devise_token_auth 1.0.0 → 1.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (130) hide show
  1. checksums.yaml +5 -5
  2. data/README.md +4 -2
  3. data/app/controllers/devise_token_auth/application_controller.rb +19 -3
  4. data/app/controllers/devise_token_auth/concerns/resource_finder.rb +23 -11
  5. data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +78 -57
  6. data/app/controllers/devise_token_auth/confirmations_controller.rb +67 -20
  7. data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +82 -30
  8. data/app/controllers/devise_token_auth/passwords_controller.rb +53 -31
  9. data/app/controllers/devise_token_auth/registrations_controller.rb +33 -40
  10. data/app/controllers/devise_token_auth/sessions_controller.rb +24 -6
  11. data/app/controllers/devise_token_auth/unlocks_controller.rb +10 -6
  12. data/app/models/devise_token_auth/concerns/active_record_support.rb +14 -0
  13. data/app/models/devise_token_auth/concerns/confirmable_support.rb +28 -0
  14. data/app/models/devise_token_auth/concerns/mongoid_support.rb +19 -0
  15. data/app/models/devise_token_auth/concerns/tokens_serialization.rb +31 -0
  16. data/app/models/devise_token_auth/concerns/user.rb +77 -80
  17. data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +12 -5
  18. data/app/validators/{email_validator.rb → devise_token_auth_email_validator.rb} +11 -3
  19. data/app/views/devise_token_auth/omniauth_external_window.html.erb +1 -1
  20. data/config/locales/da-DK.yml +2 -0
  21. data/config/locales/de.yml +2 -0
  22. data/config/locales/en.yml +10 -0
  23. data/config/locales/es.yml +2 -0
  24. data/config/locales/fr.yml +2 -0
  25. data/config/locales/he.yml +52 -0
  26. data/config/locales/it.yml +2 -0
  27. data/config/locales/ja.yml +16 -2
  28. data/config/locales/ko.yml +51 -0
  29. data/config/locales/nl.yml +2 -0
  30. data/config/locales/pl.yml +6 -3
  31. data/config/locales/pt-BR.yml +2 -0
  32. data/config/locales/pt.yml +6 -3
  33. data/config/locales/ro.yml +2 -0
  34. data/config/locales/ru.yml +2 -0
  35. data/config/locales/sq.yml +2 -0
  36. data/config/locales/sv.yml +2 -0
  37. data/config/locales/uk.yml +2 -0
  38. data/config/locales/vi.yml +2 -0
  39. data/config/locales/zh-CN.yml +2 -0
  40. data/config/locales/zh-HK.yml +2 -0
  41. data/config/locales/zh-TW.yml +2 -0
  42. data/lib/devise_token_auth/blacklist.rb +6 -0
  43. data/lib/devise_token_auth/controllers/helpers.rb +5 -9
  44. data/lib/devise_token_auth/engine.rb +17 -2
  45. data/lib/devise_token_auth/rails/routes.rb +18 -13
  46. data/lib/devise_token_auth/token_factory.rb +126 -0
  47. data/lib/devise_token_auth/url.rb +3 -0
  48. data/lib/devise_token_auth/version.rb +1 -1
  49. data/lib/devise_token_auth.rb +6 -3
  50. data/lib/generators/devise_token_auth/USAGE +1 -1
  51. data/lib/generators/devise_token_auth/install_generator.rb +7 -91
  52. data/lib/generators/devise_token_auth/install_generator_helpers.rb +98 -0
  53. data/lib/generators/devise_token_auth/install_mongoid_generator.rb +46 -0
  54. data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +13 -0
  55. data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +1 -8
  56. data/lib/generators/devise_token_auth/templates/user.rb.erb +2 -2
  57. data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +56 -0
  58. data/test/controllers/custom/custom_confirmations_controller_test.rb +1 -1
  59. data/test/controllers/demo_mang_controller_test.rb +37 -8
  60. data/test/controllers/demo_user_controller_test.rb +39 -10
  61. data/test/controllers/devise_token_auth/confirmations_controller_test.rb +163 -18
  62. data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +110 -43
  63. data/test/controllers/devise_token_auth/passwords_controller_test.rb +299 -122
  64. data/test/controllers/devise_token_auth/registrations_controller_test.rb +54 -14
  65. data/test/controllers/devise_token_auth/sessions_controller_test.rb +31 -40
  66. data/test/controllers/devise_token_auth/token_validations_controller_test.rb +43 -2
  67. data/test/controllers/devise_token_auth/unlocks_controller_test.rb +44 -5
  68. data/test/controllers/overrides/confirmations_controller_test.rb +1 -1
  69. data/test/dummy/app/active_record/confirmable_user.rb +11 -0
