devise_token_auth 1.0.0 → 1.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/README.md +4 -2
- data/app/controllers/devise_token_auth/application_controller.rb +19 -3
- data/app/controllers/devise_token_auth/concerns/resource_finder.rb +23 -11
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +78 -57
- data/app/controllers/devise_token_auth/confirmations_controller.rb +67 -20
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +82 -30
- data/app/controllers/devise_token_auth/passwords_controller.rb +53 -31
- data/app/controllers/devise_token_auth/registrations_controller.rb +33 -40
- data/app/controllers/devise_token_auth/sessions_controller.rb +24 -6
- data/app/controllers/devise_token_auth/unlocks_controller.rb +10 -6
- data/app/models/devise_token_auth/concerns/active_record_support.rb +14 -0
- data/app/models/devise_token_auth/concerns/confirmable_support.rb +28 -0
- data/app/models/devise_token_auth/concerns/mongoid_support.rb +19 -0
- data/app/models/devise_token_auth/concerns/tokens_serialization.rb +31 -0
- data/app/models/devise_token_auth/concerns/user.rb +77 -80
- data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +12 -5
- data/app/validators/{email_validator.rb → devise_token_auth_email_validator.rb} +11 -3
- data/app/views/devise_token_auth/omniauth_external_window.html.erb +1 -1
- data/config/locales/da-DK.yml +2 -0
- data/config/locales/de.yml +2 -0
- data/config/locales/en.yml +10 -0
- data/config/locales/es.yml +2 -0
- data/config/locales/fr.yml +2 -0
- data/config/locales/he.yml +52 -0
- data/config/locales/it.yml +2 -0
- data/config/locales/ja.yml +16 -2
- data/config/locales/ko.yml +51 -0
- data/config/locales/nl.yml +2 -0
- data/config/locales/pl.yml +6 -3
- data/config/locales/pt-BR.yml +2 -0
- data/config/locales/pt.yml +6 -3
- data/config/locales/ro.yml +2 -0
- data/config/locales/ru.yml +2 -0
- data/config/locales/sq.yml +2 -0
- data/config/locales/sv.yml +2 -0
- data/config/locales/uk.yml +2 -0
- data/config/locales/vi.yml +2 -0
- data/config/locales/zh-CN.yml +2 -0
- data/config/locales/zh-HK.yml +2 -0
- data/config/locales/zh-TW.yml +2 -0
- data/lib/devise_token_auth/blacklist.rb +6 -0
- data/lib/devise_token_auth/controllers/helpers.rb +5 -9
- data/lib/devise_token_auth/engine.rb +17 -2
- data/lib/devise_token_auth/rails/routes.rb +18 -13
- data/lib/devise_token_auth/token_factory.rb +126 -0
- data/lib/devise_token_auth/url.rb +3 -0
- data/lib/devise_token_auth/version.rb +1 -1
- data/lib/devise_token_auth.rb +6 -3
- data/lib/generators/devise_token_auth/USAGE +1 -1
- data/lib/generators/devise_token_auth/install_generator.rb +7 -91
- data/lib/generators/devise_token_auth/install_generator_helpers.rb +98 -0
- data/lib/generators/devise_token_auth/install_mongoid_generator.rb +46 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +13 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +1 -8
- data/lib/generators/devise_token_auth/templates/user.rb.erb +2 -2
- data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +56 -0
- data/test/controllers/custom/custom_confirmations_controller_test.rb +1 -1
- data/test/controllers/demo_mang_controller_test.rb +37 -8
- data/test/controllers/demo_user_controller_test.rb +39 -10
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +163 -18
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +110 -43
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +299 -122
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +54 -14
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +31 -40
- data/test/controllers/devise_token_auth/token_validations_controller_test.rb +43 -2
- data/test/controllers/devise_token_auth/unlocks_controller_test.rb +44 -5
- data/test/controllers/overrides/confirmations_controller_test.rb +1 -1
- data/test/dummy/app/active_record/confirmable_user.rb +11 -0
