sidecar_token_auth 1.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (175) hide show
  1. checksums.yaml +7 -0
  2. data/LICENSE +13 -0
  3. data/README.md +12 -0
  4. data/Rakefile +42 -0
  5. data/app/controllers/devise_token_auth/application_controller.rb +79 -0
  6. data/app/controllers/devise_token_auth/concerns/resource_finder.rb +44 -0
  7. data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +162 -0
  8. data/app/controllers/devise_token_auth/confirmations_controller.rb +90 -0
  9. data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +287 -0
  10. data/app/controllers/devise_token_auth/passwords_controller.rb +206 -0
  11. data/app/controllers/devise_token_auth/registrations_controller.rb +283 -0
  12. data/app/controllers/devise_token_auth/sessions_controller.rb +245 -0
  13. data/app/controllers/devise_token_auth/token_validations_controller.rb +31 -0
  14. data/app/controllers/devise_token_auth/unlocks_controller.rb +89 -0
  15. data/app/models/devise_token_auth/concerns/active_record_support.rb +16 -0
  16. data/app/models/devise_token_auth/concerns/confirmable_support.rb +28 -0
  17. data/app/models/devise_token_auth/concerns/mongoid_support.rb +19 -0
  18. data/app/models/devise_token_auth/concerns/tokens_serialization.rb +19 -0
  19. data/app/models/devise_token_auth/concerns/user.rb +257 -0
  20. data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +31 -0
  21. data/app/validators/devise_token_auth_email_validator.rb +23 -0
  22. data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
  23. data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
  24. data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
  25. data/app/views/devise_token_auth/omniauth_external_window.html.erb +38 -0
  26. data/config/locales/da-DK.yml +52 -0
  27. data/config/locales/de.yml +51 -0
  28. data/config/locales/en.yml +60 -0
  29. data/config/locales/es.yml +51 -0
  30. data/config/locales/fr.yml +51 -0
  31. data/config/locales/he.yml +52 -0
  32. data/config/locales/it.yml +48 -0
  33. data/config/locales/ja.yml +48 -0
  34. data/config/locales/ko.yml +51 -0
  35. data/config/locales/nl.yml +32 -0
  36. data/config/locales/pl.yml +51 -0
  37. data/config/locales/pt-BR.yml +48 -0
  38. data/config/locales/pt.yml +51 -0
  39. data/config/locales/ro.yml +48 -0
  40. data/config/locales/ru.yml +52 -0
  41. data/config/locales/sq.yml +48 -0
  42. data/config/locales/sv.yml +52 -0
  43. data/config/locales/uk.yml +61 -0
  44. data/config/locales/vi.yml +52 -0
  45. data/config/locales/zh-CN.yml +48 -0
  46. data/config/locales/zh-HK.yml +50 -0
  47. data/config/locales/zh-TW.yml +50 -0
  48. data/lib/devise_token_auth.rb +14 -0
  49. data/lib/devise_token_auth/blacklist.rb +2 -0
  50. data/lib/devise_token_auth/controllers/helpers.rb +157 -0
  51. data/lib/devise_token_auth/controllers/url_helpers.rb +10 -0
  52. data/lib/devise_token_auth/engine.rb +96 -0
  53. data/lib/devise_token_auth/errors.rb +8 -0
  54. data/lib/devise_token_auth/rails/routes.rb +116 -0
  55. data/lib/devise_token_auth/token_factory.rb +126 -0
  56. data/lib/devise_token_auth/url.rb +44 -0
  57. data/lib/devise_token_auth/version.rb +5 -0
  58. data/lib/generators/devise_token_auth/USAGE +31 -0
  59. data/lib/generators/devise_token_auth/install_generator.rb +91 -0
  60. data/lib/generators/devise_token_auth/install_generator_helpers.rb +98 -0
  61. data/lib/generators/devise_token_auth/install_mongoid_generator.rb +46 -0
  62. data/lib/generators/devise_token_auth/install_views_generator.rb +18 -0
  63. data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +60 -0
  64. data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +49 -0
  65. data/lib/generators/devise_token_auth/templates/user.rb.erb +9 -0
  66. data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +56 -0
  67. data/lib/tasks/devise_token_auth_tasks.rake +6 -0
  68. data/test/controllers/custom/custom_confirmations_controller_test.rb +25 -0
