devise_token_auth 1.0.0 → 1.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/README.md +4 -2
- data/app/controllers/devise_token_auth/application_controller.rb +19 -3
- data/app/controllers/devise_token_auth/concerns/resource_finder.rb +23 -11
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +78 -57
- data/app/controllers/devise_token_auth/confirmations_controller.rb +67 -20
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +82 -30
- data/app/controllers/devise_token_auth/passwords_controller.rb +53 -31
- data/app/controllers/devise_token_auth/registrations_controller.rb +33 -40
- data/app/controllers/devise_token_auth/sessions_controller.rb +24 -6
- data/app/controllers/devise_token_auth/unlocks_controller.rb +10 -6
- data/app/models/devise_token_auth/concerns/active_record_support.rb +14 -0
- data/app/models/devise_token_auth/concerns/confirmable_support.rb +28 -0
- data/app/models/devise_token_auth/concerns/mongoid_support.rb +19 -0
- data/app/models/devise_token_auth/concerns/tokens_serialization.rb +31 -0
- data/app/models/devise_token_auth/concerns/user.rb +77 -80
- data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +12 -5
- data/app/validators/{email_validator.rb → devise_token_auth_email_validator.rb} +11 -3
- data/app/views/devise_token_auth/omniauth_external_window.html.erb +1 -1
- data/config/locales/da-DK.yml +2 -0
- data/config/locales/de.yml +2 -0
- data/config/locales/en.yml +10 -0
- data/config/locales/es.yml +2 -0
- data/config/locales/fr.yml +2 -0
- data/config/locales/he.yml +52 -0
- data/config/locales/it.yml +2 -0
- data/config/locales/ja.yml +16 -2
- data/config/locales/ko.yml +51 -0
- data/config/locales/nl.yml +2 -0
- data/config/locales/pl.yml +6 -3
- data/config/locales/pt-BR.yml +2 -0
- data/config/locales/pt.yml +6 -3
- data/config/locales/ro.yml +2 -0
- data/config/locales/ru.yml +2 -0
- data/config/locales/sq.yml +2 -0
- data/config/locales/sv.yml +2 -0
- data/config/locales/uk.yml +2 -0
- data/config/locales/vi.yml +2 -0
- data/config/locales/zh-CN.yml +2 -0
- data/config/locales/zh-HK.yml +2 -0
- data/config/locales/zh-TW.yml +2 -0
- data/lib/devise_token_auth/blacklist.rb +6 -0
- data/lib/devise_token_auth/controllers/helpers.rb +5 -9
- data/lib/devise_token_auth/engine.rb +17 -2
- data/lib/devise_token_auth/rails/routes.rb +18 -13
- data/lib/devise_token_auth/token_factory.rb +126 -0
- data/lib/devise_token_auth/url.rb +3 -0
- data/lib/devise_token_auth/version.rb +1 -1
- data/lib/devise_token_auth.rb +6 -3
- data/lib/generators/devise_token_auth/USAGE +1 -1
- data/lib/generators/devise_token_auth/install_generator.rb +7 -91
- data/lib/generators/devise_token_auth/install_generator_helpers.rb +98 -0
- data/lib/generators/devise_token_auth/install_mongoid_generator.rb +46 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +13 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +1 -8
- data/lib/generators/devise_token_auth/templates/user.rb.erb +2 -2
- data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +56 -0
- data/test/controllers/custom/custom_confirmations_controller_test.rb +1 -1
- data/test/controllers/demo_mang_controller_test.rb +37 -8
- data/test/controllers/demo_user_controller_test.rb +39 -10
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +163 -18
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +110 -43
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +299 -122
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +54 -14
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +31 -40
- data/test/controllers/devise_token_auth/token_validations_controller_test.rb +43 -2
- data/test/controllers/devise_token_auth/unlocks_controller_test.rb +44 -5
- data/test/controllers/overrides/confirmations_controller_test.rb +1 -1
- data/test/dummy/app/active_record/confirmable_user.rb +11 -0