  70. data/test/dummy/app/{models → active_record}/scoped_user.rb +2 -2
  71. data/test/dummy/app/{models → active_record}/unconfirmable_user.rb +1 -2
  72. data/test/dummy/app/{models → active_record}/unregisterable_user.rb +3 -3
  73. data/test/dummy/app/active_record/user.rb +6 -0
  74. data/test/dummy/app/controllers/overrides/confirmations_controller.rb +3 -3
  75. data/test/dummy/app/controllers/overrides/passwords_controller.rb +3 -3
  76. data/test/dummy/app/controllers/overrides/registrations_controller.rb +1 -1
  77. data/test/dummy/app/controllers/overrides/sessions_controller.rb +2 -2
  78. data/test/dummy/app/models/{user.rb → concerns/favorite_color.rb} +7 -8
  79. data/test/dummy/app/mongoid/confirmable_user.rb +52 -0
  80. data/test/dummy/app/mongoid/lockable_user.rb +38 -0
  81. data/test/dummy/app/mongoid/mang.rb +46 -0
  82. data/test/dummy/app/mongoid/only_email_user.rb +33 -0
  83. data/test/dummy/app/mongoid/scoped_user.rb +50 -0
  84. data/test/dummy/app/mongoid/unconfirmable_user.rb +44 -0
  85. data/test/dummy/app/mongoid/unregisterable_user.rb +47 -0
  86. data/test/dummy/app/mongoid/user.rb +49 -0
  87. data/test/dummy/app/views/layouts/application.html.erb +0 -2
  88. data/test/dummy/config/application.rb +22 -1
  89. data/test/dummy/config/boot.rb +4 -0
  90. data/test/dummy/config/environments/development.rb +0 -10
  91. data/test/dummy/config/environments/production.rb +0 -16
  92. data/test/dummy/config/initializers/devise.rb +285 -0
  93. data/test/dummy/config/initializers/devise_token_auth.rb +35 -4
  94. data/test/dummy/config/initializers/figaro.rb +1 -1
  95. data/test/dummy/config/initializers/omniauth.rb +1 -0
  96. data/test/dummy/config/routes.rb +2 -0
  97. data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +0 -7
  98. data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +0 -7
  99. data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +0 -7
  100. data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +0 -7
  101. data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +0 -7
  102. data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +0 -7
  103. data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +0 -7
  104. data/test/dummy/db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb +49 -0
  105. data/test/dummy/db/schema.rb +31 -33
  106. data/test/dummy/tmp/generators/app/models/user.rb +11 -0
  107. data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +60 -0
  108. data/test/dummy/tmp/generators/db/migrate/20220822003050_devise_token_auth_create_users.rb +49 -0
  109. data/test/factories/users.rb +3 -2
  110. data/test/lib/devise_token_auth/blacklist_test.rb +19 -0
  111. data/test/lib/devise_token_auth/rails/custom_routes_test.rb +29 -0
  112. data/test/lib/devise_token_auth/rails/routes_test.rb +87 -0
  113. data/test/lib/devise_token_auth/token_factory_test.rb +191 -0
  114. data/test/lib/devise_token_auth/url_test.rb +2 -2
  115. data/test/lib/generators/devise_token_auth/install_generator_test.rb +51 -31
  116. data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +51 -31
  117. data/test/models/concerns/mongoid_support_test.rb +31 -0
  118. data/test/models/concerns/tokens_serialization_test.rb +104 -0
  119. data/test/models/confirmable_user_test.rb +35 -0
  120. data/test/models/only_email_user_test.rb +0 -8
  121. data/test/models/user_test.rb +13 -23
  122. data/test/test_helper.rb +45 -4
  123. metadata +126 -33
  124. data/config/initializers/devise.rb +0 -198
  125. data/test/dummy/config/initializers/assets.rb +0 -10
  126. data/test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb +0 -5
  127. data/test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb +0 -8
  128. /data/test/dummy/app/{models → active_record}/lockable_user.rb +0 -0
  129. /data/test/dummy/app/{models → active_record}/mang.rb +0 -0
  130. /data/test/dummy/app/{models → active_record}/only_email_user.rb +0 -0
@@ -41,57 +41,133 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
41
41
  before do
42
42
  @auth_headers = @resource.create_new_auth_token
43
43
  @new_password = Faker::Internet.password
44
-
45
- post :create,
46
- params: { email: 'chester@cheet.ah' }
47
- @data = JSON.parse(response.body)
48
44
  end
49
45
 