  69. data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +33 -0
  70. data/test/controllers/custom/custom_passwords_controller_test.rb +79 -0
  71. data/test/controllers/custom/custom_registrations_controller_test.rb +63 -0
  72. data/test/controllers/custom/custom_sessions_controller_test.rb +39 -0
  73. data/test/controllers/custom/custom_token_validations_controller_test.rb +42 -0
  74. data/test/controllers/demo_group_controller_test.rb +151 -0
  75. data/test/controllers/demo_mang_controller_test.rb +284 -0
  76. data/test/controllers/demo_user_controller_test.rb +629 -0
  77. data/test/controllers/devise_token_auth/confirmations_controller_test.rb +191 -0
  78. data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +441 -0
  79. data/test/controllers/devise_token_auth/passwords_controller_test.rb +780 -0
  80. data/test/controllers/devise_token_auth/registrations_controller_test.rb +907 -0
  81. data/test/controllers/devise_token_auth/sessions_controller_test.rb +503 -0
  82. data/test/controllers/devise_token_auth/token_validations_controller_test.rb +102 -0
  83. data/test/controllers/devise_token_auth/unlocks_controller_test.rb +196 -0
  84. data/test/controllers/overrides/confirmations_controller_test.rb +47 -0
  85. data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +53 -0
  86. data/test/controllers/overrides/passwords_controller_test.rb +64 -0
  87. data/test/controllers/overrides/registrations_controller_test.rb +46 -0
  88. data/test/controllers/overrides/sessions_controller_test.rb +35 -0
  89. data/test/controllers/overrides/token_validations_controller_test.rb +43 -0
  90. data/test/dummy/README.rdoc +28 -0
  91. data/test/dummy/app/active_record/confirmable_user.rb +11 -0
  92. data/test/dummy/app/active_record/lockable_user.rb +7 -0
  93. data/test/dummy/app/active_record/mang.rb +5 -0
  94. data/test/dummy/app/active_record/only_email_user.rb +7 -0
  95. data/test/dummy/app/active_record/scoped_user.rb +9 -0
  96. data/test/dummy/app/active_record/unconfirmable_user.rb +9 -0
  97. data/test/dummy/app/active_record/unregisterable_user.rb +9 -0
  98. data/test/dummy/app/active_record/user.rb +6 -0
  99. data/test/dummy/app/controllers/application_controller.rb +18 -0
  100. data/test/dummy/app/controllers/auth_origin_controller.rb +7 -0
  101. data/test/dummy/app/controllers/custom/confirmations_controller.rb +13 -0
  102. data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb +13 -0
  103. data/test/dummy/app/controllers/custom/passwords_controller.rb +39 -0
  104. data/test/dummy/app/controllers/custom/registrations_controller.rb +39 -0
  105. data/test/dummy/app/controllers/custom/sessions_controller.rb +29 -0
  106. data/test/dummy/app/controllers/custom/token_validations_controller.rb +19 -0
  107. data/test/dummy/app/controllers/demo_group_controller.rb +15 -0
  108. data/test/dummy/app/controllers/demo_mang_controller.rb +14 -0
  109. data/test/dummy/app/controllers/demo_user_controller.rb +27 -0
  110. data/test/dummy/app/controllers/overrides/confirmations_controller.rb +28 -0
  111. data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +16 -0
  112. data/test/dummy/app/controllers/overrides/passwords_controller.rb +35 -0
  113. data/test/dummy/app/controllers/overrides/registrations_controller.rb +29 -0
  114. data/test/dummy/app/controllers/overrides/sessions_controller.rb +36 -0
  115. data/test/dummy/app/controllers/overrides/token_validations_controller.rb +23 -0
  116. data/test/dummy/app/helpers/application_helper.rb +1058 -0
  117. data/test/dummy/app/models/concerns/favorite_color.rb +19 -0
  118. data/test/dummy/app/mongoid/confirmable_user.rb +52 -0
  119. data/test/dummy/app/mongoid/lockable_user.rb +38 -0
  120. data/test/dummy/app/mongoid/mang.rb +46 -0
  121. data/test/dummy/app/mongoid/only_email_user.rb +33 -0
  122. data/test/dummy/app/mongoid/scoped_user.rb +50 -0
  123. data/test/dummy/app/mongoid/unconfirmable_user.rb +44 -0
  124. data/test/dummy/app/mongoid/unregisterable_user.rb +47 -0
