devise_token_auth_multi_email 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/LICENSE +13 -0
- data/README.md +97 -0
- data/Rakefile +42 -0
- data/app/controllers/devise_token_auth/application_controller.rb +100 -0
- data/app/controllers/devise_token_auth/concerns/resource_finder.rb +68 -0
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +199 -0
- data/app/controllers/devise_token_auth/confirmations_controller.rb +89 -0
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +284 -0
- data/app/controllers/devise_token_auth/passwords_controller.rb +216 -0
- data/app/controllers/devise_token_auth/registrations_controller.rb +205 -0
- data/app/controllers/devise_token_auth/sessions_controller.rb +153 -0
- data/app/controllers/devise_token_auth/token_validations_controller.rb +31 -0
- data/app/controllers/devise_token_auth/unlocks_controller.rb +94 -0
- data/app/models/devise_token_auth/concerns/active_record_support.rb +18 -0
- data/app/models/devise_token_auth/concerns/confirmable_support.rb +28 -0
- data/app/models/devise_token_auth/concerns/mongoid_support.rb +19 -0
- data/app/models/devise_token_auth/concerns/tokens_serialization.rb +31 -0
- data/app/models/devise_token_auth/concerns/user.rb +282 -0
- data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +39 -0
- data/app/validators/devise_token_auth_email_validator.rb +31 -0
- data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
- data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
- data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
- data/app/views/devise_token_auth/omniauth_external_window.html.erb +38 -0
- data/config/locales/da-DK.yml +52 -0
- data/config/locales/de.yml +51 -0
- data/config/locales/en.yml +60 -0
- data/config/locales/es.yml +51 -0
- data/config/locales/fa.yml +60 -0
- data/config/locales/fr.yml +51 -0
- data/config/locales/he.yml +52 -0
- data/config/locales/it.yml +48 -0
- data/config/locales/ja.yml +60 -0
- data/config/locales/ko.yml +51 -0
- data/config/locales/nl.yml +32 -0
- data/config/locales/pl.yml +51 -0
- data/config/locales/pt-BR.yml +48 -0
- data/config/locales/pt.yml +51 -0
- data/config/locales/ro.yml +48 -0
- data/config/locales/ru.yml +52 -0
- data/config/locales/sq.yml +48 -0
- data/config/locales/sv.yml +52 -0
- data/config/locales/uk.yml +61 -0
- data/config/locales/vi.yml +52 -0
- data/config/locales/zh-CN.yml +48 -0
- data/config/locales/zh-HK.yml +50 -0
- data/config/locales/zh-TW.yml +50 -0
- data/lib/devise_token_auth/blacklist.rb +6 -0
- data/lib/devise_token_auth/controllers/helpers.rb +157 -0
- data/lib/devise_token_auth/controllers/url_helpers.rb +10 -0
- data/lib/devise_token_auth/engine.rb +105 -0
- data/lib/devise_token_auth/errors.rb +8 -0
- data/lib/devise_token_auth/rails/routes.rb +122 -0
- data/lib/devise_token_auth/token_factory.rb +126 -0
- data/lib/devise_token_auth/url.rb +44 -0
- data/lib/devise_token_auth/version.rb +5 -0
- data/lib/devise_token_auth.rb +14 -0
- data/lib/generators/devise_token_auth/USAGE +31 -0
- data/lib/generators/devise_token_auth/install_generator.rb +91 -0
- data/lib/generators/devise_token_auth/install_generator_helpers.rb +98 -0
- data/lib/generators/devise_token_auth/install_mongoid_generator.rb +46 -0
- data/lib/generators/devise_token_auth/install_views_generator.rb +18 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +66 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +49 -0
- data/lib/generators/devise_token_auth/templates/user.rb.erb +9 -0
- data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +56 -0
- data/lib/tasks/devise_token_auth_tasks.rake +6 -0
- data/test/controllers/custom/custom_confirmations_controller_test.rb +25 -0
- data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +33 -0
- data/test/controllers/custom/custom_passwords_controller_test.rb +79 -0
- data/test/controllers/custom/custom_registrations_controller_test.rb +63 -0
- data/test/controllers/custom/custom_sessions_controller_test.rb +39 -0
- data/test/controllers/custom/custom_token_validations_controller_test.rb +42 -0
- data/test/controllers/demo_group_controller_test.rb +151 -0
- data/test/controllers/demo_mang_controller_test.rb +313 -0
- data/test/controllers/demo_user_controller_test.rb +658 -0
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +275 -0
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +438 -0
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +893 -0
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +920 -0
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +605 -0
- data/test/controllers/devise_token_auth/token_validations_controller_test.rb +142 -0
- data/test/controllers/devise_token_auth/unlocks_controller_test.rb +235 -0
- data/test/controllers/overrides/confirmations_controller_test.rb +47 -0
- data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +53 -0
- data/test/controllers/overrides/passwords_controller_test.rb +64 -0
- data/test/controllers/overrides/registrations_controller_test.rb +46 -0
- data/test/controllers/overrides/sessions_controller_test.rb +35 -0
- data/test/controllers/overrides/token_validations_controller_test.rb +43 -0
- data/test/dummy/README.rdoc +28 -0
- data/test/dummy/app/active_record/confirmable_user.rb +11 -0
- data/test/dummy/app/active_record/lockable_user.rb +7 -0
- data/test/dummy/app/active_record/mang.rb +5 -0
- data/test/dummy/app/active_record/only_email_user.rb +7 -0
