devise_token_auth_skycocker_fork 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/LICENSE +13 -0
- data/README.md +97 -0
- data/Rakefile +42 -0
- data/app/controllers/devise_token_auth/application_controller.rb +79 -0
- data/app/controllers/devise_token_auth/concerns/resource_finder.rb +44 -0
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +178 -0
- data/app/controllers/devise_token_auth/confirmations_controller.rb +39 -0
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +239 -0
- data/app/controllers/devise_token_auth/passwords_controller.rb +185 -0
- data/app/controllers/devise_token_auth/registrations_controller.rb +198 -0
- data/app/controllers/devise_token_auth/sessions_controller.rb +131 -0
- data/app/controllers/devise_token_auth/token_validations_controller.rb +31 -0
- data/app/controllers/devise_token_auth/unlocks_controller.rb +89 -0
- data/app/models/devise_token_auth/concerns/active_record_support.rb +34 -0
- data/app/models/devise_token_auth/concerns/mongoid_support.rb +19 -0
- data/app/models/devise_token_auth/concerns/user.rb +262 -0
- data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +28 -0
- data/app/validators/devise_token_auth/email_validator.rb +23 -0
- data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
- data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
- data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
- data/app/views/devise_token_auth/omniauth_external_window.html.erb +38 -0
- data/config/locales/da-DK.yml +50 -0
- data/config/locales/de.yml +49 -0
- data/config/locales/en.yml +50 -0
- data/config/locales/es.yml +49 -0
- data/config/locales/fr.yml +49 -0
- data/config/locales/it.yml +46 -0
- data/config/locales/ja.yml +46 -0
- data/config/locales/nl.yml +30 -0
- data/config/locales/pl.yml +48 -0
- data/config/locales/pt-BR.yml +46 -0
- data/config/locales/pt.yml +48 -0
- data/config/locales/ro.yml +46 -0
- data/config/locales/ru.yml +50 -0
- data/config/locales/sq.yml +46 -0
- data/config/locales/sv.yml +50 -0
- data/config/locales/uk.yml +59 -0
- data/config/locales/vi.yml +50 -0
- data/config/locales/zh-CN.yml +46 -0
- data/config/locales/zh-HK.yml +48 -0
- data/config/locales/zh-TW.yml +48 -0
- data/lib/devise_token_auth.rb +13 -0
- data/lib/devise_token_auth/blacklist.rb +2 -0
- data/lib/devise_token_auth/controllers/helpers.rb +161 -0
- data/lib/devise_token_auth/controllers/url_helpers.rb +10 -0
- data/lib/devise_token_auth/engine.rb +90 -0
- data/lib/devise_token_auth/errors.rb +8 -0
- data/lib/devise_token_auth/rails/routes.rb +116 -0
- data/lib/devise_token_auth/url.rb +41 -0
- data/lib/devise_token_auth/version.rb +5 -0
- data/lib/generators/devise_token_auth/USAGE +31 -0
- data/lib/generators/devise_token_auth/install_generator.rb +91 -0
- data/lib/generators/devise_token_auth/install_generator_helpers.rb +98 -0
- data/lib/generators/devise_token_auth/install_mongoid_generator.rb +46 -0
- data/lib/generators/devise_token_auth/install_views_generator.rb +18 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +50 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +56 -0
- data/lib/generators/devise_token_auth/templates/user.rb.erb +9 -0
- data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +63 -0
- data/lib/tasks/devise_token_auth_tasks.rake +6 -0
- data/test/controllers/custom/custom_confirmations_controller_test.rb +25 -0
- data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +33 -0
- data/test/controllers/custom/custom_passwords_controller_test.rb +79 -0
- data/test/controllers/custom/custom_registrations_controller_test.rb +63 -0
- data/test/controllers/custom/custom_sessions_controller_test.rb +39 -0
- data/test/controllers/custom/custom_token_validations_controller_test.rb +42 -0
