devise_token_auth 1.0.0 → 1.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/README.md +4 -2
- data/app/controllers/devise_token_auth/application_controller.rb +19 -3
- data/app/controllers/devise_token_auth/concerns/resource_finder.rb +23 -11
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +78 -57
- data/app/controllers/devise_token_auth/confirmations_controller.rb +67 -20
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +82 -30
- data/app/controllers/devise_token_auth/passwords_controller.rb +53 -31
- data/app/controllers/devise_token_auth/registrations_controller.rb +33 -40
- data/app/controllers/devise_token_auth/sessions_controller.rb +24 -6
- data/app/controllers/devise_token_auth/unlocks_controller.rb +10 -6
- data/app/models/devise_token_auth/concerns/active_record_support.rb +14 -0
- data/app/models/devise_token_auth/concerns/confirmable_support.rb +28 -0
- data/app/models/devise_token_auth/concerns/mongoid_support.rb +19 -0
- data/app/models/devise_token_auth/concerns/tokens_serialization.rb +31 -0
- data/app/models/devise_token_auth/concerns/user.rb +77 -80
- data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +12 -5
- data/app/validators/{email_validator.rb → devise_token_auth_email_validator.rb} +11 -3
- data/app/views/devise_token_auth/omniauth_external_window.html.erb +1 -1
- data/config/locales/da-DK.yml +2 -0
- data/config/locales/de.yml +2 -0
- data/config/locales/en.yml +10 -0
- data/config/locales/es.yml +2 -0
- data/config/locales/fr.yml +2 -0
- data/config/locales/he.yml +52 -0
- data/config/locales/it.yml +2 -0
- data/config/locales/ja.yml +16 -2
- data/config/locales/ko.yml +51 -0
- data/config/locales/nl.yml +2 -0
- data/config/locales/pl.yml +6 -3
- data/config/locales/pt-BR.yml +2 -0
- data/config/locales/pt.yml +6 -3
- data/config/locales/ro.yml +2 -0
- data/config/locales/ru.yml +2 -0
- data/config/locales/sq.yml +2 -0
- data/config/locales/sv.yml +2 -0
- data/config/locales/uk.yml +2 -0
- data/config/locales/vi.yml +2 -0
- data/config/locales/zh-CN.yml +2 -0
- data/config/locales/zh-HK.yml +2 -0
- data/config/locales/zh-TW.yml +2 -0
- data/lib/devise_token_auth/blacklist.rb +6 -0
- data/lib/devise_token_auth/controllers/helpers.rb +5 -9
- data/lib/devise_token_auth/engine.rb +17 -2
- data/lib/devise_token_auth/rails/routes.rb +18 -13
- data/lib/devise_token_auth/token_factory.rb +126 -0
- data/lib/devise_token_auth/url.rb +3 -0
- data/lib/devise_token_auth/version.rb +1 -1
- data/lib/devise_token_auth.rb +6 -3
- data/lib/generators/devise_token_auth/USAGE +1 -1
- data/lib/generators/devise_token_auth/install_generator.rb +7 -91
- data/lib/generators/devise_token_auth/install_generator_helpers.rb +98 -0
- data/lib/generators/devise_token_auth/install_mongoid_generator.rb +46 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +13 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +1 -8
- data/lib/generators/devise_token_auth/templates/user.rb.erb +2 -2
- data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +56 -0
- data/test/controllers/custom/custom_confirmations_controller_test.rb +1 -1
- data/test/controllers/demo_mang_controller_test.rb +37 -8
- data/test/controllers/demo_user_controller_test.rb +39 -10
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +163 -18
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +110 -43
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +299 -122
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +54 -14
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +31 -40
- data/test/controllers/devise_token_auth/token_validations_controller_test.rb +43 -2
- data/test/controllers/devise_token_auth/unlocks_controller_test.rb +44 -5
- data/test/controllers/overrides/confirmations_controller_test.rb +1 -1
- data/test/dummy/app/active_record/confirmable_user.rb +11 -0
- data/test/dummy/app/{models → active_record}/scoped_user.rb +2 -2
- data/test/dummy/app/{models → active_record}/unconfirmable_user.rb +1 -2
- data/test/dummy/app/{models → active_record}/unregisterable_user.rb +3 -3
- data/test/dummy/app/active_record/user.rb +6 -0
- data/test/dummy/app/controllers/overrides/confirmations_controller.rb +3 -3
- data/test/dummy/app/controllers/overrides/passwords_controller.rb +3 -3
- data/test/dummy/app/controllers/overrides/registrations_controller.rb +1 -1
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +2 -2
- data/test/dummy/app/models/{user.rb → concerns/favorite_color.rb} +7 -8
- data/test/dummy/app/mongoid/confirmable_user.rb +52 -0
