digix_devise_token_auth 0.1.44

Sign up to get free protection for your applications and to get access to all the features.
Files changed (149) hide show
  1. checksums.yaml +7 -0
  2. data/LICENSE +13 -0
  3. data/README.md +952 -0
  4. data/Rakefile +35 -0
  5. data/app/controllers/devise_token_auth/application_controller.rb +76 -0
  6. data/app/controllers/devise_token_auth/concerns/resource_finder.rb +43 -0
  7. data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +165 -0
  8. data/app/controllers/devise_token_auth/confirmations_controller.rb +30 -0
  9. data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +243 -0
  10. data/app/controllers/devise_token_auth/passwords_controller.rb +202 -0
  11. data/app/controllers/devise_token_auth/registrations_controller.rb +205 -0
  12. data/app/controllers/devise_token_auth/sessions_controller.rb +133 -0
  13. data/app/controllers/devise_token_auth/token_validations_controller.rb +29 -0
  14. data/app/controllers/devise_token_auth/unlocks_controller.rb +89 -0
  15. data/app/models/devise_token_auth/concerns/user.rb +260 -0
  16. data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +26 -0
  17. data/app/validators/email_validator.rb +21 -0
  18. data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
  19. data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
  20. data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
  21. data/app/views/devise_token_auth/omniauth_external_window.html.erb +38 -0
  22. data/config/initializers/devise.rb +196 -0
  23. data/config/locales/da-DK.yml +50 -0
  24. data/config/locales/de.yml +49 -0
  25. data/config/locales/en.yml +50 -0
  26. data/config/locales/es.yml +49 -0
  27. data/config/locales/fr.yml +49 -0
  28. data/config/locales/it.yml +46 -0
  29. data/config/locales/ja.yml +46 -0
  30. data/config/locales/nl.yml +30 -0
  31. data/config/locales/pl.yml +48 -0
  32. data/config/locales/pt-BR.yml +46 -0
  33. data/config/locales/pt.yml +48 -0
  34. data/config/locales/ro.yml +46 -0
  35. data/config/locales/ru.yml +50 -0
  36. data/config/locales/sq.yml +46 -0
  37. data/config/locales/uk.yml +59 -0
  38. data/config/locales/vi.yml +50 -0
  39. data/config/locales/zh-CN.yml +46 -0
  40. data/config/locales/zh-HK.yml +48 -0
  41. data/config/locales/zh-TW.yml +48 -0
  42. data/lib/devise_token_auth.rb +8 -0
  43. data/lib/devise_token_auth/controllers/helpers.rb +149 -0
  44. data/lib/devise_token_auth/controllers/url_helpers.rb +8 -0
  45. data/lib/devise_token_auth/engine.rb +90 -0
  46. data/lib/devise_token_auth/rails/routes.rb +114 -0
  47. data/lib/devise_token_auth/url.rb +37 -0
  48. data/lib/devise_token_auth/version.rb +3 -0
  49. data/lib/generators/devise_token_auth/USAGE +31 -0
  50. data/lib/generators/devise_token_auth/install_generator.rb +160 -0
  51. data/lib/generators/devise_token_auth/install_views_generator.rb +16 -0
  52. data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +48 -0
  53. data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +55 -0
  54. data/lib/generators/devise_token_auth/templates/user.rb +7 -0
  55. data/lib/tasks/devise_token_auth_tasks.rake +4 -0
  56. data/test/controllers/custom/custom_confirmations_controller_test.rb +21 -0
  57. data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +29 -0
  58. data/test/controllers/custom/custom_passwords_controller_test.rb +75 -0
  59. data/test/controllers/custom/custom_registrations_controller_test.rb +54 -0
  60. data/test/controllers/custom/custom_sessions_controller_test.rb +37 -0
  61. data/test/controllers/custom/custom_token_validations_controller_test.rb +40 -0
  62. data/test/controllers/demo_group_controller_test.rb +153 -0
  63. data/test/controllers/demo_mang_controller_test.rb +284 -0
  64. data/test/controllers/demo_user_controller_test.rb +601 -0
