devise_token_auth_skycocker_fork 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (167) hide show
  1. checksums.yaml +7 -0
  2. data/LICENSE +13 -0
  3. data/README.md +97 -0
  4. data/Rakefile +42 -0
  5. data/app/controllers/devise_token_auth/application_controller.rb +79 -0
  6. data/app/controllers/devise_token_auth/concerns/resource_finder.rb +44 -0
  7. data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +178 -0
  8. data/app/controllers/devise_token_auth/confirmations_controller.rb +39 -0
  9. data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +239 -0
  10. data/app/controllers/devise_token_auth/passwords_controller.rb +185 -0
  11. data/app/controllers/devise_token_auth/registrations_controller.rb +198 -0
  12. data/app/controllers/devise_token_auth/sessions_controller.rb +131 -0
  13. data/app/controllers/devise_token_auth/token_validations_controller.rb +31 -0
  14. data/app/controllers/devise_token_auth/unlocks_controller.rb +89 -0
  15. data/app/models/devise_token_auth/concerns/active_record_support.rb +34 -0
  16. data/app/models/devise_token_auth/concerns/mongoid_support.rb +19 -0
  17. data/app/models/devise_token_auth/concerns/user.rb +262 -0
  18. data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +28 -0
  19. data/app/validators/devise_token_auth/email_validator.rb +23 -0
  20. data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
  21. data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
  22. data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
  23. data/app/views/devise_token_auth/omniauth_external_window.html.erb +38 -0
  24. data/config/locales/da-DK.yml +50 -0
  25. data/config/locales/de.yml +49 -0
  26. data/config/locales/en.yml +50 -0
  27. data/config/locales/es.yml +49 -0
  28. data/config/locales/fr.yml +49 -0
  29. data/config/locales/it.yml +46 -0
  30. data/config/locales/ja.yml +46 -0
  31. data/config/locales/nl.yml +30 -0
  32. data/config/locales/pl.yml +48 -0
  33. data/config/locales/pt-BR.yml +46 -0
  34. data/config/locales/pt.yml +48 -0
  35. data/config/locales/ro.yml +46 -0
  36. data/config/locales/ru.yml +50 -0
  37. data/config/locales/sq.yml +46 -0
  38. data/config/locales/sv.yml +50 -0
  39. data/config/locales/uk.yml +59 -0
  40. data/config/locales/vi.yml +50 -0
  41. data/config/locales/zh-CN.yml +46 -0
  42. data/config/locales/zh-HK.yml +48 -0
  43. data/config/locales/zh-TW.yml +48 -0
  44. data/lib/devise_token_auth.rb +13 -0
  45. data/lib/devise_token_auth/blacklist.rb +2 -0
  46. data/lib/devise_token_auth/controllers/helpers.rb +161 -0
  47. data/lib/devise_token_auth/controllers/url_helpers.rb +10 -0
  48. data/lib/devise_token_auth/engine.rb +90 -0
  49. data/lib/devise_token_auth/errors.rb +8 -0
  50. data/lib/devise_token_auth/rails/routes.rb +116 -0
  51. data/lib/devise_token_auth/url.rb +41 -0
  52. data/lib/devise_token_auth/version.rb +5 -0
  53. data/lib/generators/devise_token_auth/USAGE +31 -0
  54. data/lib/generators/devise_token_auth/install_generator.rb +91 -0
  55. data/lib/generators/devise_token_auth/install_generator_helpers.rb +98 -0
  56. data/lib/generators/devise_token_auth/install_mongoid_generator.rb +46 -0
  57. data/lib/generators/devise_token_auth/install_views_generator.rb +18 -0
  58. data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +50 -0
  59. data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +56 -0
  60. data/lib/generators/devise_token_auth/templates/user.rb.erb +9 -0
  61. data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +63 -0
  62. data/lib/tasks/devise_token_auth_tasks.rake +6 -0
  63. data/test/controllers/custom/custom_confirmations_controller_test.rb +25 -0
