digix_devise_token_auth 0.1.44

Sign up to get free protection for your applications and to get access to all the features.
Files changed (149) hide show
  1. checksums.yaml +7 -0
  2. data/LICENSE +13 -0
  3. data/README.md +952 -0
  4. data/Rakefile +35 -0
  5. data/app/controllers/devise_token_auth/application_controller.rb +76 -0
  6. data/app/controllers/devise_token_auth/concerns/resource_finder.rb +43 -0
  7. data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +165 -0
  8. data/app/controllers/devise_token_auth/confirmations_controller.rb +30 -0
  9. data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +243 -0
  10. data/app/controllers/devise_token_auth/passwords_controller.rb +202 -0
  11. data/app/controllers/devise_token_auth/registrations_controller.rb +205 -0
  12. data/app/controllers/devise_token_auth/sessions_controller.rb +133 -0
  13. data/app/controllers/devise_token_auth/token_validations_controller.rb +29 -0
  14. data/app/controllers/devise_token_auth/unlocks_controller.rb +89 -0
  15. data/app/models/devise_token_auth/concerns/user.rb +260 -0
  16. data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +26 -0
  17. data/app/validators/email_validator.rb +21 -0
  18. data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
  19. data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
  20. data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
  21. data/app/views/devise_token_auth/omniauth_external_window.html.erb +38 -0
  22. data/config/initializers/devise.rb +196 -0
  23. data/config/locales/da-DK.yml +50 -0
  24. data/config/locales/de.yml +49 -0
  25. data/config/locales/en.yml +50 -0
  26. data/config/locales/es.yml +49 -0
  27. data/config/locales/fr.yml +49 -0
  28. data/config/locales/it.yml +46 -0
  29. data/config/locales/ja.yml +46 -0
  30. data/config/locales/nl.yml +30 -0
  31. data/config/locales/pl.yml +48 -0
  32. data/config/locales/pt-BR.yml +46 -0
  33. data/config/locales/pt.yml +48 -0
  34. data/config/locales/ro.yml +46 -0
  35. data/config/locales/ru.yml +50 -0
  36. data/config/locales/sq.yml +46 -0
  37. data/config/locales/uk.yml +59 -0
  38. data/config/locales/vi.yml +50 -0
  39. data/config/locales/zh-CN.yml +46 -0
  40. data/config/locales/zh-HK.yml +48 -0
  41. data/config/locales/zh-TW.yml +48 -0
  42. data/lib/devise_token_auth.rb +8 -0
  43. data/lib/devise_token_auth/controllers/helpers.rb +149 -0
  44. data/lib/devise_token_auth/controllers/url_helpers.rb +8 -0
  45. data/lib/devise_token_auth/engine.rb +90 -0
  46. data/lib/devise_token_auth/rails/routes.rb +114 -0
  47. data/lib/devise_token_auth/url.rb +37 -0
  48. data/lib/devise_token_auth/version.rb +3 -0
  49. data/lib/generators/devise_token_auth/USAGE +31 -0
  50. data/lib/generators/devise_token_auth/install_generator.rb +160 -0
  51. data/lib/generators/devise_token_auth/install_views_generator.rb +16 -0
  52. data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +48 -0
  53. data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +55 -0
  54. data/lib/generators/devise_token_auth/templates/user.rb +7 -0
  55. data/lib/tasks/devise_token_auth_tasks.rake +4 -0
  56. data/test/controllers/custom/custom_confirmations_controller_test.rb +21 -0
  57. data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +29 -0
  58. data/test/controllers/custom/custom_passwords_controller_test.rb +75 -0
  59. data/test/controllers/custom/custom_registrations_controller_test.rb +54 -0
  60. data/test/controllers/custom/custom_sessions_controller_test.rb +37 -0
  61. data/test/controllers/custom/custom_token_validations_controller_test.rb +40 -0
  62. data/test/controllers/demo_group_controller_test.rb +153 -0
  63. data/test/controllers/demo_mang_controller_test.rb +284 -0
  64. data/test/controllers/demo_user_controller_test.rb +601 -0
  65. data/test/controllers/devise_token_auth/confirmations_controller_test.rb +129 -0
  66. data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +371 -0
  67. data/test/controllers/devise_token_auth/passwords_controller_test.rb +649 -0
  68. data/test/controllers/devise_token_auth/registrations_controller_test.rb +878 -0
  69. data/test/controllers/devise_token_auth/sessions_controller_test.rb +500 -0
  70. data/test/controllers/devise_token_auth/token_validations_controller_test.rb +90 -0
  71. data/test/controllers/devise_token_auth/unlocks_controller_test.rb +194 -0
  72. data/test/controllers/overrides/confirmations_controller_test.rb +43 -0
  73. data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +49 -0
  74. data/test/controllers/overrides/passwords_controller_test.rb +66 -0
  75. data/test/controllers/overrides/registrations_controller_test.rb +40 -0
  76. data/test/controllers/overrides/sessions_controller_test.rb +33 -0
