RubyGems - loyal_devise - Versions diffs - 2.1.2 - Mend

loyal_devise 2.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (208) hide show

data/.gitignore +10 -0
data/.travis.yml +15 -0
data/CHANGELOG.rdoc +881 -0
data/CONTRIBUTING.md +12 -0
data/Gemfile +31 -0
data/Gemfile.lock +154 -0
data/MIT-LICENSE +20 -0
data/README.md +388 -0
data/Rakefile +34 -0
data/app/controllers/devise/confirmations_controller.rb +44 -0
data/app/controllers/devise/omniauth_callbacks_controller.rb +31 -0
data/app/controllers/devise/passwords_controller.rb +57 -0
data/app/controllers/devise/registrations_controller.rb +120 -0
data/app/controllers/devise/sessions_controller.rb +51 -0
data/app/controllers/devise/unlocks_controller.rb +45 -0
data/app/controllers/devise_controller.rb +193 -0
data/app/helpers/devise_helper.rb +26 -0
data/app/mailers/devise/mailer.rb +16 -0
data/app/views/devise/_links.erb +3 -0
data/app/views/devise/confirmations/new.html.erb +12 -0
data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
data/app/views/devise/passwords/edit.html.erb +16 -0
data/app/views/devise/passwords/new.html.erb +12 -0
data/app/views/devise/registrations/edit.html.erb +25 -0
data/app/views/devise/registrations/new.html.erb +18 -0
data/app/views/devise/sessions/new.html.erb +17 -0
data/app/views/devise/shared/_links.erb +25 -0
data/app/views/devise/unlocks/new.html.erb +12 -0
data/config/locales/en.yml +59 -0
data/devise.gemspec +26 -0
data/gemfiles/Gemfile.rails-3.1.x +35 -0
data/gemfiles/Gemfile.rails-3.1.x.lock +167 -0
data/lib/devise/controllers/helpers.rb +273 -0
data/lib/devise/controllers/rememberable.rb +53 -0
data/lib/devise/controllers/scoped_views.rb +18 -0
data/lib/devise/controllers/url_helpers.rb +68 -0
data/lib/devise/delegator.rb +17 -0
data/lib/devise/failure_app.rb +188 -0
data/lib/devise/hooks/activatable.rb +12 -0
data/lib/devise/hooks/forgetable.rb +10 -0
data/lib/devise/hooks/lockable.rb +8 -0
data/lib/devise/hooks/rememberable.rb +7 -0
data/lib/devise/hooks/timeoutable.rb +26 -0
data/lib/devise/hooks/trackable.rb +10 -0
data/lib/devise/mailers/helpers.rb +92 -0
data/lib/devise/mapping.rb +173 -0
data/lib/devise/models/authenticatable.rb +269 -0
data/lib/devise/models/confirmable.rb +271 -0
data/lib/devise/models/database_authenticatable.rb +127 -0
data/lib/devise/models/lockable.rb +194 -0
data/lib/devise/models/omniauthable.rb +28 -0
data/lib/devise/models/recoverable.rb +141 -0
data/lib/devise/models/registerable.rb +26 -0
data/lib/devise/models/rememberable.rb +126 -0
data/lib/devise/models/timeoutable.rb +50 -0
data/lib/devise/models/token_authenticatable.rb +90 -0
data/lib/devise/models/trackable.rb +36 -0
data/lib/devise/models/validatable.rb +67 -0
data/lib/devise/models.rb +129 -0
data/lib/devise/modules.rb +30 -0
data/lib/devise/omniauth/config.rb +46 -0
data/lib/devise/omniauth/url_helpers.rb +19 -0
data/lib/devise/omniauth.rb +29 -0
data/lib/devise/orm/active_record.rb +4 -0
data/lib/devise/orm/mongoid.rb +4 -0
data/lib/devise/param_filter.rb +42 -0
data/lib/devise/rails/routes.rb +447 -0
data/lib/devise/rails/warden_compat.rb +44 -0
data/lib/devise/rails.rb +55 -0
data/lib/devise/strategies/authenticatable.rb +177 -0
data/lib/devise/strategies/base.rb +21 -0
data/lib/devise/strategies/database_authenticatable.rb +21 -0
data/lib/devise/strategies/rememberable.rb +56 -0
data/lib/devise/strategies/token_authenticatable.rb +57 -0
data/lib/devise/test_helpers.rb +132 -0
data/lib/devise/time_inflector.rb +15 -0
data/lib/devise/version.rb +4 -0
data/lib/devise.rb +445 -0
data/lib/generators/active_record/devise_generator.rb +80 -0
