devise_token_auth 1.1.3 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/devise_token_auth/application_controller.rb +8 -0
- data/app/controllers/devise_token_auth/concerns/resource_finder.rb +14 -1
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +31 -7
- data/app/controllers/devise_token_auth/confirmations_controller.rb +9 -4
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +2 -1
- data/app/controllers/devise_token_auth/passwords_controller.rb +6 -2
- data/app/controllers/devise_token_auth/sessions_controller.rb +7 -1
- data/app/controllers/devise_token_auth/unlocks_controller.rb +6 -2
- data/app/models/devise_token_auth/concerns/active_record_support.rb +0 -2
- data/app/models/devise_token_auth/concerns/confirmable_support.rb +28 -0
- data/app/models/devise_token_auth/concerns/tokens_serialization.rb +16 -4
- data/app/models/devise_token_auth/concerns/user.rb +9 -10
- data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +4 -1
- data/app/validators/devise_token_auth_email_validator.rb +1 -1
- data/app/views/devise_token_auth/omniauth_external_window.html.erb +1 -1
- data/config/locales/en.yml +3 -0
- data/config/locales/ja.yml +1 -1
- data/config/locales/ko.yml +51 -0
- data/config/locales/pl.yml +4 -3
- data/config/locales/pt.yml +4 -3
- data/lib/devise_token_auth/blacklist.rb +5 -1
- data/lib/devise_token_auth/controllers/helpers.rb +5 -9
- data/lib/devise_token_auth/engine.rb +8 -0
- data/lib/devise_token_auth/rails/routes.rb +15 -10
- data/lib/devise_token_auth/url.rb +3 -0
- data/lib/devise_token_auth/version.rb +1 -1
- data/lib/generators/devise_token_auth/USAGE +1 -1
- data/lib/generators/devise_token_auth/install_generator.rb +4 -4
- data/lib/generators/devise_token_auth/install_mongoid_generator.rb +2 -2
- data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +5 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +1 -1
- data/lib/generators/devise_token_auth/templates/user.rb.erb +2 -2
- data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +2 -2
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +95 -19
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +2 -2
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +73 -21
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +28 -15
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +39 -10
- data/test/controllers/devise_token_auth/unlocks_controller_test.rb +21 -4
- data/test/controllers/overrides/confirmations_controller_test.rb +1 -1
- data/test/dummy/app/active_record/confirmable_user.rb +11 -0
- data/test/dummy/app/mongoid/confirmable_user.rb +52 -0
- data/test/dummy/app/views/layouts/application.html.erb +0 -2
- data/test/dummy/config/application.rb +0 -1
- data/test/dummy/config/environments/development.rb +0 -10
- data/test/dummy/config/environments/production.rb +0 -16
- data/test/dummy/config/initializers/figaro.rb +1 -1
- data/test/dummy/config/initializers/omniauth.rb +1 -0
- data/test/dummy/config/routes.rb +2 -0
- data/test/dummy/{tmp/generators/db/migrate/20170630171909_devise_token_auth_create_mangs.rb → db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb} +9 -14
