loyal_devise 2.1.2

data/test/models/serializable_test.rb

@@ -0,0 +1,49 @@
+# -*- encoding : utf-8 -*-
+require 'test_helper'
+
+class SerializableTest < ActiveSupport::TestCase
+  setup do
+    @user = create_user
+  end
+
+  test 'should not include unsafe keys on XML' do
+    assert_match /email/, @user.to_xml
+    assert_no_match /confirmation-token/, @user.to_xml
+  end
+
+  test 'should not include unsafe keys on XML even if a new except is provided' do
+    assert_no_match /email/, @user.to_xml(:except => :email)
+    assert_no_match /confirmation-token/, @user.to_xml(:except => :email)
+  end
+
+  test 'should include unsafe keys on XML if a force_except is provided' do
+    assert_no_match /<email/, @user.to_xml(:force_except => :email)
+    assert_match /confirmation-token/, @user.to_xml(:force_except => :email)
+  end
+
+  test 'should not include unsafe keys on JSON' do
+    assert_equal %w(created_at email facebook_token id updated_at username), from_json().keys.sort
+  end
+
+  test 'should not include unsafe keys on JSON even if a new except is provided' do
+    assert_no_key "email", from_json(:except => :email)
+    assert_no_key "confirmation_token", from_json(:except => :email)
+  end
+
+  test 'should include unsafe keys on JSON if a force_except is provided' do
+    assert_no_key "email", from_json(:force_except => :email)
+    assert_key "confirmation_token", from_json(:force_except => :email)
+  end
+
+  def assert_key(key, subject)
+    assert subject.key?(key), "Expected #{subject.inspect} to have key #{key.inspect}"
+  end
+
+  def assert_no_key(key, subject)
+    assert !subject.key?(key), "Expected #{subject.inspect} to not have key #{key.inspect}"
+  end
+
+  def from_json(options=nil)
+    ActiveSupport::JSON.decode(@user.to_json(options))["user"]
+  end
+end

data/test/models/timeoutable_test.rb

@@ -0,0 +1,47 @@
+# -*- encoding : utf-8 -*-
+require 'test_helper'
+
+class TimeoutableTest < ActiveSupport::TestCase
+
+  test 'should be expired' do
+    assert new_user.timedout?(31.minutes.ago)
+  end
+
+  test 'should not be expired' do
+    assert_not new_user.timedout?(29.minutes.ago)
+  end
+
+  test 'should not be expired when params is nil' do
+    assert_not new_user.timedout?(nil)
+  end
+
+  test 'should use timeout_in method' do
+    user = new_user
+    user.instance_eval { def timeout_in; 10.minutes end }
+
+    assert user.timedout?(12.minutes.ago)
+    assert_not user.timedout?(8.minutes.ago)
+  end
+
+  test 'should not be expired when timeout_in method returns nil' do
+    user = new_user
+    user.instance_eval { def timeout_in; nil end }
+    assert_not user.timedout?(10.hours.ago)
+  end
+
+  test 'fallback to Devise config option' do
+    swap Devise, :timeout_in => 1.minute do
+      user = new_user
+      assert user.timedout?(2.minutes.ago)
+      assert_not user.timedout?(30.seconds.ago)
+
+      Devise.timeout_in = 5.minutes
+      assert_not user.timedout?(2.minutes.ago)
+      assert user.timedout?(6.minutes.ago)
+    end
+  end
+
+  test 'required_fields should contain the fields that Devise uses' do
+    assert_same_content Devise::Models::Timeoutable.required_fields(User), []
+  end
+end

