devise_token_auth 1.0.0 → 1.1.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/README.md +4 -2
- data/app/controllers/devise_token_auth/application_controller.rb +2 -3
- data/app/controllers/devise_token_auth/concerns/resource_finder.rb +11 -12
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +41 -57
- data/app/controllers/devise_token_auth/confirmations_controller.rb +63 -20
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +77 -29
- data/app/controllers/devise_token_auth/passwords_controller.rb +44 -30
- data/app/controllers/devise_token_auth/registrations_controller.rb +33 -40
- data/app/controllers/devise_token_auth/sessions_controller.rb +5 -5
- data/app/controllers/devise_token_auth/unlocks_controller.rb +4 -4
- data/app/models/devise_token_auth/concerns/active_record_support.rb +14 -0
- data/app/models/devise_token_auth/concerns/confirmable_support.rb +28 -0
- data/app/models/devise_token_auth/concerns/mongoid_support.rb +19 -0
- data/app/models/devise_token_auth/concerns/tokens_serialization.rb +31 -0
- data/app/models/devise_token_auth/concerns/user.rb +51 -70
- data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +6 -3
- data/app/validators/{email_validator.rb → devise_token_auth_email_validator.rb} +2 -2
- data/config/locales/da-DK.yml +2 -0
- data/config/locales/de.yml +2 -0
- data/config/locales/en.yml +7 -0
- data/config/locales/es.yml +2 -0
- data/config/locales/fr.yml +2 -0
- data/config/locales/he.yml +52 -0
- data/config/locales/it.yml +2 -0
- data/config/locales/ja.yml +4 -2
- data/config/locales/ko.yml +51 -0
- data/config/locales/nl.yml +2 -0
- data/config/locales/pl.yml +6 -3
- data/config/locales/pt-BR.yml +2 -0
- data/config/locales/pt.yml +6 -3
- data/config/locales/ro.yml +2 -0
- data/config/locales/ru.yml +2 -0
- data/config/locales/sq.yml +2 -0
- data/config/locales/sv.yml +2 -0
- data/config/locales/uk.yml +2 -0
- data/config/locales/vi.yml +2 -0
- data/config/locales/zh-CN.yml +2 -0
- data/config/locales/zh-HK.yml +2 -0
- data/config/locales/zh-TW.yml +2 -0
- data/lib/devise_token_auth/blacklist.rb +2 -0
- data/lib/devise_token_auth/controllers/helpers.rb +5 -9
- data/lib/devise_token_auth/engine.rb +7 -1
- data/lib/devise_token_auth/rails/routes.rb +16 -11
- data/lib/devise_token_auth/token_factory.rb +126 -0
- data/lib/devise_token_auth/url.rb +3 -0
- data/lib/devise_token_auth/version.rb +1 -1
- data/lib/devise_token_auth.rb +6 -3
- data/lib/generators/devise_token_auth/USAGE +1 -1
- data/lib/generators/devise_token_auth/install_generator.rb +7 -91
- data/lib/generators/devise_token_auth/install_generator_helpers.rb +98 -0
- data/lib/generators/devise_token_auth/install_mongoid_generator.rb +46 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +10 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +1 -8
- data/lib/generators/devise_token_auth/templates/user.rb.erb +2 -2
- data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +56 -0
- data/test/controllers/custom/custom_confirmations_controller_test.rb +1 -1
- data/test/controllers/demo_user_controller_test.rb +2 -2
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +83 -19
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +109 -42
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +227 -102
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +34 -7
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +0 -38
- data/test/controllers/devise_token_auth/token_validations_controller_test.rb +2 -1
- data/test/dummy/app/active_record/confirmable_user.rb +11 -0
- data/test/dummy/app/{models → active_record}/scoped_user.rb +2 -2
- data/test/dummy/app/{models → active_record}/unconfirmable_user.rb +1 -2
- data/test/dummy/app/{models → active_record}/unregisterable_user.rb +3 -3
- data/test/dummy/app/active_record/user.rb +6 -0
