Faker::Internet.url
|
361
|
+
@good_redirect_url = @redirect_url
|
359
362
|
@bad_redirect_url = Faker::Internet.url
|
360
363
|
DeviseTokenAuth.redirect_whitelist = [@good_redirect_url]
|
361
364
|
end
|
@@ -364,31 +367,65 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
364
367
|
DeviseTokenAuth.redirect_whitelist = nil
|
365
368
|
end
|
366
369
|
|
367
|
-
|
368
|
-
|
369
|
-
|
370
|
-
|
370
|
+
describe 'for create' do
|
371
|
+
test 'request to whitelisted redirect should be successful' do
|
372
|
+
post :create,
|
373
|
+
params: { email: @resource.email,
|
374
|
+
redirect_url: @good_redirect_url }
|
371
375
|
|
372
|
-
|
373
|
-
|
376
|
+
assert_equal 200, response.status
|
377
|
+
end
|
374
378
|
|
375
|
-
|
376
|
-
|
377
|
-
|
378
|
-
|
379
|
+
test 'request to non-whitelisted redirect should fail' do
|
380
|
+
post :create,
|
381
|
+
params: { email: @resource.email,
|
382
|
+
redirect_url: @bad_redirect_url }
|
383
|
+
|
384
|
+
assert_equal 422, response.status
|
385
|
+
end
|
386
|
+
|
387
|
+
test 'request to non-whitelisted redirect should return error message' do
|
388
|
+
post :create,
|
389
|
+
params: { email: @resource.email,
|
390
|
+
redirect_url: @bad_redirect_url }
|
379
391
|
|
380
|
-
|
392
|
+
@data = JSON.parse(response.body)
|
393
|
+
assert @data['errors']
|
394
|
+
assert_equal @data['errors'],
|
395
|
+
[I18n.t('devise_token_auth.passwords.not_allowed_redirect_url',
|
396
|
+
redirect_url: @bad_redirect_url)]
|
397
|
+
end
|
381
398
|
end
|
382
|
-
test 'request to non-whitelisted redirect should return error message' do
|
383
|
-
post :create,
|
384
|
-
params: { email: @resource.email,
|
385
|
-
redirect_url: @bad_redirect_url }
|
386
399
|
|
387
|
-
|
388
|
-
|
389
|
-
|
390
|
-
|
391
|
-
|
400
|
+
describe 'for edit' do
|
401
|
+
before do
|
402
|
+
@auth_headers = @resource.create_new_auth_token
|
403
|
+
@new_password = Faker::Internet.password
|
404
|
+
|
405
|
+
get_reset_token
|
406
|
+
end
|
407
|
+
|
408
|
+
test 'request to whitelisted redirect should be successful' do
|
409
|
+
get :edit, params: { reset_password_token: @mail_reset_token, redirect_url: @good_redirect_url }
|
410
|
+
|
411
|
+
assert_equal 302, response.status
|
412
|
+
end
|
413
|
+
|
414
|
+
test 'request to non-whitelisted redirect should fail' do
|
415
|
+
get :edit, params: { reset_password_token: @mail_reset_token, redirect_url: @bad_redirect_url }
|
416
|
+
|
417
|
+
assert_equal 422, response.status
|
418
|
+
end
|
419
|
+
|
420
|
+
test 'request to non-whitelisted redirect should return error message' do
|
421
|
+
get :edit, params: { reset_password_token: @mail_reset_token, redirect_url: @bad_redirect_url }
|
422
|
+
|
423
|
+
@data = JSON.parse(response.body)
|
424
|
+
assert @data['errors']
|
425
|
+
assert_equal @data['errors'],
|
426
|
+
[I18n.t('devise_token_auth.passwords.not_allowed_redirect_url',
|
427
|
+
redirect_url: @bad_redirect_url)]
|
428
|
+
end
|
392
429
|
end
|
393
430
|
end
|
394
431
|
|
@@ -403,6 +440,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
403
440
|
|
404
441
|
describe 'success' do
|
405
442
|
before do
|
443
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
406
444
|
@auth_headers = @resource.create_new_auth_token
|
407
445
|
request.headers.merge!(@auth_headers)
|
408
446
|
@new_password = Faker::Internet.password
|
@@ -467,6 +505,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
467
505
|
|
468
506
|
describe 'current password mismatch error' do
|
469
507
|
before do
|
508
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
470
509
|
@auth_headers = @resource.create_new_auth_token
|
471
510
|
request.headers.merge!(@auth_headers)
|
472
511
|
@new_password = Faker::Internet.password
|
@@ -483,7 +522,35 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
483
522
|
end
|
484
523
|
|
485
524
|
describe 'change password' do
|
486
|
-
describe '
|
525
|
+
describe 'using reset token' do
|
526
|
+
before do
|
527
|
+
DeviseTokenAuth.require_client_password_reset_token = true
|
528
|
+