- data/test/dummy/app/{models → active_record}/scoped_user.rb +2 -2
- data/test/dummy/app/{models → active_record}/unconfirmable_user.rb +1 -2
- data/test/dummy/app/{models → active_record}/unregisterable_user.rb +3 -3
- data/test/dummy/app/active_record/user.rb +6 -0
- data/test/dummy/app/controllers/overrides/confirmations_controller.rb +3 -3
- data/test/dummy/app/controllers/overrides/passwords_controller.rb +3 -3
- data/test/dummy/app/controllers/overrides/registrations_controller.rb +1 -1
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +2 -2
- data/test/dummy/app/models/{user.rb → concerns/favorite_color.rb} +7 -8
- data/test/dummy/app/mongoid/confirmable_user.rb +52 -0
- data/test/dummy/app/mongoid/lockable_user.rb +38 -0
- data/test/dummy/app/mongoid/mang.rb +46 -0
- data/test/dummy/app/mongoid/only_email_user.rb +33 -0
- data/test/dummy/app/mongoid/scoped_user.rb +50 -0
- data/test/dummy/app/mongoid/unconfirmable_user.rb +44 -0
- data/test/dummy/app/mongoid/unregisterable_user.rb +47 -0
- data/test/dummy/app/mongoid/user.rb +49 -0
- data/test/dummy/app/views/layouts/application.html.erb +0 -2
- data/test/dummy/config/application.rb +22 -1
- data/test/dummy/config/boot.rb +4 -0
- data/test/dummy/config/environments/development.rb +0 -10
- data/test/dummy/config/environments/production.rb +0 -16
- data/test/dummy/config/initializers/devise.rb +285 -0
- data/test/dummy/config/initializers/devise_token_auth.rb +35 -4
- data/test/dummy/config/initializers/figaro.rb +1 -1
- data/test/dummy/config/initializers/omniauth.rb +1 -0
- data/test/dummy/config/routes.rb +2 -0
- data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +0 -7
- data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +0 -7
- data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +0 -7
- data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +0 -7
- data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +0 -7
- data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +0 -7
- data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +0 -7
- data/test/dummy/db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb +49 -0
- data/test/dummy/db/schema.rb +31 -33
- data/test/dummy/tmp/generators/app/models/user.rb +11 -0
- data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +60 -0
- data/test/dummy/tmp/generators/db/migrate/20220822003050_devise_token_auth_create_users.rb +49 -0
- data/test/factories/users.rb +3 -2
- data/test/lib/devise_token_auth/blacklist_test.rb +19 -0
- data/test/lib/devise_token_auth/rails/custom_routes_test.rb +29 -0
- data/test/lib/devise_token_auth/rails/routes_test.rb +87 -0
- data/test/lib/devise_token_auth/token_factory_test.rb +191 -0
- data/test/lib/devise_token_auth/url_test.rb +2 -2
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +51 -31
- data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +51 -31
- data/test/models/concerns/mongoid_support_test.rb +31 -0
- data/test/models/concerns/tokens_serialization_test.rb +104 -0
- data/test/models/confirmable_user_test.rb +35 -0
- data/test/models/only_email_user_test.rb +0 -8
- data/test/models/user_test.rb +13 -23
- data/test/test_helper.rb +45 -4
- metadata +126 -33
- data/config/initializers/devise.rb +0 -198
- data/test/dummy/config/initializers/assets.rb +0 -10
- data/test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb +0 -5
- data/test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb +0 -8
- /data/test/dummy/app/{models → active_record}/lockable_user.rb +0 -0
- /data/test/dummy/app/{models → active_record}/mang.rb +0 -0
- /data/test/dummy/app/{models → active_record}/only_email_user.rb +0 -0
@@ -41,57 +41,133 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
41
41
|
before do
|
42
42
|
@auth_headers = @resource.create_new_auth_token
|
43
43
|
@new_password = Faker::Internet.password
|
44
|
-
|
45
|
-
post :create,
|