- data/test/dummy/app/controllers/overrides/confirmations_controller.rb +3 -3
- data/test/dummy/app/controllers/overrides/passwords_controller.rb +3 -3
- data/test/dummy/app/controllers/overrides/registrations_controller.rb +1 -1
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +2 -2
- data/test/dummy/app/models/{user.rb → concerns/favorite_color.rb} +7 -8
- data/test/dummy/app/mongoid/confirmable_user.rb +52 -0
- data/test/dummy/app/mongoid/lockable_user.rb +38 -0
- data/test/dummy/app/mongoid/mang.rb +46 -0
- data/test/dummy/app/mongoid/only_email_user.rb +33 -0
- data/test/dummy/app/mongoid/scoped_user.rb +50 -0
- data/test/dummy/app/mongoid/unconfirmable_user.rb +44 -0
- data/test/dummy/app/mongoid/unregisterable_user.rb +47 -0
- data/test/dummy/app/mongoid/user.rb +49 -0
- data/test/dummy/app/views/layouts/application.html.erb +0 -2
- data/test/dummy/config/application.rb +22 -1
- data/test/dummy/config/boot.rb +4 -0
- data/test/dummy/config/environments/development.rb +0 -10
- data/test/dummy/config/environments/production.rb +0 -16
- data/test/dummy/config/initializers/devise.rb +285 -0
- data/test/dummy/config/initializers/devise_token_auth.rb +35 -4
- data/test/dummy/config/initializers/figaro.rb +1 -1
- data/test/dummy/config/initializers/omniauth.rb +1 -0
- data/test/dummy/config/routes.rb +2 -0
- data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +0 -7
- data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +0 -7
- data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +0 -7
- data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +0 -7
- data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +0 -7
- data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +0 -7
- data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +0 -7
- data/test/dummy/db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb +49 -0
- data/test/dummy/db/schema.rb +26 -28
- data/test/dummy/tmp/generators/app/models/azpire/v1/human_resource/user.rb +9 -0
- data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +60 -0
- data/test/dummy/tmp/generators/db/migrate/20210126004321_devise_token_auth_create_azpire_v1_human_resource_users.rb +49 -0
- data/test/factories/users.rb +3 -2
- data/test/lib/devise_token_auth/blacklist_test.rb +11 -0
- data/test/lib/devise_token_auth/rails/custom_routes_test.rb +29 -0
- data/test/lib/devise_token_auth/rails/routes_test.rb +87 -0
- data/test/lib/devise_token_auth/token_factory_test.rb +191 -0
- data/test/lib/devise_token_auth/url_test.rb +2 -2
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +51 -31
- data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +51 -31
- data/test/models/concerns/mongoid_support_test.rb +31 -0
- data/test/models/concerns/tokens_serialization_test.rb +104 -0
- data/test/models/confirmable_user_test.rb +35 -0
- data/test/models/only_email_user_test.rb +0 -8
- data/test/models/user_test.rb +1 -33
- data/test/test_helper.rb +13 -3
- metadata +125 -32
- data/config/initializers/devise.rb +0 -198
- data/test/dummy/config/initializers/assets.rb +0 -10
- data/test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb +0 -5
- data/test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb +0 -8
- /data/test/dummy/app/{models → active_record}/lockable_user.rb +0 -0
- /data/test/dummy/app/{models → active_record}/mang.rb +0 -0
- /data/test/dummy/app/{models → active_record}/only_email_user.rb +0 -0
@@ -155,6 +155,8 @@ class OmniauthTest < ActionDispatch::IntegrationTest
|
|
155
155
|
describe 'with new user' do
|
156
156
|
before do
|
157
157
|
User.any_instance.expects(:new_record?).returns(true).at_least_once
|
158
|
+
# https://docs.mongodb.com/mongoid/master/tutorials/mongoid-documents/#notes-on-persistence
|
159
|
+
