RubyGems - digix_devise_token_auth - Versions diffs - 0.1.44 - Mend

digix_devise_token_auth 0.1.44

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (149) hide show

data/test/controllers/devise_token_auth/confirmations_controller_test.rb ADDED

@@ -0,0 +1,129 @@
+require 'test_helper'
+#  was the web request successful?
+#  was the user redirected to the right page?
+#  was the user successfully authenticated?
+#  was the correct object stored in the response?
+#  was the appropriate message delivered in the json payload?
+class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
+  describe DeviseTokenAuth::ConfirmationsController do
+    def token_and_client_config_from(body)
+      token         = body.match(/confirmation_token=([^&]*)&/)[1]
+      client_config = body.match(/config=([^&]*)&/)[1]
+      [token, client_config]
+    end
+    describe 'Confirmation' do
+      before do
+        @redirect_url = Faker::Internet.url
+        @new_user = users(:unconfirmed_email_user)
+        @new_user.send_confirmation_instructions(redirect_url: @redirect_url)
+        mail = ActionMailer::Base.deliveries.last
+        @token, @client_config = token_and_client_config_from(mail.body)
+      end
+      test 'should generate raw token' do
+        assert @token
+      end
+      test "should include config name as 'default' in confirmation link" do
+        assert_equal 'default', @client_config
+      end
+      test 'should store token hash in user' do
+        assert @new_user.confirmation_token
+      end
+      describe 'success' do
+        before do
+          get :show,
+              params: { confirmation_token: @token,
+                        redirect_url: @redirect_url },
+              xhr: true
+          @resource = assigns(:resource)
+        end
+        test 'user should now be confirmed' do
+          assert @resource.confirmed?
+        end
+        test 'should redirect to success url' do
+          assert_redirected_to(/^#{@redirect_url}/)
+        end
+        test 'the sign_in_count should be 1' do
+          assert @resource.sign_in_count == 1
+        end
+        test 'User shoud have the signed in info filled' do
+          assert @resource.current_sign_in_at?
+        end
+        test 'User shoud have the Last checkin filled' do
+          assert @resource.last_sign_in_at?
+        end
+        test 'user already confirmed' do
+          assert @resource.sign_in_count > 0 do
+            assert expiry == (Time.now + Time.now + 1.second).to_i
+          end
+        end
+      end
+      describe 'failure' do
+        test 'user should not be confirmed' do
+          assert_raises(ActionController::RoutingError) do
+            get :show, params: { confirmation_token: 'bogus' }
+          end
+          @resource = assigns(:resource)
+          refute @resource.confirmed?
+        end
+      end
+    end
+    # test with non-standard user class
+    describe 'Alternate user model' do
+      setup do
+        @request.env['devise.mapping'] = Devise.mappings[:mang]
+      end
+      teardown do
+        @request.env['devise.mapping'] = Devise.mappings[:user]
+      end
+      before do
+        @config_name = 'altUser'
+        @new_user    = mangs(:unconfirmed_email_user)
+        @new_user.send_confirmation_instructions(client_config: @config_name)
+        mail = ActionMailer::Base.deliveries.last
+        @token, @client_config = token_and_client_config_from(mail.body)
+      end
+      test 'should generate raw token' do
+        assert @token
+      end
+      test 'should include config name in confirmation link' do
+        assert_equal @config_name, @client_config
+      end
+      test 'should store token hash in user' do
+        assert @new_user.confirmation_token
+      end
+      describe 'success' do
+        before do
+          @redirect_url = Faker::Internet.url
+          get :show, params: { confirmation_token: @token,
+                               redirect_url: @redirect_url }
+          @resource = assigns(:resource)
+        end
+        test 'user should now be confirmed' do
+          assert @resource.confirmed?
+        end
+      end
+    end
+  end
+end