- data/test/controllers/demo_group_controller_test.rb +151 -0
- data/test/controllers/demo_mang_controller_test.rb +284 -0
- data/test/controllers/demo_user_controller_test.rb +629 -0
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +127 -0
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +376 -0
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +639 -0
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +880 -0
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +541 -0
- data/test/controllers/devise_token_auth/token_validations_controller_test.rb +102 -0
- data/test/controllers/devise_token_auth/unlocks_controller_test.rb +196 -0
- data/test/controllers/overrides/confirmations_controller_test.rb +47 -0
- data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +53 -0
- data/test/controllers/overrides/passwords_controller_test.rb +64 -0
- data/test/controllers/overrides/registrations_controller_test.rb +46 -0
- data/test/controllers/overrides/sessions_controller_test.rb +35 -0
- data/test/controllers/overrides/token_validations_controller_test.rb +43 -0
- data/test/dummy/README.rdoc +28 -0
- data/test/dummy/app/active_record/lockable_user.rb +7 -0
- data/test/dummy/app/active_record/mang.rb +5 -0
- data/test/dummy/app/active_record/only_email_user.rb +7 -0
- data/test/dummy/app/active_record/scoped_user.rb +9 -0
- data/test/dummy/app/active_record/unconfirmable_user.rb +9 -0
- data/test/dummy/app/active_record/unregisterable_user.rb +9 -0
- data/test/dummy/app/active_record/user.rb +6 -0
- data/test/dummy/app/controllers/application_controller.rb +18 -0
- data/test/dummy/app/controllers/auth_origin_controller.rb +7 -0
- data/test/dummy/app/controllers/custom/confirmations_controller.rb +13 -0
- data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb +13 -0
- data/test/dummy/app/controllers/custom/passwords_controller.rb +39 -0
- data/test/dummy/app/controllers/custom/registrations_controller.rb +39 -0
- data/test/dummy/app/controllers/custom/sessions_controller.rb +29 -0
- data/test/dummy/app/controllers/custom/token_validations_controller.rb +19 -0
- data/test/dummy/app/controllers/demo_group_controller.rb +15 -0
- data/test/dummy/app/controllers/demo_mang_controller.rb +14 -0
- data/test/dummy/app/controllers/demo_user_controller.rb +27 -0
- data/test/dummy/app/controllers/overrides/confirmations_controller.rb +28 -0
- data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +16 -0
- data/test/dummy/app/controllers/overrides/passwords_controller.rb +35 -0
- data/test/dummy/app/controllers/overrides/registrations_controller.rb +29 -0
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +36 -0
- data/test/dummy/app/controllers/overrides/token_validations_controller.rb +23 -0
- data/test/dummy/app/helpers/application_helper.rb +1058 -0
- data/test/dummy/app/models/concerns/favorite_color.rb +19 -0
- data/test/dummy/app/mongoid/lockable_user.rb +38 -0
- data/test/dummy/app/mongoid/mang.rb +53 -0
- data/test/dummy/app/mongoid/only_email_user.rb +33 -0
- data/test/dummy/app/mongoid/scoped_user.rb +57 -0
- data/test/dummy/app/mongoid/unconfirmable_user.rb +51 -0
- data/test/dummy/app/mongoid/unregisterable_user.rb +54 -0
- data/test/dummy/app/mongoid/user.rb +56 -0
- data/test/dummy/app/views/layouts/application.html.erb +14 -0
- data/test/dummy/config.ru +18 -0
- data/test/dummy/config/application.rb +48 -0
- data/test/dummy/config/application.yml.bk +0 -0
- data/test/dummy/config/boot.rb +11 -0
- data/test/dummy/config/environment.rb +7 -0
- data/test/dummy/config/environments/development.rb +46 -0
- data/test/dummy/config/environments/production.rb +84 -0
- data/test/dummy/config/environments/test.rb +50 -0
- data/test/dummy/config/initializers/assets.rb +10 -0
