devise_token_auth_multi_email 0.9.0

data/test/models/user_test.rb

@@ -0,0 +1,224 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class UserTest < ActiveSupport::TestCase
+  describe User do
+    describe 'serialization' do
+      test 'hash should not include sensitive info' do
+        @resource = build(:user)
+        refute @resource.as_json[:tokens]
+      end
+    end
+
+    describe 'creation' do
+      test 'save fails if uid is missing' do
+        @resource = User.new
+        @resource.uid = nil
+        @resource.save
+
+        assert @resource.errors.messages[:uid]
+      end
+    end
+
+    describe 'email registration' do
+      test 'model should not save if email is blank' do
+        @resource = build(:user, email: nil)
+
+        refute @resource.save
+        assert @resource.errors.messages[:email] == [I18n.t('errors.messages.blank')]
+      end
+
+      test 'model should not save if email is not an email' do
+        @resource = build(:user, email: '@example.com')
+
+        refute @resource.save
+        assert @resource.errors.messages[:email] == [I18n.t('errors.messages.not_email')]
+      end
+    end
+
+    describe 'email uniqueness' do
+      test 'model should not save if email is taken' do
+        user_attributes = attributes_for(:user)
+        create(:user, user_attributes)
+        @resource = build(:user, user_attributes)
+
+        refute @resource.save
+        assert @resource.errors.messages[:email].first.include? 'taken'
+        assert @resource.errors.messages[:email].none? { |e| e =~ /translation missing/ }
+      end
+    end
+
+    describe 'oauth2 authentication' do
+      test 'model should save even if email is blank' do
+        @resource = build(:user, :facebook, email: nil)
+
+        assert @resource.save
+        assert @resource.errors.messages[:email].blank?
+      end
+    end
+
+    describe 'token expiry' do
+      before do
+        @resource = create(:user, :confirmed)
+
+        @auth_headers = @resource.create_new_auth_token
+
+        @token     = @auth_headers['access-token']
+        @client_id = @auth_headers['client']
+      end
+
+      test 'should properly indicate whether token is current' do
+        assert @resource.token_is_current?(@token, @client_id)
+        # we want to update the expiry without forcing a cleanup (see below)
+        @resource.tokens[@client_id]['expiry'] = Time.zone.now.to_i - 10.seconds
+        refute @resource.token_is_current?(@token, @client_id)
+      end
+    end
+
+    describe 'previous token' do
+      before do
+        @resource = create(:user, :confirmed)
+
+        @auth_headers1 = @resource.create_new_auth_token
+      end
+
+      test 'should properly indicate whether previous token is current' do
+        assert @resource.token_is_current?(@auth_headers1['access-token'], @auth_headers1['client'])
+        # create another token, emulating a new request
+        @auth_headers2 = @resource.create_new_auth_token
+
+        # should work for previous token
+        assert @resource.token_is_current?(@auth_headers1['access-token'], @auth_headers1['client'])
+        # should work for latest token as well
+        assert @resource.token_is_current?(@auth_headers2['access-token'], @auth_headers2['client'])
+
+        # after using latest token, previous token should not work
+        assert @resource.token_is_current?(@auth_headers1['access-token'], @auth_headers1['client'])
+      end
+    end
+
+    describe 'expired tokens are destroyed on save' do
+      before do
+        @resource = create(:user, :confirmed)
+
+        @old_auth_headers = @resource.create_new_auth_token
+        @new_auth_headers = @resource.create_new_auth_token
+        expire_token(@resource, @old_auth_headers['client'])
+      end
+
+      test 'expired token was removed' do
+        refute @resource.tokens[@old_auth_headers[:client]]
+      end
+
+      test 'current token was not removed' do
+        assert @resource.tokens[@new_auth_headers['client']]
+      end
+    end
+
+    describe 'nil tokens are handled properly' do
+      before do
+        @resource = create(:user, :confirmed)
+      end
+
+      test 'tokens can be set to nil' do
+        @resource.tokens = nil
+        assert @resource.save
+      end
+    end
+  end
+
+  describe 'clean_old_tokens' do
+    before do
+      @resource = create(:user, :confirmed)
+      @token_lifespan = DeviseTokenAuth.token_lifespan
+      @max_client_count = DeviseTokenAuth.max_number_of_devices
+      DeviseTokenAuth.max_number_of_devices = 2
+      DeviseTokenAuth.token_lifespan = 1.week
+    end
+
+    after do
+      DeviseTokenAuth.token_lifespan = @token_lifespan
+      DeviseTokenAuth.max_number_of_devices = @max_client_count
+    end
+
+    test 'removes tokens with expiry beyond the maximum lifespan' do
+      # Create tokens with different expiry times
+      current_time = Time.now.to_i
+
+      max_lifespan = current_time + DeviseTokenAuth.token_lifespan.to_i
+
+      # Valid token within lifespan
+      @resource.tokens['valid_client'] = {
+        'token' => 'valid_token',
+        'expiry' => current_time + 1.day.to_i
+      }
+
+      # Token exactly at max lifespan (should be kept)
+      @resource.tokens['edge_client'] = {
+        'token' => 'edge_token',
+        'expiry' => max_lifespan
+      }
+
+      # Token beyond max lifespan (should be removed)
+      @resource.tokens['expired_client'] = {
+        'token' => 'expired_token',
+        'expiry' => max_lifespan + 1.day.to_i
+      }
+
+      # Call the method under test
+      @resource.send(:clean_old_tokens)
+
+      # Assert that tokens beyond lifespan were removed
+      assert @resource.tokens.key?('valid_client'), 'Valid token should be kept'
+      assert @resource.tokens.key?('edge_client'), 'Edge case token at max lifespan should be kept'
+      refute @resource.tokens.key?('expired_client'), 'Token beyond max lifespan should be removed'
+    end
+
+    test 'handles token lifespan reduction when creating token' do
+      # Setup: Create the maximum allowed number of tokens with a longer lifespan
+      DeviseTokenAuth.token_lifespan = 2.weeks
+      DeviseTokenAuth.max_number_of_devices = 3
+
+      # Create tokens at different times but all within the initial long lifespan
+      @resource.tokens = {}
+      @resource.tokens['client_1'] = {
+        'token' => 'token_1',
+        'expiry' => Time.now.to_i + 12.days.to_i
+      }
+
+      @resource.tokens['client_2'] = {
+        'token' => 'token_2',
+        'expiry' => Time.now.to_i + 10.days.to_i
+      }
+
+      @resource.tokens['client_3'] = {
+        'token' => 'token_3',
+        'expiry' => Time.now.to_i + 5.days.to_i
+      }
+
+      # We've reached the maximum number of devices/tokens
+      assert_equal 3, @resource.tokens.length
+
+      # Now reduce token lifespan - simulating a config change
+      DeviseTokenAuth.token_lifespan = 1.week
+
+      # Create a new token which should trigger clean_old_tokens
+      new_auth_headers = @resource.create_new_auth_token
+      new_client = new_auth_headers['client']
+
+      # The new token should exist
+      assert @resource.tokens.key?(new_client), 'New token should exist'
+
+      # Tokens exceeding the new reduced lifespan should be removed
+      refute @resource.tokens.key?('client_1'), 'Token with expiry > new lifespan should be removed'
+      refute @resource.tokens.key?('client_2'), 'Token with expiry > new lifespan should be removed'
+
+      # Token within new lifespan should be kept
+      assert @resource.tokens.key?('client_3'), 'Token within new reduced lifespan should be kept'
+
+      # We should have exactly 2 tokens: the new one and client_3
+      assert_equal 2, @resource.tokens.length
+    end
+  end
+end