- data/test/dummy/app/mongoid/lockable_user.rb +38 -0
- data/test/dummy/app/mongoid/mang.rb +46 -0
- data/test/dummy/app/mongoid/only_email_user.rb +33 -0
- data/test/dummy/app/mongoid/scoped_user.rb +50 -0
- data/test/dummy/app/mongoid/unconfirmable_user.rb +44 -0
- data/test/dummy/app/mongoid/unregisterable_user.rb +47 -0
- data/test/dummy/app/mongoid/user.rb +49 -0
- data/test/dummy/app/views/layouts/application.html.erb +0 -2
- data/test/dummy/config/application.rb +22 -1
- data/test/dummy/config/boot.rb +4 -0
- data/test/dummy/config/environments/development.rb +0 -10
- data/test/dummy/config/environments/production.rb +0 -16
- data/test/dummy/config/initializers/devise.rb +285 -0
- data/test/dummy/config/initializers/devise_token_auth.rb +35 -4
- data/test/dummy/config/initializers/figaro.rb +1 -1
- data/test/dummy/config/initializers/omniauth.rb +1 -0
- data/test/dummy/config/routes.rb +2 -0
- data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +0 -7
- data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +0 -7
- data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +0 -7
- data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +0 -7
- data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +0 -7
- data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +0 -7
- data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +0 -7
- data/test/dummy/db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb +49 -0
- data/test/dummy/db/schema.rb +31 -33
- data/test/dummy/tmp/generators/app/models/user.rb +11 -0
- data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +60 -0
- data/test/dummy/tmp/generators/db/migrate/20220822003050_devise_token_auth_create_users.rb +49 -0
- data/test/factories/users.rb +3 -2
- data/test/lib/devise_token_auth/blacklist_test.rb +19 -0
- data/test/lib/devise_token_auth/rails/custom_routes_test.rb +29 -0
- data/test/lib/devise_token_auth/rails/routes_test.rb +87 -0
- data/test/lib/devise_token_auth/token_factory_test.rb +191 -0
- data/test/lib/devise_token_auth/url_test.rb +2 -2
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +51 -31
- data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +51 -31
- data/test/models/concerns/mongoid_support_test.rb +31 -0
- data/test/models/concerns/tokens_serialization_test.rb +104 -0
- data/test/models/confirmable_user_test.rb +35 -0
- data/test/models/only_email_user_test.rb +0 -8
- data/test/models/user_test.rb +13 -23
- data/test/test_helper.rb +45 -4
- metadata +126 -33
- data/config/initializers/devise.rb +0 -198
- data/test/dummy/config/initializers/assets.rb +0 -10
- data/test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb +0 -5
- data/test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb +0 -8
- /data/test/dummy/app/{models → active_record}/lockable_user.rb +0 -0
- /data/test/dummy/app/{models → active_record}/mang.rb +0 -0
- /data/test/dummy/app/{models → active_record}/only_email_user.rb +0 -0
@@ -0,0 +1,46 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative 'install_generator_helpers'
|
4
|
+
|
5
|
+
module DeviseTokenAuth
|
6
|
+
class InstallMongoidGenerator < Rails::Generators::Base
|
7
|
+
include DeviseTokenAuth::InstallGeneratorHelpers
|
8
|
+
|
9
|
+
def create_user_model
|
10
|
+
fname = "app/models/#{user_class.underscore}.rb"
|
11
|
+
if File.exist?(File.join(destination_root, fname))
|
12
|
+
inclusion = 'include DeviseTokenAuth::Concerns::User'
|
13
|
+
unless parse_file_for_line(fname, inclusion)
|
14
|
+
inject_into_file fname, before: /end\s\z/ do <<-'RUBY'
|
15
|
+
|
16
|
+
include Mongoid::Locker
|
17
|
+
|
18
|
+
field :locker_locked_at, type: Time
|
19
|
+
field :locker_locked_until, type: Time
|
20
|
+
|
21
|
+
locker locked_at_field: :locker_locked_at,
|
22
|
+
locked_until_field: :locker_locked_until
|
23
|
+
|
24
|
+
## Required
|
25
|
+
field :provider, type: String
|
26
|
+
field :uid, type: String, default: ''
|
27
|
+
|
28
|
+
## Tokens
|
29
|
+
field :tokens, type: Hash, default: {}
|
30
|
+
|
31
|
+
# Include default devise modules. Others available are:
|
32
|
+
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
|
33
|
+
devise :database_authenticatable, :registerable,
|
34
|
+
:recoverable, :rememberable, :validatable
|
35
|
+
include DeviseTokenAuth::Concerns::User
|
36
|
+
|
37
|
+
index({ uid: 1, provider: 1}, { name: 'uid_provider_index', unique: true, background: true })
|
38
|
+
RUBY
|
39
|
+
end
|
40
|
+
end
|
41
|
+
else
|
42
|
+
template('user_mongoid.rb.erb', fname)
