devise_token_auth 1.1.4 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/controllers/devise_token_auth/application_controller.rb +8 -0
- data/app/controllers/devise_token_auth/concerns/resource_finder.rb +14 -1
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +31 -7
- data/app/controllers/devise_token_auth/confirmations_controller.rb +8 -4
- data/app/controllers/devise_token_auth/passwords_controller.rb +6 -2
- data/app/controllers/devise_token_auth/sessions_controller.rb +7 -1
- data/app/controllers/devise_token_auth/unlocks_controller.rb +6 -2
- data/app/models/devise_token_auth/concerns/active_record_support.rb +0 -2
- data/app/models/devise_token_auth/concerns/confirmable_support.rb +2 -1
- data/app/models/devise_token_auth/concerns/tokens_serialization.rb +16 -4
- data/app/models/devise_token_auth/concerns/user.rb +4 -9
- data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +3 -0
- data/app/validators/devise_token_auth_email_validator.rb +1 -1
- data/app/views/devise_token_auth/omniauth_external_window.html.erb +1 -1
- data/config/locales/en.yml +3 -0
- data/lib/devise_token_auth/blacklist.rb +5 -1
- data/lib/devise_token_auth/controllers/helpers.rb +5 -9
- data/lib/devise_token_auth/engine.rb +6 -0
- data/lib/devise_token_auth/rails/routes.rb +15 -10
- data/lib/devise_token_auth/version.rb +1 -1
- data/lib/generators/devise_token_auth/install_generator.rb +1 -1
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +1 -1
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +91 -19
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +2 -2
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +73 -21
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +28 -15
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +39 -10
- data/test/controllers/devise_token_auth/unlocks_controller_test.rb +21 -4
- data/test/controllers/overrides/confirmations_controller_test.rb +1 -1
- data/test/dummy/app/views/layouts/application.html.erb +0 -2
- data/test/dummy/config/application.rb +0 -1
- data/test/dummy/config/environments/development.rb +0 -10
- data/test/dummy/config/environments/production.rb +0 -16
- data/test/dummy/tmp/generators/app/controllers/application_controller.rb +6 -0
- data/test/dummy/tmp/generators/app/models/azpire/v1/human_resource/user.rb +56 -0
- data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +60 -0
- data/test/lib/devise_token_auth/blacklist_test.rb +11 -3
- data/test/lib/devise_token_auth/rails/custom_routes_test.rb +29 -0
- data/test/lib/devise_token_auth/rails/routes_test.rb +87 -0
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +1 -1
- data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +1 -1
- data/test/models/concerns/tokens_serialization_test.rb +39 -5
- data/test/test_helper.rb +35 -4
- metadata +15 -25
- data/test/dummy/config/initializers/assets.rb +0 -10
- data/test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb +0 -5
- data/test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb +0 -8
@@ -85,37 +85,89 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
85
85
|
end
|
86
86
|
|
87
87
|
describe 'request password reset' do
|
88
|
-
describe 'unknown user
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