- data/test/dummy/config/initializers/backtrace_silencers.rb +9 -0
- data/test/dummy/config/initializers/cookies_serializer.rb +5 -0
- data/test/dummy/config/initializers/devise.rb +17 -0
- data/test/dummy/config/initializers/devise_token_auth.rb +24 -0
- data/test/dummy/config/initializers/figaro.rb +3 -0
- data/test/dummy/config/initializers/filter_parameter_logging.rb +6 -0
- data/test/dummy/config/initializers/inflections.rb +18 -0
- data/test/dummy/config/initializers/mime_types.rb +6 -0
- data/test/dummy/config/initializers/omniauth.rb +10 -0
- data/test/dummy/config/initializers/session_store.rb +5 -0
- data/test/dummy/config/initializers/wrap_parameters.rb +16 -0
- data/test/dummy/config/routes.rb +55 -0
- data/test/dummy/config/spring.rb +3 -0
- data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +65 -0
- data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +64 -0
- data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +8 -0
- data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +7 -0
- data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +62 -0
- data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +63 -0
- data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +63 -0
- data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +63 -0
- data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +63 -0
- data/test/dummy/db/schema.rb +200 -0
- data/test/dummy/lib/migration_database_helper.rb +43 -0
- data/test/dummy/tmp/generators/app/models/user.rb +9 -0
- data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +50 -0
- data/test/dummy/tmp/generators/db/migrate/20181030122248_devise_token_auth_create_users.rb +56 -0
- data/test/factories/users.rb +40 -0
- data/test/lib/devise_token_auth/blacklist_test.rb +11 -0
- data/test/lib/devise_token_auth/url_test.rb +26 -0
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +217 -0
- data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +222 -0
- data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +25 -0
- data/test/models/concerns/mongoid_support_test.rb +31 -0
- data/test/models/only_email_user_test.rb +37 -0
- data/test/models/user_test.rb +140 -0
- data/test/support/controllers/routes.rb +43 -0
- data/test/test_helper.rb +103 -0
- metadata +443 -0
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'test_helper'
|
|
4
|
+
|
|
5
|
+
# was the web request successful?
|
|
6
|
+
# was the user redirected to the right page?
|
|
7
|
+
# was the user successfully authenticated?
|
|
8
|
+
# was the correct object stored in the response?
|
|
9
|
+
# was the appropriate message delivered in the json payload?
|
|
10
|
+
|
|
11
|
+
class DeviseTokenAuth::TokenValidationsControllerTest < ActionDispatch::IntegrationTest
|
|
12
|
+
describe DeviseTokenAuth::TokenValidationsController do
|
|
13
|
+
before do
|
|
14
|
+
@resource = create(:user, :confirmed)
|
|
15
|
+
|
|
16
|
+
@auth_headers = @resource.create_new_auth_token
|
|
17
|
+
|
|
18
|
+
@token = @auth_headers['access-token']
|
|
19
|
+
@client_id = @auth_headers['client']
|
|
20
|
+
@expiry = @auth_headers['expiry']
|
|
21
|
+
|
|
22
|
+
# ensure that request is not treated as batch request
|
|
23
|
+
age_token(@resource, @client_id)
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
describe 'vanilla user' do
|
|
27
|
+
before do
|
|
28
|
+
get '/auth/validate_token', params: {}, headers: @auth_headers
|
|
29
|
+
@resp = JSON.parse(response.body)
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
test 'token valid' do
|
|
33
|
+
assert_equal 200, response.status
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
describe 'using namespaces' do
|
|
38
|
+
before do
|
|
39
|
+
get '/api/v1/auth/validate_token', params: {}, headers: @auth_headers