- data/test/dummy/db/schema.rb +26 -1
- data/test/dummy/tmp/generators/app/controllers/application_controller.rb +6 -0
- data/test/dummy/tmp/generators/app/models/azpire/v1/human_resource/user.rb +56 -0
- data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +12 -0
- data/test/factories/users.rb +1 -0
- data/test/lib/devise_token_auth/blacklist_test.rb +11 -3
- data/test/lib/devise_token_auth/rails/custom_routes_test.rb +29 -0
- data/test/lib/devise_token_auth/rails/routes_test.rb +87 -0
- data/test/lib/devise_token_auth/url_test.rb +2 -2
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +1 -1
- data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +1 -1
- data/test/models/concerns/tokens_serialization_test.rb +39 -5
- data/test/models/confirmable_user_test.rb +35 -0
- data/test/test_helper.rb +35 -4
- metadata +25 -19
- data/test/dummy/config/initializers/assets.rb +0 -10
- data/test/dummy/tmp/generators/app/models/mang.rb +0 -7
- data/test/dummy/tmp/generators/app/models/user.rb +0 -7
- data/test/dummy/tmp/generators/config/routes.rb +0 -9
- data/test/dummy/tmp/generators/db/migrate/20170630171909_devise_token_auth_create_users.rb +0 -54
@@ -8,7 +8,7 @@ Arguments:
|
|
8
8
|
# 'User'
|
9
9
|
MOUNT_PATH # The path at which to mount the authentication routes. Default is
|
10
10
|
# 'auth'. More detail documentation is here:
|
11
|
-
# https://
|
11
|
+
# https://devise-token-auth.gitbook.io/devise-token-auth/usage
|
12
12
|
|
13
13
|
Example:
|
14
14
|
rails generate devise_token_auth:install User auth
|
@@ -26,7 +26,7 @@ module DeviseTokenAuth
|
|
26
26
|
inclusion = 'include DeviseTokenAuth::Concerns::User'
|
27
27
|
unless parse_file_for_line(fname, inclusion)
|
28
28
|
|
29
|
-
active_record_needle = (Rails::VERSION::MAJOR
|
29
|
+
active_record_needle = (Rails::VERSION::MAJOR >= 5) ? 'ApplicationRecord' : 'ActiveRecord::Base'
|
30
30
|
inject_into_file fname, after: "class #{user_class} < #{active_record_needle}\n" do <<-'RUBY'
|
31
31
|
# Include default devise modules.
|
32
32
|
devise :database_authenticatable, :registerable,
|
@@ -75,12 +75,12 @@ module DeviseTokenAuth
|
|
75
75
|
ActiveRecord::Base.connection.select_value('SELECT VERSION()')
|
76
76
|
end
|
77
77
|
|
78
|
-
def
|
79
|
-
Rails
|
78
|
+
def rails_5_or_newer?
|
79
|
+
Rails::VERSION::MAJOR >= 5
|
80
80
|
end
|
81
81
|
|
82
82
|
def primary_key_type
|
83
|
-
primary_key_string if
|
83
|
+
primary_key_string if rails_5_or_newer?
|
84
84
|
end
|
85
85
|
|
86
86
|
def primary_key_string
|
@@ -29,9 +29,9 @@ module DeviseTokenAuth
|
|
29
29
|
field :tokens, type: Hash, default: {}
|
30
30
|
|
31
31
|
# Include default devise modules. Others available are:
|
32
|
-
# :confirmable, :lockable, :timeoutable and :omniauthable
|
32
|
+
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
|
33
33
|
devise :database_authenticatable, :registerable,
|
34
|
-
:recoverable, :rememberable, :
|
34
|
+
:recoverable, :rememberable, :validatable
|
35
35
|
include DeviseTokenAuth::Concerns::User
|
36
36
|
|
37
37
|
index({ uid: 1, provider: 1}, { name: 'uid_provider_index', unique: true, background: true })