50
- test 'response should fail' do
51
- assert_equal 401, response.status
52
- end
46
+ describe 'for create' do
47
+ before do
48
+ post :create,
49
+ params: { email: 'chester@cheet.ah' }
50
+ @data = JSON.parse(response.body)
51
+ end
53
52
 
54
- test 'error message should be returned' do
55
- assert @data['errors']
56
- assert_equal(
57
- @data['errors'],
58
- [I18n.t('devise_token_auth.passwords.missing_redirect_url')]
59
- )
53
+ test 'response should fail' do
54
+ assert_equal 401, response.status
55
+ end
56
+
57
+ test 'error message should be returned' do
58
+ assert @data['errors']
59
+ assert_equal(
60
+ @data['errors'],
61
+ [I18n.t('devise_token_auth.passwords.missing_redirect_url')]
62
+ )
63
+ end
60
64
  end
61
- end
62
65
 
63
- describe 'request password reset' do
64
- describe 'unknown user should return 404' do
66
+ describe 'for edit' do
65
67
  before do
66
- post :create,
67
- params: { email: 'chester@cheet.ah',
68
- redirect_url: @redirect_url }
68
+ get_reset_token
69
+ get :edit, params: { reset_password_token: @mail_reset_token}
69
70
  @data = JSON.parse(response.body)
70
71
  end
71
72
 
72
- test 'unknown user should return 404' do
73
- assert_equal 404, response.status
73
+ test 'response should fail' do
74
+ assert_equal 401, response.status
74
75
  end
75
76
 
76
- test 'errors should be returned' do
77
+ test 'error message should be returned' do
77
78
  assert @data['errors']
78
- assert_equal @data['errors'],
79
- [I18n.t('devise_token_auth.passwords.user_not_found',
80
- email: 'chester@cheet.ah')]
79
+ assert_equal(
80
+ @data['errors'],
81
+ [I18n.t('devise_token_auth.passwords.missing_redirect_url')]
82
+ )
83
+ end
84
+ end
85
+ end
86
+
87
+ describe 'request password reset' do
88
+ describe 'unknown user' do
89
+ describe 'without paranoid mode' do
90
+ before do
91
+ post :create,
92
+ params: { email: 'chester@cheet.ah',
93
+ redirect_url: @redirect_url }
94
+ @data = JSON.parse(response.body)
95
+ end
96
+
97
+ test 'unknown user should return 404' do
98
+ assert_equal 404, response.status
99
+ end
100
+
101
+ test 'errors should be returned' do
102
+ assert @data['errors']
103
+ assert_equal @data['errors'],
104
+ [I18n.t('devise_token_auth.passwords.user_not_found',
105
+ email: 'chester@cheet.ah')]
106
+ end
107
+ end
108
+
109
+ describe 'with paranoid mode' do
110
+ before do
111
+ swap Devise, paranoid: true do
112
+ post :create,
113
+ params: { email: 'chester@cheet.ah',
114
+ redirect_url: @redirect_url }
115
+ @data = JSON.parse(response.body)
116
+ end
117
+ end
118
+
119
+ test 'response should return success status' do
120
+ assert_equal 200, response.status
121
+ end
122
+
123
+ test 'response should contain message' do
124
+ assert_equal \
125
+ @data['message'],
126
+ I18n.t('devise_token_auth.passwords.sended_paranoid')
127
+ end
81
128
  end
82
129
  end
83
130
 