  65. data/test/controllers/devise_token_auth/confirmations_controller_test.rb +129 -0
  66. data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +371 -0
  67. data/test/controllers/devise_token_auth/passwords_controller_test.rb +649 -0
  68. data/test/controllers/devise_token_auth/registrations_controller_test.rb +878 -0
  69. data/test/controllers/devise_token_auth/sessions_controller_test.rb +500 -0
  70. data/test/controllers/devise_token_auth/token_validations_controller_test.rb +90 -0
  71. data/test/controllers/devise_token_auth/unlocks_controller_test.rb +194 -0
  72. data/test/controllers/overrides/confirmations_controller_test.rb +43 -0
  73. data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +49 -0
  74. data/test/controllers/overrides/passwords_controller_test.rb +66 -0
  75. data/test/controllers/overrides/registrations_controller_test.rb +40 -0
  76. data/test/controllers/overrides/sessions_controller_test.rb +33 -0
  77. data/test/controllers/overrides/token_validations_controller_test.rb +41 -0
  78. data/test/dummy/README.rdoc +28 -0
  79. data/test/dummy/app/controllers/application_controller.rb +16 -0
  80. data/test/dummy/app/controllers/auth_origin_controller.rb +5 -0
  81. data/test/dummy/app/controllers/custom/confirmations_controller.rb +13 -0
  82. data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb +11 -0
  83. data/test/dummy/app/controllers/custom/passwords_controller.rb +40 -0
  84. data/test/dummy/app/controllers/custom/registrations_controller.rb +39 -0
  85. data/test/dummy/app/controllers/custom/sessions_controller.rb +29 -0
  86. data/test/dummy/app/controllers/custom/token_validations_controller.rb +19 -0
  87. data/test/dummy/app/controllers/demo_group_controller.rb +13 -0
  88. data/test/dummy/app/controllers/demo_mang_controller.rb +12 -0
  89. data/test/dummy/app/controllers/demo_user_controller.rb +25 -0
  90. data/test/dummy/app/controllers/overrides/confirmations_controller.rb +26 -0
  91. data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +14 -0
  92. data/test/dummy/app/controllers/overrides/passwords_controller.rb +33 -0
  93. data/test/dummy/app/controllers/overrides/registrations_controller.rb +27 -0
  94. data/test/dummy/app/controllers/overrides/sessions_controller.rb +36 -0
  95. data/test/dummy/app/controllers/overrides/token_validations_controller.rb +23 -0
  96. data/test/dummy/app/helpers/application_helper.rb +1065 -0
  97. data/test/dummy/app/models/evil_user.rb +3 -0
  98. data/test/dummy/app/models/lockable_user.rb +5 -0
  99. data/test/dummy/app/models/mang.rb +3 -0
  100. data/test/dummy/app/models/nice_user.rb +7 -0
  101. data/test/dummy/app/models/only_email_user.rb +5 -0
  102. data/test/dummy/app/models/scoped_user.rb +7 -0
  103. data/test/dummy/app/models/unconfirmable_user.rb +8 -0
  104. data/test/dummy/app/models/unregisterable_user.rb +7 -0
  105. data/test/dummy/app/models/user.rb +18 -0
  106. data/test/dummy/app/views/layouts/application.html.erb +14 -0
  107. data/test/dummy/config.ru +16 -0
  108. data/test/dummy/config/application.rb +24 -0
  109. data/test/dummy/config/application.yml.bk +0 -0
  110. data/test/dummy/config/boot.rb +5 -0
  111. data/test/dummy/config/environment.rb +5 -0
  112. data/test/dummy/config/environments/development.rb +44 -0
  113. data/test/dummy/config/environments/production.rb +82 -0
  114. data/test/dummy/config/environments/test.rb +48 -0
  115. data/test/dummy/config/initializers/assets.rb +8 -0
  116. data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
  117. data/test/dummy/config/initializers/cookies_serializer.rb +3 -0
  118. data/test/dummy/config/initializers/devise.rb +3 -0
  119. data/test/dummy/config/initializers/devise_token_auth.rb +22 -0
  120. data/test/dummy/config/initializers/figaro.rb +1 -0