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
@@ -11,6 +11,11 @@ DeviseTokenAuth.setup do |config|
|
|
11
11
|
# determines how long tokens will remain valid after they are issued.
|
12
12
|
# config.token_lifespan = 2.weeks
|
13
13
|
|
14
|
+
# Limiting the token_cost to just 4 in testing will increase the performance of
|
15
|
+
# your test suite dramatically. The possible cost value is within range from 4
|
16
|
+
# to 31. It is recommended to not use a value more than 10 in other environments.
|
17
|
+
config.token_cost = Rails.env.test? ? 4 : 10
|
18
|
+
|
14
19
|
# Sets the max number of concurrent devices per user, which is 10 by default.
|
15
20
|
# After this limit is reached, the oldest tokens will be removed.
|
16
21
|
# config.max_number_of_devices = 10
|
@@ -43,8 +48,16 @@ DeviseTokenAuth.setup do |config|
|
|
43
48
|
# :'uid' => 'uid',
|
44
49
|
# :'token-type' => 'token-type' }
|
45
50
|
|
51
|
+
# Makes it possible to use custom uid column
|
52
|
+
# config.other_uid = "foo"
|
53
|
+
|
46
54
|
# By default, only Bearer Token authentication is implemented out of the box.
|
47
55
|
# If, however, you wish to integrate with legacy Devise authentication, you can
|
48
56
|
# do so by enabling this flag. NOTE: This feature is highly experimental!
|
49
57
|
# config.enable_standard_devise_support = false
|
58
|
+
|
59
|
+
# By default DeviseTokenAuth will not send confirmation email, even when including
|
60
|
+
# devise confirmable module. If you want to use devise confirmable module and
|
61
|
+
# send email, set it to true. (This is a setting for compatibility)
|
62
|
+
# config.send_confirmation_email = true
|
50
63
|
end
|
@@ -17,13 +17,6 @@ class DeviseTokenAuthCreate<%= user_class.pluralize.gsub("::","") %> < ActiveRec
|
|
17
17
|
## Rememberable
|
18
18
|
t.datetime :remember_created_at
|
19
19
|
|
20
|
-
## Trackable
|
21
|
-
t.integer :sign_in_count, :default => 0, :null => false
|
22
|
-
t.datetime :current_sign_in_at
|
23
|
-
t.datetime :last_sign_in_at
|
24
|
-
t.string :current_sign_in_ip
|
25
|
-
t.string :last_sign_in_ip
|
26
|
-
|
27
20
|
## Confirmable
|
28
21
|
t.string :confirmation_token
|
29
22
|
t.datetime :confirmed_at
|
@@ -51,6 +44,6 @@ class DeviseTokenAuthCreate<%= user_class.pluralize.gsub("::","") %> < ActiveRec
|
|
51
44
|
add_index :<%= table_name %>, [:uid, :provider], unique: true
|
52
45
|
add_index :<%= table_name %>, :reset_password_token, unique: true
|
53
46
|
add_index :<%= table_name %>, :confirmation_token, unique: true
|
54
|
-
# add_index :<%= table_name %>, :unlock_token,
|
47
|
+
# add_index :<%= table_name %>, :unlock_token, unique: true
|
55
48
|
end
|
56
49
|
end
|
@@ -2,8 +2,8 @@
|
|
2
2
|
|
3
3
|
class <%= user_class %> < ActiveRecord::Base
|
4
4
|
# Include default devise modules. Others available are:
|
5
|
-
# :confirmable, :lockable, :timeoutable and :omniauthable
|
5
|
+
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
|
6
6
|
devise :database_authenticatable, :registerable,
|
7
|
-
:recoverable, :rememberable, :
|
7
|
+
:recoverable, :rememberable, :validatable
|
8
8
|
include DeviseTokenAuth::Concerns::User
|
9
9
|
end
|
