devise_token_auth 1.1.4 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/devise_token_auth/application_controller.rb +8 -0
  3. data/app/controllers/devise_token_auth/concerns/resource_finder.rb +14 -1
  4. data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +31 -7
  5. data/app/controllers/devise_token_auth/confirmations_controller.rb +8 -4
  6. data/app/controllers/devise_token_auth/passwords_controller.rb +6 -2
  7. data/app/controllers/devise_token_auth/sessions_controller.rb +7 -1
  8. data/app/controllers/devise_token_auth/unlocks_controller.rb +6 -2
  9. data/app/models/devise_token_auth/concerns/active_record_support.rb +0 -2
  10. data/app/models/devise_token_auth/concerns/confirmable_support.rb +2 -1
  11. data/app/models/devise_token_auth/concerns/tokens_serialization.rb +16 -4
  12. data/app/models/devise_token_auth/concerns/user.rb +4 -9
  13. data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +3 -0
  14. data/app/validators/devise_token_auth_email_validator.rb +1 -1
  15. data/app/views/devise_token_auth/omniauth_external_window.html.erb +1 -1
  16. data/config/locales/en.yml +3 -0
  17. data/lib/devise_token_auth/blacklist.rb +5 -1
  18. data/lib/devise_token_auth/controllers/helpers.rb +5 -9
  19. data/lib/devise_token_auth/engine.rb +6 -0
  20. data/lib/devise_token_auth/rails/routes.rb +15 -10
  21. data/lib/devise_token_auth/version.rb +1 -1
  22. data/lib/generators/devise_token_auth/install_generator.rb +1 -1
  23. data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +1 -1
  24. data/test/controllers/devise_token_auth/confirmations_controller_test.rb +91 -19
  25. data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +2 -2
  26. data/test/controllers/devise_token_auth/passwords_controller_test.rb +73 -21
  27. data/test/controllers/devise_token_auth/registrations_controller_test.rb +28 -15
  28. data/test/controllers/devise_token_auth/sessions_controller_test.rb +39 -10
  29. data/test/controllers/devise_token_auth/unlocks_controller_test.rb +21 -4
  30. data/test/controllers/overrides/confirmations_controller_test.rb +1 -1
  31. data/test/dummy/app/views/layouts/application.html.erb +0 -2
  32. data/test/dummy/config/application.rb +0 -1
  33. data/test/dummy/config/environments/development.rb +0 -10
  34. data/test/dummy/config/environments/production.rb +0 -16
  35. data/test/dummy/tmp/generators/app/controllers/application_controller.rb +6 -0
  36. data/test/dummy/tmp/generators/app/models/azpire/v1/human_resource/user.rb +56 -0
  37. data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +60 -0
  38. data/test/lib/devise_token_auth/blacklist_test.rb +11 -3
  39. data/test/lib/devise_token_auth/rails/custom_routes_test.rb +29 -0
  40. data/test/lib/devise_token_auth/rails/routes_test.rb +87 -0
  41. data/test/lib/generators/devise_token_auth/install_generator_test.rb +1 -1
  42. data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +1 -1
  43. data/test/models/concerns/tokens_serialization_test.rb +39 -5
  44. data/test/test_helper.rb +35 -4
  45. metadata +15 -25
  46. data/test/dummy/config/initializers/assets.rb +0 -10
  47. data/test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb +0 -5
  48. data/test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb +0 -8
@@ -85,37 +85,89 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
85
85
  end
86
86
 
87
87
  describe 'request password reset' do
88
- describe 'unknown user should return 404' do
89
- before do
90
- post :create,
91
- params: { email: 'chester@cheet.ah',
92
- redirect_url: @redirect_url }
93
- @data = JSON.parse(response.body)
94
- end
88
+ describe 'unknown user' do
89
+ describe 'without paranoid mode' do
90
+ before do
91
+ post :create,
92
+ params: { email: 'chester@cheet.ah',
93
+ redirect_url: @redirect_url }
94
+ @data = JSON.parse(response.body)
95
+ end
95
96
 
