sidecar_token_auth 1.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (175) hide show
  1. checksums.yaml +7 -0
  2. data/LICENSE +13 -0
  3. data/README.md +12 -0
  4. data/Rakefile +42 -0
  5. data/app/controllers/devise_token_auth/application_controller.rb +79 -0
  6. data/app/controllers/devise_token_auth/concerns/resource_finder.rb +44 -0
  7. data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +162 -0
  8. data/app/controllers/devise_token_auth/confirmations_controller.rb +90 -0
  9. data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +287 -0
  10. data/app/controllers/devise_token_auth/passwords_controller.rb +206 -0
  11. data/app/controllers/devise_token_auth/registrations_controller.rb +283 -0
  12. data/app/controllers/devise_token_auth/sessions_controller.rb +245 -0
  13. data/app/controllers/devise_token_auth/token_validations_controller.rb +31 -0
  14. data/app/controllers/devise_token_auth/unlocks_controller.rb +89 -0
  15. data/app/models/devise_token_auth/concerns/active_record_support.rb +16 -0
  16. data/app/models/devise_token_auth/concerns/confirmable_support.rb +28 -0
  17. data/app/models/devise_token_auth/concerns/mongoid_support.rb +19 -0
  18. data/app/models/devise_token_auth/concerns/tokens_serialization.rb +19 -0
  19. data/app/models/devise_token_auth/concerns/user.rb +257 -0
  20. data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +31 -0
  21. data/app/validators/devise_token_auth_email_validator.rb +23 -0
  22. data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
  23. data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
  24. data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
  25. data/app/views/devise_token_auth/omniauth_external_window.html.erb +38 -0
  26. data/config/locales/da-DK.yml +52 -0
  27. data/config/locales/de.yml +51 -0
  28. data/config/locales/en.yml +60 -0
  29. data/config/locales/es.yml +51 -0
  30. data/config/locales/fr.yml +51 -0
  31. data/config/locales/he.yml +52 -0
  32. data/config/locales/it.yml +48 -0
  33. data/config/locales/ja.yml +48 -0
  34. data/config/locales/ko.yml +51 -0
  35. data/config/locales/nl.yml +32 -0
  36. data/config/locales/pl.yml +51 -0
  37. data/config/locales/pt-BR.yml +48 -0
  38. data/config/locales/pt.yml +51 -0
  39. data/config/locales/ro.yml +48 -0
  40. data/config/locales/ru.yml +52 -0
  41. data/config/locales/sq.yml +48 -0
  42. data/config/locales/sv.yml +52 -0
  43. data/config/locales/uk.yml +61 -0
  44. data/config/locales/vi.yml +52 -0
  45. data/config/locales/zh-CN.yml +48 -0
  46. data/config/locales/zh-HK.yml +50 -0
  47. data/config/locales/zh-TW.yml +50 -0
  48. data/lib/devise_token_auth.rb +14 -0
  49. data/lib/devise_token_auth/blacklist.rb +2 -0
  50. data/lib/devise_token_auth/controllers/helpers.rb +157 -0
  51. data/lib/devise_token_auth/controllers/url_helpers.rb +10 -0
  52. data/lib/devise_token_auth/engine.rb +96 -0
  53. data/lib/devise_token_auth/errors.rb +8 -0
  54. data/lib/devise_token_auth/rails/routes.rb +116 -0
  55. data/lib/devise_token_auth/token_factory.rb +126 -0
  56. data/lib/devise_token_auth/url.rb +44 -0
  57. data/lib/devise_token_auth/version.rb +5 -0
  58. data/lib/generators/devise_token_auth/USAGE +31 -0
  59. data/lib/generators/devise_token_auth/install_generator.rb +91 -0
  60. data/lib/generators/devise_token_auth/install_generator_helpers.rb +98 -0
  61. data/lib/generators/devise_token_auth/install_mongoid_generator.rb +46 -0
  62. data/lib/generators/devise_token_auth/install_views_generator.rb +18 -0
  63. data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +60 -0
  64. data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +49 -0
  65. data/lib/generators/devise_token_auth/templates/user.rb.erb +9 -0
  66. data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +56 -0