  64. data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +33 -0
  65. data/test/controllers/custom/custom_passwords_controller_test.rb +79 -0
  66. data/test/controllers/custom/custom_registrations_controller_test.rb +63 -0
  67. data/test/controllers/custom/custom_sessions_controller_test.rb +39 -0
  68. data/test/controllers/custom/custom_token_validations_controller_test.rb +42 -0
  69. data/test/controllers/demo_group_controller_test.rb +151 -0
  70. data/test/controllers/demo_mang_controller_test.rb +284 -0
  71. data/test/controllers/demo_user_controller_test.rb +629 -0
  72. data/test/controllers/devise_token_auth/confirmations_controller_test.rb +127 -0
  73. data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +376 -0
  74. data/test/controllers/devise_token_auth/passwords_controller_test.rb +639 -0
  75. data/test/controllers/devise_token_auth/registrations_controller_test.rb +880 -0
  76. data/test/controllers/devise_token_auth/sessions_controller_test.rb +541 -0
  77. data/test/controllers/devise_token_auth/token_validations_controller_test.rb +102 -0
  78. data/test/controllers/devise_token_auth/unlocks_controller_test.rb +196 -0
  79. data/test/controllers/overrides/confirmations_controller_test.rb +47 -0
  80. data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +53 -0
  81. data/test/controllers/overrides/passwords_controller_test.rb +64 -0
  82. data/test/controllers/overrides/registrations_controller_test.rb +46 -0
  83. data/test/controllers/overrides/sessions_controller_test.rb +35 -0
  84. data/test/controllers/overrides/token_validations_controller_test.rb +43 -0
  85. data/test/dummy/README.rdoc +28 -0
  86. data/test/dummy/app/active_record/lockable_user.rb +7 -0
  87. data/test/dummy/app/active_record/mang.rb +5 -0
  88. data/test/dummy/app/active_record/only_email_user.rb +7 -0
  89. data/test/dummy/app/active_record/scoped_user.rb +9 -0
  90. data/test/dummy/app/active_record/unconfirmable_user.rb +9 -0
  91. data/test/dummy/app/active_record/unregisterable_user.rb +9 -0
  92. data/test/dummy/app/active_record/user.rb +6 -0
  93. data/test/dummy/app/controllers/application_controller.rb +18 -0
  94. data/test/dummy/app/controllers/auth_origin_controller.rb +7 -0
  95. data/test/dummy/app/controllers/custom/confirmations_controller.rb +13 -0
  96. data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb +13 -0
  97. data/test/dummy/app/controllers/custom/passwords_controller.rb +39 -0
  98. data/test/dummy/app/controllers/custom/registrations_controller.rb +39 -0
  99. data/test/dummy/app/controllers/custom/sessions_controller.rb +29 -0
  100. data/test/dummy/app/controllers/custom/token_validations_controller.rb +19 -0
  101. data/test/dummy/app/controllers/demo_group_controller.rb +15 -0
  102. data/test/dummy/app/controllers/demo_mang_controller.rb +14 -0
  103. data/test/dummy/app/controllers/demo_user_controller.rb +27 -0
  104. data/test/dummy/app/controllers/overrides/confirmations_controller.rb +28 -0
  105. data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +16 -0
  106. data/test/dummy/app/controllers/overrides/passwords_controller.rb +35 -0
  107. data/test/dummy/app/controllers/overrides/registrations_controller.rb +29 -0
  108. data/test/dummy/app/controllers/overrides/sessions_controller.rb +36 -0
  109. data/test/dummy/app/controllers/overrides/token_validations_controller.rb +23 -0
  110. data/test/dummy/app/helpers/application_helper.rb +1058 -0
  111. data/test/dummy/app/models/concerns/favorite_color.rb +19 -0
  112. data/test/dummy/app/mongoid/lockable_user.rb +38 -0
  113. data/test/dummy/app/mongoid/mang.rb +53 -0
