simple_token_authentication 1.5.1 → 1.5.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +23 -24
- data/Rakefile +31 -11
- data/doc/README.md +18 -0
- data/lib/simple_token_authentication.rb +39 -0
- data/lib/simple_token_authentication/acts_as_token_authenticatable.rb +18 -7
- data/lib/simple_token_authentication/acts_as_token_authentication_handler.rb +12 -123
- data/lib/simple_token_authentication/adapter.rb +7 -0
- data/lib/simple_token_authentication/adapters/active_record_adapter.rb +14 -0
- data/lib/simple_token_authentication/adapters/rails_adapter.rb +14 -0
- data/lib/simple_token_authentication/configuration.rb +25 -0
- data/lib/simple_token_authentication/entities_manager.rb +10 -0
- data/lib/simple_token_authentication/entity.rb +64 -0
- data/lib/simple_token_authentication/fallback_authentication_handler.rb +11 -0
- data/lib/simple_token_authentication/sign_in_handler.rb +19 -0
- data/lib/simple_token_authentication/token_authentication_handler.rb +138 -0
- data/lib/simple_token_authentication/token_comparator.rb +13 -0
- data/lib/simple_token_authentication/token_generator.rb +9 -0
- data/lib/simple_token_authentication/version.rb +1 -1
- data/spec/configuration/action_controller_callbacks_options_spec.rb +53 -0
- data/spec/configuration/fallback_to_devise_option_spec.rb +128 -0
- data/spec/configuration/header_names_option_spec.rb +454 -0
- data/spec/configuration/sign_in_token_option_spec.rb +92 -0
- data/spec/lib/simple_token_authentication/acts_as_token_authenticatable_spec.rb +108 -0
- data/spec/lib/simple_token_authentication/acts_as_token_authentication_handler_spec.rb +127 -0
- data/spec/lib/simple_token_authentication/adapter_spec.rb +21 -0
- data/spec/lib/simple_token_authentication/adapters/active_record_adapter_spec.rb +21 -0
- data/spec/lib/simple_token_authentication/adapters/rails_adapter_spec.rb +21 -0
- data/spec/lib/simple_token_authentication/configuration_spec.rb +121 -0
- data/spec/lib/simple_token_authentication/entities_manager_spec.rb +67 -0
- data/spec/lib/simple_token_authentication/entity_spec.rb +190 -0
- data/spec/lib/simple_token_authentication/fallback_authentication_handler_spec.rb +24 -0
- data/spec/lib/simple_token_authentication/sign_in_handler_spec.rb +43 -0
- data/spec/lib/simple_token_authentication/token_authentication_handler_spec.rb +250 -0
- data/spec/lib/simple_token_authentication/token_comparator_spec.rb +19 -0
- data/spec/lib/simple_token_authentication/token_generator_spec.rb +19 -0
- data/spec/lib/simple_token_authentication_spec.rb +86 -0
- data/spec/spec_helper.rb +13 -0
- data/spec/support/dummy_classes_helper.rb +80 -0
- data/spec/support/spec_for_adapter.rb +6 -0
- data/spec/support/spec_for_authentication_handler_interface.rb +8 -0
- data/spec/support/spec_for_configuration_option_interface.rb +28 -0
- data/spec/support/spec_for_entities_manager_interface.rb +8 -0
- data/spec/support/spec_for_sign_in_handler_interface.rb +8 -0
- data/spec/support/spec_for_token_comparator_interface.rb +8 -0
- data/spec/support/spec_for_token_generator_interface.rb +8 -0
- data/spec/support/specs_for_token_authentication_handler_interface.rb +8 -0
- metadata +80 -132
- data/lib/tasks/cucumber.rake +0 -65
- data/spec/dummy/README.rdoc +0 -28
- data/spec/dummy/Rakefile +0 -6