|
|
40
|
+
@resp = JSON.parse(response.body)
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
test 'token valid' do
|
|
44
|
+
assert_equal 200, response.status
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
describe 'with invalid user' do
|
|
49
|
+
before do
|
|
50
|
+
@resource.update_column(:email, 'invalid') if DEVISE_TOKEN_AUTH_ORM == :active_record
|
|
51
|
+
@resource.set(email: 'invalid') if DEVISE_TOKEN_AUTH_ORM == :mongoid
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
test 'request should raise invalid model error' do
|
|
55
|
+
error = assert_raises DeviseTokenAuth::Errors::InvalidModel do
|
|
56
|
+
get '/auth/validate_token', params: {}, headers: @auth_headers
|
|
57
|
+
end
|
|
58
|
+
assert_equal(error.message, "Cannot set auth token in invalid model. Errors: [\"Email is not an email\"]")
|
|
59
|
+
end
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
describe 'failure' do
|
|
63
|
+
before do
|
|
64
|
+
get '/api/v1/auth/validate_token',
|
|
65
|
+
params: {},
|
|
66
|
+
headers: @auth_headers.merge('access-token' => '12345')
|
|
67
|
+
@resp = JSON.parse(response.body)
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
test 'request should fail' do
|
|
71
|
+
assert_equal 401, response.status
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
test 'response should contain errors' do
|
|
75
|
+
assert @resp['errors']
|
|
76
|
+
assert_equal @resp['errors'], [I18n.t('devise_token_auth.token_validations.invalid')]
|
|
77
|
+
end
|
|
78
|
+
end
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
describe 'using namespaces with unused resource' do
|
|
82
|
+
before do
|
|
83
|
+
@resource = create(:scoped_user, :confirmed)
|
|
84
|
+
|
|
85
|
+
@auth_headers = @resource.create_new_auth_token
|
|
86
|
+
|
|
87
|
+
@token = @auth_headers['access-token']
|
|
88
|
+
@client_id = @auth_headers['client']
|
|
89
|
+
@expiry = @auth_headers['expiry']
|
|
90
|
+
|
|
91
|
+
# ensure that request is not treated as batch request
|
|
92
|
+
age_token(@resource, @client_id)
|
|
93
|
+
end
|
|
94
|
+
|
|
95
|
+
test 'should be successful' do
|
|
96
|
+
get '/api_v2/auth/validate_token',
|
|
97
|
+
params: {},
|
|
98
|
+
headers: @auth_headers
|
|
99
|
+
assert_equal 200, response.status
|
|
100
|
+
end
|
|
101
|
+
end
|
|
102
|
+
end
|
|
@@ -0,0 +1,196 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'test_helper'
|
|
4
|
+
|
|
5
|
+
# was the web request successful?
|
|
6
|
+
# was the user redirected to the right page?
|
|
7
|
+
# was the user successfully authenticated?
|
|
8
|
+
# was the correct object stored in the response?
|
|
9
|
+
# was the appropriate message delivered in the json payload?
|
|
10
|
+
|
|
11
|
+
class DeviseTokenAuth::UnlocksControllerTest < ActionController::TestCase
|
|
12
|
+
describe DeviseTokenAuth::UnlocksController do
|
|
13
|
+
setup do
|
|
14
|
+
@request.env['devise.mapping'] = Devise.mappings[:lockable_user]
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
teardown do
|
|
18
|
+
@request.env['devise.mapping'] = Devise.mappings[:user]
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
before do
|
|
22
|
+
@original_lock_strategy = Devise.lock_strategy
|
|
23
|
+
@original_unlock_strategy = Devise.unlock_strategy
|
|
24
|
+
@original_maximum_attempts = Devise.maximum_attempts
|
|
25
|
+
Devise.lock_strategy = :failed_attempts
|
|
26
|
+
Devise.unlock_strategy = :email
|
|
27
|
+
Devise.maximum_attempts = 5
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
after do
|
|
31
|
+
Devise.lock_strategy = @original_lock_strategy
|
|
32
|
+
Devise.maximum_attempts = @original_maximum_attempts
|
|
33
|
+
Devise.unlock_strategy = @original_unlock_strategy
