devise_token_auth 1.0.0 → 1.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/README.md +4 -2
- data/app/controllers/devise_token_auth/application_controller.rb +19 -3
- data/app/controllers/devise_token_auth/concerns/resource_finder.rb +23 -11
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +78 -57
- data/app/controllers/devise_token_auth/confirmations_controller.rb +67 -20
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +82 -30
- data/app/controllers/devise_token_auth/passwords_controller.rb +53 -31
- data/app/controllers/devise_token_auth/registrations_controller.rb +33 -40
- data/app/controllers/devise_token_auth/sessions_controller.rb +24 -6
- data/app/controllers/devise_token_auth/unlocks_controller.rb +10 -6
- data/app/models/devise_token_auth/concerns/active_record_support.rb +14 -0
- data/app/models/devise_token_auth/concerns/confirmable_support.rb +28 -0
- data/app/models/devise_token_auth/concerns/mongoid_support.rb +19 -0
- data/app/models/devise_token_auth/concerns/tokens_serialization.rb +31 -0
- data/app/models/devise_token_auth/concerns/user.rb +77 -80
- data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +12 -5
- data/app/validators/{email_validator.rb → devise_token_auth_email_validator.rb} +11 -3
- data/app/views/devise_token_auth/omniauth_external_window.html.erb +1 -1
- data/config/locales/da-DK.yml +2 -0
- data/config/locales/de.yml +2 -0
- data/config/locales/en.yml +10 -0
- data/config/locales/es.yml +2 -0
- data/config/locales/fr.yml +2 -0
- data/config/locales/he.yml +52 -0
- data/config/locales/it.yml +2 -0
- data/config/locales/ja.yml +16 -2
- data/config/locales/ko.yml +51 -0
- data/config/locales/nl.yml +2 -0
- data/config/locales/pl.yml +6 -3
- data/config/locales/pt-BR.yml +2 -0
- data/config/locales/pt.yml +6 -3
- data/config/locales/ro.yml +2 -0
- data/config/locales/ru.yml +2 -0
- data/config/locales/sq.yml +2 -0
- data/config/locales/sv.yml +2 -0
- data/config/locales/uk.yml +2 -0
- data/config/locales/vi.yml +2 -0
- data/config/locales/zh-CN.yml +2 -0
- data/config/locales/zh-HK.yml +2 -0
- data/config/locales/zh-TW.yml +2 -0
- data/lib/devise_token_auth/blacklist.rb +6 -0
- data/lib/devise_token_auth/controllers/helpers.rb +5 -9
- data/lib/devise_token_auth/engine.rb +17 -2
- data/lib/devise_token_auth/rails/routes.rb +18 -13
- data/lib/devise_token_auth/token_factory.rb +126 -0
- data/lib/devise_token_auth/url.rb +3 -0
- data/lib/devise_token_auth/version.rb +1 -1
- data/lib/devise_token_auth.rb +6 -3
- data/lib/generators/devise_token_auth/USAGE +1 -1
- data/lib/generators/devise_token_auth/install_generator.rb +7 -91
- data/lib/generators/devise_token_auth/install_generator_helpers.rb +98 -0
- data/lib/generators/devise_token_auth/install_mongoid_generator.rb +46 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +13 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +1 -8
- data/lib/generators/devise_token_auth/templates/user.rb.erb +2 -2
- data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +56 -0
- data/test/controllers/custom/custom_confirmations_controller_test.rb +1 -1
- data/test/controllers/demo_mang_controller_test.rb +37 -8
- data/test/controllers/demo_user_controller_test.rb +39 -10
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +163 -18
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +110 -43
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +299 -122
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +54 -14
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +31 -40
- data/test/controllers/devise_token_auth/token_validations_controller_test.rb +43 -2
- data/test/controllers/devise_token_auth/unlocks_controller_test.rb +44 -5
- data/test/controllers/overrides/confirmations_controller_test.rb +1 -1
- data/test/dummy/app/active_record/confirmable_user.rb +11 -0
- data/test/dummy/app/{models → active_record}/scoped_user.rb +2 -2
- data/test/dummy/app/{models → active_record}/unconfirmable_user.rb +1 -2
- data/test/dummy/app/{models → active_record}/unregisterable_user.rb +3 -3
- data/test/dummy/app/active_record/user.rb +6 -0
- data/test/dummy/app/controllers/overrides/confirmations_controller.rb +3 -3
- data/test/dummy/app/controllers/overrides/passwords_controller.rb +3 -3
- data/test/dummy/app/controllers/overrides/registrations_controller.rb +1 -1
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +2 -2
- data/test/dummy/app/models/{user.rb → concerns/favorite_color.rb} +7 -8
- data/test/dummy/app/mongoid/confirmable_user.rb +52 -0