data/lib/generators/active_record/templates/migration.rb +20 -0
data/lib/generators/active_record/templates/migration_existing.rb +27 -0
data/lib/generators/devise/devise_generator.rb +25 -0
data/lib/generators/devise/install_generator.rb +25 -0
data/lib/generators/devise/orm_helpers.rb +33 -0
data/lib/generators/devise/views_generator.rb +117 -0
data/lib/generators/mongoid/devise_generator.rb +58 -0
data/lib/generators/templates/README +35 -0
data/lib/generators/templates/devise.rb +241 -0
data/lib/generators/templates/markerb/confirmation_instructions.markerb +5 -0
data/lib/generators/templates/markerb/reset_password_instructions.markerb +8 -0
data/lib/generators/templates/markerb/unlock_instructions.markerb +7 -0
data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +15 -0
data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +19 -0
data/lib/generators/templates/simple_form_for/passwords/new.html.erb +15 -0
data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +22 -0
data/lib/generators/templates/simple_form_for/registrations/new.html.erb +17 -0
data/lib/generators/templates/simple_form_for/sessions/new.html.erb +15 -0
data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +15 -0
data/test/controllers/custom_strategy_test.rb +63 -0
data/test/controllers/helpers_test.rb +254 -0
data/test/controllers/internal_helpers_test.rb +111 -0
data/test/controllers/sessions_controller_test.rb +58 -0
data/test/controllers/url_helpers_test.rb +60 -0
data/test/delegator_test.rb +20 -0
data/test/devise_test.rb +73 -0
data/test/failure_app_test.rb +222 -0
data/test/generators/active_record_generator_test.rb +76 -0
data/test/generators/devise_generator_test.rb +40 -0
data/test/generators/install_generator_test.rb +14 -0
data/test/generators/mongoid_generator_test.rb +24 -0
data/test/generators/views_generator_test.rb +53 -0
data/test/helpers/devise_helper_test.rb +52 -0
data/test/indifferent_hash.rb +34 -0
data/test/integration/authenticatable_test.rb +634 -0
data/test/integration/confirmable_test.rb +299 -0
data/test/integration/database_authenticatable_test.rb +83 -0
data/test/integration/http_authenticatable_test.rb +98 -0
data/test/integration/lockable_test.rb +243 -0
data/test/integration/omniauthable_test.rb +134 -0
data/test/integration/recoverable_test.rb +307 -0
data/test/integration/registerable_test.rb +346 -0
data/test/integration/rememberable_test.rb +159 -0
data/test/integration/timeoutable_test.rb +141 -0
data/test/integration/token_authenticatable_test.rb +162 -0
data/test/integration/trackable_test.rb +93 -0
data/test/mailers/confirmation_instructions_test.rb +103 -0
data/test/mailers/reset_password_instructions_test.rb +84 -0
data/test/mailers/unlock_instructions_test.rb +78 -0
data/test/mapping_test.rb +128 -0
data/test/models/authenticatable_test.rb +8 -0
data/test/models/confirmable_test.rb +392 -0
data/test/models/database_authenticatable_test.rb +190 -0
data/test/models/lockable_test.rb +274 -0
data/test/models/omniauthable_test.rb +8 -0
data/test/models/recoverable_test.rb +206 -0
data/test/models/registerable_test.rb +8 -0
data/test/models/rememberable_test.rb +175 -0
data/test/models/serializable_test.rb +49 -0
data/test/models/timeoutable_test.rb +47 -0
data/test/models/token_authenticatable_test.rb +56 -0
data/test/models/trackable_test.rb +14 -0
data/test/models/validatable_test.rb +117 -0
data/test/models_test.rb +180 -0
data/test/omniauth/config_test.rb +58 -0
data/test/omniauth/url_helpers_test.rb +52 -0
data/test/orm/active_record.rb +10 -0
data/test/orm/mongoid.rb +15 -0
data/test/rails_app/Rakefile +10 -0