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
describe 'Unlocking user' do
|
|
37
|
+
before do
|
|
38
|
+
@resource = create(:lockable_user)
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
describe 'request unlock without email' do
|
|
42
|
+
before do
|
|
43
|
+
@auth_headers = @resource.create_new_auth_token
|
|
44
|
+
@new_password = Faker::Internet.password
|
|
45
|
+
|
|
46
|
+
post :create
|
|
47
|
+
@data = JSON.parse(response.body)
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
test 'response should fail' do
|
|
51
|
+
assert_equal 401, response.status
|
|
52
|
+
end
|
|
53
|
+
test 'error message should be returned' do
|
|
54
|
+
assert @data['errors']
|
|
55
|
+
assert_equal @data['errors'], [I18n.t('devise_token_auth.passwords.missing_email')]
|
|
56
|
+
end
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
describe 'request unlock' do
|
|
60
|
+
describe 'unknown user should return 404' do
|
|
61
|
+
before do
|
|
62
|
+
post :create, params: { email: 'chester@cheet.ah' }
|
|
63
|
+
@data = JSON.parse(response.body)
|
|
64
|
+
end
|
|
65
|
+
test 'unknown user should return 404' do
|
|
66
|
+
assert_equal 404, response.status
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
test 'errors should be returned' do
|
|
70
|
+
assert @data['errors']
|
|
71
|
+
assert_equal @data['errors'],
|
|
72
|
+
[I18n.t('devise_token_auth.passwords.user_not_found',
|
|
73
|
+
email: 'chester@cheet.ah')]
|
|
74
|
+
end
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
describe 'successfully requested unlock' do
|
|
78
|
+
before do
|
|
79
|
+
post :create, params: { email: @resource.email }
|
|
80
|
+
|
|
81
|
+
@data = JSON.parse(response.body)
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
test 'response should not contain extra data' do
|
|
85
|
+
assert_nil @data['data']
|
|
86
|
+
end
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
describe 'case-sensitive email' do
|
|
90
|
+
before do
|
|
91
|
+
post :create, params: { email: @resource.email }
|
|
92
|
+
|
|
93
|
+
@mail = ActionMailer::Base.deliveries.last
|
|
94
|
+
@resource.reload
|
|
95
|
+
@data = JSON.parse(response.body)
|
|
96
|
+
|
|
97
|
+
@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
|
|
98
|
+
@mail_reset_token = @mail.body.match(/unlock_token=(.*)\"/)[1]
|
|
99
|
+
end
|
|
100
|
+
|
|
101
|
+
test 'response should return success status' do
|
|
102
|
+
assert_equal 200, response.status
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
test 'response should contains message' do
|
|
106
|
+
assert_equal @data['message'], I18n.t('devise_token_auth.unlocks.sended', email: @resource.email)
|
|
107
|
+
end
|
|
108
|
+
|
|
109
|
+
test 'action should send an email' do
|
|
110
|
+
assert @mail
|
|
111
|
+
end
|
|
112
|
+
|
|
113
|
+
test 'the email should be addressed to the user' do
|
|
114
|
+
assert_equal @mail.to.first, @resource.email
|
|
115
|
+
end
|
|
116
|
+
|
|
117
|
+
test 'the client config name should fall back to "default"' do
|
|
118
|
+
assert_equal 'default', @mail_config_name
|
|
119
|
+
end
|
|
120
|
+
|
|
121
|
+
test 'the email body should contain a link with reset token as a query param' do
|
|
122
|
+
user = LockableUser.unlock_access_by_token(@mail_reset_token)
|
|
123
|
+
assert_equal user.id, @resource.id
|
|
124
|
+
end
|
|
125
|
+
|
|
126
|
+
describe 'unlock link failure' do
|
|
127
|
+
test 'response should return 404' do
|
|
128
|
+
assert_raises(ActionController::RoutingError) do
|
|
129
|
+
get :show, params: { unlock_token: 'bogus' }
|
|
130
|
+
end
|
|
131
|
+
end
|
|
132
|
+
end
|
|
133
|
+
|
|
134
|
+
describe 'password reset link success' do
|
|
135
|
+
before do
|
|
136
|
+
get :show, params: { unlock_token: @mail_reset_token }
|
|
137
|