- data/spec/dummy/app/assets/javascripts/application.js +0 -13
- data/spec/dummy/app/assets/stylesheets/application.css +0 -13
- data/spec/dummy/app/controllers/application_controller.rb +0 -5
- data/spec/dummy/app/helpers/application_helper.rb +0 -2
- data/spec/dummy/app/views/layouts/application.html.erb +0 -14
- data/spec/dummy/bin/bundle +0 -3
- data/spec/dummy/bin/rails +0 -4
- data/spec/dummy/bin/rake +0 -4
- data/spec/dummy/config.ru +0 -4
- data/spec/dummy/config/application.rb +0 -24
- data/spec/dummy/config/boot.rb +0 -5
- data/spec/dummy/config/database.yml +0 -25
- data/spec/dummy/config/environment.rb +0 -5
- data/spec/dummy/config/environments/development.rb +0 -29
- data/spec/dummy/config/environments/production.rb +0 -80
- data/spec/dummy/config/environments/test.rb +0 -36
- data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -7
- data/spec/dummy/config/initializers/filter_parameter_logging.rb +0 -4
- data/spec/dummy/config/initializers/inflections.rb +0 -16
- data/spec/dummy/config/initializers/mime_types.rb +0 -5
- data/spec/dummy/config/initializers/secret_token.rb +0 -12
- data/spec/dummy/config/initializers/session_store.rb +0 -3
- data/spec/dummy/config/initializers/wrap_parameters.rb +0 -14
- data/spec/dummy/config/locales/en.yml +0 -23
- data/spec/dummy/config/routes.rb +0 -56
- data/spec/dummy/public/404.html +0 -58
- data/spec/dummy/public/422.html +0 -58
- data/spec/dummy/public/500.html +0 -57
- data/spec/dummy/public/favicon.ico +0 -0
@@ -0,0 +1,67 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe SimpleTokenAuthentication::EntitiesManager do
|
4
|
+
|
5
|
+
# The 'model' argument is quite vague, as it is for Entity;
|
6
|
+
# let's do nothing to solve that undefinition for now.
|
7
|
+
|
8
|
+
it_behaves_like 'an entities manager'
|
9
|
+
|
10
|
+
describe '#find_or_create_entity' do
|
11
|
+
|
12
|
+
before(:each) do
|
13
|
+
entity = double()
|
14
|
+
allow(entity).to receive(:new).and_return('an Entity instance')
|
15
|
+
stub_const('SimpleTokenAuthentication::Entity', entity)
|
16
|
+
|
17
|
+
super_user = double()
|
18
|
+
allow(super_user).to receive(:name) # any Ruby class has a name
|
19
|
+
stub_const('SuperUser', super_user)
|
20
|
+
end
|
21
|
+
|
22
|
+
context 'when a model is provided for the first time' do
|
23
|
+
|
24
|
+
it 'creates an Entity instance for the model', private: true do
|
25
|
+
expect(SimpleTokenAuthentication::Entity).to receive(:new).with(SuperUser)
|
26
|
+
expect(subject.find_or_create_entity(SuperUser)).to eq 'an Entity instance'
|
27
|
+
end
|
28
|
+
|
29
|
+
context 'even if Entity instances for other models exist', private: true do
|
30
|
+
|
31
|
+
before(:each) do
|
32
|
+
# define another model
|
33
|
+
admin = double()
|
34
|
+
allow(admin).to receive(:name).and_return('Admin')
|
35
|
+
stub_const('Admin', admin)
|
36
|
+
# ensure its Entity instance exists
|
37
|
+
subject.find_or_create_entity(Admin)
|
38
|
+
allow(SimpleTokenAuthentication::Entity).to receive(:new).and_return('some new Entity instance')
|
39
|
+
end
|
40
|
+
|
41
|
+
it 'creates an Entity instance for the model', private: true do
|
42
|
+
expect(SimpleTokenAuthentication::Entity).to receive(:new).with(SuperUser)
|
43
|
+
