devise_token_auth 1.0.0 → 1.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (130) hide show
  1. checksums.yaml +5 -5
  2. data/README.md +4 -2
  3. data/app/controllers/devise_token_auth/application_controller.rb +19 -3
  4. data/app/controllers/devise_token_auth/concerns/resource_finder.rb +23 -11
  5. data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +78 -57
  6. data/app/controllers/devise_token_auth/confirmations_controller.rb +67 -20
  7. data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +82 -30
  8. data/app/controllers/devise_token_auth/passwords_controller.rb +53 -31
  9. data/app/controllers/devise_token_auth/registrations_controller.rb +33 -40
  10. data/app/controllers/devise_token_auth/sessions_controller.rb +24 -6
  11. data/app/controllers/devise_token_auth/unlocks_controller.rb +10 -6
  12. data/app/models/devise_token_auth/concerns/active_record_support.rb +14 -0
  13. data/app/models/devise_token_auth/concerns/confirmable_support.rb +28 -0
  14. data/app/models/devise_token_auth/concerns/mongoid_support.rb +19 -0
  15. data/app/models/devise_token_auth/concerns/tokens_serialization.rb +31 -0
  16. data/app/models/devise_token_auth/concerns/user.rb +77 -80
  17. data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +12 -5
  18. data/app/validators/{email_validator.rb → devise_token_auth_email_validator.rb} +11 -3
  19. data/app/views/devise_token_auth/omniauth_external_window.html.erb +1 -1
  20. data/config/locales/da-DK.yml +2 -0
  21. data/config/locales/de.yml +2 -0
  22. data/config/locales/en.yml +10 -0
  23. data/config/locales/es.yml +2 -0
  24. data/config/locales/fr.yml +2 -0
  25. data/config/locales/he.yml +52 -0
  26. data/config/locales/it.yml +2 -0
  27. data/config/locales/ja.yml +16 -2
  28. data/config/locales/ko.yml +51 -0
  29. data/config/locales/nl.yml +2 -0
  30. data/config/locales/pl.yml +6 -3
  31. data/config/locales/pt-BR.yml +2 -0
  32. data/config/locales/pt.yml +6 -3
  33. data/config/locales/ro.yml +2 -0
  34. data/config/locales/ru.yml +2 -0
  35. data/config/locales/sq.yml +2 -0
  36. data/config/locales/sv.yml +2 -0
  37. data/config/locales/uk.yml +2 -0
  38. data/config/locales/vi.yml +2 -0
  39. data/config/locales/zh-CN.yml +2 -0
  40. data/config/locales/zh-HK.yml +2 -0
  41. data/config/locales/zh-TW.yml +2 -0
  42. data/lib/devise_token_auth/blacklist.rb +6 -0
  43. data/lib/devise_token_auth/controllers/helpers.rb +5 -9
  44. data/lib/devise_token_auth/engine.rb +17 -2
  45. data/lib/devise_token_auth/rails/routes.rb +18 -13
  46. data/lib/devise_token_auth/token_factory.rb +126 -0
  47. data/lib/devise_token_auth/url.rb +3 -0
  48. data/lib/devise_token_auth/version.rb +1 -1
  49. data/lib/devise_token_auth.rb +6 -3
  50. data/lib/generators/devise_token_auth/USAGE +1 -1
  51. data/lib/generators/devise_token_auth/install_generator.rb +7 -91
  52. data/lib/generators/devise_token_auth/install_generator_helpers.rb +98 -0
  53. data/lib/generators/devise_token_auth/install_mongoid_generator.rb +46 -0
  54. data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +13 -0
  55. data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +1 -8
  56. data/lib/generators/devise_token_auth/templates/user.rb.erb +2 -2
  57. data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +56 -0
  58. data/test/controllers/custom/custom_confirmations_controller_test.rb +1 -1
  59. data/test/controllers/demo_mang_controller_test.rb +37 -8
  60. data/test/controllers/demo_user_controller_test.rb +39 -10
  61. data/test/controllers/devise_token_auth/confirmations_controller_test.rb +163 -18
  62. data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +110 -43
  63. data/test/controllers/devise_token_auth/passwords_controller_test.rb +299 -122
  64. data/test/controllers/devise_token_auth/registrations_controller_test.rb +54 -14
  65. data/test/controllers/devise_token_auth/sessions_controller_test.rb +31 -40
  66. data/test/controllers/devise_token_auth/token_validations_controller_test.rb +43 -2
  67. data/test/controllers/devise_token_auth/unlocks_controller_test.rb +44 -5
  68. data/test/controllers/overrides/confirmations_controller_test.rb +1 -1
  69. data/test/dummy/app/active_record/confirmable_user.rb +11 -0
  70. data/test/dummy/app/{models → active_record}/scoped_user.rb +2 -2
  71. data/test/dummy/app/{models → active_record}/unconfirmable_user.rb +1 -2
  72. data/test/dummy/app/{models → active_record}/unregisterable_user.rb +3 -3
  73. data/test/dummy/app/active_record/user.rb +6 -0
  74. data/test/dummy/app/controllers/overrides/confirmations_controller.rb +3 -3
  75. data/test/dummy/app/controllers/overrides/passwords_controller.rb +3 -3
  76. data/test/dummy/app/controllers/overrides/registrations_controller.rb +1 -1
  77. data/test/dummy/app/controllers/overrides/sessions_controller.rb +2 -2
  78. data/test/dummy/app/models/{user.rb → concerns/favorite_color.rb} +7 -8