  114. data/test/dummy/app/mongoid/only_email_user.rb +33 -0
  115. data/test/dummy/app/mongoid/scoped_user.rb +57 -0
  116. data/test/dummy/app/mongoid/unconfirmable_user.rb +51 -0
  117. data/test/dummy/app/mongoid/unregisterable_user.rb +54 -0
  118. data/test/dummy/app/mongoid/user.rb +56 -0
  119. data/test/dummy/app/views/layouts/application.html.erb +14 -0
  120. data/test/dummy/config.ru +18 -0
  121. data/test/dummy/config/application.rb +48 -0
  122. data/test/dummy/config/application.yml.bk +0 -0
  123. data/test/dummy/config/boot.rb +11 -0
  124. data/test/dummy/config/environment.rb +7 -0
  125. data/test/dummy/config/environments/development.rb +46 -0
  126. data/test/dummy/config/environments/production.rb +84 -0
  127. data/test/dummy/config/environments/test.rb +50 -0
  128. data/test/dummy/config/initializers/assets.rb +10 -0
  129. data/test/dummy/config/initializers/backtrace_silencers.rb +9 -0
  130. data/test/dummy/config/initializers/cookies_serializer.rb +5 -0
  131. data/test/dummy/config/initializers/devise.rb +17 -0
  132. data/test/dummy/config/initializers/devise_token_auth.rb +24 -0
  133. data/test/dummy/config/initializers/figaro.rb +3 -0
  134. data/test/dummy/config/initializers/filter_parameter_logging.rb +6 -0
  135. data/test/dummy/config/initializers/inflections.rb +18 -0
  136. data/test/dummy/config/initializers/mime_types.rb +6 -0
  137. data/test/dummy/config/initializers/omniauth.rb +10 -0
  138. data/test/dummy/config/initializers/session_store.rb +5 -0
  139. data/test/dummy/config/initializers/wrap_parameters.rb +16 -0
  140. data/test/dummy/config/routes.rb +55 -0
  141. data/test/dummy/config/spring.rb +3 -0
  142. data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +65 -0
  143. data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +64 -0
  144. data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +8 -0
  145. data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +7 -0
  146. data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +62 -0
  147. data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +63 -0
  148. data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +63 -0
  149. data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +63 -0
  150. data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +63 -0
  151. data/test/dummy/db/schema.rb +200 -0
  152. data/test/dummy/lib/migration_database_helper.rb +43 -0
  153. data/test/dummy/tmp/generators/app/models/user.rb +9 -0
  154. data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +50 -0
  155. data/test/dummy/tmp/generators/db/migrate/20181030122248_devise_token_auth_create_users.rb +56 -0
  156. data/test/factories/users.rb +40 -0
  157. data/test/lib/devise_token_auth/blacklist_test.rb +11 -0
  158. data/test/lib/devise_token_auth/url_test.rb +26 -0
  159. data/test/lib/generators/devise_token_auth/install_generator_test.rb +217 -0
  160. data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +222 -0
  161. data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +25 -0
  162. data/test/models/concerns/mongoid_support_test.rb +31 -0
  163. data/test/models/only_email_user_test.rb +37 -0
  164. data/test/models/user_test.rb +140 -0
  165. data/test/support/controllers/routes.rb +43 -0
  166. data/test/test_helper.rb +103 -0
  167. metadata +443 -0
@@ -0,0 +1,541 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'test_helper'
4
+
5
+ # was the web request successful?
6
+ # was the user redirected to the right page?
7
+ # was the user successfully authenticated?
8
+ # was the correct object stored in the response?
9
+ # was the appropriate message delivered in the json payload?
