devise_token_auth 1.1.0 → 1.1.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -0
- data/app/controllers/devise_token_auth/application_controller.rb +2 -2
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +28 -31
- data/app/controllers/devise_token_auth/confirmations_controller.rb +55 -7
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +34 -11
- data/app/controllers/devise_token_auth/passwords_controller.rb +32 -14
- data/app/controllers/devise_token_auth/registrations_controller.rb +6 -5
- data/app/controllers/devise_token_auth/sessions_controller.rb +5 -5
- data/app/controllers/devise_token_auth/unlocks_controller.rb +3 -3
- data/app/models/devise_token_auth/concerns/active_record_support.rb +1 -21
- data/app/models/devise_token_auth/concerns/confirmable_support.rb +28 -0
- data/app/models/devise_token_auth/concerns/tokens_serialization.rb +31 -0
- data/app/models/devise_token_auth/concerns/user.rb +43 -48
- data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +5 -2
- data/app/validators/{devise_token_auth/email_validator.rb → devise_token_auth_email_validator.rb} +2 -2
- data/config/locales/da-DK.yml +2 -0
- data/config/locales/de.yml +2 -0
- data/config/locales/en.yml +7 -0
- data/config/locales/es.yml +2 -0
- data/config/locales/fr.yml +2 -0
- data/config/locales/he.yml +2 -0
- data/config/locales/it.yml +2 -0
- data/config/locales/ja.yml +3 -1
- data/config/locales/ko.yml +51 -0
- data/config/locales/nl.yml +2 -0
- data/config/locales/pl.yml +6 -3
- data/config/locales/pt-BR.yml +2 -0
- data/config/locales/pt.yml +6 -3
- data/config/locales/ro.yml +2 -0
- data/config/locales/ru.yml +2 -0
- data/config/locales/sq.yml +2 -0
- data/config/locales/sv.yml +2 -0
- data/config/locales/uk.yml +2 -0
- data/config/locales/vi.yml +2 -0
- data/config/locales/zh-CN.yml +2 -0
- data/config/locales/zh-HK.yml +2 -0
- data/config/locales/zh-TW.yml +2 -0
- data/lib/devise_token_auth.rb +1 -0
- data/lib/devise_token_auth/controllers/helpers.rb +5 -9
- data/lib/devise_token_auth/engine.rb +7 -1
- data/lib/devise_token_auth/rails/routes.rb +16 -11
- data/lib/devise_token_auth/token_factory.rb +126 -0
- data/lib/devise_token_auth/url.rb +3 -0
- data/lib/devise_token_auth/version.rb +1 -1
- data/lib/generators/devise_token_auth/USAGE +1 -1
- data/lib/generators/devise_token_auth/install_generator.rb +4 -4
- data/lib/generators/devise_token_auth/install_mongoid_generator.rb +2 -2
- data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +10 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +1 -1
- data/lib/generators/devise_token_auth/templates/user.rb.erb +2 -2
- data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +2 -2
- data/test/controllers/demo_user_controller_test.rb +2 -2
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +43 -0
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +107 -42
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +112 -8
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +3 -3
- data/test/dummy/app/active_record/confirmable_user.rb +11 -0
- data/test/dummy/app/controllers/overrides/confirmations_controller.rb +3 -3
- data/test/dummy/app/controllers/overrides/passwords_controller.rb +3 -3
- data/test/dummy/app/controllers/overrides/registrations_controller.rb +1 -1
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +1 -1
- data/test/dummy/app/mongoid/confirmable_user.rb +52 -0