  125. data/test/dummy/app/mongoid/user.rb +49 -0
  126. data/test/dummy/app/views/layouts/application.html.erb +14 -0
  127. data/test/dummy/config.ru +18 -0
  128. data/test/dummy/config/application.rb +48 -0
  129. data/test/dummy/config/application.yml.bk +0 -0
  130. data/test/dummy/config/boot.rb +11 -0
  131. data/test/dummy/config/environment.rb +7 -0
  132. data/test/dummy/config/environments/development.rb +46 -0
  133. data/test/dummy/config/environments/production.rb +84 -0
  134. data/test/dummy/config/environments/test.rb +50 -0
  135. data/test/dummy/config/initializers/assets.rb +10 -0
  136. data/test/dummy/config/initializers/backtrace_silencers.rb +9 -0
  137. data/test/dummy/config/initializers/cookies_serializer.rb +5 -0
  138. data/test/dummy/config/initializers/devise.rb +290 -0
  139. data/test/dummy/config/initializers/devise_token_auth.rb +55 -0
  140. data/test/dummy/config/initializers/figaro.rb +3 -0
  141. data/test/dummy/config/initializers/filter_parameter_logging.rb +6 -0
  142. data/test/dummy/config/initializers/inflections.rb +18 -0
  143. data/test/dummy/config/initializers/mime_types.rb +6 -0
  144. data/test/dummy/config/initializers/omniauth.rb +11 -0
  145. data/test/dummy/config/initializers/session_store.rb +5 -0
  146. data/test/dummy/config/initializers/wrap_parameters.rb +16 -0
  147. data/test/dummy/config/routes.rb +57 -0
  148. data/test/dummy/config/spring.rb +3 -0
  149. data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +58 -0
  150. data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +57 -0
  151. data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +8 -0
  152. data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +7 -0
  153. data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +55 -0
  154. data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +56 -0
  155. data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +56 -0
  156. data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +56 -0
  157. data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +56 -0
  158. data/test/dummy/db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb +49 -0
  159. data/test/dummy/db/schema.rb +198 -0
  160. data/test/dummy/lib/migration_database_helper.rb +43 -0
  161. data/test/factories/users.rb +41 -0
  162. data/test/lib/devise_token_auth/blacklist_test.rb +11 -0
  163. data/test/lib/devise_token_auth/token_factory_test.rb +191 -0
  164. data/test/lib/devise_token_auth/url_test.rb +26 -0
  165. data/test/lib/generators/devise_token_auth/install_generator_test.rb +217 -0
  166. data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +222 -0
  167. data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +25 -0
  168. data/test/models/concerns/mongoid_support_test.rb +31 -0
  169. data/test/models/concerns/tokens_serialization_test.rb +70 -0
  170. data/test/models/confirmable_user_test.rb +35 -0
  171. data/test/models/only_email_user_test.rb +29 -0
  172. data/test/models/user_test.rb +108 -0
  173. data/test/support/controllers/routes.rb +43 -0
  174. data/test/test_helper.rb +103 -0
  175. metadata +481 -0
@@ -0,0 +1,63 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'test_helper'
4
+
5
+ class Custom::RegistrationsControllerTest < ActionDispatch::IntegrationTest
6
+ describe Custom::RegistrationsController do
7
+ include CustomControllersRoutes
8
+
9
+ before do
10
+ @create_params = attributes_for(:user,
11
+ confirm_success_url: Faker::Internet.url,
12
+ unpermitted_param: '(x_x)')
13
+
14
+ @existing_user = create(:user, :confirmed)
15
+ @auth_headers = @existing_user.create_new_auth_token
16
+ @client_id = @auth_headers['client']
17
+
18
+ # ensure request is not treated as batch request
19
+ age_token(@existing_user, @client_id)
20
+ end
21
+
22
+ test 'yield resource to block on create success' do
23
+ post '/nice_user_auth', params: @create_params
24
+ assert @controller.create_block_called?,
25
+ 'create failed to yield resource to provided block'
26