  77. data/test/controllers/overrides/token_validations_controller_test.rb +41 -0
  78. data/test/dummy/README.rdoc +28 -0
  79. data/test/dummy/app/controllers/application_controller.rb +16 -0
  80. data/test/dummy/app/controllers/auth_origin_controller.rb +5 -0
  81. data/test/dummy/app/controllers/custom/confirmations_controller.rb +13 -0
  82. data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb +11 -0
  83. data/test/dummy/app/controllers/custom/passwords_controller.rb +40 -0
  84. data/test/dummy/app/controllers/custom/registrations_controller.rb +39 -0
  85. data/test/dummy/app/controllers/custom/sessions_controller.rb +29 -0
  86. data/test/dummy/app/controllers/custom/token_validations_controller.rb +19 -0
  87. data/test/dummy/app/controllers/demo_group_controller.rb +13 -0
  88. data/test/dummy/app/controllers/demo_mang_controller.rb +12 -0
  89. data/test/dummy/app/controllers/demo_user_controller.rb +25 -0
  90. data/test/dummy/app/controllers/overrides/confirmations_controller.rb +26 -0
  91. data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +14 -0
  92. data/test/dummy/app/controllers/overrides/passwords_controller.rb +33 -0
  93. data/test/dummy/app/controllers/overrides/registrations_controller.rb +27 -0
  94. data/test/dummy/app/controllers/overrides/sessions_controller.rb +36 -0
  95. data/test/dummy/app/controllers/overrides/token_validations_controller.rb +23 -0
  96. data/test/dummy/app/helpers/application_helper.rb +1065 -0
  97. data/test/dummy/app/models/evil_user.rb +3 -0
  98. data/test/dummy/app/models/lockable_user.rb +5 -0
  99. data/test/dummy/app/models/mang.rb +3 -0
  100. data/test/dummy/app/models/nice_user.rb +7 -0
  101. data/test/dummy/app/models/only_email_user.rb +5 -0
  102. data/test/dummy/app/models/scoped_user.rb +7 -0
  103. data/test/dummy/app/models/unconfirmable_user.rb +8 -0
  104. data/test/dummy/app/models/unregisterable_user.rb +7 -0
  105. data/test/dummy/app/models/user.rb +18 -0
  106. data/test/dummy/app/views/layouts/application.html.erb +14 -0
  107. data/test/dummy/config.ru +16 -0
  108. data/test/dummy/config/application.rb +24 -0
  109. data/test/dummy/config/application.yml.bk +0 -0
  110. data/test/dummy/config/boot.rb +5 -0
  111. data/test/dummy/config/environment.rb +5 -0
  112. data/test/dummy/config/environments/development.rb +44 -0
  113. data/test/dummy/config/environments/production.rb +82 -0
  114. data/test/dummy/config/environments/test.rb +48 -0
  115. data/test/dummy/config/initializers/assets.rb +8 -0
  116. data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
  117. data/test/dummy/config/initializers/cookies_serializer.rb +3 -0
  118. data/test/dummy/config/initializers/devise.rb +3 -0
  119. data/test/dummy/config/initializers/devise_token_auth.rb +22 -0
  120. data/test/dummy/config/initializers/figaro.rb +1 -0
  121. data/test/dummy/config/initializers/filter_parameter_logging.rb +4 -0
  122. data/test/dummy/config/initializers/inflections.rb +16 -0
  123. data/test/dummy/config/initializers/mime_types.rb +4 -0
  124. data/test/dummy/config/initializers/omniauth.rb +8 -0
  125. data/test/dummy/config/initializers/session_store.rb +3 -0
  126. data/test/dummy/config/initializers/wrap_parameters.rb +14 -0
  127. data/test/dummy/config/routes.rb +72 -0
  128. data/test/dummy/config/spring.rb +1 -0
  129. data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +63 -0
  130. data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +62 -0
  131. data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +6 -0
  132. data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +5 -0
  133. data/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb +64 -0
  134. data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +60 -0
  135. data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +61 -0
  136. data/test/dummy/db/migrate/20150409095712_devise_token_auth_create_nice_users.rb +61 -0
  137. data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +61 -0
  138. data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +61 -0
  139. data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +61 -0
  140. data/test/dummy/db/schema.rb +258 -0
  141. data/test/dummy/lib/migration_database_helper.rb +29 -0
  142. data/test/integration/navigation_test.rb +10 -0
  143. data/test/lib/devise_token_auth/url_test.rb +24 -0
  144. data/test/lib/generators/devise_token_auth/install_generator_test.rb +187 -0
  145. data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +23 -0
  146. data/test/models/only_email_user_test.rb +35 -0
  147. data/test/models/user_test.rb +169 -0
  148. data/test/test_helper.rb +77 -0
  149. metadata +342 -0
@@ -0,0 +1,500 @@
1
+ require 'test_helper'
2
+
3
+ # was the web request successful?