- data/test/dummy/app/views/layouts/application.html.erb +0 -2
- data/test/dummy/config/application.rb +0 -1
- data/test/dummy/config/environments/development.rb +0 -10
- data/test/dummy/config/environments/production.rb +0 -16
- data/test/dummy/config/initializers/devise.rb +275 -2
- data/test/dummy/config/initializers/devise_token_auth.rb +35 -4
- data/test/dummy/config/initializers/figaro.rb +1 -1
- data/test/dummy/config/initializers/omniauth.rb +1 -0
- data/test/dummy/config/routes.rb +2 -0
- data/test/dummy/db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb +49 -0
- data/test/dummy/db/schema.rb +26 -1
- data/test/dummy/tmp/generators/app/models/azpire/v1/human_resource/user.rb +2 -2
- data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +10 -0
- data/test/dummy/tmp/generators/db/migrate/{20190112150327_devise_token_auth_create_azpire_v1_human_resource_users.rb → 20210126004321_devise_token_auth_create_azpire_v1_human_resource_users.rb} +1 -8
- data/test/factories/users.rb +3 -2
- data/test/lib/devise_token_auth/rails/custom_routes_test.rb +29 -0
- data/test/lib/devise_token_auth/rails/routes_test.rb +87 -0
- data/test/lib/devise_token_auth/token_factory_test.rb +191 -0
- data/test/lib/devise_token_auth/url_test.rb +2 -2
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +1 -1
- data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +1 -1
- data/test/models/concerns/tokens_serialization_test.rb +104 -0
- data/test/models/confirmable_user_test.rb +35 -0
- data/test/models/user_test.rb +0 -32
- data/test/test_helper.rb +1 -1
- metadata +46 -17
- data/test/dummy/config/initializers/assets.rb +0 -10
- data/test/dummy/tmp/generators/config/routes.rb +0 -4
@@ -11,6 +11,9 @@ module DeviseTokenAuth::Url
|
|
11
11
|
query = [uri.query, params.to_query].reject(&:blank?).join('&')
|
12
12
|
res += "?#{query}"
|
13
13
|
res += "##{uri.fragment}" if uri.fragment
|
14
|
+
# repeat any query params after the fragment to deal with Angular eating any pre fragment query params, used
|
15
|
+
# in the reset password redirect url
|
16
|
+
res += "?#{query}" if uri.fragment
|
14
17
|
|
15
18
|
res
|
16
19
|
end
|
@@ -8,7 +8,7 @@ Arguments:
|
|
8
8
|
# 'User'
|
9
9
|
MOUNT_PATH # The path at which to mount the authentication routes. Default is
|
10
10
|
# 'auth'. More detail documentation is here:
|
11
|
-
# https://
|
11
|
+
# https://devise-token-auth.gitbook.io/devise-token-auth/usage
|
12
12
|
|
13
13
|
Example:
|
14
14
|
rails generate devise_token_auth:install User auth
|
@@ -26,7 +26,7 @@ module DeviseTokenAuth
|
|
26
26
|
inclusion = 'include DeviseTokenAuth::Concerns::User'
|
27
27
|
unless parse_file_for_line(fname, inclusion)
|
28
28
|
|
29
|
-
active_record_needle = (Rails::VERSION::MAJOR
|
29
|
+
active_record_needle = (Rails::VERSION::MAJOR >= 5) ? 'ApplicationRecord' : 'ActiveRecord::Base'
|
30
30
|
inject_into_file fname, after: "class #{user_class} < #{active_record_needle}\n" do <<-'RUBY'
|
31
31
|
# Include default devise modules.
|
32
32
|
devise :database_authenticatable, :registerable,
|
@@ -75,12 +75,12 @@ module DeviseTokenAuth
|
|
75
75
|
ActiveRecord::Base.connection.select_value('SELECT VERSION()')
|
76
76
|
end
|
77
77
|
|
78
|
-
def
|
79
|
-
Rails
|
78
|
+
def rails_5_or_newer?
|
79
|
+
Rails::VERSION::MAJOR >= 5
|
80
80
|
end
|
81
81
|
|
82
82
|
def primary_key_type
|
83
|
-
primary_key_string if
|
83
|
+
primary_key_string if rails_5_or_newer?