88
|
+
describe 'unknown user' do
|
89
|
+
describe 'without paranoid mode' do
|
90
|
+
before do
|
91
|
+
post :create,
|
92
|
+
params: { email: 'chester@cheet.ah',
|
93
|
+
redirect_url: @redirect_url }
|
94
|
+
@data = JSON.parse(response.body)
|
95
|
+
end
|
95
96
|
|
96
|
-
|
97
|
-
|
97
|
+
test 'unknown user should return 404' do
|
98
|
+
assert_equal 404, response.status
|
99
|
+
end
|
100
|
+
|
101
|
+
test 'errors should be returned' do
|
102
|
+
assert @data['errors']
|
103
|
+
assert_equal @data['errors'],
|
104
|
+
[I18n.t('devise_token_auth.passwords.user_not_found',
|
105
|
+
email: 'chester@cheet.ah')]
|
106
|
+
end
|
98
107
|
end
|
99
108
|
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
109
|
+
describe 'with paranoid mode' do
|
110
|
+
before do
|
111
|
+
swap Devise, paranoid: true do
|
112
|
+
post :create,
|
113
|
+
params: { email: 'chester@cheet.ah',
|
114
|
+
redirect_url: @redirect_url }
|
115
|
+
@data = JSON.parse(response.body)
|
116
|
+
end
|
117
|
+
end
|
118
|
+
|
119
|
+
test 'unknown user should return 404' do
|
120
|
+
assert_equal 404, response.status
|
121
|
+
end
|
122
|
+
|
123
|
+
test 'errors should be returned' do
|
124
|
+
assert @data['errors']
|
125
|
+
assert_equal @data['errors'],
|
126
|
+
[I18n.t('devise_token_auth.passwords.sended_paranoid')]
|
127
|
+
end
|
105
128
|
end
|
106
129
|
end
|
107
130
|
|
108
131
|
describe 'successfully requested password reset' do
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
132
|
+
describe 'without paranoid mode' do
|
133
|
+
before do
|
134
|
+
post :create,
|
135
|
+
params: { email: @resource.email,
|
136
|
+
redirect_url: @redirect_url }
|
113
137
|
|
114
|
-
|
138
|
+
@data = JSON.parse(response.body)
|
139
|
+
end
|
140
|
+
|
141
|
+
test 'response should not contain extra data' do
|
142
|
+
assert_nil @data['data']
|
143
|
+
end
|
144
|
+
|
145
|
+
test 'response should contains message' do
|
146
|
+
assert_equal \
|
147
|
+
@data['message'],
|
148
|
+
I18n.t('devise_token_auth.passwords.sended', email: @resource.email)
|
149
|
+
end
|
115
150
|
end
|
116
151
|
|
117
|
-
|
118
|
-
|
152
|
+
describe 'with paranoid mode' do
|
153
|
+
before do
|
154
|
+
swap Devise, paranoid: true do
|
155
|
+
post :create,
|
156
|
+
params: { email: @resource.email,
|
157
|
+
redirect_url: @redirect_url }
|
158
|
+
@data = JSON.parse(response.body)
|
159
|
+
end
|
160
|
+
end
|
161
|
+
|
162
|
+
test 'response should return success status' do
|
163
|
+
assert_equal 200, response.status
|
164
|
+
end
|
165
|
+
|
166
|
+
test 'response should contain message' do
|
167
|
+
assert_equal \
|
168
|
+
@data['message'],
|
169
|
+
I18n.t('devise_token_auth.passwords.sended_paranoid')
|
170
|
+
end
|
119
171
|
end
|
120
172
|
end
|
121
173
|
|
@@ -10,6 +10,17 @@ require 'test_helper'
|
|
10
10
|
|
11
11
|
class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::IntegrationTest
|
12
12
|
describe DeviseTokenAuth::RegistrationsController do
|
13
|
+
|
14
|
+
def mock_registration_params
|
15
|
+
{
|
16
|
+
email: Faker::Internet.email,
|
17
|
+
password: 'secret123',
|
18
|
+
password_confirmation: 'secret123',
|
19
|
+
confirm_success_url: Faker::Internet.url,
|
20
|
+