  121. data/test/dummy/config/initializers/filter_parameter_logging.rb +4 -0
  122. data/test/dummy/config/initializers/inflections.rb +16 -0
  123. data/test/dummy/config/initializers/mime_types.rb +4 -0
  124. data/test/dummy/config/initializers/omniauth.rb +8 -0
  125. data/test/dummy/config/initializers/session_store.rb +3 -0
  126. data/test/dummy/config/initializers/wrap_parameters.rb +14 -0
  127. data/test/dummy/config/routes.rb +72 -0
  128. data/test/dummy/config/spring.rb +1 -0
  129. data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +63 -0
  130. data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +62 -0
  131. data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +6 -0
  132. data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +5 -0
  133. data/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb +64 -0
  134. data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +60 -0
  135. data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +61 -0
  136. data/test/dummy/db/migrate/20150409095712_devise_token_auth_create_nice_users.rb +61 -0
  137. data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +61 -0
  138. data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +61 -0
  139. data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +61 -0
  140. data/test/dummy/db/schema.rb +258 -0
  141. data/test/dummy/lib/migration_database_helper.rb +29 -0
  142. data/test/integration/navigation_test.rb +10 -0
  143. data/test/lib/devise_token_auth/url_test.rb +24 -0
  144. data/test/lib/generators/devise_token_auth/install_generator_test.rb +187 -0
  145. data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +23 -0
  146. data/test/models/only_email_user_test.rb +35 -0
  147. data/test/models/user_test.rb +169 -0
  148. data/test/test_helper.rb +77 -0
  149. metadata +342 -0
@@ -0,0 +1,7 @@
1
+ class <%= user_class.capitalize %> < ActiveRecord::Base
2
+ # Include default devise modules. Others available are:
3
+ # :confirmable, :lockable, :timeoutable and :omniauthable
4
+ devise :database_authenticatable, :registerable,
5
+ :recoverable, :rememberable, :trackable, :validatable
6
+ include DeviseTokenAuth::Concerns::User
7
+ end
@@ -0,0 +1,4 @@
1
+ # desc "Explaining what the task does"
2
+ # task :devise_token_auth do
3
+ # # Task goes here
4
+ # end
@@ -0,0 +1,21 @@
1
+ require 'test_helper'
2
+
3
+ class Custom::ConfirmationsControllerTest < ActionController::TestCase
4
+ describe Custom::ConfirmationsController do
5
+ before do
6
+ @redirect_url = Faker::Internet.url
7
+ @new_user = users(:unconfirmed_email_user)
8
+ @new_user.send_confirmation_instructions(redirect_url: @redirect_url)
9
+ @mail = ActionMailer::Base.deliveries.last
10
+ @token = @mail.body.match(/confirmation_token=([^&]*)&/)[1]
11
+ @client_config = @mail.body.match(/config=([^&]*)&/)[1]
12
+
13
+ get :show,
14
+ params: { confirmation_token: @token, redirect_url: @redirect_url }
15
+ end
16
+
17
+ test 'yield resource to block on show success' do
18
+ assert @controller.show_block_called?, 'show failed to yield resource to provided block'
19
+ end
20
+ end
21
+ end
@@ -0,0 +1,29 @@
1
+ require 'test_helper'
2
+
3
+ class Custom::OmniauthCallbacksControllerTest < ActionDispatch::IntegrationTest
4
+ describe Custom::OmniauthCallbacksController do
5
+ setup do
6
+ OmniAuth.config.test_mode = true
7
+ OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new(
8
+ provider: 'facebook',
9
+ uid: '123545',
10
+ info: {
11
+ name: 'swong',
12
+ email: 'swongsong@yandex.ru'
13
+ }
14
+ )
15
+ end
16
+
17
+ test 'yield resource to block on omniauth_success success' do
18
+ @redirect_url = 'http://ng-token-auth.dev/'
19
+ get '/nice_user_auth/facebook',
20
+ params: { auth_origin_url: @redirect_url,
21
+ omniauth_window_type: 'newWindow' }
22
+
23
+ follow_all_redirects!
