RubyGems - devise_token_auth_multitenancy - Versions diffs - 1.1.3.alpha1 - Mend

devise_token_auth_multitenancy 1.1.3.alpha1

Files changed (175) hide show

data/test/controllers/custom/custom_token_validations_controller_test.rb ADDED Viewed

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+require 'test_helper'
+class Custom::TokenValidationsControllerTest < ActionDispatch::IntegrationTest
+  describe Custom::TokenValidationsController do
+    include CustomControllersRoutes
+    before do
+      @resource = create(:user, :confirmed)
+      @auth_headers = @resource.create_new_auth_token
+      @token     = @auth_headers['access-token']
+      @client_id = @auth_headers['client']
+      @expiry    = @auth_headers['expiry']
+      # ensure that request is not treated as batch request
+      age_token(@resource, @client_id)
+    end
+    test 'yield resource to block on validate_token success' do
+      get '/nice_user_auth/validate_token',
+          params: {},
+          headers: @auth_headers
+      assert @controller.validate_token_block_called?,
+             'validate_token failed to yield resource to provided block'
+    end
+    test 'yield resource to block on validate_token success with custom json' do
+      get '/nice_user_auth/validate_token',
+          params: {},
+          headers: @auth_headers
+      @data = JSON.parse(response.body)
+      assert @controller.validate_token_block_called?,
+             'validate_token failed to yield resource to provided block'
+      assert_equal @data['custom'], 'foo'
+    end
+  end
+end

data/test/controllers/demo_group_controller_test.rb ADDED Viewed

@@ -0,0 +1,151 @@
+# frozen_string_literal: true
+require 'test_helper'
+#  was the web request successful?
+#  was the user redirected to the right page?
+#  was the user successfully authenticated?
+#  was the correct object stored in the response?
+#  was the appropriate message delivered in the json payload?
+class DemoGroupControllerTest < ActionDispatch::IntegrationTest
+  describe DemoGroupController do
+    describe 'Token access' do
+      before do
+        # user
+        @resource = create(:user, :confirmed)
+        @resource_auth_headers = @resource.create_new_auth_token
+        @resource_token     = @resource_auth_headers['access-token']
+        @resource_client_id = @resource_auth_headers['client']
+        @resource_expiry    = @resource_auth_headers['expiry']
+        # mang
+        @mang = create(:mang_user, :confirmed)
+        @mang_auth_headers = @mang.create_new_auth_token
+        @mang_token     = @mang_auth_headers['access-token']
+        @mang_client_id = @mang_auth_headers['client']
+        @mang_expiry    = @mang_auth_headers['expiry']
+      end
+      describe 'user access' do
+        before do
+          # ensure that request is not treated as batch request
+          age_token(@resource, @resource_client_id)
+          get '/demo/members_only_group',
+              params: {},
+              headers: @resource_auth_headers
+          @resp_token       = response.headers['access-token']
+          @resp_client_id   = response.headers['client']
+          @resp_expiry      = response.headers['expiry']
+          @resp_uid         = response.headers['uid']
+        end
+        test 'request is successful' do
+          assert_equal 200, response.status
+        end
+        describe 'devise mappings' do
+          it 'should define current_user' do
+            assert_equal @resource, @controller.current_user
+          end
+          it 'should define user_signed_in?' do
+            assert @controller.user_signed_in?
+          end
+          it 'should not define current_mang' do
+            refute_equal @resource, @controller.current_mang
+          end
+          it 'should define current_member' do
+            assert_equal @resource, @controller.current_member
+          end
+          it 'should define current_members' do
+            assert @controller.current_members.include? @resource
+          end
+          it 'should define member_signed_in?' do
+            assert @controller.current_members.include? @resource
+          end
+          it 'should define render_authenticate_error' do
+            assert @controller.methods.include?(:render_authenticate_error)
+          end
+        end
+      end
+      describe 'mang access' do
+        before do
+          # ensure that request is not treated as batch request
+          age_token(@mang, @mang_client_id)
+          get '/demo/members_only_group',
+              params: {},
+              headers: @mang_auth_headers
+          @resp_token       = response.headers['access-token']
+          @resp_client_id   = response.headers['client']
+          @resp_expiry      = response.headers['expiry']
+          @resp_uid         = response.headers['uid']
+        end
+        test 'request is successful' do
+          assert_equal 200, response.status
+        end
+        describe 'devise mappings' do
+          it 'should define current_mang' do
+            assert_equal @mang, @controller.current_mang
+          end
+          it 'should define mang_signed_in?' do
+            assert @controller.mang_signed_in?
+          end
+          it 'should not define current_mang' do
+            refute_equal @mang, @controller.current_user
+          end
+          it 'should define current_member' do
+            assert_equal @mang, @controller.current_member
+          end
+          it 'should define current_members' do
+            assert @controller.current_members.include? @mang
+          end
+          it 'should define member_signed_in?' do
+            assert @controller.current_members.include? @mang
+          end
+          it 'should define render_authenticate_error' do
+            assert @controller.methods.include?(:render_authenticate_error)
+          end
+        end
+      end
+      describe 'failed access' do
+        before do
+          get '/demo/members_only_group',
+              params: {},
+              headers: @mang_auth_headers.merge('access-token' => 'bogus')
+        end
+        it 'should not return any auth headers' do
+          refute response.headers['access-token']
+        end
+        it 'should return error: unauthorized status' do
+          assert_equal 401, response.status
+        end
+      end
+    end
+  end
+end