+
|
|
138
|
+
@resource.reload
|
|
139
|
+
|
|
140
|
+
raw_qs = response.location.split('?')[1]
|
|
141
|
+
@qs = Rack::Utils.parse_nested_query(raw_qs)
|
|
142
|
+
|
|
143
|
+
@access_token = @qs['access-token']
|
|
144
|
+
@client = @qs['client']
|
|
145
|
+
@client_id = @qs['client_id']
|
|
146
|
+
@expiry = @qs['expiry']
|
|
147
|
+
@token = @qs['token']
|
|
148
|
+
@uid = @qs['uid']
|
|
149
|
+
@unlock = @qs['unlock']
|
|
150
|
+
end
|
|
151
|
+
|
|
152
|
+
test 'respones should have success redirect status' do
|
|
153
|
+
assert_equal 302, response.status
|
|
154
|
+
end
|
|
155
|
+
|
|
156
|
+
test 'response should contain auth params' do
|
|
157
|
+
assert @access_token
|
|
158
|
+
assert @client
|
|
159
|
+
assert @client_id
|
|
160
|
+
assert @expiry
|
|
161
|
+
assert @token
|
|
162
|
+
assert @uid
|
|
163
|
+
assert @unlock
|
|
164
|
+
end
|
|
165
|
+
|
|
166
|
+
test 'response auth params should be valid' do
|
|
167
|
+
assert @resource.valid_token?(@token, @client_id)
|
|
168
|
+
assert @resource.valid_token?(@access_token, @client)
|
|
169
|
+
end
|
|
170
|
+
end
|
|
171
|
+
end
|
|
172
|
+
|
|
173
|
+
describe 'case-insensitive email' do
|
|
174
|
+
before do
|
|
175
|
+
@resource_class = LockableUser
|
|
176
|
+
@request_params = {
|
|
177
|
+
email: @resource.email.upcase
|
|
178
|
+
}
|
|
179
|
+
end
|
|
180
|
+
|
|
181
|
+
test 'response should return success status if configured' do
|
|
182
|
+
@resource_class.case_insensitive_keys = [:email]
|
|
183
|
+
post :create, params: @request_params
|
|
184
|
+
assert_equal 200, response.status
|
|
185
|
+
end
|
|
186
|
+
|
|
187
|
+
test 'response should return failure status if not configured' do
|
|
188
|
+
@resource_class.case_insensitive_keys = []
|
|
189
|
+
post :create, params: @request_params
|
|
190
|
+
assert_equal 404, response.status
|
|
191
|
+
end
|
|
192
|
+
end
|
|
193
|
+
end
|
|
194
|
+
end
|
|
195
|
+
end
|
|
196
|
+
end
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'test_helper'
|
|
4
|
+
|
|
5
|
+
# was the web request successful?
|
|
6
|
+
# was the user redirected to the right page?
|
|
7
|
+
# was the user successfully authenticated?
|
|
8
|
+
# was the correct object stored in the response?
|
|
9
|
+
# was the appropriate message delivered in the json payload?
|
|
10
|
+
|
|
11
|
+
class Overrides::ConfirmationsControllerTest < ActionDispatch::IntegrationTest
|
|
12
|
+
include OverridesControllersRoutes
|
|
13
|
+
|
|
14
|
+
describe Overrides::ConfirmationsController do
|
|
15
|
+
before do
|
|
16
|
+
@redirect_url = Faker::Internet.url
|
|
17
|
+
@new_user = create(:user)
|
|
18
|
+
|
|
19
|
+
# generate + send email
|
|
20
|
+
@new_user.send_confirmation_instructions(redirect_url: @redirect_url)
|
|
21
|
+
|
|
22
|
+
@mail = ActionMailer::Base.deliveries.last
|
|
23
|
+
@confirmation_path = @mail.body.match(/localhost([^\"]*)\"/)[1]
|
|
24
|
+
|
|
25
|
+
# visit confirmation link
|
|
26
|
+
get @confirmation_path
|
|
27
|
+
|
|
28
|
+
# reload user from db
|
|
29
|
+
@new_user.reload
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
test 'user is confirmed' do
|
|
33
|
+
assert @new_user.confirmed?
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
test 'user can be authenticated via confirmation link' do
|
|
37
|
+
# hard coded in override controller
|
|
38
|
+
override_proof_str = '(^^,)'
|
|
39
|
+
|
|
40
|
+
# ensure present in redirect URL
|
|
41
|
+
override_proof_param = URI.unescape(response.headers['Location']
|
|
42
|
+
.match(/override_proof=([^&]*)&/)[1])
|
|
43
|
+
|
|
44
|
+
assert_equal override_proof_str, override_proof_param
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
end
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'test_helper'
