RubyGems - wordjelly-auth - Versions diffs - 0.0.3 → 0.0.4 - Mend

wordjelly-auth 0.0.3 → 0.0.4

Files changed (202) hide show

checksums.yaml +4 -4
data/lib/auth/version.rb +1 -1
data/spec/auth_test.rb +7 -0
data/spec/controllers/auth/admin_create_users_controller_spec.rb +141 -0
data/spec/controllers/auth/clients_controller_spec.rb +223 -0
data/spec/controllers/auth/search_controller_spec.rb +5 -0
data/spec/controllers/auth/shopping/discounts_controller_spec.rb +54 -0
data/spec/controllers/auth/users/profiles_controller_spec.rb +5 -0
data/spec/dummy/README.rdoc +28 -0
data/spec/dummy/Rakefile +6 -0
data/spec/dummy/app/assets/javascripts/activity.js +2 -0
data/spec/dummy/app/assets/javascripts/application.js +16 -0
data/spec/dummy/app/assets/javascripts/home.js +2 -0
data/spec/dummy/app/assets/javascripts/pollymer.min.js +170 -0
data/spec/dummy/app/assets/javascripts/tests.js +2 -0
data/spec/dummy/app/assets/javascripts/topics.js +2 -0
data/spec/dummy/app/assets/stylesheets/activity.css +4 -0
data/spec/dummy/app/assets/stylesheets/application.scss +16 -0
data/spec/dummy/app/assets/stylesheets/home.css +4 -0
data/spec/dummy/app/assets/stylesheets/tests.css +4 -0
data/spec/dummy/app/assets/stylesheets/topics.css +4 -0
data/spec/dummy/app/controllers/activity_controller.rb +3 -0
data/spec/dummy/app/controllers/admins/confirmations_controller.rb +28 -0
data/spec/dummy/app/controllers/admins/omniauth_callbacks_controller.rb +28 -0
data/spec/dummy/app/controllers/admins/passwords_controller.rb +32 -0
data/spec/dummy/app/controllers/admins/registrations_controller.rb +60 -0
data/spec/dummy/app/controllers/admins/sessions_controller.rb +5 -0
data/spec/dummy/app/controllers/admins/unlocks_controller.rb +28 -0
data/spec/dummy/app/controllers/application_controller.rb +49 -0
data/spec/dummy/app/controllers/home_controller.rb +13 -0
data/spec/dummy/app/controllers/otp_controller.rb +3 -0
data/spec/dummy/app/controllers/shopping/cart_items_controller.rb +28 -0
data/spec/dummy/app/controllers/shopping/carts_controller.rb +4 -0
data/spec/dummy/app/controllers/shopping/discounts_controller.rb +3 -0
data/spec/dummy/app/controllers/shopping/payments_controller.rb +5 -0
data/spec/dummy/app/controllers/shopping/products_controller.rb +2 -0
data/spec/dummy/app/controllers/tests_controller.rb +58 -0
data/spec/dummy/app/controllers/topics_controller.rb +63 -0
data/spec/dummy/app/controllers/users/sessions_controller.rb +3 -0
data/spec/dummy/app/controllers/webhooks_controller.rb +13 -0
data/spec/dummy/app/helpers/activity_helper.rb +2 -0
data/spec/dummy/app/helpers/api/v1/token_auth_helper.rb +2 -0
data/spec/dummy/app/helpers/application_helper.rb +2 -0
data/spec/dummy/app/helpers/home_helper.rb +2 -0
data/spec/dummy/app/helpers/tests_helper.rb +2 -0
data/spec/dummy/app/helpers/topics_helper.rb +2 -0
data/spec/dummy/app/mailers/application_mailer.rb +4 -0
data/spec/dummy/app/mailers/new.rb +3 -0
data/spec/dummy/app/models/activity.rb +3 -0
data/spec/dummy/app/models/admin.rb +12 -0
data/spec/dummy/app/models/noti.rb +48 -0
data/spec/dummy/app/models/noti_response.rb +9 -0
data/spec/dummy/app/models/shopping/cart.rb +3 -0
data/spec/dummy/app/models/shopping/cart_item.rb +7 -0
data/spec/dummy/app/models/shopping/discount.rb +3 -0
data/spec/dummy/app/models/shopping/payment.rb +16 -0
data/spec/dummy/app/models/shopping/product.rb +6 -0
data/spec/dummy/app/models/test.rb +5 -0
data/spec/dummy/app/models/topic.rb +75 -0
data/spec/dummy/app/models/user.rb +95 -0
data/spec/dummy/app/views/home/index.html.erb +6 -0
data/spec/dummy/app/views/home/send_notification.html.erb +2 -0
data/spec/dummy/app/views/layouts/application.html.erb +26 -0
data/spec/dummy/app/views/layouts/mailer.html.erb +8 -0
data/spec/dummy/app/views/layouts/mailer.text.erb +1 -0
data/spec/dummy/app/views/new/notification.html.erb +1 -0
data/spec/dummy/app/views/new/notification.text.erb +1 -0