84
131
  describe 'successfully requested password reset' do
85
- before do
86
- post :create,
87
- params: { email: @resource.email,
88
- redirect_url: @redirect_url }
132
+ describe 'without paranoid mode' do
133
+ before do
134
+ post :create,
135
+ params: { email: @resource.email,
136
+ redirect_url: @redirect_url }
89
137
 
90
- @data = JSON.parse(response.body)
138
+ @data = JSON.parse(response.body)
139
+ end
140
+
141
+ test 'response should not contain extra data' do
142
+ assert_nil @data['data']
143
+ end
144
+
145
+ test 'response should contains message' do
146
+ assert_equal \
147
+ @data['message'],
148
+ I18n.t('devise_token_auth.passwords.sended', email: @resource.email)
149
+ end
91
150
  end
92
151
 
93
- test 'response should not contain extra data' do
94
- assert_nil @data['data']
152
+ describe 'with paranoid mode' do
153
+ before do
154
+ swap Devise, paranoid: true do
155
+ post :create,
156
+ params: { email: @resource.email,
157
+ redirect_url: @redirect_url }
158
+ @data = JSON.parse(response.body)
159
+ end
160
+ end
161
+
162
+ test 'response should return success status' do
163
+ assert_equal 200, response.status
164
+ end
165
+
166
+ test 'response should contain message' do
167
+ assert_equal \
168
+ @data['message'],
169
+ I18n.t('devise_token_auth.passwords.sended_paranoid')
170
+ end
95
171
  end
96
172
  end
97
173
 
@@ -215,10 +291,10 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
215
291
  end
216
292
  end
217
293
 
218
- describe 'Cheking reset_password_token' do
294
+ describe 'Checking reset_password_token' do
219
295
  before do
220
296
  post :create, params: {
221
- email: @resource.email,
297
+ email: @resource.email,
222
298
  redirect_url: @redirect_url
223
299
  }
224
300
 
@@ -235,14 +311,14 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
235
311
  assert_equal Devise.token_generator.digest(self, :reset_password_token, @mail_reset_token), @resource.reset_password_token
236
312
  end
237
313
 
238
- test 'reset_password_token should be rewritten by origin mail_reset_token' do
314
+ test 'reset_password_token should not be rewritten by origin mail_reset_token' do
239
315
  get :edit, params: {
240
316
  reset_password_token: @mail_reset_token,
241
317
  redirect_url: @mail_redirect_url
242
318
  }
243
319
  @resource.reload
244
320
 
245
- assert_equal @mail_reset_token, @resource.reset_password_token
321
+ assert_equal Devise.token_generator.digest(self, :reset_password_token, @mail_reset_token), @resource.reset_password_token
246
322
  end
247
323
 
248
324
  test 'response should return success status' do
@@ -254,26 +330,6 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
254
330
  assert_equal 302, response.status
255
331
  end
256
332
 
257
- test 'reset_password_token should be valid only one first time' do
258
- get :edit, params: {
259
- reset_password_token: @mail_reset_token,
260
- redirect_url: @mail_redirect_url
261
- }
262
-
263
- @resource.reload
264
- assert_equal @mail_reset_token, @resource.reset_password_token
265
-
266
- assert_raises(ActionController::RoutingError) {
267
- get :edit, params: {
268
- reset_password_token: @mail_reset_token,
269
- redirect_url: @mail_redirect_url
270
- }
271
- }
272
-
273
- @resource.reload
274
- assert_equal @mail_reset_token, @resource.reset_password_token
275
- end
276
-
277
333
  test 'reset_password_sent_at should be valid' do
278
334
  assert_equal @resource.reset_password_period_valid?, true
279
335
 
@@ -283,7 +339,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
283
339
  }
284
340
 
285
341
  @resource.reload
286
- assert_equal @mail_reset_token, @resource.reset_password_token
342
+ assert_equal Devise.token_generator.digest(self, :reset_password_token, @mail_reset_token), @resource.reset_password_token
287
343
  end
288
344
 