+ end
27
+
28
+ test 'yield resource to block on create success with custom json' do
29
+ post '/nice_user_auth', params: @create_params
30
+
31
+ @data = JSON.parse(response.body)
32
+
33
+ assert @controller.create_block_called?,
34
+ 'create failed to yield resource to provided block'
35
+ assert_equal @data['custom'], 'foo'
36
+ end
37
+
38
+ test 'yield resource to block on update success' do
39
+ put '/nice_user_auth',
40
+ params: {
41
+ nickname: "Ol' Sunshine-face"
42
+ },
43
+ headers: @auth_headers
44
+ assert @controller.update_block_called?,
45
+ 'update failed to yield resource to provided block'
46
+ end
47
+
48
+ test 'yield resource to block on destroy success' do
49
+ delete '/nice_user_auth', headers: @auth_headers
50
+ assert @controller.destroy_block_called?,
51
+ 'destroy failed to yield resource to provided block'
52
+ end
53
+
54
+ describe 'when overriding #build_resource' do
55
+ test 'it fails' do
56
+ Custom::RegistrationsController.any_instance.stubs(:build_resource).returns(nil)
57
+ assert_raises DeviseTokenAuth::Errors::NoResourceDefinedError do
58
+ post '/nice_user_auth', params: @create_params
59
+ end
60
+ end
61
+ end
62
+ end
63
+ end
@@ -0,0 +1,39 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'test_helper'
4
+
5
+ class Custom::SessionsControllerTest < ActionController::TestCase
6
+ describe Custom::SessionsController do
7
+ include CustomControllersRoutes
8
+
9
+ before do
10
+ @existing_user = create(:user, :confirmed)
11
+ end
12
+
13
+ test 'yield resource to block on create success' do
14
+ post :create,
15
+ params: {
16
+ email: @existing_user.email,
17
+ password: @existing_user.password
18
+ }
19
+ assert @controller.create_block_called?,
20
+ 'create failed to yield resource to provided block'
21
+ end
22
+
23
+ test 'yield resource to block on destroy success' do
24
+ @auth_headers = @existing_user.create_new_auth_token
25
+ request.headers.merge!(@auth_headers)
26
+ delete :destroy, format: :json
27
+ assert @controller.destroy_block_called?,
28
+ 'destroy failed to yield resource to provided block'
29
+ end
30
+
31
+ test 'render method override' do
32
+ post :create,
33
+ params: { email: @existing_user.email,
34
+ password: @existing_user.password }
35
+ @data = JSON.parse(response.body)
36
+ assert_equal @data['custom'], 'foo'
37
+ end
38
+ end
39
+ end
@@ -0,0 +1,42 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'test_helper'
4
+
5
+ class Custom::TokenValidationsControllerTest < ActionDispatch::IntegrationTest
6
+ describe Custom::TokenValidationsController do
7
+ include CustomControllersRoutes
8
+
9
+ before do
10
+ @resource = create(:user, :confirmed)
11
+
12
+ @auth_headers = @resource.create_new_auth_token
13
+
14
+ @token = @auth_headers['access-token']
15
+ @client_id = @auth_headers['client']
16
+ @expiry = @auth_headers['expiry']
17
+
18
+ # ensure that request is not treated as batch request
19
+ age_token(@resource, @client_id)
20
+ end
21
+
22
+ test 'yield resource to block on validate_token success' do
23
+ get '/nice_user_auth/validate_token',
24
+ params: {},
25
+ headers: @auth_headers
26
+ assert @controller.validate_token_block_called?,
27
+ 'validate_token failed to yield resource to provided block'
28
+ end
29
+
30
+ test 'yield resource to block on validate_token success with custom json' do
31
+ get '/nice_user_auth/validate_token',
32
+ params: {},
33
+ headers: @auth_headers
34
+
35
+ @data = JSON.parse(response.body)
36
+
37
+ assert @controller.validate_token_block_called?,
38
+ 'validate_token failed to yield resource to provided block'
39
+ assert_equal @data['custom'], 'foo'
40
+ end
41
+ end
42
+ end
@@ -0,0 +1,151 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'test_helper'
4
+
5
+ # was the web request successful?
6
+ # was the user redirected to the right page?
7
+ # was the user successfully authenticated?
8
+ # was the correct object stored in the response?
9
+ # was the appropriate message delivered in the json payload?
