digix_devise_token_auth 0.1.44

Sign up to get free protection for your applications and to get access to all the features.
Files changed (149) hide show
  1. checksums.yaml +7 -0
  2. data/LICENSE +13 -0
  3. data/README.md +952 -0
  4. data/Rakefile +35 -0
  5. data/app/controllers/devise_token_auth/application_controller.rb +76 -0
  6. data/app/controllers/devise_token_auth/concerns/resource_finder.rb +43 -0
  7. data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +165 -0
  8. data/app/controllers/devise_token_auth/confirmations_controller.rb +30 -0
  9. data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +243 -0
  10. data/app/controllers/devise_token_auth/passwords_controller.rb +202 -0
  11. data/app/controllers/devise_token_auth/registrations_controller.rb +205 -0
  12. data/app/controllers/devise_token_auth/sessions_controller.rb +133 -0
  13. data/app/controllers/devise_token_auth/token_validations_controller.rb +29 -0
  14. data/app/controllers/devise_token_auth/unlocks_controller.rb +89 -0
  15. data/app/models/devise_token_auth/concerns/user.rb +260 -0
  16. data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +26 -0
  17. data/app/validators/email_validator.rb +21 -0
  18. data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
  19. data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
  20. data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
  21. data/app/views/devise_token_auth/omniauth_external_window.html.erb +38 -0
  22. data/config/initializers/devise.rb +196 -0
  23. data/config/locales/da-DK.yml +50 -0
  24. data/config/locales/de.yml +49 -0
  25. data/config/locales/en.yml +50 -0
  26. data/config/locales/es.yml +49 -0
  27. data/config/locales/fr.yml +49 -0
  28. data/config/locales/it.yml +46 -0
  29. data/config/locales/ja.yml +46 -0
  30. data/config/locales/nl.yml +30 -0
  31. data/config/locales/pl.yml +48 -0
  32. data/config/locales/pt-BR.yml +46 -0
  33. data/config/locales/pt.yml +48 -0
  34. data/config/locales/ro.yml +46 -0
  35. data/config/locales/ru.yml +50 -0
  36. data/config/locales/sq.yml +46 -0
  37. data/config/locales/uk.yml +59 -0
  38. data/config/locales/vi.yml +50 -0
  39. data/config/locales/zh-CN.yml +46 -0
  40. data/config/locales/zh-HK.yml +48 -0
  41. data/config/locales/zh-TW.yml +48 -0
  42. data/lib/devise_token_auth.rb +8 -0
  43. data/lib/devise_token_auth/controllers/helpers.rb +149 -0
  44. data/lib/devise_token_auth/controllers/url_helpers.rb +8 -0
  45. data/lib/devise_token_auth/engine.rb +90 -0
  46. data/lib/devise_token_auth/rails/routes.rb +114 -0
  47. data/lib/devise_token_auth/url.rb +37 -0
  48. data/lib/devise_token_auth/version.rb +3 -0
  49. data/lib/generators/devise_token_auth/USAGE +31 -0
  50. data/lib/generators/devise_token_auth/install_generator.rb +160 -0
  51. data/lib/generators/devise_token_auth/install_views_generator.rb +16 -0
  52. data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +48 -0
  53. data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +55 -0
  54. data/lib/generators/devise_token_auth/templates/user.rb +7 -0
  55. data/lib/tasks/devise_token_auth_tasks.rake +4 -0
  56. data/test/controllers/custom/custom_confirmations_controller_test.rb +21 -0
  57. data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +29 -0
  58. data/test/controllers/custom/custom_passwords_controller_test.rb +75 -0
  59. data/test/controllers/custom/custom_registrations_controller_test.rb +54 -0
  60. data/test/controllers/custom/custom_sessions_controller_test.rb +37 -0
  61. data/test/controllers/custom/custom_token_validations_controller_test.rb +40 -0
  62. data/test/controllers/demo_group_controller_test.rb +153 -0
  63. data/test/controllers/demo_mang_controller_test.rb +284 -0
  64. data/test/controllers/demo_user_controller_test.rb +601 -0
  65. data/test/controllers/devise_token_auth/confirmations_controller_test.rb +129 -0
  66. data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +371 -0
  67. data/test/controllers/devise_token_auth/passwords_controller_test.rb +649 -0
  68. data/test/controllers/devise_token_auth/registrations_controller_test.rb +878 -0
  69. data/test/controllers/devise_token_auth/sessions_controller_test.rb +500 -0
  70. data/test/controllers/devise_token_auth/token_validations_controller_test.rb +90 -0
  71. data/test/controllers/devise_token_auth/unlocks_controller_test.rb +194 -0
  72. data/test/controllers/overrides/confirmations_controller_test.rb +43 -0
  73. data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +49 -0
  74. data/test/controllers/overrides/passwords_controller_test.rb +66 -0
  75. data/test/controllers/overrides/registrations_controller_test.rb +40 -0
  76. data/test/controllers/overrides/sessions_controller_test.rb +33 -0
