digix_devise_token_auth 0.1.44

Sign up to get free protection for your applications and to get access to all the features.
Files changed (149) hide show
  1. checksums.yaml +7 -0
  2. data/LICENSE +13 -0
  3. data/README.md +952 -0
  4. data/Rakefile +35 -0
  5. data/app/controllers/devise_token_auth/application_controller.rb +76 -0
  6. data/app/controllers/devise_token_auth/concerns/resource_finder.rb +43 -0
  7. data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +165 -0
  8. data/app/controllers/devise_token_auth/confirmations_controller.rb +30 -0
  9. data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +243 -0
  10. data/app/controllers/devise_token_auth/passwords_controller.rb +202 -0
  11. data/app/controllers/devise_token_auth/registrations_controller.rb +205 -0
  12. data/app/controllers/devise_token_auth/sessions_controller.rb +133 -0
  13. data/app/controllers/devise_token_auth/token_validations_controller.rb +29 -0
  14. data/app/controllers/devise_token_auth/unlocks_controller.rb +89 -0
  15. data/app/models/devise_token_auth/concerns/user.rb +260 -0
  16. data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +26 -0
  17. data/app/validators/email_validator.rb +21 -0
  18. data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
  19. data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
  20. data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
  21. data/app/views/devise_token_auth/omniauth_external_window.html.erb +38 -0
  22. data/config/initializers/devise.rb +196 -0
  23. data/config/locales/da-DK.yml +50 -0
  24. data/config/locales/de.yml +49 -0
  25. data/config/locales/en.yml +50 -0
  26. data/config/locales/es.yml +49 -0
  27. data/config/locales/fr.yml +49 -0
  28. data/config/locales/it.yml +46 -0
  29. data/config/locales/ja.yml +46 -0
  30. data/config/locales/nl.yml +30 -0
  31. data/config/locales/pl.yml +48 -0
  32. data/config/locales/pt-BR.yml +46 -0
  33. data/config/locales/pt.yml +48 -0
  34. data/config/locales/ro.yml +46 -0
  35. data/config/locales/ru.yml +50 -0
  36. data/config/locales/sq.yml +46 -0
  37. data/config/locales/uk.yml +59 -0
  38. data/config/locales/vi.yml +50 -0
  39. data/config/locales/zh-CN.yml +46 -0
  40. data/config/locales/zh-HK.yml +48 -0
  41. data/config/locales/zh-TW.yml +48 -0
  42. data/lib/devise_token_auth.rb +8 -0
  43. data/lib/devise_token_auth/controllers/helpers.rb +149 -0
  44. data/lib/devise_token_auth/controllers/url_helpers.rb +8 -0
  45. data/lib/devise_token_auth/engine.rb +90 -0
  46. data/lib/devise_token_auth/rails/routes.rb +114 -0
  47. data/lib/devise_token_auth/url.rb +37 -0
  48. data/lib/devise_token_auth/version.rb +3 -0
  49. data/lib/generators/devise_token_auth/USAGE +31 -0
  50. data/lib/generators/devise_token_auth/install_generator.rb +160 -0
  51. data/lib/generators/devise_token_auth/install_views_generator.rb +16 -0
  52. data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +48 -0
  53. data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +55 -0
  54. data/lib/generators/devise_token_auth/templates/user.rb +7 -0
  55. data/lib/tasks/devise_token_auth_tasks.rake +4 -0
  56. data/test/controllers/custom/custom_confirmations_controller_test.rb +21 -0
  57. data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +29 -0
  58. data/test/controllers/custom/custom_passwords_controller_test.rb +75 -0
  59. data/test/controllers/custom/custom_registrations_controller_test.rb +54 -0
  60. data/test/controllers/custom/custom_sessions_controller_test.rb +37 -0
  61. data/test/controllers/custom/custom_token_validations_controller_test.rb +40 -0
  62. data/test/controllers/demo_group_controller_test.rb +153 -0
  63. data/test/controllers/demo_mang_controller_test.rb +284 -0
  64. data/test/controllers/demo_user_controller_test.rb +601 -0
  65. data/test/controllers/devise_token_auth/confirmations_controller_test.rb +129 -0
  66. data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +371 -0
  67. data/test/controllers/devise_token_auth/passwords_controller_test.rb +649 -0
  68. data/test/controllers/devise_token_auth/registrations_controller_test.rb +878 -0
  69. data/test/controllers/devise_token_auth/sessions_controller_test.rb +500 -0
  70. data/test/controllers/devise_token_auth/token_validations_controller_test.rb +90 -0
  71. data/test/controllers/devise_token_auth/unlocks_controller_test.rb +194 -0
  72. data/test/controllers/overrides/confirmations_controller_test.rb +43 -0
  73. data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +49 -0
  74. data/test/controllers/overrides/passwords_controller_test.rb +66 -0
  75. data/test/controllers/overrides/registrations_controller_test.rb +40 -0
  76. data/test/controllers/overrides/sessions_controller_test.rb +33 -0