|
84
84
|
end
|
85
85
|
|
86
86
|
def primary_key_string
|
@@ -29,9 +29,9 @@ module DeviseTokenAuth
|
|
29
29
|
field :tokens, type: Hash, default: {}
|
30
30
|
|
31
31
|
# Include default devise modules. Others available are:
|
32
|
-
# :confirmable, :lockable, :timeoutable and :omniauthable
|
32
|
+
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
|
33
33
|
devise :database_authenticatable, :registerable,
|
34
|
-
:recoverable, :rememberable, :
|
34
|
+
:recoverable, :rememberable, :validatable
|
35
35
|
include DeviseTokenAuth::Concerns::User
|
36
36
|
|
37
37
|
index({ uid: 1, provider: 1}, { name: 'uid_provider_index', unique: true, background: true })
|
@@ -11,6 +11,11 @@ DeviseTokenAuth.setup do |config|
|
|
11
11
|
# determines how long tokens will remain valid after they are issued.
|
12
12
|
# config.token_lifespan = 2.weeks
|
13
13
|
|
14
|
+
# Limiting the token_cost to just 4 in testing will increase the performance of
|
15
|
+
# your test suite dramatically. The possible cost value is within range from 4
|
16
|
+
# to 31. It is recommended to not use a value more than 10 in other environments.
|
17
|
+
config.token_cost = Rails.env.test? ? 4 : 10
|
18
|
+
|
14
19
|
# Sets the max number of concurrent devices per user, which is 10 by default.
|
15
20
|
# After this limit is reached, the oldest tokens will be removed.
|
16
21
|
# config.max_number_of_devices = 10
|
@@ -47,4 +52,9 @@ DeviseTokenAuth.setup do |config|
|
|
47
52
|
# If, however, you wish to integrate with legacy Devise authentication, you can
|
48
53
|
# do so by enabling this flag. NOTE: This feature is highly experimental!
|
49
54
|
# config.enable_standard_devise_support = false
|
55
|
+
|
56
|
+
# By default DeviseTokenAuth will not send confirmation email, even when including
|
57
|
+
# devise confirmable module. If you want to use devise confirmable module and
|
58
|
+
# send email, set it to true. (This is a setting for compatibility)
|
59
|
+
# config.send_confirmation_email = true
|
50
60
|
end
|
@@ -44,6 +44,6 @@ class DeviseTokenAuthCreate<%= user_class.pluralize.gsub("::","") %> < ActiveRec
|
|
44
44
|
add_index :<%= table_name %>, [:uid, :provider], unique: true
|
45
45
|
add_index :<%= table_name %>, :reset_password_token, unique: true
|
46
46
|
add_index :<%= table_name %>, :confirmation_token, unique: true
|
47
|
-
# add_index :<%= table_name %>, :unlock_token,
|
47
|
+
# add_index :<%= table_name %>, :unlock_token, unique: true
|
48
48
|
end
|
49
49
|
end
|
@@ -2,8 +2,8 @@
|
|
2
2
|
|
3
3
|
class <%= user_class %> < ActiveRecord::Base
|
4
4
|
# Include default devise modules. Others available are:
|
5
|
-
# :confirmable, :lockable, :timeoutable and :omniauthable
|
5
|
+
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
|
6
6
|
devise :database_authenticatable, :registerable,
|
7
|
-
:recoverable, :rememberable, :
|
7
|
+
:recoverable, :rememberable, :validatable
|
8
8
|
include DeviseTokenAuth::Concerns::User
|
9
9
|
end
|
@@ -43,9 +43,9 @@ class <%= user_class %>
|
|
43
43
|
field :tokens, type: Hash, default: {}
|
44
44
|
|
45
45
|
# Include default devise modules. Others available are:
|
46
|
-
# :confirmable, :lockable, :timeoutable and :omniauthable
|
46
|
+
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
|
47
47
|
devise :database_authenticatable, :registerable,
|
48
|
-
:recoverable, :rememberable, :
|
48
|
+
:recoverable, :rememberable, :validatable
|
49
49
|
include DeviseTokenAuth::Concerns::User
|
50
50
|
|
51
51
|
index({ email: 1 }, { name: 'email_index', unique: true, background: true })
|
@@ -321,8 +321,8 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
|
|
321
321
|
assert @resource.tokens.count > 1
|
322
322
|
|
323
323
|
# password changed from new device
|
324
|
-
@resource.