- data/test/dummy/app/active_record/scoped_user.rb +9 -0
- data/test/dummy/app/active_record/unconfirmable_user.rb +9 -0
- data/test/dummy/app/active_record/unregisterable_user.rb +9 -0
- data/test/dummy/app/active_record/user.rb +6 -0
- data/test/dummy/app/controllers/application_controller.rb +14 -0
- data/test/dummy/app/controllers/auth_origin_controller.rb +7 -0
- data/test/dummy/app/controllers/custom/confirmations_controller.rb +13 -0
- data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb +13 -0
- data/test/dummy/app/controllers/custom/passwords_controller.rb +39 -0
- data/test/dummy/app/controllers/custom/registrations_controller.rb +39 -0
- data/test/dummy/app/controllers/custom/sessions_controller.rb +29 -0
- data/test/dummy/app/controllers/custom/token_validations_controller.rb +19 -0
- data/test/dummy/app/controllers/demo_group_controller.rb +15 -0
- data/test/dummy/app/controllers/demo_mang_controller.rb +14 -0
- data/test/dummy/app/controllers/demo_user_controller.rb +27 -0
- data/test/dummy/app/controllers/overrides/confirmations_controller.rb +29 -0
- data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +16 -0
- data/test/dummy/app/controllers/overrides/passwords_controller.rb +36 -0
- data/test/dummy/app/controllers/overrides/registrations_controller.rb +29 -0
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +36 -0
- data/test/dummy/app/controllers/overrides/token_validations_controller.rb +23 -0
- data/test/dummy/app/helpers/application_helper.rb +1058 -0
- data/test/dummy/app/models/concerns/favorite_color.rb +19 -0
- data/test/dummy/app/mongoid/confirmable_user.rb +52 -0
- data/test/dummy/app/mongoid/lockable_user.rb +38 -0
- data/test/dummy/app/mongoid/mang.rb +46 -0
- data/test/dummy/app/mongoid/only_email_user.rb +33 -0
- data/test/dummy/app/mongoid/scoped_user.rb +50 -0
- data/test/dummy/app/mongoid/unconfirmable_user.rb +44 -0
- data/test/dummy/app/mongoid/unregisterable_user.rb +47 -0
- data/test/dummy/app/mongoid/user.rb +49 -0
- data/test/dummy/app/views/layouts/application.html.erb +12 -0
- data/test/dummy/config/application.rb +50 -0
- data/test/dummy/config/application.yml.bk +0 -0
- data/test/dummy/config/boot.rb +11 -0
- data/test/dummy/config/environment.rb +7 -0
- data/test/dummy/config/environments/development.rb +36 -0
- data/test/dummy/config/environments/production.rb +68 -0
- data/test/dummy/config/environments/test.rb +58 -0
- data/test/dummy/config/initializers/backtrace_silencers.rb +9 -0
- data/test/dummy/config/initializers/cookies_serializer.rb +5 -0
- data/test/dummy/config/initializers/devise.rb +290 -0
- data/test/dummy/config/initializers/devise_token_auth.rb +55 -0
- data/test/dummy/config/initializers/figaro.rb +3 -0
- data/test/dummy/config/initializers/filter_parameter_logging.rb +6 -0
- data/test/dummy/config/initializers/inflections.rb +18 -0
- data/test/dummy/config/initializers/mime_types.rb +6 -0
- data/test/dummy/config/initializers/omniauth.rb +11 -0
- data/test/dummy/config/initializers/session_store.rb +5 -0
- data/test/dummy/config/initializers/wrap_parameters.rb +16 -0
- data/test/dummy/config/routes.rb +57 -0
- data/test/dummy/config/spring.rb +3 -0
- data/test/dummy/config.ru +18 -0
- data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +58 -0
- data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +57 -0
- data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +8 -0
- data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +7 -0
- data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +55 -0
- data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +56 -0
- data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +56 -0
- data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +56 -0
- data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +56 -0
- data/test/dummy/db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb +49 -0
- data/test/dummy/db/schema.rb +198 -0
- data/test/dummy/lib/migration_database_helper.rb +43 -0
- data/test/dummy/tmp/generators/app/models/mang.rb +9 -0
- data/test/dummy/tmp/generators/app/models/user.rb +9 -0
- data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +60 -0
- data/test/dummy/tmp/generators/config/routes.rb +9 -0
- data/test/dummy/tmp/generators/db/migrate/20210305040222_devise_token_auth_create_mangs.rb +49 -0
- data/test/dummy/tmp/generators/db/migrate/20210305040222_devise_token_auth_create_users.rb +49 -0
- data/test/factories/users.rb +41 -0
- data/test/lib/devise_token_auth/blacklist_test.rb +19 -0
- data/test/lib/devise_token_auth/rails/custom_routes_test.rb +29 -0
- data/test/lib/devise_token_auth/rails/routes_test.rb +87 -0
- data/test/lib/devise_token_auth/token_factory_test.rb +191 -0
- data/test/lib/devise_token_auth/url_test.rb +26 -0
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +217 -0
- data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +222 -0
- data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +25 -0
- data/test/models/concerns/mongoid_support_test.rb +31 -0
- data/test/models/concerns/tokens_serialization_test.rb +104 -0
- data/test/models/confirmable_user_test.rb +35 -0
- data/test/models/only_email_user_test.rb +29 -0
- data/test/models/user_test.rb +224 -0
- data/test/support/controllers/routes.rb +43 -0
- data/test/test_helper.rb +134 -0
- metadata +502 -0
|
@@ -0,0 +1,142 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'test_helper'