  77. data/test/controllers/overrides/token_validations_controller_test.rb +41 -0
  78. data/test/dummy/README.rdoc +28 -0
  79. data/test/dummy/app/controllers/application_controller.rb +16 -0
  80. data/test/dummy/app/controllers/auth_origin_controller.rb +5 -0
  81. data/test/dummy/app/controllers/custom/confirmations_controller.rb +13 -0
  82. data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb +11 -0
  83. data/test/dummy/app/controllers/custom/passwords_controller.rb +40 -0
  84. data/test/dummy/app/controllers/custom/registrations_controller.rb +39 -0
  85. data/test/dummy/app/controllers/custom/sessions_controller.rb +29 -0
  86. data/test/dummy/app/controllers/custom/token_validations_controller.rb +19 -0
  87. data/test/dummy/app/controllers/demo_group_controller.rb +13 -0
  88. data/test/dummy/app/controllers/demo_mang_controller.rb +12 -0
  89. data/test/dummy/app/controllers/demo_user_controller.rb +25 -0
  90. data/test/dummy/app/controllers/overrides/confirmations_controller.rb +26 -0
  91. data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +14 -0
  92. data/test/dummy/app/controllers/overrides/passwords_controller.rb +33 -0
  93. data/test/dummy/app/controllers/overrides/registrations_controller.rb +27 -0
  94. data/test/dummy/app/controllers/overrides/sessions_controller.rb +36 -0
  95. data/test/dummy/app/controllers/overrides/token_validations_controller.rb +23 -0
  96. data/test/dummy/app/helpers/application_helper.rb +1065 -0
  97. data/test/dummy/app/models/evil_user.rb +3 -0
  98. data/test/dummy/app/models/lockable_user.rb +5 -0
  99. data/test/dummy/app/models/mang.rb +3 -0
  100. data/test/dummy/app/models/nice_user.rb +7 -0
  101. data/test/dummy/app/models/only_email_user.rb +5 -0
  102. data/test/dummy/app/models/scoped_user.rb +7 -0
  103. data/test/dummy/app/models/unconfirmable_user.rb +8 -0
  104. data/test/dummy/app/models/unregisterable_user.rb +7 -0
  105. data/test/dummy/app/models/user.rb +18 -0
  106. data/test/dummy/app/views/layouts/application.html.erb +14 -0
  107. data/test/dummy/config.ru +16 -0
  108. data/test/dummy/config/application.rb +24 -0
  109. data/test/dummy/config/application.yml.bk +0 -0
  110. data/test/dummy/config/boot.rb +5 -0
  111. data/test/dummy/config/environment.rb +5 -0
  112. data/test/dummy/config/environments/development.rb +44 -0
  113. data/test/dummy/config/environments/production.rb +82 -0
  114. data/test/dummy/config/environments/test.rb +48 -0
  115. data/test/dummy/config/initializers/assets.rb +8 -0
  116. data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
  117. data/test/dummy/config/initializers/cookies_serializer.rb +3 -0
  118. data/test/dummy/config/initializers/devise.rb +3 -0
  119. data/test/dummy/config/initializers/devise_token_auth.rb +22 -0
  120. data/test/dummy/config/initializers/figaro.rb +1 -0
  121. data/test/dummy/config/initializers/filter_parameter_logging.rb +4 -0
  122. data/test/dummy/config/initializers/inflections.rb +16 -0
  123. data/test/dummy/config/initializers/mime_types.rb +4 -0
  124. data/test/dummy/config/initializers/omniauth.rb +8 -0
  125. data/test/dummy/config/initializers/session_store.rb +3 -0
  126. data/test/dummy/config/initializers/wrap_parameters.rb +14 -0
  127. data/test/dummy/config/routes.rb +72 -0
  128. data/test/dummy/config/spring.rb +1 -0
  129. data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +63 -0
  130. data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +62 -0
  131. data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +6 -0
  132. data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +5 -0
  133. data/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb +64 -0
  134. data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +60 -0
  135. data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +61 -0
  136. data/test/dummy/db/migrate/20150409095712_devise_token_auth_create_nice_users.rb +61 -0
  137. data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +61 -0
  138. data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +61 -0
  139. data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +61 -0
  140. data/test/dummy/db/schema.rb +258 -0
  141. data/test/dummy/lib/migration_database_helper.rb +29 -0
  142. data/test/integration/navigation_test.rb +10 -0
  143. data/test/lib/devise_token_auth/url_test.rb +24 -0
  144. data/test/lib/generators/devise_token_auth/install_generator_test.rb +187 -0
  145. data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +23 -0
  146. data/test/models/only_email_user_test.rb +35 -0
  147. data/test/models/user_test.rb +169 -0
  148. data/test/test_helper.rb +77 -0
  149. metadata +342 -0
@@ -0,0 +1,649 @@
1
+ require 'test_helper'
2
+
3
+ # was the web request successful?