  67. data/lib/tasks/devise_token_auth_tasks.rake +6 -0
  68. data/test/controllers/custom/custom_confirmations_controller_test.rb +25 -0
  69. data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +33 -0
  70. data/test/controllers/custom/custom_passwords_controller_test.rb +79 -0
  71. data/test/controllers/custom/custom_registrations_controller_test.rb +63 -0
  72. data/test/controllers/custom/custom_sessions_controller_test.rb +39 -0
  73. data/test/controllers/custom/custom_token_validations_controller_test.rb +42 -0
  74. data/test/controllers/demo_group_controller_test.rb +151 -0
  75. data/test/controllers/demo_mang_controller_test.rb +284 -0
  76. data/test/controllers/demo_user_controller_test.rb +629 -0
  77. data/test/controllers/devise_token_auth/confirmations_controller_test.rb +191 -0
  78. data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +441 -0
  79. data/test/controllers/devise_token_auth/passwords_controller_test.rb +780 -0
  80. data/test/controllers/devise_token_auth/registrations_controller_test.rb +907 -0
  81. data/test/controllers/devise_token_auth/sessions_controller_test.rb +503 -0
  82. data/test/controllers/devise_token_auth/token_validations_controller_test.rb +102 -0
  83. data/test/controllers/devise_token_auth/unlocks_controller_test.rb +196 -0
  84. data/test/controllers/overrides/confirmations_controller_test.rb +47 -0
  85. data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +53 -0
  86. data/test/controllers/overrides/passwords_controller_test.rb +64 -0
  87. data/test/controllers/overrides/registrations_controller_test.rb +46 -0
  88. data/test/controllers/overrides/sessions_controller_test.rb +35 -0
  89. data/test/controllers/overrides/token_validations_controller_test.rb +43 -0
  90. data/test/dummy/README.rdoc +28 -0
  91. data/test/dummy/app/active_record/confirmable_user.rb +11 -0
  92. data/test/dummy/app/active_record/lockable_user.rb +7 -0
  93. data/test/dummy/app/active_record/mang.rb +5 -0
  94. data/test/dummy/app/active_record/only_email_user.rb +7 -0
  95. data/test/dummy/app/active_record/scoped_user.rb +9 -0
  96. data/test/dummy/app/active_record/unconfirmable_user.rb +9 -0
  97. data/test/dummy/app/active_record/unregisterable_user.rb +9 -0
  98. data/test/dummy/app/active_record/user.rb +6 -0
  99. data/test/dummy/app/controllers/application_controller.rb +18 -0
  100. data/test/dummy/app/controllers/auth_origin_controller.rb +7 -0
  101. data/test/dummy/app/controllers/custom/confirmations_controller.rb +13 -0
  102. data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb +13 -0
  103. data/test/dummy/app/controllers/custom/passwords_controller.rb +39 -0
  104. data/test/dummy/app/controllers/custom/registrations_controller.rb +39 -0
  105. data/test/dummy/app/controllers/custom/sessions_controller.rb +29 -0
  106. data/test/dummy/app/controllers/custom/token_validations_controller.rb +19 -0
  107. data/test/dummy/app/controllers/demo_group_controller.rb +15 -0
  108. data/test/dummy/app/controllers/demo_mang_controller.rb +14 -0
  109. data/test/dummy/app/controllers/demo_user_controller.rb +27 -0
  110. data/test/dummy/app/controllers/overrides/confirmations_controller.rb +28 -0
  111. data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +16 -0
  112. data/test/dummy/app/controllers/overrides/passwords_controller.rb +35 -0
  113. data/test/dummy/app/controllers/overrides/registrations_controller.rb +29 -0
  114. data/test/dummy/app/controllers/overrides/sessions_controller.rb +36 -0
  115. data/test/dummy/app/controllers/overrides/token_validations_controller.rb +23 -0
  116. data/test/dummy/app/helpers/application_helper.rb +1058 -0
  117. data/test/dummy/app/models/concerns/favorite_color.rb +19 -0
  118. data/test/dummy/app/mongoid/confirmable_user.rb +52 -0
