omniauth-identity 2.0.0 → 3.0.4

data/spec/omniauth/identity/model_spec.rb

@@ -1,88 +1,91 @@
+# frozen_string_literal: true
+
 class ExampleModel
   include OmniAuth::Identity::Model
 end
 
-describe OmniAuth::Identity::Model do
+RSpec.describe OmniAuth::Identity::Model do
   context 'Class Methods' do
-    subject{ ExampleModel }
+    subject { ExampleModel }
 
     describe '.locate' do
-      it('should be abstract'){ expect{ subject.locate('abc') }.to raise_error(NotImplementedError) }
+      it('is abstract') { expect { subject.locate('abc') }.to raise_error(NotImplementedError) }
     end
 
     describe '.authenticate' do
-      it 'should call locate and then authenticate' do
-        mocked_instance = double('ExampleModel', :authenticate => 'abbadoo')
+      it 'calls locate and then authenticate' do
+        mocked_instance = double('ExampleModel', authenticate: 'abbadoo')
         allow(subject).to receive(:locate).with('email' => 'example').and_return(mocked_instance)
-        expect(subject.authenticate({'email' => 'example'},'pass')).to eq('abbadoo')
+        expect(subject.authenticate({ 'email' => 'example' }, 'pass')).to eq('abbadoo')
       end
 
-      it 'should call locate with additional scopes when provided' do
-        mocked_instance = double('ExampleModel', :authenticate => 'abbadoo')
-        allow(subject).to receive(:locate).with('email' => 'example', 'user_type' => 'admin').and_return(mocked_instance)
-        expect(subject.authenticate({'email' => 'example', 'user_type' => 'admin'}, 'pass')).to eq('abbadoo')
+      it 'calls locate with additional scopes when provided' do
+        mocked_instance = double('ExampleModel', authenticate: 'abbadoo')
+        allow(subject).to receive(:locate).with('email' => 'example',
+                                                'user_type' => 'admin').and_return(mocked_instance)
+        expect(subject.authenticate({ 'email' => 'example', 'user_type' => 'admin' }, 'pass')).to eq('abbadoo')
       end
 
-      it 'should recover gracefully if locate is nil' do
+      it 'recovers gracefully if locate is nil' do
         allow(subject).to receive(:locate).and_return(nil)
-        expect(subject.authenticate('blah','foo')).to be false
+        expect(subject.authenticate('blah', 'foo')).to be false
       end
     end
   end
 
   context 'Instance Methods' do
-    subject{ ExampleModel.new }
+    subject { ExampleModel.new }
 
     describe '#authenticate' do
-      it('should be abstract'){ expect{ subject.authenticate('abc') }.to raise_error(NotImplementedError) }
+      it('is abstract') { expect { subject.authenticate('abc') }.to raise_error(NotImplementedError) }
     end
 
     describe '#uid' do
-      it 'should default to #id' do
+      it 'defaults to #id' do
         allow(subject).to receive(:respond_to?).with(:id).and_return(true)
         allow(subject).to receive(:id).and_return 'wakka-do'
         expect(subject.uid).to eq('wakka-do')
       end
 
-      it 'should stringify it' do
+      it 'stringifies it' do
         allow(subject).to receive(:id).and_return 123
         expect(subject.uid).to eq('123')
       end
 
-      it 'should raise NotImplementedError if #id is not defined' do
+      it 'raises NotImplementedError if #id is not defined' do
         allow(subject).to receive(:respond_to?).with(:id).and_return(false)
-        expect{ subject.uid }.to raise_error(NotImplementedError)
+        expect { subject.uid }.to raise_error(NotImplementedError)
       end
     end
 
     describe '#auth_key' do
-      it 'should default to #email' do
+      it 'defaults to #email' do
         allow(subject).to receive(:respond_to?).with(:email).and_return(true)
         allow(subject).to receive(:email).and_return('bob@bob.com')
         expect(subject.auth_key).to eq('bob@bob.com')
       end
 
-      it 'should use the class .auth_key' do
+      it 'uses the class .auth_key' do
         subject.class.auth_key 'login'
         allow(subject).to receive(:login).and_return 'bob'
         expect(subject.auth_key).to eq('bob')
         subject.class.auth_key nil
       end
 
