RubyGems - devise_token_auth_multi_email - Versions diffs - 0.9.3 → 0.9.5 - Mend

devise_token_auth_multi_email 0.9.3 → 0.9.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (48) hide show

data/test/lib/generators/devise_token_auth/install_mongoid_generator_test.rb ADDED Viewed

@@ -0,0 +1,218 @@
+# frozen_string_literal: true
+require 'test_helper'
+require 'fileutils'
+require 'generators/devise_token_auth/install_mongoid_generator'
+module DeviseTokenAuth
+  class InstallMongoidGeneratorTest < Rails::Generators::TestCase
+    tests InstallMongoidGenerator
+    destination Rails.root.join('tmp/generators')
+    describe 'default values, clean install' do
+      setup :prepare_destination
+      before do
+        run_generator
+      end
+      test 'user model is created from mongoid template' do
+        assert_file 'app/models/user.rb'
+      end
+      test 'created user model includes Mongoid::Document' do
+        assert_file 'app/models/user.rb' do |model|
+          assert_match(/include Mongoid::Document/, model)
+        end
+      end
+      test 'created user model includes Mongoid::Timestamps' do
+        assert_file 'app/models/user.rb' do |model|
+          assert_match(/include Mongoid::Timestamps/, model)
+        end
+      end
+      test 'created user model includes Mongoid::Locker' do
+        assert_file 'app/models/user.rb' do |model|
+          assert_match(/include Mongoid::Locker/, model)
+        end
+      end
+      test 'created user model declares locker fields' do
+        assert_file 'app/models/user.rb' do |model|
+          assert_match(/field :locker_locked_at/, model)
+          assert_match(/field :locker_locked_until/, model)
+        end
+      end
+      test 'created user model declares required devise token auth fields' do
+        assert_file 'app/models/user.rb' do |model|
+          assert_match(/field :provider/, model)
+          assert_match(/field :uid/, model)
+          assert_match(/field :tokens/, model)
+        end
+      end
+      test 'created user model includes devise' do
+        assert_file 'app/models/user.rb' do |model|
+          assert_match(/devise :database_authenticatable/, model)
+        end
+      end
+      test 'created user model includes DeviseTokenAuth concern' do
+        assert_file 'app/models/user.rb' do |model|
+          assert_match(/include DeviseTokenAuth::Concerns::User/, model)
+        end
+      end
+      test 'created user model declares uid_provider_index' do
+        assert_file 'app/models/user.rb' do |model|
+          assert_match(/uid_provider_index/, model)
+        end
+      end
+      test 'initializer is created' do
+        assert_file 'config/initializers/devise_token_auth.rb'
+      end
+      test 'subsequent runs raise no errors' do
+        run_generator
+      end
+    end
+    describe 'existing user model' do
+      setup :prepare_destination
+      before do
+        @dir = File.join(destination_root, 'app', 'models')
+        @fname = File.join(@dir, 'user.rb')
+        FileUtils.mkdir_p(@dir)
+        File.open(@fname, 'w') do |f|
+          f.write <<-'RUBY'
+            class User
+              def whatever
+                puts 'whatever'
+              end
+            end
+          RUBY
+        end
+        run_generator
+      end
+      test 'concern is injected into existing model' do
+        assert_file 'app/models/user.rb' do |model|
+          assert_match(/include DeviseTokenAuth::Concerns::User/, model)
+        end
+      end
+      test 'mongoid locker fields are injected into existing model' do
+        assert_file 'app/models/user.rb' do |model|
+          assert_match(/include Mongoid::Locker/, model)
+          assert_match(/field :locker_locked_at/, model)
+          assert_match(/field :locker_locked_until/, model)
+        end
+      end
+      test 'required fields are injected into existing model' do
+        assert_file 'app/models/user.rb' do |model|
+          assert_match(/field :provider/, model)
+          assert_match(/field :uid/, model)
+          assert_match(/field :tokens/, model)
+        end
+      end
+      test 'devise declaration is injected into existing model' do
+        assert_file 'app/models/user.rb' do |model|
+          assert_match(/devise :database_authenticatable/, model)
+        end
+      end
+      test 'index declaration is injected into existing model' do
+        assert_file 'app/models/user.rb' do |model|
+          assert_match(/uid_provider_index/, model)
+        end
+      end
+      test 'subsequent runs do not duplicate the concern inclusion' do
+        run_generator
+        assert_file 'app/models/user.rb' do |model|
+          matches = model.scan(/include DeviseTokenAuth::Concerns::User/m).size
+          assert_equal 1, matches
+        end
+      end
+    end
+    describe 'routes' do
+      setup :prepare_destination
+      before do
+        @dir = File.join(destination_root, 'config')
+        @fname = File.join(@dir, 'routes.rb')
+        FileUtils.mkdir_p(@dir)
+        File.open(@fname, 'w') do |f|
+          f.write <<-RUBY
+            Rails.application.routes.draw do
+              patch '/chong', to: 'bong#index'
+            end
+          RUBY
+        end
+        run_generator
+      end
+      test 'route method is appended to routes file' do
+        assert_file 'config/routes.rb' do |routes|
+          assert_match(/mount_devise_token_auth_for 'User', at: 'auth'/, routes)
+        end
+      end
+      test 'subsequent runs do not add duplicate routes' do
+        run_generator
+        assert_file 'config/routes.rb' do |routes|
+          matches = routes.scan(/mount_devise_token_auth_for 'User', at: 'auth'/m).size
+          assert_equal 1, matches
+        end
+      end
+    end
+    describe 'application controller' do
+      setup :prepare_destination
+      before do
+        @dir = File.join(destination_root, 'app', 'controllers')
+        @fname = File.join(@dir, 'application_controller.rb')
+        FileUtils.mkdir_p(@dir)
+        File.open(@fname, 'w') do |f|
+          f.write <<-RUBY
+            class ApplicationController < ActionController::Base
+              def whatever
+                'whatever'
+              end
+            end
+          RUBY
+        end
+        run_generator
+      end
+      test 'controller concern is appended to application controller' do
+        assert_file 'app/controllers/application_controller.rb' do |controller|
+          assert_match(/include DeviseTokenAuth::Concerns::SetUserByToken/, controller)
+        end
+      end
+      test 'subsequent runs do not duplicate the concern inclusion' do
+        run_generator
+        assert_file 'app/controllers/application_controller.rb' do |controller|
+          matches = controller.scan(/include DeviseTokenAuth::Concerns::SetUserByToken/m).size
+          assert_equal 1, matches
+        end
+      end
+    end
+  end
+end