  77. data/test/controllers/overrides/token_validations_controller_test.rb +41 -0
  78. data/test/dummy/README.rdoc +28 -0
  79. data/test/dummy/app/controllers/application_controller.rb +16 -0
  80. data/test/dummy/app/controllers/auth_origin_controller.rb +5 -0
  81. data/test/dummy/app/controllers/custom/confirmations_controller.rb +13 -0
  82. data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb +11 -0
  83. data/test/dummy/app/controllers/custom/passwords_controller.rb +40 -0
  84. data/test/dummy/app/controllers/custom/registrations_controller.rb +39 -0
  85. data/test/dummy/app/controllers/custom/sessions_controller.rb +29 -0
  86. data/test/dummy/app/controllers/custom/token_validations_controller.rb +19 -0
  87. data/test/dummy/app/controllers/demo_group_controller.rb +13 -0
  88. data/test/dummy/app/controllers/demo_mang_controller.rb +12 -0
  89. data/test/dummy/app/controllers/demo_user_controller.rb +25 -0
  90. data/test/dummy/app/controllers/overrides/confirmations_controller.rb +26 -0
  91. data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +14 -0
  92. data/test/dummy/app/controllers/overrides/passwords_controller.rb +33 -0
  93. data/test/dummy/app/controllers/overrides/registrations_controller.rb +27 -0
  94. data/test/dummy/app/controllers/overrides/sessions_controller.rb +36 -0
  95. data/test/dummy/app/controllers/overrides/token_validations_controller.rb +23 -0
  96. data/test/dummy/app/helpers/application_helper.rb +1065 -0
  97. data/test/dummy/app/models/evil_user.rb +3 -0
  98. data/test/dummy/app/models/lockable_user.rb +5 -0
  99. data/test/dummy/app/models/mang.rb +3 -0
  100. data/test/dummy/app/models/nice_user.rb +7 -0
  101. data/test/dummy/app/models/only_email_user.rb +5 -0
  102. data/test/dummy/app/models/scoped_user.rb +7 -0
  103. data/test/dummy/app/models/unconfirmable_user.rb +8 -0
  104. data/test/dummy/app/models/unregisterable_user.rb +7 -0
  105. data/test/dummy/app/models/user.rb +18 -0
  106. data/test/dummy/app/views/layouts/application.html.erb +14 -0
  107. data/test/dummy/config.ru +16 -0
  108. data/test/dummy/config/application.rb +24 -0
  109. data/test/dummy/config/application.yml.bk +0 -0
  110. data/test/dummy/config/boot.rb +5 -0
  111. data/test/dummy/config/environment.rb +5 -0
  112. data/test/dummy/config/environments/development.rb +44 -0
  113. data/test/dummy/config/environments/production.rb +82 -0
  114. data/test/dummy/config/environments/test.rb +48 -0
  115. data/test/dummy/config/initializers/assets.rb +8 -0
  116. data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
  117. data/test/dummy/config/initializers/cookies_serializer.rb +3 -0
  118. data/test/dummy/config/initializers/devise.rb +3 -0
  119. data/test/dummy/config/initializers/devise_token_auth.rb +22 -0
  120. data/test/dummy/config/initializers/figaro.rb +1 -0
  121. data/test/dummy/config/initializers/filter_parameter_logging.rb +4 -0
  122. data/test/dummy/config/initializers/inflections.rb +16 -0
  123. data/test/dummy/config/initializers/mime_types.rb +4 -0
  124. data/test/dummy/config/initializers/omniauth.rb +8 -0
  125. data/test/dummy/config/initializers/session_store.rb +3 -0
  126. data/test/dummy/config/initializers/wrap_parameters.rb +14 -0
  127. data/test/dummy/config/routes.rb +72 -0
  128. data/test/dummy/config/spring.rb +1 -0
  129. data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +63 -0
  130. data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +62 -0
  131. data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +6 -0
  132. data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +5 -0
  133. data/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb +64 -0
  134. data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +60 -0
  135. data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +61 -0
  136. data/test/dummy/db/migrate/20150409095712_devise_token_auth_create_nice_users.rb +61 -0
  137. data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +61 -0
  138. data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +61 -0
  139. data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +61 -0
  140. data/test/dummy/db/schema.rb +258 -0
  141. data/test/dummy/lib/migration_database_helper.rb +29 -0
  142. data/test/integration/navigation_test.rb +10 -0
  143. data/test/lib/devise_token_auth/url_test.rb +24 -0
  144. data/test/lib/generators/devise_token_auth/install_generator_test.rb +187 -0
  145. data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +23 -0
  146. data/test/models/only_email_user_test.rb +35 -0
  147. data/test/models/user_test.rb +169 -0
  148. data/test/test_helper.rb +77 -0
  149. metadata +342 -0
@@ -0,0 +1,878 @@
1
+ require 'test_helper'
2
+
3
+ # was the web request successful?