unpermitted_param: '(x_x)'
|
21
|
+
}
|
22
|
+
end
|
23
|
+
|
13
24
|
describe 'Validate non-empty body' do
|
14
25
|
before do
|
15
26
|
# need to post empty data
|
@@ -41,13 +52,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
|
|
41
52
|
@mails_sent = ActionMailer::Base.deliveries.count
|
42
53
|
|
43
54
|
post '/auth',
|
44
|
-
params:
|
45
|
-
email: Faker::Internet.email,
|
46
|
-
password: 'secret123',
|
47
|
-
password_confirmation: 'secret123',
|
48
|
-
confirm_success_url: Faker::Internet.url,
|
49
|
-
unpermitted_param: '(x_x)'
|
50
|
-
}
|
55
|
+
params: mock_registration_params
|
51
56
|
|
52
57
|
@resource = assigns(:resource)
|
53
58
|
@data = JSON.parse(response.body)
|
@@ -87,17 +92,10 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
|
|
87
92
|
before do
|
88
93
|
@original_duration = Devise.allow_unconfirmed_access_for
|
89
94
|
Devise.allow_unconfirmed_access_for = nil
|
90
|
-
post '/auth',
|
91
|
-
params: {
|
92
|
-
email: Faker::Internet.email,
|
93
|
-
password: 'secret123',
|
94
|
-
password_confirmation: 'secret123',
|
95
|
-
confirm_success_url: Faker::Internet.url,
|
96
|
-
unpermitted_param: '(x_x)'
|
97
|
-
}
|
98
95
|
end
|
99
96
|
|
100
97
|
test 'auth headers were returned in response' do
|
98
|
+
post '/auth', params: mock_registration_params
|
101
99
|
assert response.headers['access-token']
|
102
100
|
assert response.headers['token-type']
|
103
101
|
assert response.headers['client']
|
@@ -105,6 +103,21 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
|
|
105
103
|
assert response.headers['uid']
|
106
104
|
end
|
107
105
|
|
106
|
+
describe 'using auth cookie' do
|
107
|
+
before do
|
108
|
+
DeviseTokenAuth.cookie_enabled = true
|
109
|
+
end
|
110
|
+
|
111
|
+
test 'auth cookie was returned in response' do
|
112
|
+
post '/auth', params: mock_registration_params
|
113
|
+
assert response.cookies[DeviseTokenAuth.cookie_name]
|
114
|
+
end
|
115
|
+
|
116
|
+
after do
|
117
|
+
DeviseTokenAuth.cookie_enabled = false
|
118
|
+
end
|
119
|
+
end
|
120
|
+
|
108
121
|
after do
|
109
122
|
Devise.allow_unconfirmed_access_for = @original_duration
|
110
123
|
end
|
@@ -17,11 +17,12 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
|
|
17
17
|
|
18
18
|
describe 'success' do
|
19
19
|
before do
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
20
|
+
@user_session_params = {
|
21
|
+
email: @existing_user.email,
|
22
|
+
password: @existing_user.password
|
23
|
+
}
|
24
|
+
|
25
|
+
post :create, params: @user_session_params
|
25
26
|
|
26
27
|
@resource = assigns(:resource)
|
27
28
|
@data = JSON.parse(response.body)
|
@@ -35,17 +36,27 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
|
|
35
36
|
assert_equal @existing_user.email, @data['data']['email']
|
36
37
|
end
|
37
38
|
|
39
|
+
describe 'using auth cookie' do
|
40
|
+
before do
|
41
|
+
DeviseTokenAuth.cookie_enabled = true
|
42
|
+
end
|
43
|
+
|
44
|
+
test 'request should return auth cookie' do
|
45
|
+
post :create, params: @user_session_params
|
46
|
+
assert response.cookies[DeviseTokenAuth.cookie_name]
|
47
|
+
end
|
48
|
+
|
49
|
+
after do
|
50
|
+
DeviseTokenAuth.cookie_enabled = false
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
