devise_token_auth_multitenancy 1.1.3.alpha1

data/test/models/concerns/mongoid_support_test.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+if DEVISE_TOKEN_AUTH_ORM == :mongoid
+  class DeviseTokenAuth::Concerns::MongoidSupportTest < ActiveSupport::TestCase
+    describe DeviseTokenAuth::Concerns::MongoidSupport do
+      before do
+        @user = create(:user)
+      end
+
+      describe '#as_json' do
+        test 'should be defined' do
+          assert @user.methods.include?(:as_json)
+        end
+
+        test 'should except _id attribute' do
+          refute @user.as_json.key?('_id')
+        end
+
+        test 'should return with id attribute' do
+          assert_equal @user._id.to_s, @user.as_json['id']
+        end
+
+        test 'should accept options' do
+          refute @user.as_json(except: [:created_at]).key?('created_at')
+        end
+      end
+    end
+  end
+end

data/test/models/concerns/tokens_serialization_test.rb

@@ -0,0 +1,70 @@
+require 'test_helper'
+
+if DEVISE_TOKEN_AUTH_ORM == :active_record
+  describe 'DeviseTokenAuth::Concerns::TokensSerialization' do
+    let(:ts) { DeviseTokenAuth::Concerns::TokensSerialization }
+    let(:user) { FactoryBot.create(:user) }
+    let(:tokens) do
+      # Сreate all possible token's attributes combinations
+      user.create_token
+      2.times { user.create_new_auth_token(user.tokens.first[0]) }
+      user.create_new_auth_token
+      user.create_token
+
+      user.tokens
+    end
+    let(:json) { JSON.generate(tokens) }
+
+    it 'is defined' do
+      assert_equal(ts.present?, true)
+      assert_kind_of(Module, ts)
+    end
+
+    describe '.load(json)' do
+      let(:default) { {} }
+
+      it 'is defined' do
+        assert_respond_to(ts, :load)
+      end
+
+      it 'handles nil' do
+        assert_equal(ts.load(nil), default)
+      end
+
+      it 'handles string' do
+        assert_equal(ts.load(json), JSON.parse(json))
+      end
+
+      it 'returns object of undesirable class' do
+        assert_equal(ts.load([]), [])
+      end
+    end
+
+    describe '.dump(object)' do
+      let(:default) { 'null' }
+
+      it 'is defined' do
+        assert_respond_to(ts, :dump)
+      end
+
+      it 'handles nil' do
+        assert_equal(ts.dump(nil), default)
+      end
+
+      it 'handles empty hash' do
+        assert_equal(ts.dump({}), '{}')
+      end
+
+      it 'deserialize tokens' do
+        assert_equal(ts.dump(tokens), json)
+      end
+
+      it 'removes nil values' do
+        new_tokens = tokens.dup
+        new_tokens[new_tokens.first[0]][:kos] = nil
+
+        assert_equal(ts.dump(tokens), ts.dump(new_tokens))
+      end
+    end
+  end
+end

data/test/models/confirmable_user_test.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class ConfirmableUserTest < ActiveSupport::TestCase
+  describe ConfirmableUser do
+    describe 'creation' do
+      test 'email should be saved' do
+        @resource = create(:confirmable_user)
+        assert @resource.email.present?
+      end
+    end
+
+    describe 'updating email' do
+      test 'new email should be saved to unconfirmed_email' do
+        @resource = create(:confirmable_user, email: 'old_address@example.com')
+        @resource.update(email: 'new_address@example.com')
+        assert @resource.unconfirmed_email == 'new_address@example.com'
+      end
+
+      test 'old email should be kept in email' do
+        @resource = create(:confirmable_user, email: 'old_address@example.com')
+        @resource.update(email: 'new_address@example.com')
+        assert @resource.email == 'old_address@example.com'
+      end
+
+      test 'confirmation_token should be changed' do
+        @resource = create(:confirmable_user, email: 'old_address@example.com')
+        old_token = @resource.confirmation_token
+        @resource.update(email: 'new_address@example.com')
+        assert @resource.confirmation_token != old_token
+      end
+    end
+  end
+end