4
+ # was the user redirected to the right page?
5
+ # was the user successfully authenticated?
6
+ # was the correct object stored in the response?
7
+ # was the appropriate message delivered in the json payload?
8
+
9
+ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::IntegrationTest
10
+ describe DeviseTokenAuth::RegistrationsController do
11
+ describe 'Validate non-empty body' do
12
+ before do
13
+ # need to post empty data
14
+ post '/auth', params: {}
15
+
16
+ @resource = assigns(:resource)
17
+ @data = JSON.parse(response.body)
18
+ end
19
+
20
+ test 'request should fail' do
21
+ assert_equal 422, response.status
22
+ end
23
+
24
+ test 'returns error message' do
25
+ assert_not_empty @data['errors']
26
+ end
27
+
28
+ test 'return error status' do
29
+ assert_equal 'error', @data['status']
30
+ end
31
+
32
+ test 'user should not have been saved' do
33
+ assert @resource.nil?
34
+ end
35
+ end
36
+
37
+ describe 'Successful registration' do
38
+ before do
39
+ @mails_sent = ActionMailer::Base.deliveries.count
40
+
41
+ post '/auth',
42
+ params: {
43
+ email: Faker::Internet.email,
44
+ password: 'secret123',
45
+ password_confirmation: 'secret123',
46
+ confirm_success_url: Faker::Internet.url,
47
+ unpermitted_param: '(x_x)'
48
+ }
49
+
50
+ @resource = assigns(:resource)
51
+ @data = JSON.parse(response.body)
52
+ @mail = ActionMailer::Base.deliveries.last
53
+ end
54
+
55
+ test 'request should be successful' do
56
+ assert_equal 200, response.status
57
+ end
58
+
59
+ test 'user should have been created' do
60
+ assert @resource.id
61
+ end
62
+
63
+ test 'user should not be confirmed' do
64
+ assert_nil @resource.confirmed_at
65
+ end
66
+
67
+ test 'new user data should be returned as json' do
68
+ assert @data['data']['email']
69
+ end
70
+
71
+ test 'new user should receive confirmation email' do
72
+ assert_equal @resource.email, @mail['to'].to_s
73
+ end
74
+
75
+ test 'new user password should not be returned' do
76
+ assert_nil @data['data']['password']
77
+ end
78
+
79
+ test 'only one email was sent' do
80
+ assert_equal @mails_sent + 1, ActionMailer::Base.deliveries.count
81
+ end
82
+ end
83
+
84
+ describe 'using "+" in email' do
85
+ test 'can use + sign in email addresses' do
86
+ @plus_email = 'ak+testing@gmail.com'
87
+
88
+ post '/auth',
89
+ params: { email: @plus_email,
90
+ password: 'secret123',
91
+ password_confirmation: 'secret123',
92
+ confirm_success_url: Faker::Internet.url }
93
+
94
+ @resource = assigns(:resource)
95
+
96
+ assert_equal @plus_email, @resource.email
97
+ end
98
+ end
99
+
100
+ describe 'Using redirect_whitelist' do
101
+ before do
102
+ @good_redirect_url = Faker::Internet.url
103
+ @bad_redirect_url = Faker::Internet.url
104
+ DeviseTokenAuth.redirect_whitelist = [@good_redirect_url]
105
+ end
106
+
107
+ teardown do
108
+ DeviseTokenAuth.redirect_whitelist = nil
109
+ end
110
+
111
+ test 'request to whitelisted redirect should be successful' do
112
+ post '/auth',
113
+ params: { email: Faker::Internet.email,
114
+ password: 'secret123',
115
+ password_confirmation: 'secret123',
116
+ confirm_success_url: @good_redirect_url,
117
+ unpermitted_param: '(x_x)' }
118
+
119
+ assert_equal 200, response.status
120
+ end
121
+
122
+ test 'request to non-whitelisted redirect should fail' do
123
+ post '/auth',
124
+ params: { email: Faker::Internet.email,
125
+ password: 'secret123',
126
+ password_confirmation: 'secret123',
127
+ confirm_success_url: @bad_redirect_url,
128
+ unpermitted_param: '(x_x)' }
129
+ @data = JSON.parse(response.body)
130
+
131
+ assert_equal 422, response.status
132
+ assert @data['errors']
133
+ assert_equal @data['errors'],
134
+ [I18n.t('devise_token_auth.registrations.redirect_url_not_allowed',
135
+ redirect_url: @bad_redirect_url)]
136
+ end
137
+ end
138
+
139
+ describe 'failure if not redirecturl' do
140
+ test 'request should fail if not redirect_url' do
141
+ post '/auth',
142
+ params: { email: Faker::Internet.email,
143
+ password: 'secret123',
144
+ password_confirmation: 'secret123',
145
+ unpermitted_param: '(x_x)' }
146
+
147
+ assert_equal 422, response.status
148
+ end
149
+
150
+ test 'request to non-whitelisted redirect should fail' do
151
+ post '/auth',
152
+ params: { email: Faker::Internet.email,
153
+ password: 'secret123',
154
+ password_confirmation: 'secret123',
155
+ unpermitted_param: '(x_x)' }