46
|
-
params: { email: 'chester@cheet.ah' }
|
47
|
-
@data = JSON.parse(response.body)
|
48
44
|
end
|
49
45
|
|
50
|
-
|
51
|
-
|
52
|
-
|
46
|
+
describe 'for create' do
|
47
|
+
before do
|
48
|
+
post :create,
|
49
|
+
params: { email: 'chester@cheet.ah' }
|
50
|
+
@data = JSON.parse(response.body)
|
51
|
+
end
|
53
52
|
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
53
|
+
test 'response should fail' do
|
54
|
+
assert_equal 401, response.status
|
55
|
+
end
|
56
|
+
|
57
|
+
test 'error message should be returned' do
|
58
|
+
assert @data['errors']
|
59
|
+
assert_equal(
|
60
|
+
@data['errors'],
|
61
|
+
[I18n.t('devise_token_auth.passwords.missing_redirect_url')]
|
62
|
+
)
|
63
|
+
end
|
60
64
|
end
|
61
|
-
end
|
62
65
|
|
63
|
-
|
64
|
-
describe 'unknown user should return 404' do
|
66
|
+
describe 'for edit' do
|
65
67
|
before do
|
66
|
-
|
67
|
-
|
68
|
-
redirect_url: @redirect_url }
|
68
|
+
get_reset_token
|
69
|
+
get :edit, params: { reset_password_token: @mail_reset_token}
|
69
70
|
@data = JSON.parse(response.body)
|
70
71
|
end
|
71
72
|
|
72
|
-
test '
|
73
|
-
assert_equal
|
73
|
+
test 'response should fail' do
|
74
|
+
assert_equal 401, response.status
|
74
75
|
end
|
75
76
|
|
76
|
-
test '
|
77
|
+
test 'error message should be returned' do
|
77
78
|
assert @data['errors']
|
78
|
-
assert_equal
|
79
|
-
|
80
|
-
|
79
|
+
assert_equal(
|
80
|
+
@data['errors'],
|
81
|
+
[I18n.t('devise_token_auth.passwords.missing_redirect_url')]
|
82
|
+
)
|
83
|
+
end
|
84
|
+
end
|
85
|
+
end
|
86
|
+
|
87
|
+
describe 'request password reset' do
|
88
|
+
describe 'unknown user' do
|
89
|
+
describe 'without paranoid mode' do
|
90
|
+
before do
|
91
|
+
post :create,
|
92
|
+
params: { email: 'chester@cheet.ah',
|
93
|
+
redirect_url: @redirect_url }
|
94
|
+
@data = JSON.parse(response.body)
|
95
|
+
end
|
96
|
+
|
97
|
+
test 'unknown user should return 404' do
|
98
|
+
assert_equal 404, response.status
|
99
|
+
end
|
100
|
+
|
101
|
+
test 'errors should be returned' do
|
102
|
+
assert @data['errors']
|
103
|
+
assert_equal @data['errors'],
|
104
|
+
[I18n.t('devise_token_auth.passwords.user_not_found',
|
105
|
+
email: 'chester@cheet.ah')]
|
106
|
+
end
|
107
|
+
end
|
108
|
+
|
109
|
+
describe 'with paranoid mode' do
|
110
|
+
before do
|
111
|
+
swap Devise, paranoid: true do
|
112
|
+
post :create,
|
113
|
+
params: { email: 'chester@cheet.ah',
|
114
|
+
redirect_url: @redirect_url }
|
115
|
+
@data = JSON.parse(response.body)
|
116
|
+
end
|
117
|
+
end
|
118
|
+
|
119
|
+
test 'response should return success status' do
|
120
|
+
assert_equal 200, response.status
|
121
|
+
end
|
122
|
+
|
123
|
+
test 'response should contain message' do
|
124
|
+
assert_equal \
|
125
|
+
@data['message'],
|
126
|
+
I18n.t('devise_token_auth.passwords.sended_paranoid')
|
127
|
+
end
|
81
128
|
end
|
82
129
|
end
|
83
130
|
|
84
131
|
describe 'successfully requested password reset' do
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
132
|
+
describe 'without paranoid mode' do
|
133
|
+
before do
|
134
|
+
post :create,
|
135
|
+
params: { email: @resource.email,
|
136
|
+
redirect_url: @redirect_url }
|
89
137
|
|
90
|
-
|
138
|
+
@data = JSON.parse(response.body)
|
139
|
+
end
|
140
|
+
|
141
|
+
test 'response should not contain extra data' do
|
142
|
+
assert_nil @data['data']
|
143
|
+
end
|
144
|
+
|
145
|
+
test 'response should contains message' do
|
146
|
+
assert_equal \
|
147
|
+
@data['message'],
|
148
|
+
I18n.t('devise_token_auth.passwords.sended', email: @resource.email)
|
149
|
+
end
|
91
150
|
end
|
92
151
|
|
93
|
-
|
94
|
-
|
152
|
+
describe 'with paranoid mode' do
|
153
|
+
before do
|
154
|
+
swap Devise, paranoid: true do
|
155
|
+
post :create,
|
156
|
+
params: { email: @resource.email,
|
157
|
+
redirect_url: @redirect_url }
|
158
|
+
