RubyGems - devise_token_auth - Versions diffs - 1.0.0 → 1.1.5 - Mend

devise_token_auth 1.0.0 → 1.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (126) hide show

data/test/controllers/devise_token_auth/registrations_controller_test.rb CHANGED Viewed

@@ -83,6 +83,33 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
       end
     end
+    describe 'using allow_unconfirmed_access_for' do
+      before do
+        @original_duration = Devise.allow_unconfirmed_access_for
+        Devise.allow_unconfirmed_access_for = nil
+        post '/auth',
+             params: {
+               email: Faker::Internet.email,
+               password: 'secret123',
+               password_confirmation: 'secret123',
+               confirm_success_url: Faker::Internet.url,
+               unpermitted_param: '(x_x)'
+             }
+      end
+      test 'auth headers were returned in response' do
+        assert response.headers['access-token']
+        assert response.headers['token-type']
+        assert response.headers['client']
+        assert response.headers['expiry']
+        assert response.headers['uid']
+      end
+      after do
+        Devise.allow_unconfirmed_access_for = @original_duration
+      end
+    end
     describe 'using "+" in email' do
       test 'can use + sign in email addresses' do
         @plus_email = 'ak+testing@gmail.com'
@@ -305,7 +332,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
       end
       test 'user should not have been created' do
-        assert_nil @resource.id
+        refute @resource.persisted?
       end
       test 'error should be returned in the response' do
@@ -333,7 +360,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
       end
       test 'user should not have been created' do
-        assert_nil @resource.id
+        refute @resource.persisted?
       end
       test 'error should be returned in the response' do
@@ -362,7 +389,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
       end
       test 'user should have been created' do
-        assert_nil @resource.id
+        refute @resource.persisted?
       end
       test 'error should be returned in the response' do
@@ -393,7 +420,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
       end
       test 'user should have been created' do
-        assert_nil @resource.id
+        refute @resource.persisted?
       end
       test 'error should be returned in the response' do
@@ -465,7 +492,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
               # test valid update param
               @resource_class = User
               @new_operating_thetan = 1_000_000
-              @email = 'AlternatingCase2@example.com'
+              @email = Faker::Internet.safe_email
               @request_params = {
                 operating_thetan: @new_operating_thetan,
                 email: @email
@@ -572,7 +599,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
               # test valid update param
               @resource_class = User
               @new_operating_thetan = 1_000_000
-              @email = 'AlternatingCase2@example.com'
+              @email = Faker::Internet.safe_email
               @request_params = {
                 operating_thetan: @new_operating_thetan,
                 email: @email
@@ -623,7 +650,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
           before do
             DeviseTokenAuth.check_current_password_before_update = :password
             @new_operating_thetan = 1_000_000
-            @email = 'AlternatingCase2@example.com'
+            @email = Faker::Internet.safe_email
           end
           after do

data/test/controllers/devise_token_auth/sessions_controller_test.rb CHANGED Viewed

@@ -17,12 +17,6 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
       describe 'success' do
         before do
-          @old_sign_in_count      = @existing_user.sign_in_count
-          @old_current_sign_in_at = @existing_user.current_sign_in_at
-          @old_last_sign_in_at    = @existing_user.last_sign_in_at
-          @old_sign_in_ip         = @existing_user.current_sign_in_ip
-          @old_last_sign_in_ip    = @existing_user.last_sign_in_ip
           post :create,
                params: {
                  email: @existing_user.email,
@@ -31,12 +25,6 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
           @resource = assigns(:resource)
           @data = JSON.parse(response.body)
-          @new_sign_in_count      = @resource.sign_in_count
-          @new_current_sign_in_at = @resource.current_sign_in_at
-          @new_last_sign_in_at    = @resource.last_sign_in_at
-          @new_sign_in_ip         = @resource.current_sign_in_ip
-          @new_last_sign_in_ip    = @resource.last_sign_in_ip
         end
         test 'request should succeed' do
@@ -47,32 +35,6 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
           assert_equal @existing_user.email, @data['data']['email']
         end
-        describe 'trackable' do
-          test 'sign_in_count incrementns' do
-            assert_equal @old_sign_in_count + 1, @new_sign_in_count
-          end
-          test 'current_sign_in_at is updated' do
-            refute @old_current_sign_in_at
-            assert @new_current_sign_in_at
-          end
-          test 'last_sign_in_at is updated' do
-            refute @old_last_sign_in_at
-            assert @new_last_sign_in_at
-          end
-          test 'sign_in_ip is updated' do
-            refute @old_sign_in_ip
-            assert_equal '0.0.0.0', @new_sign_in_ip
-          end
-          test 'last_sign_in_ip is updated' do
-            refute @old_last_sign_in_ip
-            assert_equal '0.0.0.0', @new_last_sign_in_ip
-          end
-        end
         describe "with multiple clients and headers don't change in each request" do
           before do
             # Set the max_number_of_devices to a lower number