data/test/rails_app/app/active_record/admin.rb +7 -0
data/test/rails_app/app/active_record/shim.rb +3 -0
data/test/rails_app/app/active_record/user.rb +7 -0
data/test/rails_app/app/controllers/admins/sessions_controller.rb +7 -0
data/test/rails_app/app/controllers/admins_controller.rb +12 -0
data/test/rails_app/app/controllers/application_controller.rb +9 -0
data/test/rails_app/app/controllers/home_controller.rb +26 -0
data/test/rails_app/app/controllers/publisher/registrations_controller.rb +3 -0
data/test/rails_app/app/controllers/publisher/sessions_controller.rb +3 -0
data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +15 -0
data/test/rails_app/app/controllers/users_controller.rb +24 -0
data/test/rails_app/app/helpers/application_helper.rb +4 -0
data/test/rails_app/app/mailers/users/mailer.rb +9 -0
data/test/rails_app/app/mongoid/admin.rb +28 -0
data/test/rails_app/app/mongoid/shim.rb +25 -0
data/test/rails_app/app/mongoid/user.rb +43 -0
data/test/rails_app/app/views/admins/index.html.erb +1 -0
data/test/rails_app/app/views/admins/sessions/new.html.erb +2 -0
data/test/rails_app/app/views/home/admin_dashboard.html.erb +1 -0
data/test/rails_app/app/views/home/index.html.erb +1 -0
data/test/rails_app/app/views/home/join.html.erb +1 -0
data/test/rails_app/app/views/home/private.html.erb +1 -0
data/test/rails_app/app/views/home/user_dashboard.html.erb +1 -0
data/test/rails_app/app/views/layouts/application.html.erb +24 -0
data/test/rails_app/app/views/users/index.html.erb +1 -0
data/test/rails_app/app/views/users/mailer/confirmation_instructions.erb +1 -0
data/test/rails_app/app/views/users/sessions/new.html.erb +1 -0
data/test/rails_app/config/application.rb +42 -0
data/test/rails_app/config/boot.rb +9 -0
data/test/rails_app/config/database.yml +18 -0
data/test/rails_app/config/environment.rb +6 -0
data/test/rails_app/config/environments/development.rb +19 -0
data/test/rails_app/config/environments/production.rb +34 -0
data/test/rails_app/config/environments/test.rb +34 -0
data/test/rails_app/config/initializers/backtrace_silencers.rb +8 -0
data/test/rails_app/config/initializers/devise.rb +179 -0
data/test/rails_app/config/initializers/inflections.rb +3 -0
data/test/rails_app/config/initializers/secret_token.rb +3 -0
data/test/rails_app/config/routes.rb +101 -0
data/test/rails_app/config.ru +4 -0
data/test/rails_app/db/migrate/20100401102949_create_tables.rb +75 -0
data/test/rails_app/db/schema.rb +53 -0
data/test/rails_app/lib/shared_admin.rb +15 -0
data/test/rails_app/lib/shared_user.rb +27 -0
data/test/rails_app/public/404.html +26 -0
data/test/rails_app/public/422.html +26 -0
data/test/rails_app/public/500.html +26 -0
data/test/rails_app/public/favicon.ico +0 -0
data/test/rails_app/script/rails +10 -0
data/test/routes_test.rb +249 -0
data/test/support/assertions.rb +41 -0
data/test/support/helpers.rb +92 -0
data/test/support/integration.rb +93 -0
data/test/support/locale/en.yml +4 -0
data/test/support/webrat/integrations/rails.rb +25 -0
data/test/test_helper.rb +28 -0
data/test/test_helpers_test.rb +152 -0
metadata +407 -0

data/test/integration/confirmable_test.rb ADDED Viewed

@@ -0,0 +1,299 @@
+# -*- encoding : utf-8 -*-
+require 'test_helper'
+class ConfirmationTest < ActionController::IntegrationTest
+  def visit_user_confirmation_with_token(confirmation_token)
+    visit user_confirmation_path(:confirmation_token => confirmation_token)
+  end
+  def resend_confirmation
+    user = create_user(:confirm => false)
+    ActionMailer::Base.deliveries.clear
+    visit new_user_session_path
+    click_link "Didn't receive confirmation instructions?"
