devise_token_auth_multi_email 0.9.3 → 0.9.5

data/test/lib/devise_token_auth/controllers/helpers_test.rb

@@ -0,0 +1,402 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+# Tests for DeviseTokenAuth::Controllers::Helpers
+#
+# The Helpers module:
+#  - Defines instance methods per mapping via .define_helpers (authenticate_X!,
+#    X_signed_in?, current_X, X_session, render_authenticate_error)
+#  - Defines group methods via .devise_token_auth_group (authenticate_G!,
+#    G_signed_in?, current_G, current_Gs, set_group_user_by_token,
+#    render_authenticate_error)
+#  - Overrides ClassMethods#log_process_action to default status to 401
+
+class DeviseTokenAuth::Controllers::HelpersTest < ActionDispatch::IntegrationTest
+  include Warden::Test::Helpers
+
+  # ------------------------------------------------------------------
+  # describe_helpers: methods generated by define_helpers
+  # These are exercised via /demo/members_only (DemoUserController, :user
+  # mapping) and /demo/members_only_mang (DemoMangController, :mang mapping).
+  # ------------------------------------------------------------------
+  describe 'define_helpers – generated instance methods' do
+    describe 'authenticate_user!' do
+      describe 'when user is not authenticated' do
+        before do
+          get '/demo/members_only', params: {}, headers: {}
+        end
+
+        it 'returns 401' do
+          assert_equal 401, response.status
+        end
+
+        it 'returns an unauthenticated error JSON body' do
+          body = JSON.parse(response.body)
+          assert_includes body['errors'], I18n.t('devise.failure.unauthenticated')
+        end
+
+        it 'does not return auth headers' do
+          refute response.headers['access-token']
+        end
+      end
+
+      describe 'when user is authenticated' do
+        before do
+          @resource = create(:user, :confirmed)
+          @auth_headers = @resource.create_new_auth_token
+          age_token(@resource, @auth_headers['client'])
+
+          get '/demo/members_only', params: {}, headers: @auth_headers
+        end
+
+        it 'returns 200' do
+          assert_equal 200, response.status
+        end
+
+        it 'returns a new access token' do
+          assert response.headers['access-token'].present?
+        end
+      end
+    end
+
+    describe 'user_signed_in?' do
+      describe 'when user is authenticated' do
+        before do
+          @resource = create(:user, :confirmed)
+          @auth_headers = @resource.create_new_auth_token
+          age_token(@resource, @auth_headers['client'])
+
+          get '/demo/members_only', params: {}, headers: @auth_headers
+        end
+
+        it 'returns true' do
+          assert @controller.user_signed_in?
+        end
+      end
+
+      describe 'when user is not authenticated' do
+        before do
+          get '/demo/members_only', params: {}, headers: {}
+        end
+
+        it 'returns false' do
+          refute @controller.user_signed_in?
+        end
+      end
+    end
+
+    describe 'current_user' do
+      before do
+        @resource = create(:user, :confirmed)
+        @auth_headers = @resource.create_new_auth_token
+        age_token(@resource, @auth_headers['client'])
+
+        get '/demo/members_only', params: {}, headers: @auth_headers
+      end
+
+      it 'returns the authenticated user' do
+        assert_equal @resource, @controller.current_user
+      end
+
+      it 'memoizes the result (same object on repeated calls)' do
+        first  = @controller.current_user
+        second = @controller.current_user
+        assert_same first, second
+      end
+    end
+
+    describe 'user_session' do
+      describe 'when user is authenticated' do
+        before do
+          @resource = create(:user, :confirmed)
+          @auth_headers = @resource.create_new_auth_token
+          age_token(@resource, @auth_headers['client'])
+
+          get '/demo/members_only', params: {}, headers: @auth_headers
+        end
+
+        it 'returns a non-nil session object' do
+          assert_not_nil @controller.user_session
+        end
+      end
+
+      describe 'when user is not authenticated' do
+        before do
+          get '/demo/members_only', params: {}, headers: {}
+        end
+
+        it 'returns nil' do
+          assert_nil @controller.user_session
+        end
+      end
+    end
+
+    describe 'mang_signed_in? and current_mang – different mapping' do
+      describe 'when mang is authenticated' do
+        before do
+          @mang = create(:mang_user, :confirmed)
+          @auth_headers = @mang.create_new_auth_token
+          age_token(@mang, @auth_headers['client'])
+
+          get '/demo/members_only_mang', params: {}, headers: @auth_headers
+        end
+
+        it 'returns 200' do
+          assert_equal 200, response.status
+        end
+
+        it 'mang_signed_in? returns true' do
+          assert @controller.mang_signed_in?
+        end
+
+        it 'current_mang returns the authenticated mang' do
+          assert_equal @mang, @controller.current_mang
+        end
+
+        it 'user_signed_in? returns false (different mapping)' do
+          refute @controller.user_signed_in?
+        end
+      end
+    end
+
+    describe 'render_authenticate_error' do
+      before do
+        get '/demo/members_only', params: {}, headers: {}
+      end
+
+      it 'returns a JSON body with an errors key' do
+        body = JSON.parse(response.body)
+        assert body.key?('errors'), 'response body should have an "errors" key'
+      end
+
+      it 'errors array contains the unauthenticated message' do
+        body = JSON.parse(response.body)
+        assert_includes body['errors'], I18n.t('devise.failure.unauthenticated')
+      end
+
+      it 'sets Content-Type to application/json' do
+        assert_match %r{application/json}, response.content_type
+      end
+    end
+  end
+
+  # ------------------------------------------------------------------
+  # devise_token_auth_group – methods generated for a group mapping
+  # Exercised via /demo/members_only_group (DemoGroupController, :member
+  # group containing :user and :mang).
+  # ------------------------------------------------------------------
+  describe 'devise_token_auth_group – generated group methods' do
+    describe 'authenticate_member!' do
+      describe 'when no group member is authenticated' do
+        before do
+          get '/demo/members_only_group', params: {}, headers: {}
+        end
+
+        it 'returns 401' do