data/test/models/multi_email_user_email_test.rb ADDED Viewed

@@ -0,0 +1,95 @@
+# frozen_string_literal: true
+require 'test_helper'
+# Tests for the MultiEmailUserEmail model — the email-record side of the
+# MultiEmailUser multi-email relationship.  These tests are ActiveRecord-only
+# because the model and its table only exist in AR runs.
+return unless DEVISE_TOKEN_AUTH_ORM == :active_record
+class MultiEmailUserEmailTest < ActiveSupport::TestCase
+  describe MultiEmailUserEmail do
+    # -------------------------------------------------------------------------
+    # Association
+    # -------------------------------------------------------------------------
+    describe 'association' do
+      test 'belongs_to user association points to MultiEmailUser' do
+        reflection = MultiEmailUserEmail.reflect_on_association(:user)
+        assert reflection, 'Expected a :user belongs_to association'
+        assert_equal 'MultiEmailUser', reflection.class_name
+      end
+      test 'foreign key for the user association is multi_email_user_id' do
+        reflection = MultiEmailUserEmail.reflect_on_association(:user)
+        assert_equal 'multi_email_user_id', reflection.foreign_key.to_s
+      end
+      test 'email record is destroyed when parent user is destroyed' do
+        user = MultiEmailUser.new(provider: 'email', uid: '')
+        user.emails.build(email: Faker::Internet.unique.email, primary: true)
+        user.password = user.password_confirmation = 'password123'
+        user.save(validate: false)
+        email_id = user.emails.first.id
+        user.destroy
+        refute MultiEmailUserEmail.exists?(email_id),
+               'Email record should be destroyed when the parent user is destroyed'
+      end
+    end
+    # -------------------------------------------------------------------------
+    # Primary flag
+    # -------------------------------------------------------------------------
+    describe 'primary column' do
+      test 'primary? returns true when primary is true' do
+        email_record = MultiEmailUserEmail.new(primary: true)
+        assert email_record.primary?
+      end
+      test 'primary? returns false when primary is false' do
+        email_record = MultiEmailUserEmail.new(primary: false)
+        refute email_record.primary?
+      end
+      test 'primary defaults to false' do
+        email_record = MultiEmailUserEmail.new
+        refute email_record.primary?,
+               'primary should default to false per the migration'
+      end
+    end
+    # -------------------------------------------------------------------------
+    # Email uniqueness (added by Devise::MultiEmail::EmailValidatable)
+    # -------------------------------------------------------------------------
+    describe 'email uniqueness' do
+      # Trigger ParentModelExtensions setup so EmailValidatable is included
+      before { MultiEmailUser }
+      test 'has an email UniquenessValidator (added by EmailValidatable)' do
+        assert MultiEmailUserEmail.validators_on(:email).any? { |v|
+          v.is_a?(ActiveRecord::Validations::UniquenessValidator)
+        }, 'Expected UniquenessValidator on MultiEmailUserEmail#email from EmailValidatable'
+      end
+      test 'two email records with the same address are invalid' do
+        shared_email = Faker::Internet.unique.email
+        user1 = MultiEmailUser.new(provider: 'email', uid: '')
+        user1.emails.build(email: shared_email, primary: true)
+        user1.password = user1.password_confirmation = 'password123'
+        user1.save(validate: false)
+        user2 = MultiEmailUser.new(provider: 'email', uid: '')
+        email_record = user2.emails.build(email: shared_email, primary: true)
+        user2.password = user2.password_confirmation = 'password123'
+        # The email record itself should fail uniqueness validation
+        refute email_record.valid?,
+               'Expected duplicate email record to be invalid'
+        assert email_record.errors[:email].any? { |e| e.include?('taken') },
+               "Expected 'taken' error on email, got: #{email_record.errors[:email].inspect}"
+      end
+    end
+  end
+end

