devise_token_auth_skycocker_fork 1.0.0

data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb

@@ -0,0 +1,222 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+require 'fileutils'
+require 'generators/devise_token_auth/install_generator' if DEVISE_TOKEN_AUTH_ORM == :active_record
+require 'generators/devise_token_auth/install_mongoid_generator' if DEVISE_TOKEN_AUTH_ORM == :mongoid
+
+module DeviseTokenAuth
+  class InstallGeneratorTest < Rails::Generators::TestCase
+    tests InstallGenerator        if DEVISE_TOKEN_AUTH_ORM == :active_record
+    tests InstallMongoidGenerator if DEVISE_TOKEN_AUTH_ORM == :mongoid
+    destination Rails.root.join('tmp/generators')
+
+    # The namespaced user model for testing
+    let(:user_class) { 'Azpire::V1::HumanResource::User' }
+    let(:namespace_path) { user_class.underscore }
+    let(:table_name) { user_class.pluralize.underscore.gsub('/','_') }
+
+    describe 'user model with namespace, clean install' do
+      setup :prepare_destination
+
+      before do
+        run_generator %W[#{user_class} auth]
+      end
+
+      test 'user model (with namespace) is created, concern is included' do
+        assert_file "app/models/#{namespace_path}.rb" do |model|
+          assert_match(/include DeviseTokenAuth::Concerns::User/, model)
+        end
+      end
+
+      test 'initializer is created' do
+        assert_file 'config/initializers/devise_token_auth.rb'
+      end
+
+      test 'subsequent runs raise no errors' do
+        run_generator %W[#{user_class} auth]
+      end
+
+      if DEVISE_TOKEN_AUTH_ORM == :active_record
+        test 'migration is created for user model with namespace' do
+          assert_migration "db/migrate/devise_token_auth_create_#{table_name}.rb"
+        end
+
+        test 'migration file for user model with namespace contains rails version' do
+          if Rails::VERSION::MAJOR >= 5
+            assert_migration "db/migrate/devise_token_auth_create_#{table_name}.rb", /#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}/
+          else
+            assert_migration "db/migrate/devise_token_auth_create_#{table_name}.rb"
+          end
+        end
+
+        test 'add primary key type with rails 5 when specified in rails generator' do
+          run_generator %W[#{user_class} auth --primary_key_type=uuid --force]
+          if Rails::VERSION::MAJOR >= 5
+            assert_migration "db/migrate/devise_token_auth_create_#{table_name}.rb", /create_table\(:#{table_name}, id: :uuid\) do/
+          else
+            assert_migration "db/migrate/devise_token_auth_create_#{table_name}.rb", /create_table\(:#{table_name}\) do/
+          end
+        end
+      end
+    end
+
+    describe 'existing user model' do
+      setup :prepare_destination
+
+      before do
+        @dir = File.join(destination_root, 'app', 'models')
+
+        @fname = File.join(@dir, 'user.rb')
+
+        # make dir if not exists
+        FileUtils.mkdir_p(@dir)
+
+        case DEVISE_TOKEN_AUTH_ORM
+        when :active_record
+          # account for rails version 5
+          active_record_needle = (Rails::VERSION::MAJOR == 5) ? 'ApplicationRecord' : 'ActiveRecord::Base'
+
+          @f = File.open(@fname, 'w') do |f|
+            f.write <<-RUBY
+              class User < #{active_record_needle}
+
+                def whatever
+                  puts 'whatever'
+                end
+              end
+            RUBY
+          end
+        when :mongoid
+          @f = File.open(@fname, 'w') do |f|
+            f.write <<-'RUBY'
+              class User
+
+                def whatever
+                  puts 'whatever'
+                end
+              end
+            RUBY
+          end
+        end
+
+        run_generator
+      end
+
+      test 'user concern is injected into existing model' do
+        assert_file 'app/models/user.rb' do |model|
+          assert_match(/include DeviseTokenAuth::Concerns::User/, model)
+        end
+      end
+
+      test 'subsequent runs do not modify file' do
+        run_generator
+        assert_file 'app/models/user.rb' do |model|
+          matches = model.scan(/include DeviseTokenAuth::Concerns::User/m).size
+          assert_equal 1, matches
+        end
+      end
+    end
+
+    describe 'routes' do
+      setup :prepare_destination
+
+      before do
+        @dir = File.join(destination_root, 'config')
+
+        @fname = File.join(@dir, 'routes.rb')
+
+        # make dir if not exists
+        FileUtils.mkdir_p(@dir)
+
+        @f = File.open(@fname, 'w') do |f|
+          f.write <<-RUBY
+            Rails.application.routes.draw do
+              patch '/chong', to: 'bong#index'
+            end
+          RUBY
+        end
+
+        run_generator %W[#{user_class} auth]
+      end
+
+      test 'route method for user model with namespace is appended to routes file' do
+        assert_file 'config/routes.rb' do |routes|
+          assert_match(/mount_devise_token_auth_for '#{user_class}', at: 'auth'/, routes)
+        end
+      end
+
+      test 'subsequent runs do not modify file' do
+        run_generator %W[#{user_class} auth]
+        assert_file 'config/routes.rb' do |routes|
+          matches = routes.scan(/mount_devise_token_auth_for '#{user_class}', at: 'auth'/m).size
+          assert_equal 1, matches
+        end
+      end
+
+      describe 'subsequent models' do
+        before do
+          run_generator %w[Mang mangs]
+        end
+
+        test 'route method is appended to routes file' do
+          assert_file 'config/routes.rb' do |routes|
+            assert_match(/mount_devise_token_auth_for 'Mang', at: 'mangs'/, routes)
+          end
+        end
+
+        test 'devise_for block is appended to routes file' do
+          assert_file 'config/routes.rb' do |routes|
+            assert_match(/as :mang do/, routes)
+            assert_match(/# Define routes for Mang within this block./, routes)
+          end
+        end
+
+        if DEVISE_TOKEN_AUTH_ORM == :active_record
+          test 'migration is created' do
+            assert_migration 'db/migrate/devise_token_auth_create_mangs.rb'
+          end
+        end
+      end
+    end
+
+    describe 'application controller' do
+      setup :prepare_destination
+
+      before do
+        @dir = File.join(destination_root, 'app', 'controllers')
+
+        @fname = File.join(@dir, 'application_controller.rb')
+
+        # make dir if not exists
+        FileUtils.mkdir_p(@dir)
+
+        @f = File.open(@fname, 'w') do |f|
+          f.write <<-RUBY
+            class ApplicationController < ActionController::Base
+              def whatever
+                'whatever'
+              end
+            end
+          RUBY
+        end
+
+        run_generator %W[#{user_class} auth]
+      end
+
+      test 'controller concern is appended to application controller' do
+        assert_file 'app/controllers/application_controller.rb' do |controller|
+          assert_match(/include DeviseTokenAuth::Concerns::SetUserByToken/, controller)
+        end
+      end
+
+      test 'subsequent runs do not modify file' do
+        run_generator %W[#{user_class} auth]
+        assert_file 'app/controllers/application_controller.rb' do |controller|
+          matches = controller.scan(/include DeviseTokenAuth::Concerns::SetUserByToken/m).size
+          assert_equal 1, matches
+        end
+      end
+    end
+  end
+end