- data/test/dummy/app/{models → active_record}/scoped_user.rb +2 -2
- data/test/dummy/app/{models → active_record}/unconfirmable_user.rb +1 -2
- data/test/dummy/app/{models → active_record}/unregisterable_user.rb +3 -3
- data/test/dummy/app/active_record/user.rb +6 -0
- data/test/dummy/app/controllers/overrides/confirmations_controller.rb +3 -3
- data/test/dummy/app/controllers/overrides/passwords_controller.rb +3 -3
- data/test/dummy/app/controllers/overrides/registrations_controller.rb +1 -1
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +2 -2
- data/test/dummy/app/models/{user.rb → concerns/favorite_color.rb} +7 -8
- data/test/dummy/app/mongoid/confirmable_user.rb +52 -0
- data/test/dummy/app/mongoid/lockable_user.rb +38 -0
- data/test/dummy/app/mongoid/mang.rb +46 -0
- data/test/dummy/app/mongoid/only_email_user.rb +33 -0
- data/test/dummy/app/mongoid/scoped_user.rb +50 -0
- data/test/dummy/app/mongoid/unconfirmable_user.rb +44 -0
- data/test/dummy/app/mongoid/unregisterable_user.rb +47 -0
- data/test/dummy/app/mongoid/user.rb +49 -0
- data/test/dummy/app/views/layouts/application.html.erb +0 -2
- data/test/dummy/config/application.rb +22 -1
- data/test/dummy/config/boot.rb +4 -0
- data/test/dummy/config/environments/development.rb +0 -10
- data/test/dummy/config/environments/production.rb +0 -16
- data/test/dummy/config/initializers/devise.rb +285 -0
- data/test/dummy/config/initializers/devise_token_auth.rb +35 -4
- data/test/dummy/config/initializers/figaro.rb +1 -1
- data/test/dummy/config/initializers/omniauth.rb +1 -0
- data/test/dummy/config/routes.rb +2 -0
- data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +0 -7
- data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +0 -7
- data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +0 -7
- data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +0 -7
- data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +0 -7
- data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +0 -7
- data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +0 -7
- data/test/dummy/db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb +49 -0
- data/test/dummy/db/schema.rb +31 -33
- data/test/dummy/tmp/generators/app/models/user.rb +11 -0
- data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +60 -0
- data/test/dummy/tmp/generators/db/migrate/20220822003050_devise_token_auth_create_users.rb +49 -0
- data/test/factories/users.rb +3 -2
- data/test/lib/devise_token_auth/blacklist_test.rb +19 -0
- data/test/lib/devise_token_auth/rails/custom_routes_test.rb +29 -0
- data/test/lib/devise_token_auth/rails/routes_test.rb +87 -0
- data/test/lib/devise_token_auth/token_factory_test.rb +191 -0
- data/test/lib/devise_token_auth/url_test.rb +2 -2
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +51 -31
- data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +51 -31
- data/test/models/concerns/mongoid_support_test.rb +31 -0
- data/test/models/concerns/tokens_serialization_test.rb +104 -0
- data/test/models/confirmable_user_test.rb +35 -0
- data/test/models/only_email_user_test.rb +0 -8
- data/test/models/user_test.rb +13 -23
- data/test/test_helper.rb +45 -4
- metadata +126 -33
- data/config/initializers/devise.rb +0 -198
- data/test/dummy/config/initializers/assets.rb +0 -10
- data/test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb +0 -5
- data/test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb +0 -8
- /data/test/dummy/app/{models → active_record}/lockable_user.rb +0 -0
- /data/test/dummy/app/{models → active_record}/mang.rb +0 -0
- /data/test/dummy/app/{models → active_record}/only_email_user.rb +0 -0
@@ -41,57 +41,133 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
41
41
|
before do
|
42
42
|
@auth_headers = @resource.create_new_auth_token
|
43
43
|
@new_password = Faker::Internet.password
|
44
|
-
|
45
|
-
post :create,