24
+
25
+ assert @controller.omniauth_success_block_called?,
26
+ 'omniauth_success failed to yield resource to provided block'
27
+ end
28
+ end
29
+ end
@@ -0,0 +1,75 @@
1
+ require 'test_helper'
2
+
3
+ class Custom::PasswordsControllerTest < ActionController::TestCase
4
+ describe Custom::PasswordsController do
5
+ before do
6
+ @resource = users(:confirmed_email_user)
7
+ @redirect_url = 'http://ng-token-auth.dev'
8
+ end
9
+
10
+ test 'yield resource to block on create success' do
11
+ post :create,
12
+ params: { email: @resource.email,
13
+ redirect_url: @redirect_url }
14
+
15
+ @mail = ActionMailer::Base.deliveries.last
16
+ @resource.reload
17
+
18
+ @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
19
+ @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
20
+ @mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
21
+
22
+ assert @controller.create_block_called?,
23
+ 'create failed to yield resource to provided block'
24
+ end
25
+
26
+ test 'yield resource to block on edit success' do
27
+ @resource = users(:unconfirmed_email_user)
28
+ @redirect_url = 'http://ng-token-auth.dev'
29
+
30
+ post :create,
31
+ params: { email: @resource.email,
32
+ redirect_url: @redirect_url },
33
+ xhr: true
34
+
35
+ @mail = ActionMailer::Base.deliveries.last
36
+ @resource.reload
37
+
38
+ @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
39
+ @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
40
+ @mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]
41
+
42
+ get :edit,
43
+ params: { reset_password_token: @mail_reset_token,
44
+ redirect_url: @mail_redirect_url },
45
+ xhr: true
46
+ @resource.reload
47
+ assert @controller.edit_block_called?,
48
+ 'edit failed to yield resource to provided block'
49
+ end
50
+
51
+ test 'yield resource to block on update success' do
52
+ @auth_headers = @resource.create_new_auth_token
53
+ request.headers.merge!(@auth_headers)
54
+ @new_password = Faker::Internet.password
55
+ put :update,
56
+ params: { password: @new_password,
57
+ password_confirmation: @new_password }
58
+ assert @controller.update_block_called?, 'update failed to yield resource to provided block'
59
+ end
60
+
61
+ test 'yield resource to block on update success with custom json' do
62
+ @auth_headers = @resource.create_new_auth_token
63
+ request.headers.merge!(@auth_headers)
64
+ @new_password = Faker::Internet.password
65
+ put :update,
66
+ params: { password: @new_password,
67
+ password_confirmation: @new_password }
68
+
69
+ @data = JSON.parse(response.body)
70
+
71
+ assert @controller.update_block_called?, 'update failed to yield resource to provided block'
72
+ assert_equal @data['custom'], 'foo'
73
+ end
74
+ end
75
+ end
@@ -0,0 +1,54 @@
1
+ require 'test_helper'
2
+
3
+ class Custom::RegistrationsControllerTest < ActionDispatch::IntegrationTest
4
+ describe Custom::RegistrationsController do
5
+ setup do
6
+ @create_params = {
7
+ email: Faker::Internet.email,
8
+ password: 'secret123',
9
+ password_confirmation: 'secret123',
10
+ confirm_success_url: Faker::Internet.url,
11
+ unpermitted_param: '(x_x)'
12
+ }
13
+
14
+ @existing_user = nice_users(:confirmed_email_user)
15
+ @auth_headers = @existing_user.create_new_auth_token
16
+ @client_id = @auth_headers['client']
17
+
18
+ # ensure request is not treated as batch request
19
+ age_token(@existing_user, @client_id)
20
+ end
21
+
22
+ test 'yield resource to block on create success' do
23
+ post '/nice_user_auth', params: @create_params
24
+ assert @controller.create_block_called?,
25
+ 'create failed to yield resource to provided block'
26
+ end
27
+
28
+ test 'yield resource to block on create success with custom json' do
29
+ post '/nice_user_auth', params: @create_params
30
+
31
+ @data = JSON.parse(response.body)
32
+
33
+ assert @controller.create_block_called?,
34
+ 'create failed to yield resource to provided block'
35
+ assert_equal @data['custom'], 'foo'
36
+ end
37
+
38
+ test 'yield resource to block on update success' do
39
+ put '/nice_user_auth',
40
+ params: {
41
+ nickname: "Ol' Sunshine-face"
42
+ },
43
+ headers: @auth_headers
44
+ assert @controller.update_block_called?,
45
+ 'update failed to yield resource to provided block'
46
+ end
47
+
48
+ test 'yield resource to block on destroy success' do
49
+ delete '/nice_user_auth', headers: @auth_headers
50
+ assert @controller.destroy_block_called?,
51
+ 'destroy failed to yield resource to provided block'
52
+ end
53
+ end
54
+ end
@@ -0,0 +1,37 @@
1
+ require 'test_helper'
2
+
3
+ class Custom::SessionsControllerTest < ActionController::TestCase
4
+ describe Custom::SessionsController do
5
+ before do
6
+ @existing_user = users(:confirmed_email_user)
7
+ @existing_user.skip_confirmation!
