devise_token_auth 1.1.2 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/controllers/devise_token_auth/application_controller.rb +10 -2
- data/app/controllers/devise_token_auth/concerns/resource_finder.rb +14 -1
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +31 -7
- data/app/controllers/devise_token_auth/confirmations_controller.rb +9 -4
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +27 -4
- data/app/controllers/devise_token_auth/passwords_controller.rb +37 -15
- data/app/controllers/devise_token_auth/registrations_controller.rb +1 -1
- data/app/controllers/devise_token_auth/sessions_controller.rb +7 -1
- data/app/controllers/devise_token_auth/unlocks_controller.rb +6 -2
- data/app/models/devise_token_auth/concerns/active_record_support.rb +0 -2
- data/app/models/devise_token_auth/concerns/confirmable_support.rb +28 -0
- data/app/models/devise_token_auth/concerns/tokens_serialization.rb +16 -4
- data/app/models/devise_token_auth/concerns/user.rb +9 -10
- data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +4 -1
- data/app/validators/devise_token_auth_email_validator.rb +1 -1
- data/app/views/devise_token_auth/omniauth_external_window.html.erb +1 -1
- data/config/locales/da-DK.yml +2 -0
- data/config/locales/de.yml +2 -0
- data/config/locales/en.yml +5 -0
- data/config/locales/es.yml +2 -0
- data/config/locales/fr.yml +2 -0
- data/config/locales/he.yml +2 -0
- data/config/locales/it.yml +2 -0
- data/config/locales/ja.yml +3 -1
- data/config/locales/ko.yml +51 -0
- data/config/locales/nl.yml +2 -0
- data/config/locales/pl.yml +6 -3
- data/config/locales/pt-BR.yml +2 -0
- data/config/locales/pt.yml +6 -3
- data/config/locales/ro.yml +2 -0
- data/config/locales/ru.yml +2 -0
- data/config/locales/sq.yml +2 -0
- data/config/locales/sv.yml +2 -0
- data/config/locales/uk.yml +2 -0
- data/config/locales/vi.yml +2 -0
- data/config/locales/zh-CN.yml +2 -0
- data/config/locales/zh-HK.yml +2 -0
- data/config/locales/zh-TW.yml +2 -0
- data/lib/devise_token_auth/blacklist.rb +5 -1
- data/lib/devise_token_auth/controllers/helpers.rb +5 -9
- data/lib/devise_token_auth/engine.rb +11 -1
- data/lib/devise_token_auth/rails/routes.rb +15 -10
- data/lib/devise_token_auth/url.rb +3 -0
- data/lib/devise_token_auth/version.rb +1 -1
- data/lib/generators/devise_token_auth/USAGE +1 -1
- data/lib/generators/devise_token_auth/install_generator.rb +4 -4
- data/lib/generators/devise_token_auth/install_mongoid_generator.rb +2 -2
- data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +5 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +1 -1
- data/lib/generators/devise_token_auth/templates/user.rb.erb +2 -2
- data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +2 -2
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +95 -19
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +108 -43
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +185 -29
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +31 -18
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +39 -10
- data/test/controllers/devise_token_auth/unlocks_controller_test.rb +21 -4
- data/test/controllers/overrides/confirmations_controller_test.rb +1 -1
- data/test/dummy/app/active_record/confirmable_user.rb +11 -0
- data/test/dummy/app/mongoid/confirmable_user.rb +52 -0
- data/test/dummy/app/views/layouts/application.html.erb +0 -2
- data/test/dummy/config/application.rb +0 -1
- data/test/dummy/config/environments/development.rb +0 -10
- data/test/dummy/config/environments/production.rb +0 -16