|
46
|
-
params: { email: 'chester@cheet.ah' }
|
47
|
-
@data = JSON.parse(response.body)
|
48
44
|
end
|
49
45
|
|
50
|
-
|
51
|
-
|
52
|
-
|
46
|
+
describe 'for create' do
|
47
|
+
before do
|
48
|
+
post :create,
|
49
|
+
params: { email: 'chester@cheet.ah' }
|
50
|
+
@data = JSON.parse(response.body)
|
51
|
+
end
|
53
52
|
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
53
|
+
test 'response should fail' do
|
54
|
+
assert_equal 401, response.status
|
55
|
+
end
|
56
|
+
|
57
|
+
test 'error message should be returned' do
|
58
|
+
assert @data['errors']
|
59
|
+
assert_equal(
|
60
|
+
@data['errors'],
|
61
|
+
[I18n.t('devise_token_auth.passwords.missing_redirect_url')]
|
62
|
+
)
|
63
|
+
end
|
60
64
|
end
|
61
|
-
end
|
62
65
|
|
63
|
-
|
64
|
-
describe 'unknown user should return 404' do
|
66
|
+
describe 'for edit' do
|
65
67
|
before do
|
66
|
-
|
67
|
-
|
68
|
-
redirect_url: @redirect_url }
|
68
|
+
get_reset_token
|
69
|
+
get :edit, params: { reset_password_token: @mail_reset_token}
|
69
70
|
@data = JSON.parse(response.body)
|
70
71
|
end
|
71
72
|
|
72
|
-
test '
|
73
|
-
assert_equal
|
73
|
+
test 'response should fail' do
|
74
|
+
assert_equal 401, response.status
|
74
75
|
end
|
75
76
|
|
76
|
-
test '
|
77
|
+
test 'error message should be returned' do
|
77
78
|
assert @data['errors']
|
78
|
-
assert_equal
|
79
|
-
|
80
|
-
|
79
|
+
assert_equal(
|
80
|
+
@data['errors'],
|
81
|
+
[I18n.t('devise_token_auth.passwords.missing_redirect_url')]
|
82
|
+
)
|
83
|
+
end
|
84
|
+
end
|
85
|
+
end
|
86
|
+
|
87
|
+
describe 'request password reset' do
|
88
|
+
describe 'unknown user' do
|
89
|
+
describe 'without paranoid mode' do
|
90
|
+
before do
|
91
|
+
post :create,
|
92
|
+
params: { email: 'chester@cheet.ah',
|
93
|
+
redirect_url: @redirect_url }
|
94
|
+
@data = JSON.parse(response.body)
|
95
|
+
end
|
96
|
+
|
97
|
+
test 'unknown user should return 404' do
|
98
|
+
assert_equal 404, response.status
|
99
|
+
end
|
100
|
+
|
101
|
+
test 'errors should be returned' do
|
102
|
+
assert @data['errors']
|
103
|
+
assert_equal @data['errors'],
|
104
|
+
[I18n.t('devise_token_auth.passwords.user_not_found',
|
105
|
+
email: 'chester@cheet.ah')]
|
106
|
+
end
|
107
|
+
end
|
108
|
+
|
109
|
+
describe 'with paranoid mode' do
|
110
|
+
before do
|
111
|
+
swap Devise, paranoid: true do
|
112
|
+
post :create,
|
113
|
+
params: { email: 'chester@cheet.ah',
|
114
|
+
redirect_url: @redirect_url }
|
115
|
+
@data = JSON.parse(response.body)
|
116
|
+
end
|
117
|
+
end
|
118
|
+
|
119
|
+
test 'response should return success status' do
|
120
|
+
assert_equal 200, response.status
|
121
|
+
end
|
122
|
+
|
123
|
+
test 'response should contain message' do
|
124
|
+
assert_equal \
|
125
|
+
@data['message'],
|
126
|
+
I18n.t('devise_token_auth.passwords.sended_paranoid')
|
127
|
+
end
|
81
128
|
end
|
82
129
|
end
|
83
130
|
|
84
131
|
describe 'successfully requested password reset' do
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
132
|
+
describe 'without paranoid mode' do
|
133
|
+
before do
|
134
|
+
post :create,
|
135
|
+
params: { email: @resource.email,
|
136
|
+
redirect_url: @redirect_url }
|
89
137
|
|
90
|
-
|
138
|
+
@data = JSON.parse(response.body)
|
139
|
+
end
|
140
|
+
|
141
|
+
test 'response should not contain extra data' do
|
142
|
+
assert_nil @data['data']
|
143
|
+
end
|
144
|
+
|
145
|
+
test 'response should contains message' do
|
146
|
+
assert_equal \
|
147
|
+
@data['message'],
|
148
|
+
I18n.t('devise_token_auth.passwords.sended', email: @resource.email)
|
149
|
+
end
|
91
150
|
end
|
92
151
|
|
93
|
-
|
94
|
-
|
152
|
+
describe 'with paranoid mode' do
|
153
|
+
before do
|
154
|
+
swap Devise, paranoid: true do
|
155
|
+
post :create,
|
156
|
+
params: { email: @resource.email,
|
157
|
+
redirect_url: @redirect_url }
|
158
|