  119. data/test/dummy/app/mongoid/lockable_user.rb +38 -0
  120. data/test/dummy/app/mongoid/mang.rb +46 -0
  121. data/test/dummy/app/mongoid/only_email_user.rb +33 -0
  122. data/test/dummy/app/mongoid/scoped_user.rb +50 -0
  123. data/test/dummy/app/mongoid/unconfirmable_user.rb +44 -0
  124. data/test/dummy/app/mongoid/unregisterable_user.rb +47 -0
  125. data/test/dummy/app/mongoid/user.rb +49 -0
  126. data/test/dummy/app/views/layouts/application.html.erb +14 -0
  127. data/test/dummy/config.ru +18 -0
  128. data/test/dummy/config/application.rb +48 -0
  129. data/test/dummy/config/application.yml.bk +0 -0
  130. data/test/dummy/config/boot.rb +11 -0
  131. data/test/dummy/config/environment.rb +7 -0
  132. data/test/dummy/config/environments/development.rb +46 -0
  133. data/test/dummy/config/environments/production.rb +84 -0
  134. data/test/dummy/config/environments/test.rb +50 -0
  135. data/test/dummy/config/initializers/assets.rb +10 -0
  136. data/test/dummy/config/initializers/backtrace_silencers.rb +9 -0
  137. data/test/dummy/config/initializers/cookies_serializer.rb +5 -0
  138. data/test/dummy/config/initializers/devise.rb +290 -0
  139. data/test/dummy/config/initializers/devise_token_auth.rb +55 -0
  140. data/test/dummy/config/initializers/figaro.rb +3 -0
  141. data/test/dummy/config/initializers/filter_parameter_logging.rb +6 -0
  142. data/test/dummy/config/initializers/inflections.rb +18 -0
  143. data/test/dummy/config/initializers/mime_types.rb +6 -0
  144. data/test/dummy/config/initializers/omniauth.rb +11 -0
  145. data/test/dummy/config/initializers/session_store.rb +5 -0
  146. data/test/dummy/config/initializers/wrap_parameters.rb +16 -0
  147. data/test/dummy/config/routes.rb +57 -0
  148. data/test/dummy/config/spring.rb +3 -0
  149. data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +58 -0
  150. data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +57 -0
  151. data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +8 -0
  152. data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +7 -0
  153. data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +55 -0
  154. data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +56 -0
  155. data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +56 -0
  156. data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +56 -0
  157. data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +56 -0
  158. data/test/dummy/db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb +49 -0
  159. data/test/dummy/db/schema.rb +198 -0
  160. data/test/dummy/lib/migration_database_helper.rb +43 -0
  161. data/test/factories/users.rb +41 -0
  162. data/test/lib/devise_token_auth/blacklist_test.rb +11 -0
  163. data/test/lib/devise_token_auth/token_factory_test.rb +191 -0
  164. data/test/lib/devise_token_auth/url_test.rb +26 -0
  165. data/test/lib/generators/devise_token_auth/install_generator_test.rb +217 -0
  166. data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +222 -0
  167. data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +25 -0
  168. data/test/models/concerns/mongoid_support_test.rb +31 -0
  169. data/test/models/concerns/tokens_serialization_test.rb +70 -0
  170. data/test/models/confirmable_user_test.rb +35 -0
  171. data/test/models/only_email_user_test.rb +29 -0
  172. data/test/models/user_test.rb +108 -0
  173. data/test/support/controllers/routes.rb +43 -0
  174. data/test/test_helper.rb +103 -0
  175. metadata +481 -0
@@ -0,0 +1,503 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'test_helper'
4
+
5
+ # was the web request successful?
6
+ # was the user redirected to the right page?
7
+ # was the user successfully authenticated?
8
+ # was the correct object stored in the response?
9
+ # was the appropriate message delivered in the json payload?