8
+ @existing_user.save!
9
+ end
10
+
11
+ test 'yield resource to block on create success' do
12
+ post :create,
13
+ params: {
14
+ email: @existing_user.email,
15
+ password: 'secret123'
16
+ }
17
+ assert @controller.create_block_called?,
18
+ 'create failed to yield resource to provided block'
19
+ end
20
+
21
+ test 'yield resource to block on destroy success' do
22
+ @auth_headers = @existing_user.create_new_auth_token
23
+ request.headers.merge!(@auth_headers)
24
+ delete :destroy, format: :json
25
+ assert @controller.destroy_block_called?,
26
+ 'destroy failed to yield resource to provided block'
27
+ end
28
+
29
+ test 'render method override' do
30
+ post :create,
31
+ params: { email: @existing_user.email,
32
+ password: 'secret123' }
33
+ @data = JSON.parse(response.body)
34
+ assert_equal @data['custom'], 'foo'
35
+ end
36
+ end
37
+ end
@@ -0,0 +1,40 @@
1
+ require 'test_helper'
2
+
3
+ class Custom::TokenValidationsControllerTest < ActionDispatch::IntegrationTest
4
+ describe Custom::TokenValidationsController do
5
+ before do
6
+ @resource = nice_users(:confirmed_email_user)
7
+ @resource.skip_confirmation!
8
+ @resource.save!
9
+
10
+ @auth_headers = @resource.create_new_auth_token
11
+
12
+ @token = @auth_headers['access-token']
13
+ @client_id = @auth_headers['client']
14
+ @expiry = @auth_headers['expiry']
15
+
16
+ # ensure that request is not treated as batch request
17
+ age_token(@resource, @client_id)
18
+ end
19
+
20
+ test 'yield resource to block on validate_token success' do
21
+ get '/nice_user_auth/validate_token',
22
+ params: {},
23
+ headers: @auth_headers
24
+ assert @controller.validate_token_block_called?,
25
+ 'validate_token failed to yield resource to provided block'
26
+ end
27
+
28
+ test 'yield resource to block on validate_token success with custom json' do
29
+ get '/nice_user_auth/validate_token',
30
+ params: {},
31
+ headers: @auth_headers
32
+
33
+ @data = JSON.parse(response.body)
34
+
35
+ assert @controller.validate_token_block_called?,
36
+ 'validate_token failed to yield resource to provided block'
37
+ assert_equal @data['custom'], 'foo'
38
+ end
39
+ end
40
+ end
@@ -0,0 +1,153 @@
1
+ require 'test_helper'
2
+
3
+ # was the web request successful?
4
+ # was the user redirected to the right page?
5
+ # was the user successfully authenticated?
6
+ # was the correct object stored in the response?
7
+ # was the appropriate message delivered in the json payload?
8
+
9
+ class DemoGroupControllerTest < ActionDispatch::IntegrationTest
10
+ describe DemoGroupController do
11
+ describe 'Token access' do
12
+ before do
13
+ # user
14
+ @resource = users(:confirmed_email_user)
15
+ @resource.skip_confirmation!
16
+ @resource.save!
17
+
18
+ @resource_auth_headers = @resource.create_new_auth_token
19
+
20
+ @resource_token = @resource_auth_headers['access-token']
21
+ @resource_client_id = @resource_auth_headers['client']
22
+ @resource_expiry = @resource_auth_headers['expiry']
23
+
24
+ # mang
25
+ @mang = mangs(:confirmed_email_user)
26
+ @mang.skip_confirmation!
27
+ @mang.save!