|
|
4
|
+
|
|
5
|
+
# was the web request successful?
|
|
6
|
+
# was the user redirected to the right page?
|
|
7
|
+
# was the user successfully authenticated?
|
|
8
|
+
# was the correct object stored in the response?
|
|
9
|
+
# was the appropriate message delivered in the json payload?
|
|
10
|
+
|
|
11
|
+
class DeviseTokenAuth::TokenValidationsControllerTest < ActionDispatch::IntegrationTest
|
|
12
|
+
describe DeviseTokenAuth::TokenValidationsController do
|
|
13
|
+
before do
|
|
14
|
+
@resource = create(:user, :confirmed)
|
|
15
|
+
|
|
16
|
+
@auth_headers = @resource.create_new_auth_token
|
|
17
|
+
|
|
18
|
+
@token = @auth_headers['access-token']
|
|
19
|
+
@client_id = @auth_headers['client']
|
|
20
|
+
@expiry = @auth_headers['expiry']
|
|
21
|
+
@authorization_header = @auth_headers.slice('Authorization')
|
|
22
|
+
# ensure that request is not treated as batch request
|
|
23
|
+
age_token(@resource, @client_id)
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
describe 'using only Authorization header' do
|
|
27
|
+
describe 'using valid Authorization header' do
|
|
28
|
+
before do
|
|
29
|
+
get '/auth/validate_token', params: {}, headers: @authorization_header
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
test 'token valid' do
|
|
33
|
+
assert_equal 200, response.status
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
describe 'using invalid Authorization header' do
|
|
38
|
+
describe 'with invalid base64' do
|
|
39
|
+
before do
|
|
40
|
+
get '/auth/validate_token', params: {}, headers: {'Authorization': 'Bearer invalidtoken=='}
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
test 'returns access denied' do
|
|
44
|
+
assert_equal 401, response.status
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
describe 'with valid base64' do
|
|
49
|
+
before do
|
|
50
|
+
valid_base64 = Base64.strict_encode64({
|
|
51
|
+
"access-token": 'invalidtoken',
|
|
52
|
+
"token-type": 'Bearer',
|
|
53
|
+
"client": 'client',
|
|
54
|
+
"expiry": '1234567'
|
|
55
|
+
}.to_json)
|
|
56
|
+
get '/auth/validate_token', params: {}, headers: {'Authorization': "Bearer #{valid_base64}"}
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
test 'returns access denied' do
|
|
60
|
+
assert_equal 401, response.status
|
|
61
|
+
end
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
describe 'vanilla user' do
|
|
67
|
+
before do
|
|
68
|
+
get '/auth/validate_token', params: {}, headers: @auth_headers
|
|
69
|
+
@resp = JSON.parse(response.body)
|
|
70
|
+
end
|
|
71
|
+
|
|
72
|
+
test 'token valid' do
|
|
73
|
+
assert_equal 200, response.status
|
|
74
|
+
end
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
describe 'using namespaces' do
|
|
78
|
+
before do
|
|
79
|
+
get '/api/v1/auth/validate_token', params: {}, headers: @auth_headers
|
|
80
|
+
@resp = JSON.parse(response.body)
|
|
81
|
+
end
|
|
82
|
+
|
|
83
|
+
test 'token valid' do
|
|
84
|
+
assert_equal 200, response.status
|
|
85
|
+
end
|
|
86
|
+
end
|
|
87
|
+
|
|
88
|
+
describe 'with invalid user' do
|
|
89
|
+
before do
|
|
90
|
+
@resource.update_column(:email, 'invalid') if DEVISE_TOKEN_AUTH_ORM == :active_record
|
|
91
|
+
@resource.set(email: 'invalid') if DEVISE_TOKEN_AUTH_ORM == :mongoid
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
test 'request should raise invalid model error' do
|
|
95
|
+
error = assert_raises DeviseTokenAuth::Errors::InvalidModel do
|
|
96
|
+
get '/auth/validate_token', params: {}, headers: @auth_headers
|
|
97
|
+
end
|
|
98
|
+
assert_equal(error.message, "Cannot set auth token in invalid model. Errors: [\"Email is not an email\"]")
|
|
99
|
+
end
|
|
100
|
+
end
|
|
101
|
+
|
|
102
|
+
describe 'failure' do
|
|
103
|
+
before do
|
|
104
|
+
get '/api/v1/auth/validate_token',
|
|
105
|
+
params: {},