@redirect_url = 'http://client-app.dev'
|
529
|
+
get_reset_token
|
530
|
+
edit_url = CGI.unescape(@mail.body.match(/href=\"(.+)\"/)[1])
|
531
|
+
query_parts = Rack::Utils.parse_nested_query(URI.parse(edit_url).query)
|
532
|
+
get :edit, params: query_parts
|
533
|
+
end
|
534
|
+
|
535
|
+
test 'request should be redirect' do
|
536
|
+
assert_equal 302, response.status
|
537
|
+
end
|
538
|
+
|
539
|
+
test 'request should redirect to correct redirect url' do
|
540
|
+
host = URI.parse(response.location).host
|
541
|
+
query_parts = Rack::Utils.parse_nested_query(URI.parse(response.location).query)
|
542
|
+
|
543
|
+
assert_equal 'client-app.dev', host
|
544
|
+
assert_equal @mail_reset_token, query_parts['reset_password_token']
|
545
|
+
assert_equal 1, query_parts.keys.size
|
546
|
+
end
|
547
|
+
|
548
|
+
teardown do
|
549
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
550
|
+
end
|
551
|
+
end
|
552
|
+
|
553
|
+
describe 'with valid headers' do
|
487
554
|
before do
|
488
555
|
@auth_headers = @resource.create_new_auth_token
|
489
556
|
request.headers.merge!(@auth_headers)
|
@@ -509,6 +576,10 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
509
576
|
test 'new password should authenticate user' do
|
510
577
|
assert @resource.valid_password?(@new_password)
|
511
578
|
end
|
579
|
+
|
580
|
+
test 'reset_password_token should be removed' do
|
581
|
+
assert_nil @resource.reset_password_token
|
582
|
+
end
|
512
583
|
end
|
513
584
|
|
514
585
|
describe 'password mismatch error' do
|
@@ -526,19 +597,93 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
526
597
|
end
|
527
598
|
end
|
528
599
|
|
529
|
-
describe '
|
600
|
+
describe 'without valid headers' do
|
530
601
|
before do
|
531
|
-
@
|
532
|
-
|
602
|
+
@resource.create_new_auth_token
|
603
|
+
new_password = Faker::Internet.password
|
533
604
|
|
534
|
-
put :update, params: { password:
|
535
|
-
password_confirmation:
|
605
|
+
put :update, params: { password: new_password,
|
606
|
+
password_confirmation: new_password }
|
536
607
|
end
|
537
608
|
|
538
609
|
test 'response should fail' do
|
539
610
|
assert_equal 401, response.status
|
540
611
|
end
|
541
612
|
end
|
613
|
+
|
614
|
+
describe 'with valid reset password token' do
|
615
|
+
before do
|
616
|
+
reset_password_token = @resource.send_reset_password_instructions
|
617
|
+
@new_password = Faker::Internet.password
|
618
|
+
@params = { password: @new_password,
|
619
|
+
password_confirmation: @new_password,
|
620
|
+
reset_password_token: reset_password_token }
|
621
|
+
end
|
622
|
+
|
623
|
+
describe 'with require_client_password_reset_token disabled' do
|
624
|
+
before do
|
625
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
626
|
+
put :update, params: @params
|
627
|
+
|
628
|
+
@data = JSON.parse(response.body)
|
629
|
+
@resource.reload
|
630
|
+
end
|
631
|
+
|
632
|
+
test 'request should be not be successful' do
|
633
|
+
assert_equal 401, response.status
|
634
|
+
end
|
635
|
+
end
|
636
|
+
|
637
|
+
describe 'with require_client_password_reset_token enabled' do
|
638
|
+
before do
|
639
|
+
DeviseTokenAuth.require_client_password_reset_token = true
|
640
|
+
put :update, params: @params
|
641
|
+
|
642
|
+
@data = JSON.parse(response.body)
|
643
|
+
@resource.reload
|
644
|
+
end
|
645
|
+
|
646
|
+
test 'request should be successful' do
|
647
|
+
assert_equal 200, response.status
|
648
|
+
end
|
649
|
+
|
650
|
+
test 'request should return success message' do
|
651
|
+
assert @data['message']
|
652
|
+
assert_equal @data['message'],
|
653
|
+
I18n.t('devise_token_auth.passwords.successfully_updated')
|
654
|
+
end
|
655
|
+
|
656
|
+
test 'new password should authenticate user' do
|
657
|
+
assert @resource.valid_password?(@new_password)
|
658
|
+
end
|
659
|
+
|
660
|
+
teardown do
|
661
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
662
|
+
end
|
663
|
+
end
|
664
|
+
end
|
665
|
+
|
666
|
+
describe 'with invalid reset password token' do
|
667
|
+
before do
|
668
|
+
DeviseTokenAuth.require_client_password_reset_token = true