96
- test 'unknown user should return 404' do
97
- assert_equal 404, response.status
97
+ test 'unknown user should return 404' do
98
+ assert_equal 404, response.status
99
+ end
100
+
101
+ test 'errors should be returned' do
102
+ assert @data['errors']
103
+ assert_equal @data['errors'],
104
+ [I18n.t('devise_token_auth.passwords.user_not_found',
105
+ email: 'chester@cheet.ah')]
106
+ end
98
107
  end
99
108
 
100
- test 'errors should be returned' do
101
- assert @data['errors']
102
- assert_equal @data['errors'],
103
- [I18n.t('devise_token_auth.passwords.user_not_found',
104
- email: 'chester@cheet.ah')]
109
+ describe 'with paranoid mode' do
110
+ before do
111
+ swap Devise, paranoid: true do
112
+ post :create,
113
+ params: { email: 'chester@cheet.ah',
114
+ redirect_url: @redirect_url }
115
+ @data = JSON.parse(response.body)
116
+ end
117
+ end
118
+
119
+ test 'unknown user should return 404' do
120
+ assert_equal 404, response.status
121
+ end
122
+
123
+ test 'errors should be returned' do
124
+ assert @data['errors']
125
+ assert_equal @data['errors'],
126
+ [I18n.t('devise_token_auth.passwords.sended_paranoid')]
127
+ end
105
128
  end
106
129
  end
107
130
 
108
131
  describe 'successfully requested password reset' do
109
- before do
110
- post :create,
111
- params: { email: @resource.email,
112
- redirect_url: @redirect_url }
132
+ describe 'without paranoid mode' do
133
+ before do
134
+ post :create,
135
+ params: { email: @resource.email,
136
+ redirect_url: @redirect_url }
113
137
 
114
- @data = JSON.parse(response.body)
138
+ @data = JSON.parse(response.body)
139
+ end
140
+
141
+ test 'response should not contain extra data' do
142
+ assert_nil @data['data']
143
+ end
144
+
145
+ test 'response should contains message' do
146
+ assert_equal \
147
+ @data['message'],
148
+ I18n.t('devise_token_auth.passwords.sended', email: @resource.email)
149
+ end
115
150
  end
116
151
 
117
- test 'response should not contain extra data' do
118
- assert_nil @data['data']
152
+ describe 'with paranoid mode' do
153
+ before do
154
+ swap Devise, paranoid: true do
155
+ post :create,
156
+ params: { email: @resource.email,
157
+ redirect_url: @redirect_url }
158
+ @data = JSON.parse(response.body)
159
+ end
160
+ end
161
+
162
+ test 'response should return success status' do
163
+ assert_equal 200, response.status
164
+ end
165
+
166
+ test 'response should contain message' do
167
+ assert_equal \
168
+ @data['message'],
169
+ I18n.t('devise_token_auth.passwords.sended_paranoid')
170
+ end
119
171
  end
120
172
  end
121
173
 
@@ -10,6 +10,17 @@ require 'test_helper'
10
10
 
11
11
  class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::IntegrationTest
12
12
  describe DeviseTokenAuth::RegistrationsController do
13
+
14
+ def mock_registration_params
15
+ {
16
+ email: Faker::Internet.email,
17
+ password: 'secret123',
18
+ password_confirmation: 'secret123',
19
+ confirm_success_url: Faker::Internet.url,
20
+ unpermitted_param: '(x_x)'
21
+ }
22
+ end
23
+
13
24
  describe 'Validate non-empty body' do
14
25
  before do
15
26
  # need to post empty data
@@ -41,13 +52,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
41
52
  @mails_sent = ActionMailer::Base.deliveries.count
42
53
 
43
54
  post '/auth',
44
- params: {
45
- email: Faker::Internet.email,
46
- password: 'secret123',
47
- password_confirmation: 'secret123',
48
- confirm_success_url: Faker::Internet.url,
49
- unpermitted_param: '(x_x)'
50
- }
55
+ params: mock_registration_params
51
56
 
52
57
  @resource = assigns(:resource)
53
58
  @data = JSON.parse(response.body)
@@ -87,17 +92,10 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
87
92
  before do
88
93
  @original_duration = Devise.allow_unconfirmed_access_for
89
94
  Devise.allow_unconfirmed_access_for = nil
90
- post '/auth',
91
- params: {
92
- email: Faker::Internet.email,
93
- password: 'secret123',
94
- password_confirmation: 'secret123',
95
- confirm_success_url: Faker::Internet.url,
96
- unpermitted_param: '(x_x)'
97
- }
98
95
  end
99
96
 