@data = JSON.parse(response.body)
|
159
|
+
end
|
160
|
+
end
|
161
|
+
|
162
|
+
test 'response should return success status' do
|
163
|
+
assert_equal 200, response.status
|
164
|
+
end
|
165
|
+
|
166
|
+
test 'response should contain message' do
|
167
|
+
assert_equal \
|
168
|
+
@data['message'],
|
169
|
+
I18n.t('devise_token_auth.passwords.sended_paranoid')
|
170
|
+
end
|
95
171
|
end
|
96
172
|
end
|
97
173
|
|
@@ -215,10 +291,10 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
215
291
|
end
|
216
292
|
end
|
217
293
|
|
218
|
-
describe '
|
294
|
+
describe 'Checking reset_password_token' do
|
219
295
|
before do
|
220
296
|
post :create, params: {
|
221
|
-
email:
|
297
|
+
email: @resource.email,
|
222
298
|
redirect_url: @redirect_url
|
223
299
|
}
|
224
300
|
|
@@ -235,14 +311,14 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
235
311
|
assert_equal Devise.token_generator.digest(self, :reset_password_token, @mail_reset_token), @resource.reset_password_token
|
236
312
|
end
|
237
313
|
|
238
|
-
test 'reset_password_token should be rewritten by origin mail_reset_token' do
|
314
|
+
test 'reset_password_token should not be rewritten by origin mail_reset_token' do
|
239
315
|
get :edit, params: {
|
240
316
|
reset_password_token: @mail_reset_token,
|
241
317
|
redirect_url: @mail_redirect_url
|
242
318
|
}
|
243
319
|
@resource.reload
|
244
320
|
|
245
|
-
assert_equal @mail_reset_token, @resource.reset_password_token
|
321
|
+
assert_equal Devise.token_generator.digest(self, :reset_password_token, @mail_reset_token), @resource.reset_password_token
|
246
322
|
end
|
247
323
|
|
248
324
|
test 'response should return success status' do
|
@@ -254,26 +330,6 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
254
330
|
assert_equal 302, response.status
|
255
331
|
end
|
256
332
|
|
257
|
-
test 'reset_password_token should be valid only one first time' do
|
258
|
-
get :edit, params: {
|
259
|
-
reset_password_token: @mail_reset_token,
|
260
|
-
redirect_url: @mail_redirect_url
|
261
|
-
}
|
262
|
-
|
263
|
-
@resource.reload
|
264
|
-
assert_equal @mail_reset_token, @resource.reset_password_token
|
265
|
-
|
266
|
-
assert_raises(ActionController::RoutingError) {
|
267
|
-
get :edit, params: {
|
268
|
-
reset_password_token: @mail_reset_token,
|
269
|
-
redirect_url: @mail_redirect_url
|
270
|
-
}
|
271
|
-
}
|
272
|
-
|
273
|
-
@resource.reload
|
274
|
-
assert_equal @mail_reset_token, @resource.reset_password_token
|
275
|
-
end
|
276
|
-
|
277
333
|
test 'reset_password_sent_at should be valid' do
|
278
334
|
assert_equal @resource.reset_password_period_valid?, true
|
279
335
|
|
@@ -283,7 +339,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
283
339
|
}
|
284
340
|
|
285
341
|
@resource.reload
|
286
|
-
assert_equal @mail_reset_token, @resource.reset_password_token
|
342
|
+
assert_equal Devise.token_generator.digest(self, :reset_password_token, @mail_reset_token), @resource.reset_password_token
|
287
343
|
end
|
288
344
|
|
289
345
|
test 'reset_password_sent_at should be expired' do
|
@@ -354,8 +410,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
354
410
|
|
355
411
|
describe 'Using redirect_whitelist' do
|
356
412
|
before do
|
357
|
-
@
|
358
|
-
@good_redirect_url = Faker::Internet.url
|
413
|
+
@good_redirect_url = @redirect_url
|
359
414
|
@bad_redirect_url = Faker::Internet.url
|
360
415
|
DeviseTokenAuth.redirect_whitelist = [@good_redirect_url]
|
361
416
|
end
|
@@ -364,31 +419,65 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
364
419
|
DeviseTokenAuth.redirect_whitelist = nil
|
365
420
|
end
|
366
421
|
|
367
|
-
|
368
|
-
|
369
|
-
|
370
|
-
|
422
|
+
describe 'for create' do
|
423
|
+
test 'request to whitelisted redirect should be successful' do
|
424
|
+
post :create,
|
425
|
+
params: { email: @resource.email,
|
426
|
+