- data/test/dummy/app/mongoid/lockable_user.rb +38 -0
- data/test/dummy/app/mongoid/mang.rb +46 -0
- data/test/dummy/app/mongoid/only_email_user.rb +33 -0
- data/test/dummy/app/mongoid/scoped_user.rb +50 -0
- data/test/dummy/app/mongoid/unconfirmable_user.rb +44 -0
- data/test/dummy/app/mongoid/unregisterable_user.rb +47 -0
- data/test/dummy/app/mongoid/user.rb +49 -0
- data/test/dummy/app/views/layouts/application.html.erb +0 -2
- data/test/dummy/config/application.rb +22 -1
- data/test/dummy/config/boot.rb +4 -0
- data/test/dummy/config/environments/development.rb +0 -10
- data/test/dummy/config/environments/production.rb +0 -16
- data/test/dummy/config/initializers/devise.rb +285 -0
- data/test/dummy/config/initializers/devise_token_auth.rb +35 -4
- data/test/dummy/config/initializers/figaro.rb +1 -1
- data/test/dummy/config/initializers/omniauth.rb +1 -0
- data/test/dummy/config/routes.rb +2 -0
- data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +0 -7
- data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +0 -7
- data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +0 -7
- data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +0 -7
- data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +0 -7
- data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +0 -7
- data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +0 -7
- data/test/dummy/db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb +49 -0
- data/test/dummy/db/schema.rb +31 -33
- data/test/dummy/tmp/generators/app/models/user.rb +11 -0
- data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +60 -0
- data/test/dummy/tmp/generators/db/migrate/20220822003050_devise_token_auth_create_users.rb +49 -0
- data/test/factories/users.rb +3 -2
- data/test/lib/devise_token_auth/blacklist_test.rb +19 -0
- data/test/lib/devise_token_auth/rails/custom_routes_test.rb +29 -0
- data/test/lib/devise_token_auth/rails/routes_test.rb +87 -0
- data/test/lib/devise_token_auth/token_factory_test.rb +191 -0
- data/test/lib/devise_token_auth/url_test.rb +2 -2
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +51 -31
- data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +51 -31
- data/test/models/concerns/mongoid_support_test.rb +31 -0
- data/test/models/concerns/tokens_serialization_test.rb +104 -0
- data/test/models/confirmable_user_test.rb +35 -0
- data/test/models/only_email_user_test.rb +0 -8
- data/test/models/user_test.rb +13 -23
- data/test/test_helper.rb +45 -4
- metadata +126 -33
- data/config/initializers/devise.rb +0 -198
- data/test/dummy/config/initializers/assets.rb +0 -10
- data/test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb +0 -5
- data/test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb +0 -8
- /data/test/dummy/app/{models → active_record}/lockable_user.rb +0 -0
- /data/test/dummy/app/{models → active_record}/mang.rb +0 -0
- /data/test/dummy/app/{models → active_record}/only_email_user.rb +0 -0
@@ -0,0 +1,46 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative 'install_generator_helpers'
|
4
|
+
|
5
|
+
module DeviseTokenAuth
|
6
|
+
class InstallMongoidGenerator < Rails::Generators::Base
|
7
|
+
include DeviseTokenAuth::InstallGeneratorHelpers
|
8
|
+
|
9
|
+
def create_user_model
|
10
|
+
fname = "app/models/#{user_class.underscore}.rb"
|
11
|
+
if File.exist?(File.join(destination_root, fname))
|
12
|
+
inclusion = 'include DeviseTokenAuth::Concerns::User'
|
13
|
+
unless parse_file_for_line(fname, inclusion)
|
14
|
+
inject_into_file fname, before: /end\s\z/ do <<-'RUBY'
|
15
|
+
|
16
|
+
include Mongoid::Locker
|
17
|
+
|
18
|
+
field :locker_locked_at, type: Time
|
19
|
+
field :locker_locked_until, type: Time
|
20
|
+
|
21
|
+
locker locked_at_field: :locker_locked_at,
|
22
|
+
locked_until_field: :locker_locked_until
|
23
|
+
|
24
|
+
## Required
|
25
|
+
field :provider, type: String
|
26
|
+
field :uid, type: String, default: ''
|
27
|
+
|
28
|
+
## Tokens
|
29
|
+
field :tokens, type: Hash, default: {}
|
30
|
+
|
31
|
+
# Include default devise modules. Others available are:
|
32
|
+
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
|
33
|
+
devise :database_authenticatable, :registerable,
|
34
|
+
:recoverable, :rememberable, :validatable
|
35
|
+
include DeviseTokenAuth::Concerns::User
|
36
|
+
|
37
|
+
index({ uid: 1, provider: 1}, { name: 'uid_provider_index', unique: true, background: true })
|
38
|
+
RUBY
|
39
|
+
end
|
40
|
+
end
|
41
|
+
else
|
42
|
+
template('user_mongoid.rb.erb', fname)