+
@data = JSON.parse(response.body)
|
159
|
+
end
|
160
|
+
end
|
161
|
+
|
162
|
+
test 'response should return success status' do
|
163
|
+
assert_equal 200, response.status
|
164
|
+
end
|
165
|
+
|
166
|
+
test 'response should contain message' do
|
167
|
+
assert_equal \
|
168
|
+
@data['message'],
|
169
|
+
I18n.t('devise_token_auth.passwords.sended_paranoid')
|
170
|
+
end
|
95
171
|
end
|
96
172
|
end
|
97
173
|
|
@@ -215,10 +291,10 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
215
291
|
end
|
216
292
|
end
|
217
293
|
|
218
|
-
describe '
|
294
|
+
describe 'Checking reset_password_token' do
|
219
295
|
before do
|
220
296
|
post :create, params: {
|
221
|
-
email:
|
297
|
+
email: @resource.email,
|
222
298
|
redirect_url: @redirect_url
|
223
299
|
}
|
224
300
|
|
@@ -235,14 +311,14 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
235
311
|
assert_equal Devise.token_generator.digest(self, :reset_password_token, @mail_reset_token), @resource.reset_password_token
|
236
312
|
end
|
237
313
|
|
238
|
-
test 'reset_password_token should be rewritten by origin mail_reset_token' do
|
314
|
+
test 'reset_password_token should not be rewritten by origin mail_reset_token' do
|
239
315
|
get :edit, params: {
|
240
316
|
reset_password_token: @mail_reset_token,
|
241
317
|
redirect_url: @mail_redirect_url
|
242
318
|
}
|
243
319
|
@resource.reload
|
244
320
|
|
245
|
-
assert_equal @mail_reset_token, @resource.reset_password_token
|
321
|
+
assert_equal Devise.token_generator.digest(self, :reset_password_token, @mail_reset_token), @resource.reset_password_token
|
246
322
|
end
|
247
323
|
|
248
324
|
test 'response should return success status' do
|
@@ -254,26 +330,6 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
254
330
|
assert_equal 302, response.status
|
255
331
|
end
|
256
332
|
|
257
|
-
test 'reset_password_token should be valid only one first time' do
|
258
|
-
get :edit, params: {
|
259
|
-
reset_password_token: @mail_reset_token,
|
260
|
-
redirect_url: @mail_redirect_url
|
261
|
-
}
|
262
|
-
|
263
|
-
@resource.reload
|
264
|
-
assert_equal @mail_reset_token, @resource.reset_password_token
|
265
|
-
|
266
|
-
assert_raises(ActionController::RoutingError) {
|
267
|
-
get :edit, params: {
|
268
|
-
reset_password_token: @mail_reset_token,
|
269
|
-
redirect_url: @mail_redirect_url
|
270
|
-
}
|
271
|
-
}
|
272
|
-
|
273
|
-
@resource.reload
|
274
|
-
assert_equal @mail_reset_token, @resource.reset_password_token
|
275
|
-
end
|
276
|
-
|
277
333
|
test 'reset_password_sent_at should be valid' do
|
278
334
|
assert_equal @resource.reset_password_period_valid?, true
|
279
335
|
|
@@ -283,7 +339,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
283
339
|
}
|
284
340
|
|
285
341
|
@resource.reload
|
286
|
-
assert_equal @mail_reset_token, @resource.reset_password_token
|
342
|
+
assert_equal Devise.token_generator.digest(self, :reset_password_token, @mail_reset_token), @resource.reset_password_token
|
287
343
|
end
|
288
344
|
|
289
345
|
test 'reset_password_sent_at should be expired' do
|
@@ -354,8 +410,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
354
410
|
|
355
411
|
describe 'Using redirect_whitelist' do
|
356
412
|
before do
|
357
|
-
@
|
358
|
-
@good_redirect_url = Faker::Internet.url
|
413
|
+
@good_redirect_url = @redirect_url
|
359
414
|
@bad_redirect_url = Faker::Internet.url
|
360
415
|
DeviseTokenAuth.redirect_whitelist = [@good_redirect_url]
|
361
416
|
end
|
@@ -364,31 +419,65 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
364
419
|
DeviseTokenAuth.redirect_whitelist = nil
|
365
420
|
end
|
366
421
|
|
367
|
-
|
368
|
-
|
369
|
-
|
370
|
-
|
422
|
+
describe 'for create' do
|
423
|
+
test 'request to whitelisted redirect should be successful' do
|
424
|
+
post :create,
|
425
|
+
params: { email: @resource.email,
|
426