data/test/support/controllers/routes.rb

@@ -0,0 +1,43 @@
+class Module
+  include Minitest::Spec::DSL
+end
+
+module ControllerRoutesAfterBlock
+  after do
+    Rails.application.reload_routes!
+  end
+end
+
+module CustomControllersRoutes
+  include ControllerRoutesAfterBlock
+
+  before do
+    Rails.application.routes.draw do
+      mount_devise_token_auth_for 'User', at: 'nice_user_auth', controllers: {
+        registrations: 'custom/registrations',
+        confirmations: 'custom/confirmations',
+        passwords: 'custom/passwords',
+        sessions: 'custom/sessions',
+        token_validations: 'custom/token_validations',
+        omniauth_callbacks: 'custom/omniauth_callbacks'
+      }
+    end
+  end
+end
+
+module OverridesControllersRoutes
+  include ControllerRoutesAfterBlock
+
+  before do
+    Rails.application.routes.draw do
+      mount_devise_token_auth_for 'User', at: 'evil_user_auth', controllers: {
+        confirmations:      'overrides/confirmations',
+        passwords:          'overrides/passwords',
+        omniauth_callbacks: 'overrides/omniauth_callbacks',
+        registrations:      'overrides/registrations',
+        sessions:           'overrides/sessions',
+        token_validations:  'overrides/token_validations'
+      }
+    end
+  end
+end