data/test/lib/generators/devise_token_auth/install_views_generator_test.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+require 'fileutils'
+require 'generators/devise_token_auth/install_views_generator'
+
+module DeviseTokenAuth
+  class InstallViewsGeneratorTest < Rails::Generators::TestCase
+    tests InstallViewsGenerator
+    destination Rails.root.join('tmp/generators')
+
+    describe 'default values, clean install' do
+      setup :prepare_destination
+
+      before do
+        run_generator
+      end
+
+      test 'files are copied' do
+        assert_file 'app/views/devise/mailer/reset_password_instructions.html.erb'
+        assert_file 'app/views/devise/mailer/confirmation_instructions.html.erb'
+      end
+    end
+  end
+end

data/test/models/concerns/mongoid_support_test.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+if DEVISE_TOKEN_AUTH_ORM == :mongoid
+  class DeviseTokenAuth::Concerns::MongoidSupportTest < ActiveSupport::TestCase
+    describe DeviseTokenAuth::Concerns::MongoidSupport do
+      before do
+        @user = create(:user)
+      end
+
+      describe '#as_json' do
+        test 'should be defined' do
+          assert @user.methods.include?(:as_json)
+        end
+
+        test 'should except _id attribute' do
+          refute @user.as_json.key?('_id')
+        end
+
+        test 'should return with id attribute' do
+          assert_equal @user._id.to_s, @user.as_json['id']
+        end
+
+        test 'should accept options' do
+          refute @user.as_json(except: [:created_at]).key?('created_at')
+        end
+      end
+    end
+  end
+end

data/test/models/only_email_user_test.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class OnlyEmailUserTest < ActiveSupport::TestCase
+  describe OnlyEmailUser do
+    test 'trackable is disabled' do
+      refute OnlyEmailUser.method_defined?(:sign_in_count)
+      refute OnlyEmailUser.method_defined?(:current_sign_in_at)
+      refute OnlyEmailUser.method_defined?(:last_sign_in_at)
+      refute OnlyEmailUser.method_defined?(:current_sign_in_ip)
+      refute OnlyEmailUser.method_defined?(:last_sign_in_ip)
+    end
+
+    test 'confirmable is disabled' do
+      refute OnlyEmailUser.method_defined?(:confirmation_token)
+      refute OnlyEmailUser.method_defined?(:confirmed_at)
+      refute OnlyEmailUser.method_defined?(:confirmation_sent_at)
+      refute OnlyEmailUser.method_defined?(:unconfirmed_email)
+    end
+
+    test 'lockable is disabled' do
+      refute OnlyEmailUser.method_defined?(:failed_attempts)
+      refute OnlyEmailUser.method_defined?(:unlock_token)
+      refute OnlyEmailUser.method_defined?(:locked_at)
+    end
+
+    test 'recoverable is disabled' do
+      refute OnlyEmailUser.method_defined?(:reset_password_token)
+      refute OnlyEmailUser.method_defined?(:reset_password_sent_at)
+    end
+
+    test 'rememberable is disabled' do
+      refute OnlyEmailUser.method_defined?(:remember_created_at)
+    end
+  end
+end

