digix_devise_token_auth 0.1.44

data/test/controllers/overrides/sessions_controller_test.rb

@@ -0,0 +1,33 @@
+require 'test_helper'
+
+#  was the web request successful?
+#  was the user redirected to the right page?
+#  was the user successfully authenticated?
+#  was the correct object stored in the response?
+#  was the appropriate message delivered in the json payload?
+
+class Overrides::RegistrationsControllerTest < ActionDispatch::IntegrationTest
+  describe Overrides::RegistrationsController do
+    before do
+      @existing_user = evil_users(:confirmed_email_user)
+      @existing_user.skip_confirmation!
+      @existing_user.save!
+
+      post '/evil_user_auth/sign_in',
+           params: { email: @existing_user.email,
+                     password: 'secret123' }
+
+      @resource = assigns(:resource)
+      @data = JSON.parse(response.body)
+    end
+
+    test 'request should succeed' do
+      assert_equal 200, response.status
+    end
+
+    test 'controller was overridden' do
+      assert_equal Overrides::RegistrationsController::OVERRIDE_PROOF,
+                   @data['override_proof']
+    end
+  end
+end

data/test/controllers/overrides/token_validations_controller_test.rb

@@ -0,0 +1,41 @@
+require 'test_helper'
+
+#  was the web request successful?
+#  was the user redirected to the right page?
+#  was the user successfully authenticated?
+#  was the correct object stored in the response?
+#  was the appropriate message delivered in the json payload?
+
+class Overrides::TokenValidationsControllerTest < ActionDispatch::IntegrationTest
+  describe Overrides::TokenValidationsController do
+    before do
+      @resource = evil_users(:confirmed_email_user)
+      @resource.skip_confirmation!
+      @resource.save!
+
+      @auth_headers = @resource.create_new_auth_token
+
+      @token     = @auth_headers['access-token']
+      @client_id = @auth_headers['client']
+      @expiry    = @auth_headers['expiry']
+
+      # ensure that request is not treated as batch request
+      age_token(@resource, @client_id)
+
+      get '/evil_user_auth/validate_token',
+          params: {},
+          headers: @auth_headers
+
+      @resp = JSON.parse(response.body)
+    end
+
+    test 'token valid' do
+      assert_equal 200, response.status
+    end
+
+    test 'controller was overridden' do
+      assert_equal Overrides::TokenValidationsController::OVERRIDE_PROOF,
+                   @resp['override_proof']
+    end
+  end
+end

data/test/dummy/README.rdoc

@@ -0,0 +1,28 @@
+== README
+
+This README would normally document whatever steps are necessary to get the
+application up and running.
+
+Things you may want to cover:
+
+* Ruby version
+
+* System dependencies
+
+* Configuration
+
+* Database creation
+
+* Database initialization
+
+* How to run the test suite
+
+* Services (job queues, cache servers, search engines, etc.)
+
+* Deployment instructions
+
+* ...
+
+
+Please feel free to use a different markup language if you do not plan to run
+<tt>rake doc:app</tt>.

data/test/dummy/app/controllers/application_controller.rb

@@ -0,0 +1,16 @@
+class ApplicationController < ActionController::Base
+  include DeviseTokenAuth::Concerns::SetUserByToken
+
+  before_action :configure_permitted_parameters, if: :devise_controller?
+
+  protected
+
+  def configure_permitted_parameters
+    permitted_parameters = devise_parameter_sanitizer.instance_values['permitted']
+    permitted_parameters[:sign_up] << :operating_thetan
+    permitted_parameters[:sign_up] << :favorite_color
+    permitted_parameters[:account_update] << :operating_thetan
+    permitted_parameters[:account_update] << :favorite_color
+    permitted_parameters[:account_update] << :current_password
+  end
+end

data/test/dummy/app/controllers/auth_origin_controller.rb

@@ -0,0 +1,5 @@
+class AuthOriginController < ApplicationController
+  def redirected
+    head :ok
+  end
+end