10
+
11
+ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
12
+ describe DeviseTokenAuth::SessionsController do
13
+ describe 'Confirmed user' do
14
+ before do
15
+ @existing_user = create(:user, :with_nickname, :confirmed)
16
+ end
17
+
18
+ describe 'success' do
19
+ before do
20
+ post :create,
21
+ params: {
22
+ email: @existing_user.email,
23
+ password: @existing_user.password
24
+ }
25
+
26
+ @resource = assigns(:resource)
27
+ @data = JSON.parse(response.body)
28
+ end
29
+
30
+ test 'request should succeed' do
31
+ assert_equal 200, response.status
32
+ end
33
+
34
+ test 'request should return user data' do
35
+ assert_equal @existing_user.email, @data['data']['email']
36
+ end
37
+
38
+ describe "with multiple clients and headers don't change in each request" do
39
+ before do
40
+ # Set the max_number_of_devices to a lower number
41
+ # to expedite tests! (Default is 10)
42
+ DeviseTokenAuth.max_number_of_devices = 2
43
+ DeviseTokenAuth.change_headers_on_each_request = false
44
+
45
+ @user_session_params = {
46
+ email: @existing_user.email,
47
+ password: @existing_user.password
48
+ }
49
+ end
50
+
51
+ test 'should limit the maximum number of concurrent devices' do
52
+ # increment the number of devices until the maximum is exceeded
53
+ 1.upto(DeviseTokenAuth.max_number_of_devices + 1).each do |n|
54
+ initial_tokens = @existing_user.reload.tokens
55
+
56
+ assert_equal(
57
+ [n, DeviseTokenAuth.max_number_of_devices].min,
58
+ @existing_user.reload.tokens.length
59
+ )
60
+
61
+ # Already have the max number of devices
62
+ post :create, params: @user_session_params
63
+
64
+ # A session for a new device maintains the max number of concurrent devices
65
+ refute_equal initial_tokens, @existing_user.reload.tokens
66
+ end
67
+ end
68
+
69
+ test 'should drop old tokens when max number of devices is exceeded' do
70
+ 1.upto(DeviseTokenAuth.max_number_of_devices).each do |n|
71
+ post :create, params: @user_session_params
72
+ end
73
+
74
+ oldest_token, _ = @existing_user.reload.tokens \
75
+ .min_by { |cid, v| v[:expiry] || v['expiry'] }
76
+
77
+ post :create, params: @user_session_params
78
+
79
+ assert_not_includes @existing_user.reload.tokens.keys, oldest_token
80
+ end
81
+
82
+ after do
83
+ DeviseTokenAuth.max_number_of_devices = 10
84
+ DeviseTokenAuth.change_headers_on_each_request = true
85
+ end
86
+ end
87
+ end
88
+
89
+ describe 'get sign_in is not supported' do
90
+ before do
91
+ get :new,
92
+ params: { nickname: @existing_user.nickname,
93
+ password: @existing_user.password }
94
+ @data = JSON.parse(response.body)
95
+ end
96
+
97
+ test 'user is notified that they should use post sign_in to authenticate' do
98
+ assert_equal 405, response.status
99
+ end
100
+ test 'response should contain errors' do
101
+ assert @data['errors']
102
+ assert_equal @data['errors'], [I18n.t('devise_token_auth.sessions.not_supported')]
103
+ end
104
+ end
105
+
106
+ describe 'header sign_in is supported' do
107
+ before do
108
+ request.headers.merge!(
109
+ 'email' => @existing_user.email,
110
+ 'password' => @existing_user.password
111
+ )
112
+
113
+ head :create
114
+ @data = JSON.parse(response.body)
115
+ end
116
+
117
+ test 'user can sign in using header request' do
118
+ assert_equal 200, response.status
119
+ end
120
+ end
121
+
122
+ describe 'alt auth keys' do
123
+ before do
124
+ post :create,
125
+ params: { nickname: @existing_user.nickname,
126
+ password: @existing_user.password }
127
+ @data = JSON.parse(response.body)
128
+ end
129