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
@@ -11,6 +11,11 @@ DeviseTokenAuth.setup do |config|
|
|
11
11
|
# determines how long tokens will remain valid after they are issued.
|
12
12
|
# config.token_lifespan = 2.weeks
|
13
13
|
|
14
|
+
# Limiting the token_cost to just 4 in testing will increase the performance of
|
15
|
+
# your test suite dramatically. The possible cost value is within range from 4
|
16
|
+
# to 31. It is recommended to not use a value more than 10 in other environments.
|
17
|
+
config.token_cost = Rails.env.test? ? 4 : 10
|
18
|
+
|
14
19
|
# Sets the max number of concurrent devices per user, which is 10 by default.
|
15
20
|
# After this limit is reached, the oldest tokens will be removed.
|
16
21
|
# config.max_number_of_devices = 10
|
@@ -43,8 +48,16 @@ DeviseTokenAuth.setup do |config|
|
|
43
48
|
# :'uid' => 'uid',
|
44
49
|
# :'token-type' => 'token-type' }
|
45
50
|
|
51
|
+
# Makes it possible to use custom uid column
|
52
|
+
# config.other_uid = "foo"
|
53
|
+
|
46
54
|
# By default, only Bearer Token authentication is implemented out of the box.
|
47
55
|
# If, however, you wish to integrate with legacy Devise authentication, you can
|
48
56
|
# do so by enabling this flag. NOTE: This feature is highly experimental!
|
49
57
|
# config.enable_standard_devise_support = false
|
58
|
+
|
59
|
+
# By default DeviseTokenAuth will not send confirmation email, even when including
|
60
|
+
# devise confirmable module. If you want to use devise confirmable module and
|
61
|
+
# send email, set it to true. (This is a setting for compatibility)
|
62
|
+
# config.send_confirmation_email = true
|
50
63
|
end
|
@@ -17,13 +17,6 @@ class DeviseTokenAuthCreate<%= user_class.pluralize.gsub("::","") %> < ActiveRec
|
|
17
17
|
## Rememberable
|
18
18
|
t.datetime :remember_created_at
|
19
19
|
|
20
|
-
## Trackable
|
21
|
-
t.integer :sign_in_count, :default => 0, :null => false
|
22
|
-
t.datetime :current_sign_in_at
|
23
|
-
t.datetime :last_sign_in_at
|
24
|
-
t.string :current_sign_in_ip
|
25
|
-
t.string :last_sign_in_ip
|
26
|
-
|
27
20
|
## Confirmable
|
28
21
|
t.string :confirmation_token
|
29
22
|
t.datetime :confirmed_at
|
@@ -51,6 +44,6 @@ class DeviseTokenAuthCreate<%= user_class.pluralize.gsub("::","") %> < ActiveRec
|
|
51
44
|
add_index :<%= table_name %>, [:uid, :provider], unique: true
|
52
45
|
add_index :<%= table_name %>, :reset_password_token, unique: true
|
53
46
|
add_index :<%= table_name %>, :confirmation_token, unique: true
|
54
|
-
# add_index :<%= table_name %>, :unlock_token,
|
47
|
+
# add_index :<%= table_name %>, :unlock_token, unique: true
|
55
48
|
end
|
56
49
|
end
|
@@ -2,8 +2,8 @@
|
|
2
2
|
|
3
3
|
class <%= user_class %> < ActiveRecord::Base
|
4
4
|
# Include default devise modules. Others available are:
|
5
|
-
# :confirmable, :lockable, :timeoutable and :omniauthable
|
5
|
+
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
|
6
6
|
devise :database_authenticatable, :registerable,
|
7
|
-
:recoverable, :rememberable, :
|
7
|
+
:recoverable, :rememberable, :validatable
|
8
8
|
include DeviseTokenAuth::Concerns::User
|
9
9
|
end
|