data/test/dummy/app/controllers/custom/confirmations_controller.rb

@@ -0,0 +1,13 @@
+class Custom::ConfirmationsController < DeviseTokenAuth::ConfirmationsController
+
+  def show
+    super do |resource|
+      @show_block_called = true unless resource.nil?
+    end
+  end
+
+  def show_block_called?
+    @show_block_called == true
+  end
+
+end

data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb

@@ -0,0 +1,11 @@
+class Custom::OmniauthCallbacksController < DeviseTokenAuth::OmniauthCallbacksController
+  def omniauth_success
+    super do |resource|
+      @omniauth_success_block_called = true unless resource.nil?
+    end
+  end
+
+  def omniauth_success_block_called?
+    @omniauth_success_block_called == true
+  end
+end

data/test/dummy/app/controllers/custom/passwords_controller.rb

@@ -0,0 +1,40 @@
+class Custom::PasswordsController < DeviseTokenAuth::PasswordsController
+
+  def create
+    super do |resource|
+      @create_block_called = true unless resource.nil?
+    end
+  end
+
+  def edit
+    super do |resource|
+      @edit_block_called = true unless resource.nil?
+    end
+  end
+
+  def update
+    super do |resource|
+      @update_block_called = true unless resource.nil?
+    end
+  end
+
+  def create_block_called?
+    @create_block_called == true
+  end
+
+  def edit_block_called?
+    @edit_block_called == true
+  end
+
+  def update_block_called?
+    @update_block_called == true
+  end
+
+  protected
+
+  def render_update_success
+    render json: {custom: "foo"}
+  end
+
+
+end

data/test/dummy/app/controllers/custom/registrations_controller.rb

@@ -0,0 +1,39 @@
+class Custom::RegistrationsController < DeviseTokenAuth::RegistrationsController
+
+  def create
+    super do |resource|
+      @create_block_called = true
+    end
+  end
+
+  def update
+    super do |resource|
+      @update_block_called = true unless resource.nil?
+    end
+  end
+
+  def destroy
+    super do |resource|
+      @destroy_block_called = true unless resource.nil?
+    end
+  end
+
+  def create_block_called?
+    @create_block_called == true
+  end
+
+  def update_block_called?
+    @update_block_called == true
+  end
+
+  def destroy_block_called?
+    @destroy_block_called == true
+  end
+
+  protected
+
+  def render_create_success
+    render json: {custom: "foo"}
+  end
+
+end

data/test/dummy/app/controllers/custom/sessions_controller.rb

@@ -0,0 +1,29 @@
+class Custom::SessionsController < DeviseTokenAuth::SessionsController
+
+  def create
+    super do |resource|
+      @create_block_called = true unless resource.nil?
+    end
+  end
+
+  def destroy
+    super do |resource|
+      @destroy_block_called = true unless resource.nil?
+    end
+  end
+
+  def create_block_called?
+    @create_block_called == true
+  end
+
+  def destroy_block_called?
+    @destroy_block_called == true
+  end
+
+  protected
+
+  def render_create_success
+    render json: {custom: "foo"}
+  end
+
+end

data/test/dummy/app/controllers/custom/token_validations_controller.rb

@@ -0,0 +1,19 @@
+class Custom::TokenValidationsController < DeviseTokenAuth::TokenValidationsController
+
+  def validate_token
+    super do |resource|
+      @validate_token_block_called = true unless resource.nil?
+    end
+  end
+
+  def validate_token_block_called?
+    @validate_token_block_called == true
+  end
+
+  protected
+
+  def render_validate_token_success
+    render json: {custom: "foo"}
+  end
+
+end

data/test/dummy/app/controllers/demo_group_controller.rb

@@ -0,0 +1,13 @@
+class DemoGroupController < ApplicationController
+  devise_token_auth_group :member, contains: [:user, :mang]
+  before_action :authenticate_member!
+
+  def members_only
+    render json: {
+      data: {
+        message: "Welcome #{current_member.name}",
+        user: current_member
+      }
+    }, status: 200
+  end
+end