28
+
29
+ @mang_auth_headers = @mang.create_new_auth_token
30
+
31
+ @mang_token = @mang_auth_headers['access-token']
32
+ @mang_client_id = @mang_auth_headers['client']
33
+ @mang_expiry = @mang_auth_headers['expiry']
34
+ end
35
+
36
+ describe 'user access' do
37
+ before do
38
+ # ensure that request is not treated as batch request
39
+ age_token(@resource, @resource_client_id)
40
+
41
+ get '/demo/members_only_group',
42
+ params: {},
43
+ headers: @resource_auth_headers
44
+
45
+ @resp_token = response.headers['access-token']
46
+ @resp_client_id = response.headers['client']
47
+ @resp_expiry = response.headers['expiry']
48
+ @resp_uid = response.headers['uid']
49
+ end
50
+
51
+ test 'request is successful' do
52
+ assert_equal 200, response.status
53
+ end
54
+
55
+ describe 'devise mappings' do
56
+ it 'should define current_user' do
57
+ assert_equal @resource, @controller.current_user
58
+ end
59
+
60
+ it 'should define user_signed_in?' do
61
+ assert @controller.user_signed_in?
62
+ end
63
+
64
+ it 'should not define current_mang' do
65
+ refute_equal @resource, @controller.current_mang
66
+ end
67
+
68
+ it 'should define current_member' do
69
+ assert_equal @resource, @controller.current_member
70
+ end
71
+
72
+ it 'should define current_members' do
73
+ assert @controller.current_members.include? @resource
74
+ end
75
+
76
+ it 'should define member_signed_in?' do
77
+ assert @controller.current_members.include? @resource
78
+ end
79
+
80
+ it 'should define render_authenticate_error' do
81
+ assert @controller.methods.include?(:render_authenticate_error)
82
+ end
83
+ end
84
+ end
85
+
86
+ describe 'mang access' do
87
+ before do
88
+ # ensure that request is not treated as batch request
89
+ age_token(@mang, @mang_client_id)
90
+
91
+ get '/demo/members_only_group',
92
+ params: {},
93
+ headers: @mang_auth_headers
94
+
95
+ @resp_token = response.headers['access-token']
96
+ @resp_client_id = response.headers['client']
97
+ @resp_expiry = response.headers['expiry']
98
+ @resp_uid = response.headers['uid']
99
+ end
100
+
101
+ test 'request is successful' do
102
+ assert_equal 200, response.status
103
+ end
104
+
105
+ describe 'devise mappings' do
106
+ it 'should define current_mang' do
107
+ assert_equal @mang, @controller.current_mang
108
+ end
109
+
110
+ it 'should define mang_signed_in?' do
111
+ assert @controller.mang_signed_in?
112
+ end
113
+
114
+ it 'should not define current_mang' do
115
+ refute_equal @mang, @controller.current_user
116
+ end
117
+
118
+ it 'should define current_member' do
119
+ assert_equal @mang, @controller.current_member
120
+ end
121
+
122
+ it 'should define current_members' do
123
+ assert @controller.current_members.include? @mang
124
+ end
125
+
126
+ it 'should define member_signed_in?' do
127
+ assert @controller.current_members.include? @mang
128
+ end
129
+
130
+ it 'should define render_authenticate_error' do
131
+ assert @controller.methods.include?(:render_authenticate_error)
132
+ end
133
+ end
134
+ end
135
+
136
+ describe 'failed access' do
137
+ before do
138
+ get '/demo/members_only_group',
139
+ params: {},
140
+ headers: @mang_auth_headers.merge('access-token' => 'bogus')
141
+ end
142
+
143
+ it 'should not return any auth headers' do
144
+ refute response.headers['access-token']
145
+ end
146
+
147
+ it 'should return error: unauthorized status' do
148
+ assert_equal 401, response.status
149
+ end
150
+ end
151
+ end
152
+ end
153
+ end
@@ -0,0 +1,284 @@
1
+ require 'test_helper'
2
+
3
+ # was the web request successful?
4
+ # was the user redirected to the right page?
5
+ # was the user successfully authenticated?
6
+ # was the correct object stored in the response?
7
+ # was the appropriate message delivered in the json payload?