data/spec/dummy/app/views/shopping/_navigation_options.html.erb +1 -0
data/spec/dummy/app/views/tests/_form.html.erb +25 -0
data/spec/dummy/app/views/tests/edit.html.erb +6 -0
data/spec/dummy/app/views/tests/index.html.erb +33 -0
data/spec/dummy/app/views/tests/new.html.erb +5 -0
data/spec/dummy/app/views/tests/show.html.erb +14 -0
data/spec/dummy/app/views/topics/_form.html.erb +25 -0
data/spec/dummy/app/views/topics/edit.html.erb +6 -0
data/spec/dummy/app/views/topics/index.html.erb +29 -0
data/spec/dummy/app/views/topics/new.html.erb +5 -0
data/spec/dummy/app/views/topics/show.html.erb +14 -0
data/spec/dummy/app/views/users/sessions/create.js.erb +6 -0
data/spec/dummy/bin/bundle +3 -0
data/spec/dummy/bin/rails +4 -0
data/spec/dummy/bin/rake +4 -0
data/spec/dummy/bin/setup +29 -0
data/spec/dummy/config.ru +8 -0
data/spec/dummy/config/application.rb +31 -0
data/spec/dummy/config/boot.rb +5 -0
data/spec/dummy/config/environment.rb +4 -0
data/spec/dummy/config/environments/development.rb +57 -0
data/spec/dummy/config/environments/production.rb +92 -0
data/spec/dummy/config/environments/test.rb +44 -0
data/spec/dummy/config/initializers/assets.rb +11 -0
data/spec/dummy/config/initializers/aws.rb +15 -0
data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
data/spec/dummy/config/initializers/cookies_serializer.rb +3 -0
data/spec/dummy/config/initializers/devise.rb +273 -0
data/spec/dummy/config/initializers/filter_parameter_logging.rb +4 -0
data/spec/dummy/config/initializers/inflections.rb +16 -0
data/spec/dummy/config/initializers/mime_types.rb +4 -0
data/spec/dummy/config/initializers/preinitializer.rb +167 -0
data/spec/dummy/config/initializers/redis.rb +9 -0
data/spec/dummy/config/initializers/session_store.rb +3 -0
data/spec/dummy/config/initializers/wrap_parameters.rb +9 -0
data/spec/dummy/config/locales/devise.en.yml +62 -0
data/spec/dummy/config/locales/en.yml +25 -0
data/spec/dummy/config/mongoid.yml +142 -0
data/spec/dummy/config/redis.yml +14 -0
data/spec/dummy/config/routes.rb +38 -0
data/spec/dummy/config/secrets.yml +22 -0
data/spec/dummy/db/seeds.rb +48 -0
data/spec/dummy/lib/admin/parameter_sanitizer.rb +9 -0
data/spec/dummy/lib/assets/files/test_names.json +1 -0
data/spec/dummy/lib/user/parameter_sanitizer.rb +8 -0
data/spec/dummy/public/404.html +67 -0
data/spec/dummy/public/422.html +67 -0
data/spec/dummy/public/500.html +66 -0
data/spec/dummy/public/favicon.ico +0 -0
data/spec/dummy/shoryuken.yml +5 -0
data/spec/dummy/sidekiq.yml +9 -0
data/spec/dummy/sidekiq_prep.sh +6 -0
data/spec/dummy/spec/controllers/activity_controller_spec.rb +5 -0
data/spec/dummy/spec/controllers/tests_controller_spec.rb +141 -0
data/spec/dummy/spec/factories/tests.rb +6 -0
data/spec/dummy/spec/fixtures/new/send_notification +3 -0
data/spec/dummy/spec/helpers/activity_helper_spec.rb +15 -0
data/spec/dummy/spec/helpers/tests_helper_spec.rb +15 -0
data/spec/dummy/spec/mailers/new_spec.rb +18 -0
data/spec/dummy/spec/mailers/previews/new_preview.rb +13 -0
data/spec/dummy/spec/models/test_spec.rb +5 -0
data/spec/dummy/spec/requests/tests_spec.rb +10 -0
data/spec/dummy/spec/routing/tests_routing_spec.rb +39 -0
data/spec/dummy/spec/views/tests/edit.html.erb_spec.rb +21 -0
data/spec/dummy/spec/views/tests/index.html.erb_spec.rb +22 -0
data/spec/dummy/spec/views/tests/new.html.erb_spec.rb +21 -0
data/spec/dummy/spec/views/tests/show.html.erb_spec.rb +16 -0
data/spec/dummy/test/controllers/api/v1/token_auth_controller_test.rb +7 -0
data/spec/dummy/test/controllers/home_controller_test.rb +9 -0
data/spec/dummy/test/controllers/oauth_tests_controller_test.rb +7 -0
data/spec/dummy/test/fixtures/oauth_tests.yml +11 -0
data/spec/dummy/test/fixtures/users.yml +7 -0
data/spec/dummy/test/models/oauth_test_test.rb +7 -0
data/spec/dummy/test/models/user_test.rb +7 -0
data/spec/factories/client_factory.rb +77 -0
data/spec/features/additional_login_param_feature_spec.rb +63 -0