+          assert_equal 401, response.status
+        end
+
+        it 'returns an unauthenticated error JSON body' do
+          body = JSON.parse(response.body)
+          assert_includes body['errors'], I18n.t('devise.failure.unauthenticated')
+        end
+      end
+
+      describe 'when a user (first mapping) is authenticated' do
+        before do
+          @resource = create(:user, :confirmed)
+          @auth_headers = @resource.create_new_auth_token
+          age_token(@resource, @auth_headers['client'])
+
+          get '/demo/members_only_group', params: {}, headers: @auth_headers
+        end
+
+        it 'returns 200' do
+          assert_equal 200, response.status
+        end
+      end
+
+      describe 'when a mang (second mapping) is authenticated' do
+        before do
+          @mang = create(:mang_user, :confirmed)
+          @auth_headers = @mang.create_new_auth_token
+          age_token(@mang, @auth_headers['client'])
+
+          get '/demo/members_only_group', params: {}, headers: @auth_headers
+        end
+
+        it 'returns 200' do
+          assert_equal 200, response.status
+        end
+      end
+    end
+
+    describe 'member_signed_in?' do
+      describe 'when user is authenticated' do
+        before do
+          @resource = create(:user, :confirmed)
+          @auth_headers = @resource.create_new_auth_token
+          age_token(@resource, @auth_headers['client'])
+
+          get '/demo/members_only_group', params: {}, headers: @auth_headers
+        end
+
+        it 'returns true' do
+          assert @controller.member_signed_in?
+        end
+      end
+
+      describe 'when mang is authenticated' do
+        before do
+          @mang = create(:mang_user, :confirmed)
+          @auth_headers = @mang.create_new_auth_token
+          age_token(@mang, @auth_headers['client'])
+
+          get '/demo/members_only_group', params: {}, headers: @auth_headers
+        end
+
+        it 'returns true' do
+          assert @controller.member_signed_in?
+        end
+      end
+
+      describe 'when no one is authenticated' do
+        before do
+          get '/demo/members_only_group', params: {}, headers: {}
+        end
+
+        it 'returns false' do
+          refute @controller.member_signed_in?
+        end
+      end
+    end
+
+    describe 'current_member' do
+      describe 'when user is authenticated' do
+        before do
+          @resource = create(:user, :confirmed)
+          @auth_headers = @resource.create_new_auth_token
+          age_token(@resource, @auth_headers['client'])
+
+          get '/demo/members_only_group', params: {}, headers: @auth_headers
+        end
+
+        it 'returns the authenticated user as current member' do
+          assert_equal @resource, @controller.current_member
+        end
+
+        it 'memoizes the result' do
+          first  = @controller.current_member
+          second = @controller.current_member
+          assert_same first, second
+        end
+      end
+
+      describe 'when mang is authenticated' do
+        before do
+          @mang = create(:mang_user, :confirmed)
+          @auth_headers = @mang.create_new_auth_token
+          age_token(@mang, @auth_headers['client'])
+
+          get '/demo/members_only_group', params: {}, headers: @auth_headers
+        end
+
+        it 'returns the authenticated mang as current member' do
+          assert_equal @mang, @controller.current_member
+        end
+      end
+    end
+
+    describe 'current_members' do
+      describe 'when user is authenticated' do
+        before do
+          @resource = create(:user, :confirmed)
+          @auth_headers = @resource.create_new_auth_token
+          age_token(@resource, @auth_headers['client'])
+
+          get '/demo/members_only_group', params: {}, headers: @auth_headers
+        end
+
+        it 'includes the authenticated user' do
+          assert_includes @controller.current_members, @resource
+        end
+
+        it 'does not include unauthenticated users' do
+          other = create(:user, :confirmed)
+          refute_includes @controller.current_members, other
+        end
+      end
+
+      describe 'when mang is authenticated' do
+        before do
+          @mang = create(:mang_user, :confirmed)
+          @auth_headers = @mang.create_new_auth_token
+          age_token(@mang, @auth_headers['client'])
+
+          get '/demo/members_only_group', params: {}, headers: @auth_headers
+        end
+
+        it 'includes the authenticated mang' do
+          assert_includes @controller.current_members, @mang
+        end
+      end
+
+      describe 'when no one is authenticated' do
+        before do
+          get '/demo/members_only_group', params: {}, headers: {}
+        end
+
+        it 'returns an empty array' do
+          assert_empty @controller.current_members
+        end
+      end
+    end
+
+    describe 'render_authenticate_error (group)' do
+      before do
+        get '/demo/members_only_group', params: {}, headers: {}
+      end
+
+      it 'returns 401 status' do
+        assert_equal 401, response.status
+      end
+
+      it 'returns a JSON body with an errors key containing unauthenticated message' do
+        body = JSON.parse(response.body)
+        assert_includes body['errors'], I18n.t('devise.failure.unauthenticated')
+      end
+    end
+  end
+
+  # ------------------------------------------------------------------
+  # log_process_action – ClassMethods override
+  # Sets payload[:status] to 401 when no status is present and no
+  # exception is raised.
+  # ------------------------------------------------------------------
+  describe 'ClassMethods#log_process_action' do
+    let(:controller_class) { DemoUserController }
+
+    it 'sets status to 401 when payload has no status and no exception' do
+      payload = {}
+      controller_class.log_process_action(payload)
+      assert_equal 401, payload[:status]
+    end
+
+    it 'preserves an existing status in the payload' do
+      payload = { status: 200 }
+      controller_class.log_process_action(payload)
+      assert_equal 200, payload[:status]
+    end
+
+    it 'does not set status when an exception is present' do
+      payload = { exception: ['RuntimeError', 'boom'] }
+      controller_class.log_process_action(payload)
+      refute payload.key?(:status), 'status should not be set when an exception is present'
+    end
+
+    it 'is defined on the controller class' do
+      assert controller_class.respond_to?(:log_process_action)
+    end
+  end
+end