4
+ # was the user redirected to the right page?
5
+ # was the user successfully authenticated?
6
+ # was the correct object stored in the response?
7
+ # was the appropriate message delivered in the json payload?
8
+
9
+ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
10
+ describe DeviseTokenAuth::PasswordsController do
11
+ describe 'Password reset' do
12
+ before do
13
+ @resource = users(:confirmed_email_user)
14
+ @redirect_url = 'http://ng-token-auth.dev'
15
+ end
16
+
17
+ describe 'not email should return 401' do
18
+ before do
19
+ @auth_headers = @resource.create_new_auth_token
20
+ @new_password = Faker::Internet.password
21
+
22
+ post :create,
23
+ params: { redirect_url: @redirect_url }
24
+ @data = JSON.parse(response.body)
25
+ end
26
+
27
+ test 'response should fail' do
28
+ assert_equal 401, response.status
29
+ end
30
+
31
+ test 'error message should be returned' do
32
+ assert @data['errors']
33
+ assert_equal @data['errors'],
34
+ [I18n.t('devise_token_auth.passwords.missing_email')]
35
+ end
36
+ end
37
+
38
+ describe 'not redirect_url should return 401' do
39
+ before do
40
+ @auth_headers = @resource.create_new_auth_token
41
+ @new_password = Faker::Internet.password
42
+
43
+ post :create,
44
+ params: { email: 'chester@cheet.ah' }
45
+ @data = JSON.parse(response.body)
46
+ end
47
+
48
+ test 'response should fail' do
49
+ assert_equal 401, response.status
50
+ end
51
+
52
+ test 'error message should be returned' do
53
+ assert @data['errors']
54
+ assert_equal @data['errors'],
55
+ [I18n.t('devise_token_auth.passwords.missing_redirect_url')]
56
+ end
57
+ end
58
+
59
+ describe 'request password reset' do
60
+ describe 'unknown user should return 404' do
61
+ before do
62
+ post :create,
63
+ params: { email: 'chester@cheet.ah',
64
+ redirect_url: @redirect_url }
65
+ @data = JSON.parse(response.body)
66
+ end
67
+
68
+ test 'unknown user should return 404' do
69
+ assert_equal 404, response.status
70
+ end
71
+
72
+ test 'errors should be returned' do
73
+ assert @data['errors']
74
+ assert_equal @data['errors'],
75
+ [I18n.t('devise_token_auth.passwords.user_not_found',
76
+ email: 'chester@cheet.ah')]
77
+ end
78
+ end
79
+
80
+ describe 'successfully requested password reset' do
81
+ before do
82
+ post :create,
83
+ params: { email: @resource.email,
84
+ redirect_url: @redirect_url }
85
+
86
+ @data = JSON.parse(response.body)
87
+ end
88
+
89
+ test 'response should not contain extra data' do
90
+ assert_nil @data['data']
91
+ end
92
+ end
93
+
94
+ describe 'case-sensitive email' do
95
+ before do
96
+ post :create,
97
+ params: { email: @resource.email,
98
+ redirect_url: @redirect_url }
99
+
100
+ @mail = ActionMailer::Base.deliveries.last
101
+ @resource.reload
102
+ @data = JSON.parse(response.body)
103
+
104
+ @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
105
+ @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
106
+ @mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
107
+ end
108
+
109
+ test 'response should return success status' do
110
+ assert_equal 200, response.status
111
+ end
112
+
113
+ test 'response should contains message' do
114
+ assert_equal @data['message'], I18n.t('devise_token_auth.passwords.sended', email: @resource.email)
115
+ end
116
+
117
+ test 'action should send an email' do
118
+ assert @mail
119
+ end
120
+
121
+ test 'the email should be addressed to the user' do
122
+ assert_equal @mail.to.first, @resource.email
123
+ end
124
+
125
+ test 'the email body should contain a link with redirect url as a query param' do
126
+ assert_equal @redirect_url, @mail_redirect_url
127
+ end
128
+
129
+ test 'the client config name should fall back to "default"' do
130
+ assert_equal 'default', @mail_config_name
131
+ end
132
+
133
+ test 'the email body should contain a link with reset token as a query param' do
134