  79. data/test/dummy/app/mongoid/confirmable_user.rb +52 -0
  80. data/test/dummy/app/mongoid/lockable_user.rb +38 -0
  81. data/test/dummy/app/mongoid/mang.rb +46 -0
  82. data/test/dummy/app/mongoid/only_email_user.rb +33 -0
  83. data/test/dummy/app/mongoid/scoped_user.rb +50 -0
  84. data/test/dummy/app/mongoid/unconfirmable_user.rb +44 -0
  85. data/test/dummy/app/mongoid/unregisterable_user.rb +47 -0
  86. data/test/dummy/app/mongoid/user.rb +49 -0
  87. data/test/dummy/app/views/layouts/application.html.erb +0 -2
  88. data/test/dummy/config/application.rb +22 -1
  89. data/test/dummy/config/boot.rb +4 -0
  90. data/test/dummy/config/environments/development.rb +0 -10
  91. data/test/dummy/config/environments/production.rb +0 -16
  92. data/test/dummy/config/initializers/devise.rb +285 -0
  93. data/test/dummy/config/initializers/devise_token_auth.rb +35 -4
  94. data/test/dummy/config/initializers/figaro.rb +1 -1
  95. data/test/dummy/config/initializers/omniauth.rb +1 -0
  96. data/test/dummy/config/routes.rb +2 -0
  97. data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +0 -7
  98. data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +0 -7
  99. data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +0 -7
  100. data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +0 -7
  101. data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +0 -7
  102. data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +0 -7
  103. data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +0 -7
  104. data/test/dummy/db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb +49 -0
  105. data/test/dummy/db/schema.rb +31 -33
  106. data/test/dummy/tmp/generators/app/models/user.rb +11 -0
  107. data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +60 -0
  108. data/test/dummy/tmp/generators/db/migrate/20220822003050_devise_token_auth_create_users.rb +49 -0
  109. data/test/factories/users.rb +3 -2
  110. data/test/lib/devise_token_auth/blacklist_test.rb +19 -0
  111. data/test/lib/devise_token_auth/rails/custom_routes_test.rb +29 -0
  112. data/test/lib/devise_token_auth/rails/routes_test.rb +87 -0
  113. data/test/lib/devise_token_auth/token_factory_test.rb +191 -0
  114. data/test/lib/devise_token_auth/url_test.rb +2 -2
  115. data/test/lib/generators/devise_token_auth/install_generator_test.rb +51 -31
  116. data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +51 -31
  117. data/test/models/concerns/mongoid_support_test.rb +31 -0
  118. data/test/models/concerns/tokens_serialization_test.rb +104 -0
  119. data/test/models/confirmable_user_test.rb +35 -0
  120. data/test/models/only_email_user_test.rb +0 -8
  121. data/test/models/user_test.rb +13 -23
  122. data/test/test_helper.rb +45 -4
  123. metadata +126 -33
  124. data/config/initializers/devise.rb +0 -198
  125. data/test/dummy/config/initializers/assets.rb +0 -10
  126. data/test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb +0 -5
  127. data/test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb +0 -8
  128. /data/test/dummy/app/{models → active_record}/lockable_user.rb +0 -0
  129. /data/test/dummy/app/{models → active_record}/mang.rb +0 -0
  130. /data/test/dummy/app/{models → active_record}/only_email_user.rb +0 -0
@@ -0,0 +1,46 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative 'install_generator_helpers'
4
+
5
+ module DeviseTokenAuth
6
+ class InstallMongoidGenerator < Rails::Generators::Base
7
+ include DeviseTokenAuth::InstallGeneratorHelpers
8
+
9
+ def create_user_model
10
+ fname = "app/models/#{user_class.underscore}.rb"
11
+ if File.exist?(File.join(destination_root, fname))
12
+ inclusion = 'include DeviseTokenAuth::Concerns::User'
13
+ unless parse_file_for_line(fname, inclusion)
14
+ inject_into_file fname, before: /end\s\z/ do <<-'RUBY'
15
+
16
+ include Mongoid::Locker
17
+
18
+ field :locker_locked_at, type: Time
19
+ field :locker_locked_until, type: Time
20
+
21
+ locker locked_at_field: :locker_locked_at,
22
+ locked_until_field: :locker_locked_until
23
+
24
+ ## Required
25
+ field :provider, type: String
26
+ field :uid, type: String, default: ''
27
+
28
+ ## Tokens
29
+ field :tokens, type: Hash, default: {}
30
+
31
+ # Include default devise modules. Others available are:
32
+ # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
33
+ devise :database_authenticatable, :registerable,
34
+ :recoverable, :rememberable, :validatable
35
+ include DeviseTokenAuth::Concerns::User
36
+
37
+ index({ uid: 1, provider: 1}, { name: 'uid_provider_index', unique: true, background: true })
38
+ RUBY
39
+ end
40
+ end
41
+ else
42
+ template('user_mongoid.rb.erb', fname)
43
+ end
44
+ end
45
+ end
46
+ end
@@ -11,6 +11,11 @@ DeviseTokenAuth.setup do |config|
11
11
  # determines how long tokens will remain valid after they are issued.
12
12
  # config.token_lifespan = 2.weeks
13
13
 