|
@@ -52,4 +52,9 @@ DeviseTokenAuth.setup do |config|
|
|
52
52
|
# If, however, you wish to integrate with legacy Devise authentication, you can
|
53
53
|
# do so by enabling this flag. NOTE: This feature is highly experimental!
|
54
54
|
# config.enable_standard_devise_support = false
|
55
|
+
|
56
|
+
# By default DeviseTokenAuth will not send confirmation email, even when including
|
57
|
+
# devise confirmable module. If you want to use devise confirmable module and
|
58
|
+
# send email, set it to true. (This is a setting for compatibility)
|
59
|
+
# config.send_confirmation_email = true
|
55
60
|
end
|
@@ -44,6 +44,6 @@ class DeviseTokenAuthCreate<%= user_class.pluralize.gsub("::","") %> < ActiveRec
|
|
44
44
|
add_index :<%= table_name %>, [:uid, :provider], unique: true
|
45
45
|
add_index :<%= table_name %>, :reset_password_token, unique: true
|
46
46
|
add_index :<%= table_name %>, :confirmation_token, unique: true
|
47
|
-
# add_index :<%= table_name %>, :unlock_token,
|
47
|
+
# add_index :<%= table_name %>, :unlock_token, unique: true
|
48
48
|
end
|
49
49
|
end
|
@@ -2,8 +2,8 @@
|
|
2
2
|
|
3
3
|
class <%= user_class %> < ActiveRecord::Base
|
4
4
|
# Include default devise modules. Others available are:
|
5
|
-
# :confirmable, :lockable, :timeoutable and :omniauthable
|
5
|
+
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
|
6
6
|
devise :database_authenticatable, :registerable,
|
7
|
-
:recoverable, :rememberable, :
|
7
|
+
:recoverable, :rememberable, :validatable
|
8
8
|
include DeviseTokenAuth::Concerns::User
|
9
9
|
end
|
@@ -43,9 +43,9 @@ class <%= user_class %>
|
|
43
43
|
field :tokens, type: Hash, default: {}
|
44
44
|
|
45
45
|
# Include default devise modules. Others available are:
|
46
|
-
# :confirmable, :lockable, :timeoutable and :omniauthable
|
46
|
+
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
|
47
47
|
devise :database_authenticatable, :registerable,
|
48
|
-
:recoverable, :rememberable, :
|
48
|
+
:recoverable, :rememberable, :validatable
|
49
49
|
include DeviseTokenAuth::Concerns::User
|
50
50
|
|
51
51
|
index({ email: 1 }, { name: 'email_index', unique: true, background: true })
|
@@ -53,6 +53,10 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
|
53
53
|
assert @resource.confirmed?
|
54
54
|
end
|
55
55
|
|
56
|
+
test 'should save the authentication token' do
|
57
|
+
assert @resource.reload.tokens.present?
|
58
|
+
end
|
59
|
+
|
56
60
|
test 'should redirect to success url' do
|
57
61
|
assert_redirected_to(/^#{@redirect_url}/)
|
58
62
|
end
|
@@ -88,30 +92,102 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
|
|
88
92
|
end
|
89
93
|
|
90
94
|
describe 'resend confirmation' do
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
95
|
+
describe 'without paranoid mode' do
|
96
|
+
|
97
|
+
describe 'on success' do
|
98
|
+
before do
|
99
|
+
post :create,
|
100
|
+
params: { email: @new_user.email,
|
101
|
+
redirect_url: @redirect_url },
|
102
|
+
xhr: true
|
103
|
+
@resource = assigns(:resource)
|
104
|
+
@data = JSON.parse(response.body)
|
105
|
+
@mail = ActionMailer::Base.deliveries.last
|
106
|
+
@token, @client_config = token_and_client_config_from(@mail.body)
|
107
|
+
end
|
108
|
+
|
109
|
+
test 'user should not be confirmed' do
|
110
|
+
