devise_token_auth 1.0.0 → 1.2.2

data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+DeviseTokenAuth.setup do |config|
+  # By default the authorization headers will change after each request. The
+  # client is responsible for keeping track of the changing tokens. Change
+  # this to false to prevent the Authorization header from changing after
+  # each request.
+  # config.change_headers_on_each_request = true
+
+  # By default, users will need to re-authenticate after 2 weeks. This setting
+  # determines how long tokens will remain valid after they are issued.
+  # config.token_lifespan = 2.weeks
+
+  # Limiting the token_cost to just 4 in testing will increase the performance of
+  # your test suite dramatically. The possible cost value is within range from 4
+  # to 31. It is recommended to not use a value more than 10 in other environments.
+  config.token_cost = Rails.env.test? ? 4 : 10
+
+  # Sets the max number of concurrent devices per user, which is 10 by default.
+  # After this limit is reached, the oldest tokens will be removed.
+  # config.max_number_of_devices = 10
+
+  # Sometimes it's necessary to make several requests to the API at the same
+  # time. In this case, each request in the batch will need to share the same
+  # auth token. This setting determines how far apart the requests can be while
+  # still using the same auth token.
+  # config.batch_request_buffer_throttle = 5.seconds
+
+  # This route will be the prefix for all oauth2 redirect callbacks. For
+  # example, using the default '/omniauth', the github oauth2 provider will
+  # redirect successful authentications to '/omniauth/github/callback'
+  # config.omniauth_prefix = "/omniauth"
+
+  # By default sending current password is not needed for the password update.
+  # Uncomment to enforce current_password param to be checked before all
+  # attribute updates. Set it to :password if you want it to be checked only if
+  # password is updated.
+  # config.check_current_password_before_update = :attributes
+
+  # By default we will use callbacks for single omniauth.
+  # It depends on fields like email, provider and uid.
+  # config.default_callbacks = true
+
+  # Makes it possible to change the headers names
+  # config.headers_names = {
+  #   :'authorization' => 'Authorization',
+  #   :'access-token' => 'access-token',
+  #   :'client' => 'client',
+  #   :'expiry' => 'expiry',
+  #   :'uid' => 'uid',
+  #   :'token-type' => 'token-type'
+  # }
+
+  # Makes it possible to use custom uid column
+  # config.other_uid = "foo"
+
+  # By default, only Bearer Token authentication is implemented out of the box.
+  # If, however, you wish to integrate with legacy Devise authentication, you can
+  # do so by enabling this flag. NOTE: This feature is highly experimental!
+  # config.enable_standard_devise_support = false
+
+  # By default DeviseTokenAuth will not send confirmation email, even when including
+  # devise confirmable module. If you want to use devise confirmable module and
+  # send email, set it to true. (This is a setting for compatibility)
+  # config.send_confirmation_email = true
+end

data/test/dummy/tmp/generators/db/migrate/20230415183419_devise_token_auth_create_users.rb

@@ -0,0 +1,49 @@
+class DeviseTokenAuthCreateUsers < ActiveRecord::Migration[7.0]
+  def change
+    
+    create_table(:users, id: :uuid) do |t|
+      ## Required
+      t.string :provider, :null => false, :default => "email"
+      t.string :uid, :null => false, :default => ""
+
+      ## Database authenticatable
+      t.string :encrypted_password, :null => false, :default => ""
+
+      ## Recoverable
+      t.string   :reset_password_token
+      t.datetime :reset_password_sent_at
+      t.boolean  :allow_password_change, :default => false
+
+      ## Rememberable
+      t.datetime :remember_created_at
+
+      ## Confirmable
+      t.string   :confirmation_token
+      t.datetime :confirmed_at
+      t.datetime :confirmation_sent_at
+      t.string   :unconfirmed_email # Only if using reconfirmable
+
+      ## Lockable
+      # t.integer  :failed_attempts, :default => 0, :null => false # Only if lock strategy is :failed_attempts
+      # t.string   :unlock_token # Only if unlock strategy is :email or :both
+      # t.datetime :locked_at
+
+      ## User Info
+      t.string :name
+      t.string :nickname
+      t.string :image
+      t.string :email
+
+      ## Tokens
+      t.text :tokens
+
+      t.timestamps
+    end
+
+    add_index :users, :email,                unique: true
+    add_index :users, [:uid, :provider],     unique: true
+    add_index :users, :reset_password_token, unique: true
+    add_index :users, :confirmation_token,   unique: true
+    # add_index :users, :unlock_token,         unique: true
+  end
+end

data/test/factories/users.rb

@@ -1,6 +1,6 @@
 FactoryBot.define do
   factory :user do
-    email { Faker::Internet.safe_email }
+    email { Faker::Internet.unique.safe_email }
     password { Faker::Internet.password }
     provider { 'email' }
 
