digix_devise_token_auth 0.1.44

Sign up to get free protection for your applications and to get access to all the features.
Files changed (149) hide show
  1. checksums.yaml +7 -0
  2. data/LICENSE +13 -0
  3. data/README.md +952 -0
  4. data/Rakefile +35 -0
  5. data/app/controllers/devise_token_auth/application_controller.rb +76 -0
  6. data/app/controllers/devise_token_auth/concerns/resource_finder.rb +43 -0
  7. data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +165 -0
  8. data/app/controllers/devise_token_auth/confirmations_controller.rb +30 -0
  9. data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +243 -0
  10. data/app/controllers/devise_token_auth/passwords_controller.rb +202 -0
  11. data/app/controllers/devise_token_auth/registrations_controller.rb +205 -0
  12. data/app/controllers/devise_token_auth/sessions_controller.rb +133 -0
  13. data/app/controllers/devise_token_auth/token_validations_controller.rb +29 -0
  14. data/app/controllers/devise_token_auth/unlocks_controller.rb +89 -0
  15. data/app/models/devise_token_auth/concerns/user.rb +260 -0
  16. data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +26 -0
  17. data/app/validators/email_validator.rb +21 -0
  18. data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
  19. data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
  20. data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
  21. data/app/views/devise_token_auth/omniauth_external_window.html.erb +38 -0
  22. data/config/initializers/devise.rb +196 -0
  23. data/config/locales/da-DK.yml +50 -0
  24. data/config/locales/de.yml +49 -0
  25. data/config/locales/en.yml +50 -0
  26. data/config/locales/es.yml +49 -0
  27. data/config/locales/fr.yml +49 -0
  28. data/config/locales/it.yml +46 -0
  29. data/config/locales/ja.yml +46 -0
  30. data/config/locales/nl.yml +30 -0
  31. data/config/locales/pl.yml +48 -0
  32. data/config/locales/pt-BR.yml +46 -0
  33. data/config/locales/pt.yml +48 -0
  34. data/config/locales/ro.yml +46 -0
  35. data/config/locales/ru.yml +50 -0
  36. data/config/locales/sq.yml +46 -0
  37. data/config/locales/uk.yml +59 -0
  38. data/config/locales/vi.yml +50 -0
  39. data/config/locales/zh-CN.yml +46 -0
  40. data/config/locales/zh-HK.yml +48 -0
  41. data/config/locales/zh-TW.yml +48 -0
  42. data/lib/devise_token_auth.rb +8 -0
  43. data/lib/devise_token_auth/controllers/helpers.rb +149 -0
  44. data/lib/devise_token_auth/controllers/url_helpers.rb +8 -0
  45. data/lib/devise_token_auth/engine.rb +90 -0
  46. data/lib/devise_token_auth/rails/routes.rb +114 -0
  47. data/lib/devise_token_auth/url.rb +37 -0
  48. data/lib/devise_token_auth/version.rb +3 -0
  49. data/lib/generators/devise_token_auth/USAGE +31 -0
  50. data/lib/generators/devise_token_auth/install_generator.rb +160 -0
  51. data/lib/generators/devise_token_auth/install_views_generator.rb +16 -0
  52. data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +48 -0
  53. data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +55 -0
  54. data/lib/generators/devise_token_auth/templates/user.rb +7 -0
  55. data/lib/tasks/devise_token_auth_tasks.rake +4 -0
  56. data/test/controllers/custom/custom_confirmations_controller_test.rb +21 -0
  57. data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +29 -0
  58. data/test/controllers/custom/custom_passwords_controller_test.rb +75 -0
  59. data/test/controllers/custom/custom_registrations_controller_test.rb +54 -0
  60. data/test/controllers/custom/custom_sessions_controller_test.rb +37 -0
  61. data/test/controllers/custom/custom_token_validations_controller_test.rb +40 -0
  62. data/test/controllers/demo_group_controller_test.rb +153 -0
  63. data/test/controllers/demo_mang_controller_test.rb +284 -0
  64. data/test/controllers/demo_user_controller_test.rb +601 -0
  65. data/test/controllers/devise_token_auth/confirmations_controller_test.rb +129 -0
  66. data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +371 -0
  67. data/test/controllers/devise_token_auth/passwords_controller_test.rb +649 -0
  68. data/test/controllers/devise_token_auth/registrations_controller_test.rb +878 -0
  69. data/test/controllers/devise_token_auth/sessions_controller_test.rb +500 -0
  70. data/test/controllers/devise_token_auth/token_validations_controller_test.rb +90 -0
  71. data/test/controllers/devise_token_auth/unlocks_controller_test.rb +194 -0
  72. data/test/controllers/overrides/confirmations_controller_test.rb +43 -0
  73. data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +49 -0
  74. data/test/controllers/overrides/passwords_controller_test.rb +66 -0
  75. data/test/controllers/overrides/registrations_controller_test.rb +40 -0
  76. data/test/controllers/overrides/sessions_controller_test.rb +33 -0