4
+ # was the user redirected to the right page?
5
+ # was the user successfully authenticated?
6
+ # was the correct object stored in the response?
7
+ # was the appropriate message delivered in the json payload?
8
+
9
+ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
10
+ describe DeviseTokenAuth::SessionsController do
11
+ describe 'Confirmed user' do
12
+ before do
13
+ @existing_user = users(:confirmed_email_user)
14
+ @existing_user.skip_confirmation!
15
+ @existing_user.save!
16
+ end
17
+
18
+ describe 'success' do
19
+ before do
20
+ @old_sign_in_count = @existing_user.sign_in_count
21
+ @old_current_sign_in_at = @existing_user.current_sign_in_at
22
+ @old_last_sign_in_at = @existing_user.last_sign_in_at
23
+ @old_sign_in_ip = @existing_user.current_sign_in_ip
24
+ @old_last_sign_in_ip = @existing_user.last_sign_in_ip
25
+
26
+ post :create,
27
+ params: {
28
+ email: @existing_user.email,
29
+ password: 'secret123'
30
+ }
31
+
32
+ @resource = assigns(:resource)
33
+ @data = JSON.parse(response.body)
34
+
35
+ @new_sign_in_count = @resource.sign_in_count
36
+ @new_current_sign_in_at = @resource.current_sign_in_at
37
+ @new_last_sign_in_at = @resource.last_sign_in_at
38
+ @new_sign_in_ip = @resource.current_sign_in_ip
39
+ @new_last_sign_in_ip = @resource.last_sign_in_ip
40
+ end
41
+
42
+ test 'request should succeed' do
43
+ assert_equal 200, response.status
44
+ end
45
+
46
+ test 'request should return user data' do
47
+ assert_equal @existing_user.email, @data['data']['email']
48
+ end
49
+
50
+ describe 'trackable' do
51
+ test 'sign_in_count incrementns' do
52
+ assert_equal @old_sign_in_count + 1, @new_sign_in_count
53
+ end
54
+
55
+ test 'current_sign_in_at is updated' do
56
+ refute @old_current_sign_in_at
57
+ assert @new_current_sign_in_at
58
+ end
59
+
60
+ test 'last_sign_in_at is updated' do
61
+ refute @old_last_sign_in_at
62
+ assert @new_last_sign_in_at
63
+ end
64
+
65
+ test 'sign_in_ip is updated' do
66
+ refute @old_sign_in_ip
67
+ assert_equal '0.0.0.0', @new_sign_in_ip
68
+ end
69
+
70
+ test 'last_sign_in_ip is updated' do
71
+ refute @old_last_sign_in_ip
72
+ assert_equal '0.0.0.0', @new_last_sign_in_ip
73
+ end
74
+ end
75
+ end
76
+
77
+ describe 'get sign_in is not supported' do
78
+ before do
79
+ get :new,
80
+ params: { nickname: @existing_user.nickname,
81
+ password: 'secret123' }
82
+ @data = JSON.parse(response.body)
83
+ end
84
+
85
+ test 'user is notified that they should use post sign_in to authenticate' do
86
+ assert_equal 405, response.status
87
+ end
88
+ test 'response should contain errors' do
89
+ assert @data['errors']
90
+ assert_equal @data['errors'], [I18n.t('devise_token_auth.sessions.not_supported')]
91
+ end
92
+ end
93
+
94
+ describe 'header sign_in is supported' do
95
+ before do
96
+ request.headers.merge!(
97
+ 'email' => @existing_user.email,
98
+ 'password' => 'secret123'
99
+ )
100
+
101
+ head :create
102
+ @data = JSON.parse(response.body)
103
+ end
104
+
105
+ test 'user can sign in using header request' do
106
+ assert_equal 200, response.status
107
+ end
108
+ end
109
+
110
+ describe 'alt auth keys' do
111
+ before do
112
+ post :create,
113
+ params: { nickname: @existing_user.nickname,
114
+ password: 'secret123' }
115
+ @data = JSON.parse(response.body)
116
+ end
117
+
118
+ test 'user can sign in using nickname' do
119
+ assert_equal 200, response.status
120
+ assert_equal @existing_user.email, @data['data']['email']
121
+ end
122