@@ -24,7 +24,7 @@ FactoryBot.define do
     end
 
     trait :facebook do
-      uid { Faker::Number.number(10) }
+      uid { Faker::Number.number }
       provider { 'facebook' }
     end
 
@@ -36,5 +36,6 @@ FactoryBot.define do
     factory :mang_user, class: 'Mang'
     factory :only_email_user, class: 'OnlyEmailUser'
     factory :scoped_user, class: 'ScopedUser'
+    factory :confirmable_user, class: 'ConfirmableUser'
   end
 end

data/test/lib/devise_token_auth/blacklist_test.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class DeviseTokenAuth::BlacklistTest < ActiveSupport::TestCase
+  if defined? Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION
+    describe Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION do
+      test 'should include :tokens' do
+        assert Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION.include?(:tokens)
+      end
+    end
+  else
+    describe Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION do
+      test 'should include :tokens' do
+        assert Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION.include?(:tokens)
+      end
+    end
+  end
+end

data/test/lib/devise_token_auth/rails/custom_routes_test.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class DeviseTokenAuth::CustomRoutesTest < ActiveSupport::TestCase
+  after do
+    Rails.application.reload_routes!
+  end
+  test 'custom controllers' do
+    class ActionDispatch::Routing::Mapper
+        include Mocha::ParameterMatchers
+    end
+    Rails.application.routes.draw do
+      self.expects(:devise_for).with(
+        :users,
+        has_entries(
+          controllers: has_entries(
+            invitations: "custom/invitations", foo: "custom/foo"
+          )
+        )
+      )
+
+      mount_devise_token_auth_for 'User', at: 'my_custom_users', controllers: {
+        invitations: 'custom/invitations',
+        foo: 'custom/foo'
+      }
+    end
+  end
+end

data/test/lib/devise_token_auth/rails/routes_test.rb

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+# Needed for MiniTest to start a controller test so we can use assert_recognizes
+class DeviseTokenAuth::RoutesTestController < DeviseTokenAuth::ApplicationController
+end
+
+class DeviseTokenAuth::RoutesTest < ActionController::TestCase
+  self.controller_class = DeviseTokenAuth::RoutesTestController
+  before do
+    Rails.application.routes.draw do
+      mount_devise_token_auth_for 'User', at: 'my_custom_users', controllers: {
+        invitations: 'custom/invitations',
+        foo: 'custom/foo'
+      }
+    end
+  end
+
+  after do
+    Rails.application.reload_routes!
+  end
+
+  test 'map new user session' do
+    assert_recognizes({controller: 'devise_token_auth/sessions', action: 'new'}, {path: 'my_custom_users/sign_in', method: :get})
+  end
+
+  test 'map create user session' do
+    assert_recognizes({controller: 'devise_token_auth/sessions', action: 'create'}, {path: 'my_custom_users/sign_in', method: :post})
+  end
+
+  test 'map destroy user session' do
+    assert_recognizes({controller: 'devise_token_auth/sessions', action: 'destroy'}, {path: 'my_custom_users/sign_out', method: :delete})
+  end
+
+  test 'map new user confirmation' do
+    assert_recognizes({controller: 'devise_token_auth/confirmations', action: 'new'}, 'my_custom_users/confirmation/new')
+  end
+
+  test 'map create user confirmation' do
+    assert_recognizes({controller: 'devise_token_auth/confirmations', action: 'create'}, {path: 'my_custom_users/confirmation', method: :post})
+  end
+
+  test 'map show user confirmation' do
+    assert_recognizes({controller: 'devise_token_auth/confirmations', action: 'show'}, {path: 'my_custom_users/confirmation', method: :get})
+  end
+
+  test 'map new user password' do
+    assert_recognizes({controller: 'devise_token_auth/passwords', action: 'new'}, 'my_custom_users/password/new')
+  end
+
+  test 'map create user password' do
+    assert_recognizes({controller: 'devise_token_auth/passwords', action: 'create'}, {path: 'my_custom_users/password', method: :post})
+  end
+
+  test 'map edit user password' do
+    assert_recognizes({controller: 'devise_token_auth/passwords', action: 'edit'}, 'my_custom_users/password/edit')
+  end
+
+  test 'map update user password' do
+    assert_recognizes({controller: 'devise_token_auth/passwords', action: 'update'}, {path: 'my_custom_users/password', method: :put})
+  end
+
+  test 'map new user registration' do
+    assert_recognizes({controller: 'devise_token_auth/registrations', action: 'new'}, 'my_custom_users/sign_up')
+  end
+
+  test 'map create user registration' do
+    assert_recognizes({controller: 'devise_token_auth/registrations', action: 'create'}, {path: 'my_custom_users', method: :post})
+  end
+
+  test 'map edit user registration' do
+    assert_recognizes({controller: 'devise_token_auth/registrations', action: 'edit'}, {path: 'my_custom_users/edit', method: :get})
+  end
+
+  test 'map update user registration' do
+    assert_recognizes({controller: 'devise_token_auth/registrations', action: 'update'}, {path: 'my_custom_users', method: :put})
+  end
+
+  test 'map destroy user registration' do
+    assert_recognizes({controller: 'devise_token_auth/registrations', action: 'destroy'}, {path: 'my_custom_users', method: :delete})
+  end
+
+  test 'map cancel user registration' do
+    assert_recognizes({controller: 'devise_token_auth/registrations', action: 'cancel'}, {path: 'my_custom_users/cancel', method: :get})
+  end
+end