@@ -0,0 +1,56 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
class <%= user_class %>
|
4
|
+
include Mongoid::Document
|
5
|
+
include Mongoid::Timestamps
|
6
|
+
include Mongoid::Locker
|
7
|
+
|
8
|
+
field :locker_locked_at, type: Time
|
9
|
+
field :locker_locked_until, type: Time
|
10
|
+
|
11
|
+
locker locked_at_field: :locker_locked_at,
|
12
|
+
locked_until_field: :locker_locked_until
|
13
|
+
|
14
|
+
## Database authenticatable
|
15
|
+
field :email, type: String, default: ''
|
16
|
+
field :encrypted_password, type: String, default: ''
|
17
|
+
|
18
|
+
## Recoverable
|
19
|
+
field :reset_password_token, type: String
|
20
|
+
field :reset_password_sent_at, type: Time
|
21
|
+
field :reset_password_redirect_url, type: String
|
22
|
+
field :allow_password_change, type: Boolean, default: false
|
23
|
+
|
24
|
+
## Rememberable
|
25
|
+
field :remember_created_at, type: Time
|
26
|
+
|
27
|
+
## Confirmable
|
28
|
+
field :confirmation_token, type: String
|
29
|
+
field :confirmed_at, type: Time
|
30
|
+
field :confirmation_sent_at, type: Time
|
31
|
+
field :unconfirmed_email, type: String # Only if using reconfirmable
|
32
|
+
|
33
|
+
## Lockable
|
34
|
+
# field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts
|
35
|
+
# field :unlock_token, type: String # Only if unlock strategy is :email or :both
|
36
|
+
# field :locked_at, type: Time
|
37
|
+
|
38
|
+
## Required
|
39
|
+
field :provider, type: String
|
40
|
+
field :uid, type: String, default: ''
|
41
|
+
|
42
|
+
## Tokens
|
43
|
+
field :tokens, type: Hash, default: {}
|
44
|
+
|
45
|
+
# Include default devise modules. Others available are:
|
46
|
+
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
|
47
|
+
devise :database_authenticatable, :registerable,
|
48
|
+
:recoverable, :rememberable, :validatable
|
49
|
+
include DeviseTokenAuth::Concerns::User
|
50
|
+
|
51
|
+
index({ email: 1 }, { name: 'email_index', unique: true, background: true })
|
52
|
+
index({ reset_password_token: 1 }, { name: 'reset_password_token_index', unique: true, sparse: true, background: true })
|
53
|
+
index({ confirmation_token: 1 }, { name: 'confirmation_token_index', unique: true, sparse: true, background: true })
|
54
|
+
index({ uid: 1, provider: 1}, { name: 'uid_provider_index', unique: true, background: true })
|
55
|
+
# index({ unlock_token: 1 }, { name: 'unlock_token_index', unique: true, sparse: true, background: true })
|
56
|
+
end
|
@@ -235,7 +235,7 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
|
|
235
235
|
@resource.reload
|
236
236
|
age_token(@resource, @client_id)
|
237
237
|
|
238
|
-
# use
|
238
|
+
# use previous auth header
|
239
239
|
get '/demo/members_only_mang',
|
240
240
|
params: {},
|
241
241
|
headers: @auth_headers
|
@@ -244,38 +244,67 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
|
|
244
244
|
@second_user = assigns(:resource)
|
245
245
|
@second_access_token = response.headers['access-token']
|
246
246
|
@second_response_status = response.status
|
247
|
+
|
248
|
+
@resource.reload
|
249
|
+
age_token(@resource, @client_id)
|
250
|
+
|
251
|
+
# use expired auth headers
|
252
|
+