expect(subject.find_or_create_entity(SuperUser)).to eq 'some new Entity instance'
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
context 'when an Entity instance for that model already exists' do
|
49
|
+
|
50
|
+
before(:each) do
|
51
|
+
allow(SuperUser).to receive(:name).and_return('SuperUser')
|
52
|
+
subject.find_or_create_entity(SuperUser)
|
53
|
+
|
54
|
+
allow(SimpleTokenAuthentication::Entity).to receive(:new).and_return('some new Entity instance')
|
55
|
+
end
|
56
|
+
|
57
|
+
it 'returns that Entity instance', private: true do
|
58
|
+
expect(subject.find_or_create_entity(SuperUser)).to eq 'an Entity instance'
|
59
|
+
end
|
60
|
+
|
61
|
+
it 'does not create a new Entity instance', private: true do
|
62
|
+
expect(SimpleTokenAuthentication::Entity).not_to receive(:new).with(SuperUser)
|
63
|
+
subject.find_or_create_entity(SuperUser)
|
64
|
+
end
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
@@ -0,0 +1,190 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe SimpleTokenAuthentication::Entity do
|
4
|
+
|
5
|
+
before(:each) do
|
6
|
+
user = double()
|
7
|
+
allow(user).to receive(:name).and_return('SuperUser')
|
8
|
+
stub_const('SuperUser', user)
|
9
|
+
|
10
|
+
@subject = SimpleTokenAuthentication::Entity.new(SuperUser)
|
11
|
+
end
|
12
|
+
|
13
|
+
it 'responds to :model', protected: true do
|
14
|
+
expect(@subject).to respond_to :model
|
15
|
+
end
|
16
|
+
|
17
|
+
it 'responds to :name', protected: true do
|
18
|
+
expect(@subject).to respond_to :name
|
19
|
+
end
|
20
|
+
|
21
|
+
it 'responds to :name_underscore', protected: true do
|
22
|
+
expect(@subject).to respond_to :name_underscore
|
23
|
+
end
|
24
|
+
|
25
|
+
it 'responds to :token_header_name', protected: true do
|
26
|
+
expect(@subject).to respond_to :token_header_name
|
27
|
+
end
|
28
|
+
|
29
|
+
it 'responds to :identifier_header_name', protected: true do
|
30
|
+
expect(@subject).to respond_to :identifier_header_name
|
31
|
+
end
|
32
|
+
|
33
|
+
it 'responds to :token_param_name', protected: true do
|
34
|
+
expect(@subject).to respond_to :token_param_name
|
35
|
+
end
|
36
|
+
|
37
|
+
it 'responds to :identifier_param_name', protected: true do
|
38
|
+
expect(@subject).to respond_to :identifier_param_name
|
39
|
+
end
|
40
|
+
|
41
|
+
it 'responds to :get_token_from_params_or_headers', protected: true do
|
42
|
+
expect(@subject).to respond_to :get_token_from_params_or_headers
|
43
|
+
end
|
44
|
+
|
45
|
+
it 'responds to :get_identifier_from_params_or_headers', protected: true do
|
46
|
+
expect(@subject).to respond_to :get_identifier_from_params_or_headers
|
47
|
+
end
|
48
|
+
|
49
|
+
describe '#model' do
|
50
|
+
it 'is a constant', protected: true do
|
51
|
+
expect(@subject.model).to eq SuperUser
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
describe '#name' do
|
56
|
+
it 'is a camelized String', protected: true do
|
57
|
+
expect(@subject.name).to be_instance_of String
|
58
|
+
expect(@subject.name).to eq @subject.name.camelize
|
59
|
+
end
|
60
|
+
end
|
61
|
+
|
62
|
+
describe '#name_underscore', protected: true do
|
63
|
+
it 'is an underscored String' do
|
64
|
+
expect(@subject.name_underscore).to be_instance_of String
|
65
|
+
expect(@subject.name_underscore).to eq @subject.name_underscore.underscore
|
66
|
+
end
|