|
+
redirect_url: @good_redirect_url }
|
371
427
|
|
372
|
-
|
373
|
-
|
428
|
+
assert_equal 200, response.status
|
429
|
+
end
|
374
430
|
|
375
|
-
|
376
|
-
|
377
|
-
|
378
|
-
|
431
|
+
test 'request to non-whitelisted redirect should fail' do
|
432
|
+
post :create,
|
433
|
+
params: { email: @resource.email,
|
434
|
+
redirect_url: @bad_redirect_url }
|
435
|
+
|
436
|
+
assert_equal 422, response.status
|
437
|
+
end
|
438
|
+
|
439
|
+
test 'request to non-whitelisted redirect should return error message' do
|
440
|
+
post :create,
|
441
|
+
params: { email: @resource.email,
|
442
|
+
redirect_url: @bad_redirect_url }
|
379
443
|
|
380
|
-
|
444
|
+
@data = JSON.parse(response.body)
|
445
|
+
assert @data['errors']
|
446
|
+
assert_equal @data['errors'],
|
447
|
+
[I18n.t('devise_token_auth.passwords.not_allowed_redirect_url',
|
448
|
+
redirect_url: @bad_redirect_url)]
|
449
|
+
end
|
381
450
|
end
|
382
|
-
test 'request to non-whitelisted redirect should return error message' do
|
383
|
-
post :create,
|
384
|
-
params: { email: @resource.email,
|
385
|
-
redirect_url: @bad_redirect_url }
|
386
451
|
|
387
|
-
|
388
|
-
|
389
|
-
|
390
|
-
|
391
|
-
|
452
|
+
describe 'for edit' do
|
453
|
+
before do
|
454
|
+
@auth_headers = @resource.create_new_auth_token
|
455
|
+
@new_password = Faker::Internet.password
|
456
|
+
|
457
|
+
get_reset_token
|
458
|
+
end
|
459
|
+
|
460
|
+
test 'request to whitelisted redirect should be successful' do
|
461
|
+
get :edit, params: { reset_password_token: @mail_reset_token, redirect_url: @good_redirect_url }
|
462
|
+
|
463
|
+
assert_equal 302, response.status
|
464
|
+
end
|
465
|
+
|
466
|
+
test 'request to non-whitelisted redirect should fail' do
|
467
|
+
get :edit, params: { reset_password_token: @mail_reset_token, redirect_url: @bad_redirect_url }
|
468
|
+
|
469
|
+
assert_equal 422, response.status
|
470
|
+
end
|
471
|
+
|
472
|
+
test 'request to non-whitelisted redirect should return error message' do
|
473
|
+
get :edit, params: { reset_password_token: @mail_reset_token, redirect_url: @bad_redirect_url }
|
474
|
+
|
475
|
+
@data = JSON.parse(response.body)
|
476
|
+
assert @data['errors']
|
477
|
+
assert_equal @data['errors'],
|
478
|
+
[I18n.t('devise_token_auth.passwords.not_allowed_redirect_url',
|
479
|
+
redirect_url: @bad_redirect_url)]
|
480
|
+
end
|
392
481
|
end
|
393
482
|
end
|
394
483
|
|
@@ -403,6 +492,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
403
492
|
|
404
493
|
describe 'success' do
|
405
494
|
before do
|
495
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
406
496
|
@auth_headers = @resource.create_new_auth_token
|
407
497
|
request.headers.merge!(@auth_headers)
|
408
498
|
@new_password = Faker::Internet.password
|
@@ -467,6 +557,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
467
557
|
|
468
558
|
describe 'current password mismatch error' do
|
469
559
|
before do
|
560
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
470
561
|
@auth_headers = @resource.create_new_auth_token
|
471
562
|
request.headers.merge!(@auth_headers)
|
472
563
|
@new_password = Faker::Internet.password
|
@@ -483,7 +574,35 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
483
574
|
end
|
484
575
|
|
485
576
|
describe 'change password' do
|
486
|
-
describe '
|
577
|
+
describe 'using reset token' do
|
578
|
+
before do
|
579
|
+
DeviseTokenAuth.require_client_password_reset_token = true
|
580
|
+
@redirect_url = 'http://client-app.dev'
|
581
|
+
get_reset_token
|
582
|
+
edit_url = CGI.unescape(@mail.body.match(/href=\"(.+)\"/)[1])
|
583
|
+
query_parts = Rack::Utils.parse_nested_query(URI.parse(edit_url).query)
|
584
|
+
get :edit, params: query_parts
|
585
|
+
end
|
586
|
+
|
587
|
+
test 'request should be redirect' do
|
588
|
+
assert_equal 302, response.status
|
589
|
+
end
|
590
|
+
|