289
345
  test 'reset_password_sent_at should be expired' do
@@ -354,8 +410,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
354
410
 
355
411
  describe 'Using redirect_whitelist' do
356
412
  before do
357
- @resource = create(:user, :confirmed)
358
- @good_redirect_url = Faker::Internet.url
413
+ @good_redirect_url = @redirect_url
359
414
  @bad_redirect_url = Faker::Internet.url
360
415
  DeviseTokenAuth.redirect_whitelist = [@good_redirect_url]
361
416
  end
@@ -364,31 +419,65 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
364
419
  DeviseTokenAuth.redirect_whitelist = nil
365
420
  end
366
421
 
367
- test 'request to whitelisted redirect should be successful' do
368
- post :create,
369
- params: { email: @resource.email,
370
- redirect_url: @good_redirect_url }
422
+ describe 'for create' do
423
+ test 'request to whitelisted redirect should be successful' do
424
+ post :create,
425
+ params: { email: @resource.email,
426
+ redirect_url: @good_redirect_url }
371
427
 
372
- assert_equal 200, response.status
373
- end
428
+ assert_equal 200, response.status
429
+ end
374
430
 
375
- test 'request to non-whitelisted redirect should fail' do
376
- post :create,
377
- params: { email: @resource.email,
378
- redirect_url: @bad_redirect_url }
431
+ test 'request to non-whitelisted redirect should fail' do
432
+ post :create,
433
+ params: { email: @resource.email,
434
+ redirect_url: @bad_redirect_url }
435
+
436
+ assert_equal 422, response.status
437
+ end
438
+
439
+ test 'request to non-whitelisted redirect should return error message' do
440
+ post :create,
441
+ params: { email: @resource.email,
442
+ redirect_url: @bad_redirect_url }
379
443
 
380
- assert_equal 422, response.status
444
+ @data = JSON.parse(response.body)
445
+ assert @data['errors']
446
+ assert_equal @data['errors'],
447
+ [I18n.t('devise_token_auth.passwords.not_allowed_redirect_url',
448
+ redirect_url: @bad_redirect_url)]
449
+ end
381
450
  end
382
- test 'request to non-whitelisted redirect should return error message' do
383
- post :create,
384
- params: { email: @resource.email,
385
- redirect_url: @bad_redirect_url }
386
451
 
387
- @data = JSON.parse(response.body)
388
- assert @data['errors']
389
- assert_equal @data['errors'],
390
- [I18n.t('devise_token_auth.passwords.not_allowed_redirect_url',
391
- redirect_url: @bad_redirect_url)]
452
+ describe 'for edit' do
453
+ before do
454
+ @auth_headers = @resource.create_new_auth_token
455
+ @new_password = Faker::Internet.password
456
+
457
+ get_reset_token
458
+ end
459
+
460
+ test 'request to whitelisted redirect should be successful' do
461
+ get :edit, params: { reset_password_token: @mail_reset_token, redirect_url: @good_redirect_url }
462
+
463
+ assert_equal 302, response.status
464
+ end
465
+
466
+ test 'request to non-whitelisted redirect should fail' do
467
+ get :edit, params: { reset_password_token: @mail_reset_token, redirect_url: @bad_redirect_url }
468
+
469
+ assert_equal 422, response.status
470
+ end
471
+
472
+ test 'request to non-whitelisted redirect should return error message' do
473
+ get :edit, params: { reset_password_token: @mail_reset_token, redirect_url: @bad_redirect_url }
474
+
475
+ @data = JSON.parse(response.body)
476
+ assert @data['errors']
477
+ assert_equal @data['errors'],
478
+ [I18n.t('devise_token_auth.passwords.not_allowed_redirect_url',
479
+ redirect_url: @bad_redirect_url)]
480
+ end
392
481
  end
393
482
  end
394
483
 
@@ -403,6 +492,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
403
492
 
404
493
  describe 'success' do
405
494
  before do
495
+ DeviseTokenAuth.require_client_password_reset_token = false
406
496
  @auth_headers = @resource.create_new_auth_token
407
497
  request.headers.merge!(@auth_headers)
408
498
  @new_password = Faker::Internet.password
@@ -467,6 +557,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
467
557
 