- data/test/dummy/config/initializers/figaro.rb +1 -1
- data/test/dummy/config/initializers/omniauth.rb +1 -0
- data/test/dummy/config/routes.rb +2 -0
- data/test/dummy/db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb +49 -0
- data/test/dummy/db/schema.rb +26 -1
- data/test/dummy/tmp/generators/app/controllers/application_controller.rb +6 -0
- data/test/dummy/tmp/generators/app/models/azpire/v1/human_resource/user.rb +56 -0
- data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +60 -0
- data/test/factories/users.rb +2 -1
- data/test/lib/devise_token_auth/blacklist_test.rb +11 -3
- data/test/lib/devise_token_auth/rails/custom_routes_test.rb +29 -0
- data/test/lib/devise_token_auth/rails/routes_test.rb +87 -0
- data/test/lib/devise_token_auth/url_test.rb +2 -2
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +1 -1
- data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +1 -1
- data/test/models/concerns/tokens_serialization_test.rb +39 -5
- data/test/models/confirmable_user_test.rb +35 -0
- data/test/test_helper.rb +35 -4
- metadata +27 -14
- data/test/dummy/config/initializers/assets.rb +0 -10
- data/test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb +0 -5
- data/test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb +0 -8
@@ -85,37 +85,89 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
85
85
|
end
|
86
86
|
|
87
87
|
describe 'request password reset' do
|
88
|
-
describe 'unknown user
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
88
|
+
describe 'unknown user' do
|
89
|
+
describe 'without paranoid mode' do
|
90
|
+
before do
|
91
|
+
post :create,
|
92
|
+
params: { email: 'chester@cheet.ah',
|
93
|
+
redirect_url: @redirect_url }
|
94
|
+
@data = JSON.parse(response.body)
|
95
|
+
end
|
95
96
|
|
96
|
-
|
97
|
-
|
97
|
+
test 'unknown user should return 404' do
|
98
|
+
assert_equal 404, response.status
|
99
|
+
end
|
100
|
+
|
101
|
+
test 'errors should be returned' do
|
102
|
+
assert @data['errors']
|
103
|
+
assert_equal @data['errors'],
|
104
|
+
[I18n.t('devise_token_auth.passwords.user_not_found',
|
105
|
+
email: 'chester@cheet.ah')]
|
106
|
+
end
|
98
107
|
end
|
99
108
|
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
109
|
+
describe 'with paranoid mode' do
|
110
|
+
before do
|
111
|
+
swap Devise, paranoid: true do
|
112
|
+
post :create,
|
113
|
+
params: { email: 'chester@cheet.ah',
|
114
|
+
redirect_url: @redirect_url }
|
115
|
+
@data = JSON.parse(response.body)
|
116
|
+
end
|
117
|
+
end
|
118
|
+
|
119
|
+
test 'unknown user should return 404' do
|
120
|
+
assert_equal 404, response.status
|
121
|
+
end
|
122
|
+
|
123
|
+
test 'errors should be returned' do
|
124
|
+
assert @data['errors']
|
125
|
+
assert_equal @data['errors'],
|
126
|
+
[I18n.t('devise_token_auth.passwords.sended_paranoid')]
|
127
|
+
end
|
105
128
|
end
|
106
129
|
end
|
107
130
|
|
108
131
|
describe 'successfully requested password reset' do
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
132
|
+
describe 'without paranoid mode' do
|
133
|
+
before do
|
134
|
+
post :create,
|
135
|
+
params: { email: @resource.email,
|
136
|
+
redirect_url: @redirect_url }
|
113
137
|
|
114
|
-
|
138
|
+
@data = JSON.parse(response.body)
|
139
|
+
end
|
140
|
+
|
141
|
+
test 'response should not contain extra data' do
|
142
|
+
assert_nil @data['data']
|
143
|
+
end
|
144
|
+
|
145
|
+
test 'response should contains message' do
|
146
|
+
assert_equal \
|
147
|
+
@data['message'],
|
148
|
+