591
|
+
test 'request should redirect to correct redirect url' do
|
592
|
+
host = URI.parse(response.location).host
|
593
|
+
query_parts = Rack::Utils.parse_nested_query(URI.parse(response.location).query)
|
594
|
+
|
595
|
+
assert_equal 'client-app.dev', host
|
596
|
+
assert_equal @mail_reset_token, query_parts['reset_password_token']
|
597
|
+
assert_equal 1, query_parts.keys.size
|
598
|
+
end
|
599
|
+
|
600
|
+
teardown do
|
601
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
602
|
+
end
|
603
|
+
end
|
604
|
+
|
605
|
+
describe 'with valid headers' do
|
487
606
|
before do
|
488
607
|
@auth_headers = @resource.create_new_auth_token
|
489
608
|
request.headers.merge!(@auth_headers)
|
@@ -509,6 +628,10 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
509
628
|
test 'new password should authenticate user' do
|
510
629
|
assert @resource.valid_password?(@new_password)
|
511
630
|
end
|
631
|
+
|
632
|
+
test 'reset_password_token should be removed' do
|
633
|
+
assert_nil @resource.reset_password_token
|
634
|
+
end
|
512
635
|
end
|
513
636
|
|
514
637
|
describe 'password mismatch error' do
|
@@ -526,19 +649,93 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
526
649
|
end
|
527
650
|
end
|
528
651
|
|
529
|
-
describe '
|
652
|
+
describe 'without valid headers' do
|
530
653
|
before do
|
531
|
-
@
|
532
|
-
|
654
|
+
@resource.create_new_auth_token
|
655
|
+
new_password = Faker::Internet.password
|
533
656
|
|
534
|
-
put :update, params: { password:
|
535
|
-
password_confirmation:
|
657
|
+
put :update, params: { password: new_password,
|
658
|
+
password_confirmation: new_password }
|
536
659
|
end
|
537
660
|
|
538
661
|
test 'response should fail' do
|
539
662
|
assert_equal 401, response.status
|
540
663
|
end
|
541
664
|
end
|
665
|
+
|
666
|
+
describe 'with valid reset password token' do
|
667
|
+
before do
|
668
|
+
reset_password_token = @resource.send_reset_password_instructions
|
669
|
+
@new_password = Faker::Internet.password
|
670
|
+
@params = { password: @new_password,
|
671
|
+
password_confirmation: @new_password,
|
672
|
+
reset_password_token: reset_password_token }
|
673
|
+
end
|
674
|
+
|
675
|
+
describe 'with require_client_password_reset_token disabled' do
|
676
|
+
before do
|
677
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
678
|
+
put :update, params: @params
|
679
|
+
|
680
|
+
@data = JSON.parse(response.body)
|
681
|
+
@resource.reload
|
682
|
+
end
|
683
|
+
|
684
|
+
test 'request should be not be successful' do
|
685
|
+
assert_equal 401, response.status
|
686
|
+
end
|
687
|
+
end
|
688
|
+
|
689
|
+
describe 'with require_client_password_reset_token enabled' do
|
690
|
+
before do
|
691
|
+
DeviseTokenAuth.require_client_password_reset_token = true
|
692
|
+
put :update, params: @params
|
693
|
+
|
694
|
+
@data = JSON.parse(response.body)
|
695
|
+
@resource.reload
|
696
|
+
end
|
697
|
+
|
698
|
+
test 'request should be successful' do
|
699
|
+
assert_equal 200, response.status
|
700
|
+
end
|
701
|
+
|
702
|
+
test 'request should return success message' do
|
703
|
+
assert @data['message']
|
704
|
+
assert_equal @data['message'],
|
705
|
+
I18n.t('devise_token_auth.passwords.successfully_updated')
|
706
|
+
end
|
707
|
+
|
708
|
+
test 'new password should authenticate user' do
|
709
|
+
assert @resource.valid_password?(@new_password)
|
710
|
+
end
|
711
|
+
|
712
|
+
teardown do
|
713
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
714
|
+
end
|
715
|
+
end
|
716
|
+
end
|
717
|
+
|
718
|
+
describe 'with invalid reset password token' do
|
719
|
+
before do
|
720
|
+
DeviseTokenAuth.require_client_password_reset_token = true
|
721
|
+
@resource.update reset_password_token: 'koskoskoskos'
|
722
|
+
put :update, params: @params
|
723
|
+
@data = JSON.parse(response.body)
|
724
|
+
@resource.reload