data/test/controllers/devise_token_auth/token_validations_controller_test.rb CHANGED Viewed

@@ -47,7 +47,8 @@ class DeviseTokenAuth::TokenValidationsControllerTest < ActionDispatch::Integrat
     describe 'with invalid user' do
       before do
-        @resource.update_column :email, 'invalid'
+        @resource.update_column(:email, 'invalid') if DEVISE_TOKEN_AUTH_ORM == :active_record
+        @resource.set(email: 'invalid') if DEVISE_TOKEN_AUTH_ORM == :mongoid
       end
       test 'request should raise invalid model error' do

data/test/dummy/app/active_record/confirmable_user.rb ADDED Viewed

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+class ConfirmableUser < ActiveRecord::Base
+  # Include default devise modules.
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable,
+         :validatable, :confirmable
+  DeviseTokenAuth.send_confirmation_email = true
+  include DeviseTokenAuth::Concerns::User
+  DeviseTokenAuth.send_confirmation_email = false
+end

data/test/dummy/app/{models → active_record}/scoped_user.rb RENAMED Viewed

@@ -3,7 +3,7 @@
 class ScopedUser < ActiveRecord::Base
   # Include default devise modules.
   devise :database_authenticatable, :registerable,
-         :recoverable, :rememberable, :trackable, :validatable,
-         :confirmable, :omniauthable
+         :recoverable, :rememberable,
+         :validatable, :confirmable, :omniauthable
   include DeviseTokenAuth::Concerns::User
 end

data/test/dummy/app/{models → active_record}/unconfirmable_user.rb RENAMED Viewed

@@ -4,7 +4,6 @@ class UnconfirmableUser < ActiveRecord::Base
   # Include default devise modules.
   devise :database_authenticatable, :registerable,
          :recoverable, :rememberable,
-         :trackable, :validatable,
-         :omniauthable
+         :validatable, :omniauthable
   include DeviseTokenAuth::Concerns::User
 end

data/test/dummy/app/{models → active_record}/unregisterable_user.rb RENAMED Viewed

@@ -2,8 +2,8 @@
 class UnregisterableUser < ActiveRecord::Base
   # Include default devise modules.
-  devise :database_authenticatable,
-         :recoverable, :trackable, :validatable,
-         :confirmable, :omniauthable
+  devise :database_authenticatable, :recoverable,
+         :validatable, :confirmable,
+         :omniauthable
   include DeviseTokenAuth::Concerns::User
 end

data/test/dummy/app/active_record/user.rb ADDED Viewed

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+class User < ActiveRecord::Base
+  include DeviseTokenAuth::Concerns::User
+  include FavoriteColor
+end

data/test/dummy/app/controllers/overrides/confirmations_controller.rb CHANGED Viewed

@@ -6,7 +6,7 @@ module Overrides
       @resource = resource_class.confirm_by_token(params[:confirmation_token])
       if @resource && @resource.id
-        client_id, token = @resource.create_token
+        token = @resource.create_token
         @resource.save!
         redirect_header_options = {
@@ -14,8 +14,8 @@ module Overrides
           config: params[:config],
           override_proof: '(^^,)'
         }
-        redirect_headers = build_redirect_headers(token,
-                                                  client_id,
+        redirect_headers = build_redirect_headers(token.token,
+                                                  token.client,
                                                   redirect_header_options)
         redirect_to(@resource.build_auth_url(params[:redirect_url],

