digix_devise_token_auth 0.1.44

Sign up to get free protection for your applications and to get access to all the features.
Files changed (149) hide show
  1. checksums.yaml +7 -0
  2. data/LICENSE +13 -0
  3. data/README.md +952 -0
  4. data/Rakefile +35 -0
  5. data/app/controllers/devise_token_auth/application_controller.rb +76 -0
  6. data/app/controllers/devise_token_auth/concerns/resource_finder.rb +43 -0
  7. data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +165 -0
  8. data/app/controllers/devise_token_auth/confirmations_controller.rb +30 -0
  9. data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +243 -0
  10. data/app/controllers/devise_token_auth/passwords_controller.rb +202 -0
  11. data/app/controllers/devise_token_auth/registrations_controller.rb +205 -0
  12. data/app/controllers/devise_token_auth/sessions_controller.rb +133 -0
  13. data/app/controllers/devise_token_auth/token_validations_controller.rb +29 -0
  14. data/app/controllers/devise_token_auth/unlocks_controller.rb +89 -0
  15. data/app/models/devise_token_auth/concerns/user.rb +260 -0
  16. data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +26 -0
  17. data/app/validators/email_validator.rb +21 -0
  18. data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
  19. data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
  20. data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
  21. data/app/views/devise_token_auth/omniauth_external_window.html.erb +38 -0
  22. data/config/initializers/devise.rb +196 -0
  23. data/config/locales/da-DK.yml +50 -0
  24. data/config/locales/de.yml +49 -0
  25. data/config/locales/en.yml +50 -0
  26. data/config/locales/es.yml +49 -0
  27. data/config/locales/fr.yml +49 -0
  28. data/config/locales/it.yml +46 -0
  29. data/config/locales/ja.yml +46 -0
  30. data/config/locales/nl.yml +30 -0
  31. data/config/locales/pl.yml +48 -0
  32. data/config/locales/pt-BR.yml +46 -0
  33. data/config/locales/pt.yml +48 -0
  34. data/config/locales/ro.yml +46 -0
  35. data/config/locales/ru.yml +50 -0
  36. data/config/locales/sq.yml +46 -0
  37. data/config/locales/uk.yml +59 -0
  38. data/config/locales/vi.yml +50 -0
  39. data/config/locales/zh-CN.yml +46 -0
  40. data/config/locales/zh-HK.yml +48 -0
  41. data/config/locales/zh-TW.yml +48 -0
  42. data/lib/devise_token_auth.rb +8 -0
  43. data/lib/devise_token_auth/controllers/helpers.rb +149 -0
  44. data/lib/devise_token_auth/controllers/url_helpers.rb +8 -0
  45. data/lib/devise_token_auth/engine.rb +90 -0
  46. data/lib/devise_token_auth/rails/routes.rb +114 -0
  47. data/lib/devise_token_auth/url.rb +37 -0
  48. data/lib/devise_token_auth/version.rb +3 -0
  49. data/lib/generators/devise_token_auth/USAGE +31 -0
  50. data/lib/generators/devise_token_auth/install_generator.rb +160 -0
  51. data/lib/generators/devise_token_auth/install_views_generator.rb +16 -0
  52. data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +48 -0
  53. data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +55 -0
  54. data/lib/generators/devise_token_auth/templates/user.rb +7 -0
  55. data/lib/tasks/devise_token_auth_tasks.rake +4 -0
  56. data/test/controllers/custom/custom_confirmations_controller_test.rb +21 -0
  57. data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +29 -0
  58. data/test/controllers/custom/custom_passwords_controller_test.rb +75 -0
  59. data/test/controllers/custom/custom_registrations_controller_test.rb +54 -0
  60. data/test/controllers/custom/custom_sessions_controller_test.rb +37 -0
  61. data/test/controllers/custom/custom_token_validations_controller_test.rb +40 -0
  62. data/test/controllers/demo_group_controller_test.rb +153 -0
  63. data/test/controllers/demo_mang_controller_test.rb +284 -0
  64. data/test/controllers/demo_user_controller_test.rb +601 -0
  65. data/test/controllers/devise_token_auth/confirmations_controller_test.rb +129 -0
  66. data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +371 -0