  77. data/test/controllers/overrides/token_validations_controller_test.rb +41 -0
  78. data/test/dummy/README.rdoc +28 -0
  79. data/test/dummy/app/controllers/application_controller.rb +16 -0
  80. data/test/dummy/app/controllers/auth_origin_controller.rb +5 -0
  81. data/test/dummy/app/controllers/custom/confirmations_controller.rb +13 -0
  82. data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb +11 -0
  83. data/test/dummy/app/controllers/custom/passwords_controller.rb +40 -0
  84. data/test/dummy/app/controllers/custom/registrations_controller.rb +39 -0
  85. data/test/dummy/app/controllers/custom/sessions_controller.rb +29 -0
  86. data/test/dummy/app/controllers/custom/token_validations_controller.rb +19 -0
  87. data/test/dummy/app/controllers/demo_group_controller.rb +13 -0
  88. data/test/dummy/app/controllers/demo_mang_controller.rb +12 -0
  89. data/test/dummy/app/controllers/demo_user_controller.rb +25 -0
  90. data/test/dummy/app/controllers/overrides/confirmations_controller.rb +26 -0
  91. data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +14 -0
  92. data/test/dummy/app/controllers/overrides/passwords_controller.rb +33 -0
  93. data/test/dummy/app/controllers/overrides/registrations_controller.rb +27 -0
  94. data/test/dummy/app/controllers/overrides/sessions_controller.rb +36 -0
  95. data/test/dummy/app/controllers/overrides/token_validations_controller.rb +23 -0
  96. data/test/dummy/app/helpers/application_helper.rb +1065 -0
  97. data/test/dummy/app/models/evil_user.rb +3 -0
  98. data/test/dummy/app/models/lockable_user.rb +5 -0
  99. data/test/dummy/app/models/mang.rb +3 -0
  100. data/test/dummy/app/models/nice_user.rb +7 -0
  101. data/test/dummy/app/models/only_email_user.rb +5 -0
  102. data/test/dummy/app/models/scoped_user.rb +7 -0
  103. data/test/dummy/app/models/unconfirmable_user.rb +8 -0
  104. data/test/dummy/app/models/unregisterable_user.rb +7 -0
  105. data/test/dummy/app/models/user.rb +18 -0
  106. data/test/dummy/app/views/layouts/application.html.erb +14 -0
  107. data/test/dummy/config.ru +16 -0
  108. data/test/dummy/config/application.rb +24 -0
  109. data/test/dummy/config/application.yml.bk +0 -0
  110. data/test/dummy/config/boot.rb +5 -0
  111. data/test/dummy/config/environment.rb +5 -0
  112. data/test/dummy/config/environments/development.rb +44 -0
  113. data/test/dummy/config/environments/production.rb +82 -0
  114. data/test/dummy/config/environments/test.rb +48 -0
  115. data/test/dummy/config/initializers/assets.rb +8 -0
  116. data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
  117. data/test/dummy/config/initializers/cookies_serializer.rb +3 -0
  118. data/test/dummy/config/initializers/devise.rb +3 -0
  119. data/test/dummy/config/initializers/devise_token_auth.rb +22 -0
  120. data/test/dummy/config/initializers/figaro.rb +1 -0
  121. data/test/dummy/config/initializers/filter_parameter_logging.rb +4 -0
  122. data/test/dummy/config/initializers/inflections.rb +16 -0
  123. data/test/dummy/config/initializers/mime_types.rb +4 -0
  124. data/test/dummy/config/initializers/omniauth.rb +8 -0
  125. data/test/dummy/config/initializers/session_store.rb +3 -0
  126. data/test/dummy/config/initializers/wrap_parameters.rb +14 -0
  127. data/test/dummy/config/routes.rb +72 -0
  128. data/test/dummy/config/spring.rb +1 -0
  129. data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +63 -0
  130. data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +62 -0
  131. data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +6 -0
  132. data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +5 -0
  133. data/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb +64 -0
  134. data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +60 -0
  135. data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +61 -0
  136. data/test/dummy/db/migrate/20150409095712_devise_token_auth_create_nice_users.rb +61 -0
  137. data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +61 -0
  138. data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +61 -0
  139. data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +61 -0
  140. data/test/dummy/db/schema.rb +258 -0
  141. data/test/dummy/lib/migration_database_helper.rb +29 -0
  142. data/test/integration/navigation_test.rb +10 -0
  143. data/test/lib/devise_token_auth/url_test.rb +24 -0
  144. data/test/lib/generators/devise_token_auth/install_generator_test.rb +187 -0
  145. data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +23 -0
  146. data/test/models/only_email_user_test.rb +35 -0
  147. data/test/models/user_test.rb +169 -0
  148. data/test/test_helper.rb +77 -0
  149. metadata +342 -0
@@ -0,0 +1,129 @@
1
+ require 'test_helper'
2
+
3
+ # was the web request successful?