data/test/models/token_authenticatable_test.rb

@@ -0,0 +1,56 @@
+# -*- encoding : utf-8 -*-
+require 'test_helper'
+
+class TokenAuthenticatableTest < ActiveSupport::TestCase
+
+  test 'should reset authentication token' do
+    user = new_user
+    user.reset_authentication_token
+    previous_token = user.authentication_token
+    user.reset_authentication_token
+    assert_not_equal previous_token, user.authentication_token
+  end
+
+  test 'should ensure authentication token' do
+    user = new_user
+    user.ensure_authentication_token
+    previous_token = user.authentication_token
+    user.ensure_authentication_token
+    assert_equal previous_token, user.authentication_token
+  end
+
+  test 'should authenticate a valid user with authentication token and return it' do
+    user = create_user
+    user.ensure_authentication_token!
+    user.confirm!
+    authenticated_user = User.find_for_token_authentication(:auth_token => user.authentication_token)
+    assert_equal authenticated_user, user
+  end
+
+  test 'should return nil when authenticating an invalid user by authentication token' do
+    user = create_user
+    user.ensure_authentication_token!
+    user.confirm!
+    authenticated_user = User.find_for_token_authentication(:auth_token => user.authentication_token.reverse)
+    assert_nil authenticated_user
+  end
+
+  test 'should not be subject to injection' do
+    user1 = create_user
+    user1.ensure_authentication_token!
+    user1.confirm!
+
+    user2 = create_user
+    user2.ensure_authentication_token!
+    user2.confirm!
+
+    user = User.find_for_token_authentication(:auth_token => {'$ne' => user1.authentication_token})
+    assert_nil user
+  end
+
+  test 'required_fields should contain the fields that Devise uses' do
+    assert_same_content Devise::Models::TokenAuthenticatable.required_fields(User), [
+      :authentication_token
+    ]
+  end
+end

data/test/models/trackable_test.rb

@@ -0,0 +1,14 @@
+# -*- encoding : utf-8 -*-
+require 'test_helper'
+
+class TrackableTest < ActiveSupport::TestCase
+  test 'required_fields should contain the fields that Devise uses' do
+    assert_same_content Devise::Models::Trackable.required_fields(User), [
+      :current_sign_in_at,
+      :current_sign_in_ip,
+      :last_sign_in_at,
+      :last_sign_in_ip,
+      :sign_in_count
+    ]
+  end
+end