|
|
106
|
+
headers: @auth_headers.merge('access-token' => '12345')
|
|
107
|
+
@resp = JSON.parse(response.body)
|
|
108
|
+
end
|
|
109
|
+
|
|
110
|
+
test 'request should fail' do
|
|
111
|
+
assert_equal 401, response.status
|
|
112
|
+
end
|
|
113
|
+
|
|
114
|
+
test 'response should contain errors' do
|
|
115
|
+
assert @resp['errors']
|
|
116
|
+
assert_equal @resp['errors'], [I18n.t('devise_token_auth.token_validations.invalid')]
|
|
117
|
+
end
|
|
118
|
+
end
|
|
119
|
+
end
|
|
120
|
+
|
|
121
|
+
describe 'using namespaces with unused resource' do
|
|
122
|
+
before do
|
|
123
|
+
@resource = create(:scoped_user, :confirmed)
|
|
124
|
+
|
|
125
|
+
@auth_headers = @resource.create_new_auth_token
|
|
126
|
+
|
|
127
|
+
@token = @auth_headers['access-token']
|
|
128
|
+
@client_id = @auth_headers['client']
|
|
129
|
+
@expiry = @auth_headers['expiry']
|
|
130
|
+
|
|
131
|
+
# ensure that request is not treated as batch request
|
|
132
|
+
age_token(@resource, @client_id)
|
|
133
|
+
end
|
|
134
|
+
|
|
135
|
+
test 'should be successful' do
|
|
136
|
+
get '/api_v2/auth/validate_token',
|
|
137
|
+
params: {},
|
|
138
|
+
headers: @auth_headers
|
|
139
|
+
assert_equal 200, response.status
|
|
140
|
+
end
|
|
141
|
+
end
|
|
142
|
+
end
|
|
@@ -0,0 +1,235 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'test_helper'
|
|
4
|
+
|
|
5
|
+
# was the web request successful?
|
|
6
|
+
# was the user redirected to the right page?
|
|
7
|
+
# was the user successfully authenticated?
|
|
8
|
+
# was the correct object stored in the response?
|
|
9
|
+
# was the appropriate message delivered in the json payload?
|
|
10
|
+
|
|
11
|
+
class DeviseTokenAuth::UnlocksControllerTest < ActionController::TestCase
|
|
12
|
+
describe DeviseTokenAuth::UnlocksController do
|
|
13
|
+
setup do
|
|
14
|
+
@request.env['devise.mapping'] = Devise.mappings[:lockable_user]
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
teardown do
|
|
18
|
+
@request.env['devise.mapping'] = Devise.mappings[:user]
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
before do
|
|
22
|
+
@original_lock_strategy = Devise.lock_strategy
|
|
23
|
+
@original_unlock_strategy = Devise.unlock_strategy
|
|
24
|
+
@original_maximum_attempts = Devise.maximum_attempts
|
|
25
|
+
Devise.lock_strategy = :failed_attempts
|
|
26
|
+
Devise.unlock_strategy = :email
|
|
27
|
+
Devise.maximum_attempts = 5
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
after do
|
|
31
|
+
Devise.lock_strategy = @original_lock_strategy
|
|
32
|
+
Devise.maximum_attempts = @original_maximum_attempts
|
|
33
|
+
Devise.unlock_strategy = @original_unlock_strategy
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
describe 'Unlocking user' do
|
|
37
|
+
before do
|
|
38
|
+
@resource = create(:lockable_user)
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
describe 'request unlock without email' do
|
|
42
|
+
before do
|
|
43
|
+
@auth_headers = @resource.create_new_auth_token
|
|
44
|
+
@new_password = Faker::Internet.password
|
|
45
|
+
|
|
46
|
+
post :create
|
|
47
|
+
@data = JSON.parse(response.body)
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
test 'response should fail' do
|
|
51
|
+
assert_equal 401, response.status
|
|
52
|
+
end
|
|
53
|
+
test 'error message should be returned' do
|
|
54
|
+
assert @data['errors']
|
|
55
|
+
assert_equal @data['errors'], [I18n.t('devise_token_auth.passwords.missing_email')]
|
|
56
|
+
end
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
describe 'request unlock' do
|
|
60
|
+
describe 'without paranoid mode' do
|
|
61
|
+
before do
|
|
62
|
+
post :create, params: { email: 'chester@cheet.ah' }
|
|
63
|
+
@data = JSON.parse(response.body)
|
|
64
|
+
end
|
|
65
|
+
test 'unknown user should return 404' do
|
|
66
|
+