@@ -0,0 +1,56 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
class <%= user_class %>
|
4
|
+
include Mongoid::Document
|
5
|
+
include Mongoid::Timestamps
|
6
|
+
include Mongoid::Locker
|
7
|
+
|
8
|
+
field :locker_locked_at, type: Time
|
9
|
+
field :locker_locked_until, type: Time
|
10
|
+
|
11
|
+
locker locked_at_field: :locker_locked_at,
|
12
|
+
locked_until_field: :locker_locked_until
|
13
|
+
|
14
|
+
## Database authenticatable
|
15
|
+
field :email, type: String, default: ''
|
16
|
+
field :encrypted_password, type: String, default: ''
|
17
|
+
|
18
|
+
## Recoverable
|
19
|
+
field :reset_password_token, type: String
|
20
|
+
field :reset_password_sent_at, type: Time
|
21
|
+
field :reset_password_redirect_url, type: String
|
22
|
+
field :allow_password_change, type: Boolean, default: false
|
23
|
+
|
24
|
+
## Rememberable
|
25
|
+
field :remember_created_at, type: Time
|
26
|
+
|
27
|
+
## Confirmable
|
28
|
+
field :confirmation_token, type: String
|
29
|
+
field :confirmed_at, type: Time
|
30
|
+
field :confirmation_sent_at, type: Time
|
31
|
+
field :unconfirmed_email, type: String # Only if using reconfirmable
|
32
|
+
|
33
|
+
## Lockable
|
34
|
+
# field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts
|
35
|
+
# field :unlock_token, type: String # Only if unlock strategy is :email or :both
|
36
|
+
# field :locked_at, type: Time
|
37
|
+
|
38
|
+
## Required
|
39
|
+
field :provider, type: String
|
40
|
+
field :uid, type: String, default: ''
|
41
|
+
|
42
|
+
## Tokens
|
43
|
+
field :tokens, type: Hash, default: {}
|
44
|
+
|
45
|
+
# Include default devise modules. Others available are:
|
46
|
+
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
|
47
|
+
devise :database_authenticatable, :registerable,
|
48
|
+
:recoverable, :rememberable, :validatable
|
49
|
+
include DeviseTokenAuth::Concerns::User
|
50
|
+
|
51
|
+
index({ email: 1 }, { name: 'email_index', unique: true, background: true })
|
52
|
+
index({ reset_password_token: 1 }, { name: 'reset_password_token_index', unique: true, sparse: true, background: true })
|
53
|
+
index({ confirmation_token: 1 }, { name: 'confirmation_token_index', unique: true, sparse: true, background: true })
|
54
|
+
index({ uid: 1, provider: 1}, { name: 'uid_provider_index', unique: true, background: true })
|
55
|
+
# index({ unlock_token: 1 }, { name: 'unlock_token_index', unique: true, sparse: true, background: true })
|
56
|
+
end
|
@@ -235,7 +235,7 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
|
|
235
235
|
@resource.reload
|
236
236
|
age_token(@resource, @client_id)
|
237
237
|
|
238
|
-
# use
|
238
|
+
# use previous auth header
|
239
239
|
get '/demo/members_only_mang',
|
240
240
|
params: {},
|
241
241
|
headers: @auth_headers
|
@@ -244,38 +244,67 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
|
|
244
244
|
@second_user = assigns(:resource)
|
245
245
|
@second_access_token = response.headers['access-token']
|
246
246
|
@second_response_status = response.status
|
247
|
+
|
248
|
+
@resource.reload
|
249
|
+
age_token(@resource, @client_id)
|
250
|
+
|
251
|
+
# use expired auth headers
|
252
|
+