assert_nil @resource.confirmed_at
|
111
|
+
end
|
112
|
+
|
113
|
+
test 'should generate raw token' do
|
114
|
+
assert @token
|
115
|
+
assert_equal @new_user.confirmation_token, @token
|
116
|
+
end
|
117
|
+
|
118
|
+
test 'user should receive confirmation email' do
|
119
|
+
assert_equal @resource.email, @mail['to'].to_s
|
120
|
+
end
|
121
|
+
|
122
|
+
test 'response should contain message' do
|
123
|
+
assert_equal @data['message'], I18n.t('devise_token_auth.confirmations.sended', email: @resource.email)
|
124
|
+
end
|
125
|
+
end
|
126
|
+
|
127
|
+
describe 'on failure' do
|
128
|
+
before do
|
129
|
+
post :create,
|
130
|
+
params: { email: 'chester@cheet.ah',
|
131
|
+
redirect_url: @redirect_url },
|
132
|
+
xhr: true
|
133
|
+
@data = JSON.parse(response.body)
|
134
|
+
end
|
135
|
+
|
136
|
+
test 'response should contain errors' do
|
137
|
+
assert_equal @data['errors'], [I18n.t('devise_token_auth.confirmations.user_not_found', email: 'chester@cheet.ah')]
|
138
|
+
end
|
139
|
+
end
|
104
140
|
end
|
141
|
+
end
|
105
142
|
|
106
|
-
|
107
|
-
|
108
|
-
|
143
|
+
describe 'with paranoid mode' do
|
144
|
+
describe 'on success' do
|
145
|
+
before do
|
146
|
+
swap Devise, paranoid: true do
|
147
|
+
post :create,
|
148
|
+
params: { email: @new_user.email,
|
149
|
+
redirect_url: @redirect_url },
|
150
|
+
xhr: true
|
151
|
+
@resource = assigns(:resource)
|
152
|
+
@data = JSON.parse(response.body)
|
153
|
+
@mail = ActionMailer::Base.deliveries.last
|
154
|
+
@token, @client_config = token_and_client_config_from(@mail.body)
|
155
|
+
end
|
156
|
+
end
|
157
|
+
|
158
|
+
test 'user should not be confirmed' do
|
159
|
+
assert_nil @resource.confirmed_at
|
160
|
+
end
|
161
|
+
|
162
|
+
test 'should generate raw token' do
|
163
|
+
assert @token
|
164
|
+
assert_equal @new_user.confirmation_token, @token
|
165
|
+
end
|
166
|
+
|
167
|
+
test 'user should receive confirmation email' do
|
168
|
+
assert_equal @resource.email, @mail['to'].to_s
|
169
|
+
end
|
170
|
+
|
171
|
+
test 'response should contain message' do
|
172
|
+
assert_equal @data['message'], I18n.t('devise_token_auth.confirmations.sended_paranoid', email: @resource.email)
|
173
|
+
end
|
109
174
|
end
|
110
175
|
|
111
|
-
|
112
|
-
|
176
|
+
describe 'on failure' do
|
177
|
+
before do
|
178
|
+
swap Devise, paranoid: true do
|
179
|
+
post :create,
|
180
|
+
params: { email: 'chester@cheet.ah',
|
181
|
+
redirect_url: @redirect_url },
|
182
|
+
xhr: true
|
183
|
+
@data = JSON.parse(response.body)
|
184
|
+
end
|
185
|
+
end
|
186
|
+
|
187
|
+
test 'response should contain errors' do
|
188
|
+
assert_equal @data['errors'], [I18n.t('devise_token_auth.confirmations.sended_paranoid')]
|
189
|
+
end
|
113
190
|
end
|
114
|
-
|
115
191
|
end
|
116
192
|
end
|
117
193
|
|
@@ -18,7 +18,7 @@ class OmniauthTest < ActionDispatch::IntegrationTest
|
|
18
18
|
|
19
19
|
def get_parsed_data_json
|
20
20
|
encoded_json_data = @response.body.match(/var data \= JSON.parse\(decodeURIComponent\(\'(.+)\'\)\)\;/)[1]
|
21
|
-
JSON.parse(
|
21
|
+
JSON.parse(CGI.unescape(encoded_json_data))
|
22
22
|
end
|
23
23
|
|
24
24
|
describe 'success callback' do
|
@@ -346,7 +346,7 @@ class OmniauthTest < ActionDispatch::IntegrationTest
|
|
346
346
|
follow_all_redirects!