|
325
|
-
|
324
|
+
@resource.update(password: 'newsecret123',
|
325
|
+
password_confirmation: 'newsecret123')
|
326
326
|
|
327
327
|
get '/demo/members_only',
|
328
328
|
params: {},
|
@@ -53,6 +53,10 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
|
53
53
|
assert @resource.confirmed?
|
54
54
|
end
|
55
55
|
|
56
|
+
test 'should save the authentication token' do
|
57
|
+
assert @resource.reload.tokens.present?
|
58
|
+
end
|
59
|
+
|
56
60
|
test 'should redirect to success url' do
|
57
61
|
assert_redirected_to(/^#{@redirect_url}/)
|
58
62
|
end
|
@@ -86,6 +90,33 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
|
86
90
|
assert response.body.include?('account_confirmation_success')
|
87
91
|
end
|
88
92
|
end
|
93
|
+
|
94
|
+
describe 'resend confirmation' do
|
95
|
+
before do
|
96
|
+
post :create,
|
97
|
+
params: { email: @new_user.email,
|
98
|
+
redirect_url: @redirect_url },
|
99
|
+
xhr: true
|
100
|
+
@resource = assigns(:resource)
|
101
|
+
|
102
|
+
@mail = ActionMailer::Base.deliveries.last
|
103
|
+
@token, @client_config = token_and_client_config_from(@mail.body)
|
104
|
+
end
|
105
|
+
|
106
|
+
test 'user should not be confirmed' do
|
107
|
+
assert_nil @resource.confirmed_at
|
108
|
+
end
|
109
|
+
|
110
|
+
test 'should generate raw token' do
|
111
|
+
assert @token
|
112
|
+
assert_equal @new_user.confirmation_token, @token
|
113
|
+
end
|
114
|
+
|
115
|
+
test 'user should receive confirmation email' do
|
116
|
+
assert_equal @resource.email, @mail['to'].to_s
|
117
|
+
end
|
118
|
+
|
119
|
+
end
|
89
120
|
end
|
90
121
|
|
91
122
|
describe 'failure' do
|
@@ -96,6 +127,18 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
|
96
127
|
@resource = assigns(:resource)
|
97
128
|
refute @resource.confirmed?
|
98
129
|
end
|
130
|
+
|
131
|
+
test 'request resend confirmation without email' do
|
132
|
+
post :create, params: { email: nil }, xhr: true
|
133
|
+
|
134
|
+
assert_equal 401, response.status
|
135
|
+
end
|
136
|
+
|
137
|
+
test 'user should not be found on resend confirmation request' do
|
138
|
+
post :create, params: { email: 'bogus' }, xhr: true
|
139
|
+
|
140
|
+
assert_equal 404, response.status
|
141
|
+
end
|
99
142
|
end
|
100
143
|
end
|
101
144
|
|
@@ -317,60 +317,125 @@ class OmniauthTest < ActionDispatch::IntegrationTest
|
|
317
317
|
end
|
318
318
|
|
319
319
|
describe 'Using redirect_whitelist' do
|
320
|
-
before do
|
321
|
-
@user_email = 'slemp.diggler@sillybandz.gov'
|
322
|
-
OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new(
|
323
|
-
provider: 'facebook',
|
324
|
-
uid: '123545',
|
325
|
-
info: {
|
326
|
-
name: 'chong',
|
327
|
-
email: @user_email
|
328
|
-
}
|
329
|
-
)
|
330
|
-
@good_redirect_url = Faker::Internet.url
|
331
|
-
@bad_redirect_url = Faker::Internet.url
|
332
|
-
DeviseTokenAuth.redirect_whitelist = [@good_redirect_url]
|
333
|
-
end
|
334
320
|
|
335
|
-
|
336
|
-
|
337
|
-
|
321
|
+
describe "newWindow" do
|
322
|
+
before do
|
323
|
+
@user_email = 'slemp.diggler@sillybandz.gov'
|
324
|
+
OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new(
|
325
|
+
provider: 'facebook',
|
326
|
+
uid: '123545',
|
327
|
+
info: {
|
328
|
+
name: 'chong',
|
329
|
+
email: @user_email
|
330
|
+
}
|
331
|
+
)
|
332
|
+
@good_redirect_url = Faker::Internet.url
|
333
|
+
@bad_redirect_url = Faker::Internet.url
|
334
|
+
DeviseTokenAuth.redirect_whitelist = [@good_redirect_url]
|
335
|
+
end
|
338
336
|
|
339
|
-
|
340
|
-
|
341
|
-
|
342
|
-
omniauth_window_type: 'newWindow' }
|
337
|
+
teardown do
|
338
|
+
DeviseTokenAuth.redirect_whitelist = nil
|
339
|
+
end
|
343
340
|
|
344
|
-
|
341
|
+
test 'request using non-whitelisted redirect fail' do
|
342
|
+
get '/auth/facebook',
|
343
|
+
params: { auth_origin_url: @bad_redirect_url,
|
344
|
+
omniauth_window_type: 'newWindow' }
|
345
345
|
|
346
|
-
|
347
|
-
|
348
|
-
|
346
|
+
follow_all_redirects!