10
+
11
+ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
12
+ describe DeviseTokenAuth::SessionsController do
13
+ describe 'Confirmed user' do
14
+ before do
15
+ @existing_user = create(:user, :with_nickname, :confirmed)
16
+ end
17
+
18
+ describe 'success' do
19
+ before do
20
+ @old_sign_in_count = @existing_user.sign_in_count
21
+ @old_current_sign_in_at = @existing_user.current_sign_in_at
22
+ @old_last_sign_in_at = @existing_user.last_sign_in_at
23
+ @old_sign_in_ip = @existing_user.current_sign_in_ip
24
+ @old_last_sign_in_ip = @existing_user.last_sign_in_ip
25
+
26
+ post :create,
27
+ params: {
28
+ email: @existing_user.email,
29
+ password: @existing_user.password
30
+ }
31
+
32
+ @resource = assigns(:resource)
33
+ @data = JSON.parse(response.body)
34
+
35
+ @new_sign_in_count = @resource.sign_in_count
36
+ @new_current_sign_in_at = @resource.current_sign_in_at
37
+ @new_last_sign_in_at = @resource.last_sign_in_at
38
+ @new_sign_in_ip = @resource.current_sign_in_ip
39
+ @new_last_sign_in_ip = @resource.last_sign_in_ip
40
+ end
41
+
42
+ test 'request should succeed' do
43
+ assert_equal 200, response.status
44
+ end
45
+
46
+ test 'request should return user data' do
47
+ assert_equal @existing_user.email, @data['data']['email']
48
+ end
49
+
50
+ describe 'trackable' do
51
+ test 'sign_in_count incrementns' do
52
+ assert_equal @old_sign_in_count + 1, @new_sign_in_count
53
+ end
54
+
55
+ test 'current_sign_in_at is updated' do
56
+ refute @old_current_sign_in_at
57
+ assert @new_current_sign_in_at
58
+ end
59
+
60
+ test 'last_sign_in_at is updated' do
61
+ refute @old_last_sign_in_at
62
+ assert @new_last_sign_in_at
63
+ end
64
+
65
+ test 'sign_in_ip is updated' do
66
+ refute @old_sign_in_ip
67
+ assert_equal '0.0.0.0', @new_sign_in_ip
68
+ end
69
+
70
+ test 'last_sign_in_ip is updated' do
71
+ refute @old_last_sign_in_ip
72
+ assert_equal '0.0.0.0', @new_last_sign_in_ip
73
+ end
74
+ end
75
+
76
+ describe "with multiple clients and headers don't change in each request" do
77
+ before do
78
+ # Set the max_number_of_devices to a lower number
79
+ # to expedite tests! (Default is 10)
80
+ DeviseTokenAuth.max_number_of_devices = 2
81
+ DeviseTokenAuth.change_headers_on_each_request = false
82
+
83
+ @user_session_params = {
84
+ email: @existing_user.email,
85
+ password: @existing_user.password
86
+ }
87
+ end
88
+
89
+ test 'should limit the maximum number of concurrent devices' do
90
+ # increment the number of devices until the maximum is exceeded
91
+ 1.upto(DeviseTokenAuth.max_number_of_devices + 1).each do |n|
92
+ initial_tokens = @existing_user.reload.tokens
93
+
94
+ assert_equal(
95
+ [n, DeviseTokenAuth.max_number_of_devices].min,
96
+ @existing_user.reload.tokens.length
97
+ )
98
+
99
+ # Already have the max number of devices
100
+ post :create, params: @user_session_params
101
+
102
+ # A session for a new device maintains the max number of concurrent devices
103
+ refute_equal initial_tokens, @existing_user.reload.tokens
104
+ end
105
+ end
106
+
107
+ test 'should drop old tokens when max number of devices is exceeded' do
108
+ 1.upto(DeviseTokenAuth.max_number_of_devices).each do |n|
109
+ post :create, params: @user_session_params
110
+ end
111
+
112
+ oldest_token, _ = @existing_user.reload.tokens \
113
+ .min_by { |cid, v| v[:expiry] || v['expiry'] }
114
+
115
+ post :create, params: @user_session_params
116
+
117
+ assert_not_includes @existing_user.reload.tokens.keys, oldest_token
118
+ end
119
+
120
+ after do
121
+ DeviseTokenAuth.max_number_of_devices = 10
122
+ DeviseTokenAuth.change_headers_on_each_request = true
123
+ end
124
+ end
125
+ end
126
+
127
+ describe 'get sign_in is not supported' do
128
+ before do
129
+ get :new,
130
+ params: { nickname: @existing_user.nickname,
131
+ password: @existing_user.password }
132