+
130
+ test 'user can sign in using nickname' do
131
+ assert_equal 200, response.status
132
+ assert_equal @existing_user.email, @data['data']['email']
133
+ end
134
+ end
135
+
136
+ describe 'authed user sign out' do
137
+ before do
138
+ def @controller.reset_session_called
139
+ @reset_session_called == true
140
+ end
141
+
142
+ def @controller.reset_session
143
+ @reset_session_called = true
144
+ end
145
+ @auth_headers = @existing_user.create_new_auth_token
146
+ request.headers.merge!(@auth_headers)
147
+ delete :destroy, format: :json
148
+ end
149
+
150
+ test 'user is successfully logged out' do
151
+ assert_equal 200, response.status
152
+ end
153
+
154
+ test 'token was destroyed' do
155
+ @existing_user.reload
156
+ refute @existing_user.tokens[@auth_headers['client']]
157
+ end
158
+
159
+ test 'session was destroyed' do
160
+ assert_equal true, @controller.reset_session_called
161
+ end
162
+ end
163
+
164
+ describe 'unauthed user sign out' do
165
+ before do
166
+ @auth_headers = @existing_user.create_new_auth_token
167
+ delete :destroy, format: :json
168
+ @data = JSON.parse(response.body)
169
+ end
170
+
171
+ test 'unauthed request returns 404' do
172
+ assert_equal 404, response.status
173
+ end
174
+
175
+ test 'response should contain errors' do
176
+ assert @data['errors']
177
+ assert_equal @data['errors'],
178
+ [I18n.t('devise_token_auth.sessions.user_not_found')]
179
+ end
180
+ end
181
+
182
+ describe 'failure' do
183
+ before do
184
+ post :create,
185
+ params: { email: @existing_user.email,
186
+ password: 'bogus' }
187
+
188
+ @resource = assigns(:resource)
189
+ @data = JSON.parse(response.body)
190
+ end
191
+
192
+ test 'request should fail' do
193
+ assert_equal 401, response.status
194
+ end
195
+
196
+ test 'response should contain errors' do
197
+ assert @data['errors']
198
+ assert_equal @data['errors'],
199
+ [I18n.t('devise_token_auth.sessions.bad_credentials')]
200
+ end
201
+ end
202
+
203
+ describe 'failure with bad password when change_headers_on_each_request false' do
204
+ before do
205
+ DeviseTokenAuth.change_headers_on_each_request = false
206
+
207
+ # accessing current_user calls through set_user_by_token,
208
+ # which initializes client_id
209
+ @controller.current_user
210
+
211
+ post :create,
212
+ params: { email: @existing_user.email,
213
+ password: 'bogus' }
214
+
215
+ @resource = assigns(:resource)
216
+ @data = JSON.parse(response.body)
217
+ end
218
+
219
+ test 'request should fail' do
220
+ assert_equal 401, response.status
221
+ end
222
+
223
+ test 'response should contain errors' do
224
+ assert @data['errors']
225
+ assert_equal @data['errors'], [I18n.t('devise_token_auth.sessions.bad_credentials')]
226
+ end
227
+
228
+ after do
229
+ DeviseTokenAuth.change_headers_on_each_request = true
230
+ end
231
+ end
232
+
233
+ describe 'case-insensitive email' do
234
+ before do
235
+ @resource_class = User
236
+ @request_params = {
237
+ email: @existing_user.email.upcase,
238
+ password: @existing_user.password
239
+ }
240
+ end
241
+
242
+ test 'request should succeed if configured' do
243
+ @resource_class.case_insensitive_keys = [:email]
244
+ post :create, params: @request_params
245
+ assert_equal 200, response.status
246
+ end
247
+
248
+ test 'request should fail if not configured' do
249
+ @resource_class.case_insensitive_keys = []
250
+ post :create, params: @request_params
251
+ assert_equal 401, response.status
252
+ end
253
+ end
254
+
255
+ describe 'stripping whitespace on email' do
256