+ end
123
+
124
+ describe 'authed user sign out' do
125
+ before do
126
+ def @controller.reset_session_called
127
+ @reset_session_called == true
128
+ end
129
+
130
+ def @controller.reset_session
131
+ @reset_session_called = true
132
+ end
133
+ @auth_headers = @existing_user.create_new_auth_token
134
+ request.headers.merge!(@auth_headers)
135
+ delete :destroy, format: :json
136
+ end
137
+
138
+ test 'user is successfully logged out' do
139
+ assert_equal 200, response.status
140
+ end
141
+
142
+ test 'token was destroyed' do
143
+ @existing_user.reload
144
+ refute @existing_user.tokens[@auth_headers['client']]
145
+ end
146
+
147
+ test 'session was destroyed' do
148
+ assert_equal true, @controller.reset_session_called
149
+ end
150
+ end
151
+
152
+ describe 'unauthed user sign out' do
153
+ before do
154
+ @auth_headers = @existing_user.create_new_auth_token
155
+ delete :destroy, format: :json
156
+ @data = JSON.parse(response.body)
157
+ end
158
+
159
+ test 'unauthed request returns 404' do
160
+ assert_equal 404, response.status
161
+ end
162
+
163
+ test 'response should contain errors' do
164
+ assert @data['errors']
165
+ assert_equal @data['errors'],
166
+ [I18n.t('devise_token_auth.sessions.user_not_found')]
167
+ end
168
+ end
169
+
170
+ describe 'failure' do
171
+ before do
172
+ post :create,
173
+ params: { email: @existing_user.email,
174
+ password: 'bogus' }
175
+
176
+ @resource = assigns(:resource)
177
+ @data = JSON.parse(response.body)
178
+ end
179
+
180
+ test 'request should fail' do
181
+ assert_equal 401, response.status
182
+ end
183
+
184
+ test 'response should contain errors' do
185
+ assert @data['errors']
186
+ assert_equal @data['errors'],
187
+ [I18n.t('devise_token_auth.sessions.bad_credentials')]
188
+ end
189
+ end
190
+
191
+ describe 'failure with bad password when change_headers_on_each_request false' do
192
+ before do
193
+ DeviseTokenAuth.change_headers_on_each_request = false
194
+
195
+ # accessing current_user calls through set_user_by_token,
196
+ # which initializes client_id
197
+ @controller.current_user
198
+
199
+ post :create,
200
+ params: { email: @existing_user.email,
201
+ password: 'bogus' }
202
+
203
+ @resource = assigns(:resource)
204
+ @data = JSON.parse(response.body)
205
+ end
206
+
207
+ test 'request should fail' do
208
+ assert_equal 401, response.status
209
+ end
210
+
211
+ test 'response should contain errors' do
212
+ assert @data['errors']
213
+ assert_equal @data['errors'], [I18n.t('devise_token_auth.sessions.bad_credentials')]
214
+ end
215
+
216
+ after do
217
+ DeviseTokenAuth.change_headers_on_each_request = true
218
+ end
219
+ end
220
+
221
+ describe 'case-insensitive email' do
222
+ before do
223
+ @resource_class = User
224
+ @request_params = {
225
+ email: @existing_user.email.upcase,
226
+ password: 'secret123'
227
+ }
228
+ end
229
+
230
+ test 'request should succeed if configured' do
231
+ @resource_class.case_insensitive_keys = [:email]
232
+ post :create, params: @request_params
233
+ assert_equal 200, response.status
234
+ end
235
+
236
+ test 'request should fail if not configured' do
237
+ @resource_class.case_insensitive_keys = []
238
+ post :create, params: @request_params
239
+ assert_equal 401, response.status
240
+ end
241
+ end
242
+
243
+ describe 'stripping whitespace on email' do
244
+ before do
245
+ @resource_class = User
246
+ @request_params = {
247
+ # adding whitespace before and after email
248
