loyal_devise 2.1.2 → 2.1.3

data/test/integration/http_authenticatable_test.rb

@@ -1,7 +1,6 @@
-# -*- encoding : utf-8 -*-
 require 'test_helper'
 
-class HttpAuthenticationTest < ActionController::IntegrationTest
+class HttpAuthenticationTest < ActionDispatch::IntegrationTest
   test 'handles unverified requests gets rid of caches but continues signed in' do
     swap UsersController, :allow_forgery_protection => true do
       create_user
@@ -63,6 +62,24 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
     end
   end
 
+  test 'it uses appropriate authentication_keys when configured with hash' do
+    swap Devise, :authentication_keys => ActiveSupport::OrderedHash[:username, false, :email, false] do
+      sign_in_as_new_user_with_http("usertest")
+      assert_response :success
+      assert_match '<email>user@test.com</email>', response.body
+      assert warden.authenticated?(:user)
+    end
+  end
+
+  test 'it uses the appropriate key when configured explicitly' do
+    swap Devise, :authentication_keys => ActiveSupport::OrderedHash[:email, false, :username, false], :http_authentication_key => :username do
+      sign_in_as_new_user_with_http("usertest")
+      assert_response :success
+      assert_match '<email>user@test.com</email>', response.body
+      assert warden.authenticated?(:user)
+    end
+  end
+
   test 'test request with oauth2 header doesnt get mistaken for basic authentication' do
     swap Devise, :http_authenticatable => true do
       add_oauth2_header

data/test/integration/lockable_test.rb

@@ -1,7 +1,6 @@
-# -*- encoding : utf-8 -*-
 require 'test_helper'
 
-class LockTest < ActionController::IntegrationTest
+class LockTest < ActionDispatch::IntegrationTest
 
   def visit_user_unlock_with_token(unlock_token)
     visit user_unlock_path(:unlock_token => unlock_token)

data/test/integration/omniauthable_test.rb

@@ -1,8 +1,7 @@
-# -*- encoding : utf-8 -*-
 require 'test_helper'
 
 
-class OmniauthableIntegrationTest < ActionController::IntegrationTest
+class OmniauthableIntegrationTest < ActionDispatch::IntegrationTest
   FACEBOOK_INFO = {
     "id" => '12345',
     "link" => 'http://facebook.com/josevalim',
@@ -91,7 +90,7 @@ class OmniauthableIntegrationTest < ActionController::IntegrationTest
     end
 
     assert session["devise.facebook_data"]
-    user = sign_in_as_user
+    sign_in_as_user
     assert !session["devise.facebook_data"]
   end
 

data/test/integration/recoverable_test.rb

@@ -1,7 +1,6 @@
-# -*- encoding : utf-8 -*-
 require 'test_helper'
 
-class PasswordTest < ActionController::IntegrationTest
+class PasswordTest < ActionDispatch::IntegrationTest
 
   def visit_new_password_path
     visit new_user_session_path
@@ -154,7 +153,8 @@ class PasswordTest < ActionController::IntegrationTest
     assert_response :success
     assert_current_url '/users/password'
     assert_have_selector '#error_explanation'
-    assert_contain 'Password doesn\'t match confirmation'
+    assert_contain Devise.rails4? ?
+      "Password confirmation doesn't match Password" : "Password doesn't match confirmation"
     assert_not user.reload.valid_password?('987654321')
   end
 
@@ -191,15 +191,43 @@ class PasswordTest < ActionController::IntegrationTest
     assert warden.authenticated?(:user)
   end
 
-  test 'does not sign in user automatically after changing its password if it\'s locked' do
-    user = create_user(:locked => true)
-    request_forgot_password
-    reset_password :reset_password_token => user.reload.reset_password_token
+  test 'does not sign in user automatically after changing its password if it\'s locked and unlock strategy is :none or :time' do
+    [:none, :time].each do |strategy|
+      swap Devise, :unlock_strategy => strategy do
+        user = create_user(:locked => true)
+        request_forgot_password
+        reset_password :reset_password_token => user.reload.reset_password_token
+
+        assert_contain 'Your password was changed successfully.'
+        assert_not_contain 'You are now signed in.'
+        assert_equal new_user_session_path, @request.path
+        assert !warden.authenticated?(:user)
+      end
+    end
+  end
 