8
+
9
+ class DemoMangControllerTest < ActionDispatch::IntegrationTest
10
+ describe DemoMangController do
11
+ describe 'Token access' do
12
+ before do
13
+ @resource = mangs(:confirmed_email_user)
14
+ @resource.skip_confirmation!
15
+ @resource.save!
16
+
17
+ @auth_headers = @resource.create_new_auth_token
18
+
19
+ @token = @auth_headers['access-token']
20
+ @client_id = @auth_headers['client']
21
+ @expiry = @auth_headers['expiry']
22
+ end
23
+
24
+ describe 'successful request' do
25
+ before do
26
+ # ensure that request is not treated as batch request
27
+ age_token(@resource, @client_id)
28
+
29
+ get '/demo/members_only_mang',
30
+ params: {},
31
+ headers: @auth_headers
32
+
33
+ @resp_token = response.headers['access-token']
34
+ @resp_client_id = response.headers['client']
35
+ @resp_expiry = response.headers['expiry']
36
+ @resp_uid = response.headers['uid']
37
+ end
38
+
39
+ describe 'devise mappings' do
40
+ it 'should define current_mang' do
41
+ assert_equal @resource, @controller.current_mang
42
+ end
43
+
44
+ it 'should define mang_signed_in?' do
45
+ assert @controller.mang_signed_in?
46
+ end
47
+
48
+ it 'should not define current_user' do
49
+ refute_equal @resource, @controller.current_user
50
+ end
51
+
52
+ it 'should define render_authenticate_error' do
53
+ assert @controller.methods.include?(:render_authenticate_error)
54
+ end
55
+ end
56
+
57
+ it 'should return success status' do
58
+ assert_equal 200, response.status
59
+ end
60
+
61
+ it 'should receive new token after successful request' do
62
+ refute_equal @token, @resp_token
63
+ end
64
+
65
+ it 'should preserve the client id from the first request' do
66
+ assert_equal @client_id, @resp_client_id
67
+ end
68
+
69
+ it "should return the user's uid in the auth header" do
70
+ assert_equal @resource.uid, @resp_uid
71
+ end
72
+
73
+ it 'should not treat this request as a batch request' do
74
+ refute assigns(:is_batch_request)
75
+ end
76
+
77
+ describe 'subsequent requests' do
78
+ before do
79
+ @resource.reload
80
+ # ensure that request is not treated as batch request
81
+ age_token(@resource, @client_id)
82
+
83
+ get '/demo/members_only_mang',
84
+ params: {},
85
+ headers: @auth_headers.merge('access-token' => @resp_token)
86
+ end
87
+
88
+ it 'should not treat this request as a batch request' do
89
+ refute assigns(:is_batch_request)
90
+ end
91
+
92
+ it 'should allow a new request to be made using new token' do
93
+ assert_equal 200, response.status
94
+ end
95
+ end
96
+ end
97
+
98
+ describe 'failed request' do
99
+ before do
100
+ get '/demo/members_only_mang',
101
+ params: {},
102
+ headers: @auth_headers.merge('access-token' => 'bogus')
103
+ end
104
+
105
+ it 'should not return any auth headers' do
106
+ refute response.headers['access-token']
107
+ end
108
+
109
+ it 'should return error: unauthorized status' do
110
+ assert_equal 401, response.status
111
+ end
112
+ end
113
+
114
+ describe 'disable change_headers_on_each_request' do
115
+ before do
116
+ DeviseTokenAuth.change_headers_on_each_request = false
117
+ @resource.reload
118
+ age_token(@resource, @client_id)
119
+
120
+ get '/demo/members_only_mang',
121
+ params: {},
122
+ headers: @auth_headers
123
+
124
+ @first_is_batch_request = assigns(:is_batch_request)
125
+ @first_user = assigns(:resource).dup
126
+ @first_access_token = response.headers['access-token']
127
+ @first_response_status = response.status
128
+
129
+ @resource.reload
130
+ age_token(@resource, @client_id)
131
+
132
+ # use expired auth header
133
+ get '/demo/members_only_mang',
134
+ params: {},
135
+ headers: @auth_headers
136
+
137
+ @second_is_batch_request = assigns(:is_batch_request)
138
+ @second_user = assigns(:resource).dup
139
+ @second_access_token = response.headers['access-token']
140
+ @second_response_status = response.status
141
+ end
142
+
143
+ after do
144
+ DeviseTokenAuth.change_headers_on_each_request = true