data/test/controllers/demo_mang_controller_test.rb ADDED Viewed

@@ -0,0 +1,284 @@
+# frozen_string_literal: true
+require 'test_helper'
+#  was the web request successful?
+#  was the user redirected to the right page?
+#  was the user successfully authenticated?
+#  was the correct object stored in the response?
+#  was the appropriate message delivered in the json payload?
+class DemoMangControllerTest < ActionDispatch::IntegrationTest
+  describe DemoMangController do
+    describe 'Token access' do
+      before do
+        @resource = create(:mang_user, :confirmed)
+        @auth_headers = @resource.create_new_auth_token
+        @token     = @auth_headers['access-token']
+        @client_id = @auth_headers['client']
+        @expiry    = @auth_headers['expiry']
+      end
+      describe 'successful request' do
+        before do
+          # ensure that request is not treated as batch request
+          age_token(@resource, @client_id)
+          get '/demo/members_only_mang',
+              params: {},
+              headers: @auth_headers
+          @resp_token       = response.headers['access-token']
+          @resp_client_id   = response.headers['client']
+          @resp_expiry      = response.headers['expiry']
+          @resp_uid         = response.headers['uid']
+        end
+        describe 'devise mappings' do
+          it 'should define current_mang' do
+            assert_equal @resource, @controller.current_mang
+          end
+          it 'should define mang_signed_in?' do
+            assert @controller.mang_signed_in?
+          end
+          it 'should not define current_user' do
+            refute_equal @resource, @controller.current_user
+          end
+          it 'should define render_authenticate_error' do
+            assert @controller.methods.include?(:render_authenticate_error)
+          end
+        end
+        it 'should return success status' do
+          assert_equal 200, response.status
+        end
+        it 'should receive new token after successful request' do
+          refute_equal @token, @resp_token
+        end
+        it 'should preserve the client id from the first request' do
+          assert_equal @client_id, @resp_client_id
+        end
+        it "should return the user's uid in the auth header" do
+          assert_equal @resource.uid, @resp_uid
+        end
+        it 'should not treat this request as a batch request' do
+          refute assigns(:is_batch_request)
+        end
+        describe 'subsequent requests' do
+          before do
+            @resource.reload
+            # ensure that request is not treated as batch request
+            age_token(@resource, @client_id)
+            get '/demo/members_only_mang',
+                params: {},
+                headers: @auth_headers.merge('access-token' => @resp_token)
+          end
+          it 'should not treat this request as a batch request' do
+            refute assigns(:is_batch_request)
+          end
+          it 'should allow a new request to be made using new token' do
+            assert_equal 200, response.status
+          end
+        end
+      end
+      describe 'failed request' do
+        before do
+          get '/demo/members_only_mang',
+              params: {},
+              headers: @auth_headers.merge('access-token' => 'bogus')
+        end
+        it 'should not return any auth headers' do
+          refute response.headers['access-token']
+        end
+        it 'should return error: unauthorized status' do
+          assert_equal 401, response.status
+        end
+      end
+      describe 'disable change_headers_on_each_request' do
+        before do
+          DeviseTokenAuth.change_headers_on_each_request = false
+          @resource.reload
+          age_token(@resource, @client_id)
+          get '/demo/members_only_mang',
+              params: {},
+              headers: @auth_headers
+          @first_is_batch_request = assigns(:is_batch_request)
+          @first_user = assigns(:resource).dup
+          @first_access_token = response.headers['access-token']
+          @first_response_status = response.status
+          @resource.reload
+          age_token(@resource, @client_id)
+          # use expired auth header
+          get '/demo/members_only_mang',
+              params: {},
+              headers: @auth_headers
+          @second_is_batch_request = assigns(:is_batch_request)
+          @second_user = assigns(:resource).dup