-    assert_contain 'Your password was changed successfully.'
-    assert_not_contain 'You are now signed in.'
-    assert_equal new_user_session_path, @request.path
-    assert !warden.authenticated?(:user)
+  test 'unlocks and signs in locked user automatically after changing it\'s password if unlock strategy is :email' do
+    swap Devise, :unlock_strategy => :email do
+      user = create_user(:locked => true)
+      request_forgot_password
+      reset_password :reset_password_token => user.reload.reset_password_token
+
+      assert_contain 'Your password was changed successfully.'
+      assert !user.reload.access_locked?
+      assert warden.authenticated?(:user)
+    end
+  end
+
+  test 'unlocks and signs in locked user automatically after changing it\'s password if unlock strategy is :both' do
+    swap Devise, :unlock_strategy => :both do
+      user = create_user(:locked => true)
+      request_forgot_password
+      reset_password :reset_password_token => user.reload.reset_password_token
+
+      assert_contain 'Your password was changed successfully.'
+      assert !user.reload.access_locked?
+      assert warden.authenticated?(:user)
+    end
   end
 
   test 'sign in user automatically and confirm after changing its password if it\'s not confirmed' do
@@ -243,7 +271,7 @@ class PasswordTest < ActionController::IntegrationTest
   end
 
   test 'change password with invalid token in XML format should return invalid response' do
-    user = create_user
+    create_user
     request_forgot_password
     put user_password_path(:format => 'xml'), :user => {:reset_password_token => 'invalid.token', :password => '987654321', :password_confirmation => '987654321'}
     assert_response :unprocessable_entity

data/test/integration/registerable_test.rb

@@ -1,7 +1,6 @@
-# -*- encoding : utf-8 -*-
 require 'test_helper'
 
-class RegistrationTest < ActionController::IntegrationTest
+class RegistrationTest < ActionDispatch::IntegrationTest
 
   test 'a guest admin should be able to sign in successfully' do
     get new_admin_session_path
@@ -18,7 +17,7 @@ class RegistrationTest < ActionController::IntegrationTest
     assert warden.authenticated?(:admin)
     assert_current_url "/admin_area/home"
 
-    admin = Admin.last :order => "id"
+    admin = Admin.order(:id).last
     assert_equal admin.email, 'new_user@test.com'
   end
 
@@ -57,7 +56,7 @@ class RegistrationTest < ActionController::IntegrationTest
 
     assert_not warden.authenticated?(:user)
 
-    user = User.last :order => "id"
+    user = User.order(:id).last
     assert_equal user.email, 'new_user@test.com'
     assert_not user.confirmed?
   end
@@ -101,7 +100,8 @@ class RegistrationTest < ActionController::IntegrationTest
     assert_template 'registrations/new'
     assert_have_selector '#error_explanation'
     assert_contain "Email is invalid"
-    assert_contain "Password doesn't match confirmation"
+    assert_contain Devise.rails4? ?
+      "Password confirmation doesn't match Password" : "Password doesn't match confirmation"
     assert_contain "2 errors prohibited"
     assert_nil User.first
 
@@ -113,7 +113,7 @@ class RegistrationTest < ActionController::IntegrationTest
     #    https://github.com/mongoid/mongoid/issues/756
     (pending "Fails on Mongoid < 2.1"; break) if defined?(Mongoid) && Mongoid::VERSION.to_f < 2.1
 
-    user = create_user
+    create_user
     get new_user_registration_path
 
     fill_in 'email', :with => 'user@test.com'
@@ -204,10 +204,11 @@ class RegistrationTest < ActionController::IntegrationTest
 
     fill_in 'password', :with => 'pas123'
     fill_in 'password confirmation', :with => ''
-    fill_in 'current password', :with => '123456'
+    fill_in 'current password', :with => '12345678'
     click_button 'Update'
 
-    assert_contain "Password doesn't match confirmation"
+    assert_contain Devise.rails4? ?
+      "Password confirmation doesn't match Password" : "Password doesn't match confirmation"
     assert_not User.first.valid_password?('pas123')
   end
 
@@ -215,7 +216,7 @@ class RegistrationTest < ActionController::IntegrationTest
     sign_in_as_user
     get edit_user_registration_path
 
-    click_link "Cancel my account", :method => :delete
+    click_button "Cancel my account"
     assert_contain "Bye! Your account was successfully cancelled. We hope to see you again soon."
 
     assert User.all.empty?
@@ -252,7 +253,7 @@ class RegistrationTest < ActionController::IntegrationTest
     assert_response :success
     assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<admin>)
 
-    admin = Admin.last :order => "id"
+    admin = Admin.order(:id).last
     assert_equal admin.email, 'new_user@test.com'
   end
 
@@ -261,7 +262,7 @@ class RegistrationTest < ActionController::IntegrationTest
     assert_response :success
     assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
 
-    user = User.last :order => "id"
+    user = User.order(:id).last
     assert_equal user.email, 'new_user@test.com'
   end
 
@@ -286,14 +287,14 @@ class RegistrationTest < ActionController::IntegrationTest
   end
 
   test 'a user cancel his account in XML format should return valid response' do
-    user = sign_in_as_user
+    sign_in_as_user
     delete user_registration_path(:format => 'xml')
     assert_response :success
     assert_equal User.count, 0
   end
 end
 