14
+ # Limiting the token_cost to just 4 in testing will increase the performance of
15
+ # your test suite dramatically. The possible cost value is within range from 4
16
+ # to 31. It is recommended to not use a value more than 10 in other environments.
17
+ config.token_cost = Rails.env.test? ? 4 : 10
18
+
14
19
  # Sets the max number of concurrent devices per user, which is 10 by default.
15
20
  # After this limit is reached, the oldest tokens will be removed.
16
21
  # config.max_number_of_devices = 10
@@ -43,8 +48,16 @@ DeviseTokenAuth.setup do |config|
43
48
  # :'uid' => 'uid',
44
49
  # :'token-type' => 'token-type' }
45
50
 
51
+ # Makes it possible to use custom uid column
52
+ # config.other_uid = "foo"
53
+
46
54
  # By default, only Bearer Token authentication is implemented out of the box.
47
55
  # If, however, you wish to integrate with legacy Devise authentication, you can
48
56
  # do so by enabling this flag. NOTE: This feature is highly experimental!
49
57
  # config.enable_standard_devise_support = false
58
+
59
+ # By default DeviseTokenAuth will not send confirmation email, even when including
60
+ # devise confirmable module. If you want to use devise confirmable module and
61
+ # send email, set it to true. (This is a setting for compatibility)
62
+ # config.send_confirmation_email = true
50
63
  end
@@ -17,13 +17,6 @@ class DeviseTokenAuthCreate<%= user_class.pluralize.gsub("::","") %> < ActiveRec
17
17
  ## Rememberable
18
18
  t.datetime :remember_created_at
19
19
 