I18n.t('devise_token_auth.passwords.sended', email: @resource.email)
|
149
|
+
end
|
115
150
|
end
|
116
151
|
|
117
|
-
|
118
|
-
|
152
|
+
describe 'with paranoid mode' do
|
153
|
+
before do
|
154
|
+
swap Devise, paranoid: true do
|
155
|
+
post :create,
|
156
|
+
params: { email: @resource.email,
|
157
|
+
redirect_url: @redirect_url }
|
158
|
+
@data = JSON.parse(response.body)
|
159
|
+
end
|
160
|
+
end
|
161
|
+
|
162
|
+
test 'response should return success status' do
|
163
|
+
assert_equal 200, response.status
|
164
|
+
end
|
165
|
+
|
166
|
+
test 'response should contain message' do
|
167
|
+
assert_equal \
|
168
|
+
@data['message'],
|
169
|
+
I18n.t('devise_token_auth.passwords.sended_paranoid')
|
170
|
+
end
|
119
171
|
end
|
120
172
|
end
|
121
173
|
|
@@ -239,10 +291,10 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
239
291
|
end
|
240
292
|
end
|
241
293
|
|
242
|
-
describe '
|
294
|
+
describe 'Checking reset_password_token' do
|
243
295
|
before do
|
244
296
|
post :create, params: {
|
245
|
-
email:
|
297
|
+
email: @resource.email,
|
246
298
|
redirect_url: @redirect_url
|
247
299
|
}
|
248
300
|
|
@@ -440,6 +492,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
440
492
|
|
441
493
|
describe 'success' do
|
442
494
|
before do
|
495
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
443
496
|
@auth_headers = @resource.create_new_auth_token
|
444
497
|
request.headers.merge!(@auth_headers)
|
445
498
|
@new_password = Faker::Internet.password
|
@@ -504,6 +557,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
504
557
|
|
505
558
|
describe 'current password mismatch error' do
|
506
559
|
before do
|
560
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
507
561
|
@auth_headers = @resource.create_new_auth_token
|
508
562
|
request.headers.merge!(@auth_headers)
|
509
563
|
@new_password = Faker::Internet.password
|
@@ -520,7 +574,35 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
520
574
|
end
|
521
575
|
|
522
576
|
describe 'change password' do
|
523
|
-
describe '
|
577
|
+
describe 'using reset token' do
|
578
|
+
before do
|
579
|
+
DeviseTokenAuth.require_client_password_reset_token = true
|
580
|
+
@redirect_url = 'http://client-app.dev'
|
581
|
+
get_reset_token
|
582
|
+
edit_url = CGI.unescape(@mail.body.match(/href=\"(.+)\"/)[1])
|
583
|
+
query_parts = Rack::Utils.parse_nested_query(URI.parse(edit_url).query)
|
584
|
+
get :edit, params: query_parts
|
585
|
+
end
|
586
|
+
|
587
|
+
test 'request should be redirect' do
|
588
|
+
assert_equal 302, response.status
|
589
|
+
end
|
590
|
+
|
591
|
+
test 'request should redirect to correct redirect url' do
|
592
|
+
host = URI.parse(response.location).host
|
593
|
+
query_parts = Rack::Utils.parse_nested_query(URI.parse(response.location).query)
|
594
|
+
|
595
|
+
assert_equal 'client-app.dev', host
|
596
|
+
assert_equal @mail_reset_token, query_parts['reset_password_token']
|
597
|
+
assert_equal 1, query_parts.keys.size
|
598
|
+
end
|
599
|
+
|
600
|
+
teardown do
|
601
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
602
|
+
end
|
603
|
+
end
|
604
|
+
|
605
|
+
describe 'with valid headers' do
|
524
606
|
before do
|
525
607
|
@auth_headers = @resource.create_new_auth_token
|
526
608
|
request.headers.merge!(@auth_headers)
|
@@ -567,19 +649,93 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
567
649
|
end
|
568
650
|
end
|
569
651
|
|
570
|
-
describe '
|
652
|
+
describe 'without valid headers' do
|
571
653
|
before do
|
572
|
-
@
|
573
|
-
|