|
347
347
|
|
348
348
|
data = get_parsed_data_json
|
349
|
-
assert_equal "Redirect to
|
349
|
+
assert_equal "Redirect to '#{@bad_redirect_url}' not allowed.",
|
350
350
|
data['error']
|
351
351
|
end
|
352
352
|
|
@@ -85,37 +85,89 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
85
85
|
end
|
86
86
|
|
87
87
|
describe 'request password reset' do
|
88
|
-
describe 'unknown user
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
88
|
+
describe 'unknown user' do
|
89
|
+
describe 'without paranoid mode' do
|
90
|
+
before do
|
91
|
+
post :create,
|
92
|
+
params: { email: 'chester@cheet.ah',
|
93
|
+
redirect_url: @redirect_url }
|
94
|
+
@data = JSON.parse(response.body)
|
95
|
+
end
|
95
96
|
|
96
|
-
|
97
|
-
|
97
|
+
test 'unknown user should return 404' do
|
98
|
+
assert_equal 404, response.status
|
99
|
+
end
|
100
|
+
|
101
|
+
test 'errors should be returned' do
|
102
|
+
assert @data['errors']
|
103
|
+
assert_equal @data['errors'],
|
104
|
+
[I18n.t('devise_token_auth.passwords.user_not_found',
|
105
|
+
email: 'chester@cheet.ah')]
|
106
|
+
end
|
98
107
|
end
|
99
108
|
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
109
|
+
describe 'with paranoid mode' do
|
110
|
+
before do
|
111
|
+
swap Devise, paranoid: true do
|
112
|
+
post :create,
|
113
|
+
params: { email: 'chester@cheet.ah',
|
114
|
+
redirect_url: @redirect_url }
|
115
|
+
@data = JSON.parse(response.body)
|
116
|
+
end
|
117
|
+
end
|
118
|
+
|
119
|
+
test 'unknown user should return 404' do
|
120
|
+
assert_equal 404, response.status
|
121
|
+
end
|
122
|
+
|
123
|
+
test 'errors should be returned' do
|
124
|
+
assert @data['errors']
|
125
|
+
assert_equal @data['errors'],
|
126
|
+
[I18n.t('devise_token_auth.passwords.sended_paranoid')]
|
127
|
+
end
|
105
128
|
end
|
106
129
|
end
|
107
130
|
|
108
131
|
describe 'successfully requested password reset' do
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
132
|
+
describe 'without paranoid mode' do
|
133
|
+
before do
|
134
|
+
post :create,
|
135
|
+
params: { email: @resource.email,
|
136
|
+
redirect_url: @redirect_url }
|
113
137
|
|
114
|
-
|
138
|
+
@data = JSON.parse(response.body)
|
139
|
+
end
|
140
|
+
|
141
|
+
test 'response should not contain extra data' do
|
142
|
+
assert_nil @data['data']
|
143
|
+
end
|
144
|
+
|
145
|
+
test 'response should contains message' do
|
146
|
+
assert_equal \
|
147
|
+
@data['message'],
|
148
|
+
I18n.t('devise_token_auth.passwords.sended', email: @resource.email)
|
149
|
+
end
|
115
150
|
end
|
116
151
|
|
117
|
-
|
118
|
-
|
152
|
+
describe 'with paranoid mode' do
|
153
|
+
before do
|
154
|
+
swap Devise, paranoid: true do
|
155
|
+
post :create,
|
156
|
+
params: { email: @resource.email,
|
157
|
+
redirect_url: @redirect_url }
|
158
|
+
@data = JSON.parse(response.body)
|
159
|
+
end
|
160
|
+
end
|
161
|
+
|
162
|
+
test 'response should return success status' do
|
163
|
+
assert_equal 200, response.status
|
164
|
+
end
|
165
|
+
|
166
|
+
test 'response should contain message' do
|
167
|
+
assert_equal \
|
168
|
+
@data['message'],
|
169
|
+
I18n.t('devise_token_auth.passwords.sended_paranoid')
|
170
|
+
end
|
119
171
|
end
|
120
172
|
end
|
121
173
|
|
@@ -10,6 +10,17 @@ require 'test_helper'
|
|
10
10
|
|
11
11
|
class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::IntegrationTest
|
12
12
|