20
- ## Trackable
21
- t.integer :sign_in_count, :default => 0, :null => false
22
- t.datetime :current_sign_in_at
23
- t.datetime :last_sign_in_at
24
- t.string :current_sign_in_ip
25
- t.string :last_sign_in_ip
26
-
27
20
  ## Confirmable
28
21
  t.string :confirmation_token
29
22
  t.datetime :confirmed_at
@@ -51,6 +44,6 @@ class DeviseTokenAuthCreate<%= user_class.pluralize.gsub("::","") %> < ActiveRec
51
44
  add_index :<%= table_name %>, [:uid, :provider], unique: true
52
45
  add_index :<%= table_name %>, :reset_password_token, unique: true
53
46
  add_index :<%= table_name %>, :confirmation_token, unique: true
54
- # add_index :<%= table_name %>, :unlock_token, unique: true
47
+ # add_index :<%= table_name %>, :unlock_token, unique: true
55
48
  end
56
49
  end
@@ -2,8 +2,8 @@
2
2
 
3
3
  class <%= user_class %> < ActiveRecord::Base
4
4
  # Include default devise modules. Others available are:
5
- # :confirmable, :lockable, :timeoutable and :omniauthable
5
+ # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
6
6
  devise :database_authenticatable, :registerable,
7
- :recoverable, :rememberable, :trackable, :validatable
7
+ :recoverable, :rememberable, :validatable
8
8
  include DeviseTokenAuth::Concerns::User
9
9
  end
@@ -0,0 +1,56 @@
1
+ # frozen_string_literal: true
2
+
3
+ class <%= user_class %>
4
+ include Mongoid::Document
5
+ include Mongoid::Timestamps
6
+ include Mongoid::Locker
7
+
8
+ field :locker_locked_at, type: Time
9
+ field :locker_locked_until, type: Time
10
+
11
+ locker locked_at_field: :locker_locked_at,
12
+ locked_until_field: :locker_locked_until
13
+
14
+ ## Database authenticatable
15
+ field :email, type: String, default: ''
16
+ field :encrypted_password, type: String, default: ''
17
+
18
+ ## Recoverable
19
+ field :reset_password_token, type: String
20
+ field :reset_password_sent_at, type: Time
21
+ field :reset_password_redirect_url, type: String
22
+ field :allow_password_change, type: Boolean, default: false
23
+
24
+ ## Rememberable
25
+ field :remember_created_at, type: Time
26
+
27
+ ## Confirmable
28
+ field :confirmation_token, type: String
29
+ field :confirmed_at, type: Time
30
+ field :confirmation_sent_at, type: Time
31
+ field :unconfirmed_email, type: String # Only if using reconfirmable
32
+
33
+ ## Lockable
34
+ # field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts
35
+ # field :unlock_token, type: String # Only if unlock strategy is :email or :both
36
+ # field :locked_at, type: Time
37
+
38
+ ## Required
39
+ field :provider, type: String
40
+ field :uid, type: String, default: ''
41
+
42
+ ## Tokens
43
+ field :tokens, type: Hash, default: {}
44
+
45
+ # Include default devise modules. Others available are:
46
+ # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
47
+ devise :database_authenticatable, :registerable,
48
+ :recoverable, :rememberable, :validatable
49
+ include DeviseTokenAuth::Concerns::User
50
+
51
+ index({ email: 1 }, { name: 'email_index', unique: true, background: true })
52
+ index({ reset_password_token: 1 }, { name: 'reset_password_token_index', unique: true, sparse: true, background: true })
53
+ index({ confirmation_token: 1 }, { name: 'confirmation_token_index', unique: true, sparse: true, background: true })
54
+ index({ uid: 1, provider: 1}, { name: 'uid_provider_index', unique: true, background: true })
55
+ # index({ unlock_token: 1 }, { name: 'unlock_token_index', unique: true, sparse: true, background: true })
56
+ end
@@ -5,7 +5,7 @@ require 'test_helper'
5
5
  class Custom::ConfirmationsControllerTest < ActionController::TestCase
6
6
  describe Custom::ConfirmationsController do
7
7
  include CustomControllersRoutes
8
-
8
+
9
9
  before do
10
10
  @redirect_url = Faker::Internet.url
11
11
  @new_user = create(:user)
@@ -235,7 +235,7 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
235
235
  @resource.reload
236
236
  age_token(@resource, @client_id)
237
237
 