100
97
  test 'auth headers were returned in response' do
98
+ post '/auth', params: mock_registration_params
101
99
  assert response.headers['access-token']
102
100
  assert response.headers['token-type']
103
101
  assert response.headers['client']
@@ -105,6 +103,21 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
105
103
  assert response.headers['uid']
106
104
  end
107
105
 
106
+ describe 'using auth cookie' do
107
+ before do
108
+ DeviseTokenAuth.cookie_enabled = true
109
+ end
110
+
111
+ test 'auth cookie was returned in response' do
112
+ post '/auth', params: mock_registration_params
113
+ assert response.cookies[DeviseTokenAuth.cookie_name]
114
+ end
115
+
116
+ after do
117
+ DeviseTokenAuth.cookie_enabled = false
118
+ end
119
+ end
120
+
108
121
  after do
109
122
  Devise.allow_unconfirmed_access_for = @original_duration
110
123
  end
@@ -17,11 +17,12 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
17
17
 
18
18
  describe 'success' do
19
19
  before do
20
- post :create,
21
- params: {
22
- email: @existing_user.email,
23
- password: @existing_user.password
24
- }
20
+ @user_session_params = {
21
+ email: @existing_user.email,
22
+ password: @existing_user.password
23
+ }
24
+
25
+ post :create, params: @user_session_params
25
26
 
26
27
  @resource = assigns(:resource)
27
28
  @data = JSON.parse(response.body)
@@ -35,17 +36,27 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
35
36
  assert_equal @existing_user.email, @data['data']['email']
36
37
  end
37
38
 
39
+ describe 'using auth cookie' do
40
+ before do
41
+ DeviseTokenAuth.cookie_enabled = true
42
+ end
43
+
44
+ test 'request should return auth cookie' do
45
+ post :create, params: @user_session_params
46
+ assert response.cookies[DeviseTokenAuth.cookie_name]
47
+ end
48
+
49
+ after do
50
+ DeviseTokenAuth.cookie_enabled = false
51
+ end
52
+ end
53
+
38
54
  describe "with multiple clients and headers don't change in each request" do
39
55
  before do
40
56
  # Set the max_number_of_devices to a lower number
41
57
  # to expedite tests! (Default is 10)
42
58
  DeviseTokenAuth.max_number_of_devices = 2
43
59
  DeviseTokenAuth.change_headers_on_each_request = false
44
-
45
- @user_session_params = {
46
- email: @existing_user.email,
47
- password: @existing_user.password
48
- }
49
60
  end
50
61
 
51
62
  test 'should limit the maximum number of concurrent devices' do
@@ -159,6 +170,24 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
159
170
  test 'session was destroyed' do
160
171
  assert_equal true, @controller.reset_session_called
161
172
  end
173
+
174
+ describe 'using auth cookie' do
175
+ before do
176
+ DeviseTokenAuth.cookie_enabled = true
177
+ @auth_token = @existing_user.create_new_auth_token
178
+ @controller.send(:cookies)[DeviseTokenAuth.cookie_name] = { value: @auth_token.to_json }
179
+ end
180
+
181
+ test 'auth cookie was destroyed' do
182
+ assert_equal @auth_token.to_json, @controller.send(:cookies)[DeviseTokenAuth.cookie_name] # sanity check
183
+ delete :destroy, format: :json
184
+ assert_nil @controller.send(:cookies)[DeviseTokenAuth.cookie_name]
185
+ end
186
+
187
+ after do
188
+ DeviseTokenAuth.cookie_enabled = false
189
+ end
190
+ end
162
191
  end
163
192
 
164
193
  describe 'unauthed user sign out' do
@@ -57,7 +57,7 @@ class DeviseTokenAuth::UnlocksControllerTest < ActionController::TestCase
57
57
  end
58
58
 
59
59
  describe 'request unlock' do
60
- describe 'unknown user should return 404' do
60
+ describe 'without paranoid mode' do
61
61
  before do
62
62
  post :create, params: { email: 'chester@cheet.ah' }
63
63
  @data = JSON.parse(response.body)
@@ -68,9 +68,26 @@ class DeviseTokenAuth::UnlocksControllerTest < ActionController::TestCase
68
68
 