data/test/models/multi_email_user_test.rb ADDED Viewed

@@ -0,0 +1,225 @@
+# frozen_string_literal: true
+require 'test_helper'
+# Tests for the MultiEmailUser model — the AR model that uses devise-multi_email
+# alongside DeviseTokenAuth.  These tests are ActiveRecord-only because
+# MultiEmailUser and its email association table are not available in Mongoid
+# runs.
+return unless DEVISE_TOKEN_AUTH_ORM == :active_record
+class MultiEmailUserTest < ActiveSupport::TestCase
+  describe MultiEmailUser do
+    # -------------------------------------------------------------------------
+    # Model configuration
+    # -------------------------------------------------------------------------
+    describe 'model configuration' do
+      test 'has multi_email_association class method (added by :multi_email_authenticatable)' do
+        assert MultiEmailUser.respond_to?(:multi_email_association)
+      end
+      test 'has emails has_many association' do
+        assert MultiEmailUser.reflect_on_association(:emails),
+               'Expected MultiEmailUser to have an :emails association'
+      end
+      test 'has find_by_email class method (added by MultiEmailAuthenticatable::ClassMethods)' do
+        assert MultiEmailUser.respond_to?(:find_by_email)
+      end
+      test 'does NOT carry a column-level email uniqueness validator' do
+        # email uniqueness is managed by the emails association table, not the
+        # user model itself
+        refute MultiEmailUser.validators_on(:email).any? { |v|
+          v.is_a?(ActiveRecord::Validations::UniquenessValidator)
+        }, 'MultiEmailUser should NOT have an email UniquenessValidator on the model'
+      end
+      test 'includes DeviseTokenAuth::Concerns::User' do
+        assert MultiEmailUser.ancestors.include?(DeviseTokenAuth::Concerns::User)
+      end
+      test 'has devise module multi_email_authenticatable' do
+        assert MultiEmailUser.devise_modules.include?(:multi_email_authenticatable)
+      end
+    end
+    # -------------------------------------------------------------------------
+    # Serialization
+    # -------------------------------------------------------------------------
+    describe 'serialization' do
+      test 'tokens are not exposed in as_json' do
+        @resource = build(:multi_email_user)
+        refute @resource.as_json.key?('tokens'),
+               'tokens should be excluded from as_json output'
+      end
+      test 'email is included in as_json via :methods delegation' do
+        # MultiEmailUser overrides as_json to include :email as a method so
+        # the delegated primary email appears in API responses.
+        @resource = build(:multi_email_user)
+        json_keys = @resource.as_json.keys
+        assert json_keys.include?('email'),
+               "Expected 'email' in as_json output, got: #{json_keys.inspect}"
+      end
+    end
+    # -------------------------------------------------------------------------
+    # Creation — uid is required for non-email (OAuth) providers
+    # -------------------------------------------------------------------------
+    describe 'creation' do
+      test 'save fails when uid is missing for OAuth provider' do
+        # For email providers, uid is auto-synced from the primary email via the
+        # sync_uid before_save callback.  The explicit presence validation on uid
+        # only applies to non-email (OAuth) providers.
+        @resource = MultiEmailUser.new(provider: 'facebook')
+        @resource.uid = nil
+        @resource.save
+        assert @resource.errors[:uid].present?,
+               'Expected a validation error on :uid when provider is non-email and uid is nil'
+      end
+    end
+    # -------------------------------------------------------------------------
+    # Email association and delegation
+    # -------------------------------------------------------------------------
+    describe 'email association' do
+      test 'email record is created when user is registered via the gem' do
+        # Simulate what the gem does: build a user and add an email record via
+        # the association directly (mirrors what :multi_email_authenticatable
+        # does internally on registration).
+        @resource = MultiEmailUser.new(provider: 'email', uid: '')
+        @resource.emails.build(email: Faker::Internet.unique.email, primary: true)
+        @resource.password = @resource.password_confirmation = 'password123'
+        @resource.save(validate: false) # bypass confirmable for unit test
+        assert_equal 1, @resource.emails.count
+      end
+      test 'primary email record is flagged as primary' do
+        @resource = MultiEmailUser.new(provider: 'email', uid: '')
+        email_addr = Faker::Internet.unique.email