data/test/dummy/app/controllers/overrides/passwords_controller.rb CHANGED Viewed

@@ -11,7 +11,7 @@ module Overrides
       )
       if @resource && @resource.id
-        client_id, token = @resource.create_token
+        token = @resource.create_token
         # ensure that user is confirmed
         @resource.skip_confirmation! unless @resource.confirmed_at
@@ -22,8 +22,8 @@ module Overrides
           override_proof: OVERRIDE_PROOF,
           reset_password: true
         }
-        redirect_headers = build_redirect_headers(token,
-                                                  client_id,
+        redirect_headers = build_redirect_headers(token.token,
+                                                  token.client,
                                                   redirect_header_options)
         redirect_to(@resource.build_auth_url(params[:redirect_url],
                                              redirect_headers))

data/test/dummy/app/controllers/overrides/registrations_controller.rb CHANGED Viewed

@@ -6,7 +6,7 @@ module Overrides
     def update
       if @resource
-        if @resource.update_attributes(account_update_params)
+        if @resource.update(account_update_params)
           render json: {
             status: 'success',
             data:   @resource.as_json,

data/test/dummy/app/controllers/overrides/sessions_controller.rb CHANGED Viewed

@@ -5,10 +5,10 @@ module Overrides
     OVERRIDE_PROOF = '(^^,)'.freeze
     def create
-      @resource = resource_class.find_by(email: resource_params[:email])
+      @resource = resource_class.dta_find_by(email: resource_params[:email])
       if @resource && valid_params?(:email, resource_params[:email]) && @resource.valid_password?(resource_params[:password]) && @resource.confirmed?
-        @client_id, @token = @resource.create_token
+        @token = @resource.create_token
         @resource.save
         render json: {

data/test/dummy/app/models/{user.rb → concerns/favorite_color.rb} RENAMED Viewed

@@ -1,13 +1,12 @@
-# frozen_string_literal: true
-class User < ActiveRecord::Base
-  include DeviseTokenAuth::Concerns::User
-  validates :operating_thetan, numericality: true, allow_nil: true
-  validate :ensure_correct_favorite_color
+module FavoriteColor
+  extend ActiveSupport::Concern
+  included do
+    validates :operating_thetan, numericality: true, allow_nil: true
+    validate :ensure_correct_favorite_color
+  end
   def ensure_correct_favorite_color
     if favorite_color && (favorite_color != '')
       unless ApplicationHelper::COLOR_NAMES.any?{ |s| s.casecmp(favorite_color)==0 }
         matches = ApplicationHelper::COLOR_SEARCH.search(favorite_color)

data/test/dummy/app/mongoid/confirmable_user.rb ADDED Viewed

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+class ConfirmableUser
+  include Mongoid::Document
+  include Mongoid::Timestamps
+  include Mongoid::Locker
+  field :locker_locked_at, type: Time
+  field :locker_locked_until, type: Time
+  locker locked_at_field: :locker_locked_at,
+         locked_until_field: :locker_locked_until
+  ## User Info
+  field :name,      type: String
+  field :nickname,  type: String
+  field :image,     type: String
+  ## Database authenticatable
+  field :email,              type: String, default: ''
+  field :encrypted_password, type: String, default: ''
+  ## Recoverable
+  field :reset_password_token,        type: String
+  field :reset_password_sent_at,      type: Time
+  field :reset_password_redirect_url, type: String
+  field :allow_password_change,       type: Boolean, default: false
+  ## Rememberable
+  field :remember_created_at, type: Time
+  ## Confirmable
+  field :confirmation_token,   type: String
+  field :confirmed_at,         type: Time
+  field :confirmation_sent_at, type: Time
+  field :unconfirmed_email,    type: String # Only if using reconfirmable
+  ## Required
+  field :provider, type: String
+  field :uid,      type: String, default: ''
+  ## Tokens
+  field :tokens, type: Hash, default: {}
+  # Include default devise modules.
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :trackable,
+         :validatable, :confirmable
+  DeviseTokenAuth.send_confirmation_email = true
+  include DeviseTokenAuth::Concerns::User
+  DeviseTokenAuth.send_confirmation_email = false
+end