|
347
|
+
|
348
|
+
data = get_parsed_data_json
|
349
|
+
assert_equal "Redirect to '#{@bad_redirect_url}' not allowed.",
|
350
|
+
data['error']
|
351
|
+
end
|
352
|
+
|
353
|
+
test 'request to whitelisted redirect should succeed' do
|
354
|
+
get '/auth/facebook',
|
355
|
+
params: {
|
356
|
+
auth_origin_url: @good_redirect_url,
|
357
|
+
omniauth_window_type: 'newWindow'
|
358
|
+
}
|
359
|
+
|
360
|
+
follow_all_redirects!
|
361
|
+
|
362
|
+
data = get_parsed_data_json
|
363
|
+
assert_equal @user_email, data['email']
|
364
|
+
end
|
365
|
+
|
366
|
+
test 'should support wildcards' do
|
367
|
+
DeviseTokenAuth.redirect_whitelist = ["#{@good_redirect_url[0..8]}*"]
|
368
|
+
get '/auth/facebook',
|
369
|
+
params: { auth_origin_url: @good_redirect_url,
|
370
|
+
omniauth_window_type: 'newWindow' }
|
371
|
+
|
372
|
+
follow_all_redirects!
|
373
|
+
|
374
|
+
data = get_parsed_data_json
|
375
|
+
assert_equal @user_email, data['email']
|
376
|
+
end
|
349
377
|
end
|
350
378
|
|
351
|
-
|
352
|
-
|
353
|
-
|
354
|
-
|
355
|
-
|
379
|
+
describe "sameWindow" do
|
380
|
+
before do
|
381
|
+
@user_email = 'slemp.diggler@sillybandz.gov'
|
382
|
+
OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new(
|
383
|
+
provider: 'facebook',
|
384
|
+
uid: '123545',
|
385
|
+
info: {
|
386
|
+
name: 'chong',
|
387
|
+
email: @user_email
|
356
388
|
}
|
389
|
+
)
|
390
|
+
@good_redirect_url = '/auth_origin'
|
391
|
+
@bad_redirect_url = Faker::Internet.url
|
392
|
+
DeviseTokenAuth.redirect_whitelist = [@good_redirect_url]
|
393
|
+
end
|
357
394
|
|
358
|
-
|
395
|
+
teardown do
|
396
|
+
DeviseTokenAuth.redirect_whitelist = nil
|
397
|
+
end
|
359
398
|
|
360
|
-
|
361
|
-
|
362
|
-
|
399
|
+
test 'request using non-whitelisted redirect fail' do
|
400
|
+
get '/auth/facebook',
|
401
|
+
params: { auth_origin_url: @bad_redirect_url,
|
402
|
+
omniauth_window_type: 'sameWindow' }
|
363
403
|
|
364
|
-
|
365
|
-
|
366
|
-
|
367
|
-
|
368
|
-
|
404
|
+
follow_all_redirects!