data/test/models/user_test.rb

@@ -0,0 +1,140 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class UserTest < ActiveSupport::TestCase
+  describe User do
+    describe 'serialization' do
+      test 'hash should not include sensitive info' do
+        @resource = build(:user)
+        refute @resource.as_json[:tokens]
+      end
+    end
+
+    describe 'creation' do
+      test 'save fails if uid is missing' do
+        @resource = User.new
+        @resource.uid = nil
+        @resource.save
+
+        assert @resource.errors.messages[:uid]
+      end
+    end
+
+    describe 'email registration' do
+      test 'model should not save if email is blank' do
+        @resource = build(:user, email: nil)
+
+        refute @resource.save
+        assert @resource.errors.messages[:email] == [I18n.t('errors.messages.blank')]
+      end
+
+      test 'model should not save if email is not an email' do
+        @resource = build(:user, email: '@example.com')
+
+        refute @resource.save
+        assert @resource.errors.messages[:email] == [I18n.t('errors.messages.not_email')]
+      end
+    end
+
+    describe 'email uniqueness' do
+      test 'model should not save if email is taken' do
+        user_attributes = attributes_for(:user)
+        create(:user, user_attributes)
+        @resource = build(:user, user_attributes)
+
+        refute @resource.save
+        assert @resource.errors.messages[:email].first.include? 'taken'
+        assert @resource.errors.messages[:email].none? { |e| e =~ /translation missing/ }
+      end
+    end
+
+    describe 'oauth2 authentication' do
+      test 'model should save even if email is blank' do
+        @resource = build(:user, :facebook, email: nil)
+
+        assert @resource.save
+        assert @resource.errors.messages[:email].blank?
+      end
+    end
+
+    describe 'token expiry' do
+      before do
+        @resource = create(:user, :confirmed)
+
+        @auth_headers = @resource.create_new_auth_token
+
+        @token     = @auth_headers['access-token']
+        @client_id = @auth_headers['client']
+      end
+
+      test 'should properly indicate whether token is current' do
+        assert @resource.token_is_current?(@token, @client_id)
+        # we want to update the expiry without forcing a cleanup (see below)
+        @resource.tokens[@client_id]['expiry'] = Time.zone.now.to_i - 10.seconds
+        refute @resource.token_is_current?(@token, @client_id)
+      end
+    end
+
+    describe 'user specific token lifespan' do
+      before do
+        @resource = create(:user, :confirmed)
+
+        auth_headers = @resource.create_new_auth_token
+        @token_global     = auth_headers['access-token']
+        @client_id_global = auth_headers['client']
+
+        def @resource.token_lifespan
+          1.minute
+        end
+
+        auth_headers = @resource.create_new_auth_token
+        @token_specific     = auth_headers['access-token']
+        @client_id_specific = auth_headers['client']
+      end
+
+      test 'works per user' do
+        assert @resource.token_is_current?(@token_global, @client_id_global)
+
+        time = Time.zone.now.to_i
+        expiry_global = @resource.tokens[@client_id_global]['expiry'] || @resource.tokens[@client_id_global][:expiry]
+
+        assert expiry_global > time + DeviseTokenAuth.token_lifespan - 5.seconds
+        assert expiry_global < time + DeviseTokenAuth.token_lifespan + 5.seconds
+
+        expiry_specific = @resource.tokens[@client_id_specific]['expiry'] || @resource.tokens[@client_id_specific][:expiry]
+        assert expiry_specific > time + 55.seconds
+        assert expiry_specific < time + 65.seconds
+      end
+    end
+
+    describe 'expired tokens are destroyed on save' do
+      before do
+        @resource = create(:user, :confirmed)
+
+        @old_auth_headers = @resource.create_new_auth_token
+        @new_auth_headers = @resource.create_new_auth_token
+        expire_token(@resource, @old_auth_headers['client'])
+      end
+
+      test 'expired token was removed' do
+        refute @resource.tokens[@old_auth_headers[:client]]
+      end
+
+      test 'current token was not removed' do
+        assert @resource.tokens[@new_auth_headers['client']]
+      end
+    end
+
+    describe 'nil tokens are handled properly' do
+      before do
+        @resource = create(:user, :confirmed)
+      end
+
+      test 'tokens can be set to nil' do
+        @resource.tokens = nil
+        assert @resource.save
+      end
+    end
+  end
+end