238
- # use expired auth header
238
+ # use previous auth header
239
239
  get '/demo/members_only_mang',
240
240
  params: {},
241
241
  headers: @auth_headers
@@ -244,38 +244,67 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
244
244
  @second_user = assigns(:resource)
245
245
  @second_access_token = response.headers['access-token']
246
246
  @second_response_status = response.status
247
+
248
+ @resource.reload
249
+ age_token(@resource, @client_id)
250
+
251
+ # use expired auth headers
252
+ get '/demo/members_only_mang',
253
+ params: {},
254
+ headers: @auth_headers
255
+
256
+ @third_is_batch_request = assigns(:is_batch_request)
257
+ @third_user = assigns(:resource)
258
+ @third_access_token = response.headers['access-token']
259
+ @third_response_status = response.status
247
260
  end
248
261
 
249
262
  it 'should allow the first request through' do
250
263
  assert_equal 200, @first_response_status
251
264
  end
252
265
 
266
+ it 'should allow the second request through' do
267
+ assert_equal 200, @second_response_status
268
+ end
269
+
253
270
  it 'should not allow the second request through' do
254
- assert_equal 401, @second_response_status
271
+ assert_equal 401, @third_response_status
255
272
  end
256
273
 
257
274
  it 'should not treat first request as batch request' do
275
+ refute @first_is_batch_request
276
+ end
277
+
278
+ it 'should not treat second request as batch request' do
258
279
  refute @second_is_batch_request
259
280
  end
260
281
 
282
+ it 'should not treat third request as batch request' do
283
+ refute @third_is_batch_request
284
+ end
285
+
261
286
  it 'should return auth headers from the first request' do
262
287
  assert @first_access_token
263
288
  end
264
289
 
265
- it 'should not treat second request as batch request' do
266
- refute @second_is_batch_request
290
+ it 'should return auth headers from the second request' do
291
+ assert @second_access_token
267
292
  end
268
293
 
269
- it 'should not return auth headers from the second request' do
270
- refute @second_access_token
294
+ it 'should not return auth headers from the third request' do
295
+ refute @third_access_token
271
296
  end
272
297
 
273
298
  it 'should define user during first request' do
274
299
  assert @first_user
275
300
  end
276
301
 
277
- it 'should not define user during second request' do
278
- refute @second_user
302
+ it 'should define user during second request' do
303
+ assert @second_user
304
+ end
305
+
306
+ it 'should not define user during third request' do
307
+ refute @third_user
279
308
  end
280
309
  end
281
310
  end
@@ -265,7 +265,7 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
265
265
  @resource.reload
266
266
  age_token(@resource, @client_id)
267
267
 
268
- # use expired auth header
268
+ # use previous auth header
269
269
  get '/demo/members_only',
270
270
  params: {},
271
271
  headers: @auth_headers
@@ -274,38 +274,67 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
274
274
  @second_user = assigns(:resource)
275
275
  @second_access_token = response.headers['access-token']
276
276
  @second_response_status = response.status
277
+
278
+ @resource.reload
279
+ age_token(@resource, @client_id)
280
+
281
+ # use expired auth headers
282
+ get '/demo/members_only_mang',
283
+ params: {},
284
+ headers: @auth_headers
285
+
286
+ @third_is_batch_request = assigns(:is_batch_request)
287
+ @third_user = assigns(:resource)
288
+ @third_access_token = response.headers['access-token']
289
+ @third_response_status = response.status
277
290
  end
278
291
 
279
292
  it 'should allow the first request through' do
280
293
  assert_equal 200, @first_response_status
281
294
  end
282
295
 
296
+ it 'should allow the second request through' do
297
+ assert_equal 200, @second_response_status
298
+ end
299
+
283
300
  it 'should not allow the second request through' do
284
- assert_equal 401, @second_response_status
301
+ assert_equal 401, @third_response_status
285
302
  end
286
303
 
287
304
  it 'should not treat first request as batch request' do
305
+ refute @first_is_batch_request
306
+ end
307
+
308
+ it 'should not treat second request as batch request' do
288
309
  refute @second_is_batch_request
289
310
  end
290
311
 
312
+ it 'should not treat third request as batch request' do
313
+ refute @third_is_batch_request
314
+ end
315
+
291
316
  it 'should return auth headers from the first request' do
292
317
  assert @first_access_token
293
318
  end
294
319
 