data/test/lib/devise_token_auth/token_factory_test.rb

@@ -0,0 +1,191 @@
+require 'test_helper'
+
+class DeviseTokenAuth::TokenFactoryTest < ActiveSupport::TestCase
+  describe 'TokenFactory module' do
+    let(:tf) { DeviseTokenAuth::TokenFactory }
+    let(:token_regexp) { /^[-_A-Za-z0-9]{22}$/ }
+
+    it 'should be defined' do
+      assert_equal(tf.present?, true)
+      assert_kind_of(Module, tf)
+    end
+
+    describe 'interface' do
+      let(:token_hash_cost_regexp) { /\$[\w]+\$([\d]+)\$/ }
+      let(:lifespan) { 10 }
+      let(:cost) { DeviseTokenAuth.token_cost }
+
+      it '::secure_string' do
+        assert_respond_to(tf, :secure_string)
+
+        secure_string = tf.secure_string
+        assert_equal(secure_string.size, 22)
+        assert_match(token_regexp, secure_string)
+
+        SecureRandom.stub(:urlsafe_base64, secure_string) do
+          assert_equal(tf.secure_string, secure_string)
+        end
+      end
+
+      it '::client' do
+        assert_respond_to(tf, :client)
+
+        client = tf.client
+        assert_equal(client.size, 22)
+        assert_match(token_regexp, client)
+
+        secure_string = tf.secure_string
+        tf.stub(:secure_string, secure_string) do
+          assert_equal(tf.client, secure_string)
+        end
+      end
+
+      it '::token' do
+        assert_respond_to(tf, :token)
+
+        token = tf.token
+        assert_kind_of(String, token)
+        assert_equal(token.size, 22)
+        assert_match(token_regexp, token)
+
+        secure_string = tf.secure_string
+        tf.stub(:secure_string, secure_string) do
+          assert_equal(tf.token, secure_string)
+        end
+      end
+
+      it '::token_hash(args)' do
+        assert_respond_to(tf, :token_hash)
+
+        token_hash = tf.token_hash(tf.token)
+        assert_equal(token_hash.size, 60)
+        assert_kind_of(String, token_hash)
+
+        token_cost = token_hash_cost_regexp.match(token_hash)[1].to_i
+        assert_equal(token_cost, cost)
+
+        cost = DeviseTokenAuth.token_cost == 4 ? 10 : 4
+        token_hash = tf.token_hash(tf.token, cost)
+        token_cost = token_hash_cost_regexp.match(token_hash)[1].to_i
+        assert_equal(token_cost, cost)
+
+        cost = nil
+        token_hash = tf.token_hash(tf.token, cost)
+        token_cost = token_hash_cost_regexp.match(token_hash)[1].to_i
+        assert_equal(token_cost, DeviseTokenAuth.token_cost)
+      end
+
+      it '::expiry' do
+        assert_respond_to(tf, :expiry)
+
+        assert_kind_of(Integer, tf.expiry)
+        assert tf.expiry > Time.now.to_i
+      end
+
+      it '::expiry(args)' do
+        time = Time.now
+        Time.stub(:now, time) do
+          assert_equal(tf.expiry(lifespan), (time + lifespan).to_i)
+
+          lifespan = nil
+          assert_equal(tf.expiry(lifespan), (time + DeviseTokenAuth.token_lifespan).to_i)
+        end
+      end
+
+      it '::create' do
+        assert_respond_to(tf, :create)
+
+        token = tf.create
+        assert token
+        token.members.each { |m| refute_nil token[m] }
+      end
+
+      it '::create(args)' do
+        client = tf.client
+        token = tf.create(client: client)
+        assert_equal(token.client, client)
+
+        time = Time.now
+        Time.stub(:now, time) do
+          token = tf.create(lifespan: lifespan)
+          assert_equal(token.expiry, (time + lifespan).to_i)
+        end
+
+        token = tf.create(cost: cost)
+        token_cost = token_hash_cost_regexp.match(token.token_hash)[1].to_i