+ before do
257
+ @resource_class = User
258
+ @request_params = {
259
+ # adding whitespace before and after email
260
+ email: " #{@existing_user.email} ",
261
+ password: @existing_user.password
262
+ }
263
+ end
264
+
265
+ test 'request should succeed if configured' do
266
+ @resource_class.strip_whitespace_keys = [:email]
267
+ post :create, params: @request_params
268
+ assert_equal 200, response.status
269
+ end
270
+
271
+ test 'request should fail if not configured' do
272
+ @resource_class.strip_whitespace_keys = []
273
+ post :create, params: @request_params
274
+ assert_equal 401, response.status
275
+ end
276
+ end
277
+ end
278
+
279
+ describe 'Unconfirmed user' do
280
+ before do
281
+ @unconfirmed_user = create(:user)
282
+ post :create, params: { email: @unconfirmed_user.email,
283
+ password: @unconfirmed_user.password }
284
+ @resource = assigns(:resource)
285
+ @data = JSON.parse(response.body)
286
+ end
287
+
288
+ test 'request should fail' do
289
+ assert_equal 401, response.status
290
+ end
291
+
292
+ test 'response should contain errors' do
293
+ assert @data['errors']
294
+ assert_equal @data['errors'],
295
+ [I18n.t('devise_token_auth.sessions.not_confirmed',
296
+ email: @unconfirmed_user.email)]
297
+ end
298
+ end
299
+
300
+ describe 'Unconfirmed user with allowed unconfirmed access' do
301
+ before do
302
+ @original_duration = Devise.allow_unconfirmed_access_for
303
+ Devise.allow_unconfirmed_access_for = 3.days
304
+ @recent_unconfirmed_user = create(:user)
305
+ post :create,
306
+ params: { email: @recent_unconfirmed_user.email,
307
+ password: @recent_unconfirmed_user.password }
308
+ @resource = assigns(:resource)
309
+ @data = JSON.parse(response.body)
310
+ end
311
+
312
+ after do
313
+ Devise.allow_unconfirmed_access_for = @original_duration
314
+ end
315
+
316
+ test 'request should succeed' do
317
+ assert_equal 200, response.status
318
+ end
319
+
320
+ test 'request should return user data' do
321
+ assert_equal @recent_unconfirmed_user.email, @data['data']['email']
322
+ end
323
+ end
324
+
325
+ describe 'Unconfirmed user with expired unconfirmed access' do
326
+ before do
327
+ @unconfirmed_user = create(:user, :unconfirmed)
328
+ post :create,
329
+ params: { email: @unconfirmed_user.email,
330
+ password: @unconfirmed_user.password }
331
+ @resource = assigns(:resource)
332
+ @data = JSON.parse(response.body)
333
+ end
334
+
335
+ test 'request should fail' do
336
+ assert_equal 401, response.status
337
+ end
338
+
339
+ test 'response should contain errors' do
340
+ assert @data['errors']
341
+ end
342
+ end
343
+
344
+ describe 'Non-existing user' do
345
+ before do
346
+ post :create,
347
+ params: { email: -> { Faker::Internet.email },
348
+ password: -> { Faker::Number.number(10) } }
349
+ @resource = assigns(:resource)
350
+ @data = JSON.parse(response.body)
351
+ end
352
+
353
+ test 'request should fail' do
354
+ assert_equal 401, response.status
355
+ end
356
+
357
+ test 'response should contain errors' do
358
+ assert @data['errors']
359
+ end
360
+ end
361
+
362
+ describe 'Alternate user class' do
363
+ setup do
364
+ @request.env['devise.mapping'] = Devise.mappings[:mang]
365
+ end
366
+
367
+ teardown do
368
+ @request.env['devise.mapping'] = Devise.mappings[:user]
369
+ end
370
+
371
+ before do
372
+ @existing_user = create(:mang_user, :confirmed)
373
+
374
+ post :create,
375
+ params: { email: @existing_user.email,
376
+ password: @existing_user.password }
377
+
378
+ @resource = assigns(:resource)
379