describe DeviseTokenAuth::RegistrationsController do
|
13
|
+
|
14
|
+
def mock_registration_params
|
15
|
+
{
|
16
|
+
email: Faker::Internet.email,
|
17
|
+
password: 'secret123',
|
18
|
+
password_confirmation: 'secret123',
|
19
|
+
confirm_success_url: Faker::Internet.url,
|
20
|
+
unpermitted_param: '(x_x)'
|
21
|
+
}
|
22
|
+
end
|
23
|
+
|
13
24
|
describe 'Validate non-empty body' do
|
14
25
|
before do
|
15
26
|
# need to post empty data
|
@@ -41,13 +52,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
|
|
41
52
|
@mails_sent = ActionMailer::Base.deliveries.count
|
42
53
|
|
43
54
|
post '/auth',
|
44
|
-
params:
|
45
|
-
email: Faker::Internet.email,
|
46
|
-
password: 'secret123',
|
47
|
-
password_confirmation: 'secret123',
|
48
|
-
confirm_success_url: Faker::Internet.url,
|
49
|
-
unpermitted_param: '(x_x)'
|
50
|
-
}
|
55
|
+
params: mock_registration_params
|
51
56
|
|
52
57
|
@resource = assigns(:resource)
|
53
58
|
@data = JSON.parse(response.body)
|
@@ -87,17 +92,10 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
|
|
87
92
|
before do
|
88
93
|
@original_duration = Devise.allow_unconfirmed_access_for
|
89
94
|
Devise.allow_unconfirmed_access_for = nil
|
90
|
-
post '/auth',
|
91
|
-
params: {
|
92
|
-
email: Faker::Internet.email,
|
93
|
-
password: 'secret123',
|
94
|
-
password_confirmation: 'secret123',
|
95
|
-
confirm_success_url: Faker::Internet.url,
|
96
|
-
unpermitted_param: '(x_x)'
|
97
|
-
}
|
98
95
|
end
|
99
96
|
|
100
97
|
test 'auth headers were returned in response' do
|
98
|
+
post '/auth', params: mock_registration_params
|
101
99
|
assert response.headers['access-token']
|
102
100
|
assert response.headers['token-type']
|
103
101
|
assert response.headers['client']
|
@@ -105,6 +103,21 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
|
|
105
103
|
assert response.headers['uid']
|
106
104
|
end
|
107
105
|
|
106
|
+
describe 'using auth cookie' do
|
107
|
+
before do
|
108
|
+
DeviseTokenAuth.cookie_enabled = true
|
109
|
+
end
|
110
|
+
|
111
|
+
test 'auth cookie was returned in response' do
|
112
|
+
post '/auth', params: mock_registration_params
|
113
|
+
assert response.cookies[DeviseTokenAuth.cookie_name]
|
114
|
+
end
|
115
|
+
|
116
|
+
after do
|
117
|
+
DeviseTokenAuth.cookie_enabled = false
|
118
|
+
end
|
119
|
+
end
|
120
|
+
|
108
121
|
after do
|
109
122
|
Devise.allow_unconfirmed_access_for = @original_duration
|
110
123
|
end
|
@@ -17,11 +17,12 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
|
|
17
17
|
|
18
18
|
describe 'success' do
|
19
19
|
before do
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
20
|
+
@user_session_params = {
|
21
|
+
email: @existing_user.email,
|
22
|
+
password: @existing_user.password
|
23
|
+
}
|
24
|
+
|
25
|
+
post :create, params: @user_session_params
|
25
26
|
|
26
27
|
@resource = assigns(:resource)
|
27
28
|
@data = JSON.parse(response.body)
|
@@ -35,17 +36,27 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
|
|
35
36
|
assert_equal @existing_user.email, @data['data']['email']
|
36
37
|
end
|
37
38
|
|
39
|
+
describe 'using auth cookie' do
|
40
|
+
before do
|
41
|
+
DeviseTokenAuth.cookie_enabled = true
|
42
|
+
end
|
43
|
+
|
44
|
+
test 'request should return auth cookie' do
|
45
|
+
post :create, params: @user_session_params
|
46
|
+
assert response.cookies[DeviseTokenAuth.cookie_name]