+ @data = JSON.parse(response.body)
133
+ end
134
+
135
+ test 'user is notified that they should use post sign_in to authenticate' do
136
+ assert_equal 405, response.status
137
+ end
138
+ test 'response should contain errors' do
139
+ assert @data['errors']
140
+ assert_equal @data['errors'], [I18n.t('devise_token_auth.sessions.not_supported')]
141
+ end
142
+ end
143
+
144
+ describe 'header sign_in is supported' do
145
+ before do
146
+ request.headers.merge!(
147
+ 'email' => @existing_user.email,
148
+ 'password' => @existing_user.password
149
+ )
150
+
151
+ head :create
152
+ @data = JSON.parse(response.body)
153
+ end
154
+
155
+ test 'user can sign in using header request' do
156
+ assert_equal 200, response.status
157
+ end
158
+ end
159
+
160
+ describe 'alt auth keys' do
161
+ before do
162
+ post :create,
163
+ params: { nickname: @existing_user.nickname,
164
+ password: @existing_user.password }
165
+ @data = JSON.parse(response.body)
166
+ end
167
+
168
+ test 'user can sign in using nickname' do
169
+ assert_equal 200, response.status
170
+ assert_equal @existing_user.email, @data['data']['email']
171
+ end
172
+ end
173
+
174
+ describe 'authed user sign out' do
175
+ before do
176
+ def @controller.reset_session_called
177
+ @reset_session_called == true
178
+ end
179
+
180
+ def @controller.reset_session
181
+ @reset_session_called = true
182
+ end
183
+ @auth_headers = @existing_user.create_new_auth_token
184
+ request.headers.merge!(@auth_headers)
185
+ delete :destroy, format: :json
186
+ end
187
+
188
+ test 'user is successfully logged out' do
189
+ assert_equal 200, response.status
190
+ end
191
+
192
+ test 'token was destroyed' do
193
+ @existing_user.reload
194
+ refute @existing_user.tokens[@auth_headers['client']]
195
+ end
196
+
197
+ test 'session was destroyed' do
198
+ assert_equal true, @controller.reset_session_called
199
+ end
200
+ end
201
+
202
+ describe 'unauthed user sign out' do
203
+ before do
204
+ @auth_headers = @existing_user.create_new_auth_token
205
+ delete :destroy, format: :json
206
+ @data = JSON.parse(response.body)
207
+ end
208
+
209
+ test 'unauthed request returns 404' do
210
+ assert_equal 404, response.status
211
+ end
212
+
213
+ test 'response should contain errors' do
214
+ assert @data['errors']
215
+ assert_equal @data['errors'],
216
+ [I18n.t('devise_token_auth.sessions.user_not_found')]
217
+ end
218
+ end
219
+
220
+ describe 'failure' do
221
+ before do
222
+ post :create,
223
+ params: { email: @existing_user.email,
224
+ password: 'bogus' }
225
+
226
+ @resource = assigns(:resource)
227
+ @data = JSON.parse(response.body)
228
+ end
229
+
230
+ test 'request should fail' do
231
+ assert_equal 401, response.status
232
+ end
233
+
234
+ test 'response should contain errors' do
235
+ assert @data['errors']
236
+ assert_equal @data['errors'],
237
+ [I18n.t('devise_token_auth.sessions.bad_credentials')]
238
+ end
239
+ end
240
+
241
+ describe 'failure with bad password when change_headers_on_each_request false' do
242
+ before do
243
+ DeviseTokenAuth.change_headers_on_each_request = false
244
+
245
+ # accessing current_user calls through set_user_by_token,
246
+ # which initializes client_id
247
+ @controller.current_user
248
+
249
+ post :create,
250
+ params: { email: @existing_user.email,
251
+ password: 'bogus' }
252
+
253
+ @resource = assigns(:resource)
254
+ @data = JSON.parse(response.body)
255
+ end
256
+
257
+ test 'request should fail' do
258
+ assert_equal 401, response.status
259
+ end
260
+
261
+ test 'response should contain errors' do
262
+ assert @data['errors']
263
+ assert_equal @data['errors'], [I18n.t('devise_token_auth.sessions.bad_credentials')]
264
+ end
265
+
266
+ after do
267
+ DeviseTokenAuth.change_headers_on_each_request = true
268
+ end
269
+ end
270
+
271
+ describe 'case-insensitive email' do
272
+ before do