-      it 'should raise a NotImplementedError if the auth_key method is not defined' do
-        expect{ subject.auth_key }.to raise_error(NotImplementedError)
+      it 'raises a NotImplementedError if the auth_key method is not defined' do
+        expect { subject.auth_key }.to raise_error(NotImplementedError)
       end
     end
 
     describe '#auth_key=' do
-      it 'should default to setting email' do
+      it 'defaults to setting email' do
         allow(subject).to receive(:respond_to?).with(:email=).and_return(true)
         expect(subject).to receive(:email=).with 'abc'
-        
+
         subject.auth_key = 'abc'
       end
 
-      it 'should use a custom .auth_key if one is provided' do
+      it 'uses a custom .auth_key if one is provided' do
         subject.class.auth_key 'login'
         allow(subject).to receive(:respond_to?).with(:login=).and_return(true)
         expect(subject).to receive(:login=).with('abc')
@@ -90,28 +93,28 @@ describe OmniAuth::Identity::Model do
         subject.auth_key = 'abc'
       end
 
-      it 'should raise a NotImplementedError if the autH_key method is not defined' do
-        expect{ subject.auth_key = 'broken' }.to raise_error(NotImplementedError)
+      it 'raises a NotImplementedError if the autH_key method is not defined' do
+        expect { subject.auth_key = 'broken' }.to raise_error(NotImplementedError)
       end
     end
 
     describe '#info' do
-      it 'should include attributes that are set' do
+      it 'includes attributes that are set' do
         allow(subject).to receive(:name).and_return('Bob Bobson')
         allow(subject).to receive(:nickname).and_return('bob')
 
         expect(subject.info).to eq({
-          'name' => 'Bob Bobson',
-          'nickname' => 'bob'
-        })
+                                     'name' => 'Bob Bobson',
+                                     'nickname' => 'bob'
+                                   })
       end
 
-      it 'should automatically set name off of nickname' do
+      it 'automaticallies set name off of nickname' do
         allow(subject).to receive(:nickname).and_return('bob')
         subject.info['name'] == 'bob'
       end
 
-      it 'should not overwrite a provided name' do
+      it 'does not overwrite a provided name' do
         allow(subject).to receive(:name).and_return('Awesome Dude')
         allow(subject).to receive(:first_name).and_return('Frank')
         expect(subject.info['name']).to eq('Awesome Dude')

data/spec/omniauth/identity/models/active_record_spec.rb

@@ -1,16 +1,30 @@
-describe(OmniAuth::Identity::Models::ActiveRecord, :db => true) do
-  class TestIdentity < OmniAuth::Identity::Models::ActiveRecord; end
+# frozen_string_literal: true
 
-  describe "model", type: :model do
-    subject { TestIdentity }
+RSpec.describe(OmniAuth::Identity::Models::ActiveRecord, db: true) do
+  describe 'model', type: :model do
+    subject(:model_klass) do
+      AnonymousActiveRecord.generate(
+        parent_klass: 'OmniAuth::Identity::Models::ActiveRecord',
+        columns: OmniAuth::Identity::Model::SCHEMA_ATTRIBUTES | %w[provider password_digest],
+        connection_params: { adapter: 'sqlite3', encoding: 'utf8', database: ':memory:' }
+      ) do
+        def flower
+          '🌸'
+        end
+      end
+    end
 
-    it 'should delegate locate to the where query method' do
-      allow(subject).to receive(:where).with('ham_sandwich' => 'open faced', 'category' => 'sandwiches').and_return(['wakka'])
-      expect(subject.locate('ham_sandwich' => 'open faced', 'category' => 'sandwiches')).to eq('wakka')
+    it 'delegates locate to the where query method' do
+      allow(model_klass).to receive(:where).with('ham_sandwich' => 'open faced', 'category' => 'sandwiches',
+                                                 'provider' => 'identity').and_return(['wakka'])
+      expect(model_klass.locate('ham_sandwich' => 'open faced', 'category' => 'sandwiches')).to eq('wakka')
     end
+  end
 
-    it 'should not use STI rules for its table name' do
-      expect(subject.table_name).to eq('test_identities')
+  describe '#table_name' do
+    class TestIdentity < OmniAuth::Identity::Models::ActiveRecord; end
+    it 'does not use STI rules for its table name' do
+      expect(TestIdentity.table_name).to eq('test_identities')
     end
   end
 end

data/spec/omniauth/identity/models/couch_potato_spec.rb

@@ -1,15 +1,20 @@
-describe(OmniAuth::Identity::Models::CouchPotatoModule, :db => true) do
-  class CouchPotatoTestIdentity
-    include CouchPotato::Persistence
-    include OmniAuth::Identity::Models::CouchPotatoModule
-    auth_key :ham_sandwich
-  end
+# frozen_string_literal: true
+
+require 'couch_potato'
+
+class CouchPotatoTestIdentity
+  include CouchPotato::Persistence
+  include OmniAuth::Identity::Models::CouchPotatoModule
+  auth_key :ham_sandwich
+end
 