4
+ # was the user redirected to the right page?
5
+ # was the user successfully authenticated?
6
+ # was the correct object stored in the response?
7
+ # was the appropriate message delivered in the json payload?
8
+
9
+ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
10
+ describe DeviseTokenAuth::ConfirmationsController do
11
+ def token_and_client_config_from(body)
12
+ token = body.match(/confirmation_token=([^&]*)&/)[1]
13
+ client_config = body.match(/config=([^&]*)&/)[1]
14
+ [token, client_config]
15
+ end
16
+
17
+ describe 'Confirmation' do
18
+ before do
19
+ @redirect_url = Faker::Internet.url
20
+ @new_user = users(:unconfirmed_email_user)
21
+ @new_user.send_confirmation_instructions(redirect_url: @redirect_url)
22
+ mail = ActionMailer::Base.deliveries.last
23
+ @token, @client_config = token_and_client_config_from(mail.body)
24
+ end
25
+
26
+ test 'should generate raw token' do
27
+ assert @token
28
+ end
29
+
30
+ test "should include config name as 'default' in confirmation link" do
31
+ assert_equal 'default', @client_config
32
+ end
33
+
34
+ test 'should store token hash in user' do
35
+ assert @new_user.confirmation_token
36
+ end
37
+
38
+ describe 'success' do
39
+ before do
40
+ get :show,
41
+ params: { confirmation_token: @token,
42
+ redirect_url: @redirect_url },
43
+ xhr: true
44
+ @resource = assigns(:resource)
45
+ end
46
+
47
+ test 'user should now be confirmed' do
48
+ assert @resource.confirmed?
49
+ end
50
+
51
+ test 'should redirect to success url' do
52
+ assert_redirected_to(/^#{@redirect_url}/)
53
+ end
54
+
55
+ test 'the sign_in_count should be 1' do
56
+ assert @resource.sign_in_count == 1
57
+ end
58
+ test 'User shoud have the signed in info filled' do
59
+ assert @resource.current_sign_in_at?
60
+ end
61
+ test 'User shoud have the Last checkin filled' do
62
+ assert @resource.last_sign_in_at?
63
+ end
64
+
65
+ test 'user already confirmed' do
66
+ assert @resource.sign_in_count > 0 do
67
+ assert expiry == (Time.now + Time.now + 1.second).to_i
68
+ end
69
+ end
70
+ end
71
+
72
+ describe 'failure' do
73
+ test 'user should not be confirmed' do
74
+ assert_raises(ActionController::RoutingError) do
75
+ get :show, params: { confirmation_token: 'bogus' }
76
+ end
77
+ @resource = assigns(:resource)
78
+ refute @resource.confirmed?
79
+ end
80
+ end
81
+ end
82
+
83
+ # test with non-standard user class
84
+ describe 'Alternate user model' do
85
+ setup do
86
+ @request.env['devise.mapping'] = Devise.mappings[:mang]
87
+ end
88
+
89
+ teardown do
90
+ @request.env['devise.mapping'] = Devise.mappings[:user]
91
+ end
92
+
93
+ before do
94
+ @config_name = 'altUser'
95
+ @new_user = mangs(:unconfirmed_email_user)
96
+
97
+ @new_user.send_confirmation_instructions(client_config: @config_name)
98
+
99
+ mail = ActionMailer::Base.deliveries.last
100
+ @token, @client_config = token_and_client_config_from(mail.body)
101
+ end
102
+
103
+ test 'should generate raw token' do
104
+ assert @token
105
+ end
106
+
107
+ test 'should include config name in confirmation link' do
108
+ assert_equal @config_name, @client_config
109
+ end
110
+
111
+ test 'should store token hash in user' do
112
+ assert @new_user.confirmation_token
113
+ end
114
+
115
+ describe 'success' do
116
+ before do
117
+ @redirect_url = Faker::Internet.url
118
+ get :show, params: { confirmation_token: @token,
119
+ redirect_url: @redirect_url }
120
+ @resource = assigns(:resource)
121
+ end
122
+
123
+ test 'user should now be confirmed' do
124
+ assert @resource.confirmed?