get '/demo/members_only_mang',
|
253
|
+
params: {},
|
254
|
+
headers: @auth_headers
|
255
|
+
|
256
|
+
@third_is_batch_request = assigns(:is_batch_request)
|
257
|
+
@third_user = assigns(:resource)
|
258
|
+
@third_access_token = response.headers['access-token']
|
259
|
+
@third_response_status = response.status
|
247
260
|
end
|
248
261
|
|
249
262
|
it 'should allow the first request through' do
|
250
263
|
assert_equal 200, @first_response_status
|
251
264
|
end
|
252
265
|
|
266
|
+
it 'should allow the second request through' do
|
267
|
+
assert_equal 200, @second_response_status
|
268
|
+
end
|
269
|
+
|
253
270
|
it 'should not allow the second request through' do
|
254
|
-
assert_equal 401, @
|
271
|
+
assert_equal 401, @third_response_status
|
255
272
|
end
|
256
273
|
|
257
274
|
it 'should not treat first request as batch request' do
|
275
|
+
refute @first_is_batch_request
|
276
|
+
end
|
277
|
+
|
278
|
+
it 'should not treat second request as batch request' do
|
258
279
|
refute @second_is_batch_request
|
259
280
|
end
|
260
281
|
|
282
|
+
it 'should not treat third request as batch request' do
|
283
|
+
refute @third_is_batch_request
|
284
|
+
end
|
285
|
+
|
261
286
|
it 'should return auth headers from the first request' do
|
262
287
|
assert @first_access_token
|
263
288
|
end
|
264
289
|
|
265
|
-
it 'should
|
266
|
-
|
290
|
+
it 'should return auth headers from the second request' do
|
291
|
+
assert @second_access_token
|
267
292
|
end
|
268
293
|
|
269
|
-
it 'should not return auth headers from the
|
270
|
-
refute @
|
294
|
+
it 'should not return auth headers from the third request' do
|
295
|
+
refute @third_access_token
|
271
296
|
end
|
272
297
|
|
273
298
|
it 'should define user during first request' do
|
274
299
|
assert @first_user
|
275
300
|
end
|
276
301
|
|
277
|
-
it 'should
|
278
|
-
|
302
|
+
it 'should define user during second request' do
|
303
|
+
assert @second_user
|
304
|
+
end
|
305
|
+
|
306
|
+
it 'should not define user during third request' do
|
307
|
+
refute @third_user
|
279
308
|
end
|
280
309
|
end
|
281
310
|
end
|
@@ -265,7 +265,7 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
|
|
265
265
|
@resource.reload
|
266
266
|
age_token(@resource, @client_id)
|
267
267
|
|
268
|
-
# use
|
268
|
+
# use previous auth header
|
269
269
|
get '/demo/members_only',
|
270
270
|
params: {},
|
271
271
|
headers: @auth_headers
|
@@ -274,38 +274,67 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
|
|
274
274
|
@second_user = assigns(:resource)
|
275
275
|
@second_access_token = response.headers['access-token']
|
276
276
|
@second_response_status = response.status
|
277
|
+
|
278
|
+
@resource.reload
|
279
|
+
age_token(@resource, @client_id)
|
280
|
+
|
281
|
+
# use expired auth headers
|
282
|
+
get '/demo/members_only_mang',
|
283
|
+
params: {},
|
284
|
+
headers: @auth_headers
|
285
|
+
|
286
|
+
@third_is_batch_request = assigns(:is_batch_request)
|
287
|
+
@third_user = assigns(:resource)
|
288
|
+
@third_access_token = response.headers['access-token']
|
289
|
+
@third_response_status = response.status
|
277
290
|
end
|
278
291
|
|
279
292
|