data/test/models/validatable_test.rb

@@ -0,0 +1,117 @@
+# -*- encoding : utf-8 -*-
+require 'test_helper'
+
+class ValidatableTest < ActiveSupport::TestCase
+  test 'should require email to be set' do
+    user = new_user(:email => nil)
+    assert user.invalid?
+    assert user.errors[:email]
+    assert_equal 'can\'t be blank', user.errors[:email].join
+  end
+
+  test 'should require uniqueness of email if email has changed, allowing blank' do
+    existing_user = create_user
+
+    user = new_user(:email => '')
+    assert user.invalid?
+    assert_no_match(/taken/, user.errors[:email].join)
+
+    user.email = existing_user.email
+    assert user.invalid?
+    assert_match(/taken/, user.errors[:email].join)
+
+    user.save(:validate => false)
+    assert user.valid?
+  end
+
+  test 'should require correct email format if email has changed, allowing blank' do
+    user = new_user(:email => '')
+    assert user.invalid?
+    assert_not_equal 'is invalid', user.errors[:email].join
+
+    %w{invalid_email_format 123 $$$ () ☃ bla@bla.}.each do |email|
+      user.email = email
+      assert user.invalid?, 'should be invalid with email ' << email
+      assert_equal 'is invalid', user.errors[:email].join
+    end
+
+    user.save(:validate => false)
+    assert user.valid?
+  end
+
+  test 'should accept valid emails' do
+    %w(a.b.c@example.com test_mail@gmail.com any@any.net email@test.br 123@mail.test 1☃3@mail.test).each do |email|
+      user = new_user(:email => email)
+      assert user.valid?, 'should be valid with email ' << email
+      assert_blank user.errors[:email]
+    end
+  end
+
+  test 'should require password to be set when creating a new record' do
+    user = new_user(:password => '', :password_confirmation => '')
+    assert user.invalid?
+    assert_equal 'can\'t be blank', user.errors[:password].join
+  end
+
+  test 'should require confirmation to be set when creating a new record' do
+    user = new_user(:password => 'new_password', :password_confirmation => 'blabla')
+    assert user.invalid?
+    assert_equal 'doesn\'t match confirmation', user.errors[:password].join
+  end
+
+  test 'should require password when updating/reseting password' do
+    user = create_user
+
+    user.password = ''
+    user.password_confirmation = ''
+
+    assert user.invalid?
+    assert_equal 'can\'t be blank', user.errors[:password].join
+  end
+
+  test 'should require confirmation when updating/reseting password' do
+    user = create_user
+    user.password_confirmation = 'another_password'
+    assert user.invalid?
+    assert_equal 'doesn\'t match confirmation', user.errors[:password].join
+  end
+
+  test 'should require a password with minimum of 6 characters' do
+    user = new_user(:password => '12345', :password_confirmation => '12345')
+    assert user.invalid?
+    assert_equal 'is too short (minimum is 6 characters)', user.errors[:password].join
+  end
+
+  test 'should require a password with maximum of 128 characters long' do
+    user = new_user(:password => 'x'*129, :password_confirmation => 'x'*129)
+    assert user.invalid?
+    assert_equal 'is too long (maximum is 128 characters)', user.errors[:password].join
+  end
+
+  test 'should not require password length when it\'s not changed' do
+    user = create_user.reload
+    user.password = user.password_confirmation = nil
+    assert user.valid?
+
+    user.password_confirmation = 'confirmation'
+    assert user.invalid?
+    assert_not (user.errors[:password].join =~ /is too long/)
+  end
+
+  test 'should complain about length even if possword is not required' do
+    user = new_user(:password => 'x'*129, :password_confirmation => 'x'*129)
+    user.stubs(:password_required?).returns(false)
+    assert user.invalid?
+    assert_equal 'is too long (maximum is 128 characters)', user.errors[:password].join
+  end
+
+  test 'should not be included in objects with invalid API' do
+    assert_raise RuntimeError do
+      Class.new.send :include, Devise::Models::Validatable
+    end
+  end
+
+  test 'required_fields should be an empty array' do
+    assert_equal Devise::Models::Validatable.required_fields(User), []
+  end
+end