+ user = User.reset_password_by_token(reset_password_token: @mail_reset_token)
135
+
136
+ assert_equal user.id, @resource.id
137
+ end
138
+
139
+ describe 'password reset link failure' do
140
+ test 'response should return 404' do
141
+ assert_raises(ActionController::RoutingError) do
142
+ get :edit,
143
+ params: { reset_password_token: 'bogus',
144
+ redirect_url: @mail_redirect_url }
145
+ end
146
+ end
147
+ end
148
+
149
+ describe 'password reset link success' do
150
+ before do
151
+ get :edit,
152
+ params: { reset_password_token: @mail_reset_token,
153
+ redirect_url: @mail_redirect_url }
154
+
155
+ @resource.reload
156
+
157
+ raw_qs = response.location.split('?')[1]
158
+ @qs = Rack::Utils.parse_nested_query(raw_qs)
159
+
160
+ @access_token = @qs['access-token']
161
+ @client_id = @qs['client_id']
162
+ @client = @qs['client']
163
+ @expiry = @qs['expiry']
164
+ @reset_password = @qs['reset_password']
165
+ @token = @qs['token']
166
+ @uid = @qs['uid']
167
+ end
168
+
169
+ test 'response should have success redirect status' do
170
+ assert_equal 302, response.status
171
+ end
172
+
173
+ test 'response should contain auth params' do
174
+ assert @access_token
175
+ assert @client
176
+ assert @client_id
177
+ assert @expiry
178
+ assert @reset_password
179
+ assert @token
180
+ assert @uid
181
+ end
182
+
183
+ test 'response auth params should be valid' do
184
+ assert @resource.valid_token?(@token, @client_id)
185
+ assert @resource.valid_token?(@access_token, @client)
186
+ end
187
+ end
188
+ end
189
+
190
+ describe 'case-insensitive email' do
191
+ before do
192
+ @resource_class = User
193
+ @request_params = {
194
+ email: @resource.email.upcase,
195
+ redirect_url: @redirect_url
196
+ }
197
+ end
198
+
199
+ test 'response should return success status if configured' do
200
+ @resource_class.case_insensitive_keys = [:email]
201
+ post :create, params: @request_params
202
+ assert_equal 200, response.status
203
+ end
204
+
205
+ test 'response should return failure status if not configured' do
206
+ @resource_class.case_insensitive_keys = []
207
+ post :create, params: @request_params
208
+ assert_equal 404, response.status
209
+ end
210
+ end
211
+
212
+ describe 'Cheking reset_password_token' do
213
+ before do
214
+ post :create, params: {
215
+ email: @resource.email,
216
+ redirect_url: @redirect_url
217
+ }
218
+
219
+ @mail = ActionMailer::Base.deliveries.last
220
+ @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
221
+ @mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
222
+
223
+ @resource.reload
224
+ end
225
+
226
+ describe 'reset_password_token is valid' do
227
+
228
+ test 'mail_reset_token should be the same as reset_password_token' do
229
+ assert_equal Devise.token_generator.digest(self, :reset_password_token, @mail_reset_token), @resource.reset_password_token
230
+ end
231
+
232
+ test 'reset_password_token should be rewritten by origin mail_reset_token' do
233
+ get :edit, params: {
234
+ reset_password_token: @mail_reset_token,
235
+ redirect_url: @mail_redirect_url
236
+ }
237
+ @resource.reload
238
+
239
+ assert_equal @mail_reset_token, @resource.reset_password_token
240
+ end
241
+
242
+ test 'response should return success status' do
243
+ get :edit, params: {
244
+ reset_password_token: @mail_reset_token,
245
+ redirect_url: @mail_redirect_url
246
+ }
247
+
248
+ assert_equal 302, response.status
249
+ end
250
+
251
+ test 'reset_password_token should be valid only one first time' do
252
+ get :edit, params: {
253
+ reset_password_token: @mail_reset_token,
254
+ redirect_url: @mail_redirect_url
255
+ }
256
+
257
+ @resource.reload
258
+ assert_equal @mail_reset_token, @resource.reset_password_token
259
+
260
+ assert_raises(ActionController::RoutingError) {
261
+ get :edit, params: {
262
+ reset_password_token: @mail_reset_token,
263
+ redirect_url: @mail_redirect_url