User.any_instance.expects(:save!).returns(true)
|
158
160
|
end
|
159
161
|
|
160
162
|
test 'response contains oauth_registration attr' do
|
@@ -315,60 +317,125 @@ class OmniauthTest < ActionDispatch::IntegrationTest
|
|
315
317
|
end
|
316
318
|
|
317
319
|
describe 'Using redirect_whitelist' do
|
318
|
-
before do
|
319
|
-
@user_email = 'slemp.diggler@sillybandz.gov'
|
320
|
-
OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new(
|
321
|
-
provider: 'facebook',
|
322
|
-
uid: '123545',
|
323
|
-
info: {
|
324
|
-
name: 'chong',
|
325
|
-
email: @user_email
|
326
|
-
}
|
327
|
-
)
|
328
|
-
@good_redirect_url = Faker::Internet.url
|
329
|
-
@bad_redirect_url = Faker::Internet.url
|
330
|
-
DeviseTokenAuth.redirect_whitelist = [@good_redirect_url]
|
331
|
-
end
|
332
320
|
|
333
|
-
|
334
|
-
|
335
|
-
|
321
|
+
describe "newWindow" do
|
322
|
+
before do
|
323
|
+
@user_email = 'slemp.diggler@sillybandz.gov'
|
324
|
+
OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new(
|
325
|
+
provider: 'facebook',
|
326
|
+
uid: '123545',
|
327
|
+
info: {
|
328
|
+
name: 'chong',
|
329
|
+
email: @user_email
|
330
|
+
}
|
331
|
+
)
|
332
|
+
@good_redirect_url = Faker::Internet.url
|
333
|
+
@bad_redirect_url = Faker::Internet.url
|
334
|
+
DeviseTokenAuth.redirect_whitelist = [@good_redirect_url]
|
335
|
+
end
|
336
336
|
|
337
|
-
|
338
|
-
|
339
|
-
|
340
|
-
omniauth_window_type: 'newWindow' }
|
337
|
+
teardown do
|
338
|
+
DeviseTokenAuth.redirect_whitelist = nil
|
339
|
+
end
|
341
340
|
|
342
|
-
|
341
|
+
test 'request using non-whitelisted redirect fail' do
|
342
|
+
get '/auth/facebook',
|
343
|
+
params: { auth_origin_url: @bad_redirect_url,
|
344
|
+
omniauth_window_type: 'newWindow' }
|
343
345
|
|
344
|
-
|
345
|
-
|
346
|
-
|
346
|
+
follow_all_redirects!
|
347
|
+
|
348
|
+
data = get_parsed_data_json
|
349
|
+
assert_equal "Redirect to '#{@bad_redirect_url}' not allowed.",
|
350
|
+
data['error']
|
351
|
+
end
|
352
|
+
|
353
|
+
test 'request to whitelisted redirect should succeed' do
|
354
|
+
get '/auth/facebook',
|
355
|
+
params: {
|
356
|
+
auth_origin_url: @good_redirect_url,
|
357
|
+
omniauth_window_type: 'newWindow'
|
358
|
+
}
|
359
|
+
|
360
|
+
follow_all_redirects!
|
361
|
+
|
362
|
+
data = get_parsed_data_json
|
363
|
+
assert_equal @user_email, data['email']
|
364
|
+
end
|
365
|
+
|
366
|
+
test 'should support wildcards' do
|
367
|
+
DeviseTokenAuth.redirect_whitelist = ["#{@good_redirect_url[0..8]}*"]
|
368
|
+
get '/auth/facebook',
|
369
|
+
params: { auth_origin_url: @good_redirect_url,
|
370
|
+
omniauth_window_type: 'newWindow' }
|
371
|
+
|
372
|
+
follow_all_redirects!
|
373
|
+
|
374
|
+
data = get_parsed_data_json
|
375
|
+
assert_equal @user_email, data['email']
|
376
|
+
end
|
347
377
|
end
|
348
378
|
|
349
|
-
|
350
|
-
|
351
|
-
|
352
|
-
|
353
|
-
|
379
|
+
describe "sameWindow" do
|
380
|
+
before do
|
381
|
+
@user_email = 'slemp.diggler@sillybandz.gov'
|
382
|
+
OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new(
|
383
|
+
provider: 'facebook',
|
384
|
+
uid: '123545',
|
385
|
+
info: {
|
386
|
+
name: 'chong',
|
387
|
+
email: @user_email
|
354
388
|
}
|
389
|
+
)
|
390
|
+
@good_redirect_url = '/auth_origin'
|
391
|
+
@bad_redirect_url = Faker::Internet.url
|
392
|
+
DeviseTokenAuth.redirect_whitelist = [@good_redirect_url]
|
393
|
+
end
|
355
394
|
|
356
|
-
|
395
|
+
teardown do
|
396
|
+
DeviseTokenAuth.redirect_whitelist = nil
|
397
|
+
end
|
357
398
|
|
358
|
-
|
359
|
-
|
360
|
-
|
399
|
+
test 'request using non-whitelisted redirect fail' do
|
400
|
+
get '/auth/facebook',
|
401
|
+
params: { auth_origin_url: @bad_redirect_url,
|
402
|
+
omniauth_window_type: 'sameWindow' }
|
361
403
|
|
362
|
-
|
363
|
-
|
364
|
-
|
365
|
-
|
366
|
-
|
404
|
+
follow_all_redirects!