295
- it 'should not treat second request as batch request' do
296
- refute @second_is_batch_request
320
+ it 'should return auth headers from the second request' do
321
+ assert @second_access_token
297
322
  end
298
323
 
299
- it 'should not return auth headers from the second request' do
300
- refute @second_access_token
324
+ it 'should not return auth headers from the third request' do
325
+ refute @third_access_token
301
326
  end
302
327
 
303
328
  it 'should define user during first request' do
304
329
  assert @first_user
305
330
  end
306
331
 
307
- it 'should not define user during second request' do
308
- refute @second_user
332
+ it 'should define user during second request' do
333
+ assert @second_user
334
+ end
335
+
336
+ it 'should not define user during third request' do
337
+ refute @third_user
309
338
  end
310
339
  end
311
340
  end
@@ -321,8 +350,8 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
321
350
  assert @resource.tokens.count > 1
322
351
 
323
352
  # password changed from new device
324
- @resource.update_attributes(password: 'newsecret123',
325
- password_confirmation: 'newsecret123')
353
+ @resource.update(password: 'newsecret123',
354
+ password_confirmation: 'newsecret123')
326
355
 
327
356
  get '/demo/members_only',
328
357
  params: {},
@@ -23,6 +23,7 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
23
23
  @new_user.send_confirmation_instructions(redirect_url: @redirect_url)
24
24
  mail = ActionMailer::Base.deliveries.last
25
25
  @token, @client_config = token_and_client_config_from(mail.body)
26
+ @token_params = %w[access-token client client_id config expiry token uid]
26
27
  end
27
28
 
28
29
  test 'should generate raw token' do
@@ -38,32 +39,164 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
38
39
  end
39
40
 
40
41
  describe 'success' do
41
- before do
42
- get :show,
43
- params: { confirmation_token: @token,
44
- redirect_url: @redirect_url },
45
- xhr: true
46
- @resource = assigns(:resource)
47
- end
42
+ describe 'when authenticated' do
43
+ before do
44
+ sign_in(@new_user)
45
+ get :show,
46
+ params: { confirmation_token: @token,
47
+ redirect_url: @redirect_url },
48
+ xhr: true
49
+ @resource = assigns(:resource)
50
+ end
48
51
 
49
- test 'user should now be confirmed' do
50
- assert @resource.confirmed?
51
- end
52
+ test 'user should now be confirmed' do
53
+ assert @resource.confirmed?
54
+ end
55
+
56
+ test 'should save the authentication token' do
57
+ assert @resource.reload.tokens.present?
58
+ end
59
+
60
+ test 'should redirect to success url' do
61
+ assert_redirected_to(/^#{@redirect_url}/)
62
+ end
52
63
 
53
- test 'should redirect to success url' do
54
- assert_redirected_to(/^#{@redirect_url}/)
64
+ test 'redirect url includes token params' do
65
+ assert @token_params.all? { |param| response.body.include?(param) }
66
+ assert response.body.include?('account_confirmation_success')
67
+ end
55
68
  end
56
69
 
57
- test 'the sign_in_count should be 1' do
58
- assert @resource.sign_in_count == 1
70
+ describe 'when unauthenticated' do
71
+ before do
72
+ sign_out(@new_user)
73
+ get :show,
74
+ params: { confirmation_token: @token,
75
+ redirect_url: @redirect_url },
76
+ xhr: true
77
+ @resource = assigns(:resource)
78
+ end
79
+
80
+ test 'user should now be confirmed' do
81
+ assert @resource.confirmed?
82
+ end
83
+
84
+ test 'should redirect to success url' do
85
+ assert_redirected_to(/^#{@redirect_url}/)
86
+ end
87
+
88
+ test 'redirect url does not include token params' do
89
+ refute @token_params.any? { |param| response.body.include?(param) }
90
+ assert response.body.include?('account_confirmation_success')
91
+ end
59
92
  end
60
93
 