69
69
  test 'errors should be returned' do
70
70
  assert @data['errors']
71
- assert_equal @data['errors'],
72
- [I18n.t('devise_token_auth.passwords.user_not_found',
73
- email: 'chester@cheet.ah')]
71
+ assert_equal @data['errors'], [I18n.t('devise_token_auth.unlocks.user_not_found',
72
+ email: 'chester@cheet.ah')]
73
+ end
74
+ end
75
+
76
+ describe 'with paranoid mode' do
77
+ before do
78
+ swap Devise, paranoid: true do
79
+ post :create, params: { email: 'chester@cheet.ah' }
80
+ @data = JSON.parse(response.body)
81
+ end
82
+ end
83
+
84
+ test 'unknown user should return 404' do
85
+ assert_equal 404, response.status
86
+ end
87
+
88
+ test 'errors should be returned' do
89
+ assert @data['errors']
90
+ assert_equal @data['errors'], [I18n.t('devise_token_auth.unlocks.sended_paranoid')]
74
91
  end
75
92
  end
76
93
 
@@ -38,7 +38,7 @@ class Overrides::ConfirmationsControllerTest < ActionDispatch::IntegrationTest
38
38
  override_proof_str = '(^^,)'
39
39
 
40
40
  # ensure present in redirect URL
41
- override_proof_param = URI.unescape(response.headers['Location']
41
+ override_proof_param = CGI.unescape(response.headers['Location']
42
42
  .match(/override_proof=([^&]*)&/)[1])
43
43
 
44
44
  assert_equal override_proof_str, override_proof_param
@@ -2,8 +2,6 @@
2
2
  <html>
3
3
  <head>
4
4
  <title>Dummy</title>
5
- <%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track' => true %>
6
- <%= javascript_include_tag 'application', 'data-turbolinks-track' => true %>
7
5
  <%= csrf_meta_tags %>
8
6
  </head>
9
7
  <body>
@@ -4,7 +4,6 @@ require File.expand_path('boot', __dir__)
4
4
 
5
5
  require 'action_controller/railtie'
6
6
  require 'action_mailer/railtie'
7
- require 'sprockets/railtie'
8
7
  require 'rails/generators'
9
8
  require 'rack/cors'
10
9
 
@@ -29,16 +29,6 @@ Rails.application.configure do
29
29
  # Raise an error on page load if there are pending migrations.
30
30
  config.active_record.migration_error = :page_load
31
31
 
32
- # Debug mode disables concatenation and preprocessing of assets.
33
- # This option may cause significant delays in view rendering with a large
34
- # number of complex assets.
35
- config.assets.debug = true
36
-
37
- # Adds additional error checking when serving assets at runtime.
38
- # Checks for improperly declared sprockets dependencies.
39
- # Raises helpful error messages.
40
- config.assets.raise_runtime_errors = true
41
-
42
32
  # Raises error for missing translations
43
33
  # config.action_view.raise_on_missing_translations = true
44
34
 
@@ -24,18 +24,6 @@ Rails.application.configure do
24
24
  # Disable Rails's static asset server (Apache or nginx will already do this).
25
25
  config.serve_static_files = false
26
26
 
27
- # Compress JavaScripts and CSS.
28
- config.assets.js_compressor = :uglifier
29
- # config.assets.css_compressor = :sass
30
-
31
- # Do not fallback to assets pipeline if a precompiled asset is missed.
32
- config.assets.compile = false
33
-
34
- # Generate digests for assets URLs.
35
- config.assets.digest = true
36
-
37
- # `config.assets.precompile` has moved to config/initializers/assets.rb
38
-
39
27
  # Specifies the header that your server uses for sending files.
40
28
  # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
41
29
  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
@@ -58,10 +46,6 @@ Rails.application.configure do
58
46
  # Enable serving of images, stylesheets, and JavaScripts from an asset server.
59
47
  # config.action_controller.asset_host = "http://assets.example.com"
60
48
 