|
405
|
+
|
406
|
+
assert_equal 200, response.status
|
407
|
+
assert_equal true, response.body.include?("Redirect to '#{@bad_redirect_url}' not allowed")
|
408
|
+
end
|
409
|
+
|
410
|
+
test 'request to whitelisted redirect should succeed' do
|
411
|
+
get '/auth/facebook',
|
412
|
+
params: {
|
413
|
+
auth_origin_url: '/auth_origin',
|
414
|
+
omniauth_window_type: 'sameWindow'
|
415
|
+
}
|
416
|
+
|
417
|
+
follow_all_redirects!
|
418
|
+
|
419
|
+
assert_equal 200, response.status
|
420
|
+
assert_equal false, response.body.include?("Redirect to '#{@good_redirect_url}' not allowed")
|
421
|
+
end
|
422
|
+
|
423
|
+
test 'should support wildcards' do
|
424
|
+
DeviseTokenAuth.redirect_whitelist = ["#{@good_redirect_url[0..8]}*"]
|
425
|
+
get '/auth/facebook',
|
426
|
+
params: {
|
427
|
+
auth_origin_url: '/auth_origin',
|
428
|
+
omniauth_window_type: 'sameWindow'
|
429
|
+
}
|
430
|
+
|
431
|
+
follow_all_redirects!
|
432
|
+
|
433
|
+
assert_equal 200, response.status
|
434
|
+
assert_equal false, response.body.include?("Redirect to '#{@good_redirect_url}' not allowed")
|
435
|
+
end
|
367
436
|
|
368
|
-
follow_all_redirects!
|
369
437
|
|
370
|
-
data = get_parsed_data_json
|
371
|
-
assert_equal @user_email, data['email']
|
372
438
|
end
|
439
|
+
|
373
440
|
end
|
374
441
|
end
|
@@ -41,22 +41,46 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
41
41
|
before do
|
42
42
|
@auth_headers = @resource.create_new_auth_token
|
43
43
|
@new_password = Faker::Internet.password
|
44
|
-
|
45
|
-
post :create,
|
46
|
-
params: { email: 'chester@cheet.ah' }
|
47
|
-
@data = JSON.parse(response.body)
|
48
44
|
end
|
49
45
|
|
50
|
-
|
51
|
-
|
46
|
+
describe 'for create' do
|
47
|
+
before do
|
48
|
+
post :create,
|
49
|
+
params: { email: 'chester@cheet.ah' }
|
50
|
+
@data = JSON.parse(response.body)
|
51
|
+
end
|
52
|
+
|
53
|
+
test 'response should fail' do
|
54
|
+
assert_equal 401, response.status
|
55
|
+
end
|
56
|
+
|
57
|
+
test 'error message should be returned' do
|
58
|
+
assert @data['errors']
|
59
|
+
assert_equal(
|
60
|
+
@data['errors'],
|
61
|
+
[I18n.t('devise_token_auth.passwords.missing_redirect_url')]
|
62
|
+
)
|
63
|
+
end
|
52
64
|
end
|
53
65
|
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
@
|
58
|
-
|
59
|
-
|
66
|
+
describe 'for edit' do
|
67
|
+
before do
|
68
|
+
get_reset_token
|
69
|
+
get :edit, params: { reset_password_token: @mail_reset_token}
|
70
|
+
@data = JSON.parse(response.body)
|
71
|
+
end
|
72
|
+
|
73
|
+
test 'response should fail' do
|
74
|
+
assert_equal 401, response.status
|
75
|
+
end
|
76
|
+
|
77
|
+
test 'error message should be returned' do
|
78
|
+
assert @data['errors']
|
79
|
+
assert_equal(
|
80
|
+
@data['errors'],
|
81
|
+
[I18n.t('devise_token_auth.passwords.missing_redirect_url')]
|
82
|
+
)
|
83
|
+
end
|
60
84
|
end
|
61
85
|
end
|
62
86
|
|
@@ -215,10 +239,10 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
215
239
|
end
|
216
240
|
end
|
217
241
|
|
218
|
-
describe '
|
242
|
+
describe 'Checking reset_password_token' do
|
219
243
|
before do
|
220
244
|
post :create, params: {
|
221
|
-
email:
|
245
|
+
email: @resource.email,
|
222
246
|
redirect_url: @redirect_url
|
223
247
|
}
|
224
248
|
|
@@ -235,14 +259,14 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
235
259
|
assert_equal Devise.token_generator.digest(self, :reset_password_token, @mail_reset_token), @resource.reset_password_token
|
236
260
|
end
|
237
261
|
|
238
|
-
test 'reset_password_token should be rewritten by origin mail_reset_token' do