redirect_url: @good_redirect_url }
|
371
427
|
|
372
|
-
|
373
|
-
|
428
|
+
assert_equal 200, response.status
|
429
|
+
end
|
374
430
|
|
375
|
-
|
376
|
-
|
377
|
-
|
378
|
-
|
431
|
+
test 'request to non-whitelisted redirect should fail' do
|
432
|
+
post :create,
|
433
|
+
params: { email: @resource.email,
|
434
|
+
redirect_url: @bad_redirect_url }
|
435
|
+
|
436
|
+
assert_equal 422, response.status
|
437
|
+
end
|
438
|
+
|
439
|
+
test 'request to non-whitelisted redirect should return error message' do
|
440
|
+
post :create,
|
441
|
+
params: { email: @resource.email,
|
442
|
+
redirect_url: @bad_redirect_url }
|
379
443
|
|
380
|
-
|
444
|
+
@data = JSON.parse(response.body)
|
445
|
+
assert @data['errors']
|
446
|
+
assert_equal @data['errors'],
|
447
|
+
[I18n.t('devise_token_auth.passwords.not_allowed_redirect_url',
|
448
|
+
redirect_url: @bad_redirect_url)]
|
449
|
+
end
|
381
450
|
end
|
382
|
-
test 'request to non-whitelisted redirect should return error message' do
|
383
|
-
post :create,
|
384
|
-
params: { email: @resource.email,
|
385
|
-
redirect_url: @bad_redirect_url }
|
386
451
|
|
387
|
-
|
388
|
-
|
389
|
-
|
390
|
-
|
391
|
-
|
452
|
+
describe 'for edit' do
|
453
|
+
before do
|
454
|
+
@auth_headers = @resource.create_new_auth_token
|
455
|
+
@new_password = Faker::Internet.password
|
456
|
+
|
457
|
+
get_reset_token
|
458
|
+
end
|
459
|
+
|
460
|
+
test 'request to whitelisted redirect should be successful' do
|
461
|
+
get :edit, params: { reset_password_token: @mail_reset_token, redirect_url: @good_redirect_url }
|
462
|
+
|
463
|
+
assert_equal 302, response.status
|
464
|
+
end
|
465
|
+
|
466
|
+
test 'request to non-whitelisted redirect should fail' do
|
467
|
+
get :edit, params: { reset_password_token: @mail_reset_token, redirect_url: @bad_redirect_url }
|
468
|
+
|
469
|
+
assert_equal 422, response.status
|
470
|
+
end
|
471
|
+
|
472
|
+
test 'request to non-whitelisted redirect should return error message' do
|
473
|
+
get :edit, params: { reset_password_token: @mail_reset_token, redirect_url: @bad_redirect_url }
|
474
|
+
|
475
|
+
@data = JSON.parse(response.body)
|
476
|
+
assert @data['errors']
|
477
|
+
assert_equal @data['errors'],
|
478
|
+
[I18n.t('devise_token_auth.passwords.not_allowed_redirect_url',
|
479
|
+
redirect_url: @bad_redirect_url)]
|
480
|
+
end
|
392
481
|
end
|
393
482
|
end
|
394
483
|
|
@@ -403,6 +492,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
403
492
|
|
404
493
|
describe 'success' do
|
405
494
|
before do
|
495
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
406
496
|
@auth_headers = @resource.create_new_auth_token
|
407
497
|
request.headers.merge!(@auth_headers)
|
408
498
|
@new_password = Faker::Internet.password
|
@@ -467,6 +557,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
467
557
|
|
468
558
|
describe 'current password mismatch error' do
|
469
559
|
before do
|
560
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
470
561
|
@auth_headers = @resource.create_new_auth_token
|
471
562
|
request.headers.merge!(@auth_headers)
|
472
563
|
@new_password = Faker::Internet.password
|
@@ -483,7 +574,35 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
483
574
|
end
|
484
575
|
|
485
576
|
describe 'change password' do
|
486
|
-
describe '
|
577
|
+
describe 'using reset token' do
|
578
|
+
before do
|
579
|
+
DeviseTokenAuth.require_client_password_reset_token = true
|
580
|
+
@redirect_url = 'http://client-app.dev'
|
581
|
+
get_reset_token
|
582
|
+
edit_url = CGI.unescape(@mail.body.match(/href=\"(.+)\"/)[1])
|
583
|
+
query_parts = Rack::Utils.parse_nested_query(URI.parse(edit_url).query)
|
584
|
+
get :edit, params: query_parts
|
585
|
+
end
|
586
|
+
|
587
|
+
test 'request should be redirect' do
|
588
|
+
assert_equal 302, response.status
|
589
|
+
end
|
590
|
+
|
591