10
+
11
+ class DemoGroupControllerTest < ActionDispatch::IntegrationTest
12
+ describe DemoGroupController do
13
+ describe 'Token access' do
14
+ before do
15
+ # user
16
+ @resource = create(:user, :confirmed)
17
+
18
+ @resource_auth_headers = @resource.create_new_auth_token
19
+
20
+ @resource_token = @resource_auth_headers['access-token']
21
+ @resource_client_id = @resource_auth_headers['client']
22
+ @resource_expiry = @resource_auth_headers['expiry']
23
+
24
+ # mang
25
+ @mang = create(:mang_user, :confirmed)
26
+
27
+ @mang_auth_headers = @mang.create_new_auth_token
28
+
29
+ @mang_token = @mang_auth_headers['access-token']
30
+ @mang_client_id = @mang_auth_headers['client']
31
+ @mang_expiry = @mang_auth_headers['expiry']
32
+ end
33
+
34
+ describe 'user access' do
35
+ before do
36
+ # ensure that request is not treated as batch request
37
+ age_token(@resource, @resource_client_id)
38
+
39
+ get '/demo/members_only_group',
40
+ params: {},
41
+ headers: @resource_auth_headers
42
+
43
+ @resp_token = response.headers['access-token']
44
+ @resp_client_id = response.headers['client']
45
+ @resp_expiry = response.headers['expiry']
46
+ @resp_uid = response.headers['uid']
47
+ end
48
+
49
+ test 'request is successful' do
50
+ assert_equal 200, response.status
51
+ end
52
+
53
+ describe 'devise mappings' do
54
+ it 'should define current_user' do
55
+ assert_equal @resource, @controller.current_user
56
+ end
57
+
58
+ it 'should define user_signed_in?' do
59
+ assert @controller.user_signed_in?
60
+ end
61
+
62
+ it 'should not define current_mang' do
63
+ refute_equal @resource, @controller.current_mang
64
+ end
65
+
66
+ it 'should define current_member' do
67
+ assert_equal @resource, @controller.current_member
68
+ end
69
+
70
+ it 'should define current_members' do
71
+ assert @controller.current_members.include? @resource
72
+ end
73
+
74
+ it 'should define member_signed_in?' do
75
+ assert @controller.current_members.include? @resource
76
+ end
77
+
78
+ it 'should define render_authenticate_error' do
79
+ assert @controller.methods.include?(:render_authenticate_error)
80
+ end
81
+ end
82
+ end
83
+
84
+ describe 'mang access' do
85
+ before do
86
+ # ensure that request is not treated as batch request
87
+ age_token(@mang, @mang_client_id)
88
+
89
+ get '/demo/members_only_group',
90
+ params: {},
91
+ headers: @mang_auth_headers
92
+
93
+ @resp_token = response.headers['access-token']
94
+ @resp_client_id = response.headers['client']
95
+ @resp_expiry = response.headers['expiry']
96
+ @resp_uid = response.headers['uid']
97
+ end
98
+
99
+ test 'request is successful' do
100
+ assert_equal 200, response.status
101
+ end
102
+
103
+ describe 'devise mappings' do
104
+ it 'should define current_mang' do
105
+ assert_equal @mang, @controller.current_mang
106
+ end
107
+
108
+ it 'should define mang_signed_in?' do
109
+ assert @controller.mang_signed_in?
110
+ end
111
+
112
+ it 'should not define current_mang' do
113
+ refute_equal @mang, @controller.current_user
114
+ end
115
+
116
+ it 'should define current_member' do
117
+ assert_equal @mang, @controller.current_member
118
+ end
119
+
120
+ it 'should define current_members' do
121
+ assert @controller.current_members.include? @mang
122
+ end
123
+
124
+ it 'should define member_signed_in?' do
125
+ assert @controller.current_members.include? @mang
126
+ end
127
+
128
+ it 'should define render_authenticate_error' do
129
+ assert @controller.methods.include?(:render_authenticate_error)
130
+ end
131
+ end
132
+ end
133
+
134
+ describe 'failed access' do
135
+ before do
136
+ get '/demo/members_only_group',
137
+ params: {},
138
+ headers: @mang_auth_headers.merge('access-token' => 'bogus')
139
+ end
140
+
141
+ it 'should not return any auth headers' do
142
+ refute response.headers['access-token']
143
+ end
144
+
145
+ it 'should return error: unauthorized status' do
146
+ assert_equal 401, response.status
147
+ end
148
+ end
149
+ end
150
+ end
151
+ end
@@ -0,0 +1,284 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'test_helper'
4
+
5
+ # was the web request successful?