|
|
4
|
+
|
|
5
|
+
# was the web request successful?
|
|
6
|
+
# was the user redirected to the right page?
|
|
7
|
+
# was the user successfully authenticated?
|
|
8
|
+
# was the correct object stored in the response?
|
|
9
|
+
# was the appropriate message delivered in the json payload?
|
|
10
|
+
|
|
11
|
+
class Overrides::OmniauthCallbacksControllerTest < ActionDispatch::IntegrationTest
|
|
12
|
+
include OverridesControllersRoutes
|
|
13
|
+
|
|
14
|
+
describe Overrides::OmniauthCallbacksController do
|
|
15
|
+
before do
|
|
16
|
+
OmniAuth.config.test_mode = true
|
|
17
|
+
OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new(
|
|
18
|
+
provider: 'facebook',
|
|
19
|
+
uid: '123545',
|
|
20
|
+
info: {
|
|
21
|
+
name: 'chong',
|
|
22
|
+
email: 'chongbong@aol.com'
|
|
23
|
+
}
|
|
24
|
+
)
|
|
25
|
+
|
|
26
|
+
@favorite_color = 'gray'
|
|
27
|
+
|
|
28
|
+
get '/evil_user_auth/facebook',
|
|
29
|
+
params: {
|
|
30
|
+
auth_origin_url: Faker::Internet.url,
|
|
31
|
+
favorite_color: @favorite_color,
|
|
32
|
+
omniauth_window_type: 'newWindow'
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
follow_all_redirects!
|
|
36
|
+
|
|
37
|
+
@resource = assigns(:resource)
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
test 'request is successful' do
|
|
41
|
+
assert_equal 200, response.status
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
test 'controller was overridden' do
|
|
45
|
+
assert_equal @resource.nickname,
|
|
46
|
+
Overrides::OmniauthCallbacksController::DEFAULT_NICKNAME
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
test 'whitelisted param was allowed' do
|
|
50
|
+
assert_equal @favorite_color, @resource.favorite_color
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
end
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'test_helper'
|
|
4
|
+
|
|
5
|
+
# was the web request successful?
|
|
6
|
+
# was the user redirected to the right page?
|
|
7
|
+
# was the user successfully authenticated?
|
|
8
|
+
# was the correct object stored in the response?
|
|
9
|
+
# was the appropriate message delivered in the json payload?
|
|
10
|
+
|
|
11
|
+
class Overrides::PasswordsControllerTest < ActionDispatch::IntegrationTest
|
|
12
|
+
include OverridesControllersRoutes
|
|
13
|
+
|
|
14
|
+
describe Overrides::PasswordsController do
|
|
15
|
+
before do
|
|
16
|
+
@resource = create(:user, :confirmed)
|
|
17
|
+
|
|
18
|
+
post '/evil_user_auth/password',
|
|
19
|
+
params: {
|
|
20
|
+
email: @resource.email,
|
|
21
|
+
redirect_url: Faker::Internet.url
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
mail = ActionMailer::Base.deliveries.last
|
|
25
|
+
@resource.reload
|
|
26
|
+
|
|
27
|
+
mail_reset_token = mail.body.match(/reset_password_token=(.*)\"/)[1]
|
|
28
|
+
mail_redirect_url = CGI.unescape(mail.body.match(/redirect_url=([^&]*)&/)[1])
|
|
29
|
+
|
|
30
|
+
get '/evil_user_auth/password/edit',
|
|
31
|
+
params: {
|
|
32
|
+
reset_password_token: mail_reset_token,
|
|
33
|
+
redirect_url: mail_redirect_url
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
@resource.reload
|
|
37
|
+
|
|
38
|
+
_, raw_query_string = response.location.split('?')
|
|
39
|
+
@query_string = Rack::Utils.parse_nested_query(raw_query_string)
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
test 'response should have success redirect status' do
|
|
43
|
+
assert_equal 302, response.status
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
test 'response should contain auth params + override proof' do
|
|
47
|
+
assert @query_string['access-token']
|
|
48
|
+
assert @query_string['client']
|
|
49
|
+
assert @query_string['client_id']
|
|
50
|
+
assert @query_string['expiry']
|
|
51
|
+
assert @query_string['override_proof']
|
|
52
|
+
assert @query_string['reset_password']
|
|
53
|
+
assert @query_string['token']
|
|
54
|
+
assert @query_string['uid']
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
test 'override proof is correct' do
|
|
58
|
+
assert_equal(
|
|
59
|
+
@query_string['override_proof'],
|
|
60
|
+
Overrides::PasswordsController::OVERRIDE_PROOF
|
|
61
|
+
)
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
end
|