data/test/models/only_email_user_test.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class OnlyEmailUserTest < ActiveSupport::TestCase
+  describe OnlyEmailUser do
+    test 'confirmable is disabled' do
+      refute OnlyEmailUser.method_defined?(:confirmation_token)
+      refute OnlyEmailUser.method_defined?(:confirmed_at)
+      refute OnlyEmailUser.method_defined?(:confirmation_sent_at)
+      refute OnlyEmailUser.method_defined?(:unconfirmed_email)
+    end
+
+    test 'lockable is disabled' do
+      refute OnlyEmailUser.method_defined?(:failed_attempts)
+      refute OnlyEmailUser.method_defined?(:unlock_token)
+      refute OnlyEmailUser.method_defined?(:locked_at)
+    end
+
+    test 'recoverable is disabled' do
+      refute OnlyEmailUser.method_defined?(:reset_password_token)
+      refute OnlyEmailUser.method_defined?(:reset_password_sent_at)
+    end
+
+    test 'rememberable is disabled' do
+      refute OnlyEmailUser.method_defined?(:remember_created_at)
+    end
+  end
+end

data/test/models/user_test.rb

@@ -0,0 +1,108 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class UserTest < ActiveSupport::TestCase
+  describe User do
+    describe 'serialization' do
+      test 'hash should not include sensitive info' do
+        @resource = build(:user)
+        refute @resource.as_json[:tokens]
+      end
+    end
+
+    describe 'creation' do
+      test 'save fails if uid is missing' do
+        @resource = User.new
+        @resource.uid = nil
+        @resource.save
+
+        assert @resource.errors.messages[:uid]
+      end
+    end
+
+    describe 'email registration' do
+      test 'model should not save if email is blank' do
+        @resource = build(:user, email: nil)
+
+        refute @resource.save
+        assert @resource.errors.messages[:email] == [I18n.t('errors.messages.blank')]
+      end
+
+      test 'model should not save if email is not an email' do
+        @resource = build(:user, email: '@example.com')
+
+        refute @resource.save
+        assert @resource.errors.messages[:email] == [I18n.t('errors.messages.not_email')]
+      end
+    end
+
+    describe 'email uniqueness' do
+      test 'model should not save if email is taken' do
+        user_attributes = attributes_for(:user)
+        create(:user, user_attributes)
+        @resource = build(:user, user_attributes)
+
+        refute @resource.save
+        assert @resource.errors.messages[:email].first.include? 'taken'
+        assert @resource.errors.messages[:email].none? { |e| e =~ /translation missing/ }
+      end
+    end
+
+    describe 'oauth2 authentication' do
+      test 'model should save even if email is blank' do
+        @resource = build(:user, :facebook, email: nil)
+
+        assert @resource.save
+        assert @resource.errors.messages[:email].blank?
+      end
+    end
+
+    describe 'token expiry' do
+      before do
+        @resource = create(:user, :confirmed)
+
+        @auth_headers = @resource.create_new_auth_token
+
+        @token     = @auth_headers['access-token']
+        @client_id = @auth_headers['client']
+      end
+
+      test 'should properly indicate whether token is current' do
+        assert @resource.token_is_current?(@token, @client_id)
+        # we want to update the expiry without forcing a cleanup (see below)
+        @resource.tokens[@client_id]['expiry'] = Time.zone.now.to_i - 10.seconds
+        refute @resource.token_is_current?(@token, @client_id)
+      end
+    end
+
+    describe 'expired tokens are destroyed on save' do
+      before do
+        @resource = create(:user, :confirmed)
+
+        @old_auth_headers = @resource.create_new_auth_token
+        @new_auth_headers = @resource.create_new_auth_token
+        expire_token(@resource, @old_auth_headers['client'])
+      end
+
+      test 'expired token was removed' do
+        refute @resource.tokens[@old_auth_headers[:client]]
+      end
+
+      test 'current token was not removed' do
+        assert @resource.tokens[@new_auth_headers['client']]
+      end
+    end
+
+    describe 'nil tokens are handled properly' do
+      before do
+        @resource = create(:user, :confirmed)
+      end
+
+      test 'tokens can be set to nil' do
+        @resource.tokens = nil
+        assert @resource.save
+      end
+    end
+  end
+end