  67. data/test/controllers/devise_token_auth/passwords_controller_test.rb +649 -0
  68. data/test/controllers/devise_token_auth/registrations_controller_test.rb +878 -0
  69. data/test/controllers/devise_token_auth/sessions_controller_test.rb +500 -0
  70. data/test/controllers/devise_token_auth/token_validations_controller_test.rb +90 -0
  71. data/test/controllers/devise_token_auth/unlocks_controller_test.rb +194 -0
  72. data/test/controllers/overrides/confirmations_controller_test.rb +43 -0
  73. data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +49 -0
  74. data/test/controllers/overrides/passwords_controller_test.rb +66 -0
  75. data/test/controllers/overrides/registrations_controller_test.rb +40 -0
  76. data/test/controllers/overrides/sessions_controller_test.rb +33 -0
  77. data/test/controllers/overrides/token_validations_controller_test.rb +41 -0
  78. data/test/dummy/README.rdoc +28 -0
  79. data/test/dummy/app/controllers/application_controller.rb +16 -0
  80. data/test/dummy/app/controllers/auth_origin_controller.rb +5 -0
  81. data/test/dummy/app/controllers/custom/confirmations_controller.rb +13 -0
  82. data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb +11 -0
  83. data/test/dummy/app/controllers/custom/passwords_controller.rb +40 -0
  84. data/test/dummy/app/controllers/custom/registrations_controller.rb +39 -0
  85. data/test/dummy/app/controllers/custom/sessions_controller.rb +29 -0
  86. data/test/dummy/app/controllers/custom/token_validations_controller.rb +19 -0
  87. data/test/dummy/app/controllers/demo_group_controller.rb +13 -0
  88. data/test/dummy/app/controllers/demo_mang_controller.rb +12 -0
  89. data/test/dummy/app/controllers/demo_user_controller.rb +25 -0
  90. data/test/dummy/app/controllers/overrides/confirmations_controller.rb +26 -0
  91. data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +14 -0
  92. data/test/dummy/app/controllers/overrides/passwords_controller.rb +33 -0
  93. data/test/dummy/app/controllers/overrides/registrations_controller.rb +27 -0
  94. data/test/dummy/app/controllers/overrides/sessions_controller.rb +36 -0
  95. data/test/dummy/app/controllers/overrides/token_validations_controller.rb +23 -0
  96. data/test/dummy/app/helpers/application_helper.rb +1065 -0
  97. data/test/dummy/app/models/evil_user.rb +3 -0
  98. data/test/dummy/app/models/lockable_user.rb +5 -0
  99. data/test/dummy/app/models/mang.rb +3 -0
  100. data/test/dummy/app/models/nice_user.rb +7 -0
  101. data/test/dummy/app/models/only_email_user.rb +5 -0
  102. data/test/dummy/app/models/scoped_user.rb +7 -0
  103. data/test/dummy/app/models/unconfirmable_user.rb +8 -0
  104. data/test/dummy/app/models/unregisterable_user.rb +7 -0
  105. data/test/dummy/app/models/user.rb +18 -0
  106. data/test/dummy/app/views/layouts/application.html.erb +14 -0
  107. data/test/dummy/config.ru +16 -0
  108. data/test/dummy/config/application.rb +24 -0
  109. data/test/dummy/config/application.yml.bk +0 -0
  110. data/test/dummy/config/boot.rb +5 -0
  111. data/test/dummy/config/environment.rb +5 -0
  112. data/test/dummy/config/environments/development.rb +44 -0
  113. data/test/dummy/config/environments/production.rb +82 -0
  114. data/test/dummy/config/environments/test.rb +48 -0
  115. data/test/dummy/config/initializers/assets.rb +8 -0
  116. data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
  117. data/test/dummy/config/initializers/cookies_serializer.rb +3 -0
  118. data/test/dummy/config/initializers/devise.rb +3 -0
  119. data/test/dummy/config/initializers/devise_token_auth.rb +22 -0
  120. data/test/dummy/config/initializers/figaro.rb +1 -0
  121. data/test/dummy/config/initializers/filter_parameter_logging.rb +4 -0
  122. data/test/dummy/config/initializers/inflections.rb +16 -0
  123. data/test/dummy/config/initializers/mime_types.rb +4 -0
  124. data/test/dummy/config/initializers/omniauth.rb +8 -0
  125. data/test/dummy/config/initializers/session_store.rb +3 -0