|
47
|
+
end
|
48
|
+
|
49
|
+
after do
|
50
|
+
DeviseTokenAuth.cookie_enabled = false
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
38
54
|
describe "with multiple clients and headers don't change in each request" do
|
39
55
|
before do
|
40
56
|
# Set the max_number_of_devices to a lower number
|
41
57
|
# to expedite tests! (Default is 10)
|
42
58
|
DeviseTokenAuth.max_number_of_devices = 2
|
43
59
|
DeviseTokenAuth.change_headers_on_each_request = false
|
44
|
-
|
45
|
-
@user_session_params = {
|
46
|
-
email: @existing_user.email,
|
47
|
-
password: @existing_user.password
|
48
|
-
}
|
49
60
|
end
|
50
61
|
|
51
62
|
test 'should limit the maximum number of concurrent devices' do
|
@@ -159,6 +170,24 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
|
|
159
170
|
test 'session was destroyed' do
|
160
171
|
assert_equal true, @controller.reset_session_called
|
161
172
|
end
|
173
|
+
|
174
|
+
describe 'using auth cookie' do
|
175
|
+
before do
|
176
|
+
DeviseTokenAuth.cookie_enabled = true
|
177
|
+
@auth_token = @existing_user.create_new_auth_token
|
178
|
+
@controller.send(:cookies)[DeviseTokenAuth.cookie_name] = { value: @auth_token.to_json }
|
179
|
+
end
|
180
|
+
|
181
|
+
test 'auth cookie was destroyed' do
|
182
|
+
assert_equal @auth_token.to_json, @controller.send(:cookies)[DeviseTokenAuth.cookie_name] # sanity check
|
183
|
+
delete :destroy, format: :json
|
184
|
+
assert_nil @controller.send(:cookies)[DeviseTokenAuth.cookie_name]
|
185
|
+
end
|
186
|
+
|
187
|
+
after do
|
188
|
+
DeviseTokenAuth.cookie_enabled = false
|
189
|
+
end
|
190
|
+
end
|
162
191
|
end
|
163
192
|
|
164
193
|
describe 'unauthed user sign out' do
|
@@ -57,7 +57,7 @@ class DeviseTokenAuth::UnlocksControllerTest < ActionController::TestCase
|
|
57
57
|
end
|
58
58
|
|
59
59
|
describe 'request unlock' do
|
60
|
-
describe '
|
60
|
+
describe 'without paranoid mode' do
|
61
61
|
before do
|
62
62
|
post :create, params: { email: 'chester@cheet.ah' }
|
63
63
|
@data = JSON.parse(response.body)
|
@@ -68,9 +68,26 @@ class DeviseTokenAuth::UnlocksControllerTest < ActionController::TestCase
|
|
68
68
|
|
69
69
|
test 'errors should be returned' do
|
70
70
|
assert @data['errors']
|
71
|
-
assert_equal @data['errors'],
|
72
|
-
|
73
|
-
|
71
|
+
assert_equal @data['errors'], [I18n.t('devise_token_auth.unlocks.user_not_found',
|
72
|
+
email: 'chester@cheet.ah')]
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
describe 'with paranoid mode' do
|
77
|
+
before do
|
78
|
+
swap Devise, paranoid: true do
|
79
|
+
post :create, params: { email: 'chester@cheet.ah' }
|
80
|
+
@data = JSON.parse(response.body)
|
81
|
+
end
|
82
|
+
end
|
83
|
+
|
84
|
+
test 'unknown user should return 404' do
|
85
|
+
assert_equal 404, response.status
|
86
|
+
end
|
87
|
+
|
88
|
+
test 'errors should be returned' do
|
89
|
+
assert @data['errors']
|
90
|
+
assert_equal @data['errors'], [I18n.t('devise_token_auth.unlocks.sended_paranoid')]
|
74
91
|
end
|
75
92
|
end
|
76
93
|
|
@@ -38,7 +38,7 @@ class Overrides::ConfirmationsControllerTest < ActionDispatch::IntegrationTest
|
|
38
38
|
override_proof_str = '(^^,)'
|
39
39
|
|
40
40
|
# ensure present in redirect URL
|
41
|
-
override_proof_param =
|
41
|
+
override_proof_param = CGI.unescape(response.headers['Location']
|
42
42
|
.match(/override_proof=([^&]*)&/)[1])