654
|
+
@resource.create_new_auth_token
|
655
|
+
new_password = Faker::Internet.password
|
574
656
|
|
575
|
-
put :update, params: { password:
|
576
|
-
password_confirmation:
|
657
|
+
put :update, params: { password: new_password,
|
658
|
+
password_confirmation: new_password }
|
577
659
|
end
|
578
660
|
|
579
661
|
test 'response should fail' do
|
580
662
|
assert_equal 401, response.status
|
581
663
|
end
|
582
664
|
end
|
665
|
+
|
666
|
+
describe 'with valid reset password token' do
|
667
|
+
before do
|
668
|
+
reset_password_token = @resource.send_reset_password_instructions
|
669
|
+
@new_password = Faker::Internet.password
|
670
|
+
@params = { password: @new_password,
|
671
|
+
password_confirmation: @new_password,
|
672
|
+
reset_password_token: reset_password_token }
|
673
|
+
end
|
674
|
+
|
675
|
+
describe 'with require_client_password_reset_token disabled' do
|
676
|
+
before do
|
677
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
678
|
+
put :update, params: @params
|
679
|
+
|
680
|
+
@data = JSON.parse(response.body)
|
681
|
+
@resource.reload
|
682
|
+
end
|
683
|
+
|
684
|
+
test 'request should be not be successful' do
|
685
|
+
assert_equal 401, response.status
|
686
|
+
end
|
687
|
+
end
|
688
|
+
|
689
|
+
describe 'with require_client_password_reset_token enabled' do
|
690
|
+
before do
|
691
|
+
DeviseTokenAuth.require_client_password_reset_token = true
|
692
|
+
put :update, params: @params
|
693
|
+
|
694
|
+
@data = JSON.parse(response.body)
|
695
|
+
@resource.reload
|
696
|
+
end
|
697
|
+
|
698
|
+
test 'request should be successful' do
|
699
|
+
assert_equal 200, response.status
|
700
|
+
end
|
701
|
+
|
702
|
+
test 'request should return success message' do
|
703
|
+
assert @data['message']
|
704
|
+
assert_equal @data['message'],
|
705
|
+
I18n.t('devise_token_auth.passwords.successfully_updated')
|
706
|
+
end
|
707
|
+
|
708
|
+
test 'new password should authenticate user' do
|
709
|
+
assert @resource.valid_password?(@new_password)
|
710
|
+
end
|
711
|
+
|
712
|
+
teardown do
|
713
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
714
|
+
end
|
715
|
+
end
|
716
|
+
end
|
717
|
+
|
718
|
+
describe 'with invalid reset password token' do
|
719
|
+
before do
|
720
|
+
DeviseTokenAuth.require_client_password_reset_token = true
|
721
|
+
@resource.update reset_password_token: 'koskoskoskos'
|
722
|
+
put :update, params: @params
|
723
|
+
@data = JSON.parse(response.body)
|
724
|
+
@resource.reload
|
725
|
+
end
|
726
|
+
|
727
|
+
test 'request should fail' do
|
728
|
+
assert_equal 401, response.status
|
729
|
+
end
|
730
|
+
|
731
|
+
test 'new password should not authenticate user' do
|
732
|
+
assert !@resource.valid_password?(@new_password)
|
733
|
+
end
|
734
|
+
|
735
|
+
teardown do
|
736
|
+
DeviseTokenAuth.require_client_password_reset_token = false
|
737
|
+
end
|
738
|
+
end
|
583
739
|
end
|
584
740
|
end
|
585
741
|
|
@@ -10,6 +10,17 @@ require 'test_helper'
|
|
10
10
|
|
11
11
|
class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::IntegrationTest
|
12
12
|
describe DeviseTokenAuth::RegistrationsController do
|
13
|
+
|
14
|
+
def mock_registration_params
|
15
|
+
{
|
16
|
+
email: Faker::Internet.email,
|
17
|
+
password: 'secret123',
|
18
|
+
password_confirmation: 'secret123',
|
19
|
+
confirm_success_url: Faker::Internet.url,
|
20
|
+
unpermitted_param: '(x_x)'
|
21
|
+
}
|
22
|
+
end
|
23
|
+
|
13
24
|
describe 'Validate non-empty body' do
|
14
25
|
before do
|
15
26
|