38
54
|
describe "with multiple clients and headers don't change in each request" do
|
39
55
|
before do
|
40
56
|
# Set the max_number_of_devices to a lower number
|
41
57
|
# to expedite tests! (Default is 10)
|
42
58
|
DeviseTokenAuth.max_number_of_devices = 2
|
43
59
|
DeviseTokenAuth.change_headers_on_each_request = false
|
44
|
-
|
45
|
-
@user_session_params = {
|
46
|
-
email: @existing_user.email,
|
47
|
-
password: @existing_user.password
|
48
|
-
}
|
49
60
|
end
|
50
61
|
|
51
62
|
test 'should limit the maximum number of concurrent devices' do
|
@@ -159,6 +170,24 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
|
|
159
170
|
test 'session was destroyed' do
|
160
171
|
assert_equal true, @controller.reset_session_called
|
161
172
|
end
|
173
|
+
|
174
|
+
describe 'using auth cookie' do
|
175
|
+
before do
|
176
|
+
DeviseTokenAuth.cookie_enabled = true
|
177
|
+
@auth_token = @existing_user.create_new_auth_token
|
178
|
+
@controller.send(:cookies)[DeviseTokenAuth.cookie_name] = { value: @auth_token.to_json }
|
179
|
+
end
|
180
|
+
|
181
|
+
test 'auth cookie was destroyed' do
|
182
|
+
assert_equal @auth_token.to_json, @controller.send(:cookies)[DeviseTokenAuth.cookie_name] # sanity check
|
183
|
+
delete :destroy, format: :json
|
184
|
+
assert_nil @controller.send(:cookies)[DeviseTokenAuth.cookie_name]
|
185
|
+
end
|
186
|
+
|
187
|
+
after do
|
188
|
+
DeviseTokenAuth.cookie_enabled = false
|
189
|
+
end
|
190
|
+
end
|
162
191
|
end
|
163
192
|
|
164
193
|
describe 'unauthed user sign out' do
|
@@ -57,7 +57,7 @@ class DeviseTokenAuth::UnlocksControllerTest < ActionController::TestCase
|
|
57
57
|
end
|
58
58
|
|
59
59
|
describe 'request unlock' do
|
60
|
-
describe '
|
60
|
+
describe 'without paranoid mode' do
|
61
61
|
before do
|
62
62
|
post :create, params: { email: 'chester@cheet.ah' }
|
63
63
|
@data = JSON.parse(response.body)
|
@@ -68,9 +68,26 @@ class DeviseTokenAuth::UnlocksControllerTest < ActionController::TestCase
|
|
68
68
|
|
69
69
|
test 'errors should be returned' do
|
70
70
|
assert @data['errors']
|
71
|
-
assert_equal @data['errors'],
|
72
|
-
|
73
|
-
|
71
|
+
assert_equal @data['errors'], [I18n.t('devise_token_auth.unlocks.user_not_found',
|
72
|
+
email: 'chester@cheet.ah')]
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
describe 'with paranoid mode' do
|
77
|
+
before do
|
78
|
+
swap Devise, paranoid: true do
|
79
|
+
post :create, params: { email: 'chester@cheet.ah' }
|
80
|
+
@data = JSON.parse(response.body)
|
81
|
+
end
|
82
|
+
end
|
83
|
+
|
84
|
+
test 'unknown user should return 404' do
|
85
|
+
assert_equal 404, response.status
|
86
|
+
end
|
87
|
+
|
88
|
+
test 'errors should be returned' do
|
89
|
+
assert @data['errors']
|
90
|
+
assert_equal @data['errors'], [I18n.t('devise_token_auth.unlocks.sended_paranoid')]
|
74
91
|
end
|
75
92
|
end
|
76
93
|
|
@@ -38,7 +38,7 @@ class Overrides::ConfirmationsControllerTest < ActionDispatch::IntegrationTest
|
|
38
38
|
override_proof_str = '(^^,)'
|
39
39
|
|
40
40
|
# ensure present in redirect URL
|
41
|
-
override_proof_param =
|
41
|
+
override_proof_param = CGI.unescape(response.headers['Location']
|
42
42
|
.match(/override_proof=([^&]*)&/)[1])