156
+ @data = JSON.parse(response.body)
157
+
158
+ assert @data['errors']
159
+ assert_equal @data['errors'], [I18n.t('devise_token_auth.registrations.missing_confirm_success_url')]
160
+ end
161
+ end
162
+
163
+ describe 'Using default_confirm_success_url' do
164
+ before do
165
+ @mails_sent = ActionMailer::Base.deliveries.count
166
+ @redirect_url = Faker::Internet.url
167
+
168
+ DeviseTokenAuth.default_confirm_success_url = @redirect_url
169
+
170
+ assert_difference 'ActionMailer::Base.deliveries.size', 1 do
171
+ post '/auth', params: { email: Faker::Internet.email,
172
+ password: 'secret123',
173
+ password_confirmation: 'secret123',
174
+ unpermitted_param: '(x_x)' }
175
+ end
176
+
177
+ @resource = assigns(:resource)
178
+ @data = JSON.parse(response.body)
179
+ @mail = ActionMailer::Base.deliveries.last
180
+ @sent_redirect_url = URI.decode(@mail.body.match(/redirect_url=([^&]*)(&|\")/)[1])
181
+ end
182
+
183
+ teardown do
184
+ DeviseTokenAuth.default_confirm_success_url = nil
185
+ end
186
+
187
+ test 'request should be successful' do
188
+ assert_equal 200, response.status
189
+ end
190
+
191
+ test 'email contains the default redirect url' do
192
+ assert_equal @redirect_url, @sent_redirect_url
193
+ end
194
+ end
195
+
196
+ describe 'using namespaces' do
197
+ before do
198
+ @mails_sent = ActionMailer::Base.deliveries.count
199
+
200
+ post '/api/v1/auth', params: {
201
+ email: Faker::Internet.email,
202
+ password: 'secret123',
203
+ password_confirmation: 'secret123',
204
+ confirm_success_url: Faker::Internet.url,
205
+ unpermitted_param: '(x_x)'
206
+ }
207
+
208
+ @resource = assigns(:resource)
209
+ @data = JSON.parse(response.body)
210
+ @mail = ActionMailer::Base.deliveries.last
211
+ end
212
+
213
+ test 'request should be successful' do
214
+ assert_equal 200, response.status
215
+ end
216
+
217
+ test 'user should have been created' do
218
+ assert @resource.id
219
+ end
220
+ end
221
+
222
+ describe 'case-insensitive email' do
223
+ before do
224
+ @resource_class = User
225
+ @request_params = {
226
+ email: 'AlternatingCase@example.com',
227
+ password: 'secret123',
228
+ password_confirmation: 'secret123',
229
+ confirm_success_url: Faker::Internet.url
230
+ }
231
+ end
232
+
233
+ test 'success should downcase uid if configured' do
234
+ @resource_class.case_insensitive_keys = [:email]
235
+ post '/auth', params: @request_params
236
+ assert_equal 200, response.status
237
+ @data = JSON.parse(response.body)
238
+ assert_equal 'alternatingcase@example.com', @data['data']['uid']
239
+ end
240
+
241
+ test 'request should not downcase uid if not configured' do
242
+ @resource_class.case_insensitive_keys = []
243
+ post '/auth', params: @request_params
244
+ assert_equal 200, response.status
245
+ @data = JSON.parse(response.body)
246
+ assert_equal 'AlternatingCase@example.com', @data['data']['uid']
247
+ end
248
+ end
249
+
250
+ describe 'Adding extra params' do
251
+ before do
252
+ @redirect_url = Faker::Internet.url
253
+ @operating_thetan = 2
254
+
255
+ post '/auth',
256
+ params: { email: Faker::Internet.email,
257
+ password: 'secret123',
258
+ password_confirmation: 'secret123',
259
+ confirm_success_url: @redirect_url,
260
+ favorite_color: @fav_color,
261
+ operating_thetan: @operating_thetan }
262
+
263
+ @resource = assigns(:resource)
264
+ @data = JSON.parse(response.body)
265
+ @mail = ActionMailer::Base.deliveries.last
266
+
267
+ @mail_reset_token = @mail.body.match(/confirmation_token=([^&]*)&/)[1]
268
+ @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=(.*)\"/)[1])
269
+ @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
270
+ end
271
+
272
+ test 'redirect_url is included as param in email' do
273
+ assert_equal @redirect_url, @mail_redirect_url
274
+ end
275
+
276
+ test 'additional sign_up params should be considered' do
277
+ assert_equal @operating_thetan, @resource.operating_thetan
278
+ end
279
+
280
+ test 'config_name param is included in the confirmation email link' do
281
+ assert @mail_config_name
282
+ end
283
+
284
+ test "client config name falls back to 'default'" do
285
+ assert_equal 'default', @mail_config_name
286
+ end
287
+ end
288
+
289
+ describe 'bad email' do
290
+ before do
291
+ post '/auth',
292
+ params: { email: 'false_email@',
293
+ password: 'secret123',
294
+ password_confirmation: 'secret123',