125
+ end
126
+ end
127
+ end
128
+ end
129
+ end
@@ -0,0 +1,371 @@
1
+ require 'test_helper'
2
+ require 'mocha/test_unit'
3
+
4
+ # was the web request successful?
5
+ # was the user redirected to the right page?
6
+ # was the user successfully authenticated?
7
+ # was the correct object stored in the response?
8
+ # was the appropriate message delivered in the json payload?
9
+
10
+ class OmniauthTest < ActionDispatch::IntegrationTest
11
+ setup do
12
+ OmniAuth.config.test_mode = true
13
+ end
14
+
15
+ before do
16
+ @redirect_url = 'http://ng-token-auth.dev/'
17
+ end
18
+
19
+ def get_parsed_data_json
20
+ encoded_json_data = @response.body.match(/var data \= JSON.parse\(decodeURIComponent\(\'(.+)\'\)\)\;/)[1]
21
+ JSON.parse(URI.unescape(encoded_json_data))
22
+ end
23
+
24
+ describe 'success callback' do
25
+ setup do
26
+ OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new(
27
+ provider: 'facebook',
28
+ uid: '123545',
29
+ info: {
30
+ name: 'chong',
31
+ email: 'chongbong@aol.com'
32
+ }
33
+ )
34
+ end
35
+
36
+ test 'request should pass correct redirect_url' do
37
+ get_success
38
+ assert_equal @redirect_url,
39
+ controller.send(:omniauth_params)['auth_origin_url']
40
+ end
41
+
42
+ test 'user should have been created' do
43
+ get_success
44
+ assert @resource
45
+ end
46
+
47
+ test 'user should be assigned info from provider' do
48
+ get_success
49
+ assert_equal 'chongbong@aol.com', @resource.email
50
+ end
51
+
52
+ test 'user should be assigned token' do
53
+ get_success
54
+
55
+ client_id = controller.auth_params[:client_id]
56
+ token = controller.auth_params[:auth_token]
57
+ expiry = controller.auth_params[:expiry]
58
+
59
+ # the expiry should have been set
60
+ assert_equal expiry, @resource.tokens[client_id]['expiry']
61
+
62
+ # the token sent down to the client should now be valid
63
+ assert @resource.valid_token?(token, client_id)
64
+ end
65
+
66
+ test 'session vars have been cleared' do
67
+ get_success
68
+ refute request.session['dta.omniauth.auth']
69
+ refute request.session['dta.omniauth.params']
70
+ end
71
+
72
+ test 'sign_in was called' do
73
+ User.any_instance.expects(:sign_in)
74
+ get_success
75
+ end
76
+
77
+ test 'should be redirected via valid url' do
78
+ get_success
79
+ assert_equal 'http://www.example.com/auth/facebook/callback',
80
+ request.original_url
81
+ end
82
+
83
+ describe 'with default user model' do
84
+ before do
85
+ get_success
86
+ end
87
+ test 'request should determine the correct resource_class' do
88
+ assert_equal 'User', controller.send(:omniauth_params)['resource_class']
89
+ end
90
+
91
+ test 'user should be of the correct class' do
92
+ assert_equal User, @resource.class
93
+ end
94
+ end
95
+
96
+ describe 'with alternate user model' do
97
+ before do
98
+ get '/mangs/facebook',
99
+ params: {
100
+ auth_origin_url: @redirect_url,
101
+ omniauth_window_type: 'newWindow'
102
+ }
103
+
104
+ follow_all_redirects!