get '/demo/members_only_mang',
|
253
|
+
params: {},
|
254
|
+
headers: @auth_headers
|
255
|
+
|
256
|
+
@third_is_batch_request = assigns(:is_batch_request)
|
257
|
+
@third_user = assigns(:resource)
|
258
|
+
@third_access_token = response.headers['access-token']
|
259
|
+
@third_response_status = response.status
|
247
260
|
end
|
248
261
|
|
249
262
|
it 'should allow the first request through' do
|
250
263
|
assert_equal 200, @first_response_status
|
251
264
|
end
|
252
265
|
|
266
|
+
it 'should allow the second request through' do
|
267
|
+
assert_equal 200, @second_response_status
|
268
|
+
end
|
269
|
+
|
253
270
|
it 'should not allow the second request through' do
|
254
|
-
assert_equal 401, @
|
271
|
+
assert_equal 401, @third_response_status
|
255
272
|
end
|
256
273
|
|
257
274
|
it 'should not treat first request as batch request' do
|
275
|
+
refute @first_is_batch_request
|
276
|
+
end
|
277
|
+
|
278
|
+
it 'should not treat second request as batch request' do
|
258
279
|
refute @second_is_batch_request
|
259
280
|
end
|
260
281
|
|
282
|
+
it 'should not treat third request as batch request' do
|
283
|
+
refute @third_is_batch_request
|
284
|
+
end
|
285
|
+
|
261
286
|
it 'should return auth headers from the first request' do
|
262
287
|
assert @first_access_token
|
263
288
|
end
|
264
289
|
|
265
|
-
it 'should
|
266
|
-
|
290
|
+
it 'should return auth headers from the second request' do
|
291
|
+
assert @second_access_token
|
267
292
|
end
|
268
293
|
|
269
|
-
it 'should not return auth headers from the
|
270
|
-
refute @
|
294
|
+
it 'should not return auth headers from the third request' do
|
295
|
+
refute @third_access_token
|
271
296
|
end
|
272
297
|
|
273
298
|
it 'should define user during first request' do
|
274
299
|
assert @first_user
|
275
300
|
end
|
276
301
|
|
277
|
-
it 'should
|
278
|
-
|
302
|
+
it 'should define user during second request' do
|
303
|
+
assert @second_user
|
304
|
+
end
|
305
|
+
|
306
|
+
it 'should not define user during third request' do
|
307
|
+
refute @third_user
|
279
308
|
end
|
280
309
|
end
|
281
310
|
end
|
@@ -265,7 +265,7 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
|
|
265
265
|
@resource.reload
|
266
266
|
age_token(@resource, @client_id)
|
267
267
|
|
268
|
-
# use
|
268
|
+
# use previous auth header
|
269
269
|
get '/demo/members_only',
|
270
270
|
params: {},
|
271
271
|
headers: @auth_headers
|
@@ -274,38 +274,67 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
|
|
274
274
|
@second_user = assigns(:resource)
|
275
275
|
@second_access_token = response.headers['access-token']
|
276
276
|
@second_response_status = response.status
|
277
|
+
|
278
|
+
@resource.reload
|
279
|
+
age_token(@resource, @client_id)
|
280
|
+
|
281
|
+
# use expired auth headers
|
282
|
+
get '/demo/members_only_mang',
|
283
|
+
params: {},
|
284
|
+
headers: @auth_headers
|
285
|
+
|
286
|
+
@third_is_batch_request = assigns(:is_batch_request)
|
287
|
+
@third_user = assigns(:resource)
|
288
|
+
@third_access_token = response.headers['access-token']
|
289
|
+
@third_response_status = response.status
|
277
290
|
end
|
278
291
|
|
279
292
|