|
669
|
+
@resource.update reset_password_token: 'koskoskoskos'
|
670
|
+
put :update, params: @params
|
671
|
+
@data = JSON.parse(response.body)
|
672
|
+
@resource.reload
|
673
|
+
end
|
674
|
+
|
675
|
+
test 'request should fail' do
|
676
|
+
assert_equal 401, response.status
|
677
|
+
end
|
678
|
+
|
679
|
+
test 'new password should not authenticate user' do
|
680
|
+
assert !@resource.valid_password?(@new_password)
|
681
|
+
end
|
682
|
+
|
683
|
+
teardown do
|
684
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
685
|
+
end
|
686
|
+
end
|
542
687
|
end
|
543
688
|
end
|
544
689
|
|
@@ -554,16 +699,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
554
699
|
before do
|
555
700
|
@resource = create(:mang_user, :confirmed)
|
556
701
|
@redirect_url = 'http://ng-token-auth.dev'
|
557
|
-
|
558
|
-
post :create, params: { email: @resource.email,
|
559
|
-
redirect_url: @redirect_url }
|
560
|
-
|
561
|
-
@mail = ActionMailer::Base.deliveries.last
|
562
|
-
@resource.reload
|
563
|
-
|
564
|
-
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
565
|
-
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
566
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
702
|
+
get_reset_token
|
567
703
|
end
|
568
704
|
|
569
705
|
test 'response should return success status' do
|
@@ -582,15 +718,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
582
718
|
@resource = create(:user)
|
583
719
|
@redirect_url = 'http://ng-token-auth.dev'
|
584
720
|
|
585
|
-
|
586
|
-
redirect_url: @redirect_url }
|
587
|
-
|
588
|
-
@mail = ActionMailer::Base.deliveries.last
|
589
|
-
@resource.reload
|
590
|
-
|
591
|
-
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
592
|
-
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
593
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
721
|
+
get_reset_token
|
594
722
|
|
595
723
|
get :edit, params: { reset_password_token: @mail_reset_token,
|
596
724
|
redirect_url: @mail_redirect_url }
|
@@ -610,17 +738,8 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
610
738
|
|
611
739
|
before do
|
612
740
|
@resource = unconfirmable_users(:user)
|
613
|
-
@redirect_url = 'http://ng-token-auth.dev'
|
614
741
|
|
615
|
-
|
616
|
-
redirect_url: @redirect_url }
|
617
|
-
|
618
|
-
@mail = ActionMailer::Base.deliveries.last
|
619
|
-
@resource.reload
|
620
|
-
|
621
|
-
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
622
|
-
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
623
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
742
|
+
get_reset_token
|
624
743
|
|
625
744
|
get :edit, params: { reset_password_token: @mail_reset_token,
|
626
745
|
redirect_url: @mail_redirect_url }
|
@@ -635,21 +754,27 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
635
754
|
@redirect_url = 'http://ng-token-auth.dev'
|
636
755
|
@config_name = 'altUser'
|
637
756
|
|
638
|
-
|
757
|
+
params = { email: @resource.email,
|
639
758
|
redirect_url: @redirect_url,
|
640
759
|
config_name: @config_name }
|
641
|
-
|
642
|
-
@mail = ActionMailer::Base.deliveries.last
|
643
|
-
@resource.reload
|
644
|
-
|
645
|
-
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
646
|
-
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
647
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
760
|
+
get_reset_token params
|
648
761
|
end
|
649
762
|
|
650
763
|
test 'config_name param is included in the confirmation email link' do
|
651
764
|
assert_equal @config_name, @mail_config_name
|
652
765
|
end
|
653
766
|
end
|
767
|
+
|
768
|
+
def get_reset_token(params = nil)
|
769
|
+
params ||= { email: @resource.email, redirect_url: @redirect_url }
|
770
|
+
post :create, params: params
|
771
|
+
|
772
|
+
@mail = ActionMailer::Base.deliveries.last
|
773
|
+
@resource.reload
|
774
|
+
|
775
|
+
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
776
|
+
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
777
|
+
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
778
|
+
end
|
654
779
|
end
|
655
780
|
end
|