it 'should allow the first request through' do
|
280
293
|
assert_equal 200, @first_response_status
|
281
294
|
end
|
282
295
|
|
296
|
+
it 'should allow the second request through' do
|
297
|
+
assert_equal 200, @second_response_status
|
298
|
+
end
|
299
|
+
|
283
300
|
it 'should not allow the second request through' do
|
284
|
-
assert_equal 401, @
|
301
|
+
assert_equal 401, @third_response_status
|
285
302
|
end
|
286
303
|
|
287
304
|
it 'should not treat first request as batch request' do
|
305
|
+
refute @first_is_batch_request
|
306
|
+
end
|
307
|
+
|
308
|
+
it 'should not treat second request as batch request' do
|
288
309
|
refute @second_is_batch_request
|
289
310
|
end
|
290
311
|
|
312
|
+
it 'should not treat third request as batch request' do
|
313
|
+
refute @third_is_batch_request
|
314
|
+
end
|
315
|
+
|
291
316
|
it 'should return auth headers from the first request' do
|
292
317
|
assert @first_access_token
|
293
318
|
end
|
294
319
|
|
295
|
-
it 'should
|
296
|
-
|
320
|
+
it 'should return auth headers from the second request' do
|
321
|
+
assert @second_access_token
|
297
322
|
end
|
298
323
|
|
299
|
-
it 'should not return auth headers from the
|
300
|
-
refute @
|
324
|
+
it 'should not return auth headers from the third request' do
|
325
|
+
refute @third_access_token
|
301
326
|
end
|
302
327
|
|
303
328
|
it 'should define user during first request' do
|
304
329
|
assert @first_user
|
305
330
|
end
|
306
331
|
|
307
|
-
it 'should
|
308
|
-
|
332
|
+
it 'should define user during second request' do
|
333
|
+
assert @second_user
|
334
|
+
end
|
335
|
+
|
336
|
+
it 'should not define user during third request' do
|
337
|
+
refute @third_user
|
309
338
|
end
|
310
339
|
end
|
311
340
|
end
|
@@ -321,8 +350,8 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
|
|
321
350
|
assert @resource.tokens.count > 1
|
322
351
|
|
323
352
|
# password changed from new device
|
324
|
-
@resource.
|
325
|
-
|
353
|
+
@resource.update(password: 'newsecret123',
|
354
|
+
password_confirmation: 'newsecret123')
|
326
355
|
|
327
356
|
get '/demo/members_only',
|
328
357
|
params: {},
|
@@ -23,6 +23,7 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
|
23
23
|
@new_user.send_confirmation_instructions(redirect_url: @redirect_url)
|
24
24
|
mail = ActionMailer::Base.deliveries.last
|
25
25
|
@token, @client_config = token_and_client_config_from(mail.body)
|
26
|
+
@token_params = %w[access-token client client_id config expiry token uid]
|
26
27
|
end
|
27
28
|
|
28
29
|
test 'should generate raw token' do
|
@@ -38,32 +39,164 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
|
38
39
|
end
|
39
40
|
|
40
41
|
describe 'success' do
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
42
|
+
describe 'when authenticated' do
|
43
|
+
before do
|
44
|
+
sign_in(@new_user)
|
45
|
+
get :show,
|
46
|
+
params: { confirmation_token: @token,
|
47
|
+
redirect_url: @redirect_url },
|
48
|
+
xhr: true
|
49
|
+
@resource = assigns(:resource)
|
50
|
+
end
|
48
51
|
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
+
test 'user should now be confirmed' do
|
53
|
+
assert @resource.confirmed?