data/test/lib/devise_token_auth/token_factory_test.rb

@@ -22,9 +22,9 @@ class DeviseTokenAuth::TokenFactoryTest < ActiveSupport::TestCase
         assert_equal(secure_string.size, 22)
         assert_match(token_regexp, secure_string)
 
-        SecureRandom.stub(:urlsafe_base64, secure_string) do
-          assert_equal(tf.secure_string, secure_string)
-        end
+        SecureRandom.stubs(:urlsafe_base64).returns(secure_string)
+        assert_equal(tf.secure_string, secure_string)
+        SecureRandom.unstub(:urlsafe_base64)
       end
 
       it '::client' do
@@ -35,9 +35,9 @@ class DeviseTokenAuth::TokenFactoryTest < ActiveSupport::TestCase
         assert_match(token_regexp, client)
 
         secure_string = tf.secure_string
-        tf.stub(:secure_string, secure_string) do
-          assert_equal(tf.client, secure_string)
-        end
+        tf.stubs(:secure_string).returns(secure_string)
+        assert_equal(tf.client, secure_string)
+        tf.unstub(:secure_string)
       end
 
       it '::token' do
@@ -49,9 +49,9 @@ class DeviseTokenAuth::TokenFactoryTest < ActiveSupport::TestCase
         assert_match(token_regexp, token)
 