|
43
43
|
|
44
44
|
assert_equal override_proof_str, override_proof_param
|
@@ -29,16 +29,6 @@ Rails.application.configure do
|
|
29
29
|
# Raise an error on page load if there are pending migrations.
|
30
30
|
config.active_record.migration_error = :page_load
|
31
31
|
|
32
|
-
# Debug mode disables concatenation and preprocessing of assets.
|
33
|
-
# This option may cause significant delays in view rendering with a large
|
34
|
-
# number of complex assets.
|
35
|
-
config.assets.debug = true
|
36
|
-
|
37
|
-
# Adds additional error checking when serving assets at runtime.
|
38
|
-
# Checks for improperly declared sprockets dependencies.
|
39
|
-
# Raises helpful error messages.
|
40
|
-
config.assets.raise_runtime_errors = true
|
41
|
-
|
42
32
|
# Raises error for missing translations
|
43
33
|
# config.action_view.raise_on_missing_translations = true
|
44
34
|
|
@@ -24,18 +24,6 @@ Rails.application.configure do
|
|
24
24
|
# Disable Rails's static asset server (Apache or nginx will already do this).
|
25
25
|
config.serve_static_files = false
|
26
26
|
|
27
|
-
# Compress JavaScripts and CSS.
|
28
|
-
config.assets.js_compressor = :uglifier
|
29
|
-
# config.assets.css_compressor = :sass
|
30
|
-
|
31
|
-
# Do not fallback to assets pipeline if a precompiled asset is missed.
|
32
|
-
config.assets.compile = false
|
33
|
-
|
34
|
-
# Generate digests for assets URLs.
|
35
|
-
config.assets.digest = true
|
36
|
-
|
37
|
-
# `config.assets.precompile` has moved to config/initializers/assets.rb
|
38
|
-
|
39
27
|
# Specifies the header that your server uses for sending files.
|
40
28
|
# config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
|
41
29
|
# config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
|
@@ -58,10 +46,6 @@ Rails.application.configure do
|
|
58
46
|
# Enable serving of images, stylesheets, and JavaScripts from an asset server.
|
59
47
|
# config.action_controller.asset_host = "http://assets.example.com"
|
60
48
|
|
61
|
-
# Precompile additional assets.
|
62
|
-
# application.js, application.css, and all non-JS/CSS in app/assets folder are already added.
|
63
|
-
# config.assets.precompile += %w( search.js )
|
64
|
-
|
65
49
|
# Ignore bad email addresses and do not raise email delivery errors.
|
66
50
|
# Set this to true and configure the email server for immediate delivery to raise delivery errors.
|
67
51
|
# config.action_mailer.raise_delivery_errors = false
|
@@ -0,0 +1,56 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
class Azpire::V1::HumanResource::User
|
4
|
+
include Mongoid::Document
|
5
|
+
include Mongoid::Timestamps
|
6
|
+
include Mongoid::Locker
|
7
|
+
|
8
|
+
field :locker_locked_at, type: Time
|
9
|
+
field :locker_locked_until, type: Time
|
10
|
+
|
11
|
+
locker locked_at_field: :locker_locked_at,
|
12
|
+
locked_until_field: :locker_locked_until
|
13
|
+
|
14
|
+
## Database authenticatable
|
15
|
+
field :email, type: String, default: ''
|
16
|
+
field :encrypted_password, type: String, default: ''
|
17
|
+
|
18
|
+
## Recoverable
|
19
|
+
field :reset_password_token, type: String
|
20
|
+
field :reset_password_sent_at, type: Time
|
21
|
+
field :reset_password_redirect_url, type: String
|
22
|
+
field :allow_password_change, type: Boolean, default: false
|
23
|
+
|
24
|
+
## Rememberable
|
25
|
+
field :remember_created_at, type: Time
|
26
|
+
|
27
|
+
## Confirmable
|
28
|
+
field :confirmation_token, type: String
|
29
|
+
field :confirmed_at, type: Time
|
30
|
+
field :confirmation_sent_at, type: Time
|
31
|
+
field :unconfirmed_email, type: String # Only if using reconfirmable
|
32
|
+
|
33
|
+
## Lockable
|
34
|
+
# field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts
|
35
|
+
# field :unlock_token, type: String # Only if unlock strategy is :email or :both
|
36
|
+
# field :locked_at, type: Time
|
37
|
+
|
38
|
+
## Required
|
39
|
+
field :provider, type: String
|
40
|
+
field :uid, type: String, default: ''
|
41
|
+
|
42
|
+
## Tokens
|
43
|
+
field :tokens, type: Hash, default: {}
|
44
|
+
|
45
|
+
# Include default devise modules. Others available are:
|
46
|
+
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
|
47
|
+
devise :database_authenticatable, :registerable,
|
48
|
+
:recoverable, :rememberable, :validatable
|
49
|
+
include DeviseTokenAuth::Concerns::User
|
50
|
+
|
51
|
+
index({ email: 1 }, { name: 'email_index', unique: true, background: true })
|
52
|
+
index({ reset_password_token: 1 }, { name: 'reset_password_token_index', unique: true, sparse: true, background: true })
|
53
|
+
index({ confirmation_token: 1 }, { name: 'confirmation_token_index', unique: true, sparse: true, background: true })
|
54
|
+
index({ uid: 1, provider: 1}, { name: 'uid_provider_index', unique: true, background: true })