+        @resource.emails.build(email: email_addr, primary: true)
+        @resource.password = @resource.password_confirmation = 'password123'
+        @resource.save(validate: false)
+        assert @resource.emails.first.primary?,
+               'Expected the first email record to be marked primary'
+      end
+      test 'email delegation returns the primary email address' do
+        @resource = MultiEmailUser.new(provider: 'email', uid: '')
+        email_addr = Faker::Internet.unique.email
+        @resource.emails.build(email: email_addr, primary: true)
+        @resource.password = @resource.password_confirmation = 'password123'
+        @resource.save(validate: false)
+        assert_equal email_addr, @resource.email
+      end
+    end
+    # -------------------------------------------------------------------------
+    # Token management — mirrors user_test.rb but for MultiEmailUser
+    # -------------------------------------------------------------------------
+    describe 'token expiry' do
+      before do
+        @resource = MultiEmailUser.new(provider: 'email', uid: '')
+        email_addr = Faker::Internet.unique.email
+        @resource.emails.build(email: email_addr, primary: true)
+        @resource.password = @resource.password_confirmation = 'password123'
+        @resource.save(validate: false)
+        @auth_headers = @resource.create_new_auth_token
+        @token        = @auth_headers['access-token']
+        @client_id    = @auth_headers['client']
+      end
+      test 'token_is_current? returns true for a fresh token' do
+        assert @resource.token_is_current?(@token, @client_id)
+      end
+      test 'token_is_current? returns false for an expired token' do
+        @resource.tokens[@client_id]['expiry'] = Time.zone.now.to_i - 10.seconds
+        refute @resource.token_is_current?(@token, @client_id)
+      end
+    end
+    describe 'valid_token?' do
+      before do
+        @resource = MultiEmailUser.new(provider: 'email', uid: '')
+        @resource.emails.build(email: Faker::Internet.unique.email, primary: true)
+        @resource.password = @resource.password_confirmation = 'password123'
+        @resource.save(validate: false)
+        @auth_headers = @resource.create_new_auth_token
+        @token        = @auth_headers['access-token']
+        @client_id    = @auth_headers['client']
+      end
+      test 'returns true for a valid token/client pair' do
+        assert @resource.valid_token?(@token, @client_id)
+      end
+      test 'returns false when client does not exist' do
+        refute @resource.valid_token?(@token, 'nonexistent_client')
+      end
+      test 'returns false when token is wrong' do
+        refute @resource.valid_token?('wrong_token', @client_id)
+      end
+    end
+    describe 'expired tokens are destroyed on save' do
+      before do
+        @resource = MultiEmailUser.new(provider: 'email', uid: '')
+        @resource.emails.build(email: Faker::Internet.unique.email, primary: true)
+        @resource.password = @resource.password_confirmation = 'password123'
+        @resource.save(validate: false)
+        @old_auth_headers = @resource.create_new_auth_token
+        @new_auth_headers = @resource.create_new_auth_token
+        expire_token(@resource, @old_auth_headers['client'])
+      end
+      test 'expired token is removed from tokens' do
+        refute @resource.tokens[@old_auth_headers['client']],
+               'Expired token should have been removed'
+      end
+      test 'current token is not removed' do
+        assert @resource.tokens[@new_auth_headers['client']],
+               'Current token should still be present'
+      end
+    end
+    describe 'nil tokens are handled properly' do
+      before do
+        @resource = MultiEmailUser.new(provider: 'email', uid: '')
+        @resource.emails.build(email: Faker::Internet.unique.email, primary: true)
+        @resource.password = @resource.password_confirmation = 'password123'
+        @resource.save(validate: false)
+      end
+      test 'tokens can be set to nil and record still saves' do
+        @resource.tokens = nil
+        assert @resource.save
+      end
+    end
+    # -------------------------------------------------------------------------
+    # Password requirements
+    # -------------------------------------------------------------------------
+    describe 'password_required?' do
+      test 'password is not required for OAuth (non-email) provider' do
+        @resource = MultiEmailUser.new(provider: 'facebook', uid: '12345')
+        refute @resource.password_required?
+      end
+      test 'password is required for email provider' do
+        @resource = MultiEmailUser.new(provider: 'email', uid: 'test@example.com')
+        assert @resource.password_required?
+      end
+    end
+  end
+end