273
+ @resource_class = User
274
+ @request_params = {
275
+ email: @existing_user.email.upcase,
276
+ password: @existing_user.password
277
+ }
278
+ end
279
+
280
+ test 'request should succeed if configured' do
281
+ @resource_class.case_insensitive_keys = [:email]
282
+ post :create, params: @request_params
283
+ assert_equal 200, response.status
284
+ end
285
+
286
+ test 'request should fail if not configured' do
287
+ @resource_class.case_insensitive_keys = []
288
+ post :create, params: @request_params
289
+ assert_equal 401, response.status
290
+ end
291
+ end
292
+
293
+ describe 'stripping whitespace on email' do
294
+ before do
295
+ @resource_class = User
296
+ @request_params = {
297
+ # adding whitespace before and after email
298
+ email: " #{@existing_user.email} ",
299
+ password: @existing_user.password
300
+ }
301
+ end
302
+
303
+ test 'request should succeed if configured' do
304
+ @resource_class.strip_whitespace_keys = [:email]
305
+ post :create, params: @request_params
306
+ assert_equal 200, response.status
307
+ end
308
+
309
+ test 'request should fail if not configured' do
310
+ @resource_class.strip_whitespace_keys = []
311
+ post :create, params: @request_params
312
+ assert_equal 401, response.status
313
+ end
314
+ end
315
+ end
316
+
317
+ describe 'Unconfirmed user' do
318
+ before do
319
+ @unconfirmed_user = create(:user)
320
+ post :create, params: { email: @unconfirmed_user.email,
321
+ password: @unconfirmed_user.password }
322
+ @resource = assigns(:resource)
323
+ @data = JSON.parse(response.body)
324
+ end
325
+
326
+ test 'request should fail' do
327
+ assert_equal 401, response.status
328
+ end
329
+
330
+ test 'response should contain errors' do
331
+ assert @data['errors']
332
+ assert_equal @data['errors'],
333
+ [I18n.t('devise_token_auth.sessions.not_confirmed',
334
+ email: @unconfirmed_user.email)]
335
+ end
336
+ end
337
+
338
+ describe 'Unconfirmed user with allowed unconfirmed access' do
339
+ before do
340
+ @original_duration = Devise.allow_unconfirmed_access_for
341
+ Devise.allow_unconfirmed_access_for = 3.days
342
+ @recent_unconfirmed_user = create(:user)
343
+ post :create,
344
+ params: { email: @recent_unconfirmed_user.email,
345
+ password: @recent_unconfirmed_user.password }
346
+ @resource = assigns(:resource)
347
+ @data = JSON.parse(response.body)
348
+ end
349
+
350
+ after do
351
+ Devise.allow_unconfirmed_access_for = @original_duration
352
+ end
353
+
354
+ test 'request should succeed' do
355
+ assert_equal 200, response.status
356
+ end
357
+
358
+ test 'request should return user data' do
359
+ assert_equal @recent_unconfirmed_user.email, @data['data']['email']
360
+ end
361
+ end
362
+
363
+ describe 'Unconfirmed user with expired unconfirmed access' do
364
+ before do
365
+ @unconfirmed_user = create(:user, :unconfirmed)
366
+ post :create,
367
+ params: { email: @unconfirmed_user.email,
368
+ password: @unconfirmed_user.password }
369
+ @resource = assigns(:resource)
370
+ @data = JSON.parse(response.body)
371
+ end
372
+
373
+ test 'request should fail' do
374
+ assert_equal 401, response.status
375
+ end
376
+
377
+ test 'response should contain errors' do
378
+ assert @data['errors']
379
+ end
380
+ end
381
+
382
+ describe 'Non-existing user' do
383
+ before do
384
+ post :create,
385
+ params: { email: -> { Faker::Internet.email },
386
+ password: -> { Faker::Number.number(10) } }
387
+ @resource = assigns(:resource)
388
+ @data = JSON.parse(response.body)
389
+ end
390
+
391
+ test 'request should fail' do
392
+ assert_equal 401, response.status
393
+ end
394
+
395
+ test 'response should contain errors' do
396
+ assert @data['errors']
397
+ end
398
+ end
399
+
400
+ describe 'Alternate user class' do
401
+ setup do
402
+ @request.env['devise.mapping'] = Devise.mappings[:mang]
403
+ end
404
+
405
+ teardown do