295
+ confirm_success_url: Faker::Internet.url }
296
+
297
+ @resource = assigns(:resource)
298
+ @data = JSON.parse(response.body)
299
+ end
300
+
301
+ test 'request should not be successful' do
302
+ assert_equal 422, response.status
303
+ end
304
+
305
+ test 'user should not have been created' do
306
+ assert_nil @resource.id
307
+ end
308
+
309
+ test 'error should be returned in the response' do
310
+ assert @data['errors'].length
311
+ end
312
+
313
+ test 'full_messages should be included in error hash' do
314
+ assert @data['errors']['full_messages'].length
315
+ end
316
+ end
317
+
318
+ describe 'missing email' do
319
+ before do
320
+ post '/auth',
321
+ params: { password: 'secret123',
322
+ password_confirmation: 'secret123',
323
+ confirm_success_url: Faker::Internet.url }
324
+
325
+ @resource = assigns(:resource)
326
+ @data = JSON.parse(response.body)
327
+ end
328
+
329
+ test 'request should not be successful' do
330
+ assert_equal 422, response.status
331
+ end
332
+
333
+ test 'user should not have been created' do
334
+ assert_nil @resource.id
335
+ end
336
+
337
+ test 'error should be returned in the response' do
338
+ assert @data['errors'].length
339
+ end
340
+
341
+ test 'full_messages should be included in error hash' do
342
+ assert @data['errors']['full_messages'].length
343
+ end
344
+ end
345
+
346
+ describe 'Mismatched passwords' do
347
+ before do
348
+ post '/auth',
349
+ params: { email: Faker::Internet.email,
350
+ password: 'secret123',
351
+ password_confirmation: 'bogus',
352
+ confirm_success_url: Faker::Internet.url }
353
+
354
+ @resource = assigns(:resource)
355
+ @data = JSON.parse(response.body)
356
+ end
357
+
358
+ test 'request should not be successful' do
359
+ assert_equal 422, response.status
360
+ end
361
+
362
+ test 'user should have been created' do
363
+ assert_nil @resource.id
364
+ end
365
+
366
+ test 'error should be returned in the response' do
367
+ assert @data['errors'].length
368
+ end
369
+
370
+ test 'full_messages should be included in error hash' do
371
+ assert @data['errors']['full_messages'].length
372
+ end
373
+ end
374
+
375
+ describe 'Existing users' do
376
+ before do
377
+ @existing_user = users(:confirmed_email_user)
378
+
379
+ post '/auth',
380
+ params: { email: @existing_user.email,
381
+ password: 'secret123',
382
+ password_confirmation: 'secret123',
383
+ confirm_success_url: Faker::Internet.url }
384
+
385
+ @resource = assigns(:resource)
386
+ @data = JSON.parse(response.body)
387
+ end
388
+
389
+ test 'request should not be successful' do
390
+ assert_equal 422, response.status
391
+ end
392
+
393
+ test 'user should have been created' do
394
+ assert_nil @resource.id
395
+ end
396
+
397
+ test 'error should be returned in the response' do
398
+ assert @data['errors'].length
399
+ end
400
+ end
401
+
402
+ describe 'Destroy user account' do
403
+ describe 'success' do
404
+ before do
405
+ @existing_user = users(:confirmed_email_user)
406
+ @auth_headers = @existing_user.create_new_auth_token
407
+ @client_id = @auth_headers['client']
408
+
409
+ # ensure request is not treated as batch request
410
+ age_token(@existing_user, @client_id)
411
+
412
+ delete '/auth', params: {}, headers: @auth_headers
413
+
414
+ @data = JSON.parse(response.body)
415
+ end
416
+
417
+ test 'request is successful' do
418
+ assert_equal 200, response.status
419
+ end
420
+
421
+ test 'message should be returned' do
422
+ assert @data['message']
423
+ assert_equal @data['message'],
424
+ I18n.t('devise_token_auth.registrations.account_with_uid_destroyed',
425
+ uid: @existing_user.uid)
426
+ end
427
+ test 'existing user should be deleted' do
428
+ refute User.where(id: @existing_user.id).first
429
+ end
430
+ end
431
+
432
+ describe 'failure: no auth headers' do
433
+ before do
434
+ delete '/auth'
435
+ @data = JSON.parse(response.body)
436
+ end
437
+
438
+ test 'request returns 404 (not found) status' do
439
+ assert_equal 404, response.status
440
+ end
441
+
442
+ test 'error should be returned' do
443
+ assert @data['errors'].length
444
+ assert_equal @data['errors'], [I18n.t('devise_token_auth.registrations.account_to_destroy_not_found')]
445
+ end
446
+ end
447
+ end
448
+
449
+ describe 'Update user account' do
450
+ describe 'existing user' do
451
+ before do
452
+ @existing_user = users(:confirmed_email_user)
453