+    fill_in 'email', :with => user.email
+    click_button 'Resend confirmation instructions'
+  end
+  test 'user should be able to request a new confirmation' do
+    resend_confirmation
+    assert_current_url '/users/sign_in'
+    assert_contain 'You will receive an email with instructions about how to confirm your account in a few minutes'
+    assert_equal 1, ActionMailer::Base.deliveries.size
+    assert_equal ['please-change-me@config-initializers-devise.com'], ActionMailer::Base.deliveries.first.from
+  end
+  test 'user should receive a confirmation from a custom mailer' do
+    User.any_instance.stubs(:devise_mailer).returns(Users::Mailer)
+    resend_confirmation
+    assert_equal ['custom@example.com'], ActionMailer::Base.deliveries.first.from
+  end
+  test 'user with invalid confirmation token should not be able to confirm an account' do
+    visit_user_confirmation_with_token('invalid_confirmation')
+    assert_have_selector '#error_explanation'
+    assert_contain /Confirmation token(.*)invalid/
+  end
+  test 'user with valid confirmation token should be able to confirm an account' do
+    user = create_user(:confirm => false)
+    assert_not user.confirmed?
+    visit_user_confirmation_with_token(user.confirmation_token)
+    assert_contain 'Your account was successfully confirmed.'
+    assert_current_url '/'
+    assert user.reload.confirmed?
+  end
+  test 'user with valid confirmation token should not be able to confirm an account after the token has expired' do
+    swap Devise, :confirm_within => 3.days do
+      user = create_user(:confirm => false, :confirmation_sent_at => 4.days.ago)
+      assert_not user.confirmed?
+      visit_user_confirmation_with_token(user.confirmation_token)
+      assert_have_selector '#error_explanation'
+      assert_contain /needs to be confirmed within 3 days/
+      assert_not user.reload.confirmed?
+    end
+  end
+  test 'user with valid confirmation token should be able to confirm an account before the token has expired' do
+    swap Devise, :confirm_within => 3.days do
+      user = create_user(:confirm => false, :confirmation_sent_at => 2.days.ago)
+      assert_not user.confirmed?
+      visit_user_confirmation_with_token(user.confirmation_token)
+      assert_contain 'Your account was successfully confirmed.'
+      assert_current_url '/'
+      assert user.reload.confirmed?
+    end
+  end
+  test 'user should be redirected to a custom path after confirmation' do
+    Devise::ConfirmationsController.any_instance.stubs(:after_confirmation_path_for).returns("/?custom=1")
+    user = create_user(:confirm => false)
+    visit_user_confirmation_with_token(user.confirmation_token)
+    assert_current_url "/?custom=1"
+  end
+  test 'already confirmed user should not be able to confirm the account again' do
+    user = create_user(:confirm => false)
+    user.confirmed_at = Time.now
+    user.save
+    visit_user_confirmation_with_token(user.confirmation_token)
+    assert_have_selector '#error_explanation'
+    assert_contain 'already confirmed'
+  end
+  test 'already confirmed user should not be able to confirm the account again neither request confirmation' do
+    user = create_user(:confirm => false)
+    user.confirmed_at = Time.now
+    user.save
+    visit_user_confirmation_with_token(user.confirmation_token)
+    assert_contain 'already confirmed'
+    fill_in 'email', :with => user.email
+    click_button 'Resend confirmation instructions'
+    assert_contain 'already confirmed'
+  end
+  test 'sign in user automatically after confirming its email' do
+    user = create_user(:confirm => false)
+    visit_user_confirmation_with_token(user.confirmation_token)
+    assert warden.authenticated?(:user)
+  end
+  test 'increases sign count when signed in through confirmation' do
+    user = create_user(:confirm => false)
+    visit_user_confirmation_with_token(user.confirmation_token)
+    user.reload
+    assert_equal 1, user.sign_in_count
+  end
+  test 'not confirmed user with setup to block without confirmation should not be able to sign in' do
+    swap Devise, :allow_unconfirmed_access_for => 0.days do
+      sign_in_as_user(:confirm => false)
+      assert_contain 'You have to confirm your account before continuing'
+      assert_not warden.authenticated?(:user)
+    end
+  end