|
725
|
+
end
|
726
|
+
|
727
|
+
test 'request should fail' do
|
728
|
+
assert_equal 401, response.status
|
729
|
+
end
|
730
|
+
|
731
|
+
test 'new password should not authenticate user' do
|
732
|
+
assert !@resource.valid_password?(@new_password)
|
733
|
+
end
|
734
|
+
|
735
|
+
teardown do
|
736
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
737
|
+
end
|
738
|
+
end
|
542
739
|
end
|
543
740
|
end
|
544
741
|
|
@@ -554,16 +751,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
554
751
|
before do
|
555
752
|
@resource = create(:mang_user, :confirmed)
|
556
753
|
@redirect_url = 'http://ng-token-auth.dev'
|
557
|
-
|
558
|
-
post :create, params: { email: @resource.email,
|
559
|
-
redirect_url: @redirect_url }
|
560
|
-
|
561
|
-
@mail = ActionMailer::Base.deliveries.last
|
562
|
-
@resource.reload
|
563
|
-
|
564
|
-
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
565
|
-
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
566
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
754
|
+
get_reset_token
|
567
755
|
end
|
568
756
|
|
569
757
|
test 'response should return success status' do
|
@@ -582,15 +770,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
582
770
|
@resource = create(:user)
|
583
771
|
@redirect_url = 'http://ng-token-auth.dev'
|
584
772
|
|
585
|
-
|
586
|
-
redirect_url: @redirect_url }
|
587
|
-
|
588
|
-
@mail = ActionMailer::Base.deliveries.last
|
589
|
-
@resource.reload
|
590
|
-
|
591
|
-
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
592
|
-
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
593
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
773
|
+
get_reset_token
|
594
774
|
|
595
775
|
get :edit, params: { reset_password_token: @mail_reset_token,
|
596
776
|
redirect_url: @mail_redirect_url }
|
@@ -610,17 +790,8 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
610
790
|
|
611
791
|
before do
|
612
792
|
@resource = unconfirmable_users(:user)
|
613
|
-
@redirect_url = 'http://ng-token-auth.dev'
|
614
793
|
|
615
|
-
|
616
|
-
redirect_url: @redirect_url }
|
617
|
-
|
618
|
-
@mail = ActionMailer::Base.deliveries.last
|
619
|
-
@resource.reload
|
620
|
-
|
621
|
-
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
622
|
-
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
623
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
794
|
+
get_reset_token
|
624
795
|
|
625
796
|
get :edit, params: { reset_password_token: @mail_reset_token,
|
626
797
|
redirect_url: @mail_redirect_url }
|
@@ -635,21 +806,27 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
635
806
|
@redirect_url = 'http://ng-token-auth.dev'
|
636
807
|
@config_name = 'altUser'
|
637
808
|
|
638
|
-
|
809
|
+
params = { email: @resource.email,
|
639
810
|
redirect_url: @redirect_url,
|
640
811
|
config_name: @config_name }
|
641
|
-
|
642
|
-
@mail = ActionMailer::Base.deliveries.last
|
643
|
-
@resource.reload
|
644
|
-
|
645
|
-
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
646
|
-
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
647
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
812
|
+
get_reset_token params
|
648
813
|
end
|
649
814
|
|
650
815
|
test 'config_name param is included in the confirmation email link' do
|
651
816
|
assert_equal @config_name, @mail_config_name
|
652
817
|
end
|
653
818
|
end
|
819
|
+
|
820
|
+
def get_reset_token(params = nil)
|
821
|
+
params ||= { email: @resource.email, redirect_url: @redirect_url }
|
822
|
+
post :create, params: params
|
823
|
+
|
824
|
+
@mail = ActionMailer::Base.deliveries.last
|
825
|
+
@resource.reload
|
826
|
+
|
827
|
+
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
828
|
+
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
829
|
+
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
830
|
+
end
|
654
831
|
end
|
655
832
|
end
|