+RSpec.describe(OmniAuth::Identity::Models::CouchPotatoModule, db: true) do
   describe 'model', type: :model do
     subject { CouchPotatoTestIdentity }
 
-    it 'should delegate locate to the where query method' do
-      allow(subject).to receive(:where).with('ham_sandwich' => 'open faced', 'category' => 'sandwiches').and_return(['wakka'])
+    it 'delegates locate to the where query method' do
+      allow(subject).to receive(:where).with('ham_sandwich' => 'open faced',
+                                             'category' => 'sandwiches').and_return(['wakka'])
       expect(subject.locate('ham_sandwich' => 'open faced', 'category' => 'sandwiches')).to eq('wakka')
     end
   end

data/spec/omniauth/identity/models/mongoid_spec.rb

@@ -1,22 +1,27 @@
-describe(OmniAuth::Identity::Models::Mongoid, :db => true) do
-  class MongoidTestIdentity
-    include Mongoid::Document
-    include OmniAuth::Identity::Models::Mongoid
-    auth_key :ham_sandwich
-    store_in database: 'db1', collection: 'mongoid_test_identities', client: 'secondary'
-  end
+# frozen_string_literal: true
+
+require 'mongoid'
+
+class MongoidTestIdentity
+  include Mongoid::Document
+  include OmniAuth::Identity::Models::Mongoid
+  auth_key :ham_sandwich
+  store_in database: 'db1', collection: 'mongoid_test_identities', client: 'secondary'
+end
 
-  describe "model", type: :model do
+RSpec.describe(OmniAuth::Identity::Models::Mongoid, db: true) do
+  describe 'model', type: :model do
     subject { MongoidTestIdentity }
 
     it { is_expected.to be_mongoid_document }
 
     it 'does not munge collection name' do
-      is_expected.to be_stored_in(database: 'db1', collection: 'mongoid_test_identities', client: 'secondary')
+      expect(subject).to be_stored_in(database: 'db1', collection: 'mongoid_test_identities', client: 'secondary')
     end
 
-    it 'should delegate locate to the where query method' do
-      allow(subject).to receive(:where).with('ham_sandwich' => 'open faced', 'category' => 'sandwiches').and_return(['wakka'])
+    it 'delegates locate to the where query method' do
+      allow(subject).to receive(:where).with('ham_sandwich' => 'open faced',
+                                             'category' => 'sandwiches').and_return(['wakka'])
       expect(subject.locate('ham_sandwich' => 'open faced', 'category' => 'sandwiches')).to eq('wakka')
     end
   end

data/spec/omniauth/identity/models/no_brainer_spec.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+require 'nobrainer'
+
+class NobrainerTestIdentity
+  include NoBrainer::Document
+  include OmniAuth::Identity::Models::NoBrainer
+  auth_key :ham_sandwich
+end
+
+RSpec.describe(OmniAuth::Identity::Models::NoBrainer, db: true) do
+  it 'delegates locate to the where query method' do
+    allow(NobrainerTestIdentity).to receive(:where).with('ham_sandwich' => 'open faced',
+                                                         'category' => 'sandwiches').and_return(['wakka'])
+    expect(NobrainerTestIdentity.locate('ham_sandwich' => 'open faced', 'category' => 'sandwiches')).to eq('wakka')
+  end
+end

data/spec/omniauth/identity/models/sequel_spec.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'sequel'
+# Connect to an in-memory sqlite3 database.
+DB = Sequel.sqlite
+DB.create_table :sequel_test_identities do
+  primary_key :id
+  String :ham_sandwich, null: false
+  String :password_digest, null: false
+end
+
+class SequelTestIdentity < Sequel::Model
+  include OmniAuth::Identity::Models::Sequel
+  auth_key :ham_sandwich
+end
+
+RSpec.describe(OmniAuth::Identity::Models::Sequel, db: true) do
+  it 'delegates locate to the where query method' do
+    allow(SequelTestIdentity).to receive(:where).with('ham_sandwich' => 'open faced',
+                                                      'category' => 'sandwiches').and_return(['wakka'])
+    expect(SequelTestIdentity.locate('ham_sandwich' => 'open faced', 'category' => 'sandwiches')).to eq('wakka')
+  end
+end

data/spec/omniauth/identity/secure_password_spec.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class HasTheMethod
   def self.has_secure_password; end
 end
@@ -5,20 +7,20 @@ end
 class DoesNotHaveTheMethod
 end
 