+ @auth_headers = @existing_user.create_new_auth_token
454
+ @client_id = @auth_headers['client']
455
+
456
+ # ensure request is not treated as batch request
457
+ age_token(@existing_user, @client_id)
458
+ end
459
+
460
+ describe 'without password check' do
461
+ describe 'success' do
462
+ before do
463
+ # test valid update param
464
+ @resource_class = User
465
+ @new_operating_thetan = 1_000_000
466
+ @email = 'AlternatingCase2@example.com'
467
+ @request_params = {
468
+ operating_thetan: @new_operating_thetan,
469
+ email: @email
470
+ }
471
+ end
472
+
473
+ test 'Request was successful' do
474
+ put '/auth', params: @request_params, headers: @auth_headers
475
+ assert_equal 200, response.status
476
+ end
477
+
478
+ test 'Case sensitive attributes update' do
479
+ @resource_class.case_insensitive_keys = []
480
+ put '/auth', params: @request_params, headers: @auth_headers
481
+ @data = JSON.parse(response.body)
482
+ @existing_user.reload
483
+ assert_equal @new_operating_thetan,
484
+ @existing_user.operating_thetan
485
+ assert_equal @email, @existing_user.email
486
+ assert_equal @email, @existing_user.uid
487
+ end
488
+
489
+ test 'Case insensitive attributes update' do
490
+ @resource_class.case_insensitive_keys = [:email]
491
+ put '/auth', params: @request_params, headers: @auth_headers
492
+ @data = JSON.parse(response.body)
493
+ @existing_user.reload
494
+ assert_equal @new_operating_thetan, @existing_user.operating_thetan
495
+ assert_equal @email.downcase, @existing_user.email
496
+ assert_equal @email.downcase, @existing_user.uid
497
+ end
498
+
499
+ test 'Supply current password' do
500
+ @request_params[:current_password] = 'secret123'
501
+ @request_params[:email] = 'new.email@example.com'
502
+
503
+ put '/auth', params: @request_params, headers: @auth_headers
504
+ @data = JSON.parse(response.body)
505
+ @existing_user.reload
506
+ assert_equal @existing_user.email, 'new.email@example.com'
507
+ end
508
+ end
509
+
510
+ describe 'validate non-empty body' do
511
+ before do
512
+ # get the email so we can check it wasn't updated
513
+ @email = @existing_user.email
514
+ put '/auth', params: {}, headers: @auth_headers
515
+
516
+ @data = JSON.parse(response.body)
517
+ @existing_user.reload
518
+ end
519
+
520
+ test 'request should fail' do
521
+ assert_equal 422, response.status
522
+ end
523
+
524
+ test 'returns error message' do
525
+ assert_not_empty @data['errors']
526
+ end
527
+
528
+ test 'return error status' do
529
+ assert_equal 'error', @data['status']
530
+ end
531
+
532
+ test 'user should not have been saved' do
533
+ assert_equal @email, @existing_user.email
534
+ end
535
+ end
536
+
537
+ describe 'error' do
538
+ before do
539
+ # test invalid update param
540
+ @new_operating_thetan = 'blegh'
541
+ put '/auth',
542
+ params: { operating_thetan: @new_operating_thetan },
543
+ headers: @auth_headers
544
+
545
+ @data = JSON.parse(response.body)
546
+ @existing_user.reload
547
+ end
548
+
549
+ test 'Request was NOT successful' do
550
+ assert_equal 422, response.status
551
+ end
552
+
553
+ test 'Errors were provided with response' do
554
+ assert @data['errors'].length
555
+ end
556
+ end
557
+ end
558
+
559
+ describe 'with password check for password update only' do
560
+ before do
561
+ DeviseTokenAuth.check_current_password_before_update = :password
562
+ end
563
+
564
+ after do
565
+ DeviseTokenAuth.check_current_password_before_update = false
566
+ end
567
+
568
+ describe 'success without password update' do
569
+ before do
570
+ # test valid update param
571
+ @resource_class = User
572
+ @new_operating_thetan = 1_000_000
573
+ @email = 'AlternatingCase2@example.com'
574
+ @request_params = {
575
+ operating_thetan: @new_operating_thetan,
576
+ email: @email
577
+ }
578
+ end
579
+
580
+ test 'Request was successful' do
581
+ put '/auth', params: @request_params, headers: @auth_headers
582
+ assert_equal 200, response.status
583
+ end
584
+ end
585
+
586
+ describe 'success with password update' do
587
+ before do
588
+ @existing_user.update password: 'secret123', password_confirmation: 'secret123'
589
+ @request_params = {
590
+ password: 'the_new_secret456',
591
+ password_confirmation: 'the_new_secret456',
592
+ current_password: 'secret123'
593
+ }
594
+ end
595
+
596
+ test 'Request was successful' do
597
+ put '/auth', params: @request_params, headers: @auth_headers