67
|
+
end
|
68
|
+
|
69
|
+
describe '#token_header_name', protected: true do
|
70
|
+
it 'is a String' do
|
71
|
+
expect(@subject.token_header_name).to be_instance_of String
|
72
|
+
end
|
73
|
+
|
74
|
+
it 'defines a non-standard header field' do
|
75
|
+
expect(@subject.token_header_name[0..1]).to eq 'X-'
|
76
|
+
end
|
77
|
+
end
|
78
|
+
|
79
|
+
describe '#identifier_header_name', protected: true do
|
80
|
+
it 'is a String' do
|
81
|
+
expect(@subject.identifier_header_name).to be_instance_of String
|
82
|
+
end
|
83
|
+
|
84
|
+
it 'defines a non-standard header field' do
|
85
|
+
expect(@subject.identifier_header_name[0..1]).to eq 'X-'
|
86
|
+
end
|
87
|
+
end
|
88
|
+
|
89
|
+
describe '#token_param_name', protected: true do
|
90
|
+
it 'is a Symbol' do
|
91
|
+
expect(@subject.token_param_name).to be_instance_of Symbol
|
92
|
+
end
|
93
|
+
end
|
94
|
+
|
95
|
+
describe '#identifier_param_name', protected: true do
|
96
|
+
it 'is a Symbol' do
|
97
|
+
expect(@subject.identifier_param_name).to be_instance_of Symbol
|
98
|
+
end
|
99
|
+
end
|
100
|
+
|
101
|
+
describe '#get_token_from_params_or_headers', protected: true do
|
102
|
+
|
103
|
+
context 'when a token is present in params' do
|
104
|
+
|
105
|
+
before(:each) do
|
106
|
+
@controller = double()
|
107
|
+
allow(@controller).to receive(:params).and_return({ super_user_token: 'The_ToKeN' })
|
108
|
+
end
|
109
|
+
|
110
|
+
it 'returns that token (String)' do
|
111
|
+
expect(@subject.get_token_from_params_or_headers(@controller)).to be_instance_of String
|
112
|
+
expect(@subject.get_token_from_params_or_headers(@controller)).to eq 'The_ToKeN'
|
113
|
+
end
|
114
|
+
|
115
|
+
context 'and another token is present in the headers' do
|
116
|
+
|
117
|
+
before(:each) do
|
118
|
+
allow(@controller).to receive_message_chain(:request, :headers)
|
119
|
+
.and_return({ 'X-SuperUser-Token' => 'HeAd3rs_ToKeN' })
|
120
|
+
end
|
121
|
+
|
122
|
+
it 'returns the params token' do
|
123
|
+
expect(@subject.get_token_from_params_or_headers(@controller)).to eq 'The_ToKeN'
|
124
|
+
end
|
125
|
+
end
|
126
|
+
end
|
127
|
+
|
128
|
+
context 'when no token is present in params' do
|
129
|
+
|
130
|
+
context 'and a token is present in the headers' do
|
131
|
+
|
132
|
+
before(:each) do
|
133
|
+
@controller = double()
|
134
|
+
allow(@controller).to receive(:params).and_return({ super_user_token: '' })
|
135
|
+
allow(@controller).to receive_message_chain(:request, :headers)
|
136
|
+
.and_return({ 'X-SuperUser-Token' => 'HeAd3rs_ToKeN' })
|
137
|
+
end
|
138
|
+
|
139
|
+
it 'returns the headers token' do
|
140
|
+
expect(@subject.get_token_from_params_or_headers(@controller)).to eq 'HeAd3rs_ToKeN'
|
141
|
+
end
|
142
|
+
end
|
143
|
+
end
|
144
|
+
end
|
145
|
+
|
146
|
+
describe '#get_identifier_from_params_or_headers', protected: true do
|
147
|
+
|
148
|
+
context 'when an identifier is present in params' do
|
149
|
+
|
150
|
+
before(:each) do
|
151
|
+
@controller = double()
|
152
|
+
allow(@controller).to receive(:params).and_return({ super_user_email: 'alice@example.com' })
|
153
|
+
end
|
154
|
+
|
155
|
+
it 'returns that identifier (String)' do
|
156
|
+
expect(@subject.get_identifier_from_params_or_headers(@controller)).to be_instance_of String