|
55
|
+
# index({ unlock_token: 1 }, { name: 'unlock_token_index', unique: true, sparse: true, background: true })
|
56
|
+
end
|
@@ -0,0 +1,60 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
DeviseTokenAuth.setup do |config|
|
4
|
+
# By default the authorization headers will change after each request. The
|
5
|
+
# client is responsible for keeping track of the changing tokens. Change
|
6
|
+
# this to false to prevent the Authorization header from changing after
|
7
|
+
# each request.
|
8
|
+
# config.change_headers_on_each_request = true
|
9
|
+
|
10
|
+
# By default, users will need to re-authenticate after 2 weeks. This setting
|
11
|
+
# determines how long tokens will remain valid after they are issued.
|
12
|
+
# config.token_lifespan = 2.weeks
|
13
|
+
|
14
|
+
# Limiting the token_cost to just 4 in testing will increase the performance of
|
15
|
+
# your test suite dramatically. The possible cost value is within range from 4
|
16
|
+
# to 31. It is recommended to not use a value more than 10 in other environments.
|
17
|
+
config.token_cost = Rails.env.test? ? 4 : 10
|
18
|
+
|
19
|
+
# Sets the max number of concurrent devices per user, which is 10 by default.
|
20
|
+
# After this limit is reached, the oldest tokens will be removed.
|
21
|
+
# config.max_number_of_devices = 10
|
22
|
+
|
23
|
+
# Sometimes it's necessary to make several requests to the API at the same
|
24
|
+
# time. In this case, each request in the batch will need to share the same
|
25
|
+
# auth token. This setting determines how far apart the requests can be while
|
26
|
+
# still using the same auth token.
|
27
|
+
# config.batch_request_buffer_throttle = 5.seconds
|
28
|
+
|
29
|
+
# This route will be the prefix for all oauth2 redirect callbacks. For
|
30
|
+
# example, using the default '/omniauth', the github oauth2 provider will
|
31
|
+
# redirect successful authentications to '/omniauth/github/callback'
|
32
|
+
# config.omniauth_prefix = "/omniauth"
|
33
|
+
|
34
|
+
# By default sending current password is not needed for the password update.
|
35
|
+
# Uncomment to enforce current_password param to be checked before all
|
36
|
+
# attribute updates. Set it to :password if you want it to be checked only if
|
37
|
+
# password is updated.
|
38
|
+
# config.check_current_password_before_update = :attributes
|
39
|
+
|
40
|
+
# By default we will use callbacks for single omniauth.
|
41
|
+
# It depends on fields like email, provider and uid.
|
42
|
+
# config.default_callbacks = true
|
43
|
+
|
44
|
+
# Makes it possible to change the headers names
|
45
|
+
# config.headers_names = {:'access-token' => 'access-token',
|
46
|
+
# :'client' => 'client',
|
47
|
+
# :'expiry' => 'expiry',
|
48
|
+
# :'uid' => 'uid',
|
49
|
+
# :'token-type' => 'token-type' }
|
50
|
+
|
51
|
+
# By default, only Bearer Token authentication is implemented out of the box.
|
52
|
+
# If, however, you wish to integrate with legacy Devise authentication, you can
|
53
|
+
# do so by enabling this flag. NOTE: This feature is highly experimental!
|
54
|
+
# config.enable_standard_devise_support = false
|
55
|
+
|
56
|
+
# By default DeviseTokenAuth will not send confirmation email, even when including
|
57
|
+
# devise confirmable module. If you want to use devise confirmable module and
|