+ email: " #{@existing_user.email} ",
249
+ password: 'secret123'
250
+ }
251
+ end
252
+
253
+ test 'request should succeed if configured' do
254
+ @resource_class.strip_whitespace_keys = [:email]
255
+ post :create, params: @request_params
256
+ assert_equal 200, response.status
257
+ end
258
+
259
+ test 'request should fail if not configured' do
260
+ @resource_class.strip_whitespace_keys = []
261
+ post :create, params: @request_params
262
+ assert_equal 401, response.status
263
+ end
264
+ end
265
+ end
266
+
267
+ describe 'Unconfirmed user' do
268
+ before do
269
+ @unconfirmed_user = users(:unconfirmed_email_user)
270
+ post :create, params: { email: @unconfirmed_user.email,
271
+ password: 'secret123' }
272
+ @resource = assigns(:resource)
273
+ @data = JSON.parse(response.body)
274
+ end
275
+
276
+ test 'request should fail' do
277
+ assert_equal 401, response.status
278
+ end
279
+
280
+ test 'response should contain errors' do
281
+ assert @data['errors']
282
+ assert_equal @data['errors'],
283
+ [I18n.t('devise_token_auth.sessions.not_confirmed',
284
+ email: @unconfirmed_user.email)]
285
+ end
286
+ end
287
+
288
+ describe 'Unconfirmed user with allowed unconfirmed access' do
289
+ before do
290
+ @original_duration = Devise.allow_unconfirmed_access_for
291
+ Devise.allow_unconfirmed_access_for = 3.days
292
+ @recent_unconfirmed_user = users(:recent_unconfirmed_email_user)
293
+ post :create,
294
+ params: { email: @recent_unconfirmed_user.email,
295
+ password: 'secret123' }
296
+ @resource = assigns(:resource)
297
+ @data = JSON.parse(response.body)
298
+ end
299
+
300
+ after do
301
+ Devise.allow_unconfirmed_access_for = @original_duration
302
+ end
303
+
304
+ test 'request should succeed' do
305
+ assert_equal 200, response.status
306
+ end
307
+
308
+ test 'request should return user data' do
309
+ assert_equal @recent_unconfirmed_user.email, @data['data']['email']
310
+ end
311
+ end
312
+
313
+ describe 'Unconfirmed user with expired unconfirmed access' do
314
+ before do
315
+ @original_duration = Devise.allow_unconfirmed_access_for
316
+ Devise.allow_unconfirmed_access_for = 3.days
317
+ @unconfirmed_user = users(:unconfirmed_email_user)
318
+ post :create,
319
+ params: { email: @unconfirmed_user.email,
320
+ password: 'secret123' }
321
+ @resource = assigns(:resource)
322
+ @data = JSON.parse(response.body)
323
+ end
324
+
325
+ after do
326
+ Devise.allow_unconfirmed_access_for = @original_duration
327
+ end
328
+
329
+ test 'request should fail' do
330
+ assert_equal 401, response.status
331
+ end
332
+
333
+ test 'response should contain errors' do
334
+ assert @data['errors']
335
+ end
336
+ end
337
+
338
+ describe 'Non-existing user' do
339
+ before do
340
+ post :create,
341
+ params: { email: -> { Faker::Internet.email },
342
+ password: -> { Faker::Number.number(10) } }
343
+ @resource = assigns(:resource)
344
+ @data = JSON.parse(response.body)
345
+ end
346
+
347
+ test 'request should fail' do
348
+ assert_equal 401, response.status
349
+ end
350
+
351
+ test 'response should contain errors' do
352
+ assert @data['errors']
353
+ end
354
+ end
355
+
356
+ describe 'Alternate user class' do
357
+ setup do
358
+ @request.env['devise.mapping'] = Devise.mappings[:mang]
359
+ end
360
+
361
+ teardown do
362
+ @request.env['devise.mapping'] = Devise.mappings[:user]
363
+ end
364
+
365
+ before do
366
+ @existing_user = mangs(:confirmed_email_user)
367
+ @existing_user.skip_confirmation!