data/test/models_test.rb

@@ -0,0 +1,180 @@
+# -*- encoding : utf-8 -*-
+require 'test_helper'
+
+class Configurable < User
+  devise :database_authenticatable, :confirmable, :rememberable, :timeoutable, :lockable,
+         :stretches => 15, :pepper => 'abcdef', :allow_unconfirmed_access_for => 5.days,
+         :remember_for => 7.days, :timeout_in => 15.minutes, :unlock_in => 10.days
+end
+
+class WithValidation < Admin
+  devise :database_authenticatable, :validatable, :password_length => 2..6
+end
+
+class UserWithValidation < User
+  validates_presence_of :username
+end
+
+class Several < Admin
+  devise :validatable
+  devise :lockable
+end
+
+class Inheritable < Admin
+end
+
+class ActiveRecordTest < ActiveSupport::TestCase
+  def include_module?(klass, mod)
+    klass.devise_modules.include?(mod) &&
+      klass.included_modules.include?(Devise::Models::const_get(mod.to_s.classify))
+  end
+
+  def assert_include_modules(klass, *modules)
+    modules.each do |mod|
+      assert include_module?(klass, mod)
+    end
+
+    (Devise::ALL - modules).each do |mod|
+      assert_not include_module?(klass, mod)
+    end
+  end
+
+  test 'can cherry pick modules' do
+    assert_include_modules Admin, :database_authenticatable, :registerable, :timeoutable, :recoverable, :lockable, :confirmable
+  end
+
+  test 'validations options are not applied too late' do
+    validators = WithValidation.validators_on :password
+    length = validators.find { |v| v.kind == :length }
+    assert_equal 2, length.options[:minimum]
+    assert_equal 6, length.options[:maximum]
+  end
+
+  test 'validations are applied just once' do
+    validators = Several.validators_on :password
+    assert_equal 1, validators.select{ |v| v.kind == :length }.length
+  end
+
+  test 'chosen modules are inheritable' do
+    assert_include_modules Inheritable, :database_authenticatable, :registerable, :timeoutable, :recoverable, :lockable, :confirmable
+  end
+
+  test 'order of module inclusion' do
+    correct_module_order   = [:database_authenticatable, :recoverable, :registerable, :confirmable, :lockable, :timeoutable]
+    incorrect_module_order = [:database_authenticatable, :timeoutable, :registerable, :recoverable, :lockable, :confirmable]
+
+    assert_include_modules Admin, *incorrect_module_order
+
+    # get module constants from symbol list
+    module_constants = correct_module_order.collect { |mod| Devise::Models::const_get(mod.to_s.classify) }
+
+    # confirm that they adhere to the order in ALL
+    # get included modules, filter out the noise, and reverse the order
+    assert_equal module_constants, (Admin.included_modules & module_constants).reverse
+  end
+
+  test 'raise error on invalid module' do
+    assert_raise NameError do
+      # Mix valid an invalid modules.
+      Configurable.class_eval { devise :database_authenticatable, :doesnotexit }
+    end
+  end
+
+  test 'set a default value for stretches' do
+    assert_equal 15, Configurable.stretches
+  end
+
+  test 'set a default value for pepper' do
+    assert_equal 'abcdef', Configurable.pepper
+  end
+
+  test 'set a default value for allow_unconfirmed_access_for' do
+    assert_equal 5.days, Configurable.allow_unconfirmed_access_for
+  end
+
+  test 'set a default value for remember_for' do
+    assert_equal 7.days, Configurable.remember_for
+  end
+
+  test 'set a default value for timeout_in' do
+    assert_equal 15.minutes, Configurable.timeout_in
+  end
+
+  test 'set a default value for unlock_in' do
+    assert_equal 10.days, Configurable.unlock_in
+  end
+
+  test 'set null fields on migrations' do
+    Admin.create!
+  end
+end
+
+class CheckFieldsTest < ActiveSupport::TestCase
+  test 'checks if the class respond_to the required fields' do
+    Player = Class.new do
+      extend Devise::Models
+
+      def self.before_validation(instance)
+      end
+
+      devise :database_authenticatable
+
+      attr_accessor :encrypted_password, :email
+    end
+
+    assert_nothing_raised Devise::Models::MissingAttribute do
+      Devise::Models.check_fields!(Player)
+    end
+  end
+
+  test 'raises Devise::Models::MissingAtrribute and shows the missing attribute if the class doesn\'t respond_to one of the attributes' do
+    Clown = Class.new do
+      extend Devise::Models
+
+      def self.before_validation(instance)
+      end
+
+      devise :database_authenticatable
+
+      attr_accessor :encrypted_password
+    end
+
+    assert_raise_with_message Devise::Models::MissingAttribute, "The following attribute(s) is (are) missing on your model: email" do
+      Devise::Models.check_fields!(Clown)
+    end
+  end
+
+  test 'raises Devise::Models::MissingAtrribute with all the missing attributes if there is more than one' do
+    Magician = Class.new do
+      extend Devise::Models
+
+      def self.before_validation(instance)
+      end
+
+      devise :database_authenticatable
+    end
+
+    assert_raise_with_message Devise::Models::MissingAttribute, "The following attribute(s) is (are) missing on your model: encrypted_password, email" do
+      Devise::Models.check_fields!(Magician)
+    end
+  end
+
+  test "doesn't raise a NoMethodError exception when the module doesn't have a required_field(klass) class method" do
+    driver = Class.new do
+      extend Devise::Models
+
+      def self.before_validation(instance)
+      end
+
+      attr_accessor :encrypted_password, :email
+
+      devise :database_authenticatable
+    end
+
+    swap_module_method_existence Devise::Models::DatabaseAuthenticatable, :required_fields do
+      assert_deprecated do
+        Devise::Models.check_fields!(driver)
+      end
+    end
+  end
+end