  126. data/test/dummy/config/initializers/wrap_parameters.rb +14 -0
  127. data/test/dummy/config/routes.rb +72 -0
  128. data/test/dummy/config/spring.rb +1 -0
  129. data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +63 -0
  130. data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +62 -0
  131. data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +6 -0
  132. data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +5 -0
  133. data/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb +64 -0
  134. data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +60 -0
  135. data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +61 -0
  136. data/test/dummy/db/migrate/20150409095712_devise_token_auth_create_nice_users.rb +61 -0
  137. data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +61 -0
  138. data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +61 -0
  139. data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +61 -0
  140. data/test/dummy/db/schema.rb +258 -0
  141. data/test/dummy/lib/migration_database_helper.rb +29 -0
  142. data/test/integration/navigation_test.rb +10 -0
  143. data/test/lib/devise_token_auth/url_test.rb +24 -0
  144. data/test/lib/generators/devise_token_auth/install_generator_test.rb +187 -0
  145. data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +23 -0
  146. data/test/models/only_email_user_test.rb +35 -0
  147. data/test/models/user_test.rb +169 -0
  148. data/test/test_helper.rb +77 -0
  149. metadata +342 -0
@@ -0,0 +1,10 @@
1
+ require 'test_helper'
2
+
3
+ class NavigationTest < ActionDispatch::IntegrationTest
4
+ fixtures :all
5
+
6
+ # test "the truth" do
7
+ # assert true
8
+ # end
9
+ end
10
+
@@ -0,0 +1,24 @@
1
+ require 'test_helper'
2
+
3
+ class DeviseTokenAuth::UrlTest < ActiveSupport::TestCase
4
+ describe "DeviseTokenAuth::Url#generate" do
5
+ test 'URI fragment should appear at the end of URL' do
6
+ params = {client_id: 123}
7
+ url = 'http://example.com#fragment'
8
+ assert_equal DeviseTokenAuth::Url.send(:generate, url, params), "http://example.com?client_id=123#fragment"
9
+ end
10
+
11
+ describe 'with existing query params' do
12
+ test 'should preserve existing query params' do
13
+ url = 'http://example.com?a=1'
14
+ assert_equal DeviseTokenAuth::Url.send(:generate, url), "http://example.com?a=1"
15
+ end
16
+
17
+ test 'should marge existing query params with new ones' do
18
+ params = {client_id: 123}
19
+ url = 'http://example.com?a=1'
20
+ assert_equal DeviseTokenAuth::Url.send(:generate, url, params), "http://example.com?a=1&client_id=123"
21
+ end
22
+ end
23
+ end
24
+ end
@@ -0,0 +1,187 @@
1
+ require 'test_helper'
2
+ require 'fileutils'
3
+ require 'generators/devise_token_auth/install_generator'
4
+
5
+ module DeviseTokenAuth
6
+ class InstallGeneratorTest < Rails::Generators::TestCase
7
+ tests InstallGenerator
8
+ destination Rails.root.join('tmp/generators')
9
+
10
+ describe 'default values, clean install' do
11
+ setup :prepare_destination
12
+
13
+ before do
14
+ run_generator
15
+ end
16
+
17
+ test 'user model is created, concern is included' do
18
+ assert_file 'app/models/user.rb' do |model|
19
+ assert_match(/include DeviseTokenAuth::Concerns::User/, model)
20
+ end
21
+ end
22
+
23
+ test 'initializer is created' do
24
+ assert_file 'config/initializers/devise_token_auth.rb'
25
+ end
26
+
27
+ test 'migration is created' do
28
+ assert_migration 'db/migrate/devise_token_auth_create_users.rb'
29
+ end
30
+
31
+ test 'migration file contains rails version' do
32
+ if Rails::VERSION::MAJOR >= 5
33
+ assert_migration 'db/migrate/devise_token_auth_create_users.rb', /#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}/
34
+ else
35
+ assert_migration 'db/migrate/devise_token_auth_create_users.rb'
36
+ end
37
+ end
38
+
39
+ test 'subsequent runs raise no errors' do
40
+ run_generator
41
+ end
42
+ end
43
+
44
+ describe 'existing user model' do
45
+ setup :prepare_destination
46
+
47
+ before do
48
+ @dir = File.join(destination_root, "app", "models")