61
- # Precompile additional assets.
62
- # application.js, application.css, and all non-JS/CSS in app/assets folder are already added.
63
- # config.assets.precompile += %w( search.js )
64
-
65
49
  # Ignore bad email addresses and do not raise email delivery errors.
66
50
  # Set this to true and configure the email server for immediate delivery to raise delivery errors.
67
51
  # config.action_mailer.raise_delivery_errors = false
@@ -0,0 +1,6 @@
1
+ class ApplicationController < ActionController::Base
2
+ include DeviseTokenAuth::Concerns::SetUserByToken
3
+ def whatever
4
+ 'whatever'
5
+ end
6
+ end
@@ -0,0 +1,56 @@
1
+ # frozen_string_literal: true
2
+
3
+ class Azpire::V1::HumanResource::User
4
+ include Mongoid::Document
5
+ include Mongoid::Timestamps
6
+ include Mongoid::Locker
7
+
8
+ field :locker_locked_at, type: Time
9
+ field :locker_locked_until, type: Time
10
+
11
+ locker locked_at_field: :locker_locked_at,
12
+ locked_until_field: :locker_locked_until
13
+
14
+ ## Database authenticatable
15
+ field :email, type: String, default: ''
16
+ field :encrypted_password, type: String, default: ''
17
+
18
+ ## Recoverable
19
+ field :reset_password_token, type: String
20
+ field :reset_password_sent_at, type: Time
21
+ field :reset_password_redirect_url, type: String
22
+ field :allow_password_change, type: Boolean, default: false
23
+
24
+ ## Rememberable
25
+ field :remember_created_at, type: Time
26
+
27
+ ## Confirmable
28
+ field :confirmation_token, type: String
29
+ field :confirmed_at, type: Time
30
+ field :confirmation_sent_at, type: Time
31
+ field :unconfirmed_email, type: String # Only if using reconfirmable
32
+
33
+ ## Lockable
34
+ # field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts
35
+ # field :unlock_token, type: String # Only if unlock strategy is :email or :both
36
+ # field :locked_at, type: Time
37
+
38
+ ## Required
39
+ field :provider, type: String
40
+ field :uid, type: String, default: ''
41
+
42
+ ## Tokens
43
+ field :tokens, type: Hash, default: {}
44
+
45
+ # Include default devise modules. Others available are:
46
+ # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
47
+ devise :database_authenticatable, :registerable,
48
+ :recoverable, :rememberable, :validatable
49
+ include DeviseTokenAuth::Concerns::User
50
+
51
+ index({ email: 1 }, { name: 'email_index', unique: true, background: true })
52
+ index({ reset_password_token: 1 }, { name: 'reset_password_token_index', unique: true, sparse: true, background: true })
53
+ index({ confirmation_token: 1 }, { name: 'confirmation_token_index', unique: true, sparse: true, background: true })
54
+ index({ uid: 1, provider: 1}, { name: 'uid_provider_index', unique: true, background: true })
55
+ # index({ unlock_token: 1 }, { name: 'unlock_token_index', unique: true, sparse: true, background: true })
56
+ end
@@ -0,0 +1,60 @@
1
+ # frozen_string_literal: true
2
+
3
+ DeviseTokenAuth.setup do |config|
4
+ # By default the authorization headers will change after each request. The
5
+ # client is responsible for keeping track of the changing tokens. Change
6
+ # this to false to prevent the Authorization header from changing after
7
+ # each request.
8
+ # config.change_headers_on_each_request = true
9
+
10
+ # By default, users will need to re-authenticate after 2 weeks. This setting
11
+ # determines how long tokens will remain valid after they are issued.
12
+ # config.token_lifespan = 2.weeks
13
+
14
+ # Limiting the token_cost to just 4 in testing will increase the performance of
15
+ # your test suite dramatically. The possible cost value is within range from 4
16
+ # to 31. It is recommended to not use a value more than 10 in other environments.
17
+ config.token_cost = Rails.env.test? ? 4 : 10
18
+
19
+ # Sets the max number of concurrent devices per user, which is 10 by default.
20
+ # After this limit is reached, the oldest tokens will be removed.
21
+ # config.max_number_of_devices = 10
22
+
23
+ # Sometimes it's necessary to make several requests to the API at the same
24
+ # time. In this case, each request in the batch will need to share the same
25
+ # auth token. This setting determines how far apart the requests can be while
26
+ # still using the same auth token.
27
+ # config.batch_request_buffer_throttle = 5.seconds
28
+
29
+ # This route will be the prefix for all oauth2 redirect callbacks. For
30
+ # example, using the default '/omniauth', the github oauth2 provider will
31
+ # redirect successful authentications to '/omniauth/github/callback'
32
+ # config.omniauth_prefix = "/omniauth"
33
+
34
+ # By default sending current password is not needed for the password update.
35
+ # Uncomment to enforce current_password param to be checked before all
36
+ # attribute updates. Set it to :password if you want it to be checked only if
37
+ # password is updated.
38
+ # config.check_current_password_before_update = :attributes
39
+
40
+ # By default we will use callbacks for single omniauth.
41
+ # It depends on fields like email, provider and uid.
42
+ # config.default_callbacks = true
43
+
44
+ # Makes it possible to change the headers names
45
+ # config.headers_names = {:'access-token' => 'access-token',
46
+ # :'client' => 'client',
47
+ # :'expiry' => 'expiry',
48
+ # :'uid' => 'uid',
49
+ # :'token-type' => 'token-type' }
50
+
51
+ # By default, only Bearer Token authentication is implemented out of the box.
52
+ # If, however, you wish to integrate with legacy Devise authentication, you can
53
+ # do so by enabling this flag. NOTE: This feature is highly experimental!
54
+ # config.enable_standard_devise_support = false
55
+
56
+ # By default DeviseTokenAuth will not send confirmation email, even when including
57
+ # devise confirmable module. If you want to use devise confirmable module and
58
+ # send email, set it to true. (This is a setting for compatibility)
59
+ # config.send_confirmation_email = true
60
+ end
@@ -3,9 +3,17 @@
3
3
  require 'test_helper'
4
4
 