data/test/omniauth/config_test.rb

@@ -0,0 +1,58 @@
+# -*- encoding : utf-8 -*-
+require 'test_helper'
+
+class OmniAuthConfigTest < ActiveSupport::TestCase
+  class MyStrategy
+    include OmniAuth::Strategy
+  end
+
+  test 'strategy_name returns provider if no options given' do
+    config = Devise::OmniAuth::Config.new :facebook, [{}]
+    assert_equal :facebook, config.strategy_name
+  end
+
+  test 'strategy_name returns provider if no name option are given' do
+    config = Devise::OmniAuth::Config.new :facebook, [{ :other => :option }]
+    assert_equal :facebook, config.strategy_name
+  end
+
+  test 'returns name option when have a name' do
+    config = Devise::OmniAuth::Config.new :facebook, [{ :name => :github }]
+    assert_equal :github, config.strategy_name
+  end
+
+  test "finds contrib strategies" do
+    config = Devise::OmniAuth::Config.new :facebook, [{}]
+    assert_equal OmniAuth::Strategies::Facebook, config.strategy_class
+  end
+
+  test "finds the strategy in OmniAuth's list by name" do
+    NamedTestStrategy = Class.new
+    NamedTestStrategy.send :include, OmniAuth::Strategy
+    NamedTestStrategy.option :name, :the_one
+
+    config = Devise::OmniAuth::Config.new :the_one, [{}]
+    assert_equal NamedTestStrategy, config.strategy_class
+  end
+
+  test "finds the strategy in OmniAuth's list by class name" do
+    UnNamedTestStrategy = Class.new
+    UnNamedTestStrategy.send :include, OmniAuth::Strategy
+
+    config = Devise::OmniAuth::Config.new :un_named_test_strategy, [{}]
+    assert_equal UnNamedTestStrategy, config.strategy_class
+  end
+
+  test 'raises an error if strategy cannot be found' do
+    config = Devise::OmniAuth::Config.new :my_other_strategy, [{}]
+    assert_raise Devise::OmniAuth::StrategyNotFound do
+      config.strategy_class
+    end
+  end
+
+  test 'allows the user to define a custom require path' do
+    config = Devise::OmniAuth::Config.new :my_strategy, [{:strategy_class => MyStrategy}]
+    config_class = config.strategy_class
+    assert_equal MyStrategy, config_class
+  end
+end

data/test/omniauth/url_helpers_test.rb

@@ -0,0 +1,52 @@
+# -*- encoding : utf-8 -*-
+require 'test_helper'
+
+class OmniAuthRoutesTest < ActionController::TestCase
+  tests ApplicationController
+
+  def assert_path(action, provider, with_param=true)
+    # Resource param
+    assert_equal @controller.send(action, :user, provider),
+                 @controller.send("user_#{action}", provider)
+
+    # With an object
+    assert_equal @controller.send(action, User.new, provider),
+                 @controller.send("user_#{action}", provider)
+
+    if with_param
+      # Default url params
+      assert_equal @controller.send(action, :user, provider, :param => 123),
+                   @controller.send("user_#{action}", provider, :param => 123)
+    end
+  end
+
+  test 'should alias omniauth_callback to mapped user auth_callback' do
+    assert_path :omniauth_callback_path, :facebook
+  end
+
+  test 'should alias omniauth_authorize to mapped user auth_authorize' do
+    assert_path :omniauth_authorize_path, :facebook, false
+  end
+
+  test 'should generate authorization path' do
+    assert_match "/users/auth/facebook", @controller.omniauth_authorize_path(:user, :facebook)
+
+    assert_raise ActionController::RoutingError do
+      @controller.omniauth_authorize_path(:user, :github)
+    end
+  end
+
+  test 'should generate authorization path for named open_id omniauth' do
+    assert_match "/users/auth/google", @controller.omniauth_authorize_path(:user, :google)
+  end
+
+  test 'should generate authorization path with params' do
+    assert_match "/users/auth/openid?openid_url=http%3A%2F%2Fyahoo.com",
+                  @controller.omniauth_authorize_path(:user, :openid, :openid_url => "http://yahoo.com")
+  end
+
+  test 'should not add a "?" if no param was sent' do
+    assert_equal "/users/auth/openid",
+                  @controller.omniauth_authorize_path(:user, :openid)
+  end
+end