|
157
|
+
expect(@subject.get_identifier_from_params_or_headers(@controller)).to eq 'alice@example.com'
|
158
|
+
end
|
159
|
+
|
160
|
+
context 'and another identifier is present in the headers' do
|
161
|
+
|
162
|
+
before(:each) do
|
163
|
+
allow(@controller).to receive_message_chain(:request, :headers)
|
164
|
+
.and_return({ 'X-SuperUser-Email' => 'bob@example.com' })
|
165
|
+
end
|
166
|
+
|
167
|
+
it 'returns the params identifier' do
|
168
|
+
expect(@subject.get_identifier_from_params_or_headers(@controller)).to eq 'alice@example.com'
|
169
|
+
end
|
170
|
+
end
|
171
|
+
end
|
172
|
+
|
173
|
+
context 'when no identifier is present in params' do
|
174
|
+
|
175
|
+
context 'and an identifier is present in the headers' do
|
176
|
+
|
177
|
+
before(:each) do
|
178
|
+
@controller = double()
|
179
|
+
allow(@controller).to receive(:params).and_return({ super_user_email: '' })
|
180
|
+
allow(@controller).to receive_message_chain(:request, :headers)
|
181
|
+
.and_return({ 'X-SuperUser-Email' => 'bob@example.com' })
|
182
|
+
end
|
183
|
+
|
184
|
+
it 'returns the headers identifier' do
|
185
|
+
expect(@subject.get_identifier_from_params_or_headers(@controller)).to eq 'bob@example.com'
|
186
|
+
end
|
187
|
+
end
|
188
|
+
end
|
189
|
+
end
|
190
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe SimpleTokenAuthentication::FallbackAuthenticationHandler do
|
4
|
+
|
5
|
+
it_behaves_like 'an authentication handler'
|
6
|
+
|
7
|
+
describe '#authenticate_entity!' do
|
8
|
+
|
9
|
+
it 'delegates authentication to Devise::Controllers::Helpers through a controller', private: true do
|
10
|
+
controller = double()
|
11
|
+
allow(controller).to receive(:authenticate_user!).and_return('Devise response.')
|
12
|
+
|
13
|
+
entity = double()
|
14
|
+
allow(entity).to receive_message_chain(:name_underscore).and_return('user')
|
15
|
+
|
16
|
+
# delegating consists in sending the message
|
17
|
+
expect(controller).to receive(:authenticate_user!)
|
18
|
+
response = subject.authenticate_entity!(controller, entity)
|
19
|
+
|
20
|
+
# and returning the response
|
21
|
+
expect(response).to eq 'Devise response.'
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,43 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe SimpleTokenAuthentication::SignInHandler do
|
4
|
+
|
5
|
+
it_behaves_like 'a sign in handler'
|
6
|
+
|
7
|
+
describe '#sign_in' do
|
8
|
+
|
9
|
+
it 'delegates sign in to Devise::Controllers::SignInOut#sign_in through a controller', private: true do
|
10
|
+
controller = double()
|
11
|
+
allow(controller).to receive(:sign_in).with(:record, option: 'some_value').and_return('Devise response.')
|
12
|
+
allow(controller).to receive(:env).and_return({})
|
13
|
+
|
14
|
+
# delegating consists in sending the message
|
15
|
+
expect(controller).to receive(:sign_in)
|
16
|
+
response = subject.sign_in(controller, :record, option: 'some_value')
|
17
|
+
|
18
|
+
# and returning the response
|
19
|
+
expect(response).to eq 'Devise response.'
|
20
|
+
end
|
21
|
+
|
22
|
+
it 'integrates with Devise trackable', protected: true do
|
23
|
+
controller = double()
|
24
|
+
allow(controller).to receive(:sign_in).with(:record)
|
25
|
+
allow(controller).to receive(:integrate_with_devise_trackable!)