+ @data = JSON.parse(response.body)
380
+ end
381
+
382
+ test 'request should succeed' do
383
+ assert_equal 200, response.status
384
+ end
385
+
386
+ test 'request should return user data' do
387
+ assert_equal @existing_user.email, @data['data']['email']
388
+ end
389
+ end
390
+
391
+ describe 'User with only :database_authenticatable and :registerable included' do
392
+ setup do
393
+ @request.env['devise.mapping'] = Devise.mappings[:only_email_user]
394
+ end
395
+
396
+ teardown do
397
+ @request.env['devise.mapping'] = Devise.mappings[:user]
398
+ end
399
+
400
+ before do
401
+ @existing_user = create(:only_email_user)
402
+
403
+ post :create,
404
+ params: { email: @existing_user.email,
405
+ password: @existing_user.password }
406
+
407
+ @resource = assigns(:resource)
408
+ @data = JSON.parse(response.body)
409
+ end
410
+
411
+ test 'user should be able to sign in without confirmation' do
412
+ assert 200, response.status
413
+ refute OnlyEmailUser.method_defined?(:confirmed_at)
414
+ end
415
+ end
416
+
417
+ describe 'Lockable User' do
418
+ setup do
419
+ @request.env['devise.mapping'] = Devise.mappings[:lockable_user]
420
+ end
421
+
422
+ teardown do
423
+ @request.env['devise.mapping'] = Devise.mappings[:user]
424
+ end
425
+
426
+ before do
427
+ @original_lock_strategy = Devise.lock_strategy
428
+ @original_unlock_strategy = Devise.unlock_strategy
429
+ @original_maximum_attempts = Devise.maximum_attempts
430
+ Devise.lock_strategy = :failed_attempts
431
+ Devise.unlock_strategy = :email
432
+ Devise.maximum_attempts = 5
433
+ end
434
+
435
+ after do
436
+ Devise.lock_strategy = @original_lock_strategy
437
+ Devise.maximum_attempts = @original_maximum_attempts
438
+ Devise.unlock_strategy = @original_unlock_strategy
439
+ end
440
+
441
+ describe 'locked user' do
442
+ before do
443
+ @locked_user = create(:lockable_user, :locked)
444
+ post :create,
445
+ params: { email: @locked_user.email,
446
+ password: @locked_user.password }
447
+ @data = JSON.parse(response.body)
448
+ end
449
+
450
+ test 'request should fail' do
451
+ assert_equal 401, response.status
452
+ end
453
+
454
+ test 'response should contain errors' do
455
+ assert @data['errors']
456
+ assert_equal @data['errors'], [I18n.t('devise.mailer.unlock_instructions.account_lock_msg')]
457
+ end
458
+ end
459
+
460
+ describe 'unlocked user with bad password' do
461
+ before do
462
+ @unlocked_user = create(:lockable_user)
463
+ post :create,
464
+ params: { email: @unlocked_user.email,
465
+ password: 'bad-password' }
466
+ @data = JSON.parse(response.body)
467
+ end
468
+
469
+ test 'request should fail' do
470
+ assert_equal 401, response.status
471
+ end
472
+
473
+ test 'should increase failed_attempts' do
474
+ assert_equal 1, @unlocked_user.reload.failed_attempts
475
+ end
476
+
477
+ test 'response should contain errors' do
478
+ assert @data['errors']
479
+ assert_equal @data['errors'], [I18n.t('devise_token_auth.sessions.bad_credentials')]
480
+ end
481
+
482
+ describe 'after maximum_attempts should block the user' do
483
+ before do
484
+ 4.times do
485
+ post :create,
486
+ params: { email: @unlocked_user.email,
487
+ password: 'bad-password' }
488
+ end
489
+ @data = JSON.parse(response.body)
490
+ end
491
+
492
+ test 'should increase failed_attempts' do
493
+ assert_equal 5, @unlocked_user.reload.failed_attempts
494
+ end
495
+
496
+ test 'should block the user' do
497
+ assert_equal true, @unlocked_user.reload.access_locked?
498
+ end
499
+ end
500
+ end
501
+ end
502
+ end
503
+ end