105
+
106
+ assert_equal 200, response.status
107
+ @resource = assigns(:resource)
108
+ end
109
+
110
+ test 'request should determine the correct resource_class' do
111
+ assert_equal 'Mang', controller.send(:omniauth_params)['resource_class']
112
+ end
113
+
114
+ test 'user should be of the correct class' do
115
+ assert_equal Mang, @resource.class
116
+ end
117
+ end
118
+
119
+ describe 'pass additional params' do
120
+ before do
121
+ @fav_color = 'alizarin crimson'
122
+ @unpermitted_param = 'M. Bison'
123
+ get '/auth/facebook',
124
+ params: { auth_origin_url: @redirect_url,
125
+ favorite_color: @fav_color,
126
+ name: @unpermitted_param,
127
+ omniauth_window_type: 'newWindow' }
128
+
129
+ follow_all_redirects!
130
+
131
+ @resource = assigns(:resource)
132
+ end
133
+
134
+ test 'status shows success' do
135
+ assert_equal 200, response.status
136
+ end
137
+
138
+ test 'additional attribute was passed' do
139
+ assert_equal @fav_color, @resource.favorite_color
140
+ end
141
+
142
+ test 'non-whitelisted attributes are ignored' do
143
+ refute_equal @unpermitted_param, @resource.name
144
+ end
145
+ end
146
+
147
+ describe 'oauth registration attr' do
148
+ after do
149
+ User.any_instance.unstub(:new_record?)
150
+ end
151
+
152
+ describe 'with new user' do
153
+ before do
154
+ User.any_instance.expects(:new_record?).returns(true).at_least_once
155
+ end
156
+
157
+ test 'response contains oauth_registration attr' do
158
+ get '/auth/facebook',
159
+ params: { auth_origin_url: @redirect_url,
160
+ omniauth_window_type: 'newWindow' }
161
+
162
+ follow_all_redirects!
163
+
164
+ assert_equal true, controller.auth_params[:oauth_registration]
165
+ end
166
+ end
167
+
168
+ describe 'with existing user' do
169
+ before do
170
+ User.any_instance.expects(:new_record?).returns(false).at_least_once
171
+ end
172
+
173
+ test 'response does not contain oauth_registration attr' do
174
+ get '/auth/facebook',
175
+ params: { auth_origin_url: @redirect_url,
176
+ omniauth_window_type: 'newWindow' }
177
+
178
+ follow_all_redirects!
179
+
180
+ assert_equal false, controller.auth_params.key?(:oauth_registration)
181
+ end
182
+ end
183
+ end
184
+
185
+ describe 'using namespaces' do
186
+ before do
187
+ get '/api/v1/auth/facebook',
188
+ params: { auth_origin_url: @redirect_url,
189
+ omniauth_window_type: 'newWindow' }
190
+
191
+ follow_all_redirects!
192
+
193
+ @resource = assigns(:resource)
194
+ end
195
+
196
+ test 'request is successful' do
197
+ assert_equal 200, response.status
198
+ end
199
+
200
+ test 'user should have been created' do
201
+ assert @resource
202
+ end
203
+
204
+ test 'user should be of the correct class' do
205
+ assert_equal User, @resource.class
206
+ end
207
+ end
208
+
209
+ describe 'with omniauth_window_type=inAppBrowser' do
210
+ test 'response contains all expected data' do
211
+ get_success(omniauth_window_type: 'inAppBrowser')
212
+ assert_expected_data_in_new_window
213
+ end
214
+ end
215
+
216
+ describe 'with omniauth_window_type=newWindow' do
217
+ test 'response contains all expected data' do
218
+ get_success(omniauth_window_type: 'newWindow')
219
+ assert_expected_data_in_new_window
220
+ end
221
+ end
222
+
223
+ def assert_expected_data_in_new_window
224
+ data = get_parsed_data_json
225
+ expected_data = @resource.as_json.merge(controller.auth_params.as_json)
226
+ expected_data = ActiveSupport::JSON.decode(expected_data.to_json)
227
+ assert_equal(expected_data.merge('message' => 'deliverCredentials'), data)
228
+ end
229
+
230
+ describe 'with omniauth_window_type=sameWindow' do
231
+ test 'redirects to auth_origin_url with all expected query params' do
232
+ get '/auth/facebook',
233
+ params: { auth_origin_url: '/auth_origin',
234
+ omniauth_window_type: 'sameWindow' }
235
+
236
+ follow_all_redirects!
237
+
238
+ assert_equal 200, response.status
239
+
240
+ # We have been forwarded to a url with all the expected
241
+ # data in the query params.