|
26
|
+
|
27
|
+
expect(subject).to receive(:integrate_with_devise_trackable!).with(controller)
|
28
|
+
subject.sign_in(controller, :record)
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
describe '#integrate_with_devise_trackable!' do
|
33
|
+
|
34
|
+
it 'ensures Devise trackable statistics are kept clean', private: true do
|
35
|
+
controller = double()
|
36
|
+
env = double()
|
37
|
+
allow(controller).to receive(:env).and_return(env)
|
38
|
+
expect(env).to receive(:[]=).with('devise.skip_trackable', true)
|
39
|
+
|
40
|
+
subject.send :integrate_with_devise_trackable!, controller
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
@@ -0,0 +1,250 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe 'Any class which includes SimpleTokenAuthentication::TokenAuthenticationHandler' do
|
4
|
+
|
5
|
+
let(:described_class) do
|
6
|
+
define_dummy_class_which_includes SimpleTokenAuthentication::TokenAuthenticationHandler
|
7
|
+
end
|
8
|
+
|
9
|
+
after(:each) do
|
10
|
+
# ensure_examples_independence
|
11
|
+
SimpleTokenAuthentication.send(:remove_const, :SomeClass)
|
12
|
+
end
|
13
|
+
|
14
|
+
it_behaves_like 'a token authentication handler'
|
15
|
+
|
16
|
+
let(:subject) { described_class }
|
17
|
+
|
18
|
+
describe '.handle_token_authentication_for' do
|
19
|
+
|
20
|
+
before(:each) do
|
21
|
+
double_user_model
|
22
|
+
end
|
23
|
+
|
24
|
+
it 'ensures token authentication is handled for a given (token authenticatable) model', public: true do
|
25
|
+
entities_manager = double()
|
26
|
+
allow(entities_manager).to receive(:find_or_create_entity).and_return('entity')
|
27
|
+
|
28
|
+
# skip steps which are not relevant in this example
|
29
|
+
allow(SimpleTokenAuthentication).to receive(:fallback).and_return('default')
|
30
|
+
allow(subject).to receive(:entities_manager).and_return(entities_manager)
|
31
|
+
allow(subject).to receive(:set_token_authentication_hooks)
|
32
|
+
allow(subject).to receive(:define_token_authentication_helpers_for)
|
33
|
+
|
34
|
+
expect(subject).to receive(:set_token_authentication_hooks).with('entity', {option: 'value', fallback: 'default'})
|
35
|
+
subject.handle_token_authentication_for(User, {option: 'value'})
|
36
|
+
end
|
37
|
+
|
38
|
+
context 'when called multiple times' do
|
39
|
+
|
40
|
+
it 'ensures token authentication is handled for the given (token authenticatable) models', public: true do
|
41
|
+
double_super_admin_model
|
42
|
+
entities_manager = double()
|
43
|
+
allow(entities_manager).to receive(:find_or_create_entity).with(User).and_return('User entity')
|
44
|
+
allow(entities_manager).to receive(:find_or_create_entity).with(SuperAdmin).and_return('SuperAdmin entity')
|
45
|
+
|
46
|
+
# skip steps which are not relevant in this example
|
47
|
+
allow(SimpleTokenAuthentication).to receive(:fallback).and_return('default')
|
48
|
+
allow(subject).to receive(:entities_manager).and_return(entities_manager)
|
49
|
+
allow(subject).to receive(:set_token_authentication_hooks)
|
50
|
+
allow(subject).to receive(:define_token_authentication_helpers_for)
|
51
|
+
|
52
|
+
expect(subject).to receive(:set_token_authentication_hooks).with('User entity', {option: 'value', fallback: 'default'})
|
53
|
+
expect(subject).to receive(:set_token_authentication_hooks).with('SuperAdmin entity', {option: 'some specific value', fallback: 'default'})
|
54
|
+
subject.handle_token_authentication_for(User, {option: 'value'})
|
55
|
+
subject.handle_token_authentication_for(SuperAdmin, {option: 'some specific value'})