it 'should allow the first request through' do
|
280
293
|
assert_equal 200, @first_response_status
|
281
294
|
end
|
282
295
|
|
296
|
+
it 'should allow the second request through' do
|
297
|
+
assert_equal 200, @second_response_status
|
298
|
+
end
|
299
|
+
|
283
300
|
it 'should not allow the second request through' do
|
284
|
-
assert_equal 401, @
|
301
|
+
assert_equal 401, @third_response_status
|
285
302
|
end
|
286
303
|
|
287
304
|
it 'should not treat first request as batch request' do
|
305
|
+
refute @first_is_batch_request
|
306
|
+
end
|
307
|
+
|
308
|
+
it 'should not treat second request as batch request' do
|
288
309
|
refute @second_is_batch_request
|
289
310
|
end
|
290
311
|
|
312
|
+
it 'should not treat third request as batch request' do
|
313
|
+
refute @third_is_batch_request
|
314
|
+
end
|
315
|
+
|
291
316
|
it 'should return auth headers from the first request' do
|
292
317
|
assert @first_access_token
|
293
318
|
end
|
294
319
|
|
295
|
-
it 'should
|
296
|
-
|
320
|
+
it 'should return auth headers from the second request' do
|
321
|
+
assert @second_access_token
|
297
322
|
end
|
298
323
|
|
299
|
-
it 'should not return auth headers from the
|
300
|
-
refute @
|
324
|
+
it 'should not return auth headers from the third request' do
|
325
|
+
refute @third_access_token
|
301
326
|
end
|
302
327
|
|
303
328
|
it 'should define user during first request' do
|
304
329
|
assert @first_user
|
305
330
|
end
|
306
331
|
|
307
|
-
it 'should
|
308
|
-
|
332
|
+
it 'should define user during second request' do
|
333
|
+
assert @second_user
|
334
|
+
end
|
335
|
+
|
336
|
+
it 'should not define user during third request' do
|
337
|
+
refute @third_user
|
309
338
|
end
|
310
339
|
end
|
311
340
|
end
|
@@ -321,8 +350,8 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
|
|
321
350
|
assert @resource.tokens.count > 1
|
322
351
|
|
323
352
|
# password changed from new device
|
324
|
-
@resource.
|
325
|
-
|
353
|
+
@resource.update(password: 'newsecret123',
|
354
|
+
password_confirmation: 'newsecret123')
|
326
355
|
|
327
356
|
get '/demo/members_only',
|
328
357
|
params: {},
|
@@ -23,6 +23,7 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
|
23
23
|
@new_user.send_confirmation_instructions(redirect_url: @redirect_url)
|
24
24
|
mail = ActionMailer::Base.deliveries.last
|
25
25
|
@token, @client_config = token_and_client_config_from(mail.body)
|
26
|
+
@token_params = %w[access-token client client_id config expiry token uid]
|
26
27
|
end
|
27
28
|
|
28
29
|
test 'should generate raw token' do
|
@@ -38,32 +39,164 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
|
38
39
|
end
|
39
40
|
|
40
41
|
describe 'success' do
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
42
|
+
describe 'when authenticated' do
|
43
|
+
before do
|
44
|
+
sign_in(@new_user)
|
45
|
+
get :show,
|
46
|
+
params: { confirmation_token: @token,
|
47
|
+
redirect_url: @redirect_url },
|
48
|
+
xhr: true
|
49
|
+
@resource = assigns(:resource)
|
50
|
+
end
|
48
51
|
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
+
test 'user should now be confirmed' do
|
53
|
+
assert @resource.confirmed?
