digix_devise_token_auth 0.1.44

data/test/integration/navigation_test.rb

@@ -0,0 +1,10 @@
+require 'test_helper'
+
+class NavigationTest < ActionDispatch::IntegrationTest
+  fixtures :all
+
+  # test "the truth" do
+  #   assert true
+  # end
+end
+

data/test/lib/devise_token_auth/url_test.rb

@@ -0,0 +1,24 @@
+require 'test_helper'
+
+class DeviseTokenAuth::UrlTest < ActiveSupport::TestCase
+  describe "DeviseTokenAuth::Url#generate" do
+    test 'URI fragment should appear at the end of URL' do
+      params = {client_id: 123}
+      url = 'http://example.com#fragment'
+      assert_equal DeviseTokenAuth::Url.send(:generate, url, params), "http://example.com?client_id=123#fragment"
+    end
+
+    describe 'with existing query params' do
+      test 'should preserve existing query params' do
+        url = 'http://example.com?a=1'
+        assert_equal DeviseTokenAuth::Url.send(:generate, url), "http://example.com?a=1"
+      end
+
+      test 'should marge existing query params with new ones' do
+        params = {client_id: 123}
+        url = 'http://example.com?a=1'
+        assert_equal DeviseTokenAuth::Url.send(:generate, url, params), "http://example.com?a=1&client_id=123"
+      end
+    end
+  end
+end

data/test/lib/generators/devise_token_auth/install_generator_test.rb

@@ -0,0 +1,187 @@
+require 'test_helper'
+require 'fileutils'
+require 'generators/devise_token_auth/install_generator'
+
+module DeviseTokenAuth
+  class InstallGeneratorTest < Rails::Generators::TestCase
+    tests InstallGenerator
+    destination Rails.root.join('tmp/generators')
+
+    describe 'default values, clean install' do
+      setup :prepare_destination
+
+      before do
+        run_generator
+      end
+
+      test 'user model is created, concern is included' do
+        assert_file 'app/models/user.rb' do |model|
+          assert_match(/include DeviseTokenAuth::Concerns::User/, model)
+        end
+      end
+
+      test 'initializer is created' do
+        assert_file 'config/initializers/devise_token_auth.rb'
+      end
+
+      test 'migration is created' do
+        assert_migration 'db/migrate/devise_token_auth_create_users.rb'
+      end
+
+      test 'migration file contains rails version' do
+        if Rails::VERSION::MAJOR >= 5
+          assert_migration 'db/migrate/devise_token_auth_create_users.rb', /#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}/
+        else
+          assert_migration 'db/migrate/devise_token_auth_create_users.rb'
+        end
+      end
+
+      test 'subsequent runs raise no errors' do
+        run_generator
+      end
+    end
+
+    describe 'existing user model' do
+      setup :prepare_destination
+
+      before do
+        @dir = File.join(destination_root, "app", "models")
+
+        @fname = File.join(@dir, "user.rb")
+
+        # make dir if not exists
+        FileUtils.mkdir_p(@dir)
+
+        # account for rails version 5
+        active_record_needle = (Rails::VERSION::MAJOR == 5) ? 'ApplicationRecord' : 'ActiveRecord::Base'
+
+        @f = File.open(@fname, 'w') {|f|
+          f.write <<-RUBY
+            class User < #{active_record_needle}
+
+              def whatever
+                puts 'whatever'
+              end
+            end
+          RUBY
+        }
+
+        run_generator
+      end
+
+      test 'user concern is injected into existing model' do
+        assert_file 'app/models/user.rb' do |model|
+          assert_match(/include DeviseTokenAuth::Concerns::User/, model)
+        end
+      end
+
+      test 'subsequent runs do not modify file' do
+        run_generator
+        assert_file 'app/models/user.rb' do |model|
+          matches = model.scan(/include DeviseTokenAuth::Concerns::User/m).size
+          assert_equal 1, matches
+        end
+      end
+    end
+
+
+    describe 'routes' do
+      setup :prepare_destination
+
+      before do
+        @dir = File.join(destination_root, "config")
+
+        @fname = File.join(@dir, "routes.rb")
+
+        # make dir if not exists
+        FileUtils.mkdir_p(@dir)
+
+        @f = File.open(@fname, 'w') {|f|
+          f.write <<-RUBY
+            Rails.application.routes.draw do
+              patch '/chong', to: 'bong#index'
+            end
+          RUBY
+        }
+
+        run_generator
+      end
+
+      test 'route method is appended to routes file' do
+        assert_file 'config/routes.rb' do |routes|
+          assert_match(/mount_devise_token_auth_for 'User', at: 'auth'/, routes)
+        end
+      end
+
+      test 'subsequent runs do not modify file' do
+        run_generator
+        assert_file 'config/routes.rb' do |routes|
+          matches = routes.scan(/mount_devise_token_auth_for 'User', at: 'auth'/m).size
+          assert_equal 1, matches
+        end
+      end
+
+      describe 'subsequent models' do
+        before do
+          run_generator %w(Mang mangs)
+        end
+
+        test 'migration is created' do
+          assert_migration 'db/migrate/devise_token_auth_create_mangs.rb'
+        end
+
+        test 'route method is appended to routes file' do
+          assert_file 'config/routes.rb' do |routes|
+            assert_match(/mount_devise_token_auth_for 'Mang', at: 'mangs'/, routes)
+          end
+        end
+
+        test 'devise_for block is appended to routes file' do
+          assert_file 'config/routes.rb' do |routes|
+            assert_match(/as :mang do/, routes)
+            assert_match(/# Define routes for Mang within this block./, routes)
+          end
+        end
+      end
+    end
+
+    describe 'application controller' do
+      setup :prepare_destination
+
+      before do
+        @dir = File.join(destination_root, "app", "controllers")
+
+        @fname = File.join(@dir, "application_controller.rb")
+
+        # make dir if not exists
+        FileUtils.mkdir_p(@dir)
+
+        @f = File.open(@fname, 'w') {|f|
+          f.write <<-RUBY
+            class ApplicationController < ActionController::Base
+              def whatever
+                'whatever'
+              end
+            end
+          RUBY
+        }
+
+        run_generator
+      end
+
+      test 'controller concern is appended to application controller' do
+        assert_file 'app/controllers/application_controller.rb' do |controller|
+          assert_match(/include DeviseTokenAuth::Concerns::SetUserByToken/, controller)
+        end
+      end
+
+      test 'subsequent runs do not modify file' do
+        run_generator
+        assert_file 'app/controllers/application_controller.rb' do |controller|
+          matches = controller.scan(/include DeviseTokenAuth::Concerns::SetUserByToken/m).size
+          assert_equal 1, matches
+        end
+      end
+    end
+  end
+end