6
+ # was the user redirected to the right page?
7
+ # was the user successfully authenticated?
8
+ # was the correct object stored in the response?
9
+ # was the appropriate message delivered in the json payload?
10
+
11
+ class DemoMangControllerTest < ActionDispatch::IntegrationTest
12
+ describe DemoMangController do
13
+ describe 'Token access' do
14
+ before do
15
+ @resource = create(:mang_user, :confirmed)
16
+
17
+ @auth_headers = @resource.create_new_auth_token
18
+
19
+ @token = @auth_headers['access-token']
20
+ @client_id = @auth_headers['client']
21
+ @expiry = @auth_headers['expiry']
22
+ end
23
+
24
+ describe 'successful request' do
25
+ before do
26
+ # ensure that request is not treated as batch request
27
+ age_token(@resource, @client_id)
28
+
29
+ get '/demo/members_only_mang',
30
+ params: {},
31
+ headers: @auth_headers
32
+
33
+ @resp_token = response.headers['access-token']
34
+ @resp_client_id = response.headers['client']
35
+ @resp_expiry = response.headers['expiry']
36
+ @resp_uid = response.headers['uid']
37
+ end
38
+
39
+ describe 'devise mappings' do
40
+ it 'should define current_mang' do
41
+ assert_equal @resource, @controller.current_mang
42
+ end
43
+
44
+ it 'should define mang_signed_in?' do
45
+ assert @controller.mang_signed_in?
46
+ end
47
+
48
+ it 'should not define current_user' do
49
+ refute_equal @resource, @controller.current_user
50
+ end
51
+
52
+ it 'should define render_authenticate_error' do
53
+ assert @controller.methods.include?(:render_authenticate_error)
54
+ end
55
+ end
56
+
57
+ it 'should return success status' do
58
+ assert_equal 200, response.status
59
+ end
60
+
61
+ it 'should receive new token after successful request' do
62
+ refute_equal @token, @resp_token
63
+ end
64
+
65
+ it 'should preserve the client id from the first request' do
66
+ assert_equal @client_id, @resp_client_id
67
+ end
68
+
69
+ it "should return the user's uid in the auth header" do
70
+ assert_equal @resource.uid, @resp_uid
71
+ end
72
+
73
+ it 'should not treat this request as a batch request' do
74
+ refute assigns(:is_batch_request)
75
+ end
76
+
77
+ describe 'subsequent requests' do
78
+ before do
79
+ @resource.reload
80
+ # ensure that request is not treated as batch request
81
+ age_token(@resource, @client_id)
82
+
83
+ get '/demo/members_only_mang',
84
+ params: {},
85
+ headers: @auth_headers.merge('access-token' => @resp_token)
86
+ end
87
+
88
+ it 'should not treat this request as a batch request' do
89
+ refute assigns(:is_batch_request)
90
+ end
91
+
92
+ it 'should allow a new request to be made using new token' do
93
+ assert_equal 200, response.status
94
+ end
95
+ end
96
+ end
97
+
98
+ describe 'failed request' do
99
+ before do
100
+ get '/demo/members_only_mang',
101
+ params: {},
102
+ headers: @auth_headers.merge('access-token' => 'bogus')
103
+ end
104
+
105
+ it 'should not return any auth headers' do
106
+ refute response.headers['access-token']
107
+ end
108
+
109
+ it 'should return error: unauthorized status' do
110
+ assert_equal 401, response.status
111
+ end
112
+ end
113
+
114
+ describe 'disable change_headers_on_each_request' do
115
+ before do
116
+ DeviseTokenAuth.change_headers_on_each_request = false
117
+ @resource.reload
118
+ age_token(@resource, @client_id)
119
+
120
+ get '/demo/members_only_mang',
121
+ params: {},
122
+ headers: @auth_headers
123
+
124
+ @first_is_batch_request = assigns(:is_batch_request)
125
+ @first_user = assigns(:resource).dup
126
+ @first_access_token = response.headers['access-token']
127
+ @first_response_status = response.status
128
+
129
+ @resource.reload
130
+ age_token(@resource, @client_id)
131
+
132
+ # use expired auth header
133
+ get '/demo/members_only_mang',
134
+ params: {},
135
+ headers: @auth_headers
136
+
137
+ @second_is_batch_request = assigns(:is_batch_request)
138
+ @second_user = assigns(:resource).dup
139
+ @second_access_token = response.headers['access-token']
140
+ @second_response_status = response.status