|
54
|
+
end
|
55
|
+
|
56
|
+
test 'should save the authentication token' do
|
57
|
+
assert @resource.reload.tokens.present?
|
58
|
+
end
|
59
|
+
|
60
|
+
test 'should redirect to success url' do
|
61
|
+
assert_redirected_to(/^#{@redirect_url}/)
|
62
|
+
end
|
52
63
|
|
53
|
-
|
54
|
-
|
64
|
+
test 'redirect url includes token params' do
|
65
|
+
assert @token_params.all? { |param| response.body.include?(param) }
|
66
|
+
assert response.body.include?('account_confirmation_success')
|
67
|
+
end
|
55
68
|
end
|
56
69
|
|
57
|
-
|
58
|
-
|
70
|
+
describe 'when unauthenticated' do
|
71
|
+
before do
|
72
|
+
sign_out(@new_user)
|
73
|
+
get :show,
|
74
|
+
params: { confirmation_token: @token,
|
75
|
+
redirect_url: @redirect_url },
|
76
|
+
xhr: true
|
77
|
+
@resource = assigns(:resource)
|
78
|
+
end
|
79
|
+
|
80
|
+
test 'user should now be confirmed' do
|
81
|
+
assert @resource.confirmed?
|
82
|
+
end
|
83
|
+
|
84
|
+
test 'should redirect to success url' do
|
85
|
+
assert_redirected_to(/^#{@redirect_url}/)
|
86
|
+
end
|
87
|
+
|
88
|
+
test 'redirect url does not include token params' do
|
89
|
+
refute @token_params.any? { |param| response.body.include?(param) }
|
90
|
+
assert response.body.include?('account_confirmation_success')
|
91
|
+
end
|
59
92
|
end
|
60
93
|
|
61
|
-
|
62
|
-
|
94
|
+
describe 'resend confirmation' do
|
95
|
+
describe 'without paranoid mode' do
|
96
|
+
|
97
|
+
describe 'on success' do
|
98
|
+
before do
|
99
|
+
post :create,
|
100
|
+
params: { email: @new_user.email,
|
101
|
+
redirect_url: @redirect_url },
|
102
|
+
xhr: true
|
103
|
+
@resource = assigns(:resource)
|
104
|
+
@data = JSON.parse(response.body)
|
105
|
+
@mail = ActionMailer::Base.deliveries.last
|
106
|
+
@token, @client_config = token_and_client_config_from(@mail.body)
|
107
|
+
end
|
108
|
+
|
109
|
+
test 'user should not be confirmed' do
|
110
|
+
assert_nil @resource.confirmed_at
|
111
|
+
end
|
112
|
+
|
113
|
+
test 'should generate raw token' do
|
114
|
+
assert @token
|
115
|
+
assert_equal @new_user.confirmation_token, @token
|
116
|
+
end
|
117
|
+
|
118
|
+
test 'user should receive confirmation email' do
|
119
|
+
assert_equal @resource.email, @mail['to'].to_s
|
120
|
+
end
|
121
|
+
|
122
|
+
test 'response should contain message' do
|
123
|
+
assert_equal @data['message'], I18n.t('devise_token_auth.confirmations.sended', email: @resource.email)
|
124
|
+
end
|
125
|
+
end
|
126
|
+
|
127
|
+
describe 'on failure' do
|
128
|
+
before do
|
129
|
+
post :create,
|
130
|
+
params: { email: 'chester@cheet.ah',
|
131
|
+
redirect_url: @redirect_url },
|
132
|
+
xhr: true
|
133
|
+
@data = JSON.parse(response.body)
|
134
|
+
end
|
135
|
+
|
136
|
+
test 'response should contain errors' do
|
137
|
+