data/test/lib/generators/devise_token_auth/install_views_generator_test.rb

@@ -0,0 +1,23 @@
+require 'test_helper'
+require 'fileutils'
+require 'generators/devise_token_auth/install_views_generator'
+
+module DeviseTokenAuth
+  class InstallViewsGeneratorTest < Rails::Generators::TestCase
+    tests InstallViewsGenerator
+    destination Rails.root.join('tmp/generators')
+
+    describe 'default values, clean install' do
+      setup :prepare_destination
+
+      before do
+        run_generator
+      end
+
+      test "files are copied" do
+        assert_file 'app/views/devise/mailer/reset_password_instructions.html.erb'
+        assert_file 'app/views/devise/mailer/confirmation_instructions.html.erb'
+      end
+    end
+  end
+end

data/test/models/only_email_user_test.rb

@@ -0,0 +1,35 @@
+require 'test_helper'
+
+class OnlyEmailUserTest < ActiveSupport::TestCase
+  describe OnlyEmailUser do
+    test 'trackable is disabled' do
+      refute OnlyEmailUser.method_defined?(:sign_in_count)
+      refute OnlyEmailUser.method_defined?(:current_sign_in_at)
+      refute OnlyEmailUser.method_defined?(:last_sign_in_at)
+      refute OnlyEmailUser.method_defined?(:current_sign_in_ip)
+      refute OnlyEmailUser.method_defined?(:last_sign_in_ip)
+    end
+
+    test 'confirmable is disabled' do
+      refute OnlyEmailUser.method_defined?(:confirmation_token)
+      refute OnlyEmailUser.method_defined?(:confirmed_at)
+      refute OnlyEmailUser.method_defined?(:confirmation_sent_at)
+      refute OnlyEmailUser.method_defined?(:unconfirmed_email)
+    end
+
+    test 'lockable is disabled' do
+      refute OnlyEmailUser.method_defined?(:failed_attempts)
+      refute OnlyEmailUser.method_defined?(:unlock_token)
+      refute OnlyEmailUser.method_defined?(:locked_at)
+    end
+
+    test 'recoverable is disabled' do
+      refute OnlyEmailUser.method_defined?(:reset_password_token)
+      refute OnlyEmailUser.method_defined?(:reset_password_sent_at)
+    end
+
+    test 'rememberable is disabled' do
+      refute OnlyEmailUser.method_defined?(:remember_created_at)
+    end
+  end
+end