468
558
  describe 'current password mismatch error' do
469
559
  before do
560
+ DeviseTokenAuth.require_client_password_reset_token = false
470
561
  @auth_headers = @resource.create_new_auth_token
471
562
  request.headers.merge!(@auth_headers)
472
563
  @new_password = Faker::Internet.password
@@ -483,7 +574,35 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
483
574
  end
484
575
 
485
576
  describe 'change password' do
486
- describe 'success' do
577
+ describe 'using reset token' do
578
+ before do
579
+ DeviseTokenAuth.require_client_password_reset_token = true
580
+ @redirect_url = 'http://client-app.dev'
581
+ get_reset_token
582
+ edit_url = CGI.unescape(@mail.body.match(/href=\"(.+)\"/)[1])
583
+ query_parts = Rack::Utils.parse_nested_query(URI.parse(edit_url).query)
584
+ get :edit, params: query_parts
585
+ end
586
+
587
+ test 'request should be redirect' do
588
+ assert_equal 302, response.status
589
+ end
590
+
591
+ test 'request should redirect to correct redirect url' do
592
+ host = URI.parse(response.location).host
593
+ query_parts = Rack::Utils.parse_nested_query(URI.parse(response.location).query)
594
+
595
+ assert_equal 'client-app.dev', host
596
+ assert_equal @mail_reset_token, query_parts['reset_password_token']
597
+ assert_equal 1, query_parts.keys.size
598
+ end
599
+
600
+ teardown do
601
+ DeviseTokenAuth.require_client_password_reset_token = false
602
+ end
603
+ end
604
+
605
+ describe 'with valid headers' do
487
606
  before do
488
607
  @auth_headers = @resource.create_new_auth_token
489
608
  request.headers.merge!(@auth_headers)
@@ -509,6 +628,10 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
509
628
  test 'new password should authenticate user' do
510
629
  assert @resource.valid_password?(@new_password)
511
630
  end
631
+
632
+ test 'reset_password_token should be removed' do
633
+ assert_nil @resource.reset_password_token
634
+ end
512
635
  end
513
636
 
514
637
  describe 'password mismatch error' do
@@ -526,19 +649,93 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
526
649
  end
527
650
  end
528
651
 
529
- describe 'unauthorized user' do
652
+ describe 'without valid headers' do
530
653
  before do
531
- @auth_headers = @resource.create_new_auth_token
532
- @new_password = Faker::Internet.password
654
+ @resource.create_new_auth_token
655
+ new_password = Faker::Internet.password
533
656
 
534
- put :update, params: { password: @new_password,
535
- password_confirmation: @new_password }
657
+ put :update, params: { password: new_password,
658
+ password_confirmation: new_password }
536
659
  end
537
660
 