368
+ @existing_user.save!
369
+
370
+ post :create,
371
+ params: { email: @existing_user.email,
372
+ password: 'secret123' }
373
+
374
+ @resource = assigns(:resource)
375
+ @data = JSON.parse(response.body)
376
+ end
377
+
378
+ test 'request should succeed' do
379
+ assert_equal 200, response.status
380
+ end
381
+
382
+ test 'request should return user data' do
383
+ assert_equal @existing_user.email, @data['data']['email']
384
+ end
385
+ end
386
+
387
+ describe 'User with only :database_authenticatable and :registerable included' do
388
+ setup do
389
+ @request.env['devise.mapping'] = Devise.mappings[:only_email_user]
390
+ end
391
+
392
+ teardown do
393
+ @request.env['devise.mapping'] = Devise.mappings[:user]
394
+ end
395
+
396
+ before do
397
+ @existing_user = only_email_users(:user)
398
+ @existing_user.save!
399
+
400
+ post :create,
401
+ params: { email: @existing_user.email,
402
+ password: 'secret123' }
403
+
404
+ @resource = assigns(:resource)
405
+ @data = JSON.parse(response.body)
406
+ end
407
+
408
+ test 'user should be able to sign in without confirmation' do
409
+ assert 200, response.status
410
+ refute OnlyEmailUser.method_defined?(:confirmed_at)
411
+ end
412
+ end
413
+
414
+ describe 'Lockable User' do
415
+ setup do
416
+ @request.env['devise.mapping'] = Devise.mappings[:lockable_user]
417
+ end
418
+
419
+ teardown do
420
+ @request.env['devise.mapping'] = Devise.mappings[:user]
421
+ end
422
+
423
+ before do
424
+ @original_lock_strategy = Devise.lock_strategy
425
+ @original_unlock_strategy = Devise.unlock_strategy
426
+ @original_maximum_attempts = Devise.maximum_attempts
427
+ Devise.lock_strategy = :failed_attempts
428
+ Devise.unlock_strategy = :email
429
+ Devise.maximum_attempts = 5
430
+ end
431
+
432
+ after do
433
+ Devise.lock_strategy = @original_lock_strategy
434
+ Devise.maximum_attempts = @original_maximum_attempts
435
+ Devise.unlock_strategy = @original_unlock_strategy
436
+ end
437
+
438
+ describe 'locked user' do
439
+ before do
440
+ @locked_user = lockable_users(:locked_user)
441
+ post :create,
442
+ params: { email: @locked_user.email,
443
+ password: 'secret123' }
444
+ @data = JSON.parse(response.body)
445
+ end
446
+
447
+ test 'request should fail' do
448
+ assert_equal 401, response.status
449
+ end
450
+
451
+ test 'response should contain errors' do
452
+ assert @data['errors']
453
+ assert_equal @data['errors'], [I18n.t('devise.mailer.unlock_instructions.account_lock_msg')]
454
+ end
455
+ end
456
+
457
+ describe 'unlocked user with bad password' do
458
+ before do
459
+ @unlocked_user = lockable_users(:unlocked_user)
460
+ post :create,
461
+ params: { email: @unlocked_user.email,
462
+ password: 'bad-password' }
463
+ @data = JSON.parse(response.body)
464
+ end
465
+
466
+ test 'request should fail' do
467
+ assert_equal 401, response.status
468
+ end
469
+
470
+ test 'should increase failed_attempts' do
471
+ assert_equal 1, @unlocked_user.reload.failed_attempts
472
+ end
473
+
474
+ test 'response should contain errors' do
475
+ assert @data['errors']
476
+ assert_equal @data['errors'], [I18n.t('devise_token_auth.sessions.bad_credentials')]
477
+ end
478
+
479
+ describe 'after maximum_attempts should block the user' do
480
+ before do
481
+ 4.times do
482
+ post :create,
483
+ params: { email: @unlocked_user.email,
484
+ password: 'bad-password' }
485
+ end
486
+ @data = JSON.parse(response.body)
487
+ end
488
+
489
+ test 'should increase failed_attempts' do
490
+ assert_equal 5, @unlocked_user.reload.failed_attempts
491
+ end
492
+
493
+ test 'should block the user' do
494
+ assert_equal true, @unlocked_user.reload.access_locked?
495
+ end
496
+ end
497
+ end
498
+ end
499
+ end
500
+ end