242
+
243
+ # Assert that a uid was passed along. We have to assume
244
+ # that the rest of the values were as well, as we don't
245
+ # have access to @resource in this test anymore
246
+ assert(controller.params['uid'], 'No uid found')
247
+
248
+ # check that all the auth stuff is there
249
+ %i[auth_token client_id uid expiry config].each do |key|
250
+ assert(controller.params.key?(key), "No value for #{key.inspect}")
251
+ end
252
+ end
253
+ end
254
+
255
+ def get_success(params = {})
256
+ get '/auth/facebook',
257
+ params: {
258
+ auth_origin_url: @redirect_url,
259
+ omniauth_window_type: 'newWindow'
260
+ }.merge(params)
261
+
262
+ follow_all_redirects!
263
+
264
+ assert_equal 200, response.status
265
+
266
+ @resource = assigns(:resource)
267
+ end
268
+ end
269
+
270
+ describe 'failure callback' do
271
+ setup do
272
+ OmniAuth.config.mock_auth[:facebook] = :invalid_credentials
273
+ OmniAuth.config.on_failure = proc { |env|
274
+ OmniAuth::FailureEndpoint.new(env).redirect_to_failure
275
+ }
276
+ end
277
+
278
+ test 'renders expected data' do
279
+ silence_omniauth do
280
+ get '/auth/facebook',
281
+ params: { auth_origin_url: @redirect_url,
282
+ omniauth_window_type: 'newWindow' }
283
+
284
+ follow_all_redirects!
285
+ end
286
+
287
+ assert_equal 200, response.status
288
+
289
+ data = get_parsed_data_json
290
+
291
+ assert_equal({ 'error' => 'invalid_credentials', 'message' => 'authFailure' }, data)
292
+ end
293
+
294
+ test 'renders something with no auth_origin_url' do
295
+ silence_omniauth do
296
+ get '/auth/facebook'
297
+ follow_all_redirects!
298
+ end
299
+ assert_equal 200, response.status
300
+ assert_select 'body', 'invalid_credentials'
301
+ end
302
+ end
303
+
304
+ describe 'User with only :database_authenticatable and :registerable included' do
305
+ test 'OnlyEmailUser should not be able to use OAuth' do
306
+ assert_raises(ActionController::RoutingError) do
307
+ get '/only_email_auth/facebook',
308
+ params: { auth_origin_url: @redirect_url }
309
+ follow_all_redirects!
310
+ end
311
+ end
312
+ end
313
+
314
+ describe 'Using redirect_whitelist' do
315
+ before do
316
+ @user_email = 'slemp.diggler@sillybandz.gov'
317
+ OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new(
318
+ provider: 'facebook',
319
+ uid: '123545',
320
+ info: {
321
+ name: 'chong',
322
+ email: @user_email
323
+ }
324
+ )
325
+ @good_redirect_url = Faker::Internet.url
326
+ @bad_redirect_url = Faker::Internet.url
327
+ DeviseTokenAuth.redirect_whitelist = [@good_redirect_url]
328
+ end
329
+
330
+ teardown do
331
+ DeviseTokenAuth.redirect_whitelist = nil
332
+ end
333
+
334
+ test 'request using non-whitelisted redirect fail' do
335
+ get '/auth/facebook',
336
+ params: { auth_origin_url: @bad_redirect_url,
337
+ omniauth_window_type: 'newWindow' }
338
+
339
+ follow_all_redirects!
340
+
341
+ data = get_parsed_data_json
342
+ assert_equal "Redirect to &#39;#{@bad_redirect_url}&#39; not allowed.",
343
+ data['error']
344
+ end
345
+
346
+ test 'request to whitelisted redirect should succeed' do
347
+ get '/auth/facebook',
348
+ params: {
349
+ auth_origin_url: @good_redirect_url,
350
+ omniauth_window_type: 'newWindow'
351
+ }
352
+
353
+ follow_all_redirects!
354
+
355
+ data = get_parsed_data_json
356
+ assert_equal @user_email, data['email']
357
+ end
358
+
359
+ test 'should support wildcards' do
360
+ DeviseTokenAuth.redirect_whitelist = ["#{@good_redirect_url[0..8]}*"]
361
+ get '/auth/facebook',
362
+ params: { auth_origin_url: @good_redirect_url,
363
+ omniauth_window_type: 'newWindow' }
364
+
365
+ follow_all_redirects!
366
+
367
+ data = get_parsed_data_json
368
+ assert_equal @user_email, data['email']
369
+ end
370
+ end
371
+ end