49
+
50
+ @fname = File.join(@dir, "user.rb")
51
+
52
+ # make dir if not exists
53
+ FileUtils.mkdir_p(@dir)
54
+
55
+ # account for rails version 5
56
+ active_record_needle = (Rails::VERSION::MAJOR == 5) ? 'ApplicationRecord' : 'ActiveRecord::Base'
57
+
58
+ @f = File.open(@fname, 'w') {|f|
59
+ f.write <<-RUBY
60
+ class User < #{active_record_needle}
61
+
62
+ def whatever
63
+ puts 'whatever'
64
+ end
65
+ end
66
+ RUBY
67
+ }
68
+
69
+ run_generator
70
+ end
71
+
72
+ test 'user concern is injected into existing model' do
73
+ assert_file 'app/models/user.rb' do |model|
74
+ assert_match(/include DeviseTokenAuth::Concerns::User/, model)
75
+ end
76
+ end
77
+
78
+ test 'subsequent runs do not modify file' do
79
+ run_generator
80
+ assert_file 'app/models/user.rb' do |model|
81
+ matches = model.scan(/include DeviseTokenAuth::Concerns::User/m).size
82
+ assert_equal 1, matches
83
+ end
84
+ end
85
+ end
86
+
87
+
88
+ describe 'routes' do
89
+ setup :prepare_destination
90
+
91
+ before do
92
+ @dir = File.join(destination_root, "config")
93
+
94
+ @fname = File.join(@dir, "routes.rb")
95
+
96
+ # make dir if not exists
97
+ FileUtils.mkdir_p(@dir)
98
+
99
+ @f = File.open(@fname, 'w') {|f|
100
+ f.write <<-RUBY
101
+ Rails.application.routes.draw do
102
+ patch '/chong', to: 'bong#index'
103
+ end
104
+ RUBY
105
+ }
106
+
107
+ run_generator
108
+ end
109
+
110
+ test 'route method is appended to routes file' do
111
+ assert_file 'config/routes.rb' do |routes|
112
+ assert_match(/mount_devise_token_auth_for 'User', at: 'auth'/, routes)
113
+ end
114
+ end
115
+
116
+ test 'subsequent runs do not modify file' do
117
+ run_generator
118
+ assert_file 'config/routes.rb' do |routes|
119
+ matches = routes.scan(/mount_devise_token_auth_for 'User', at: 'auth'/m).size
120
+ assert_equal 1, matches
121
+ end
122
+ end
123
+
124
+ describe 'subsequent models' do
125
+ before do
126
+ run_generator %w(Mang mangs)
127
+ end
128
+
129
+ test 'migration is created' do
130
+ assert_migration 'db/migrate/devise_token_auth_create_mangs.rb'
131
+ end
132
+
133
+ test 'route method is appended to routes file' do
134
+ assert_file 'config/routes.rb' do |routes|
135
+ assert_match(/mount_devise_token_auth_for 'Mang', at: 'mangs'/, routes)
136
+ end
137
+ end
138
+
139
+ test 'devise_for block is appended to routes file' do
140
+ assert_file 'config/routes.rb' do |routes|
141
+ assert_match(/as :mang do/, routes)
142
+ assert_match(/# Define routes for Mang within this block./, routes)
143
+ end
144
+ end
145
+ end
146
+ end
147
+
148
+ describe 'application controller' do
149
+ setup :prepare_destination
150
+
151
+ before do
152
+ @dir = File.join(destination_root, "app", "controllers")
153
+
154
+ @fname = File.join(@dir, "application_controller.rb")
155
+
156
+ # make dir if not exists
157
+ FileUtils.mkdir_p(@dir)
158
+
159
+ @f = File.open(@fname, 'w') {|f|
160
+ f.write <<-RUBY
161
+ class ApplicationController < ActionController::Base
162
+ def whatever
163
+ 'whatever'
164
+ end
165
+ end
166
+ RUBY
167
+ }
168
+
169
+ run_generator
170
+ end
171
+
172
+ test 'controller concern is appended to application controller' do
173
+ assert_file 'app/controllers/application_controller.rb' do |controller|
174
+ assert_match(/include DeviseTokenAuth::Concerns::SetUserByToken/, controller)
175
+ end
176
+ end
177
+
178
+ test 'subsequent runs do not modify file' do
179
+ run_generator
180
+ assert_file 'app/controllers/application_controller.rb' do |controller|
181
+ matches = controller.scan(/include DeviseTokenAuth::Concerns::SetUserByToken/m).size
182
+ assert_equal 1, matches
183
+ end
184
+ end
185
+ end
186
+ end
187
+ end
@@ -0,0 +1,23 @@
1
+ require 'test_helper'
2
+ require 'fileutils'
3
+ require 'generators/devise_token_auth/install_views_generator'
4
+
5
+ module DeviseTokenAuth
6
+ class InstallViewsGeneratorTest < Rails::Generators::TestCase
7
+ tests InstallViewsGenerator
8
+ destination Rails.root.join('tmp/generators')