data/test/test_helper.rb

@@ -0,0 +1,134 @@
+# frozen_string_literal: true
+
+require 'simplecov'
+SimpleCov.formatter = SimpleCov::Formatter::HTMLFormatter
+SimpleCov.start 'rails' do
+  add_filter ['.bundle', 'test', 'config']
+end
+
+ENV['RAILS_ENV'] = 'test'
+DEVISE_TOKEN_AUTH_ORM = (ENV['DEVISE_TOKEN_AUTH_ORM'] || :active_record).to_sym
+
+puts "\n==> DeviseTokenAuth.orm = #{DEVISE_TOKEN_AUTH_ORM.inspect}"
+
+require File.expand_path('dummy/config/environment', __dir__)
+require 'active_support/testing/autorun'
+require 'minitest/rails'
+require 'mocha/minitest'
+if DEVISE_TOKEN_AUTH_ORM == :active_record
+  require 'database_cleaner'
+else
+  require 'database_cleaner/mongoid'
+end
+
+FactoryBot.definition_file_paths = [File.expand_path('factories', __dir__)]
+FactoryBot.find_definitions
+
+Dir[File.join(__dir__, 'support/**', '*.rb')].each { |file| require file }
+
+# I hate the default reporter. Use ProgressReporter instead.
+Minitest::Reporters.use! Minitest::Reporters::ProgressReporter.new
+
+class ActionDispatch::IntegrationTest
+  def follow_all_redirects!
+    follow_redirect! while response.status.to_s =~ /^3\d{2}/
+  end
+end
+
+class ActiveSupport::TestCase
+  include FactoryBot::Syntax::Methods
+
+  ActiveRecord::Migration.check_pending! if DEVISE_TOKEN_AUTH_ORM == :active_record
+
+  strategies = { active_record: :transaction,
+                 mongoid: :deletion }
+  DatabaseCleaner.strategy = strategies[DEVISE_TOKEN_AUTH_ORM]
+  setup { DatabaseCleaner.start }
+  teardown { DatabaseCleaner.clean }
+
+  # Add more helper methods to be used by all tests here...
+
+  # Execute the block setting the given values and restoring old values after
+  # the block is executed.
+  # shamelessly copied from devise test_helper.
+  def swap(object, new_values)
+    old_values = {}
+    new_values.each do |key, value|
+      old_values[key] = object.send key
+      object.send :"#{key}=", value
+    end
+    clear_cached_variables(new_values)
+    yield
+  ensure
+    clear_cached_variables(new_values)
+    old_values.each do |key, value|
+      object.send :"#{key}=", value
+    end
+  end
+
+  # shamelessly copied from devise test_helper.
+  def clear_cached_variables(options)
+    if options.key?(:case_insensitive_keys) || options.key?(:strip_whitespace_keys)
+      Devise.mappings.each do |_, mapping|
+        mapping.to.instance_variable_set(:@devise_parameter_filter, nil)
+      end
+    end
+  end
+
+  def age_token(user, client_id)
+    if user.tokens[client_id]
+      user.tokens[client_id]['updated_at'] = (Time.zone.now - (DeviseTokenAuth.batch_request_buffer_throttle + 10.seconds))
+      user.save!
+    end
+  end
+
+  def expire_token(user, client_id)
+    if user.tokens[client_id]
+      user.tokens[client_id]['expiry'] = (Time.zone.now - (DeviseTokenAuth.token_lifespan.to_f + 10.seconds)).to_i
+      user.save!
+    end
+  end
+
+  # Suppress OmniAuth logger output
+  def silence_omniauth
+    previous_logger = OmniAuth.config.logger
+    OmniAuth.config.logger = Logger.new('/dev/null')
+    yield
+  ensure
+    OmniAuth.config.logger = previous_logger
+  end
+end
+
+class ActionController::TestCase
+  include Devise::Test::ControllerHelpers
+
+  setup do
+    @routes = Dummy::Application.routes
+    @request.env['devise.mapping'] = Devise.mappings[:user]
+  end
+end
+
+# TODO: remove it when support for Rails < 5 has been dropped
+module Rails
+  module Controller
+    module Testing
+      module Integration
+        %w[get post patch put head delete get_via_redirect post_via_redirect].each do |method|
+          define_method(method) do |path_or_action, **args|
+            if Rails::VERSION::MAJOR >= 5
+              super path_or_action, **args
+            else
+              super path_or_action, args[:params], args[:headers]
+            end
+          end
+        end
+      end
+    end
+  end
+end
+
+module ActionController
+  class TestCase
+    include Rails::Controller::Testing::Integration
+  end
+end