|
54
|
+
end
|
55
|
+
|
56
|
+
test 'should save the authentication token' do
|
57
|
+
assert @resource.reload.tokens.present?
|
58
|
+
end
|
59
|
+
|
60
|
+
test 'should redirect to success url' do
|
61
|
+
assert_redirected_to(/^#{@redirect_url}/)
|
62
|
+
end
|
52
63
|
|
53
|
-
|
54
|
-
|
64
|
+
test 'redirect url includes token params' do
|
65
|
+
assert @token_params.all? { |param| response.body.include?(param) }
|
66
|
+
assert response.body.include?('account_confirmation_success')
|
67
|
+
end
|
55
68
|
end
|
56
69
|
|
57
|
-
|
58
|
-
|
70
|
+
describe 'when unauthenticated' do
|
71
|
+
before do
|
72
|
+
sign_out(@new_user)
|
73
|
+
get :show,
|
74
|
+
params: { confirmation_token: @token,
|
75
|
+
redirect_url: @redirect_url },
|
76
|
+
xhr: true
|
77
|
+
@resource = assigns(:resource)
|
78
|
+
end
|
79
|
+
|
80
|
+
test 'user should now be confirmed' do
|
81
|
+
assert @resource.confirmed?
|
82
|
+
end
|
83
|
+
|
84
|
+
test 'should redirect to success url' do
|
85
|
+
assert_redirected_to(/^#{@redirect_url}/)
|
86
|
+
end
|
87
|
+
|
88
|
+
test 'redirect url does not include token params' do
|
89
|
+
refute @token_params.any? { |param| response.body.include?(param) }
|
90
|
+
assert response.body.include?('account_confirmation_success')
|
91
|
+
end
|
59
92
|
end
|
60
93
|
|
61
|
-
|
62
|
-
|
94
|
+
describe 'resend confirmation' do
|
95
|
+
describe 'without paranoid mode' do
|
96
|
+
|
97
|
+
describe 'on success' do
|
98
|
+
before do
|
99
|
+
post :create,
|
100
|
+
params: { email: @new_user.email,
|
101
|
+
redirect_url: @redirect_url },
|
102
|
+
xhr: true
|
103
|
+
@resource = assigns(:resource)
|
104
|
+
@data = JSON.parse(response.body)
|
105
|
+
@mail = ActionMailer::Base.deliveries.last
|
106
|
+
@token, @client_config = token_and_client_config_from(@mail.body)
|
107
|
+
end
|
108
|
+
|
109
|
+
test 'user should not be confirmed' do
|
110
|
+
assert_nil @resource.confirmed_at
|
111
|
+
end
|
112
|
+
|
113
|
+
test 'should generate raw token' do
|
114
|
+
assert @token
|
115
|
+
assert_equal @new_user.confirmation_token, @token
|
116
|
+
end
|
117
|
+
|
118
|
+
test 'user should receive confirmation email' do
|
119
|
+
assert_equal @resource.email, @mail['to'].to_s
|
120
|
+
end
|
121
|
+
|
122
|
+
test 'response should contain message' do
|
123
|
+
assert_equal @data['message'], I18n.t('devise_token_auth.confirmations.sended', email: @resource.email)
|
124
|
+
end
|
125
|
+
end
|
126
|
+
|
127
|
+
describe 'on failure' do
|
128
|
+
before do
|
129
|
+
post :create,
|
130
|
+
params: { email: 'chester@cheet.ah',
|
131
|
+
redirect_url: @redirect_url },
|
132
|
+
xhr: true
|
133
|
+
@data = JSON.parse(response.body)
|
134
|
+
end
|
135
|
+
|
136
|
+
test 'response should contain errors' do
|
137
|
+