5
5
  class DeviseTokenAuth::BlacklistTest < ActiveSupport::TestCase
6
- describe Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION do
7
- test 'should include :tokens' do
8
- assert Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION.include?(:tokens)
6
+ if defined? Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION
7
+ describe Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION do
8
+ test 'should include :tokens' do
9
+ assert Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION.include?(:tokens)
10
+ end
11
+ end
12
+ else
13
+ describe Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION do
14
+ test 'should include :tokens' do
15
+ assert Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION.include?(:tokens)
16
+ end
9
17
  end
10
18
  end
11
19
  end
@@ -0,0 +1,29 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'test_helper'
4
+
5
+ class DeviseTokenAuth::CustomRoutesTest < ActiveSupport::TestCase
6
+ after do
7
+ Rails.application.reload_routes!
8
+ end
9
+ test 'custom controllers' do
10
+ class ActionDispatch::Routing::Mapper
11
+ include Mocha::ParameterMatchers
12
+ end
13
+ Rails.application.routes.draw do
14
+ self.expects(:devise_for).with(
15
+ :users,
16
+ has_entries(
17
+ controllers: has_entries(
18
+ invitations: "custom/invitations", foo: "custom/foo"
19
+ )
20
+ )
21
+ )
22
+
23
+ mount_devise_token_auth_for 'User', at: 'my_custom_users', controllers: {
24
+ invitations: 'custom/invitations',
25
+ foo: 'custom/foo'
26
+ }
27
+ end
28
+ end
29
+ end
@@ -0,0 +1,87 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'test_helper'
4
+
5
+ # Needed for MiniTest to start a controller test so we can use assert_recognizes
6
+ class DeviseTokenAuth::RoutesTestController < DeviseTokenAuth::ApplicationController
7
+ end
8
+
9
+ class DeviseTokenAuth::RoutesTest < ActionController::TestCase
10
+ self.controller_class = DeviseTokenAuth::RoutesTestController
11
+ before do
12
+ Rails.application.routes.draw do
13
+ mount_devise_token_auth_for 'User', at: 'my_custom_users', controllers: {
14
+ invitations: 'custom/invitations',
15
+ foo: 'custom/foo'
16
+ }
17
+ end
18
+ end
19
+
20
+ after do
21
+ Rails.application.reload_routes!
22
+ end
23
+
24
+ test 'map new user session' do
25
+ assert_recognizes({controller: 'devise_token_auth/sessions', action: 'new'}, {path: 'my_custom_users/sign_in', method: :get})
26
+ end
27
+
28
+ test 'map create user session' do
29
+ assert_recognizes({controller: 'devise_token_auth/sessions', action: 'create'}, {path: 'my_custom_users/sign_in', method: :post})
30
+ end
31
+
32
+ test 'map destroy user session' do
33
+ assert_recognizes({controller: 'devise_token_auth/sessions', action: 'destroy'}, {path: 'my_custom_users/sign_out', method: :delete})
34
+ end
35
+
36
+ test 'map new user confirmation' do
37
+ assert_recognizes({controller: 'devise_token_auth/confirmations', action: 'new'}, 'my_custom_users/confirmation/new')
38
+ end
39
+
40
+ test 'map create user confirmation' do
41