-describe OmniAuth::Identity::SecurePassword do
-  it 'should extend with the class methods if it does not have the method' do
+RSpec.describe OmniAuth::Identity::SecurePassword do
+  it 'extends with the class methods if it does not have the method' do
     expect(DoesNotHaveTheMethod).to receive(:extend).with(OmniAuth::Identity::SecurePassword::ClassMethods)
-    DoesNotHaveTheMethod.send(:include, OmniAuth::Identity::SecurePassword)
+    DoesNotHaveTheMethod.include described_class
   end
 
-  it 'should not extend if the method is already defined' do
+  it 'does not extend if the method is already defined' do
     expect(HasTheMethod).not_to receive(:extend)
-    HasTheMethod.send(:include, OmniAuth::Identity::SecurePassword)
+    HasTheMethod.include described_class
   end
 
-  it 'should respond to has_secure_password afterwards' do
-    [HasTheMethod,DoesNotHaveTheMethod].each do |klass|
-      klass.send(:include, OmniAuth::Identity::SecurePassword)
+  it 'responds to has_secure_password afterwards' do
+    [HasTheMethod, DoesNotHaveTheMethod].each do |klass|
+      klass.send(:include, described_class)
       expect(klass).to be_respond_to(:has_secure_password)
     end
   end

data/spec/omniauth/strategies/identity_spec.rb

@@ -1,139 +1,252 @@
-class MockIdentity; end
+# frozen_string_literal: true
 
-describe OmniAuth::Strategies::Identity do
+RSpec.describe OmniAuth::Strategies::Identity do
   attr_accessor :app
 
-  let(:auth_hash){ last_response.headers['env']['omniauth.auth'] }
-  let(:identity_hash){ last_response.headers['env']['omniauth.identity'] }
+  let(:auth_hash) { last_response.headers['env']['omniauth.auth'] }
+  let(:identity_hash) { last_response.headers['env']['omniauth.identity'] }
+  let(:identity_options) { {} }
+  let(:anon_ar) do
+    AnonymousActiveRecord.generate(
+      parent_klass: 'OmniAuth::Identity::Models::ActiveRecord',
+      columns: OmniAuth::Identity::Model::SCHEMA_ATTRIBUTES | %w[provider password_digest],
+      connection_params: { adapter: 'sqlite3', encoding: 'utf8', database: ':memory:' }
+    ) do
+      def balloon
+        '🎈'
+      end
+    end
+  end
 
   # customize rack app for testing, if block is given, reverts to default
   # rack app after testing is done
   def set_app!(identity_options = {})
-    identity_options = {:model => MockIdentity}.merge(identity_options)
-    old_app = self.app
+    old_app = app
     self.app = Rack::Builder.app do
       use Rack::Session::Cookie, secret: '1234567890qwertyuiop'
       use OmniAuth::Strategies::Identity, identity_options
-      run lambda{|env| [404, {'env' => env}, ["HELLO!"]]}
+      run ->(env) { [404, { 'env' => env }, ['HELLO!']] }
     end
     if block_given?
       yield
       self.app = old_app
     end
-    self.app
+    app
   end
 
-  before(:all) do
-    set_app!
+  before do
+    opts = identity_options.reverse_merge({ model: anon_ar })
+    set_app!(opts)
   end
 