+        assert_equal(token_cost, cost)
+      end
+
+      it '::new' do
+        assert_respond_to(tf, :new)
+
+        token = tf.new
+        token.each { |v| assert_nil v }
+      end
+
+      it '::valid_token_hash?' do
+        assert_respond_to(tf, :valid_token_hash?)
+
+        refute tf.valid_token_hash?('koskoskos')
+        assert tf.valid_token_hash?(tf.create.token_hash)
+      end
+
+      it '::token_hash_is_token?' do
+        assert_respond_to(tf, :token_hash_is_token?)
+
+        token = tf.create
+        refute tf.token_hash_is_token?(token.token_hash, 'koskoskos')
+        refute tf.token_hash_is_token?('koskoskos', token.token)
+        assert tf.token_hash_is_token?(token.token_hash, token.token)
+      end
+    end
+
+    describe 'token object implements' do
+      let(:object) { tf.create }
+
+      it '#client' do
+        assert_respond_to(object, :client)
+
+        assert_kind_of(String, object.client)
+        assert_equal(object.client.size, 22)
+        assert_match(token_regexp, object.client)
+      end
+
+      it '#token' do
+        assert_respond_to(object, :token)
+
+        assert_kind_of(String, object.token)
+        assert_equal(object.token.size, 22)
+        assert_match(token_regexp, object.token)
+      end
+
+      it '#token_hash' do
+        assert_respond_to(object, :token_hash)
+
+        assert_kind_of(String, object.token_hash)
+        assert_equal(object.token_hash.size, 60)
+      end
+
+      it '#expiry' do
+        assert_respond_to(object, :expiry)
+        assert_kind_of(Integer, object.expiry)
+      end
+
+      it '#clear!' do
+        assert_respond_to(object, :clear!)
+
+        assert object.clear!
+        object.each { |v| assert_nil v }
+      end
+
+      it '#present?' do
+        assert_respond_to(object, :present?)
+
+        assert object.present?
+
+        object.token = nil
+        refute object.present?
+      end
+    end
+  end
+end

data/test/lib/devise_token_auth/url_test.rb

@@ -4,10 +4,10 @@ require 'test_helper'
 
 class DeviseTokenAuth::UrlTest < ActiveSupport::TestCase
   describe 'DeviseTokenAuth::Url#generate' do
-    test 'URI fragment should appear at the end of URL' do
+    test 'URI fragment should appear at the end of URL with repeat of query params' do
       params = { client_id: 123 }
       url = 'http://example.com#fragment'
-      assert_equal DeviseTokenAuth::Url.send(:generate, url, params), 'http://example.com?client_id=123#fragment'
+      assert_equal DeviseTokenAuth::Url.send(:generate, url, params), 'http://example.com?client_id=123#fragment?client_id=123'
     end
 
     describe 'with existing query params' do

data/test/lib/generators/devise_token_auth/install_generator_test.rb

@@ -2,11 +2,13 @@
 
 require 'test_helper'
 require 'fileutils'
-require 'generators/devise_token_auth/install_generator'
+require 'generators/devise_token_auth/install_generator' if DEVISE_TOKEN_AUTH_ORM == :active_record
+require 'generators/devise_token_auth/install_mongoid_generator' if DEVISE_TOKEN_AUTH_ORM == :mongoid
 
 module DeviseTokenAuth
   class InstallGeneratorTest < Rails::Generators::TestCase
-    tests InstallGenerator
+    tests InstallGenerator        if DEVISE_TOKEN_AUTH_ORM == :active_record
+    tests InstallMongoidGenerator if DEVISE_TOKEN_AUTH_ORM == :mongoid
     destination Rails.root.join('tmp/generators')
 
     describe 'default values, clean install' do
@@ -26,28 +28,30 @@ module DeviseTokenAuth
         assert_file 'config/initializers/devise_token_auth.rb'
       end
 