# need to post empty data
|
@@ -41,13 +52,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
|
|
41
52
|
@mails_sent = ActionMailer::Base.deliveries.count
|
42
53
|
|
43
54
|
post '/auth',
|
44
|
-
params:
|
45
|
-
email: Faker::Internet.email,
|
46
|
-
password: 'secret123',
|
47
|
-
password_confirmation: 'secret123',
|
48
|
-
confirm_success_url: Faker::Internet.url,
|
49
|
-
unpermitted_param: '(x_x)'
|
50
|
-
}
|
55
|
+
params: mock_registration_params
|
51
56
|
|
52
57
|
@resource = assigns(:resource)
|
53
58
|
@data = JSON.parse(response.body)
|
@@ -87,17 +92,10 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
|
|
87
92
|
before do
|
88
93
|
@original_duration = Devise.allow_unconfirmed_access_for
|
89
94
|
Devise.allow_unconfirmed_access_for = nil
|
90
|
-
post '/auth',
|
91
|
-
params: {
|
92
|
-
email: Faker::Internet.email,
|
93
|
-
password: 'secret123',
|
94
|
-
password_confirmation: 'secret123',
|
95
|
-
confirm_success_url: Faker::Internet.url,
|
96
|
-
unpermitted_param: '(x_x)'
|
97
|
-
}
|
98
95
|
end
|
99
96
|
|
100
97
|
test 'auth headers were returned in response' do
|
98
|
+
post '/auth', params: mock_registration_params
|
101
99
|
assert response.headers['access-token']
|
102
100
|
assert response.headers['token-type']
|
103
101
|
assert response.headers['client']
|
@@ -105,6 +103,21 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
|
|
105
103
|
assert response.headers['uid']
|
106
104
|
end
|
107
105
|
|
106
|
+
describe 'using auth cookie' do
|
107
|
+
before do
|
108
|
+
DeviseTokenAuth.cookie_enabled = true
|
109
|
+
end
|
110
|
+
|
111
|
+
test 'auth cookie was returned in response' do
|
112
|
+
post '/auth', params: mock_registration_params
|
113
|
+
assert response.cookies[DeviseTokenAuth.cookie_name]
|
114
|
+
end
|
115
|
+
|
116
|
+
after do
|
117
|
+
DeviseTokenAuth.cookie_enabled = false
|
118
|
+
end
|
119
|
+
end
|
120
|
+
|
108
121
|
after do
|
109
122
|
Devise.allow_unconfirmed_access_for = @original_duration
|
110
123
|
end
|
@@ -492,7 +505,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
|
|
492
505
|
# test valid update param
|
493
506
|
@resource_class = User
|
494
507
|
@new_operating_thetan = 1_000_000
|
495
|
-
@email =
|
508
|
+
@email = Faker::Internet.safe_email
|
496
509
|
@request_params = {
|
497
510
|
operating_thetan: @new_operating_thetan,
|
498
511
|
email: @email
|
@@ -599,7 +612,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
|
|
599
612
|
# test valid update param
|
600
613
|
@resource_class = User
|
601
614
|
@new_operating_thetan = 1_000_000
|
602
|
-
@email =
|
615
|
+
@email = Faker::Internet.safe_email
|
603
616
|
@request_params = {
|
604
617
|
operating_thetan: @new_operating_thetan,
|
605
618
|
email: @email
|
@@ -650,7 +663,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
|
|
650
663
|
before do
|
651
664
|
DeviseTokenAuth.check_current_password_before_update = :password
|
652
665
|
@new_operating_thetan = 1_000_000
|
653
|
-
@email =
|
666
|
+
@email = Faker::Internet.safe_email
|
654
667
|
end
|
655
668
|
|
656
669
|
after do
|
@@ -17,11 +17,12 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
|
|
17
17
|
|
18
18
|
describe 'success' do
|
19
19
|
before do
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
20
|
+
@user_session_params = {
|
21
|
+
email: @existing_user.email,
|
22
|
+
password: @existing_user.password
|
23
|
+
}
|
24
|
+
|
25
|
+
post :create, params: @user_session_params
|
25
26
|
|
26
27
|
@resource = assigns(:resource)
|
27
28