61
- test 'User shoud have the signed in info filled' do
62
- assert @resource.current_sign_in_at?
94
+ describe 'resend confirmation' do
95
+ describe 'without paranoid mode' do
96
+
97
+ describe 'on success' do
98
+ before do
99
+ post :create,
100
+ params: { email: @new_user.email,
101
+ redirect_url: @redirect_url },
102
+ xhr: true
103
+ @resource = assigns(:resource)
104
+ @data = JSON.parse(response.body)
105
+ @mail = ActionMailer::Base.deliveries.last
106
+ @token, @client_config = token_and_client_config_from(@mail.body)
107
+ end
108
+
109
+ test 'user should not be confirmed' do
110
+ assert_nil @resource.confirmed_at
111
+ end
112
+
113
+ test 'should generate raw token' do
114
+ assert @token
115
+ assert_equal @new_user.confirmation_token, @token
116
+ end
117
+
118
+ test 'user should receive confirmation email' do
119
+ assert_equal @resource.email, @mail['to'].to_s
120
+ end
121
+
122
+ test 'response should contain message' do
123
+ assert_equal @data['message'], I18n.t('devise_token_auth.confirmations.sended', email: @resource.email)
124
+ end
125
+ end
126
+
127
+ describe 'on failure' do
128
+ before do
129
+ post :create,
130
+ params: { email: 'chester@cheet.ah',
131
+ redirect_url: @redirect_url },
132
+ xhr: true
133
+ @data = JSON.parse(response.body)
134
+ end
135
+
136
+ test 'response should contain errors' do
137
+ assert_equal @data['errors'], [I18n.t('devise_token_auth.confirmations.user_not_found', email: 'chester@cheet.ah')]
138
+ end
139
+ end
140
+ end
63
141
  end
64
142
 
65
- test 'User shoud have the Last checkin filled' do
66
- assert @resource.last_sign_in_at?
143
+ describe 'with paranoid mode' do
144
+ describe 'on success' do
145
+ before do
146
+ swap Devise, paranoid: true do
147
+ post :create,
148
+ params: { email: @new_user.email,
149
+ redirect_url: @redirect_url },
150
+ xhr: true
151
+ @resource = assigns(:resource)
152
+ @data = JSON.parse(response.body)
153
+ @mail = ActionMailer::Base.deliveries.last
154
+ @token, @client_config = token_and_client_config_from(@mail.body)
155
+ end
156
+ end
157
+
158
+ test 'user should not be confirmed' do
159
+ assert_nil @resource.confirmed_at
160
+ end
161
+
162
+ test 'should generate raw token' do
163
+ assert @token
164
+ assert_equal @new_user.confirmation_token, @token
165
+ end
166
+
167
+ test 'user should receive confirmation email' do
168
+ assert_equal @resource.email, @mail['to'].to_s
169
+ end
170
+
171
+ test 'response should contain message' do
172
+ assert_equal @data['message'], I18n.t('devise_token_auth.confirmations.sended_paranoid', email: @resource.email)
173
+ end
174
+
175
+ test 'response should return success status' do
176
+ assert_equal 200, response.status
177
+ end
178
+ end
179
+
180
+ describe 'on failure' do
181
+ before do
182
+ swap Devise, paranoid: true do
183
+ @email = 'chester@cheet.ah'
184
+ post :create,
185
+ params: { email: @email,
186
+ redirect_url: @redirect_url },
187
+ xhr: true
188
+ @data = JSON.parse(response.body)
189
+ end
190
+ end
191
+
192
+ test 'response should not contain errors' do
193
+ assert_equal @data['message'], I18n.t('devise_token_auth.confirmations.sended_paranoid', email: @email)
194
+ end
195
+
196
+ test 'response should return success status' do
197
+ assert_equal 200, response.status
198
+ end
199
+ end
67
200
  end
68
201
  end
69
202
 
@@ -75,6 +208,18 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
75
208
  @resource = assigns(:resource)
76
209
  refute @resource.confirmed?
77
210
  end
211
+
212
+ test 'request resend confirmation without email' do
213
+ post :create, params: { email: nil }, xhr: true
214
+
215
+ assert_equal 401, response.status
216
+ end
217
+
218
+ test 'user should not be found on resend confirmation request' do
219
+ post :create, params: { email: 'bogus' }, xhr: true
220
+
221
+ assert_equal 404, response.status
222
+ end
78
223
  end
79
224
  end
80
225