145
+ end
146
+
147
+ it 'should allow the first request through' do
148
+ assert_equal 200, @first_response_status
149
+ end
150
+
151
+ it 'should allow the second request through' do
152
+ assert_equal 200, @second_response_status
153
+ end
154
+
155
+ it 'should return auth headers from the first request' do
156
+ assert @first_access_token
157
+ end
158
+
159
+ it 'should not treat either requests as batch requests' do
160
+ refute @first_is_batch_request
161
+ refute @second_is_batch_request
162
+ end
163
+
164
+ it 'should return auth headers from the second request' do
165
+ assert @second_access_token
166
+ end
167
+
168
+ it 'should define user during first request' do
169
+ assert @first_user
170
+ end
171
+
172
+ it 'should define user during second request' do
173
+ assert @second_user
174
+ end
175
+ end
176
+
177
+ describe 'batch requests' do
178
+ describe 'success' do
179
+ before do
180
+ age_token(@resource, @client_id)
181
+ # request.headers.merge!(@auth_headers)
182
+
183
+ get '/demo/members_only_mang',
184
+ params: {},
185
+ headers: @auth_headers
186
+
187
+ @first_is_batch_request = assigns(:is_batch_request)
188
+ @first_user = assigns(:resource)
189
+ @first_access_token = response.headers['access-token']
190
+
191
+ get '/demo/members_only_mang',
192
+ params: {},
193
+ headers: @auth_headers
194
+
195
+ @second_is_batch_request = assigns(:is_batch_request)
196
+ @second_user = assigns(:resource)
197
+ @second_access_token = response.headers['access-token']
198
+ end
199
+
200
+ it 'should allow both requests through' do
201
+ assert_equal 200, response.status
202
+ end
203
+
204
+ it 'should not treat the first request as a batch request' do
205
+ refute @first_is_batch_request
206
+ end
207
+
208
+ it 'should treat the second request as a batch request' do
209
+ assert @second_is_batch_request
210
+ end
211
+
212
+ it 'should return access token for first (non-batch) request' do
213
+ assert @first_access_token
214
+ end
215
+
216
+ it 'should not return auth headers for second (batched) requests' do
217
+ assert_equal ' ', @second_access_token
218
+ end
219
+ end
220
+
221
+ describe 'time out' do
222
+ before do
223
+ @resource.reload
224
+ age_token(@resource, @client_id)
225
+
226
+ get '/demo/members_only_mang',
227
+ params: {},
228
+ headers: @auth_headers
229
+
230
+ @first_is_batch_request = assigns(:is_batch_request)
231
+ @first_user = assigns(:resource).dup
232
+ @first_access_token = response.headers['access-token']
233
+ @first_response_status = response.status
234
+
235
+ @resource.reload
236
+ age_token(@resource, @client_id)
237
+
238
+ # use expired auth header
239
+ get '/demo/members_only_mang',
240
+ params: {},
241
+ headers: @auth_headers
242
+
243
+ @second_is_batch_request = assigns(:is_batch_request)
244
+ @second_user = assigns(:resource)
245
+ @second_access_token = response.headers['access-token']
246
+ @second_response_status = response.status
247
+ end
248
+
249
+ it 'should allow the first request through' do
250
+ assert_equal 200, @first_response_status
251
+ end
252
+
253
+ it 'should not allow the second request through' do
254
+ assert_equal 401, @second_response_status
255
+ end
256
+
257
+ it 'should not treat first request as batch request' do
258
+ refute @second_is_batch_request
259
+ end
260
+
261
+ it 'should return auth headers from the first request' do
262
+ assert @first_access_token
263
+ end
264
+
265
+ it 'should not treat second request as batch request' do
266
+ refute @second_is_batch_request
267
+ end
268
+
269
+ it 'should not return auth headers from the second request' do
270
+ refute @second_access_token
271
+ end
272
+
273
+ it 'should define user during first request' do
274
+ assert @first_user
275
+ end
276
+
277
+ it 'should not define user during second request' do
278
+ refute @second_user
279
+ end
280
+ end
281
+ end
282
+ end
283
+ end
284
+ end