|
405
|
+
|
406
|
+
assert_equal 200, response.status
|
407
|
+
assert_equal true, response.body.include?("Redirect to '#{@bad_redirect_url}' not allowed")
|
408
|
+
end
|
409
|
+
|
410
|
+
test 'request to whitelisted redirect should succeed' do
|
411
|
+
get '/auth/facebook',
|
412
|
+
params: {
|
413
|
+
auth_origin_url: '/auth_origin',
|
414
|
+
omniauth_window_type: 'sameWindow'
|
415
|
+
}
|
416
|
+
|
417
|
+
follow_all_redirects!
|
418
|
+
|
419
|
+
assert_equal 200, response.status
|
420
|
+
assert_equal false, response.body.include?("Redirect to '#{@good_redirect_url}' not allowed")
|
421
|
+
end
|
422
|
+
|
423
|
+
test 'should support wildcards' do
|
424
|
+
DeviseTokenAuth.redirect_whitelist = ["#{@good_redirect_url[0..8]}*"]
|
425
|
+
get '/auth/facebook',
|
426
|
+
params: {
|
427
|
+
auth_origin_url: '/auth_origin',
|
428
|
+
omniauth_window_type: 'sameWindow'
|
429
|
+
}
|
430
|
+
|
431
|
+
follow_all_redirects!
|
432
|
+
|
433
|
+
assert_equal 200, response.status
|
434
|
+
assert_equal false, response.body.include?("Redirect to '#{@good_redirect_url}' not allowed")
|
435
|
+
end
|
369
436
|
|
370
|
-
follow_all_redirects!
|
371
437
|
|
372
|
-
data = get_parsed_data_json
|
373
|
-
assert_equal @user_email, data['email']
|
374
438
|
end
|
439
|
+
|
375
440
|
end
|
376
441
|
end
|
@@ -239,10 +239,10 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
239
239
|
end
|
240
240
|
end
|
241
241
|
|
242
|
-
describe '
|
242
|
+
describe 'Checking reset_password_token' do
|
243
243
|
before do
|
244
244
|
post :create, params: {
|
245
|
-
email:
|
245
|
+
email: @resource.email,
|
246
246
|
redirect_url: @redirect_url
|
247
247
|
}
|
248
248
|
|
@@ -440,6 +440,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
440
440
|
|
441
441
|
describe 'success' do
|
442
442
|
before do
|
443
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
443
444
|
@auth_headers = @resource.create_new_auth_token
|
444
445
|
request.headers.merge!(@auth_headers)
|
445
446
|
@new_password = Faker::Internet.password
|
@@ -504,6 +505,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
504
505
|
|
505
506
|
describe 'current password mismatch error' do
|
506
507
|
before do
|
508
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
507
509
|
@auth_headers = @resource.create_new_auth_token
|
508
510
|
request.headers.merge!(@auth_headers)
|
509
511
|
@new_password = Faker::Internet.password
|
@@ -520,7 +522,35 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
520
522
|
end
|
521
523
|
|
522
524
|
describe 'change password' do
|
523
|
-
describe '
|
525
|
+
describe 'using reset token' do
|
526
|
+
before do
|
527
|
+
DeviseTokenAuth.require_client_password_reset_token = true
|
528
|
+
@redirect_url = 'http://client-app.dev'
|
529
|
+
get_reset_token
|
530
|
+
edit_url = CGI.unescape(@mail.body.match(/href=\"(.+)\"/)[1])
|
531
|
+
query_parts = Rack::Utils.parse_nested_query(URI.parse(edit_url).query)
|
532
|
+
get :edit, params: query_parts
|
533
|
+
end
|
534
|
+
|
535
|
+
test 'request should be redirect' do
|
536
|
+
assert_equal 302, response.status
|
537
|
+
end
|
538
|
+
|
539
|
+
test 'request should redirect to correct redirect url' do
|
540
|
+
host = URI.parse(response.location).host
|
541
|
+
query_parts = Rack::Utils.parse_nested_query(URI.parse(response.location).query)
|
542
|
+
|
543
|
+
assert_equal 'client-app.dev', host
|
544
|
+
assert_equal @mail_reset_token, query_parts['reset_password_token']
|
545
|
+