data/test/dummy/app/controllers/demo_mang_controller.rb

@@ -0,0 +1,12 @@
+class DemoMangController < ApplicationController
+  before_action :authenticate_mang!
+
+  def members_only
+    render json: {
+      data: {
+        message: "Welcome #{current_mang.name}",
+        user: current_mang
+      }
+    }, status: 200
+  end
+end

data/test/dummy/app/controllers/demo_user_controller.rb

@@ -0,0 +1,25 @@
+class DemoUserController < ApplicationController
+  before_action :authenticate_user!
+
+  def members_only
+    render json: {
+      data: {
+        message: "Welcome #{current_user.name}",
+        user: current_user
+      }
+    }, status: 200
+  end
+
+  def members_only_remove_token
+    u = User.find(current_user.id)
+    u.tokens = {}
+    u.save!
+
+    render json: {
+      data: {
+        message: "Welcome #{current_user.name}",
+        user: current_user
+      }
+    }, status: 200
+  end
+end

data/test/dummy/app/controllers/overrides/confirmations_controller.rb

@@ -0,0 +1,26 @@
+module Overrides
+  class ConfirmationsController < DeviseTokenAuth::ConfirmationsController
+    def show
+      @resource = resource_class.confirm_by_token(params[:confirmation_token])
+
+      if @resource and @resource.id
+        client_id, token = @resource.create_token
+        @resource.save!
+
+        redirect_header_options = {
+          account_confirmation_success: true,
+          config: params[:config],
+          override_proof: "(^^,)"
+        }
+        redirect_headers = build_redirect_headers(token,
+                                                  client_id,
+                                                  redirect_header_options)
+
+        redirect_to(@resource.build_auth_url(params[:redirect_url],
+                                             redirect_headers))
+      else
+        raise ActionController::RoutingError.new('Not Found')
+      end
+    end
+  end
+end

data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb

@@ -0,0 +1,14 @@
+module Overrides
+  class OmniauthCallbacksController < DeviseTokenAuth::OmniauthCallbacksController
+    DEFAULT_NICKNAME = "stimpy"
+
+    def assign_provider_attrs(user, auth_hash)
+      user.assign_attributes({
+        nickname: DEFAULT_NICKNAME,
+        name:     auth_hash['info']['name'],
+        image:    auth_hash['info']['image'],
+        email:    auth_hash['info']['email']
+      })
+    end
+  end
+end

data/test/dummy/app/controllers/overrides/passwords_controller.rb

@@ -0,0 +1,33 @@
+module Overrides
+  class PasswordsController < DeviseTokenAuth::PasswordsController
+    OVERRIDE_PROOF = "(^^,)"
+
+    # this is where users arrive after visiting the email confirmation link
+    def edit
+      @resource = resource_class.reset_password_by_token({
+        reset_password_token: resource_params[:reset_password_token]
+      })
+
+      if @resource and @resource.id
+        client_id, token = @resource.create_token
+
+        # ensure that user is confirmed
+        @resource.skip_confirmation! unless @resource.confirmed_at
+
+        @resource.save!
+
+        redirect_header_options = {
+          override_proof: OVERRIDE_PROOF,
+          reset_password: true
+        }
+        redirect_headers = build_redirect_headers(token,
+                                                  client_id,
+                                                  redirect_header_options)
+        redirect_to(@resource.build_auth_url(params[:redirect_url],
+                                             redirect_headers))
+      else
+        raise ActionController::RoutingError.new('Not Found')
+      end
+    end
+  end
+end

data/test/dummy/app/controllers/overrides/registrations_controller.rb

@@ -0,0 +1,27 @@
+module Overrides
+  class RegistrationsController < DeviseTokenAuth::RegistrationsController
+    OVERRIDE_PROOF = "(^^,)"
+
+    def update
+      if @resource
+        if @resource.update_attributes(account_update_params)
+          render json: {
+            status: 'success',
+            data:   @resource.as_json,
+            override_proof: OVERRIDE_PROOF
+          }
+        else
+          render json: {
+            status: 'error',
+            errors: @resource.errors
+          }, status: 422
+        end
+      else
+        render json: {
+          status: 'error',
+          errors: ["User not found."]
+        }, status: 404
+      end
+    end
+  end
+end