data/test/dummy/app/mongoid/lockable_user.rb ADDED Viewed

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+class LockableUser
+  include Mongoid::Document
+  include Mongoid::Timestamps
+  include Mongoid::Locker
+  field :locker_locked_at, type: Time
+  field :locker_locked_until, type: Time
+  locker locked_at_field: :locker_locked_at,
+         locked_until_field: :locker_locked_until
+  ## User Info
+  field :name,      type: String
+  field :nickname,  type: String
+  field :image,     type: String
+  ## Database authenticatable
+  field :email,              type: String, default: ''
+  field :encrypted_password, type: String, default: ''
+  ## Lockable
+  field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts
+  field :unlock_token,    type: String # Only if unlock strategy is :email or :both
+  field :locked_at,       type: Time
+  ## Required
+  field :provider, type: String
+  field :uid,      type: String, default: ''
+  ## Tokens
+  field :tokens, type: Hash, default: {}
+  # Include default devise modules.
+  devise :database_authenticatable, :registerable, :lockable
+  include DeviseTokenAuth::Concerns::User
+end

data/test/dummy/app/mongoid/mang.rb ADDED Viewed

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+class Mang
+  include Mongoid::Document
+  include Mongoid::Timestamps
+  include Mongoid::Locker
+  field :locker_locked_at, type: Time
+  field :locker_locked_until, type: Time
+  locker locked_at_field: :locker_locked_at,
+         locked_until_field: :locker_locked_until
+  ## User Info
+  field :name,      type: String
+  field :nickname,  type: String
+  field :image,     type: String
+  ## Database authenticatable
+  field :email,              type: String, default: ''
+  field :encrypted_password, type: String, default: ''
+  ## Recoverable
+  field :reset_password_token,        type: String
+  field :reset_password_sent_at,      type: Time
+  field :reset_password_redirect_url, type: String
+  field :allow_password_change,       type: Boolean, default: false
+  ## Rememberable
+  field :remember_created_at, type: Time
+  ## Confirmable
+  field :confirmation_token,   type: String
+  field :confirmed_at,         type: Time
+  field :confirmation_sent_at, type: Time
+  field :unconfirmed_email,    type: String # Only if using reconfirmable
+  ## Required
+  field :provider, type: String
+  field :uid,      type: String, default: ''
+  ## Tokens
+  field :tokens, type: Hash, default: {}
+  include DeviseTokenAuth::Concerns::User
+end

data/test/dummy/app/mongoid/only_email_user.rb ADDED Viewed

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+class OnlyEmailUser
+  include Mongoid::Document
+  include Mongoid::Timestamps
+  include Mongoid::Locker
+  field :locker_locked_at, type: Time
+  field :locker_locked_until, type: Time
+  locker locked_at_field: :locker_locked_at,
+         locked_until_field: :locker_locked_until
+  ## User Info
+  field :name,      type: String
+  field :nickname,  type: String
+  field :image,     type: String
+  ## Database authenticatable
+  field :email,              type: String, default: ''
+  field :encrypted_password, type: String, default: ''
+  ## Required
+  field :provider, type: String
+  field :uid,      type: String, default: ''
+  ## Tokens
+  field :tokens, type: Hash, default: {}
+  # Include default devise modules.
+  devise :database_authenticatable, :registerable
+  include DeviseTokenAuth::Concerns::User
+end

data/test/dummy/app/mongoid/scoped_user.rb ADDED Viewed

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+class ScopedUser
+  include Mongoid::Document
+  include Mongoid::Timestamps
+  include Mongoid::Locker
+  field :locker_locked_at, type: Time
+  field :locker_locked_until, type: Time
+  locker locked_at_field: :locker_locked_at,
+         locked_until_field: :locker_locked_until
+  ## User Info
+  field :name,      type: String
+  field :nickname,  type: String
+  field :image,     type: String
+  ## Database authenticatable
+  field :email,              type: String, default: ''
+  field :encrypted_password, type: String, default: ''
+  ## Recoverable
+  field :reset_password_token,        type: String
+  field :reset_password_sent_at,      type: Time
+  field :reset_password_redirect_url, type: String
+  field :allow_password_change,       type: Boolean, default: false
+  ## Rememberable
+  field :remember_created_at, type: Time
+  ## Confirmable
+  field :confirmation_token,   type: String
+  field :confirmed_at,         type: Time
+  field :confirmation_sent_at, type: Time
+  field :unconfirmed_email,    type: String # Only if using reconfirmable
+  ## Required
+  field :provider, type: String
+  field :uid,      type: String, default: ''
+  ## Tokens
+  field :tokens, type: Hash, default: {}
+  # Include default devise modules.
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :trackable,
+         :validatable, :confirmable, :omniauthable
+  include DeviseTokenAuth::Concerns::User
+end