assert_equal @data['errors'], [I18n.t('devise_token_auth.confirmations.user_not_found', email: 'chester@cheet.ah')]
|
138
|
+
end
|
139
|
+
end
|
140
|
+
end
|
63
141
|
end
|
64
142
|
|
65
|
-
|
66
|
-
|
143
|
+
describe 'with paranoid mode' do
|
144
|
+
describe 'on success' do
|
145
|
+
before do
|
146
|
+
swap Devise, paranoid: true do
|
147
|
+
post :create,
|
148
|
+
params: { email: @new_user.email,
|
149
|
+
redirect_url: @redirect_url },
|
150
|
+
xhr: true
|
151
|
+
@resource = assigns(:resource)
|
152
|
+
@data = JSON.parse(response.body)
|
153
|
+
@mail = ActionMailer::Base.deliveries.last
|
154
|
+
@token, @client_config = token_and_client_config_from(@mail.body)
|
155
|
+
end
|
156
|
+
end
|
157
|
+
|
158
|
+
test 'user should not be confirmed' do
|
159
|
+
assert_nil @resource.confirmed_at
|
160
|
+
end
|
161
|
+
|
162
|
+
test 'should generate raw token' do
|
163
|
+
assert @token
|
164
|
+
assert_equal @new_user.confirmation_token, @token
|
165
|
+
end
|
166
|
+
|
167
|
+
test 'user should receive confirmation email' do
|
168
|
+
assert_equal @resource.email, @mail['to'].to_s
|
169
|
+
end
|
170
|
+
|
171
|
+
test 'response should contain message' do
|
172
|
+
assert_equal @data['message'], I18n.t('devise_token_auth.confirmations.sended_paranoid', email: @resource.email)
|
173
|
+
end
|
174
|
+
|
175
|
+
test 'response should return success status' do
|
176
|
+
assert_equal 200, response.status
|
177
|
+
end
|
178
|
+
end
|
179
|
+
|
180
|
+
describe 'on failure' do
|
181
|
+
before do
|
182
|
+
swap Devise, paranoid: true do
|
183
|
+
@email = 'chester@cheet.ah'
|
184
|
+
post :create,
|
185
|
+
params: { email: @email,
|
186
|
+
redirect_url: @redirect_url },
|
187
|
+
xhr: true
|
188
|
+
@data = JSON.parse(response.body)
|
189
|
+
end
|
190
|
+
end
|
191
|
+
|
192
|
+
test 'response should not contain errors' do
|
193
|
+
assert_equal @data['message'], I18n.t('devise_token_auth.confirmations.sended_paranoid', email: @email)
|
194
|
+
end
|
195
|
+
|
196
|
+
test 'response should return success status' do
|
197
|
+
assert_equal 200, response.status
|
198
|
+
end
|
199
|
+
end
|
67
200
|
end
|
68
201
|
end
|
69
202
|
|
@@ -75,6 +208,18 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
|
75
208
|
@resource = assigns(:resource)
|
76
209
|
refute @resource.confirmed?
|
77
210
|
end
|
211
|
+
|
212
|
+
test 'request resend confirmation without email' do
|
213
|
+
post :create, params: { email: nil }, xhr: true
|
214
|
+
|
215
|
+
assert_equal 401, response.status
|
216
|
+
end
|
217
|
+
|
218
|
+
test 'user should not be found on resend confirmation request' do
|
219
|
+
post :create, params: { email: 'bogus' }, xhr: true
|
220
|
+
|
221
|
+
assert_equal 404, response.status
|
222
|
+
end
|
78
223
|
end
|
79
224
|
end
|
80
225
|
|