|
262
|
+
test 'reset_password_token should not be rewritten by origin mail_reset_token' do
|
239
263
|
get :edit, params: {
|
240
264
|
reset_password_token: @mail_reset_token,
|
241
265
|
redirect_url: @mail_redirect_url
|
242
266
|
}
|
243
267
|
@resource.reload
|
244
268
|
|
245
|
-
assert_equal @mail_reset_token, @resource.reset_password_token
|
269
|
+
assert_equal Devise.token_generator.digest(self, :reset_password_token, @mail_reset_token), @resource.reset_password_token
|
246
270
|
end
|
247
271
|
|
248
272
|
test 'response should return success status' do
|
@@ -254,26 +278,6 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
254
278
|
assert_equal 302, response.status
|
255
279
|
end
|
256
280
|
|
257
|
-
test 'reset_password_token should be valid only one first time' do
|
258
|
-
get :edit, params: {
|
259
|
-
reset_password_token: @mail_reset_token,
|
260
|
-
redirect_url: @mail_redirect_url
|
261
|
-
}
|
262
|
-
|
263
|
-
@resource.reload
|
264
|
-
assert_equal @mail_reset_token, @resource.reset_password_token
|
265
|
-
|
266
|
-
assert_raises(ActionController::RoutingError) {
|
267
|
-
get :edit, params: {
|
268
|
-
reset_password_token: @mail_reset_token,
|
269
|
-
redirect_url: @mail_redirect_url
|
270
|
-
}
|
271
|
-
}
|
272
|
-
|
273
|
-
@resource.reload
|
274
|
-
assert_equal @mail_reset_token, @resource.reset_password_token
|
275
|
-
end
|
276
|
-
|
277
281
|
test 'reset_password_sent_at should be valid' do
|
278
282
|
assert_equal @resource.reset_password_period_valid?, true
|
279
283
|
|
@@ -283,7 +287,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
283
287
|
}
|
284
288
|
|
285
289
|
@resource.reload
|
286
|
-
assert_equal @mail_reset_token, @resource.reset_password_token
|
290
|
+
assert_equal Devise.token_generator.digest(self, :reset_password_token, @mail_reset_token), @resource.reset_password_token
|
287
291
|
end
|
288
292
|
|
289
293
|
test 'reset_password_sent_at should be expired' do
|
@@ -354,8 +358,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
354
358
|
|
355
359
|
describe 'Using redirect_whitelist' do
|
356
360
|
before do
|
357
|
-
@
|
358
|
-
@good_redirect_url = Faker::Internet.url
|
361
|
+
@good_redirect_url = @redirect_url
|
359
362
|
@bad_redirect_url = Faker::Internet.url
|
360
363
|
DeviseTokenAuth.redirect_whitelist = [@good_redirect_url]
|
361
364
|
end
|
@@ -364,31 +367,65 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
364
367
|
DeviseTokenAuth.redirect_whitelist = nil
|
365
368
|
end
|
366
369
|
|
367
|
-
|
368
|
-
|
369
|
-
|
370
|
-
|
370
|
+
describe 'for create' do
|
371
|
+
test 'request to whitelisted redirect should be successful' do
|
372
|
+
post :create,
|
373
|
+
params: { email: @resource.email,
|
374
|
+
redirect_url: @good_redirect_url }
|
371
375
|
|
372
|
-
|
373
|
-
|
376
|
+
assert_equal 200, response.status
|
377
|
+
end
|
374
378
|
|
375
|
-
|
376
|
-
|
377
|
-
|
378
|
-
|
379
|
+
test 'request to non-whitelisted redirect should fail' do
|
380
|
+
post :create,
|
381
|
+
params: { email: @resource.email,
|
382
|
+
redirect_url: @bad_redirect_url }
|
383
|
+
|
384
|
+
assert_equal 422, response.status
|
385
|
+
end
|
386
|
+
|
387
|
+
test 'request to non-whitelisted redirect should return error message' do
|
388
|
+
post :create,
|
389
|
+
params: { email: @resource.email,
|
390
|
+
redirect_url: @bad_redirect_url }
|
379
391
|
|
380
|
-
|
392
|
+
@data = JSON.parse(response.body)
|
393
|
+
assert @data['errors']
|
394
|
+
assert_equal @data['errors'],
|
395
|
+
[I18n.t('devise_token_auth.passwords.not_allowed_redirect_url',