         secure_string = tf.secure_string
-        tf.stub(:secure_string, secure_string) do
-          assert_equal(tf.token, secure_string)
-        end
+        tf.stubs(:secure_string).returns(secure_string)
+        assert_equal(tf.token, secure_string)
+        tf.unstub(:secure_string)
       end
 
       it '::token_hash(args)' do
@@ -84,12 +84,12 @@ class DeviseTokenAuth::TokenFactoryTest < ActiveSupport::TestCase
 
       it '::expiry(args)' do
         time = Time.now
-        Time.stub(:now, time) do
-          assert_equal(tf.expiry(lifespan), (time + lifespan).to_i)
+        Time.stubs(:now).returns(time)
+        assert_equal(tf.expiry(lifespan), (time + lifespan).to_i)
 
-          lifespan = nil
-          assert_equal(tf.expiry(lifespan), (time + DeviseTokenAuth.token_lifespan).to_i)
-        end
+        lifespan = nil
+        assert_equal(tf.expiry(lifespan), (time + DeviseTokenAuth.token_lifespan).to_i)
+        Time.unstub(:now)
       end
 
       it '::create' do
@@ -106,10 +106,10 @@ class DeviseTokenAuth::TokenFactoryTest < ActiveSupport::TestCase
         assert_equal(token.client, client)
 
         time = Time.now
-        Time.stub(:now, time) do
-          token = tf.create(lifespan: lifespan)
-          assert_equal(token.expiry, (time + lifespan).to_i)
-        end
+        Time.stubs(:now).returns(time)
+        token = tf.create(lifespan: lifespan)
+        assert_equal(token.expiry, (time + lifespan).to_i)
+        Time.unstub(:now)
 
         token = tf.create(cost: cost)
         token_cost = token_hash_cost_regexp.match(token.token_hash)[1].to_i

data/test/lib/generators/devise_token_auth/install_generator_test.rb

@@ -213,5 +213,65 @@ module DeviseTokenAuth
         end
       end
     end
+
+    describe 'rails api application controller' do
+      setup :prepare_destination
+
+      before do
+        @dir = File.join(destination_root, 'app', 'controllers')
+        @fname = File.join(@dir, 'application_controller.rb')
+        FileUtils.mkdir_p(@dir)
+
+        File.open(@fname, 'w') do |f|
+          f.write <<-RUBY
+            class ApplicationController < ActionController::API
+              def whatever
+                'whatever'
+              end
+            end
+          RUBY
+        end
+
+        run_generator
+      end
+
+      test 'controller concern is appended to rails api application controller' do
+        assert_file 'app/controllers/application_controller.rb' do |controller|
+          assert_match(/include DeviseTokenAuth::Concerns::SetUserByToken/, controller)
+        end
+      end
+
+      test 'subsequent runs do not modify rails api application controller' do
+        run_generator
+        assert_file 'app/controllers/application_controller.rb' do |controller|
+          matches = controller.scan(/include DeviseTokenAuth::Concerns::SetUserByToken/m).size
+          assert_equal 1, matches
+        end
+      end
+    end
+
+    describe 'missing application controller' do
+      setup :prepare_destination
+
+      before do
+        run_generator
+      end
+
+      test 'generator does not raise when application_controller.rb is absent' do
+        assert_no_file 'app/controllers/application_controller.rb'
+      end
+    end
+
+    describe 'missing routes file' do
+      setup :prepare_destination
+
+      before do
+        run_generator
+      end
+
+      test 'generator does not raise when config/routes.rb is absent' do
+        assert_no_file 'config/routes.rb'
+      end
+    end
   end
 end

data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb

@@ -6,7 +6,7 @@ require 'generators/devise_token_auth/install_generator' if DEVISE_TOKEN_AUTH_OR
 require 'generators/devise_token_auth/install_mongoid_generator' if DEVISE_TOKEN_AUTH_ORM == :mongoid
 
 module DeviseTokenAuth
-  class InstallGeneratorTest < Rails::Generators::TestCase
+  class InstallGeneratorWithNamespaceTest < Rails::Generators::TestCase
     tests InstallGenerator        if DEVISE_TOKEN_AUTH_ORM == :active_record
     tests InstallMongoidGenerator if DEVISE_TOKEN_AUTH_ORM == :mongoid
     destination Rails.root.join('tmp/generators')