+  test 'not confirmed user should not see confirmation message if invalid credentials are given' do
+    swap Devise, :allow_unconfirmed_access_for => 0.days do
+      sign_in_as_user(:confirm => false) do
+        fill_in 'password', :with => 'invalid'
+      end
+      assert_contain 'Invalid email or password'
+      assert_not warden.authenticated?(:user)
+    end
+  end
+  test 'not confirmed user but configured with some days to confirm should be able to sign in' do
+    swap Devise, :allow_unconfirmed_access_for => 1.day do
+      sign_in_as_user(:confirm => false)
+      assert_response :success
+      assert warden.authenticated?(:user)
+    end
+  end
+  test 'error message is configurable by resource name' do
+    store_translations :en, :devise => {
+      :failure => { :user => { :unconfirmed => "Not confirmed user" } }
+    } do
+      sign_in_as_user(:confirm => false)
+      assert_contain 'Not confirmed user'
+    end
+  end
+  test 'resent confirmation token with valid E-Mail in XML format should return valid response' do
+    user = create_user(:confirm => false)
+    post user_confirmation_path(:format => 'xml'), :user => { :email => user.email }
+    assert_response :success
+    assert_equal response.body, {}.to_xml
+  end
+  test 'resent confirmation token with invalid E-Mail in XML format should return invalid response' do
+    user = create_user(:confirm => false)
+    post user_confirmation_path(:format => 'xml'), :user => { :email => 'invalid.test@test.com' }
+    assert_response :unprocessable_entity
+    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
+  end
+  test 'confirm account with valid confirmation token in XML format should return valid response' do
+    user = create_user(:confirm => false)
+    get user_confirmation_path(:confirmation_token => user.confirmation_token, :format => 'xml')
+    assert_response :success
+    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
+  end
+  test 'confirm account with invalid confirmation token in XML format should return invalid response' do
+    user = create_user(:confirm => false)
+    get user_confirmation_path(:confirmation_token => 'invalid_confirmation', :format => 'xml')
+    assert_response :unprocessable_entity
+    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
+  end
+  test 'request an account confirmation account with JSON, should return an empty JSON' do
+    user = create_user(:confirm => false)
+    post user_confirmation_path, :user => { :email => user.email }, :format => :json
+    assert_response :success
+    assert_equal response.body, {}.to_json
+  end
+  test "when in paranoid mode and with a valid e-mail, should not say that the e-mail is valid" do
+    swap Devise, :paranoid => true do
+      user = create_user(:confirm => false)
+      visit new_user_session_path
+      click_link "Didn't receive confirmation instructions?"
+      fill_in 'email', :with => user.email
+      click_button 'Resend confirmation instructions'
+      assert_contain "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes."
+      assert_current_url "/users/sign_in"
+    end
+  end
+  test "when in paranoid mode and with a invalid e-mail, should not say that the e-mail is invalid" do
+    swap Devise, :paranoid => true do
+      visit new_user_session_path
+      click_link "Didn't receive confirmation instructions?"
+      fill_in 'email', :with => "idonthavethisemail@gmail.com"
+      click_button 'Resend confirmation instructions'
+      assert_not_contain "1 error prohibited this user from being saved:"
+      assert_not_contain "Email not found"
+      assert_contain "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes."
+      assert_current_url "/users/sign_in"
+    end
+  end
+end
+class ConfirmationOnChangeTest < ActionController::IntegrationTest
+  def create_second_admin(options={})
+    @admin = nil
+    create_admin(options)
+  end
+  def visit_admin_confirmation_with_token(confirmation_token)
+    visit admin_confirmation_path(:confirmation_token => confirmation_token)
+  end
+  test 'admin should be able to request a new confirmation after email changed' do
+    admin = create_admin
+    admin.update_attributes(:email => 'new_test@example.com')
+    visit new_admin_session_path
+    click_link "Didn't receive confirmation instructions?"