|
396
|
+
redirect_url: @bad_redirect_url)]
|
397
|
+
end
|
381
398
|
end
|
382
|
-
test 'request to non-whitelisted redirect should return error message' do
|
383
|
-
post :create,
|
384
|
-
params: { email: @resource.email,
|
385
|
-
redirect_url: @bad_redirect_url }
|
386
399
|
|
387
|
-
|
388
|
-
|
389
|
-
|
390
|
-
|
391
|
-
|
400
|
+
describe 'for edit' do
|
401
|
+
before do
|
402
|
+
@auth_headers = @resource.create_new_auth_token
|
403
|
+
@new_password = Faker::Internet.password
|
404
|
+
|
405
|
+
get_reset_token
|
406
|
+
end
|
407
|
+
|
408
|
+
test 'request to whitelisted redirect should be successful' do
|
409
|
+
get :edit, params: { reset_password_token: @mail_reset_token, redirect_url: @good_redirect_url }
|
410
|
+
|
411
|
+
assert_equal 302, response.status
|
412
|
+
end
|
413
|
+
|
414
|
+
test 'request to non-whitelisted redirect should fail' do
|
415
|
+
get :edit, params: { reset_password_token: @mail_reset_token, redirect_url: @bad_redirect_url }
|
416
|
+
|
417
|
+
assert_equal 422, response.status
|
418
|
+
end
|
419
|
+
|
420
|
+
test 'request to non-whitelisted redirect should return error message' do
|
421
|
+
get :edit, params: { reset_password_token: @mail_reset_token, redirect_url: @bad_redirect_url }
|
422
|
+
|
423
|
+
@data = JSON.parse(response.body)
|
424
|
+
assert @data['errors']
|
425
|
+
assert_equal @data['errors'],
|
426
|
+
[I18n.t('devise_token_auth.passwords.not_allowed_redirect_url',
|
427
|
+
redirect_url: @bad_redirect_url)]
|
428
|
+
end
|
392
429
|
end
|
393
430
|
end
|
394
431
|
|
@@ -403,6 +440,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
403
440
|
|
404
441
|
describe 'success' do
|
405
442
|
before do
|
443
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
406
444
|
@auth_headers = @resource.create_new_auth_token
|
407
445
|
request.headers.merge!(@auth_headers)
|
408
446
|
@new_password = Faker::Internet.password
|
@@ -467,6 +505,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
467
505
|
|
468
506
|
describe 'current password mismatch error' do
|
469
507
|
before do
|
508
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
470
509
|
@auth_headers = @resource.create_new_auth_token
|
471
510
|
request.headers.merge!(@auth_headers)
|
472
511
|
@new_password = Faker::Internet.password
|
@@ -483,7 +522,35 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
483
522
|
end
|
484
523
|
|
485
524
|
describe 'change password' do
|
486
|
-
describe '
|
525
|
+
describe 'using reset token' do
|
526
|
+
before do
|
527
|
+
DeviseTokenAuth.require_client_password_reset_token = true
|
528
|
+
@redirect_url = 'http://client-app.dev'
|
529
|
+
get_reset_token
|
530
|
+
edit_url = CGI.unescape(@mail.body.match(/href=\"(.+)\"/)[1])
|
531
|
+
query_parts = Rack::Utils.parse_nested_query(URI.parse(edit_url).query)
|
532
|
+
get :edit, params: query_parts
|
533
|
+
end
|
534
|
+
|
535
|
+
test 'request should be redirect' do
|
536
|
+
assert_equal 302, response.status
|
537
|
+
end
|
538
|
+
|
539
|
+
test 'request should redirect to correct redirect url' do
|
540
|
+
host = URI.parse(response.location).host
|
541
|
+
query_parts = Rack::Utils.parse_nested_query(URI.parse(response.location).query)
|
542
|
+
|
543
|
+
assert_equal 'client-app.dev', host
|
544
|
+
assert_equal @mail_reset_token, query_parts['reset_password_token']
|
545
|
+
assert_equal 1, query_parts.keys.size
|
546
|
+
end
|
547
|
+
|
548
|
+
teardown do
|
549
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
550
|
+
end
|
551
|
+
end
|
552
|
+
|
553
|
+