|
43
43
|
|
44
44
|
assert_equal override_proof_str, override_proof_param
|
@@ -0,0 +1,11 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
class ConfirmableUser < ActiveRecord::Base
|
4
|
+
# Include default devise modules.
|
5
|
+
devise :database_authenticatable, :registerable,
|
6
|
+
:recoverable, :rememberable,
|
7
|
+
:validatable, :confirmable
|
8
|
+
DeviseTokenAuth.send_confirmation_email = true
|
9
|
+
include DeviseTokenAuth::Concerns::User
|
10
|
+
DeviseTokenAuth.send_confirmation_email = false
|
11
|
+
end
|
@@ -0,0 +1,52 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
class ConfirmableUser
|
4
|
+
include Mongoid::Document
|
5
|
+
include Mongoid::Timestamps
|
6
|
+
include Mongoid::Locker
|
7
|
+
|
8
|
+
field :locker_locked_at, type: Time
|
9
|
+
field :locker_locked_until, type: Time
|
10
|
+
|
11
|
+
locker locked_at_field: :locker_locked_at,
|
12
|
+
locked_until_field: :locker_locked_until
|
13
|
+
|
14
|
+
## User Info
|
15
|
+
field :name, type: String
|
16
|
+
field :nickname, type: String
|
17
|
+
field :image, type: String
|
18
|
+
|
19
|
+
## Database authenticatable
|
20
|
+
field :email, type: String, default: ''
|
21
|
+
field :encrypted_password, type: String, default: ''
|
22
|
+
|
23
|
+
## Recoverable
|
24
|
+
field :reset_password_token, type: String
|
25
|
+
field :reset_password_sent_at, type: Time
|
26
|
+
field :reset_password_redirect_url, type: String
|
27
|
+
field :allow_password_change, type: Boolean, default: false
|
28
|
+
|
29
|
+
## Rememberable
|
30
|
+
field :remember_created_at, type: Time
|
31
|
+
|
32
|
+
## Confirmable
|
33
|
+
field :confirmation_token, type: String
|
34
|
+
field :confirmed_at, type: Time
|
35
|
+
field :confirmation_sent_at, type: Time
|
36
|
+
field :unconfirmed_email, type: String # Only if using reconfirmable
|
37
|
+
|
38
|
+
## Required
|
39
|
+
field :provider, type: String
|
40
|
+
field :uid, type: String, default: ''
|
41
|
+
|
42
|
+
## Tokens
|
43
|
+
field :tokens, type: Hash, default: {}
|
44
|
+
|
45
|
+
# Include default devise modules.
|
46
|
+
devise :database_authenticatable, :registerable,
|
47
|
+
:recoverable, :rememberable, :trackable,
|
48
|
+
:validatable, :confirmable
|
49
|
+
DeviseTokenAuth.send_confirmation_email = true
|
50
|
+
include DeviseTokenAuth::Concerns::User
|
51
|
+
DeviseTokenAuth.send_confirmation_email = false
|
52
|
+
end
|
@@ -29,16 +29,6 @@ Rails.application.configure do
|
|
29
29
|
# Raise an error on page load if there are pending migrations.
|
30
30
|
config.active_record.migration_error = :page_load
|
31
31
|
|
32
|
-
# Debug mode disables concatenation and preprocessing of assets.
|
33
|
-
# This option may cause significant delays in view rendering with a large
|
34
|
-
# number of complex assets.
|
35
|
-
config.assets.debug = true
|
36
|
-
|
37
|
-
# Adds additional error checking when serving assets at runtime.
|
38
|
-
# Checks for improperly declared sprockets dependencies.
|
39
|
-
# Raises helpful error messages.
|
40
|
-
config.assets.raise_runtime_errors = true
|
41
|
-
|
42
32
|
# Raises error for missing translations
|
43
33
|
# config.action_view.raise_on_missing_translations = true
|
44
34
|
|