|
+
test 'request should redirect to correct redirect url' do
|
592
|
+
host = URI.parse(response.location).host
|
593
|
+
query_parts = Rack::Utils.parse_nested_query(URI.parse(response.location).query)
|
594
|
+
|
595
|
+
assert_equal 'client-app.dev', host
|
596
|
+
assert_equal @mail_reset_token, query_parts['reset_password_token']
|
597
|
+
assert_equal 1, query_parts.keys.size
|
598
|
+
end
|
599
|
+
|
600
|
+
teardown do
|
601
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
602
|
+
end
|
603
|
+
end
|
604
|
+
|
605
|
+
describe 'with valid headers' do
|
487
606
|
before do
|
488
607
|
@auth_headers = @resource.create_new_auth_token
|
489
608
|
request.headers.merge!(@auth_headers)
|
@@ -509,6 +628,10 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
509
628
|
test 'new password should authenticate user' do
|
510
629
|
assert @resource.valid_password?(@new_password)
|
511
630
|
end
|
631
|
+
|
632
|
+
test 'reset_password_token should be removed' do
|
633
|
+
assert_nil @resource.reset_password_token
|
634
|
+
end
|
512
635
|
end
|
513
636
|
|
514
637
|
describe 'password mismatch error' do
|
@@ -526,19 +649,93 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
526
649
|
end
|
527
650
|
end
|
528
651
|
|
529
|
-
describe '
|
652
|
+
describe 'without valid headers' do
|
530
653
|
before do
|
531
|
-
@
|
532
|
-
|
654
|
+
@resource.create_new_auth_token
|
655
|
+
new_password = Faker::Internet.password
|
533
656
|
|
534
|
-
put :update, params: { password:
|
535
|
-
password_confirmation:
|
657
|
+
put :update, params: { password: new_password,
|
658
|
+
password_confirmation: new_password }
|
536
659
|
end
|
537
660
|
|
538
661
|
test 'response should fail' do
|
539
662
|
assert_equal 401, response.status
|
540
663
|
end
|
541
664
|
end
|
665
|
+
|
666
|
+
describe 'with valid reset password token' do
|
667
|
+
before do
|
668
|
+
reset_password_token = @resource.send_reset_password_instructions
|
669
|
+
@new_password = Faker::Internet.password
|
670
|
+
@params = { password: @new_password,
|
671
|
+
password_confirmation: @new_password,
|
672
|
+
reset_password_token: reset_password_token }
|
673
|
+
end
|
674
|
+
|
675
|
+
describe 'with require_client_password_reset_token disabled' do
|
676
|
+
before do
|
677
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
678
|
+
put :update, params: @params
|
679
|
+
|
680
|
+
@data = JSON.parse(response.body)
|
681
|
+
@resource.reload
|
682
|
+
end
|
683
|
+
|
684
|
+
test 'request should be not be successful' do
|
685
|
+
assert_equal 401, response.status
|
686
|
+
end
|
687
|
+
end
|
688
|
+
|
689
|
+
describe 'with require_client_password_reset_token enabled' do
|
690
|
+
before do
|
691
|
+
DeviseTokenAuth.require_client_password_reset_token = true
|
692
|
+
put :update, params: @params
|
693
|
+
|
694
|
+
@data = JSON.parse(response.body)
|
695
|
+
@resource.reload
|
696
|
+
end
|
697
|
+
|
698
|
+
test 'request should be successful' do
|
699
|
+
assert_equal 200, response.status
|
700
|
+
end
|
701
|
+
|
702
|
+
test 'request should return success message' do
|
703
|
+
assert @data['message']
|
704
|
+
assert_equal @data['message'],
|
705
|
+
I18n.t('devise_token_auth.passwords.successfully_updated')
|
706
|
+
end
|
707
|
+
|
708
|
+
test 'new password should authenticate user' do
|
709
|
+
assert @resource.valid_password?(@new_password)
|
710
|
+
end
|
711
|
+
|
712
|
+
teardown do
|
713
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
714
|
+
end
|
715
|
+
end
|
716
|
+
end
|
717
|
+
|
718
|
+
describe 'with invalid reset password token' do
|
719
|
+
before do
|
720
|
+
DeviseTokenAuth.require_client_password_reset_token = true
|
721
|
+
@resource.update reset_password_token: 'koskoskoskos'
|
722
|
+
put :update, params: @params
|
723
|
+
@data = JSON.parse(response.body)
|
724
|
+
@resource.reload
|