+    fill_in 'email', :with => admin.unconfirmed_email
+    assert_difference "ActionMailer::Base.deliveries.size" do
+      click_button 'Resend confirmation instructions'
+    end
+    assert_current_url '/admin_area/sign_in'
+    assert_contain 'You will receive an email with instructions about how to confirm your account in a few minutes'
+  end
+  test 'admin with valid confirmation token should be able to confirm email after email changed' do
+    admin = create_admin
+    admin.update_attributes(:email => 'new_test@example.com')
+    assert_equal 'new_test@example.com', admin.unconfirmed_email
+    visit_admin_confirmation_with_token(admin.confirmation_token)
+    assert_contain 'Your account was successfully confirmed.'
+    assert_current_url '/admin_area/home'
+    assert admin.reload.confirmed?
+    assert_not admin.reload.pending_reconfirmation?
+  end
+  test 'admin with previously valid confirmation token should not be able to confirm email after email changed again' do
+    admin = create_admin
+    admin.update_attributes(:email => 'first_test@example.com')
+    assert_equal 'first_test@example.com', admin.unconfirmed_email
+    confirmation_token = admin.confirmation_token
+    admin.update_attributes(:email => 'second_test@example.com')
+    assert_equal 'second_test@example.com', admin.unconfirmed_email
+    visit_admin_confirmation_with_token(confirmation_token)
+    assert_have_selector '#error_explanation'
+    assert_contain /Confirmation token(.*)invalid/
+    visit_admin_confirmation_with_token(admin.confirmation_token)
+    assert_contain 'Your account was successfully confirmed.'
+    assert_current_url '/admin_area/home'
+    assert admin.reload.confirmed?
+    assert_not admin.reload.pending_reconfirmation?
+  end
+  test 'admin email should be unique also within unconfirmed_email' do
+    admin = create_admin
+    admin.update_attributes(:email => 'new_admin_test@example.com')
+    assert_equal 'new_admin_test@example.com', admin.unconfirmed_email
+    create_second_admin(:email => "new_admin_test@example.com")
+    visit_admin_confirmation_with_token(admin.confirmation_token)
+    assert_have_selector '#error_explanation'
+    assert_contain /Email.*already.*taken/
+    assert admin.reload.pending_reconfirmation?
+  end
+end

data/test/integration/database_authenticatable_test.rb ADDED Viewed

@@ -0,0 +1,83 @@
+# -*- encoding : utf-8 -*-
+require 'test_helper'
+class DatabaseAuthenticationTest < ActionController::IntegrationTest
+  test 'sign in with email of different case should succeed when email is in the list of case insensitive keys' do
+    create_user(:email => 'Foo@Bar.com')
+    sign_in_as_user do
+      fill_in 'email', :with => 'foo@bar.com'
+    end
+    assert warden.authenticated?(:user)
+  end
+  test 'sign in with email of different case should fail when email is NOT the list of case insensitive keys' do
+    swap Devise, :case_insensitive_keys => [] do
+      create_user(:email => 'Foo@Bar.com')
+      sign_in_as_user do
+        fill_in 'email', :with => 'foo@bar.com'
+      end
+      assert_not warden.authenticated?(:user)
+    end
+  end
+  test 'sign in with email including extra spaces should succeed when email is in the list of strip whitespace keys' do
+    create_user(:email => ' foo@bar.com ')
+    sign_in_as_user do
+      fill_in 'email', :with => 'foo@bar.com'
+    end
+    assert warden.authenticated?(:user)
+  end
+  test 'sign in with email including extra spaces should fail when email is NOT the list of strip whitespace keys' do
+    swap Devise, :strip_whitespace_keys => [] do
+      create_user(:email => 'foo@bar.com')
+      sign_in_as_user do
+        fill_in 'email', :with => ' foo@bar.com '
+      end
+      assert_not warden.authenticated?(:user)
+    end
+  end
+  test 'sign in should not authenticate if not using proper authentication keys' do
+    swap Devise, :authentication_keys => [:username] do
+      sign_in_as_user
+      assert_not warden.authenticated?(:user)
+    end
+  end
+  test 'sign in with invalid email should return to sign in form with error message' do
+    sign_in_as_admin do
+      fill_in 'email', :with => 'wrongemail@test.com'
+    end
+    assert_contain 'Invalid email or password'
+    assert_not warden.authenticated?(:admin)
+  end