141
+ end
142
+
143
+ after do
144
+ DeviseTokenAuth.change_headers_on_each_request = true
145
+ end
146
+
147
+ it 'should allow the first request through' do
148
+ assert_equal 200, @first_response_status
149
+ end
150
+
151
+ it 'should allow the second request through' do
152
+ assert_equal 200, @second_response_status
153
+ end
154
+
155
+ it 'should return auth headers from the first request' do
156
+ assert @first_access_token
157
+ end
158
+
159
+ it 'should not treat either requests as batch requests' do
160
+ refute @first_is_batch_request
161
+ refute @second_is_batch_request
162
+ end
163
+
164
+ it 'should return auth headers from the second request' do
165
+ assert @second_access_token
166
+ end
167
+
168
+ it 'should define user during first request' do
169
+ assert @first_user
170
+ end
171
+
172
+ it 'should define user during second request' do
173
+ assert @second_user
174
+ end
175
+ end
176
+
177
+ describe 'batch requests' do
178
+ describe 'success' do
179
+ before do
180
+ age_token(@resource, @client_id)
181
+ # request.headers.merge!(@auth_headers)
182
+
183
+ get '/demo/members_only_mang',
184
+ params: {},
185
+ headers: @auth_headers
186
+
187
+ @first_is_batch_request = assigns(:is_batch_request)
188
+ @first_user = assigns(:resource)
189
+ @first_access_token = response.headers['access-token']
190
+
191
+ get '/demo/members_only_mang',
192
+ params: {},
193
+ headers: @auth_headers
194
+
195
+ @second_is_batch_request = assigns(:is_batch_request)
196
+ @second_user = assigns(:resource)
197
+ @second_access_token = response.headers['access-token']
198
+ end
199
+
200
+ it 'should allow both requests through' do
201
+ assert_equal 200, response.status
202
+ end
203
+
204
+ it 'should not treat the first request as a batch request' do
205
+ refute @first_is_batch_request
206
+ end
207
+
208
+ it 'should treat the second request as a batch request' do
209
+ assert @second_is_batch_request
210
+ end
211
+
212
+ it 'should return access token for first (non-batch) request' do
213
+ assert @first_access_token
214
+ end
215
+
216
+ it 'should not return auth headers for second (batched) requests' do
217
+ assert_equal ' ', @second_access_token
218
+ end
219
+ end
220
+
221
+ describe 'time out' do
222
+ before do
223
+ @resource.reload
224
+ age_token(@resource, @client_id)
225
+
226
+ get '/demo/members_only_mang',
227
+ params: {},
228
+ headers: @auth_headers
229
+
230
+ @first_is_batch_request = assigns(:is_batch_request)
231
+ @first_user = assigns(:resource).dup
232
+ @first_access_token = response.headers['access-token']
233
+ @first_response_status = response.status
234
+
235
+ @resource.reload
236
+ age_token(@resource, @client_id)
237
+
238
+ # use expired auth header
239
+ get '/demo/members_only_mang',
240
+ params: {},
241
+ headers: @auth_headers
242
+
243
+ @second_is_batch_request = assigns(:is_batch_request)
244
+ @second_user = assigns(:resource)
245
+ @second_access_token = response.headers['access-token']
246
+ @second_response_status = response.status
247
+ end
248
+
249
+ it 'should allow the first request through' do
250
+ assert_equal 200, @first_response_status
251
+ end
252
+
253
+ it 'should not allow the second request through' do
254
+ assert_equal 401, @second_response_status
255
+ end
256
+
257
+ it 'should not treat first request as batch request' do
258
+ refute @second_is_batch_request
259
+ end
260
+
261
+ it 'should return auth headers from the first request' do
262
+ assert @first_access_token
263
+ end
264
+
265
+ it 'should not treat second request as batch request' do
266
+ refute @second_is_batch_request
267
+ end
268
+
269
+ it 'should not return auth headers from the second request' do
270
+ refute @second_access_token
271
+ end
272
+
273
+ it 'should define user during first request' do
274
+ assert @first_user
275
+ end
276
+
277
+ it 'should not define user during second request' do
278
+ refute @second_user
279
+ end
280
+ end
281
+ end
282
+ end
283
+ end
284
+ end