devise_token_auth_fork_dfabarbosa 1.0.0

data/test/controllers/overrides/registrations_controller_test.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+#  was the web request successful?
+#  was the user redirected to the right page?
+#  was the user successfully authenticated?
+#  was the correct object stored in the response?
+#  was the appropriate message delivered in the json payload?
+
+class Overrides::RegistrationsControllerTest < ActionDispatch::IntegrationTest
+  include OverridesControllersRoutes
+
+  describe Overrides::RegistrationsController do
+    describe 'Succesful Registration update' do
+      before do
+        @existing_user  = create(:user, :confirmed)
+        @auth_headers   = @existing_user.create_new_auth_token
+        @client_id      = @auth_headers['client']
+        @favorite_color = 'pink'
+
+        # ensure request is not treated as batch request
+        age_token(@existing_user, @client_id)
+
+        # test valid update param
+        @new_operating_thetan = 1_000_000
+
+        put '/evil_user_auth',
+            params: { favorite_color: @favorite_color },
+            headers: @auth_headers
+
+        @data = JSON.parse(response.body)
+        @existing_user.reload
+      end
+
+      test 'user was updated' do
+        assert_equal @favorite_color, @existing_user.favorite_color
+      end
+
+      test 'controller was overridden' do
+        assert_equal Overrides::RegistrationsController::OVERRIDE_PROOF,
+                     @data['override_proof']
+      end
+    end
+  end
+end

data/test/controllers/overrides/sessions_controller_test.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+#  was the web request successful?
+#  was the user redirected to the right page?
+#  was the user successfully authenticated?
+#  was the correct object stored in the response?
+#  was the appropriate message delivered in the json payload?
+
+class Overrides::RegistrationsControllerTest < ActionDispatch::IntegrationTest
+  include OverridesControllersRoutes
+
+  describe Overrides::RegistrationsController do
+    before do
+      @existing_user = create(:user, :confirmed)
+
+      post '/evil_user_auth/sign_in',
+           params: { email: @existing_user.email,
+                     password: @existing_user.password }
+
+      @resource = assigns(:resource)
+      @data = JSON.parse(response.body)
+    end
+
+    test 'request should succeed' do
+      assert_equal 200, response.status
+    end
+
+    test 'controller was overridden' do
+      assert_equal Overrides::RegistrationsController::OVERRIDE_PROOF,
+                   @data['override_proof']
+    end
+  end
+end

data/test/controllers/overrides/token_validations_controller_test.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+#  was the web request successful?
+#  was the user redirected to the right page?
+#  was the user successfully authenticated?
+#  was the correct object stored in the response?
+#  was the appropriate message delivered in the json payload?
+
+class Overrides::TokenValidationsControllerTest < ActionDispatch::IntegrationTest
+  include OverridesControllersRoutes
+
+  describe Overrides::TokenValidationsController do
+    before do
+      @resource = create(:user, :confirmed)
+
+      @auth_headers = @resource.create_new_auth_token
+
+      @token     = @auth_headers['access-token']
+      @client_id = @auth_headers['client']
+      @expiry    = @auth_headers['expiry']
+
+      # ensure that request is not treated as batch request
+      age_token(@resource, @client_id)
+
+      get '/evil_user_auth/validate_token',
+          params: {},
+          headers: @auth_headers
+
+      @resp = JSON.parse(response.body)
+    end
+
+    test 'token valid' do
+      assert_equal 200, response.status
+    end
+
+    test 'controller was overridden' do
+      assert_equal Overrides::TokenValidationsController::OVERRIDE_PROOF,
+                   @resp['override_proof']
+    end
+  end
+end

data/test/dummy/README.rdoc

@@ -0,0 +1,28 @@
+== README
+
+This README would normally document whatever steps are necessary to get the
+application up and running.
+
+Things you may want to cover:
+
+* Ruby version
+
+* System dependencies
+
+* Configuration
+
+* Database creation
+
+* Database initialization
+
+* How to run the test suite
+
+* Services (job queues, cache servers, search engines, etc.)
+
+* Deployment instructions
+
+* ...
+
+
+Please feel free to use a different markup language if you do not plan to run
+<tt>rake doc:app</tt>.

data/test/dummy/app/active_record/lockable_user.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class LockableUser < ActiveRecord::Base
+  # Include default devise modules.
+  devise :database_authenticatable, :registerable, :lockable
+  include DeviseTokenAuth::Concerns::User
+end

data/test/dummy/app/active_record/mang.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+class Mang < ActiveRecord::Base
+  include DeviseTokenAuth::Concerns::User
+end

data/test/dummy/app/active_record/only_email_user.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class OnlyEmailUser < ActiveRecord::Base
+  # Include default devise modules.
+  devise :database_authenticatable, :registerable
+  include DeviseTokenAuth::Concerns::User
+end

data/test/dummy/app/active_record/scoped_user.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class ScopedUser < ActiveRecord::Base
+  # Include default devise modules.
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :trackable,
+         :validatable, :confirmable, :omniauthable
+  include DeviseTokenAuth::Concerns::User
+end

data/test/dummy/app/active_record/unconfirmable_user.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class UnconfirmableUser < ActiveRecord::Base
+  # Include default devise modules.
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :trackable,
+         :validatable, :omniauthable
+  include DeviseTokenAuth::Concerns::User
+end

data/test/dummy/app/active_record/unregisterable_user.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class UnregisterableUser < ActiveRecord::Base
+  # Include default devise modules.
+  devise :database_authenticatable, :recoverable,
+         :trackable, :validatable, :confirmable,
+         :omniauthable
+  include DeviseTokenAuth::Concerns::User
+end