+          @second_access_token = response.headers['access-token']
+          @second_response_status = response.status
+        end
+        after do
+          DeviseTokenAuth.change_headers_on_each_request = true
+        end
+        it 'should allow the first request through' do
+          assert_equal 200, @first_response_status
+        end
+        it 'should allow the second request through' do
+          assert_equal 200, @second_response_status
+        end
+        it 'should return auth headers from the first request' do
+          assert @first_access_token
+        end
+        it 'should not treat either requests as batch requests' do
+          refute @first_is_batch_request
+          refute @second_is_batch_request
+        end
+        it 'should return auth headers from the second request' do
+          assert @second_access_token
+        end
+        it 'should define user during first request' do
+          assert @first_user
+        end
+        it 'should define user during second request' do
+          assert @second_user
+        end
+      end
+      describe 'batch requests' do
+        describe 'success' do
+          before do
+            age_token(@resource, @client_id)
+            # request.headers.merge!(@auth_headers)
+            get '/demo/members_only_mang',
+                params: {},
+                headers: @auth_headers
+            @first_is_batch_request = assigns(:is_batch_request)
+            @first_user = assigns(:resource)
+            @first_access_token = response.headers['access-token']
+            get '/demo/members_only_mang',
+                params: {},
+                headers: @auth_headers
+            @second_is_batch_request = assigns(:is_batch_request)
+            @second_user = assigns(:resource)
+            @second_access_token = response.headers['access-token']
+          end
+          it 'should allow both requests through' do
+            assert_equal 200, response.status
+          end
+          it 'should not treat the first request as a batch request' do
+            refute @first_is_batch_request
+          end
+          it 'should treat the second request as a batch request' do
+            assert @second_is_batch_request
+          end
+          it 'should return access token for first (non-batch) request' do
+            assert @first_access_token
+          end
+          it 'should not return auth headers for second (batched) requests' do
+            assert_equal ' ', @second_access_token
+          end
+        end
+        describe 'time out' do
+          before do
+            @resource.reload
+            age_token(@resource, @client_id)
+            get '/demo/members_only_mang',
+                params: {},
+                headers: @auth_headers
+            @first_is_batch_request = assigns(:is_batch_request)
+            @first_user = assigns(:resource).dup
+            @first_access_token = response.headers['access-token']
+            @first_response_status = response.status
+            @resource.reload
+            age_token(@resource, @client_id)
+            # use expired auth header
+            get '/demo/members_only_mang',
+                params: {},
+                headers: @auth_headers
+            @second_is_batch_request = assigns(:is_batch_request)
+            @second_user = assigns(:resource)
+            @second_access_token = response.headers['access-token']
+            @second_response_status = response.status
+          end
+          it 'should allow the first request through' do
+            assert_equal 200, @first_response_status
+          end
+          it 'should not allow the second request through' do
+            assert_equal 401, @second_response_status
+          end
+          it 'should not treat first request as batch request' do
+            refute @second_is_batch_request
+          end
+          it 'should return auth headers from the first request' do
+            assert @first_access_token
+          end
+          it 'should not treat second request as batch request' do
+            refute @second_is_batch_request
+          end
+          it 'should not return auth headers from the second request' do
+            refute @second_access_token
+          end
+          it 'should define user during first request' do
+            assert @first_user
+          end
+          it 'should not define user during second request' do
+            refute @second_user
+          end
+        end
+      end
+    end
+  end
+end