describe 'with valid headers' do
|
487
554
|
before do
|
488
555
|
@auth_headers = @resource.create_new_auth_token
|
489
556
|
request.headers.merge!(@auth_headers)
|
@@ -509,6 +576,10 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
509
576
|
test 'new password should authenticate user' do
|
510
577
|
assert @resource.valid_password?(@new_password)
|
511
578
|
end
|
579
|
+
|
580
|
+
test 'reset_password_token should be removed' do
|
581
|
+
assert_nil @resource.reset_password_token
|
582
|
+
end
|
512
583
|
end
|
513
584
|
|
514
585
|
describe 'password mismatch error' do
|
@@ -526,19 +597,93 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
526
597
|
end
|
527
598
|
end
|
528
599
|
|
529
|
-
describe '
|
600
|
+
describe 'without valid headers' do
|
530
601
|
before do
|
531
|
-
@
|
532
|
-
|
602
|
+
@resource.create_new_auth_token
|
603
|
+
new_password = Faker::Internet.password
|
533
604
|
|
534
|
-
put :update, params: { password:
|
535
|
-
password_confirmation:
|
605
|
+
put :update, params: { password: new_password,
|
606
|
+
password_confirmation: new_password }
|
536
607
|
end
|
537
608
|
|
538
609
|
test 'response should fail' do
|
539
610
|
assert_equal 401, response.status
|
540
611
|
end
|
541
612
|
end
|
613
|
+
|
614
|
+
describe 'with valid reset password token' do
|
615
|
+
before do
|
616
|
+
reset_password_token = @resource.send_reset_password_instructions
|
617
|
+
@new_password = Faker::Internet.password
|
618
|
+
@params = { password: @new_password,
|
619
|
+
password_confirmation: @new_password,
|
620
|
+
reset_password_token: reset_password_token }
|
621
|
+
end
|
622
|
+
|
623
|
+
describe 'with require_client_password_reset_token disabled' do
|
624
|
+
before do
|
625
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
626
|
+
put :update, params: @params
|
627
|
+
|
628
|
+
@data = JSON.parse(response.body)
|
629
|
+
@resource.reload
|
630
|
+
end
|
631
|
+
|
632
|
+
test 'request should be not be successful' do
|
633
|
+
assert_equal 401, response.status
|
634
|
+
end
|
635
|
+
end
|
636
|
+
|
637
|
+
describe 'with require_client_password_reset_token enabled' do
|
638
|
+
before do
|
639
|
+
DeviseTokenAuth.require_client_password_reset_token = true
|
640
|
+
put :update, params: @params
|
641
|
+
|
642
|
+
@data = JSON.parse(response.body)
|
643
|
+
@resource.reload
|
644
|
+
end
|
645
|
+
|
646
|
+
test 'request should be successful' do
|
647
|
+
assert_equal 200, response.status
|
648
|
+
end
|
649
|
+
|
650
|
+
test 'request should return success message' do
|
651
|
+
assert @data['message']
|
652
|
+
assert_equal @data['message'],
|
653
|
+
I18n.t('devise_token_auth.passwords.successfully_updated')
|
654
|
+
end
|
655
|
+
|
656
|
+
test 'new password should authenticate user' do
|
657
|
+
assert @resource.valid_password?(@new_password)
|
658
|
+
end
|
659
|
+
|
660
|
+
teardown do
|
661
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
662
|
+
end
|
663
|
+
end
|
664
|
+
end
|
665
|
+
|
666
|
+
describe 'with invalid reset password token' do
|
667
|
+
before do
|
668
|
+
DeviseTokenAuth.require_client_password_reset_token = true
|
669
|
+
@resource.update reset_password_token: 'koskoskoskos'
|
670
|
+
put :update, params: @params
|
671
|
+
@data = JSON.parse(response.body)
|
672
|
+
@resource.reload
|
673
|
+
end
|
674
|
+
|
675
|
+
test 'request should fail' do
|
676
|
+
assert_equal 401, response.status
|
677
|
+
end
|
678
|
+
|
679
|
+
test 'new password should not authenticate user' do
|
680
|
+
assert !@resource.valid_password?(@new_password)
|
681
|
+
end
|
682
|