assert_equal 1, query_parts.keys.size
|
546
|
+
end
|
547
|
+
|
548
|
+
teardown do
|
549
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
550
|
+
end
|
551
|
+
end
|
552
|
+
|
553
|
+
describe 'with valid headers' do
|
524
554
|
before do
|
525
555
|
@auth_headers = @resource.create_new_auth_token
|
526
556
|
request.headers.merge!(@auth_headers)
|
@@ -567,19 +597,93 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
567
597
|
end
|
568
598
|
end
|
569
599
|
|
570
|
-
describe '
|
600
|
+
describe 'without valid headers' do
|
571
601
|
before do
|
572
|
-
@
|
573
|
-
|
602
|
+
@resource.create_new_auth_token
|
603
|
+
new_password = Faker::Internet.password
|
574
604
|
|
575
|
-
put :update, params: { password:
|
576
|
-
password_confirmation:
|
605
|
+
put :update, params: { password: new_password,
|
606
|
+
password_confirmation: new_password }
|
577
607
|
end
|
578
608
|
|
579
609
|
test 'response should fail' do
|
580
610
|
assert_equal 401, response.status
|
581
611
|
end
|
582
612
|
end
|
613
|
+
|
614
|
+
describe 'with valid reset password token' do
|
615
|
+
before do
|
616
|
+
reset_password_token = @resource.send_reset_password_instructions
|
617
|
+
@new_password = Faker::Internet.password
|
618
|
+
@params = { password: @new_password,
|
619
|
+
password_confirmation: @new_password,
|
620
|
+
reset_password_token: reset_password_token }
|
621
|
+
end
|
622
|
+
|
623
|
+
describe 'with require_client_password_reset_token disabled' do
|
624
|
+
before do
|
625
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
626
|
+
put :update, params: @params
|
627
|
+
|
628
|
+
@data = JSON.parse(response.body)
|
629
|
+
@resource.reload
|
630
|
+
end
|
631
|
+
|
632
|
+
test 'request should be not be successful' do
|
633
|
+
assert_equal 401, response.status
|
634
|
+
end
|
635
|
+
end
|
636
|
+
|
637
|
+
describe 'with require_client_password_reset_token enabled' do
|
638
|
+
before do
|
639
|
+
DeviseTokenAuth.require_client_password_reset_token = true
|
640
|
+
put :update, params: @params
|
641
|
+
|
642
|
+
@data = JSON.parse(response.body)
|
643
|
+
@resource.reload
|
644
|
+
end
|
645
|
+
|
646
|
+
test 'request should be successful' do
|
647
|
+
assert_equal 200, response.status
|
648
|
+
end
|
649
|
+
|
650
|
+
test 'request should return success message' do
|
651
|
+
assert @data['message']
|
652
|
+
assert_equal @data['message'],
|
653
|
+
I18n.t('devise_token_auth.passwords.successfully_updated')
|
654
|
+
end
|
655
|
+
|
656
|
+
test 'new password should authenticate user' do
|
657
|
+
assert @resource.valid_password?(@new_password)
|
658
|
+
end
|
659
|
+
|
660
|
+
teardown do
|
661
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
662
|
+
end
|
663
|
+
end
|
664
|
+
end
|
665
|
+
|
666
|
+
describe 'with invalid reset password token' do
|
667
|
+
before do
|
668
|
+
DeviseTokenAuth.require_client_password_reset_token = true
|
669
|
+
@resource.update reset_password_token: 'koskoskoskos'
|
670
|
+
put :update, params: @params
|
671
|
+
@data = JSON.parse(response.body)
|
672
|
+
@resource.reload
|
673
|
+
end
|
674
|
+
|
675
|
+
test 'request should fail' do
|
676
|
+
assert_equal 401, response.status
|
677
|
+
end
|
678
|
+
|
679
|
+
test 'new password should not authenticate user' do
|
680
|
+
assert !@resource.valid_password?(@new_password)
|
681
|
+
end
|
682
|
+
|
683
|
+
teardown do
|
684
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
685
|
+
end
|
686
|
+
end
|
583
687
|
end
|
584
688
|
end
|
585
689
|
|