406
+ @request.env['devise.mapping'] = Devise.mappings[:user]
407
+ end
408
+
409
+ before do
410
+ @existing_user = create(:mang_user, :confirmed)
411
+
412
+ post :create,
413
+ params: { email: @existing_user.email,
414
+ password: @existing_user.password }
415
+
416
+ @resource = assigns(:resource)
417
+ @data = JSON.parse(response.body)
418
+ end
419
+
420
+ test 'request should succeed' do
421
+ assert_equal 200, response.status
422
+ end
423
+
424
+ test 'request should return user data' do
425
+ assert_equal @existing_user.email, @data['data']['email']
426
+ end
427
+ end
428
+
429
+ describe 'User with only :database_authenticatable and :registerable included' do
430
+ setup do
431
+ @request.env['devise.mapping'] = Devise.mappings[:only_email_user]
432
+ end
433
+
434
+ teardown do
435
+ @request.env['devise.mapping'] = Devise.mappings[:user]
436
+ end
437
+
438
+ before do
439
+ @existing_user = create(:only_email_user)
440
+
441
+ post :create,
442
+ params: { email: @existing_user.email,
443
+ password: @existing_user.password }
444
+
445
+ @resource = assigns(:resource)
446
+ @data = JSON.parse(response.body)
447
+ end
448
+
449
+ test 'user should be able to sign in without confirmation' do
450
+ assert 200, response.status
451
+ refute OnlyEmailUser.method_defined?(:confirmed_at)
452
+ end
453
+ end
454
+
455
+ describe 'Lockable User' do
456
+ setup do
457
+ @request.env['devise.mapping'] = Devise.mappings[:lockable_user]
458
+ end
459
+
460
+ teardown do
461
+ @request.env['devise.mapping'] = Devise.mappings[:user]
462
+ end
463
+
464
+ before do
465
+ @original_lock_strategy = Devise.lock_strategy
466
+ @original_unlock_strategy = Devise.unlock_strategy
467
+ @original_maximum_attempts = Devise.maximum_attempts
468
+ Devise.lock_strategy = :failed_attempts
469
+ Devise.unlock_strategy = :email
470
+ Devise.maximum_attempts = 5
471
+ end
472
+
473
+ after do
474
+ Devise.lock_strategy = @original_lock_strategy
475
+ Devise.maximum_attempts = @original_maximum_attempts
476
+ Devise.unlock_strategy = @original_unlock_strategy
477
+ end
478
+
479
+ describe 'locked user' do
480
+ before do
481
+ @locked_user = create(:lockable_user, :locked)
482
+ post :create,
483
+ params: { email: @locked_user.email,
484
+ password: @locked_user.password }
485
+ @data = JSON.parse(response.body)
486
+ end
487
+
488
+ test 'request should fail' do
489
+ assert_equal 401, response.status
490
+ end
491
+
492
+ test 'response should contain errors' do
493
+ assert @data['errors']
494
+ assert_equal @data['errors'], [I18n.t('devise.mailer.unlock_instructions.account_lock_msg')]
495
+ end
496
+ end
497
+
498
+ describe 'unlocked user with bad password' do
499
+ before do
500
+ @unlocked_user = create(:lockable_user)
501
+ post :create,
502
+ params: { email: @unlocked_user.email,
503
+ password: 'bad-password' }
504
+ @data = JSON.parse(response.body)
505
+ end
506
+
507
+ test 'request should fail' do
508
+ assert_equal 401, response.status
509
+ end
510
+
511
+ test 'should increase failed_attempts' do
512
+ assert_equal 1, @unlocked_user.reload.failed_attempts
513
+ end
514
+
515
+ test 'response should contain errors' do
516
+ assert @data['errors']
517
+ assert_equal @data['errors'], [I18n.t('devise_token_auth.sessions.bad_credentials')]
518
+ end
519
+
520
+ describe 'after maximum_attempts should block the user' do
521
+ before do
522
+ 4.times do
523
+ post :create,
524
+ params: { email: @unlocked_user.email,
525
+ password: 'bad-password' }
526
+ end
527
+ @data = JSON.parse(response.body)
528
+ end
529
+
530
+ test 'should increase failed_attempts' do
531
+ assert_equal 5, @unlocked_user.reload.failed_attempts
532
+ end
533
+
534
+ test 'should block the user' do
535
+ assert_equal true, @unlocked_user.reload.access_locked?
536
+ end
537
+ end
538
+ end
539
+ end
540
+ end
541
+ end