data/test/models/user_test.rb

@@ -0,0 +1,169 @@
+require 'test_helper'
+
+class UserTest < ActiveSupport::TestCase
+  describe User do
+    before do
+      @password    = Faker::Internet.password(10, 20)
+      @email       = Faker::Internet.email
+      @success_url = Faker::Internet.url
+      @resource    = User.new()
+    end
+
+    describe 'serialization' do
+      test 'hash should not include sensitive info' do
+        refute @resource.as_json[:tokens]
+      end
+    end
+
+    describe 'creation' do
+      test 'save fails if uid is missing' do
+        @resource.uid = nil
+        @resource.save
+
+        assert @resource.errors.messages[:uid]
+      end
+    end
+
+    describe 'email registration' do
+      test 'model should not save if email is blank' do
+        @resource.provider              = 'email'
+        @resource.password              = @password
+        @resource.password_confirmation = @password
+
+        refute @resource.save
+        assert @resource.errors.messages[:email] == [I18n.t("errors.messages.blank")]
+      end
+
+      test 'model should not save if email is not an email' do
+        @resource.provider              = 'email'
+        @resource.email                 = '@example.com'
+        @resource.password              = @password
+        @resource.password_confirmation = @password
+
+        refute @resource.save
+        assert @resource.errors.messages[:email] == [I18n.t("errors.messages.not_email")]
+      end
+    end
+
+    describe 'email uniqueness' do
+      test 'model should not save if email is taken' do
+        provider = 'email'
+
+        User.create(
+          email: @email,
+          provider: provider,
+          password: @password,
+          password_confirmation: @password
+        )
+
+        @resource.email                 = @email
+        @resource.provider              = provider
+        @resource.password              = @password
+        @resource.password_confirmation = @password
+
+        refute @resource.save
+        assert @resource.errors.messages[:email] == [I18n.t('errors.messages.taken')]
+        assert @resource.errors.messages[:email].none? { |e| e =~ /translation missing/ }
+      end
+    end
+
+    describe 'oauth2 authentication' do
+      test 'model should save even if email is blank' do
+        @resource.provider              = 'facebook'
+        @resource.uid                   = 123
+        @resource.password              = @password
+        @resource.password_confirmation = @password
+
+        assert @resource.save
+        assert @resource.errors.messages[:email].blank?
+      end
+    end
+
+    describe 'token expiry' do
+      before do
+        @resource = users(:confirmed_email_user)
+        @resource.skip_confirmation!
+        @resource.save!
+
+        @auth_headers = @resource.create_new_auth_token
+
+        @token     = @auth_headers['access-token']
+        @client_id = @auth_headers['client']
+      end
+
+      test 'should properly indicate whether token is current' do
+        assert @resource.token_is_current?(@token, @client_id)
+        # we want to update the expiry without forcing a cleanup (see below)
+        @resource.tokens[@client_id]['expiry'] = Time.now.to_i - 10.seconds
+        refute @resource.token_is_current?(@token, @client_id)
+      end
+    end
+
+    describe 'user specific token lifespan' do
+      before do
+        @resource = users(:confirmed_email_user)
+        @resource.skip_confirmation!
+        @resource.save!
+
+        auth_headers = @resource.create_new_auth_token
+        @token_global     = auth_headers['access-token']
+        @client_id_global = auth_headers['client']
+
+        def @resource.token_lifespan
+          1.minute
+        end
+
+        auth_headers = @resource.create_new_auth_token
+        @token_specific     = auth_headers['access-token']
+        @client_id_specific = auth_headers['client']
+      end
+
+      test 'works per user' do
+        assert @resource.token_is_current?(@token_global, @client_id_global)
+
+        time = Time.now.to_i
+        expiry_global = @resource.tokens[@client_id_global]['expiry']
+
+        assert expiry_global > time + DeviseTokenAuth.token_lifespan - 5.seconds
+        assert expiry_global < time + DeviseTokenAuth.token_lifespan + 5.seconds
+
+        expiry_specific = @resource.tokens[@client_id_specific]['expiry']
+        assert expiry_specific > time + 55.seconds
+        assert expiry_specific < time + 65.seconds
+      end
+    end
+
+    describe 'expired tokens are destroyed on save' do
+      before do
+        @resource = users(:confirmed_email_user)
+        @resource.skip_confirmation!
+        @resource.save!
+
+        @old_auth_headers = @resource.create_new_auth_token
+        @new_auth_headers = @resource.create_new_auth_token
+        expire_token(@resource, @old_auth_headers['client'])
+      end
+
+      test 'expired token was removed' do
+        refute @resource.tokens[@old_auth_headers[:client]]
+      end
+
+      test 'current token was not removed' do
+        assert @resource.tokens[@new_auth_headers["client"]]
+      end
+    end
+
+    describe 'nil tokens are handled properly' do
+      before do
+        @resource = users(:confirmed_email_user)
+        @resource.skip_confirmation!
+        @resource.save!
+      end
+
+      test 'tokens can be set to nil' do
+        @resource.tokens = nil
+        assert @resource.save
+      end
+    end
+  end
+end