9
+
10
+ describe 'default values, clean install' do
11
+ setup :prepare_destination
12
+
13
+ before do
14
+ run_generator
15
+ end
16
+
17
+ test "files are copied" do
18
+ assert_file 'app/views/devise/mailer/reset_password_instructions.html.erb'
19
+ assert_file 'app/views/devise/mailer/confirmation_instructions.html.erb'
20
+ end
21
+ end
22
+ end
23
+ end
@@ -0,0 +1,35 @@
1
+ require 'test_helper'
2
+
3
+ class OnlyEmailUserTest < ActiveSupport::TestCase
4
+ describe OnlyEmailUser do
5
+ test 'trackable is disabled' do
6
+ refute OnlyEmailUser.method_defined?(:sign_in_count)
7
+ refute OnlyEmailUser.method_defined?(:current_sign_in_at)
8
+ refute OnlyEmailUser.method_defined?(:last_sign_in_at)
9
+ refute OnlyEmailUser.method_defined?(:current_sign_in_ip)
10
+ refute OnlyEmailUser.method_defined?(:last_sign_in_ip)
11
+ end
12
+
13
+ test 'confirmable is disabled' do
14
+ refute OnlyEmailUser.method_defined?(:confirmation_token)
15
+ refute OnlyEmailUser.method_defined?(:confirmed_at)
16
+ refute OnlyEmailUser.method_defined?(:confirmation_sent_at)
17
+ refute OnlyEmailUser.method_defined?(:unconfirmed_email)
18
+ end
19
+
20
+ test 'lockable is disabled' do
21
+ refute OnlyEmailUser.method_defined?(:failed_attempts)
22
+ refute OnlyEmailUser.method_defined?(:unlock_token)
23
+ refute OnlyEmailUser.method_defined?(:locked_at)
24
+ end
25
+
26
+ test 'recoverable is disabled' do
27
+ refute OnlyEmailUser.method_defined?(:reset_password_token)
28
+ refute OnlyEmailUser.method_defined?(:reset_password_sent_at)
29
+ end
30
+
31
+ test 'rememberable is disabled' do
32
+ refute OnlyEmailUser.method_defined?(:remember_created_at)
33
+ end
34
+ end
35
+ end
@@ -0,0 +1,169 @@
1
+ require 'test_helper'
2
+
3
+ class UserTest < ActiveSupport::TestCase
4
+ describe User do
5
+ before do
6
+ @password = Faker::Internet.password(10, 20)
7
+ @email = Faker::Internet.email
8
+ @success_url = Faker::Internet.url
9
+ @resource = User.new()
10
+ end
11
+
12
+ describe 'serialization' do
13
+ test 'hash should not include sensitive info' do
14
+ refute @resource.as_json[:tokens]
15
+ end
16
+ end
17
+
18
+ describe 'creation' do
19
+ test 'save fails if uid is missing' do
20
+ @resource.uid = nil
21
+ @resource.save
22
+
23
+ assert @resource.errors.messages[:uid]
24
+ end
25
+ end
26
+
27
+ describe 'email registration' do
28
+ test 'model should not save if email is blank' do
29
+ @resource.provider = 'email'
30
+ @resource.password = @password
31
+ @resource.password_confirmation = @password
32
+
33
+ refute @resource.save
34
+ assert @resource.errors.messages[:email] == [I18n.t("errors.messages.blank")]
35
+ end
36
+
37
+ test 'model should not save if email is not an email' do
38
+ @resource.provider = 'email'
39
+ @resource.email = '@example.com'
40
+ @resource.password = @password
41
+ @resource.password_confirmation = @password
42
+
43
+ refute @resource.save
44
+ assert @resource.errors.messages[:email] == [I18n.t("errors.messages.not_email")]
45
+ end
46
+ end
47
+
48
+ describe 'email uniqueness' do
49
+ test 'model should not save if email is taken' do
50
+ provider = 'email'
51
+
52
+ User.create(
53
+ email: @email,
54
+ provider: provider,
55
+ password: @password,
56
+ password_confirmation: @password
57
+ )
58
+
59
+ @resource.email = @email
60
+ @resource.provider = provider
61
+ @resource.password = @password
62
+ @resource.password_confirmation = @password
63
+
64
+ refute @resource.save
65
+ assert @resource.errors.messages[:email] == [I18n.t('errors.messages.taken')]
66
+ assert @resource.errors.messages[:email].none? { |e| e =~ /translation missing/ }
67
+ end
68
+ end
69
+
70
+ describe 'oauth2 authentication' do
71
+ test 'model should save even if email is blank' do
72
+ @resource.provider = 'facebook'
73
+ @resource.uid = 123
74
+ @resource.password = @password
75
+ @resource.password_confirmation = @password
76
+
77
+ assert @resource.save
78
+ assert @resource.errors.messages[:email].blank?