598
+ assert_equal 200, response.status
599
+ end
600
+ end
601
+
602
+ describe 'error with password mismatch' do
603
+ before do
604
+ @existing_user.update password: 'secret123',
605
+ password_confirmation: 'secret123'
606
+ @request_params = {
607
+ password: 'the_new_secret456',
608
+ password_confirmation: 'the_new_secret456',
609
+ current_password: 'not_so_secret321'
610
+ }
611
+ end
612
+
613
+ test 'Request was NOT successful' do
614
+ put '/auth', params: @request_params, headers: @auth_headers
615
+ assert_equal 422, response.status
616
+ end
617
+ end
618
+ end
619
+
620
+ describe 'with password check for all attributes' do
621
+ before do
622
+ DeviseTokenAuth.check_current_password_before_update = :password
623
+ @new_operating_thetan = 1_000_000
624
+ @email = 'AlternatingCase2@example.com'
625
+ end
626
+
627
+ after do
628
+ DeviseTokenAuth.check_current_password_before_update = false
629
+ end
630
+
631
+ describe 'success with password update' do
632
+ before do
633
+ @existing_user.update password: 'secret123',
634
+ password_confirmation: 'secret123'
635
+ @request_params = {
636
+ operating_thetan: @new_operating_thetan,
637
+ email: @email,
638
+ current_password: 'secret123'
639
+ }
640
+ end
641
+
642
+ test 'Request was successful' do
643
+ put '/auth', params: @request_params, headers: @auth_headers
644
+ assert_equal 200, response.status
645
+ end
646
+ end
647
+
648
+ describe 'error with password mismatch' do
649
+ before do
650
+ @existing_user.update password: 'secret123',
651
+ password_confirmation: 'secret123'
652
+ @request_params = {
653
+ operating_thetan: @new_operating_thetan,
654
+ email: @email,
655
+ current_password: 'not_so_secret321'
656
+ }
657
+ end
658
+
659
+ test 'Request was NOT successful' do
660
+ put '/auth', params: @request_params, headers: @auth_headers
661
+ assert_equal 422, response.status
662
+ end
663
+ end
664
+ end
665
+ end
666
+
667
+ describe 'invalid user' do
668
+ before do
669
+ @existing_user = users(:confirmed_email_user)
670
+ @auth_headers = @existing_user.create_new_auth_token
671
+ @client_id = @auth_headers['client']
672
+
673
+ # ensure request is not treated as batch request
674
+ expire_token(@existing_user, @client_id)
675
+
676
+ # test valid update param
677
+ @new_operating_thetan = 3
678
+
679
+ put '/auth',
680
+ params: {
681
+ operating_thetan: @new_operating_thetan
682
+ },
683
+ headers: @auth_headers
684
+
685
+ @data = JSON.parse(response.body)
686
+ @existing_user.reload
687
+ end
688
+
689
+ test 'Response should return 404 status' do
690
+ assert_equal 404, response.status
691
+ end
692
+
693
+ test 'error should be returned' do
694
+ assert @data['errors'].length
695
+ assert_equal @data['errors'], [I18n.t('devise_token_auth.registrations.user_not_found')]
696
+ end
697
+
698
+ test 'User should not be updated' do
699
+ refute_equal @new_operating_thetan, @existing_user.operating_thetan
700
+ end
701
+ end
702
+ end
703
+
704
+ describe 'Ouath user has existing email' do
705
+ before do
706
+ @existing_user = users(:duplicate_email_facebook_user)
707
+
708
+ post '/auth',
709
+ params: { email: @existing_user.email,
710
+ password: 'secret123',
711
+ password_confirmation: 'secret123',
712
+ confirm_success_url: Faker::Internet.url }
713
+
714
+ @resource = assigns(:resource)
715
+ @data = JSON.parse(response.body)
716
+ end
717
+
718
+ test 'request should be successful' do
719
+ assert_equal 200, response.status
720
+ end
721
+
722
+ test 'user should have been created' do
723
+ assert @resource.id
724
+ end
725
+
726
+ test 'new user data should be returned as json' do
727
+ assert @data['data']['email']
728
+ end
729
+ end
730
+
731
+ describe 'Alternate user class' do
732
+ before do
733
+ post '/mangs',
734
+ params: { email: Faker::Internet.email,
735
+ password: 'secret123',
736
+ password_confirmation: 'secret123',
737
+ confirm_success_url: Faker::Internet.url }
738
+
739
+ @resource = assigns(:resource)
740
+ @data = JSON.parse(response.body)
741
+ @mail = ActionMailer::Base.deliveries.last
742
+ end
743
+
744
+ test 'request should be successful' do
745
+ assert_equal 200, response.status
746
+ end
747
+
748
+ test 'use should be a Mang' do
749
+ assert_equal 'Mang', @resource.class.name
750
+ end
751
+
752
+ test 'Mang should be destroyed' do
753
+ @resource.skip_confirmation!