-      test 'migration is created' do
-        assert_migration 'db/migrate/devise_token_auth_create_users.rb'
+      test 'subsequent runs raise no errors' do
+        run_generator
       end
 
-      test 'migration file contains rails version' do
-        if Rails::VERSION::MAJOR >= 5
-          assert_migration 'db/migrate/devise_token_auth_create_users.rb', /#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}/
-        else
+      if DEVISE_TOKEN_AUTH_ORM == :active_record
+        test 'migration is created' do
           assert_migration 'db/migrate/devise_token_auth_create_users.rb'
         end
-      end
 
-      test 'subsequent runs raise no errors' do
-        run_generator
-      end
+        test 'migration file contains rails version' do
+          if Rails::VERSION::MAJOR >= 5
+            assert_migration 'db/migrate/devise_token_auth_create_users.rb', /#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}/
+          else
+            assert_migration 'db/migrate/devise_token_auth_create_users.rb'
+          end
+        end
 
-      test 'add primary key type with rails 5 when specified in rails generator' do
-        run_generator %w[--primary_key_type=uuid --force]
-        if Rails::VERSION::MAJOR >= 5
-          assert_migration 'db/migrate/devise_token_auth_create_users.rb', /create_table\(:users, id: :uuid\) do/
-        else
-          assert_migration 'db/migrate/devise_token_auth_create_users.rb', /create_table\(:users\) do/
+        test 'add primary key type with rails 5 when specified in rails generator' do
+          run_generator %w[--primary_key_type=uuid --force]
+          if Rails::VERSION::MAJOR >= 5
+            assert_migration 'db/migrate/devise_token_auth_create_users.rb', /create_table\(:users, id: :uuid\) do/
+          else
+            assert_migration 'db/migrate/devise_token_auth_create_users.rb', /create_table\(:users\) do/
+          end
         end
       end
     end
@@ -63,18 +67,32 @@ module DeviseTokenAuth
         # make dir if not exists
         FileUtils.mkdir_p(@dir)
 
-        # account for rails version 5
-        active_record_needle = (Rails::VERSION::MAJOR == 5) ? 'ApplicationRecord' : 'ActiveRecord::Base'
+        case DEVISE_TOKEN_AUTH_ORM
+        when :active_record
+          # account for rails version 5
+          active_record_needle = (Rails::VERSION::MAJOR >= 5) ? 'ApplicationRecord' : 'ActiveRecord::Base'
 
-        @f = File.open(@fname, 'w') do |f|
-          f.write <<-RUBY
-            class User < #{active_record_needle}
+          @f = File.open(@fname, 'w') do |f|
+            f.write <<-RUBY
+              class User < #{active_record_needle}
 
-              def whatever
-                puts 'whatever'
+                def whatever
+                  puts 'whatever'
+                end
               end
-            end
-          RUBY
+            RUBY
+          end
+        when :mongoid
+          @f = File.open(@fname, 'w') do |f|
+            f.write <<-'RUBY'
+              class User
+
+                def whatever
+                  puts 'whatever'
+                end
+              end
+            RUBY
+          end
         end
 
         run_generator
@@ -136,10 +154,6 @@ module DeviseTokenAuth
           run_generator %w[Mang mangs]
         end
 
-        test 'migration is created' do
-          assert_migration 'db/migrate/devise_token_auth_create_mangs.rb'
-        end
-
         test 'route method is appended to routes file' do
           assert_file 'config/routes.rb' do |routes|
             assert_match(/mount_devise_token_auth_for 'Mang', at: 'mangs'/, routes)
@@ -152,6 +166,12 @@ module DeviseTokenAuth
             assert_match(/# Define routes for Mang within this block./, routes)
           end
         end
+
+        if DEVISE_TOKEN_AUTH_ORM == :active_record
+          test 'migration is created' do
+            assert_migration 'db/migrate/devise_token_auth_create_mangs.rb'
+          end
+        end
       end
     end