data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb ADDED

@@ -0,0 +1,371 @@
+require 'test_helper'
+require 'mocha/test_unit'
+#  was the web request successful?
+#  was the user redirected to the right page?
+#  was the user successfully authenticated?
+#  was the correct object stored in the response?
+#  was the appropriate message delivered in the json payload?
+class OmniauthTest < ActionDispatch::IntegrationTest
+  setup do
+    OmniAuth.config.test_mode = true
+  end
+  before do
+    @redirect_url = 'http://ng-token-auth.dev/'
+  end
+  def get_parsed_data_json
+    encoded_json_data = @response.body.match(/var data \= JSON.parse\(decodeURIComponent\(\'(.+)\'\)\)\;/)[1]
+    JSON.parse(URI.unescape(encoded_json_data))
+  end
+  describe 'success callback' do
+    setup do
+      OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new(
+        provider: 'facebook',
+        uid: '123545',
+        info: {
+          name: 'chong',
+          email: 'chongbong@aol.com'
+        }
+      )
+    end
+    test 'request should pass correct redirect_url' do
+      get_success
+      assert_equal @redirect_url,
+                   controller.send(:omniauth_params)['auth_origin_url']
+    end
+    test 'user should have been created' do
+      get_success
+      assert @resource
+    end
+    test 'user should be assigned info from provider' do
+      get_success
+      assert_equal 'chongbong@aol.com', @resource.email
+    end
+    test 'user should be assigned token' do
+      get_success
+      client_id = controller.auth_params[:client_id]
+      token = controller.auth_params[:auth_token]
+      expiry = controller.auth_params[:expiry]
+      # the expiry should have been set
+      assert_equal expiry, @resource.tokens[client_id]['expiry']
+      # the token sent down to the client should now be valid
+      assert @resource.valid_token?(token, client_id)
+    end
+    test 'session vars have been cleared' do
+      get_success
+      refute request.session['dta.omniauth.auth']
+      refute request.session['dta.omniauth.params']
+    end
+    test 'sign_in was called' do
+      User.any_instance.expects(:sign_in)
+      get_success
+    end
+    test 'should be redirected via valid url' do
+      get_success
+      assert_equal 'http://www.example.com/auth/facebook/callback',
+                   request.original_url
+    end
+    describe 'with default user model' do
+      before do
+        get_success
+      end
+      test 'request should determine the correct resource_class' do
+        assert_equal 'User', controller.send(:omniauth_params)['resource_class']
+      end
+      test 'user should be of the correct class' do
+        assert_equal User, @resource.class
+      end
+    end
+    describe 'with alternate user model' do
+      before do
+        get '/mangs/facebook',
+            params: {
+              auth_origin_url: @redirect_url,
+              omniauth_window_type: 'newWindow'
+            }
+        follow_all_redirects!
+        assert_equal 200, response.status
+        @resource = assigns(:resource)
+      end
+      test 'request should determine the correct resource_class' do
+        assert_equal 'Mang', controller.send(:omniauth_params)['resource_class']
+      end
+      test 'user should be of the correct class' do
+        assert_equal Mang, @resource.class
+      end
+    end
+    describe 'pass additional params' do
+      before do
+        @fav_color = 'alizarin crimson'
+        @unpermitted_param = 'M. Bison'
+        get '/auth/facebook',
+            params: { auth_origin_url: @redirect_url,
+                      favorite_color: @fav_color,
+                      name: @unpermitted_param,
+                      omniauth_window_type: 'newWindow' }
+        follow_all_redirects!
+        @resource = assigns(:resource)
+      end
+      test 'status shows success' do
+        assert_equal 200, response.status
+      end
+      test 'additional attribute was passed' do
+        assert_equal @fav_color, @resource.favorite_color
+      end
+      test 'non-whitelisted attributes are ignored' do
+        refute_equal @unpermitted_param, @resource.name
+      end
+    end
+    describe 'oauth registration attr' do
+      after do
+        User.any_instance.unstub(:new_record?)
+      end
+      describe 'with new user' do
+        before do
+          User.any_instance.expects(:new_record?).returns(true).at_least_once
+        end
+        test 'response contains oauth_registration attr' do
+          get '/auth/facebook',
+              params: { auth_origin_url: @redirect_url,
+                        omniauth_window_type: 'newWindow' }
+          follow_all_redirects!
+          assert_equal true, controller.auth_params[:oauth_registration]
+        end
+      end
+      describe 'with existing user' do
+        before do
+          User.any_instance.expects(:new_record?).returns(false).at_least_once
+        end
+        test 'response does not contain oauth_registration attr' do
+          get '/auth/facebook',
+              params: { auth_origin_url: @redirect_url,
+                        omniauth_window_type: 'newWindow' }
+          follow_all_redirects!
+          assert_equal false, controller.auth_params.key?(:oauth_registration)
+        end
+      end
+    end
+    describe 'using namespaces' do
+      before do
+        get '/api/v1/auth/facebook',
+            params: { auth_origin_url: @redirect_url,