264
+ }
265
+ }
266
+
267
+ @resource.reload
268
+ assert_equal @mail_reset_token, @resource.reset_password_token
269
+ end
270
+
271
+ test 'reset_password_sent_at should be valid' do
272
+ assert_equal @resource.reset_password_period_valid?, true
273
+
274
+ get :edit, params: {
275
+ reset_password_token: @mail_reset_token,
276
+ redirect_url: @mail_redirect_url
277
+ }
278
+
279
+ @resource.reload
280
+ assert_equal @mail_reset_token, @resource.reset_password_token
281
+ end
282
+
283
+ test 'reset_password_sent_at should be expired' do
284
+ assert_equal @resource.reset_password_period_valid?, true
285
+
286
+ @resource.update reset_password_sent_at: @resource.reset_password_sent_at - Devise.reset_password_within - 1.seconds
287
+ assert_equal @resource.reset_password_period_valid?, false
288
+
289
+ assert_raises(ActionController::RoutingError) {
290
+ get :edit, params: {
291
+ reset_password_token: @mail_reset_token,
292
+ redirect_url: @mail_redirect_url
293
+ }
294
+ }
295
+ end
296
+ end
297
+
298
+ describe 'reset_password_token is not valid' do
299
+ test 'response should return error status' do
300
+ @resource.update reset_password_token: 'koskoskoskos'
301
+
302
+ assert_not_equal Devise.token_generator.digest(self, :reset_password_token, @mail_reset_token), @resource.reset_password_token
303
+
304
+ assert_raises(ActionController::RoutingError) {
305
+ get :edit, params: {
306
+ reset_password_token: @mail_reset_token,
307
+ redirect_url: @mail_redirect_url
308
+ }
309
+ }
310
+ end
311
+ end
312
+ end
313
+ end
314
+
315
+ describe 'Using default_password_reset_url' do
316
+ before do
317
+ @resource = users(:confirmed_email_user)
318
+ @redirect_url = 'http://ng-token-auth.dev'
319
+
320
+ DeviseTokenAuth.default_password_reset_url = @redirect_url
321
+
322
+ post :create,
323
+ params: { email: @resource.email,
324
+ redirect_url: @redirect_url }
325
+
326
+ @mail = ActionMailer::Base.deliveries.last
327
+ @resource.reload
328
+
329
+ @sent_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
330
+ end
331
+
332
+ teardown do
333
+ DeviseTokenAuth.default_password_reset_url = nil
334
+ end
335
+
336
+ test 'response should return success status' do
337
+ assert_equal 200, response.status
338
+ end
339
+
340
+ test 'action should send an email' do
341
+ assert @mail
342
+ end
343
+
344
+ test 'the email body should contain a link with redirect url as a query param' do
345
+ assert_equal @redirect_url, @sent_redirect_url
346
+ end
347
+ end
348
+
349
+ describe 'Using redirect_whitelist' do
350
+ before do
351
+ @resource = users(:confirmed_email_user)
352
+ @good_redirect_url = Faker::Internet.url
353
+ @bad_redirect_url = Faker::Internet.url
354
+ DeviseTokenAuth.redirect_whitelist = [@good_redirect_url]
355
+ end
356
+
357
+ teardown do
358
+ DeviseTokenAuth.redirect_whitelist = nil
359
+ end
360
+
361
+ test 'request to whitelisted redirect should be successful' do
362
+ post :create,
363
+ params: { email: @resource.email,
364
+ redirect_url: @good_redirect_url }
365
+
366
+ assert_equal 200, response.status
367
+ end
368
+
369
+ test 'request to non-whitelisted redirect should fail' do
370
+ post :create,
371
+ params: { email: @resource.email,
372
+ redirect_url: @bad_redirect_url }
373
+
374
+ assert_equal 422, response.status
375
+ end
376
+ test 'request to non-whitelisted redirect should return error message' do
377
+ post :create,
378
+ params: { email: @resource.email,
379
+ redirect_url: @bad_redirect_url }
380
+
381
+ @data = JSON.parse(response.body)
382
+ assert @data['errors']
383
+ assert_equal @data['errors'],
384
+ [I18n.t('devise_token_auth.passwords.not_allowed_redirect_url',
385
+ redirect_url: @bad_redirect_url)]
386
+ end
387
+ end
388
+
389
+ describe 'change password with current password required' do
390
+ before do
391
+ DeviseTokenAuth.check_current_password_before_update = :password