assert_equal 404, response.status
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
test 'errors should be returned' do
|
|
70
|
+
assert @data['errors']
|
|
71
|
+
assert_equal @data['errors'], [I18n.t('devise_token_auth.unlocks.user_not_found',
|
|
72
|
+
email: 'chester@cheet.ah')]
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
describe 'with paranoid mode' do
|
|
77
|
+
before do
|
|
78
|
+
swap Devise, paranoid: true do
|
|
79
|
+
post :create, params: { email: 'chester@cheet.ah' }
|
|
80
|
+
@data = JSON.parse(response.body)
|
|
81
|
+
end
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
test 'should always return success' do
|
|
85
|
+
assert_equal 200, response.status
|
|
86
|
+
end
|
|
87
|
+
|
|
88
|
+
test 'errors should not be returned' do
|
|
89
|
+
assert @data['success']
|
|
90
|
+
assert_equal \
|
|
91
|
+
@data['message'],
|
|
92
|
+
I18n.t('devise_token_auth.unlocks.sended_paranoid')
|
|
93
|
+
end
|
|
94
|
+
end
|
|
95
|
+
|
|
96
|
+
describe 'successfully requested unlock without paranoid mode' do
|
|
97
|
+
before do
|
|
98
|
+
post :create, params: { email: @resource.email }
|
|
99
|
+
|
|
100
|
+
@data = JSON.parse(response.body)
|
|
101
|
+
end
|
|
102
|
+
|
|
103
|
+
test 'response should not contain extra data' do
|
|
104
|
+
assert_nil @data['data']
|
|
105
|
+
end
|
|
106
|
+
end
|
|
107
|
+
|
|
108
|
+
describe 'successfully requested unlock with paranoid mode' do
|
|
109
|
+
before do
|
|
110
|
+
swap Devise, paranoid: true do
|
|
111
|
+
post :create, params: { email: @resource.email }
|
|
112
|
+
@data = JSON.parse(response.body)
|
|
113
|
+
end
|
|
114
|
+
end
|
|
115
|
+
|
|
116
|
+
test 'should always return success' do
|
|
117
|
+
assert_equal 200, response.status
|
|
118
|
+
end
|
|
119
|
+
|
|
120
|
+
test 'errors should not be returned' do
|
|
121
|
+
assert @data['success']
|
|
122
|
+
assert_equal \
|
|
123
|
+
@data['message'],
|
|
124
|
+
I18n.t('devise_token_auth.unlocks.sended_paranoid')
|
|
125
|
+
end
|
|
126
|
+
end
|
|
127
|
+
|
|
128
|
+
describe 'case-sensitive email' do
|
|
129
|
+
before do
|
|
130
|
+
post :create, params: { email: @resource.email }
|
|
131
|
+
|
|
132
|
+
@mail = ActionMailer::Base.deliveries.last
|
|
133
|
+
@resource.reload
|
|
134
|
+
@data = JSON.parse(response.body)
|
|
135
|
+
|
|
136
|
+
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
|
137
|
+
@mail_reset_token = @mail.body.match(/unlock_token=(.*)\"/)[1]
|
|
138
|
+
end
|
|
139
|
+
|
|
140
|
+
test 'response should return success status' do
|
|
141
|
+
assert_equal 200, response.status
|
|
142
|
+
end
|
|
143
|
+
|
|
144
|
+
test 'response should contains message' do
|
|
145
|
+
assert_equal @data['message'], I18n.t('devise_token_auth.unlocks.sended', email: @resource.email)
|
|
146
|
+
end
|
|
147
|
+
|
|
148
|
+
test 'action should send an email' do
|
|
149
|
+
assert @mail
|
|
150
|
+
end
|
|
151
|
+
|
|
152
|
+
test 'the email should be addressed to the user' do
|
|
153
|
+
assert_equal @mail.to.first, @resource.email
|
|
154
|
+
end
|
|
155
|
+
|
|
156
|
+
test 'the client config name should fall back to "default"' do
|
|
157
|
+
assert_equal 'default', @mail_config_name
|
|
158
|
+
end
|
|
159
|
+
|
|
160
|
+
test 'the email body should contain a link with reset token as a query param' do
|
|
161
|
+
user = LockableUser.unlock_access_by_token(@mail_reset_token)
|
|
162
|
+
assert_equal user.id, @resource.id
|
|
163
|
+
end
|
|
164
|
+
|
|
165
|
+
describe 'unlock link failure' do
|
|
166
|
+
test 'response should return 404' do
|
|
167
|
+
assert_raises(ActionController::RoutingError) do
|
|
168
|
+
get :show, params: { unlock_token: 'bogus' }
|
|
169
|
+
end
|
|
170
|
+
end
|
|
171
|
+
end
|
|
172
|
+
|
|
173
|
+
describe 'password reset link success' do
|
|
174
|
+
before do
|
|
175