725
|
+
end
|
726
|
+
|
727
|
+
test 'request should fail' do
|
728
|
+
assert_equal 401, response.status
|
729
|
+
end
|
730
|
+
|
731
|
+
test 'new password should not authenticate user' do
|
732
|
+
assert !@resource.valid_password?(@new_password)
|
733
|
+
end
|
734
|
+
|
735
|
+
teardown do
|
736
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
737
|
+
end
|
738
|
+
end
|
542
739
|
end
|
543
740
|
end
|
544
741
|
|
@@ -554,16 +751,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
554
751
|
before do
|
555
752
|
@resource = create(:mang_user, :confirmed)
|
556
753
|
@redirect_url = 'http://ng-token-auth.dev'
|
557
|
-
|
558
|
-
post :create, params: { email: @resource.email,
|
559
|
-
redirect_url: @redirect_url }
|
560
|
-
|
561
|
-
@mail = ActionMailer::Base.deliveries.last
|
562
|
-
@resource.reload
|
563
|
-
|
564
|
-
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
565
|
-
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
566
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
754
|
+
get_reset_token
|
567
755
|
end
|
568
756
|
|
569
757
|
test 'response should return success status' do
|
@@ -582,15 +770,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
582
770
|
@resource = create(:user)
|
583
771
|
@redirect_url = 'http://ng-token-auth.dev'
|
584
772
|
|
585
|
-
|
586
|
-
redirect_url: @redirect_url }
|
587
|
-
|
588
|
-
@mail = ActionMailer::Base.deliveries.last
|
589
|
-
@resource.reload
|
590
|
-
|
591
|
-
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
592
|
-
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
593
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
773
|
+
get_reset_token
|
594
774
|
|
595
775
|
get :edit, params: { reset_password_token: @mail_reset_token,
|
596
776
|
redirect_url: @mail_redirect_url }
|
@@ -610,17 +790,8 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
610
790
|
|
611
791
|
before do
|
612
792
|
@resource = unconfirmable_users(:user)
|
613
|
-
@redirect_url = 'http://ng-token-auth.dev'
|
614
793
|
|
615
|
-
|
616
|
-
redirect_url: @redirect_url }
|
617
|
-
|
618
|
-
@mail = ActionMailer::Base.deliveries.last
|
619
|
-
@resource.reload
|
620
|
-
|
621
|
-
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
622
|
-
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
623
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
794
|
+
get_reset_token
|
624
795
|
|
625
796
|
get :edit, params: { reset_password_token: @mail_reset_token,
|
626
797
|
redirect_url: @mail_redirect_url }
|
@@ -635,21 +806,27 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
635
806
|
@redirect_url = 'http://ng-token-auth.dev'
|
636
807
|
@config_name = 'altUser'
|
637
808
|
|
638
|
-
|
809
|
+
params = { email: @resource.email,
|
639
810
|
redirect_url: @redirect_url,
|
640
811
|
config_name: @config_name }
|
641
|
-
|
642
|
-
@mail = ActionMailer::Base.deliveries.last
|
643
|
-
@resource.reload
|
644
|
-
|
645
|
-
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
646
|
-
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
647
|
-
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
812
|
+
get_reset_token params
|
648
813
|
end
|
649
814
|
|
650
815
|
test 'config_name param is included in the confirmation email link' do
|
651
816
|
assert_equal @config_name, @mail_config_name
|
652
817
|
end
|
653
818
|
end
|
819
|
+
|
820
|
+
def get_reset_token(params = nil)
|
821
|
+
params ||= { email: @resource.email, redirect_url: @redirect_url }
|
822
|
+
post :create, params: params
|
823
|
+
|
824
|
+
@mail = ActionMailer::Base.deliveries.last
|
825
|
+
@resource.reload
|
826
|
+
|
827
|
+
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
828
|
+
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
|
829
|
+
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
|
830
|
+
end
|
654
831
|
end
|
655
832
|
end
|