538
661
  test 'response should fail' do
539
662
  assert_equal 401, response.status
540
663
  end
541
664
  end
665
+
666
+ describe 'with valid reset password token' do
667
+ before do
668
+ reset_password_token = @resource.send_reset_password_instructions
669
+ @new_password = Faker::Internet.password
670
+ @params = { password: @new_password,
671
+ password_confirmation: @new_password,
672
+ reset_password_token: reset_password_token }
673
+ end
674
+
675
+ describe 'with require_client_password_reset_token disabled' do
676
+ before do
677
+ DeviseTokenAuth.require_client_password_reset_token = false
678
+ put :update, params: @params
679
+
680
+ @data = JSON.parse(response.body)
681
+ @resource.reload
682
+ end
683
+
684
+ test 'request should be not be successful' do
685
+ assert_equal 401, response.status
686
+ end
687
+ end
688
+
689
+ describe 'with require_client_password_reset_token enabled' do
690
+ before do
691
+ DeviseTokenAuth.require_client_password_reset_token = true
692
+ put :update, params: @params
693
+
694
+ @data = JSON.parse(response.body)
695
+ @resource.reload
696
+ end
697
+
698
+ test 'request should be successful' do
699
+ assert_equal 200, response.status
700
+ end
701
+
702
+ test 'request should return success message' do
703
+ assert @data['message']
704
+ assert_equal @data['message'],
705
+ I18n.t('devise_token_auth.passwords.successfully_updated')
706
+ end
707
+
708
+ test 'new password should authenticate user' do
709
+ assert @resource.valid_password?(@new_password)
710
+ end
711
+
712
+ teardown do
713
+ DeviseTokenAuth.require_client_password_reset_token = false
714
+ end
715
+ end
716
+ end
717
+
718
+ describe 'with invalid reset password token' do
719
+ before do
720
+ DeviseTokenAuth.require_client_password_reset_token = true
721
+ @resource.update reset_password_token: 'koskoskoskos'
722
+ put :update, params: @params
723
+ @data = JSON.parse(response.body)
724
+ @resource.reload
725
+ end
726
+
727
+ test 'request should fail' do
728
+ assert_equal 401, response.status
729
+ end
730
+
731
+ test 'new password should not authenticate user' do
732
+ assert !@resource.valid_password?(@new_password)
733
+ end
734
+
735
+ teardown do
736
+ DeviseTokenAuth.require_client_password_reset_token = false
737
+ end
738
+ end
542
739
  end
543
740
  end
544
741
 
@@ -554,16 +751,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
554
751
  before do
555
752
  @resource = create(:mang_user, :confirmed)
556
753
  @redirect_url = 'http://ng-token-auth.dev'
557
-
558
- post :create, params: { email: @resource.email,
559
- redirect_url: @redirect_url }
560
-
561
- @mail = ActionMailer::Base.deliveries.last
562
- @resource.reload
563
-
564
- @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
565
- @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
566
- @mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
754
+ get_reset_token
567
755
  end
568
756
 
569
757
  test 'response should return success status' do
@@ -582,15 +770,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
582
770
  @resource = create(:user)
583
771
  @redirect_url = 'http://ng-token-auth.dev'
584
772
 
585
- post :create, params: { email: @resource.email,
586
- redirect_url: @redirect_url }
587
-
588
- @mail = ActionMailer::Base.deliveries.last
589
- @resource.reload
590
-
591
- @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
592
- @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
593
- @mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
773
+ get_reset_token
594
774
 
595
775
  get :edit, params: { reset_password_token: @mail_reset_token,
596
776
  redirect_url: @mail_redirect_url }
@@ -610,17 +790,8 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
610
790
 
611
791
  before do
612
792
  @resource = unconfirmable_users(:user)
613
- @redirect_url = 'http://ng-token-auth.dev'
614
793
 
615
- post :create, params: { email: @resource.email,
616
- redirect_url: @redirect_url }
617
-
618
- @mail = ActionMailer::Base.deliveries.last
619
- @resource.reload
620
-
621
- @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
622
- @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
623
- @mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
794
+ get_reset_token
624
795
 
625
796
  get :edit, params: { reset_password_token: @mail_reset_token,
626
797
  redirect_url: @mail_redirect_url }
@@ -635,21 +806,27 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
635
806
  @redirect_url = 'http://ng-token-auth.dev'
636
807
  @config_name = 'altUser'
637
808
 
638
- post :create, params: { email: @resource.email,
809
+ params = { email: @resource.email,
639
810
  redirect_url: @redirect_url,
640
811
  config_name: @config_name }
641
-
642
- @mail = ActionMailer::Base.deliveries.last
643
- @resource.reload
644
-
645
- @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
646
- @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
647
- @mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
812
+ get_reset_token params
648
813
  end
649
814
 
650
815
  test 'config_name param is included in the confirmation email link' do
651
816
  assert_equal @config_name, @mail_config_name
652
817
  end
653
818
  end
819
+
820
+ def get_reset_token(params = nil)
821
+ params ||= { email: @resource.email, redirect_url: @redirect_url }
822
+ post :create, params: params
823
+
824
+ @mail = ActionMailer::Base.deliveries.last
825
+ @resource.reload
826
+
827
+ @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
828
+ @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
829
+ @mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
830
+ end
654
831
  end
655
832
  end