|
+
get :show, params: { unlock_token: @mail_reset_token }
|
|
176
|
+
|
|
177
|
+
@resource.reload
|
|
178
|
+
|
|
179
|
+
raw_qs = response.location.split('?')[1]
|
|
180
|
+
@qs = Rack::Utils.parse_nested_query(raw_qs)
|
|
181
|
+
|
|
182
|
+
@access_token = @qs['access-token']
|
|
183
|
+
@client = @qs['client']
|
|
184
|
+
@client_id = @qs['client_id']
|
|
185
|
+
@expiry = @qs['expiry']
|
|
186
|
+
@token = @qs['token']
|
|
187
|
+
@uid = @qs['uid']
|
|
188
|
+
@unlock = @qs['unlock']
|
|
189
|
+
end
|
|
190
|
+
|
|
191
|
+
test 'respones should have success redirect status' do
|
|
192
|
+
assert_equal 302, response.status
|
|
193
|
+
end
|
|
194
|
+
|
|
195
|
+
test 'response should contain auth params' do
|
|
196
|
+
assert @access_token
|
|
197
|
+
assert @client
|
|
198
|
+
assert @client_id
|
|
199
|
+
assert @expiry
|
|
200
|
+
assert @token
|
|
201
|
+
assert @uid
|
|
202
|
+
assert @unlock
|
|
203
|
+
end
|
|
204
|
+
|
|
205
|
+
test 'response auth params should be valid' do
|
|
206
|
+
assert @resource.valid_token?(@token, @client_id)
|
|
207
|
+
assert @resource.valid_token?(@access_token, @client)
|
|
208
|
+
end
|
|
209
|
+
end
|
|
210
|
+
end
|
|
211
|
+
|
|
212
|
+
describe 'case-insensitive email' do
|
|
213
|
+
before do
|
|
214
|
+
@resource_class = LockableUser
|
|
215
|
+
@request_params = {
|
|
216
|
+
email: @resource.email.upcase
|
|
217
|
+
}
|
|
218
|
+
end
|
|
219
|
+
|
|
220
|
+
test 'response should return success status if configured' do
|
|
221
|
+
@resource_class.case_insensitive_keys = [:email]
|
|
222
|
+
post :create, params: @request_params
|
|
223
|
+
assert_equal 200, response.status
|
|
224
|
+
end
|
|
225
|
+
|
|
226
|
+
test 'response should return failure status if not configured' do
|
|
227
|
+
@resource_class.case_insensitive_keys = []
|
|
228
|
+
post :create, params: @request_params
|
|
229
|
+
assert_equal 404, response.status
|
|
230
|
+
end
|
|
231
|
+
end
|
|
232
|
+
end
|
|
233
|
+
end
|
|
234
|
+
end
|
|
235
|
+
end
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'test_helper'
|
|
4
|
+
|
|
5
|
+
# was the web request successful?
|
|
6
|
+
# was the user redirected to the right page?
|
|
7
|
+
# was the user successfully authenticated?
|
|
8
|
+
# was the correct object stored in the response?
|
|
9
|
+
# was the appropriate message delivered in the json payload?
|
|
10
|
+
|
|
11
|
+
class Overrides::ConfirmationsControllerTest < ActionDispatch::IntegrationTest
|
|
12
|
+
include OverridesControllersRoutes
|
|
13
|
+
|
|
14
|
+
describe Overrides::ConfirmationsController do
|
|
15
|
+
before do
|
|
16
|
+
@redirect_url = Faker::Internet.url
|
|
17
|
+
@new_user = create(:user)
|
|
18
|
+
|
|
19
|
+
# generate + send email
|
|
20
|
+
@new_user.send_confirmation_instructions(redirect_url: @redirect_url)
|
|
21
|
+
|
|
22
|
+
@mail = ActionMailer::Base.deliveries.last
|
|
23
|
+
@confirmation_path = @mail.body.match(/localhost([^\"]*)\"/)[1]
|
|
24
|
+
|
|
25
|
+
# visit confirmation link
|
|
26
|
+
get @confirmation_path
|
|
27
|
+
|
|
28
|
+
# reload user from db
|
|
29
|
+
@new_user.reload
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
test 'user is confirmed' do
|
|
33
|
+
assert @new_user.confirmed?
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
test 'user can be authenticated via confirmation link' do
|
|
37
|
+
# hard coded in override controller
|
|
38
|
+
override_proof_str = '(^^,)'
|
|
39
|
+
|
|
40
|
+
# ensure present in redirect URL
|
|
41
|
+
override_proof_param = CGI.unescape(response.headers['Location']
|
|
42
|
+
.match(/override_proof=([^&]*)&/)[1])
|
|
43
|
+
|
|
44
|
+
assert_equal override_proof_str, override_proof_param
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
end
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'test_helper'