+  test 'sign in with invalid pasword should return to sign in form with error message' do
+    sign_in_as_admin do
+      fill_in 'password', :with => 'abcdef'
+    end
+    assert_contain 'Invalid email or password'
+    assert_not warden.authenticated?(:admin)
+  end
+  test 'error message is configurable by resource name' do
+    store_translations :en, :devise => { :failure => { :admin => { :invalid => "Invalid credentials" } } } do
+      sign_in_as_admin do
+        fill_in 'password', :with => 'abcdef'
+      end
+      assert_contain 'Invalid credentials'
+    end
+  end
+end

data/test/integration/http_authenticatable_test.rb ADDED Viewed

@@ -0,0 +1,98 @@
+# -*- encoding : utf-8 -*-
+require 'test_helper'
+class HttpAuthenticationTest < ActionController::IntegrationTest
+  test 'handles unverified requests gets rid of caches but continues signed in' do
+    swap UsersController, :allow_forgery_protection => true do
+      create_user
+      post exhibit_user_url(1), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("user@test.com:12345678")}"
+      assert warden.authenticated?(:user)
+      assert_equal "User is authenticated", response.body
+    end
+  end
+  test 'sign in should authenticate with http' do
+    sign_in_as_new_user_with_http
+    assert_response 200
+    assert_match '<email>user@test.com</email>', response.body
+    assert warden.authenticated?(:user)
+    get users_path(:format => :xml)
+    assert_response 200
+  end
+  test 'sign in should authenticate with http but not emit a cookie if skipping session storage' do
+    swap Devise, :skip_session_storage => [:http_auth] do
+      sign_in_as_new_user_with_http
+      assert_response 200
+      assert_match '<email>user@test.com</email>', response.body
+      assert warden.authenticated?(:user)
+      get users_path(:format => :xml)
+      assert_response 401
+    end
+  end
+  test 'returns a custom response with www-authenticate header on failures' do
+    sign_in_as_new_user_with_http("unknown")
+    assert_equal 401, status
+    assert_equal 'Basic realm="Application"', headers["WWW-Authenticate"]
+  end
+  test 'uses the request format as response content type' do
+    sign_in_as_new_user_with_http("unknown")
+    assert_equal 401, status
+    assert_equal "application/xml; charset=utf-8", headers["Content-Type"]
+    assert_match "<error>Invalid email or password.</error>", response.body
+  end
+  test 'returns a custom response with www-authenticate and chosen realm' do
+    swap Devise, :http_authentication_realm => "MyApp" do
+      sign_in_as_new_user_with_http("unknown")
+      assert_equal 401, status
+      assert_equal 'Basic realm="MyApp"', headers["WWW-Authenticate"]
+    end
+  end
+  test 'sign in should authenticate with http even with specific authentication keys' do
+    swap Devise, :authentication_keys => [:username] do
+      sign_in_as_new_user_with_http("usertest")
+      assert_response :success
+      assert_match '<email>user@test.com</email>', response.body
+      assert warden.authenticated?(:user)
+    end
+  end
+  test 'test request with oauth2 header doesnt get mistaken for basic authentication' do
+    swap Devise, :http_authenticatable => true do
+      add_oauth2_header
+      assert_equal 401, status
+      assert_equal 'Basic realm="Application"', headers["WWW-Authenticate"]
+    end
+  end
+  test 'sign in should authenticate with really long token' do
+    token = "token_containing_so_many_characters_that_the_base64_encoding_will_wrap"
+    user = create_user
+    user.update_attribute :authentication_token, token
+    get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{token}:x")}"
+    assert_response :success
+    assert_match "<email>user@test.com</email>", response.body
+    assert warden.authenticated?(:user)
+  end
+  private
+    def sign_in_as_new_user_with_http(username="user@test.com", password="12345678")
+      user = create_user
+      get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{username}:#{password}")}"
+      user
+    end
+    # Sign in with oauth2 token. This is just to test that it isn't misinterpreted as basic authentication
+    def add_oauth2_header
+      user = create_user
+      get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "OAuth #{Base64.encode64("#{user.email}:12345678")}"
+    end
+end