data/test/orm/active_record.rb

@@ -0,0 +1,10 @@
+# -*- encoding : utf-8 -*-
+ActiveRecord::Migration.verbose = false
+ActiveRecord::Base.logger = Logger.new(nil)
+
+ActiveRecord::Migrator.migrate(File.expand_path("../../rails_app/db/migrate/", __FILE__))
+
+class ActiveSupport::TestCase
+  self.use_transactional_fixtures = true
+  self.use_instantiated_fixtures  = false
+end

data/test/orm/mongoid.rb

@@ -0,0 +1,15 @@
+# -*- encoding : utf-8 -*-
+require 'mongoid/version'
+
+Mongoid.configure do |config|
+  config.master  = Mongo::Connection.new('127.0.0.1', 27017).db("devise-test-suite")
+  config.use_utc = true
+  config.include_root_in_json = true
+end
+
+class ActiveSupport::TestCase
+  setup do
+    User.delete_all
+    Admin.delete_all
+  end
+end

data/test/rails_app/Rakefile

@@ -0,0 +1,10 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+
+Rails.application.load_tasks

data/test/rails_app/app/active_record/admin.rb

@@ -0,0 +1,7 @@
+# -*- encoding : utf-8 -*-
+require 'shared_admin'
+
+class Admin < ActiveRecord::Base
+  include Shim
+  include SharedAdmin
+end

data/test/rails_app/app/active_record/shim.rb

@@ -0,0 +1,3 @@
+# -*- encoding : utf-8 -*-
+module Shim
+end

data/test/rails_app/app/active_record/user.rb

@@ -0,0 +1,7 @@
+# -*- encoding : utf-8 -*-
+require 'shared_user'
+
+class User < ActiveRecord::Base
+  include Shim
+  include SharedUser
+end

data/test/rails_app/app/controllers/admins/sessions_controller.rb

@@ -0,0 +1,7 @@
+# -*- encoding : utf-8 -*-
+class Admins::SessionsController < Devise::SessionsController
+  def new
+    flash[:special] = "Welcome to #{controller_path.inspect} controller!"
+    super
+  end
+end

data/test/rails_app/app/controllers/admins_controller.rb

@@ -0,0 +1,12 @@
+# -*- encoding : utf-8 -*-
+class AdminsController < ApplicationController
+  before_filter :authenticate_admin!
+
+  def index
+  end
+
+  def expire
+    admin_session['last_request_at'] = 31.minutes.ago.utc
+    render :text => 'Admin will be expired on next request'
+  end
+end

data/test/rails_app/app/controllers/application_controller.rb

@@ -0,0 +1,9 @@
+# -*- encoding : utf-8 -*-
+# Filters added to this controller apply to all controllers in the application.
+# Likewise, all the methods added will be available for all controllers.
+
+class ApplicationController < ActionController::Base
+  protect_from_forgery
+  before_filter :current_user, :unless => :devise_controller?
+  before_filter :authenticate_user!, :if => :devise_controller?
+end