58
|
+
# send email, set it to true. (This is a setting for compatibility)
|
59
|
+
# config.send_confirmation_email = true
|
60
|
+
end
|
@@ -3,9 +3,17 @@
|
|
3
3
|
require 'test_helper'
|
4
4
|
|
5
5
|
class DeviseTokenAuth::BlacklistTest < ActiveSupport::TestCase
|
6
|
-
|
7
|
-
|
8
|
-
|
6
|
+
if defined? Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION
|
7
|
+
describe Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION do
|
8
|
+
test 'should include :tokens' do
|
9
|
+
assert Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION.include?(:tokens)
|
10
|
+
end
|
11
|
+
end
|
12
|
+
else
|
13
|
+
describe Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION do
|
14
|
+
test 'should include :tokens' do
|
15
|
+
assert Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION.include?(:tokens)
|
16
|
+
end
|
9
17
|
end
|
10
18
|
end
|
11
19
|
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'test_helper'
|
4
|
+
|
5
|
+
class DeviseTokenAuth::CustomRoutesTest < ActiveSupport::TestCase
|
6
|
+
after do
|
7
|
+
Rails.application.reload_routes!
|
8
|
+
end
|
9
|
+
test 'custom controllers' do
|
10
|
+
class ActionDispatch::Routing::Mapper
|
11
|
+
include Mocha::ParameterMatchers
|
12
|
+
end
|
13
|
+
Rails.application.routes.draw do
|
14
|
+
self.expects(:devise_for).with(
|
15
|
+
:users,
|
16
|
+
has_entries(
|
17
|
+
controllers: has_entries(
|
18
|
+
invitations: "custom/invitations", foo: "custom/foo"
|
19
|
+
)
|
20
|
+
)
|
21
|
+
)
|
22
|
+
|
23
|
+
mount_devise_token_auth_for 'User', at: 'my_custom_users', controllers: {
|
24
|
+
invitations: 'custom/invitations',
|
25
|
+
foo: 'custom/foo'
|
26
|
+
}
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,87 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'test_helper'
|
4
|
+
|
5
|
+
# Needed for MiniTest to start a controller test so we can use assert_recognizes
|
6
|
+
class DeviseTokenAuth::RoutesTestController < DeviseTokenAuth::ApplicationController
|
7
|
+
end
|
8
|
+
|
9
|
+
class DeviseTokenAuth::RoutesTest < ActionController::TestCase
|
10
|
+
self.controller_class = DeviseTokenAuth::RoutesTestController
|
11
|
+
before do
|
12
|
+
Rails.application.routes.draw do
|
13
|
+
mount_devise_token_auth_for 'User', at: 'my_custom_users', controllers: {
|
14
|
+
invitations: 'custom/invitations',
|
15
|
+
foo: 'custom/foo'
|
16
|
+
}
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
after do
|
21
|
+
Rails.application.reload_routes!
|
22
|
+
end
|
23
|
+
|
24
|
+
test 'map new user session' do
|
25
|
+
assert_recognizes({controller: 'devise_token_auth/sessions', action: 'new'}, {path: 'my_custom_users/sign_in', method: :get})
|
26
|
+
end
|
27
|
+
|
28
|
+
test 'map create user session' do
|
29
|
+
assert_recognizes({controller: 'devise_token_auth/sessions', action: 'create'}, {path: 'my_custom_users/sign_in', method: :post})
|
30
|
+
end
|
31
|
+
|
32
|
+
test 'map destroy user session' do
|
33
|
+
assert_recognizes({controller: 'devise_token_auth/sessions', action: 'destroy'}, {path: 'my_custom_users/sign_out', method: :delete})
|
34
|
+
end
|
35
|
+
|
36
|
+
test 'map new user confirmation' do
|
37
|
+
assert_recognizes({controller: 'devise_token_auth/confirmations', action: 'new'}, 'my_custom_users/confirmation/new')