754
+ @resource.save!
755
+ @auth_headers = @resource.create_new_auth_token
756
+ @client_id = @auth_headers['client']
757
+
758
+ # ensure request is not treated as batch request
759
+ age_token(@resource, @client_id)
760
+
761
+ delete '/mangs',
762
+ params: {},
763
+ headers: @auth_headers
764
+
765
+ assert_equal 200, response.status
766
+ refute Mang.where(id: @resource.id).first
767
+ end
768
+ end
769
+
770
+ describe 'Passing client config name' do
771
+ before do
772
+ @config_name = 'altUser'
773
+
774
+ post '/mangs',
775
+ params: { email: Faker::Internet.email,
776
+ password: 'secret123',
777
+ password_confirmation: 'secret123',
778
+ confirm_success_url: Faker::Internet.url,
779
+ config_name: @config_name }
780
+
781
+ @resource = assigns(:resource)
782
+ @data = JSON.parse(response.body)
783
+ @mail = ActionMailer::Base.deliveries.last
784
+
785
+ @resource.reload
786
+
787
+ @mail_reset_token = @mail.body.match(/confirmation_token=([^&]*)&/)[1]
788
+ @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=(.*)\"/)[1])
789
+ @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
790
+ end
791
+
792
+ test 'config_name param is included in the confirmation email link' do
793
+ assert_equal @config_name, @mail_config_name
794
+ end
795
+ end
796
+
797
+ describe 'Excluded :registrations module' do
798
+ test 'UnregisterableUser should not be able to access registration routes' do
799
+ assert_raises(ActionController::RoutingError) do
800
+ post '/unregisterable_user_auth',
801
+ params: { email: Faker::Internet.email,
802
+ password: 'secret123',
803
+ password_confirmation: 'secret123',
804
+ confirm_success_url: Faker::Internet.url }
805
+ end
806
+ end
807
+ end
808
+
809
+ describe 'Skipped confirmation' do
810
+ setup do
811
+ User.set_callback(:create, :before, :skip_confirmation!)
812
+
813
+ post '/auth',
814
+ params: { email: Faker::Internet.email,
815
+ password: 'secret123',
816
+ password_confirmation: 'secret123',
817
+ confirm_success_url: Faker::Internet.url }
818
+
819
+ @resource = assigns(:resource)
820
+ @token = response.headers['access-token']
821
+ @client_id = response.headers['client']
822
+ end
823
+
824
+ teardown do
825
+ User.skip_callback(:create, :before, :skip_confirmation!)
826
+ end
827
+
828
+ test 'user was created' do
829
+ assert @resource
830
+ end
831
+
832
+ test 'user was confirmed' do
833
+ assert @resource.confirmed?
834
+ end
835
+
836
+ test 'auth headers were returned in response' do
837
+ assert response.headers['access-token']
838
+ assert response.headers['token-type']
839
+ assert response.headers['client']
840
+ assert response.headers['expiry']
841
+ assert response.headers['uid']
842
+ end
843
+
844
+ test 'response token is valid' do
845
+ assert @resource.valid_token?(@token, @client_id)
846
+ end
847
+ end
848
+
849
+ describe 'User with only :database_authenticatable and :registerable included' do
850
+ setup do
851
+ @mails_sent = ActionMailer::Base.deliveries.count
852
+
853
+ post '/only_email_auth',
854
+ params: { email: Faker::Internet.email,
855
+ password: 'secret123',
856
+ password_confirmation: 'secret123',
857
+ confirm_success_url: Faker::Internet.url,
858
+ unpermitted_param: '(x_x)' }
859
+
860
+ @resource = assigns(:resource)
861
+ @data = JSON.parse(response.body)
862
+ @mail = ActionMailer::Base.deliveries.last
863
+ end
864
+
865
+ test 'user was created' do
866
+ assert @resource.id
867
+ end
868
+
869
+ test 'email confirmation was not sent' do
870
+ assert_equal @mails_sent, ActionMailer::Base.deliveries.count
871
+ end
872
+
873
+ test 'user is confirmed' do
874
+ assert @resource.confirmed?
875
+ end
876
+ end
877
+ end
878
+ end