   describe '#request_phase' do
-    it 'should display a form' do
-      get '/auth/identity'
-      expect(last_response.body).to be_include("<form")
+    context 'with default settings' do
+      let(:identity_options) { { model: anon_ar } }
+
+      it 'displays a form' do
+        get '/auth/identity'
+
+        expect(last_response.body).not_to eq('HELLO!')
+        expect(last_response.body).to be_include('<form')
+      end
+    end
+
+    context 'when login is enabled' do
+      context 'when registration is enabled' do
+        let(:identity_options) { { model: anon_ar, enable_registration: true, enable_login: true } }
+
+        it 'displays a form with a link to register' do
+          get '/auth/identity'
+
+          expect(last_response.body).not_to eq('HELLO!')
+          expect(last_response.body).to be_include('<form')
+          expect(last_response.body).to be_include('<a')
+          expect(last_response.body).to be_include('Create an Identity')
+        end
+      end
+
+      context 'when registration is disabled' do
+        let(:identity_options) { { model: anon_ar, enable_registration: false, enable_login: true } }
+
+        it 'displays a form without a link to register' do
+          get '/auth/identity'
+
+          expect(last_response.body).not_to eq('HELLO!')
+          expect(last_response.body).to be_include('<form')
+          expect(last_response.body).not_to be_include('<a')
+          expect(last_response.body).not_to be_include('Create an Identity')
+        end
+      end
+    end
+
+    context 'when login is disabled' do
+      context 'when registration is enabled' do
+        let(:identity_options) { { model: anon_ar, enable_registration: true, enable_login: false } }
+
+        it 'bypasses registration form' do
+          get '/auth/identity'
+
+          expect(last_response.body).to eq('HELLO!')
+          expect(last_response.body).not_to be_include('<form')
+          expect(last_response.body).not_to be_include('<a')
+          expect(last_response.body).not_to be_include('Create an Identity')
+        end
+      end
+
+      context 'when registration is disabled' do
+        let(:identity_options) { { model: anon_ar, enable_registration: false, enable_login: false } }
+
+        it 'displays a form without a link to register' do
+          get '/auth/identity'
+
+          expect(last_response.body).to eq('HELLO!')
+          expect(last_response.body).not_to be_include('<form')
+          expect(last_response.body).not_to be_include('<a')
+          expect(last_response.body).not_to be_include('Create an Identity')
+        end
+      end
     end
   end
 
   describe '#callback_phase' do
-    let(:user){ double(:uid => 'user1', :info => {'name' => 'Rockefeller'})}
+    let(:user) { double(uid: 'user1', info: { 'name' => 'Rockefeller' }) }
 
     context 'with valid credentials' do
       before do
-        allow(MockIdentity).to receive('auth_key').and_return('email')
-        expect(MockIdentity).to receive('authenticate').with({'email' => 'john'},'awesome').and_return(user)
-        post '/auth/identity/callback', :auth_key => 'john', :password => 'awesome'
+        allow(anon_ar).to receive('auth_key').and_return('email')
+        expect(anon_ar).to receive('authenticate').with({ 'email' => 'john' }, 'awesome').and_return(user)
+        post '/auth/identity/callback', auth_key: 'john', password: 'awesome'
       end
 
-      it 'should populate the auth hash' do
+      it 'populates the auth hash' do
         expect(auth_hash).to be_kind_of(Hash)
       end
 
-      it 'should populate the uid' do
+      it 'populates the uid' do
         expect(auth_hash['uid']).to eq('user1')
       end
 
-      it 'should populate the info hash' do
-        expect(auth_hash['info']).to eq({'name' => 'Rockefeller'})
+      it 'populates the info hash' do
+        expect(auth_hash['info']).to eq({ 'name' => 'Rockefeller' })
       end
     end
 
     context 'with invalid credentials' do
       before do
-        allow(MockIdentity).to receive('auth_key').and_return('email')
-        OmniAuth.config.on_failure = lambda{|env| [401, {}, [env['omniauth.error.type'].inspect]]}
-        expect(MockIdentity).to receive(:authenticate).with({'email' => 'wrong'},'login').and_return(false)
-        post '/auth/identity/callback', :auth_key => 'wrong', :password => 'login'
+        allow(anon_ar).to receive('auth_key').and_return('email')
+        OmniAuth.config.on_failure = ->(env) { [401, {}, [env['omniauth.error.type'].inspect]] }
+        expect(anon_ar).to receive(:authenticate).with({ 'email' => 'wrong' }, 'login').and_return(false)
+        post '/auth/identity/callback', auth_key: 'wrong', password: 'login'
       end
 
-      it 'should fail with :invalid_credentials' do
+      it 'fails with :invalid_credentials' do
         expect(last_response.body).to eq(':invalid_credentials')
       end
     end
 
     context 'with auth scopes' do
+      let(:identity_options) do
+        { model: anon_ar, locate_conditions: lambda { |req|
+                                               { model.auth_key => req['auth_key'], 'user_type' => 'admin' }
+                                             } }
+      end
 