+                      omniauth_window_type: 'newWindow' }
+        follow_all_redirects!
+        @resource = assigns(:resource)
+      end
+      test 'request is successful' do
+        assert_equal 200, response.status
+      end
+      test 'user should have been created' do
+        assert @resource
+      end
+      test 'user should be of the correct class' do
+        assert_equal User, @resource.class
+      end
+    end
+    describe 'with omniauth_window_type=inAppBrowser' do
+      test 'response contains all expected data' do
+        get_success(omniauth_window_type: 'inAppBrowser')
+        assert_expected_data_in_new_window
+      end
+    end
+    describe 'with omniauth_window_type=newWindow' do
+      test 'response contains all expected data' do
+        get_success(omniauth_window_type: 'newWindow')
+        assert_expected_data_in_new_window
+      end
+    end
+    def assert_expected_data_in_new_window
+      data = get_parsed_data_json
+      expected_data = @resource.as_json.merge(controller.auth_params.as_json)
+      expected_data = ActiveSupport::JSON.decode(expected_data.to_json)
+      assert_equal(expected_data.merge('message' => 'deliverCredentials'), data)
+    end
+    describe 'with omniauth_window_type=sameWindow' do
+      test 'redirects to auth_origin_url with all expected query params' do
+        get '/auth/facebook',
+            params: { auth_origin_url: '/auth_origin',
+                      omniauth_window_type: 'sameWindow' }
+        follow_all_redirects!
+        assert_equal 200, response.status
+        # We have been forwarded to a url with all the expected
+        # data in the query params.
+        # Assert that a uid was passed along.  We have to assume
+        # that the rest of the values were as well, as we don't
+        # have access to @resource in this test anymore
+        assert(controller.params['uid'], 'No uid found')
+        # check that all the auth stuff is there
+        %i[auth_token client_id uid expiry config].each do |key|
+          assert(controller.params.key?(key), "No value for #{key.inspect}")
+        end
+      end
+    end
+    def get_success(params = {})
+      get '/auth/facebook',
+          params: {
+            auth_origin_url: @redirect_url,
+            omniauth_window_type: 'newWindow'
+          }.merge(params)
+      follow_all_redirects!
+      assert_equal 200, response.status
+      @resource = assigns(:resource)
+    end
+  end
+  describe 'failure callback' do
+    setup do
+      OmniAuth.config.mock_auth[:facebook] = :invalid_credentials
+      OmniAuth.config.on_failure = proc { |env|
+        OmniAuth::FailureEndpoint.new(env).redirect_to_failure
+      }
+    end
+    test 'renders expected data' do
+      silence_omniauth do
+        get '/auth/facebook',
+            params: { auth_origin_url: @redirect_url,
+                      omniauth_window_type: 'newWindow' }
+        follow_all_redirects!
+      end
+      assert_equal 200, response.status
+      data = get_parsed_data_json
+      assert_equal({ 'error' => 'invalid_credentials', 'message' => 'authFailure' }, data)
+    end
+    test 'renders something with no auth_origin_url' do
+      silence_omniauth do
+        get '/auth/facebook'
+        follow_all_redirects!
+      end
+      assert_equal 200, response.status
+      assert_select 'body', 'invalid_credentials'
+    end
+  end
+  describe 'User with only :database_authenticatable and :registerable included' do
+    test 'OnlyEmailUser should not be able to use OAuth' do
+      assert_raises(ActionController::RoutingError) do
+        get '/only_email_auth/facebook',
+            params: { auth_origin_url: @redirect_url }
+        follow_all_redirects!
+      end
+    end
+  end
+  describe 'Using redirect_whitelist' do
+    before do
+      @user_email = 'slemp.diggler@sillybandz.gov'
+      OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new(
+        provider: 'facebook',
+        uid: '123545',
+        info: {
+          name: 'chong',
+          email: @user_email
+        }
+      )
+      @good_redirect_url = Faker::Internet.url
+      @bad_redirect_url = Faker::Internet.url
+      DeviseTokenAuth.redirect_whitelist = [@good_redirect_url]
+    end
+    teardown do
+      DeviseTokenAuth.redirect_whitelist = nil
+    end
+    test 'request using non-whitelisted redirect fail' do
+      get '/auth/facebook',
+          params: { auth_origin_url: @bad_redirect_url,
+                    omniauth_window_type: 'newWindow' }
+      follow_all_redirects!
+      data = get_parsed_data_json
+      assert_equal "Redirect to &#39;#{@bad_redirect_url}&#39; not allowed.",
+                   data['error']
+    end
+    test 'request to whitelisted redirect should succeed' do
+      get '/auth/facebook',
+          params: {
+            auth_origin_url: @good_redirect_url,
+            omniauth_window_type: 'newWindow'
+          }
+      follow_all_redirects!
+      data = get_parsed_data_json
+      assert_equal @user_email, data['email']
+    end
+    test 'should support wildcards' do
+      DeviseTokenAuth.redirect_whitelist = ["#{@good_redirect_url[0..8]}*"]
+      get '/auth/facebook',
+          params: { auth_origin_url: @good_redirect_url,
+                    omniauth_window_type: 'newWindow' }
+      follow_all_redirects!
+      data = get_parsed_data_json
+      assert_equal @user_email, data['email']
+    end
+  end
+end