+
|
683
|
+
teardown do
|
684
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
685
|
+
end
|
686
|
+
end
|
542
687
|
end
|
543
688
|
end
|
544
689
|
|
@@ -554,16 +699,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
554
699
|
before do
|
555
700
|
@resource = create(:mang_user, :confirmed)
|
556
701
|
@redirect_url = 'http://ng-token-auth.dev'
|
557
|
-
|
558
|
-
post :create, params: { email: @resource.email,
|
559
|
-
redirect_url: @redirect_url }
|
560
|
-
|
561
|
-
@mail = ActionMailer::Base.deliveries.last
|
562
|
-
@resource.reload
|
563
|
-
|
564
|
-
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
565
|
-
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
566
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
702
|
+
get_reset_token
|
567
703
|
end
|
568
704
|
|
569
705
|
test 'response should return success status' do
|
@@ -582,15 +718,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
582
718
|
@resource = create(:user)
|
583
719
|
@redirect_url = 'http://ng-token-auth.dev'
|
584
720
|
|
585
|
-
|
586
|
-
redirect_url: @redirect_url }
|
587
|
-
|
588
|
-
@mail = ActionMailer::Base.deliveries.last
|
589
|
-
@resource.reload
|
590
|
-
|
591
|
-
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
592
|
-
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
593
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
721
|
+
get_reset_token
|
594
722
|
|
595
723
|
get :edit, params: { reset_password_token: @mail_reset_token,
|
596
724
|
redirect_url: @mail_redirect_url }
|
@@ -610,17 +738,8 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
610
738
|
|
611
739
|
before do
|
612
740
|
@resource = unconfirmable_users(:user)
|
613
|
-
@redirect_url = 'http://ng-token-auth.dev'
|
614
741
|
|
615
|
-
|
616
|
-
redirect_url: @redirect_url }
|
617
|
-
|
618
|
-
@mail = ActionMailer::Base.deliveries.last
|
619
|
-
@resource.reload
|
620
|
-
|
621
|
-
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
622
|
-
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
623
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
742
|
+
get_reset_token
|
624
743
|
|
625
744
|
get :edit, params: { reset_password_token: @mail_reset_token,
|
626
745
|
redirect_url: @mail_redirect_url }
|
@@ -635,21 +754,27 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
635
754
|
@redirect_url = 'http://ng-token-auth.dev'
|
636
755
|
@config_name = 'altUser'
|
637
756
|
|
638
|
-
|
757
|
+
params = { email: @resource.email,
|
639
758
|
redirect_url: @redirect_url,
|
640
759
|
config_name: @config_name }
|
641
|
-
|
642
|
-
@mail = ActionMailer::Base.deliveries.last
|
643
|
-
@resource.reload
|
644
|
-
|
645
|
-
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
646
|
-
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
647
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
760
|
+
get_reset_token params
|
648
761
|
end
|
649
762
|
|
650
763
|
test 'config_name param is included in the confirmation email link' do
|
651
764
|
assert_equal @config_name, @mail_config_name
|
652
765
|
end
|
653
766
|
end
|
767
|
+
|
768
|
+
def get_reset_token(params = nil)
|
769
|
+
params ||= { email: @resource.email, redirect_url: @redirect_url }
|
770
|
+
post :create, params: params
|
771
|
+
|
772
|
+
@mail = ActionMailer::Base.deliveries.last
|
773
|
+
@resource.reload
|
774
|
+
|
775
|
+
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
776
|
+
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
777
|
+
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
778
|
+
end
|
654
779
|
end
|
655
780
|
end
|