data/test/dummy/app/mongoid/unconfirmable_user.rb ADDED Viewed

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+class UnconfirmableUser
+  include Mongoid::Document
+  include Mongoid::Timestamps
+  include Mongoid::Locker
+  field :locker_locked_at, type: Time
+  field :locker_locked_until, type: Time
+  locker locked_at_field: :locker_locked_at,
+         locked_until_field: :locker_locked_until
+  ## User Info
+  field :name,      type: String
+  field :nickname,  type: String
+  field :image,     type: String
+  ## Database authenticatable
+  field :email,              type: String, default: ''
+  field :encrypted_password, type: String, default: ''
+  ## Recoverable
+  field :reset_password_token,        type: String
+  field :reset_password_sent_at,      type: Time
+  field :reset_password_redirect_url, type: String
+  field :allow_password_change,       type: Boolean, default: false
+  ## Rememberable
+  field :remember_created_at, type: Time
+  ## Required
+  field :provider, type: String
+  field :uid,      type: String, default: ''
+  ## Tokens
+  field :tokens, type: Hash, default: {}
+  # Include default devise modules.
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :trackable,
+         :validatable, :omniauthable
+  include DeviseTokenAuth::Concerns::User
+end

data/test/dummy/app/mongoid/unregisterable_user.rb ADDED Viewed

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+class UnregisterableUser
+  include Mongoid::Document
+  include Mongoid::Timestamps
+  include Mongoid::Locker
+  field :locker_locked_at, type: Time
+  field :locker_locked_until, type: Time
+  locker locked_at_field: :locker_locked_at,
+         locked_until_field: :locker_locked_until
+  ## User Info
+  field :name,      type: String
+  field :nickname,  type: String
+  field :image,     type: String
+  ## Database authenticatable
+  field :email,              type: String, default: ''
+  field :encrypted_password, type: String, default: ''
+  ## Recoverable
+  field :reset_password_token,        type: String
+  field :reset_password_sent_at,      type: Time
+  field :reset_password_redirect_url, type: String
+  field :allow_password_change,       type: Boolean, default: false
+  ## Confirmable
+  field :confirmation_token,   type: String
+  field :confirmed_at,         type: Time
+  field :confirmation_sent_at, type: Time
+  field :unconfirmed_email,    type: String # Only if using reconfirmable
+  ## Required
+  field :provider, type: String
+  field :uid,      type: String, default: ''
+  ## Tokens
+  field :tokens, type: Hash, default: {}
+  # Include default devise modules.
+  devise :database_authenticatable, :recoverable,
+         :trackable, :validatable, :confirmable,
+         :omniauthable
+  include DeviseTokenAuth::Concerns::User
+end

data/test/dummy/app/mongoid/user.rb ADDED Viewed

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+class User
+  include Mongoid::Document
+  include Mongoid::Timestamps
+  include Mongoid::Locker
+  field :locker_locked_at, type: Time
+  field :locker_locked_until, type: Time
+  locker locked_at_field: :locker_locked_at,
+         locked_until_field: :locker_locked_until
+  ## User Info
+  field :name,             type: String
+  field :nickname,         type: String
+  field :image,            type: String
+  field :favorite_color,   type: String
+  field :operating_thetan, type: Integer
+  ## Database authenticatable
+  field :email,              type: String, default: ''
+  field :encrypted_password, type: String, default: ''
+  ## Recoverable
+  field :reset_password_token,        type: String
+  field :reset_password_sent_at,      type: Time
+  field :reset_password_redirect_url, type: String
+  field :allow_password_change,       type: Boolean, default: false
+  ## Rememberable
+  field :remember_created_at, type: Time
+  ## Confirmable
+  field :confirmation_token,   type: String
+  field :confirmed_at,         type: Time
+  field :confirmation_sent_at, type: Time
+  field :unconfirmed_email,    type: String # Only if using reconfirmable
+  ## Required
+  field :provider, type: String
+  field :uid,      type: String, default: ''
+  ## Tokens
+  field :tokens, type: Hash, default: {}
+  include DeviseTokenAuth::Concerns::User
+  include FavoriteColor
+end