assert_equal @data['errors'], [I18n.t('devise_token_auth.confirmations.user_not_found', email: 'chester@cheet.ah')]
|
138
|
+
end
|
139
|
+
end
|
140
|
+
end
|
63
141
|
end
|
64
142
|
|
65
|
-
|
66
|
-
|
143
|
+
describe 'with paranoid mode' do
|
144
|
+
describe 'on success' do
|
145
|
+
before do
|
146
|
+
swap Devise, paranoid: true do
|
147
|
+
post :create,
|
148
|
+
params: { email: @new_user.email,
|
149
|
+
redirect_url: @redirect_url },
|
150
|
+
xhr: true
|
151
|
+
@resource = assigns(:resource)
|
152
|
+
@data = JSON.parse(response.body)
|
153
|
+
@mail = ActionMailer::Base.deliveries.last
|
154
|
+
@token, @client_config = token_and_client_config_from(@mail.body)
|
155
|
+
end
|
156
|
+
end
|
157
|
+
|
158
|
+
test 'user should not be confirmed' do
|
159
|
+
assert_nil @resource.confirmed_at
|
160
|
+
end
|
161
|
+
|
162
|
+
test 'should generate raw token' do
|
163
|
+
assert @token
|
164
|
+
assert_equal @new_user.confirmation_token, @token
|
165
|
+
end
|
166
|
+
|
167
|
+
test 'user should receive confirmation email' do
|
168
|
+
assert_equal @resource.email, @mail['to'].to_s
|
169
|
+
end
|
170
|
+
|
171
|
+
test 'response should contain message' do
|
172
|
+
assert_equal @data['message'], I18n.t('devise_token_auth.confirmations.sended_paranoid', email: @resource.email)
|
173
|
+
end
|
174
|
+
|
175
|
+
test 'response should return success status' do
|
176
|
+
assert_equal 200, response.status
|
177
|
+
end
|
178
|
+
end
|
179
|
+
|
180
|
+
describe 'on failure' do
|
181
|
+
before do
|
182
|
+
swap Devise, paranoid: true do
|
183
|
+
@email = 'chester@cheet.ah'
|
184
|
+
post :create,
|
185
|
+
params: { email: @email,
|
186
|
+
redirect_url: @redirect_url },
|
187
|
+
xhr: true
|
188
|
+
@data = JSON.parse(response.body)
|
189
|
+
end
|
190
|
+
end
|
191
|
+
|
192
|
+
test 'response should not contain errors' do
|
193
|
+
assert_equal @data['message'], I18n.t('devise_token_auth.confirmations.sended_paranoid', email: @email)
|
194
|
+
end
|
195
|
+
|
196
|
+
test 'response should return success status' do
|
197
|
+
assert_equal 200, response.status
|
198
|
+
end
|
199
|
+
end
|
67
200
|
end
|
68
201
|
end
|
69
202
|
|
@@ -75,6 +208,18 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
|
75
208
|
@resource = assigns(:resource)
|
76
209
|
refute @resource.confirmed?
|
77
210
|
end
|
211
|
+
|
212
|
+
test 'request resend confirmation without email' do
|
213
|
+
post :create, params: { email: nil }, xhr: true
|
214
|
+
|
215
|
+
assert_equal 401, response.status
|
216
|
+
end
|
217
|
+
|
218
|
+
test 'user should not be found on resend confirmation request' do
|
219
|
+
post :create, params: { email: 'bogus' }, xhr: true
|
220
|
+
|
221
|
+
assert_equal 404, response.status
|
222
|
+
end
|
78
223
|
end
|
79
224
|
end
|
80
225
|
|