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
describe '.entities_manager' do
|
61
|
+
|
62
|
+
before(:each) do
|
63
|
+
# The private tag is here to keep the following examples out of
|
64
|
+
# the public documentation.
|
65
|
+
subject.send :public_class_method, :entities_manager
|
66
|
+
|
67
|
+
allow(SimpleTokenAuthentication::EntitiesManager).to receive(:new)
|
68
|
+
.and_return('a EntitiesManager instance')
|
69
|
+
end
|
70
|
+
|
71
|
+
context 'when called for the first time' do
|
72
|
+
|
73
|
+
it 'creates a new EntitiesManager instance', private: true do
|
74
|
+
expect(SimpleTokenAuthentication::EntitiesManager).to receive(:new)
|
75
|
+
expect(subject.entities_manager).to eq 'a EntitiesManager instance'
|
76
|
+
end
|
77
|
+
end
|
78
|
+
|
79
|
+
context 'when a EntitiesManager instance was already created' do
|
80
|
+
|
81
|
+
before(:each) do
|
82
|
+
subject.entities_manager
|
83
|
+
# let's make any new EntitiesManager distinct from the first
|
84
|
+
allow(SimpleTokenAuthentication::EntitiesManager).to receive(:new)
|
85
|
+
.and_return('another EntitiesManager instance')
|
86
|
+
end
|
87
|
+
|
88
|
+
it 'returns that instance', private: true do
|
89
|
+
expect(subject.entities_manager).to eq 'a EntitiesManager instance'
|
90
|
+
end
|
91
|
+
|
92
|
+
it 'does not create a new EntitiesManager instance', private: true do
|
93
|
+
expect(SimpleTokenAuthentication::EntitiesManager).not_to receive(:new)
|
94
|
+
expect(subject.entities_manager).not_to eq 'another EntitiesManager instance'
|
95
|
+
end
|
96
|
+
end
|
97
|
+
end
|
98
|
+
|
99
|
+
describe '.fallback_authentication_handler' do
|
100
|
+
|
101
|
+
before(:each) do
|
102
|
+
# The private tag is here to keep the following examples out of
|
103
|
+
# the public documentation.
|
104
|
+
subject.send :public_class_method, :fallback_authentication_handler
|
105
|
+
|
106
|
+
allow(SimpleTokenAuthentication::FallbackAuthenticationHandler).to receive(:new)
|
107
|
+
.and_return('a FallbackAuthenticationHandler instance')
|
108
|
+
end
|
109
|
+
|
110
|
+
context 'when called for the first time' do
|
111
|
+
|
112
|
+
it 'creates a new FallbackAuthenticationHandler instance', private: true do
|
113
|
+
expect(SimpleTokenAuthentication::FallbackAuthenticationHandler).to receive(:new)
|
114
|
+
expect(subject.fallback_authentication_handler).to eq 'a FallbackAuthenticationHandler instance'
|
115
|
+
end
|
116
|
+
end
|
117
|
+
|
118
|
+
context 'when a FallbackAuthenticationHandler instance was already created' do
|
119
|
+
|
120
|
+
before(:each) do
|
121
|
+
subject.fallback_authentication_handler
|
122
|
+
# let's make any new FallbackAuthenticationHandler distinct from the first
|
123
|
+
allow(SimpleTokenAuthentication::FallbackAuthenticationHandler).to receive(:new)
|
124
|
+
.and_return('another FallbackAuthenticationHandler instance')
|
125
|
+
end
|
126
|
+
|
127
|
+
it 'returns that instance', private: true do
|
128
|
+
expect(subject.fallback_authentication_handler).to eq 'a FallbackAuthenticationHandler instance'
|
129
|
+
end
|
130
|
+
|
131
|
+
it 'does not create a new FallbackAuthenticationHandler instance', private: true do
|
132
|
+
expect(SimpleTokenAuthentication::FallbackAuthenticationHandler).not_to receive(:new)
|
133
|
+
expect(subject.fallback_authentication_handler).not_to eq 'another FallbackAuthenticationHandler instance'
|
134
|
+
end
|
135
|
+
end
|
136
|
+
end
|
137
|
+
|
138
|
+
describe 'and which supports the :before_filter hook' do
|
139
|
+
|
140
|
+
before(:each) do
|
141
|
+
allow(subject).to receive(:before_filter)
|
142
|
+
end
|
143
|
+
|
144
|
+
# User
|
145
|
+
|
146
|
+
context 'and which handles token authentication for User' do
|
147
|
+
|
148
|
+
before(:each) do
|
149
|
+
double_user_model
|
150
|
+
end
|
151
|
+
|
152
|
+
it 'ensures its instances require user to authenticate from token or any Devise strategy before any action', public: true do
|
153
|
+
expect(subject).to receive(:before_filter).with(:authenticate_user_from_token!, {})
|
154
|
+
subject.handle_token_authentication_for User
|
155
|
+
end
|
156
|
+
|
157
|
+
context 'and disables the fallback to Devise authentication' do
|
158
|
+
|
159
|
+
let(:options) do
|
160
|
+
{ fallback_to_devise: false }
|
161
|
+
end
|
162
|
+
|
163
|
+
it 'ensures its instances require user to authenticate from token before any action', public: true do
|
164
|
+
expect(subject).to receive(:before_filter).with(:authenticate_user_from_token, {})
|
165
|
+
subject.handle_token_authentication_for User, options
|
166
|
+
end
|
167
|
+
end
|
168
|
+
|
169
|
+
describe 'instance' do
|
170
|
+
|
171
|
+
before(:each) do
|
172
|
+
double_user_model
|
173
|
+
|
174
|
+
subject.class_eval do
|
175
|
+
handle_token_authentication_for User
|
176
|
+
end
|
177
|
+
end
|
178
|
+
|
179
|
+
it 'responds to :authenticate_user_from_token', protected: true do
|
180
|
+
expect(subject.new).to respond_to :authenticate_user_from_token
|
181
|
+
end
|
182
|
+
|
183
|
+
it 'responds to :authenticate_user_from_token!', protected: true do
|
184
|
+
expect(subject.new).to respond_to :authenticate_user_from_token!