data/test/support/controllers/routes.rb

@@ -0,0 +1,43 @@
+class Module
+  include Minitest::Spec::DSL
+end
+
+module ControllerRoutesAfterBlock
+  after do
+    Rails.application.reload_routes!
+  end
+end
+
+module CustomControllersRoutes
+  include ControllerRoutesAfterBlock
+
+  before do
+    Rails.application.routes.draw do
+      mount_devise_token_auth_for 'User', at: 'nice_user_auth', controllers: {
+        registrations: 'custom/registrations',
+        confirmations: 'custom/confirmations',
+        passwords: 'custom/passwords',
+        sessions: 'custom/sessions',
+        token_validations: 'custom/token_validations',
+        omniauth_callbacks: 'custom/omniauth_callbacks'
+      }
+    end
+  end
+end
+
+module OverridesControllersRoutes
+  include ControllerRoutesAfterBlock
+
+  before do
+    Rails.application.routes.draw do
+      mount_devise_token_auth_for 'User', at: 'evil_user_auth', controllers: {
+        confirmations:      'overrides/confirmations',
+        passwords:          'overrides/passwords',
+        omniauth_callbacks: 'overrides/omniauth_callbacks',
+        registrations:      'overrides/registrations',
+        sessions:           'overrides/sessions',
+        token_validations:  'overrides/token_validations'
+      }
+    end
+  end
+end

data/test/test_helper.rb

@@ -0,0 +1,103 @@
+# frozen_string_literal: true
+
+require 'simplecov'
+SimpleCov.formatter = SimpleCov::Formatter::HTMLFormatter
+SimpleCov.start 'rails' do
+  add_filter ['.bundle', 'test', 'config']
+end
+
+ENV['RAILS_ENV'] = 'test'
+DEVISE_TOKEN_AUTH_ORM = (ENV['DEVISE_TOKEN_AUTH_ORM'] || :active_record).to_sym
+
+puts "\n==> DeviseTokenAuth.orm = #{DEVISE_TOKEN_AUTH_ORM.inspect}"
+
+require File.expand_path('dummy/config/environment', __dir__)
+require 'active_support/testing/autorun'
+require 'minitest/rails'
+require 'mocha/minitest'
+require 'database_cleaner'
+
+FactoryBot.definition_file_paths = [File.expand_path('factories', __dir__)]
+FactoryBot.find_definitions
+
+Dir[File.join(__dir__, 'support/**', '*.rb')].each { |file| require file }
+
+# I hate the default reporter. Use ProgressReporter instead.
+Minitest::Reporters.use! Minitest::Reporters::ProgressReporter.new
+
+class ActionDispatch::IntegrationTest
+  def follow_all_redirects!
+    follow_redirect! while response.status.to_s =~ /^3\d{2}/
+  end
+end
+
+class ActiveSupport::TestCase
+  include FactoryBot::Syntax::Methods
+
+  ActiveRecord::Migration.check_pending! if DEVISE_TOKEN_AUTH_ORM == :active_record
+
+  strategies = { active_record: :transaction,
+                 mongoid: :truncation }
+  DatabaseCleaner.strategy = strategies[DEVISE_TOKEN_AUTH_ORM]
+  setup { DatabaseCleaner.start }
+  teardown { DatabaseCleaner.clean }
+
+  # Add more helper methods to be used by all tests here...
+
+  def age_token(user, client_id)
+    if user.tokens[client_id]
+      user.tokens[client_id]['updated_at'] = (Time.zone.now - (DeviseTokenAuth.batch_request_buffer_throttle + 10.seconds)).to_s(:rfc822)
+      user.save!
+    end
+  end
+
+  def expire_token(user, client_id)
+    if user.tokens[client_id]
+      user.tokens[client_id]['expiry'] = (Time.zone.now - (DeviseTokenAuth.token_lifespan.to_f + 10.seconds)).to_i
+      user.save!
+    end
+  end
+
+  # Suppress OmniAuth logger output
+  def silence_omniauth
+    previous_logger = OmniAuth.config.logger
+    OmniAuth.config.logger = Logger.new('/dev/null')
+    yield
+  ensure
+    OmniAuth.config.logger = previous_logger
+  end
+end
+
+class ActionController::TestCase
+  include Devise::Test::ControllerHelpers
+
+  setup do
+    @routes = Dummy::Application.routes
+    @request.env['devise.mapping'] = Devise.mappings[:user]
+  end
+end
+
+# TODO: remove it when support for Rails < 5 has been dropped
+module Rails
+  module Controller
+    module Testing
+      module Integration
+        %w[get post patch put head delete get_via_redirect post_via_redirect].each do |method|
+          define_method(method) do |path_or_action, **args|
+            if Rails::VERSION::MAJOR >= 5
+              super path_or_action, args
+            else
+              super path_or_action, args[:params], args[:headers]
+            end
+          end
+        end
+      end
+    end
+  end
+end
+
+module ActionController
+  class TestCase
+    include Rails::Controller::Testing::Integration
+  end
+end