392
+ end
393
+
394
+ after do
395
+ DeviseTokenAuth.check_current_password_before_update = false
396
+ end
397
+
398
+ describe 'success' do
399
+ before do
400
+ @auth_headers = @resource.create_new_auth_token
401
+ request.headers.merge!(@auth_headers)
402
+ @new_password = Faker::Internet.password
403
+ @resource.update password: 'secret123', password_confirmation: 'secret123'
404
+
405
+ put :update,
406
+ params: { password: @new_password,
407
+ password_confirmation: @new_password,
408
+ current_password: 'secret123' }
409
+
410
+ @data = JSON.parse(response.body)
411
+ @resource.reload
412
+ end
413
+
414
+ test 'request should be successful' do
415
+ assert_equal 200, response.status
416
+ end
417
+ end
418
+
419
+ describe 'success with after password reset' do
420
+ before do
421
+ # create a new password reset request
422
+ post :create, params: { email: @resource.email,
423
+ redirect_url: @redirect_url }
424
+
425
+ @mail = ActionMailer::Base.deliveries.last
426
+ @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
427
+ @mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
428
+
429
+ # confirm via password reset email link
430
+ get :edit, params: { reset_password_token: @mail_reset_token,
431
+ redirect_url: @mail_redirect_url }
432
+
433
+ @resource.reload
434
+ @allow_password_change_after_reset = @resource.allow_password_change
435
+
436
+ @auth_headers = @resource.create_new_auth_token
437
+ request.headers.merge!(@auth_headers)
438
+ @new_password = Faker::Internet.password
439
+
440
+ put :update, params: { password: @new_password,
441
+ password_confirmation: @new_password }
442
+
443
+ @data = JSON.parse(response.body)
444
+ @resource.reload
445
+ @allow_password_change = @resource.allow_password_change
446
+ @resource.reload
447
+ end
448
+
449
+ test 'request should be successful' do
450
+ assert_equal 200, response.status
451
+ end
452
+
453
+ test 'changes allow_password_change to true on reset' do
454
+ assert_equal true, @allow_password_change_after_reset
455
+ end
456
+
457
+ test 'sets allow_password_change false' do
458
+ assert_equal false, @allow_password_change
459
+ end
460
+ end
461
+
462
+ describe 'current password mismatch error' do
463
+ before do
464
+ @auth_headers = @resource.create_new_auth_token
465
+ request.headers.merge!(@auth_headers)
466
+ @new_password = Faker::Internet.password
467
+
468
+ put :update, params: { password: @new_password,
469
+ password_confirmation: @new_password,
470
+ current_password: 'not_very_secret321' }
471
+ end
472
+
473
+ test 'response should fail unauthorized' do
474
+ assert_equal 422, response.status
475
+ end
476
+ end
477
+ end
478
+
479
+ describe 'change password' do
480
+ describe 'success' do
481
+ before do
482
+ @auth_headers = @resource.create_new_auth_token
483
+ request.headers.merge!(@auth_headers)
484
+ @new_password = Faker::Internet.password
485
+
486
+ put :update, params: { password: @new_password,
487
+ password_confirmation: @new_password }
488
+
489
+ @data = JSON.parse(response.body)
490
+ @resource.reload
491
+ end
492
+
493
+ test 'request should be successful' do
494
+ assert_equal 200, response.status
495
+ end
496
+
497
+ test 'request should return success message' do
498
+ assert @data['message']
499
+ assert_equal @data['message'],
500
+ I18n.t('devise_token_auth.passwords.successfully_updated')
501
+ end
502
+
503
+ test 'new password should authenticate user' do
504
+ assert @resource.valid_password?(@new_password)
505
+ end
506
+ end
507
+
508
+ describe 'password mismatch error' do
509
+ before do
510
+ @auth_headers = @resource.create_new_auth_token
511
+ request.headers.merge!(@auth_headers)
512
+ @new_password = Faker::Internet.password
513
+
514
+ put :update, params: { password: 'chong',
515
+ password_confirmation: 'bong' }
516
+ end
517
+
518
+ test 'response should fail' do