-class ReconfirmableRegistrationTest < ActionController::IntegrationTest
+class ReconfirmableRegistrationTest < ActionDispatch::IntegrationTest
   test 'a signed in admin should see a more appropriate flash message when editing his account if reconfirmable is enabled' do
     sign_in_as_admin
     get edit_admin_registration_path
@@ -304,8 +305,10 @@ class ReconfirmableRegistrationTest < ActionController::IntegrationTest
 
     assert_current_url '/admin_area/home'
     assert_contain 'but we need to verify your new email address'
+    assert_equal 'admin.new@example.com', Admin.first.unconfirmed_email
 
-    assert_equal "admin.new@example.com", Admin.first.unconfirmed_email
+    get edit_admin_registration_path
+    assert_contain 'Currently waiting confirmation for: admin.new@example.com'
   end
 
   test 'a signed in admin should not see a reconfirmation message if they did not change their password' do

data/test/integration/rememberable_test.rb

@@ -1,7 +1,6 @@
-# -*- encoding : utf-8 -*-
 require 'test_helper'
 
-class RememberMeTest < ActionController::IntegrationTest
+class RememberMeTest < ActionDispatch::IntegrationTest
   def create_user_and_remember(add_to_token='')
     user = create_user
     user.remember_me!
@@ -27,7 +26,7 @@ class RememberMeTest < ActionController::IntegrationTest
   end
 
   test 'do not remember the user if he has not checked remember me option' do
-    user = sign_in_as_user
+    sign_in_as_user
     assert_nil request.cookies["remember_user_cookie"]
   end
 
@@ -44,7 +43,7 @@ class RememberMeTest < ActionController::IntegrationTest
   end
 
   test 'generate remember token after sign in' do
-    user = sign_in_as_user :remember_me => true
+    sign_in_as_user :remember_me => true
     assert request.cookies["remember_user_token"]
   end
 
@@ -58,6 +57,13 @@ class RememberMeTest < ActionController::IntegrationTest
     end
   end
 
+  test 'generate remember token with a custom key' do
+    swap Devise, :rememberable_options => { :key => "v1lat_token" } do
+      user = sign_in_as_user :remember_me => true
+      assert request.cookies["v1lat_token"]
+    end
+  end
+
   test 'generate remember token after sign in setting session options' do
     begin
       Rails.configuration.session_options[:domain] = "omg.somewhere.com"
@@ -78,7 +84,7 @@ class RememberMeTest < ActionController::IntegrationTest
   end
 
   test 'remember the user before sign up and redirect him to his home' do
-    user = create_user_and_remember
+    create_user_and_remember
     get new_user_registration_path
     assert warden.authenticated?(:user)
     assert_redirected_to root_path
@@ -86,7 +92,7 @@ class RememberMeTest < ActionController::IntegrationTest
 
   test 'cookies are destroyed on unverified requests' do
     swap ApplicationController, :allow_forgery_protection => true do
-      user = create_user_and_remember
+      create_user_and_remember
       get users_path
       assert warden.authenticated?(:user)
       post root_path, :authenticity_token => 'INVALID'
@@ -111,7 +117,7 @@ class RememberMeTest < ActionController::IntegrationTest
   end
 
   test 'do not remember other scopes' do
-    user = create_user_and_remember
+    create_user_and_remember
     get root_path
     assert_response :success
     assert warden.authenticated?(:user)
@@ -119,14 +125,14 @@ class RememberMeTest < ActionController::IntegrationTest
   end
 
   test 'do not remember with invalid token' do
-    user = create_user_and_remember('add')
+    create_user_and_remember('add')
     get users_path
     assert_not warden.authenticated?(:user)
     assert_redirected_to new_user_session_path
   end
 
   test 'do not remember with expired token' do
-    user = create_user_and_remember
+    create_user_and_remember
     swap Devise, :remember_for => 0 do
       get users_path
       assert_not warden.authenticated?(:user)
@@ -135,7 +141,7 @@ class RememberMeTest < ActionController::IntegrationTest
   end
 
   test 'do not remember the user anymore after forget' do
-    user = create_user_and_remember
+    create_user_and_remember
     get users_path
     assert warden.authenticated?(:user)
 

data/test/integration/timeoutable_test.rb

@@ -1,7 +1,6 @@
-# -*- encoding : utf-8 -*-
 require 'test_helper'
 
-class SessionTimeoutTest < ActionController::IntegrationTest
+class SessionTimeoutTest < ActionDispatch::IntegrationTest
 
   def last_request_at
     @controller.user_session['last_request_at']
@@ -46,6 +45,16 @@ class SessionTimeoutTest < ActionController::IntegrationTest
     assert_not warden.authenticated?(:user)
   end
 