|
|
4
|
+
|
|
5
|
+
# was the web request successful?
|
|
6
|
+
# was the user redirected to the right page?
|
|
7
|
+
# was the user successfully authenticated?
|
|
8
|
+
# was the correct object stored in the response?
|
|
9
|
+
# was the appropriate message delivered in the json payload?
|
|
10
|
+
|
|
11
|
+
class Overrides::OmniauthCallbacksControllerTest < ActionDispatch::IntegrationTest
|
|
12
|
+
include OverridesControllersRoutes
|
|
13
|
+
|
|
14
|
+
describe Overrides::OmniauthCallbacksController do
|
|
15
|
+
before do
|
|
16
|
+
OmniAuth.config.test_mode = true
|
|
17
|
+
OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new(
|
|
18
|
+
provider: 'facebook',
|
|
19
|
+
uid: '123545',
|
|
20
|
+
info: {
|
|
21
|
+
name: 'chong',
|
|
22
|
+
email: 'chongbong@aol.com'
|
|
23
|
+
}
|
|
24
|
+
)
|
|
25
|
+
|
|
26
|
+
@favorite_color = 'gray'
|
|
27
|
+
|
|
28
|
+
post '/evil_user_auth/facebook',
|
|
29
|
+
params: {
|
|
30
|
+
auth_origin_url: Faker::Internet.url,
|
|
31
|
+
favorite_color: @favorite_color,
|
|
32
|
+
omniauth_window_type: 'newWindow'
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
follow_all_redirects!
|
|
36
|
+
|
|
37
|
+
@resource = assigns(:resource)
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
test 'request is successful' do
|
|
41
|
+
assert_equal 200, response.status
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
test 'controller was overridden' do
|
|
45
|
+
assert_equal @resource.nickname,
|
|
46
|
+
Overrides::OmniauthCallbacksController::DEFAULT_NICKNAME
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
test 'whitelisted param was allowed' do
|
|
50
|
+
assert_equal @favorite_color, @resource.favorite_color
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
end
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'test_helper'
|
|
4
|
+
|
|
5
|
+
# was the web request successful?
|
|
6
|
+
# was the user redirected to the right page?
|
|
7
|
+
# was the user successfully authenticated?
|
|
8
|
+
# was the correct object stored in the response?
|
|
9
|
+
# was the appropriate message delivered in the json payload?
|
|
10
|
+
|
|
11
|
+
class Overrides::PasswordsControllerTest < ActionDispatch::IntegrationTest
|
|
12
|
+
include OverridesControllersRoutes
|
|
13
|
+
|
|
14
|
+
describe Overrides::PasswordsController do
|
|
15
|
+
before do
|
|
16
|
+
@resource = create(:user, :confirmed)
|
|
17
|
+
|
|
18
|
+
post '/evil_user_auth/password',
|
|
19
|
+
params: {
|
|
20
|
+
email: @resource.email,
|
|
21
|
+
redirect_url: Faker::Internet.url
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
mail = ActionMailer::Base.deliveries.last
|
|
25
|
+
@resource.reload
|
|
26
|
+
|
|
27
|
+
mail_reset_token = mail.body.match(/reset_password_token=(.*)\"/)[1]
|
|
28
|
+
mail_redirect_url = CGI.unescape(mail.body.match(/redirect_url=([^&]*)&/)[1])
|
|
29
|
+
|
|
30
|
+
get '/evil_user_auth/password/edit',
|
|
31
|
+
params: {
|
|
32
|
+
reset_password_token: mail_reset_token,
|
|
33
|
+
redirect_url: mail_redirect_url
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
@resource.reload
|
|
37
|
+
|
|
38
|
+
_, raw_query_string = response.location.split('?')
|
|
39
|
+
@query_string = Rack::Utils.parse_nested_query(raw_query_string)
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
test 'response should have success redirect status' do
|
|
43
|
+
assert_equal 302, response.status
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
test 'response should contain auth params + override proof' do
|
|
47
|
+
assert @query_string['access-token']
|
|
48
|
+
assert @query_string['client']
|
|
49
|
+
assert @query_string['client_id']
|
|
50
|
+
assert @query_string['expiry']
|
|
51
|
+
assert @query_string['override_proof']
|
|
52
|
+
assert @query_string['reset_password']
|
|
53
|
+
assert @query_string['token']
|
|
54
|
+
assert @query_string['uid']
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
test 'override proof is correct' do
|
|
58
|
+
assert_equal(
|
|
59
|
+
@query_string['override_proof'],
|
|
60
|
+
Overrides::PasswordsController::OVERRIDE_PROOF
|
|
61
|
+
)
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
end
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'test_helper'