-      it 'should evaluate and pass through conditions proc' do
-        allow(MockIdentity).to receive('auth_key').and_return('email')
-        set_app!( :locate_conditions => lambda{|req| {model.auth_key => req['auth_key'], 'user_type' => 'admin'} } )
-        expect(MockIdentity).to receive('authenticate').with( {'email' => 'john', 'user_type' => 'admin'}, 'awesome' ).and_return(user)
-        post '/auth/identity/callback', :auth_key => 'john', :password => 'awesome'
+      it 'evaluates and pass through conditions proc' do
+        allow(anon_ar).to receive('auth_key').and_return('email')
+        expect(anon_ar).to receive('authenticate').with({ 'email' => 'john', 'user_type' => 'admin' },
+                                                        'awesome').and_return(user)
+        post '/auth/identity/callback', auth_key: 'john', password: 'awesome'
       end
     end
   end
 
   describe '#registration_form' do
-    it 'should trigger from /auth/identity/register by default' do
-      get '/auth/identity/register'
-      expect(last_response.body).to be_include("Register Identity")
+    context 'registration is enabled' do
+      it 'triggers from /auth/identity/register by default' do
+        get '/auth/identity/register'
+        expect(last_response.body).to be_include('Register Identity')
+      end
+    end
+
+    context 'registration is disabled' do
+      let(:identity_options) { { model: anon_ar, enable_registration: false } }
+
+      it 'calls app' do
+        get '/auth/identity/register'
+        expect(last_response.body).to be_include('HELLO!')
+      end
+    end
+
+    it 'supports methods other than GET and POST' do
+      head '/auth/identity/register'
+      expect(last_response.status).to eq(404)
     end
   end
 
   describe '#registration_phase' do
-    context 'with successful creation' do
-      let(:properties){ {
-        :name => 'Awesome Dude',
-        :email => 'awesome@example.com',
-        :password => 'face',
-        :password_confirmation => 'face'
-      } }
+    context 'registration is disabled' do
+      let(:identity_options) { { model: anon_ar, enable_registration: false } }
 
-      before do
-        allow(MockIdentity).to receive('auth_key').and_return('email')
-        m = double(:uid => 'abc', :name => 'Awesome Dude', :email => 'awesome@example.com', :info => {:name => 'DUUUUDE!'}, :persisted? => true)
-        expect(MockIdentity).to receive(:create).with(properties).and_return(m)
+      it 'calls app' do
+        post '/auth/identity/register'
+        expect(last_response.body).to eq('HELLO!')
       end
+    end
 
-      it 'should set the auth hash' do
+    context 'with successful creation' do
+      let(:properties) do
+        {
+          name: 'Awesome Dude',
+          email: 'awesome@example.com',
+          password: 'face',
+          password_confirmation: 'face',
+          provider: 'identity'
+        }
+      end
+
+      it 'sets the auth hash' do
         post '/auth/identity/register', properties
-        expect(auth_hash['uid']).to eq('abc')
+        expect(auth_hash['uid']).to match(/\d+/)
+        expect(auth_hash['provider']).to eq('identity')
       end
     end
 
     context 'with invalid identity' do
-      let(:properties) { {
-        :name => 'Awesome Dude', 
-        :email => 'awesome@example.com',
-        :password => 'NOT',
-        :password_confirmation => 'MATCHING'
-      } }
+      let(:properties) do
+        {
+          name: 'Awesome Dude',
+          email: 'awesome@example.com',
+          password: 'NOT',
+          password_confirmation: 'MATCHING',
+          provider: 'identity'
+        }
+      end
+      let(:invalid_identity) { double(persisted?: false, save: false) }
 
       before do
-        expect(MockIdentity).to receive(:create).with(properties).and_return(double(:persisted? => false))
+        expect(anon_ar).to receive(:new).with(properties).and_return(invalid_identity)
       end
 
       context 'default' do
-        it 'should show registration form' do
+        it 'shows registration form' do
           post '/auth/identity/register', properties
-          expect(last_response.body).to be_include("Register Identity")
+          expect(last_response.body).to be_include('Register Identity')
+          expect(last_response.body).to be_include('One or more fields were invalid')
         end
       end
 
       context 'custom on_failed_registration endpoint' do
-        it 'should set the identity hash' do
-          set_app!(:on_failed_registration => lambda{|env| [404, {'env' => env}, ["HELLO!"]]}) do
-            post '/auth/identity/register', properties
-            expect(identity_hash).not_to be_nil
-          end
+        let(:identity_options) do
+          { model: anon_ar, on_failed_registration: lambda { |env|
+                                                      [404, { 'env' => env }, ["FAIL'DOH!"]]
+                                                    } }
+        end
+
+        it 'sets the identity hash' do
+          post '/auth/identity/register', properties
+          expect(identity_hash).to eq(invalid_identity)
+          expect(last_response.body).to be_include("FAIL'DOH!")
+          expect(last_response.body).not_to be_include('One or more fields were invalid')
         end
       end
     end