data/test/test_helper.rb CHANGED Viewed

@@ -1,14 +1,16 @@
 # frozen_string_literal: true
 require 'simplecov'
-SimpleCov.formatter = SimpleCov::Formatter::HTMLFormatter
-SimpleCov.start 'rails' do
-  add_filter ['.bundle', 'test', 'config']
-end
 if ENV['CI']
   require 'coveralls'
-  Coveralls.wear!
+  SimpleCov.formatter = Coveralls::SimpleCov::Formatter
+else
+  SimpleCov.formatter = SimpleCov::Formatter::HTMLFormatter
+end
+SimpleCov.start 'rails' do
+  add_filter ['.bundle', 'test', 'config']
 end
 ENV['RAILS_ENV'] = 'test'
@@ -18,7 +20,11 @@ puts "\n==> DeviseTokenAuth.orm = #{DEVISE_TOKEN_AUTH_ORM.inspect}"
 require File.expand_path('dummy/config/environment', __dir__)
 require 'active_support/testing/autorun'
-require 'minitest/rails'
+# Replace minitest/rails with plain minitest to avoid SIGTRAP on Ruby 3.3.6/ARM64
+require 'minitest'
+require 'minitest/spec'
+require 'minitest/reporters'
+# Load mocha after minitest but before running tests
 require 'mocha/minitest'
 if DEVISE_TOKEN_AUTH_ORM == :active_record
   require 'database_cleaner'
@@ -48,11 +54,15 @@ class ActiveSupport::TestCase
     ActiveRecord::Migration.check_pending!
   end
-  strategies = { active_record: :transaction,
-                 mongoid: :deletion }
-  DatabaseCleaner.strategy = strategies[DEVISE_TOKEN_AUTH_ORM]
-  setup { DatabaseCleaner.start }
-  teardown { DatabaseCleaner.clean }
+  if DEVISE_TOKEN_AUTH_ORM == :active_record
+    DatabaseCleaner.strategy = :transaction
+    setup { DatabaseCleaner.start }
+    teardown { DatabaseCleaner.clean }
+  else
+    DatabaseCleaner[:mongoid].strategy = :deletion
+    setup { DatabaseCleaner[:mongoid].start }
+    teardown { DatabaseCleaner[:mongoid].clean }
+  end
   # Add more helper methods to be used by all tests here...