|
38
|
+
end
|
39
|
+
|
40
|
+
test 'map create user confirmation' do
|
41
|
+
assert_recognizes({controller: 'devise_token_auth/confirmations', action: 'create'}, {path: 'my_custom_users/confirmation', method: :post})
|
42
|
+
end
|
43
|
+
|
44
|
+
test 'map show user confirmation' do
|
45
|
+
assert_recognizes({controller: 'devise_token_auth/confirmations', action: 'show'}, {path: 'my_custom_users/confirmation', method: :get})
|
46
|
+
end
|
47
|
+
|
48
|
+
test 'map new user password' do
|
49
|
+
assert_recognizes({controller: 'devise_token_auth/passwords', action: 'new'}, 'my_custom_users/password/new')
|
50
|
+
end
|
51
|
+
|
52
|
+
test 'map create user password' do
|
53
|
+
assert_recognizes({controller: 'devise_token_auth/passwords', action: 'create'}, {path: 'my_custom_users/password', method: :post})
|
54
|
+
end
|
55
|
+
|
56
|
+
test 'map edit user password' do
|
57
|
+
assert_recognizes({controller: 'devise_token_auth/passwords', action: 'edit'}, 'my_custom_users/password/edit')
|
58
|
+
end
|
59
|
+
|
60
|
+
test 'map update user password' do
|
61
|
+
assert_recognizes({controller: 'devise_token_auth/passwords', action: 'update'}, {path: 'my_custom_users/password', method: :put})
|
62
|
+
end
|
63
|
+
|
64
|
+
test 'map new user registration' do
|
65
|
+
assert_recognizes({controller: 'devise_token_auth/registrations', action: 'new'}, 'my_custom_users/sign_up')
|
66
|
+
end
|
67
|
+
|
68
|
+
test 'map create user registration' do
|
69
|
+
assert_recognizes({controller: 'devise_token_auth/registrations', action: 'create'}, {path: 'my_custom_users', method: :post})
|
70
|
+
end
|
71
|
+
|
72
|
+
test 'map edit user registration' do
|
73
|
+
assert_recognizes({controller: 'devise_token_auth/registrations', action: 'edit'}, {path: 'my_custom_users/edit', method: :get})
|
74
|
+
end
|
75
|
+
|
76
|
+
test 'map update user registration' do
|
77
|
+
assert_recognizes({controller: 'devise_token_auth/registrations', action: 'update'}, {path: 'my_custom_users', method: :put})
|
78
|
+
end
|
79
|
+
|
80
|
+
test 'map destroy user registration' do
|
81
|
+
assert_recognizes({controller: 'devise_token_auth/registrations', action: 'destroy'}, {path: 'my_custom_users', method: :delete})
|
82
|
+
end
|
83
|
+
|
84
|
+
test 'map cancel user registration' do
|
85
|
+
assert_recognizes({controller: 'devise_token_auth/registrations', action: 'cancel'}, {path: 'my_custom_users/cancel', method: :get})
|
86
|
+
end
|
87
|
+
end
|
@@ -70,7 +70,7 @@ module DeviseTokenAuth
|
|
70
70
|
case DEVISE_TOKEN_AUTH_ORM
|
71
71
|
when :active_record
|
72
72
|
# account for rails version 5
|
73
|
-
active_record_needle = (Rails::VERSION::MAJOR
|
73
|
+
active_record_needle = (Rails::VERSION::MAJOR >= 5) ? 'ApplicationRecord' : 'ActiveRecord::Base'
|
74
74
|
|
75
75
|
@f = File.open(@fname, 'w') do |f|
|
76
76
|
f.write <<-RUBY
|
@@ -75,7 +75,7 @@ module DeviseTokenAuth
|
|
75
75
|
case DEVISE_TOKEN_AUTH_ORM
|
76
76
|
when :active_record
|
77
77
|
# account for rails version 5
|
78
|
-
active_record_needle = (Rails::VERSION::MAJOR
|
78
|
+
active_record_needle = (Rails::VERSION::MAJOR >= 5) ? 'ApplicationRecord' : 'ActiveRecord::Base'
|
79
79
|
|
80
80
|
@f = File.open(@fname, 'w') do |f|
|
81
81
|
f.write <<-RUBY
|