data/test/dummy/app/active_record/user.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+class User < ActiveRecord::Base
+  include DeviseTokenAuth::Concerns::User
+  include FavoriteColor
+end

data/test/dummy/app/controllers/application_controller.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+class ApplicationController < ActionController::Base
+  include DeviseTokenAuth::Concerns::SetUserByToken
+
+  before_action :configure_permitted_parameters, if: :devise_controller?
+
+  protected
+
+  def configure_permitted_parameters
+    permitted_parameters = devise_parameter_sanitizer.instance_values['permitted']
+    permitted_parameters[:sign_up] << :operating_thetan
+    permitted_parameters[:sign_up] << :favorite_color
+    permitted_parameters[:account_update] << :operating_thetan
+    permitted_parameters[:account_update] << :favorite_color
+    permitted_parameters[:account_update] << :current_password
+  end
+end

data/test/dummy/app/controllers/auth_origin_controller.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class AuthOriginController < ApplicationController
+  def redirected
+    head :ok
+  end
+end

data/test/dummy/app/controllers/custom/confirmations_controller.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class Custom::ConfirmationsController < DeviseTokenAuth::ConfirmationsController
+  def show
+    super do |resource|
+      @show_block_called = true unless resource.nil?
+    end
+  end
+
+  def show_block_called?
+    @show_block_called == true
+  end
+end

data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class Custom::OmniauthCallbacksController < DeviseTokenAuth::OmniauthCallbacksController
+  def omniauth_success
+    super do |resource|
+      @omniauth_success_block_called = true unless resource.nil?
+    end
+  end
+
+  def omniauth_success_block_called?
+    @omniauth_success_block_called == true
+  end
+end

data/test/dummy/app/controllers/custom/passwords_controller.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+class Custom::PasswordsController < DeviseTokenAuth::PasswordsController
+  def create
+    super do |resource|
+      @create_block_called = true unless resource.nil?
+    end
+  end
+
+  def edit
+    super do |resource|
+      @edit_block_called = true unless resource.nil?
+    end
+  end
+
+  def update
+    super do |resource|
+      @update_block_called = true unless resource.nil?
+    end
+  end
+
+  def create_block_called?
+    @create_block_called == true
+  end
+
+  def edit_block_called?
+    @edit_block_called == true
+  end
+
+  def update_block_called?
+    @update_block_called == true
+  end
+
+  protected
+
+  def render_update_success
+    render json: { custom: 'foo' }
+  end
+end

data/test/dummy/app/controllers/custom/registrations_controller.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+class Custom::RegistrationsController < DeviseTokenAuth::RegistrationsController
+  def create
+    super do |resource|
+      @create_block_called = true
+    end
+  end
+
+  def update
+    super do |resource|
+      @update_block_called = true unless resource.nil?
+    end
+  end
+
+  def destroy
+    super do |resource|
+      @destroy_block_called = true unless resource.nil?
+    end
+  end
+
+  def create_block_called?
+    @create_block_called == true
+  end
+
+  def update_block_called?
+    @update_block_called == true
+  end
+
+  def destroy_block_called?
+    @destroy_block_called == true
+  end
+
+  protected
+
+  def render_create_success
+    render json: { custom: 'foo' }
+  end
+end

data/test/dummy/app/controllers/custom/sessions_controller.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+class Custom::SessionsController < DeviseTokenAuth::SessionsController
+  def create
+    super do |resource|
+      @create_block_called = true unless resource.nil?
+    end
+  end
+
+  def destroy
+    super do |resource|
+      @destroy_block_called = true unless resource.nil?
+    end
+  end
+
+  def create_block_called?
+    @create_block_called == true
+  end
+
+  def destroy_block_called?
+    @destroy_block_called == true
+  end
+
+  protected
+
+  def render_create_success
+    render json: { custom: 'foo' }
+  end
+end

data/test/dummy/app/controllers/custom/token_validations_controller.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+class Custom::TokenValidationsController < DeviseTokenAuth::TokenValidationsController
+  def validate_token
+    super do |resource|
+      @validate_token_block_called = true unless resource.nil?
+    end
+  end
+
+  def validate_token_block_called?
+    @validate_token_block_called == true
+  end
+
+  protected
+
+  def render_validate_token_success
+    render json: { custom: 'foo' }
+  end
+end

data/test/dummy/app/controllers/demo_group_controller.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class DemoGroupController < ApplicationController
+  devise_token_auth_group :member, contains: [:user, :mang]
+  before_action :authenticate_member!
+
+  def members_only
+    render json: {
+      data: {
+        message: "Welcome #{current_member.name}",
+        user: current_member
+      }
+    }, status: 200
+  end
+end

data/test/dummy/app/controllers/demo_mang_controller.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+class DemoMangController < ApplicationController
+  before_action :authenticate_mang!
+
+  def members_only
+    render json: {
+      data: {
+        message: "Welcome #{current_mang.name}",
+        user: current_mang
+      }
+    }, status: 200
+  end
+end

data/test/dummy/app/controllers/demo_user_controller.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+class DemoUserController < ApplicationController
+  before_action :authenticate_user!
+
+  def members_only
+    render json: {
+      data: {
+        message: "Welcome #{current_user.name}",
+        user: current_user
+      }
+    }, status: 200
+  end
+
+  def members_only_remove_token
+    u = User.find(current_user.id)
+    u.tokens = {}
+    u.save!
+
+    render json: {
+      data: {
+        message: "Welcome #{current_user.name}",
+        user: current_user
+      }
+    }, status: 200
+  end
+end