79
+ end
80
+ end
81
+
82
+ describe 'token expiry' do
83
+ before do
84
+ @resource = users(:confirmed_email_user)
85
+ @resource.skip_confirmation!
86
+ @resource.save!
87
+
88
+ @auth_headers = @resource.create_new_auth_token
89
+
90
+ @token = @auth_headers['access-token']
91
+ @client_id = @auth_headers['client']
92
+ end
93
+
94
+ test 'should properly indicate whether token is current' do
95
+ assert @resource.token_is_current?(@token, @client_id)
96
+ # we want to update the expiry without forcing a cleanup (see below)
97
+ @resource.tokens[@client_id]['expiry'] = Time.now.to_i - 10.seconds
98
+ refute @resource.token_is_current?(@token, @client_id)
99
+ end
100
+ end
101
+
102
+ describe 'user specific token lifespan' do
103
+ before do
104
+ @resource = users(:confirmed_email_user)
105
+ @resource.skip_confirmation!
106
+ @resource.save!
107
+
108
+ auth_headers = @resource.create_new_auth_token
109
+ @token_global = auth_headers['access-token']
110
+ @client_id_global = auth_headers['client']
111
+
112
+ def @resource.token_lifespan
113
+ 1.minute
114
+ end
115
+
116
+ auth_headers = @resource.create_new_auth_token
117
+ @token_specific = auth_headers['access-token']
118
+ @client_id_specific = auth_headers['client']
119
+ end
120
+
121
+ test 'works per user' do
122
+ assert @resource.token_is_current?(@token_global, @client_id_global)
123
+
124
+ time = Time.now.to_i
125
+ expiry_global = @resource.tokens[@client_id_global]['expiry']
126
+
127
+ assert expiry_global > time + DeviseTokenAuth.token_lifespan - 5.seconds
128
+ assert expiry_global < time + DeviseTokenAuth.token_lifespan + 5.seconds
129
+
130
+ expiry_specific = @resource.tokens[@client_id_specific]['expiry']
131
+ assert expiry_specific > time + 55.seconds
132
+ assert expiry_specific < time + 65.seconds
133
+ end
134
+ end
135
+
136
+ describe 'expired tokens are destroyed on save' do
137
+ before do
138
+ @resource = users(:confirmed_email_user)
139
+ @resource.skip_confirmation!
140
+ @resource.save!
141
+
142
+ @old_auth_headers = @resource.create_new_auth_token
143
+ @new_auth_headers = @resource.create_new_auth_token
144
+ expire_token(@resource, @old_auth_headers['client'])
145
+ end
146
+
147
+ test 'expired token was removed' do
148
+ refute @resource.tokens[@old_auth_headers[:client]]
149
+ end
150
+
151
+ test 'current token was not removed' do
152
+ assert @resource.tokens[@new_auth_headers["client"]]
153
+ end
154
+ end
155
+
156
+ describe 'nil tokens are handled properly' do
157
+ before do
158
+ @resource = users(:confirmed_email_user)
159
+ @resource.skip_confirmation!
160
+ @resource.save!
161
+ end
162
+
163
+ test 'tokens can be set to nil' do
164
+ @resource.tokens = nil
165
+ assert @resource.save
166
+ end
167
+ end
168
+ end
169
+ end