519
+ assert_equal 422, response.status
520
+ end
521
+ end
522
+
523
+ describe 'unauthorized user' do
524
+ before do
525
+ @auth_headers = @resource.create_new_auth_token
526
+ @new_password = Faker::Internet.password
527
+
528
+ put :update, params: { password: @new_password,
529
+ password_confirmation: @new_password }
530
+ end
531
+
532
+ test 'response should fail' do
533
+ assert_equal 401, response.status
534
+ end
535
+ end
536
+ end
537
+ end
538
+
539
+ describe 'Alternate user class' do
540
+ setup do
541
+ @request.env['devise.mapping'] = Devise.mappings[:mang]
542
+ end
543
+
544
+ teardown do
545
+ @request.env['devise.mapping'] = Devise.mappings[:user]
546
+ end
547
+
548
+ before do
549
+ @resource = mangs(:confirmed_email_user)
550
+ @redirect_url = 'http://ng-token-auth.dev'
551
+
552
+ post :create, params: { email: @resource.email,
553
+ redirect_url: @redirect_url }
554
+
555
+ @mail = ActionMailer::Base.deliveries.last
556
+ @resource.reload
557
+
558
+ @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
559
+ @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
560
+ @mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
561
+ end
562
+
563
+ test 'response should return success status' do
564
+ assert_equal 200, response.status
565
+ end
566
+
567
+ test 'the email body should contain a link with reset token as a query param' do
568
+ user = Mang.reset_password_by_token(reset_password_token: @mail_reset_token)
569
+
570
+ assert_equal user.id, @resource.id
571
+ end
572
+ end
573
+
574
+ describe 'unconfirmed user' do
575
+ before do
576
+ @resource = users(:unconfirmed_email_user)
577
+ @redirect_url = 'http://ng-token-auth.dev'
578
+
579
+ post :create, params: { email: @resource.email,
580
+ redirect_url: @redirect_url }
581
+
582
+ @mail = ActionMailer::Base.deliveries.last
583
+ @resource.reload
584
+
585
+ @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
586
+ @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
587
+ @mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
588
+
589
+ get :edit, params: { reset_password_token: @mail_reset_token,
590
+ redirect_url: @mail_redirect_url }
591
+
592
+ @resource.reload
593
+ end
594
+ end
595
+
596
+ describe 'unconfirmable user' do
597
+ setup do
598
+ @request.env['devise.mapping'] = Devise.mappings[:unconfirmable_user]
599
+ end
600
+
601
+ teardown do
602
+ @request.env['devise.mapping'] = Devise.mappings[:user]
603
+ end
604
+
605
+ before do
606
+ @resource = unconfirmable_users(:user)
607
+ @redirect_url = 'http://ng-token-auth.dev'
608
+
609
+ post :create, params: { email: @resource.email,
610
+ redirect_url: @redirect_url }
611
+
612
+ @mail = ActionMailer::Base.deliveries.last
613
+ @resource.reload
614
+
615
+ @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
616
+ @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
617
+ @mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
618
+
619
+ get :edit, params: { reset_password_token: @mail_reset_token,
620
+ redirect_url: @mail_redirect_url }
621
+
622
+ @resource.reload
623
+ end
624
+ end
625
+
626
+ describe 'alternate user type' do
627
+ before do
628
+ @resource = users(:confirmed_email_user)
629
+ @redirect_url = 'http://ng-token-auth.dev'
630
+ @config_name = 'altUser'
631
+
632
+ post :create, params: { email: @resource.email,
633
+ redirect_url: @redirect_url,
634
+ config_name: @config_name }
635
+
636
+ @mail = ActionMailer::Base.deliveries.last
637
+ @resource.reload
638
+
639
+ @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
640
+ @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
641
+ @mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
642
+ end
643
+
644
+ test 'config_name param is included in the confirmation email link' do
645
+ assert_equal @config_name, @mail_config_name
646
+ end
647
+ end
648
+ end
649
+ end