|
185
|
+
end
|
186
|
+
|
187
|
+
it 'does not respond to :authenticate_super_admin_from_token', protected: true do
|
188
|
+
expect(subject.new).not_to respond_to :authenticate_super_admin_from_token
|
189
|
+
end
|
190
|
+
|
191
|
+
it 'does not respond to :authenticate_super_admin_from_token!', protected: true do
|
192
|
+
expect(subject.new).not_to respond_to :authenticate_super_admin_from_token!
|
193
|
+
end
|
194
|
+
end
|
195
|
+
end
|
196
|
+
|
197
|
+
# SuperAdmin
|
198
|
+
|
199
|
+
context 'and which handles token authentication for SuperAdmin' do
|
200
|
+
|
201
|
+
before(:each) do
|
202
|
+
double_super_admin_model
|
203
|
+
end
|
204
|
+
|
205
|
+
it 'ensures its instances require super_admin to authenticate from token or any Devise strategy before any action', public: true do
|
206
|
+
expect(subject).to receive(:before_filter).with(:authenticate_super_admin_from_token!, {})
|
207
|
+
subject.handle_token_authentication_for SuperAdmin
|
208
|
+
end
|
209
|
+
|
210
|
+
context 'and disables the fallback to Devise authentication' do
|
211
|
+
|
212
|
+
let(:options) do
|
213
|
+
{ fallback_to_devise: false }
|
214
|
+
end
|
215
|
+
|
216
|
+
it 'ensures its instances require super_admin to authenticate from token before any action', public: true do
|
217
|
+
expect(subject).to receive(:before_filter).with(:authenticate_super_admin_from_token, {})
|
218
|
+
subject.handle_token_authentication_for SuperAdmin, options
|
219
|
+
end
|
220
|
+
end
|
221
|
+
|
222
|
+
describe 'instance' do
|
223
|
+
|
224
|
+
before(:each) do
|
225
|
+
double_super_admin_model
|
226
|
+
|
227
|
+
subject.class_eval do
|
228
|
+
handle_token_authentication_for SuperAdmin
|
229
|
+
end
|
230
|
+
end
|
231
|
+
|
232
|
+
it 'responds to :authenticate_super_admin_from_token', protected: true do
|
233
|
+
expect(subject.new).to respond_to :authenticate_super_admin_from_token
|
234
|
+
end
|
235
|
+
|
236
|
+
it 'responds to :authenticate_super_admin_from_token!', protected: true do
|
237
|
+
expect(subject.new).to respond_to :authenticate_super_admin_from_token!
|
238
|
+
end
|
239
|
+
|
240
|
+
it 'does not respond to :authenticate_user_from_token', protected: true do
|
241
|
+
expect(subject.new).not_to respond_to :authenticate_user_from_token
|
242
|
+
end
|
243
|
+
|
244
|
+
it 'does not respond to :authenticate_user_from_token!', protected: true do
|
245
|
+
expect(subject.new).not_to respond_to :authenticate_user_from_token!
|
246
|
+
end
|
247
|
+
end
|
248
|
+
end
|
249
|
+
end
|
250
|
+
end
|