|
@data = JSON.parse(response.body)
|
@@ -35,17 +36,27 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
|
|
35
36
|
assert_equal @existing_user.email, @data['data']['email']
|
36
37
|
end
|
37
38
|
|
39
|
+
describe 'using auth cookie' do
|
40
|
+
before do
|
41
|
+
DeviseTokenAuth.cookie_enabled = true
|
42
|
+
end
|
43
|
+
|
44
|
+
test 'request should return auth cookie' do
|
45
|
+
post :create, params: @user_session_params
|
46
|
+
assert response.cookies[DeviseTokenAuth.cookie_name]
|
47
|
+
end
|
48
|
+
|
49
|
+
after do
|
50
|
+
DeviseTokenAuth.cookie_enabled = false
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
38
54
|
describe "with multiple clients and headers don't change in each request" do
|
39
55
|
before do
|
40
56
|
# Set the max_number_of_devices to a lower number
|
41
57
|
# to expedite tests! (Default is 10)
|
42
58
|
DeviseTokenAuth.max_number_of_devices = 2
|
43
59
|
DeviseTokenAuth.change_headers_on_each_request = false
|
44
|
-
|
45
|
-
@user_session_params = {
|
46
|
-
email: @existing_user.email,
|
47
|
-
password: @existing_user.password
|
48
|
-
}
|
49
60
|
end
|
50
61
|
|
51
62
|
test 'should limit the maximum number of concurrent devices' do
|
@@ -159,6 +170,24 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
|
|
159
170
|
test 'session was destroyed' do
|
160
171
|
assert_equal true, @controller.reset_session_called
|
161
172
|
end
|
173
|
+
|
174
|
+
describe 'using auth cookie' do
|
175
|
+
before do
|
176
|
+
DeviseTokenAuth.cookie_enabled = true
|
177
|
+
@auth_token = @existing_user.create_new_auth_token
|
178
|
+
@controller.send(:cookies)[DeviseTokenAuth.cookie_name] = { value: @auth_token.to_json }
|
179
|
+
end
|
180
|
+
|
181
|
+
test 'auth cookie was destroyed' do
|
182
|
+
assert_equal @auth_token.to_json, @controller.send(:cookies)[DeviseTokenAuth.cookie_name] # sanity check
|
183
|
+
delete :destroy, format: :json
|
184
|
+
assert_nil @controller.send(:cookies)[DeviseTokenAuth.cookie_name]
|
185
|
+
end
|
186
|
+
|
187
|
+
after do
|
188
|
+
DeviseTokenAuth.cookie_enabled = false
|
189
|
+
end
|
190
|
+
end
|
162
191
|
end
|
163
192
|
|
164
193
|
describe 'unauthed user sign out' do
|
@@ -57,7 +57,7 @@ class DeviseTokenAuth::UnlocksControllerTest < ActionController::TestCase
|
|
57
57
|
end
|
58
58
|
|
59
59
|
describe 'request unlock' do
|
60
|
-
describe '
|
60
|
+
describe 'without paranoid mode' do
|
61
61
|
before do
|
62
62
|
post :create, params: { email: 'chester@cheet.ah' }
|
63
63
|
@data = JSON.parse(response.body)
|
@@ -68,9 +68,26 @@ class DeviseTokenAuth::UnlocksControllerTest < ActionController::TestCase
|
|
68
68
|
|
69
69
|
test 'errors should be returned' do
|
70
70
|
assert @data['errors']
|
71
|
-
assert_equal @data['errors'],
|
72
|
-
|
73
|
-
|
71
|
+
assert_equal @data['errors'], [I18n.t('devise_token_auth.unlocks.user_not_found',
|
72
|
+
email: 'chester@cheet.ah')]
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
describe 'with paranoid mode' do
|
77
|
+
before do
|
78
|
+
swap Devise, paranoid: true do
|
79
|
+
post :create, params: { email: 'chester@cheet.ah' }
|
80
|
+
@data = JSON.parse(response.body)
|
81
|
+
end
|
82
|
+
end
|
83
|
+
|
84
|
+
test 'unknown user should return 404' do
|
85
|
+
assert_equal 404, response.status
|
86
|
+
end
|
87
|
+
|
88
|
+
test 'errors should be returned' do
|
89
|
+
assert @data['errors']
|
90
|
+
assert_equal @data['errors'], [I18n.t('devise_token_auth.unlocks.sended_paranoid')]
|
74
91
|
end
|
75
92
|
end
|
76
93
|
|