+ assert_recognizes({controller: 'devise_token_auth/confirmations', action: 'create'}, {path: 'my_custom_users/confirmation', method: :post})
42
+ end
43
+
44
+ test 'map show user confirmation' do
45
+ assert_recognizes({controller: 'devise_token_auth/confirmations', action: 'show'}, {path: 'my_custom_users/confirmation', method: :get})
46
+ end
47
+
48
+ test 'map new user password' do
49
+ assert_recognizes({controller: 'devise_token_auth/passwords', action: 'new'}, 'my_custom_users/password/new')
50
+ end
51
+
52
+ test 'map create user password' do
53
+ assert_recognizes({controller: 'devise_token_auth/passwords', action: 'create'}, {path: 'my_custom_users/password', method: :post})
54
+ end
55
+
56
+ test 'map edit user password' do
57
+ assert_recognizes({controller: 'devise_token_auth/passwords', action: 'edit'}, 'my_custom_users/password/edit')
58
+ end
59
+
60
+ test 'map update user password' do
61
+ assert_recognizes({controller: 'devise_token_auth/passwords', action: 'update'}, {path: 'my_custom_users/password', method: :put})
62
+ end
63
+
64
+ test 'map new user registration' do
65
+ assert_recognizes({controller: 'devise_token_auth/registrations', action: 'new'}, 'my_custom_users/sign_up')
66
+ end
67
+
68
+ test 'map create user registration' do
69
+ assert_recognizes({controller: 'devise_token_auth/registrations', action: 'create'}, {path: 'my_custom_users', method: :post})
70
+ end
71
+
72
+ test 'map edit user registration' do
73
+ assert_recognizes({controller: 'devise_token_auth/registrations', action: 'edit'}, {path: 'my_custom_users/edit', method: :get})
74
+ end
75
+
76
+ test 'map update user registration' do
77
+ assert_recognizes({controller: 'devise_token_auth/registrations', action: 'update'}, {path: 'my_custom_users', method: :put})
78
+ end
79
+
80
+ test 'map destroy user registration' do
81
+ assert_recognizes({controller: 'devise_token_auth/registrations', action: 'destroy'}, {path: 'my_custom_users', method: :delete})
82
+ end
83
+
84
+ test 'map cancel user registration' do
85
+ assert_recognizes({controller: 'devise_token_auth/registrations', action: 'cancel'}, {path: 'my_custom_users/cancel', method: :get})
86
+ end
87
+ end
@@ -70,7 +70,7 @@ module DeviseTokenAuth
70
70
  case DEVISE_TOKEN_AUTH_ORM
71
71
  when :active_record
72
72
  # account for rails version 5
73
- active_record_needle = (Rails::VERSION::MAJOR == 5) ? 'ApplicationRecord' : 'ActiveRecord::Base'
73
+ active_record_needle = (Rails::VERSION::MAJOR >= 5) ? 'ApplicationRecord' : 'ActiveRecord::Base'
74
74
 
75
75
  @f = File.open(@fname, 'w') do |f|
76
76
  f.write <<-RUBY
@@ -75,7 +75,7 @@ module DeviseTokenAuth
75
75
  case DEVISE_TOKEN_AUTH_ORM
76
76
  when :active_record
77
77
  # account for rails version 5
78
- active_record_needle = (Rails::VERSION::MAJOR == 5) ? 'ApplicationRecord' : 'ActiveRecord::Base'
78
+ active_record_needle = (Rails::VERSION::MAJOR >= 5) ? 'ApplicationRecord' : 'ActiveRecord::Base'
79
79
 
80
80
  @f = File.open(@fname, 'w') do |f|
81
81
  f.write <<-RUBY