|
|
4
|
+
|
|
5
|
+
# was the web request successful?
|
|
6
|
+
# was the user redirected to the right page?
|
|
7
|
+
# was the user successfully authenticated?
|
|
8
|
+
# was the correct object stored in the response?
|
|
9
|
+
# was the appropriate message delivered in the json payload?
|
|
10
|
+
|
|
11
|
+
class Overrides::RegistrationsControllerTest < ActionDispatch::IntegrationTest
|
|
12
|
+
include OverridesControllersRoutes
|
|
13
|
+
|
|
14
|
+
describe Overrides::RegistrationsController do
|
|
15
|
+
describe 'Succesful Registration update' do
|
|
16
|
+
before do
|
|
17
|
+
@existing_user = create(:user, :confirmed)
|
|
18
|
+
@auth_headers = @existing_user.create_new_auth_token
|
|
19
|
+
@client_id = @auth_headers['client']
|
|
20
|
+
@favorite_color = 'pink'
|
|
21
|
+
|
|
22
|
+
# ensure request is not treated as batch request
|
|
23
|
+
age_token(@existing_user, @client_id)
|
|
24
|
+
|
|
25
|
+
# test valid update param
|
|
26
|
+
@new_operating_thetan = 1_000_000
|
|
27
|
+
|
|
28
|
+
put '/evil_user_auth',
|
|
29
|
+
params: { favorite_color: @favorite_color },
|
|
30
|
+
headers: @auth_headers
|
|
31
|
+
|
|
32
|
+
@data = JSON.parse(response.body)
|
|
33
|
+
@existing_user.reload
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
test 'user was updated' do
|
|
37
|
+
assert_equal @favorite_color, @existing_user.favorite_color
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
test 'controller was overridden' do
|
|
41
|
+
assert_equal Overrides::RegistrationsController::OVERRIDE_PROOF,
|
|
42
|
+
@data['override_proof']
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'test_helper'
|
|
4
|
+
|
|
5
|
+
# was the web request successful?
|
|
6
|
+
# was the user redirected to the right page?
|
|
7
|
+
# was the user successfully authenticated?
|
|
8
|
+
# was the correct object stored in the response?
|
|
9
|
+
# was the appropriate message delivered in the json payload?
|
|
10
|
+
|
|
11
|
+
class Overrides::RegistrationsControllerTest < ActionDispatch::IntegrationTest
|
|
12
|
+
include OverridesControllersRoutes
|
|
13
|
+
|
|
14
|
+
describe Overrides::RegistrationsController do
|
|
15
|
+
before do
|
|
16
|
+
@existing_user = create(:user, :confirmed)
|
|
17
|
+
|
|
18
|
+
post '/evil_user_auth/sign_in',
|
|
19
|
+
params: { email: @existing_user.email,
|
|
20
|
+
password: @existing_user.password }
|
|
21
|
+
|
|
22
|
+
@resource = assigns(:resource)
|
|
23
|
+
@data = JSON.parse(response.body)
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
test 'request should succeed' do
|
|
27
|
+
assert_equal 200, response.status
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
test 'controller was overridden' do
|
|
31
|
+
assert_equal Overrides::RegistrationsController::OVERRIDE_PROOF,
|
|
32
|
+
@data['override_proof']
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'test_helper'
|
|
4
|
+
|
|
5
|
+
# was the web request successful?
|
|
6
|
+
# was the user redirected to the right page?
|
|
7
|
+
# was the user successfully authenticated?
|
|
8
|
+
# was the correct object stored in the response?
|
|
9
|
+
# was the appropriate message delivered in the json payload?
|
|
10
|
+
|
|
11
|
+
class Overrides::TokenValidationsControllerTest < ActionDispatch::IntegrationTest
|
|
12
|
+
include OverridesControllersRoutes
|
|
13
|
+
|
|
14
|
+
describe Overrides::TokenValidationsController do
|
|
15
|
+
before do
|
|
16
|
+
@resource = create(:user, :confirmed)
|
|
17
|
+
|
|
18
|
+
@auth_headers = @resource.create_new_auth_token
|
|
19
|
+
|
|
20
|
+
@token = @auth_headers['access-token']
|
|
21
|
+
@client_id = @auth_headers['client']
|
|
22
|
+
@expiry = @auth_headers['expiry']
|
|
23
|
+
|
|
24
|
+
# ensure that request is not treated as batch request
|
|
25
|
+
age_token(@resource, @client_id)
|
|
26
|
+
|
|
27
|
+
get '/evil_user_auth/validate_token',
|
|
28
|
+
params: {},
|
|
29
|
+
headers: @auth_headers
|
|
30
|
+
|
|
31
|
+
@resp = JSON.parse(response.body)
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
test 'token valid' do
|
|
35
|
+
assert_equal 200, response.status
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
test 'controller was overridden' do
|
|
39
|
+
assert_equal Overrides::TokenValidationsController::OVERRIDE_PROOF,
|
|
40
|
+
@resp['override_proof']
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
== README
|
|
2
|
+
|
|
3
|
+
This README would normally document whatever steps are necessary to get the
|
|
4
|
+
application up and running.
|
|
5
|
+
|
|
6
|
+
Things you may want to cover:
|
|
7
|
+
|
|
8
|
+
* Ruby version
|
|
9
|
+
|
|
10
|
+
* System dependencies
|
|
11
|
+
|
|
12
|
+
* Configuration
|
|
13
|
+
|
|
14
|
+
* Database creation
|
|
15
|
+
|
|
16
|
+
* Database initialization
|
|
17
|
+
|
|
18
|
+
* How to run the test suite
|
|
19
|
+
|
|
20
|
+
* Services (job queues, cache servers, search engines, etc.)
|
|
21
|
+
|
|
22
|
+
* Deployment instructions
|
|
23
|
+
|
|
24
|
+
* ...
|
|
25
|
+
|
|
26
|
+
|
|
27
|
+
Please feel free to use a different markup language if you do not plan to run
|
|
28
|
+
<tt>rake doc:app</tt>.
|