+  test 'time out user session after deault limit time and redirect to latest get request' do
+    user = sign_in_as_user
+    visit edit_form_user_path(user)
+
+    click_button 'Update'
+    sign_in_as_user
+
+    assert_equal edit_form_user_url(user), current_url
+  end
+
   test 'time out is not triggered on sign out' do
     user = sign_in_as_user
     get expire_user_path(user)

data/test/integration/token_authenticatable_test.rb

@@ -1,7 +1,6 @@
-# -*- encoding : utf-8 -*-
 require 'test_helper'
 
-class TokenAuthenticationTest < ActionController::IntegrationTest
+class TokenAuthenticationTest < ActionDispatch::IntegrationTest
 
   test 'authenticate with valid authentication token key and value through params' do
     swap Devise, :token_authentication_key => :secret_token do
@@ -130,6 +129,46 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
     end
   end
 
+  test 'authenticate with valid authentication token key and value through http header' do
+    swap Devise, :token_authentication_key => :secret_token do
+      sign_in_as_new_user_with_token(:token_auth => true)
+
+      assert_response :success
+      assert_match '<email>user@test.com</email>', response.body
+      assert_equal request.env['devise.token_options'], {}
+      assert warden.authenticated?(:user)
+    end
+  end
+
+  test 'authenticate with valid authentication token key and value through http header, with options' do
+    swap Devise, :token_authentication_key => :secret_token, :http_authenticatable => [:token_options] do
+      signature = "**TESTSIGNATURE**"
+      sign_in_as_new_user_with_token(:token_auth => true, :token_options => {:signature => signature, :nonce => 'def'})
+
+      assert_response :success
+      assert_match '<email>user@test.com</email>', response.body
+      assert_equal request.env['devise.token_options'][:signature], signature
+      assert_equal request.env['devise.token_options'][:nonce], 'def'
+      assert warden.authenticated?(:user)
+    end
+  end
+
+  test 'authenticate with valid authentication token key and value through http header without allowing token authorization setting is denied' do
+    swap Devise, :token_authentication_key => :secret_token, :http_authenticatable => false do
+      sign_in_as_new_user_with_token(:token_auth => true)
+
+      assert_response :unauthorized
+      assert_nil warden.user(:user)
+    end
+  end
+
+  test 'does not authenticate with improper authentication token value in header' do
+    sign_in_as_new_user_with_token(:token_auth => true, :auth_token => '*** INVALID TOKEN ***')
+
+    assert_response :unauthorized
+    assert_nil warden.user(:user)
+  end
+
   private
 
     def sign_in_as_new_user_with_token(options = {})
@@ -141,6 +180,10 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
       if options[:http_auth]
         header = "Basic #{Base64.encode64("#{VALID_AUTHENTICATION_TOKEN}:X")}"
         get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => header
+      elsif options[:token_auth]
+        token_options = options[:token_options] || {}
+        header = ActionController::HttpAuthentication::Token.encode_credentials(options[:auth_token], token_options)
+        get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => header
       else
         visit users_path(options[:auth_token_key].to_sym => options[:auth_token])
       end

data/test/integration/trackable_test.rb

@@ -1,7 +1,6 @@
-# -*- encoding : utf-8 -*-
 require 'test_helper'
 
-class TrackableHooksTest < ActionController::IntegrationTest
+class TrackableHooksTest < ActionDispatch::IntegrationTest
 
   test "current and last sign in timestamps are updated on each sign in" do
     user = create_user

data/test/mailers/confirmation_instructions_test.rb

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 require 'test_helper'
 
 class ConfirmationInstructionsTest < ActionMailer::TestCase
@@ -47,6 +46,16 @@ class ConfirmationInstructionsTest < ActionMailer::TestCase
     assert_equal ['custom@example.com'], mail.from
   end
 
+  test 'setup sender from custom mailer defaults with proc' do
+    Devise.mailer = 'Users::FromProcMailer'
+    assert_equal ['custom@example.com'], mail.from
+  end
+
+  test 'custom mailer renders parent mailer template' do
+    Devise.mailer = 'Users::Mailer'
+    assert_not_blank mail.body.encoded
+  end
+
   test 'setup reply to as copy from sender' do
     assert_equal ['test@example.com'], mail.reply_to
   end
@@ -57,7 +66,6 @@ class ConfirmationInstructionsTest < ActionMailer::TestCase
     assert_equal ['custom_reply_to@example.com'], mail.reply_to
   end
 
-
   test 'setup subject from I18n' do
     store_translations :en, :devise => { :mailer => { :confirmation_instructions => { :subject => 'Account Confirmation' } } } do
       assert_equal 'Account Confirmation', mail.subject
@@ -71,7 +79,7 @@ class ConfirmationInstructionsTest < ActionMailer::TestCase
   end
 
   test 'body should have user info' do
-    assert_match /#{user.email}/, mail.body.encoded
+    assert_match user.email, mail.body.encoded
   end
 
   test 'body should have link to confirm the account' do