data/spec/features/extension_spec.rb +680 -0
data/spec/features/redirect_disable_spec.rb +74 -0
data/spec/fixtures/auth/clients.yml +13 -0
data/spec/helpers/auth/admin_create_users_helper_spec.rb +15 -0
data/spec/helpers/auth/resource_helper_spec.rb +15 -0
data/spec/helpers/auth/search_helper_spec.rb +15 -0
data/spec/helpers/auth/users/profiles_helper_spec.rb +15 -0
data/spec/integration/navigation_test.rb +8 -0
data/spec/mailers/auth/notifier_spec.rb +5 -0
data/spec/mailers/previews/auth/notifier_preview.rb +4 -0
data/spec/models/auth/admin_create_user_spec.rb +5 -0
data/spec/models/auth/client_test.rb +9 -0
data/spec/models/auth/shopping/discount_spec.rb +5 -0
data/spec/rails_helper.rb +70 -0
data/spec/requests/admin/confirmation_request_spec.rb +164 -0
data/spec/requests/admin/password_request_spec.rb +191 -0
data/spec/requests/admin/registration_request_spec.rb +574 -0
data/spec/requests/admin/session_request_spec.rb +352 -0
data/spec/requests/admin/unlock_request_spec.rb +178 -0
data/spec/requests/admin_create_user_request_spec.rb +303 -0
data/spec/requests/background_job_request_spec.rb +28 -0
data/spec/requests/cart_item_request_spec.rb +381 -0
data/spec/requests/cart_request_spec.rb +451 -0
data/spec/requests/client_request_spec.rb +65 -0
data/spec/requests/discount_request_spec.rb +589 -0
data/spec/requests/payment_request_spec.rb +1254 -0
data/spec/requests/search_request_spec.rb +173 -0
data/spec/requests/topic_request_spec.rb +138 -0
data/spec/requests/user/additional_login_param_and_email_validation_spec.rb +673 -0
data/spec/requests/user/confirmation_request_spec.rb +189 -0
data/spec/requests/user/omniauth_callbacks_request_spec.rb +682 -0
data/spec/requests/user/otp_basic_flow_request_spec.rb +512 -0
data/spec/requests/user/password_request_spec.rb +216 -0
data/spec/requests/user/registration_request_spec.rb +615 -0
data/spec/requests/user/session_request_spec.rb +361 -0
data/spec/requests/user/unlock_request_spec.rb +208 -0
data/spec/routing/admin/admin_routes_spec.rb +15 -0
data/spec/routing/auth/admin_create_users_routing_spec.rb +39 -0
data/spec/routing/clients_controller_routes_spec.rb +75 -0
data/spec/routing/engine_routes_spec.rb +16 -0
data/spec/spec_helper.rb +138 -0
data/spec/support/factory_girl.rb +3 -0
data/spec/support/omniauth_macros.rb +195 -0
data/spec/support/payumoney_support.rb +11 -0
data/spec/support/sign_in_support.rb +361 -0
data/spec/support/wait_for_ajax.rb +11 -0
data/spec/views/auth/admin_create_users/edit.html.erb_spec.rb +14 -0
data/spec/views/auth/admin_create_users/index.html.erb_spec.rb +14 -0
data/spec/views/auth/admin_create_users/new.html.erb_spec.rb +14 -0
data/spec/views/auth/admin_create_users/show.html.erb_spec.rb +11 -0
data/spec/views/auth/shopping/discounts/create.html.erb_spec.rb +5 -0
data/spec/views/auth/shopping/discounts/destroy.html.erb_spec.rb +5 -0
data/spec/views/auth/shopping/discounts/edit.html.erb_spec.rb +5 -0
data/spec/views/auth/shopping/discounts/index.html.erb_spec.rb +5 -0
data/spec/views/auth/shopping/discounts/new.html.erb_spec.rb +5 -0
data/spec/views/auth/shopping/discounts/show.html.erb_spec.rb +5 -0
data/spec/views/auth/shopping/discounts/update.html.erb_spec.rb +5 -0
data/spec/views/profile/show.html.erb_spec.rb +5 -0
metadata +401 -3

data/spec/requests/user/session_request_spec.rb ADDED

@@ -0,0 +1,361 @@
+require "rails_helper"
+=begin
+in the following "web-app-context" tests and "json-request" tests, we sign in the same user whose client we use for authentication.
+basically we have created one user in the before(:example) , and with it an asscoiated client is created.
+now in all the tests, we sign in this user only, using its own client. normally we could also sign in other users using this client.
+=end
+RSpec.describe "session request spec",:session => true,:authentication => true, :type => :request do
+	context " -- web app requests" do
+		before(:example) do
+			ActionController::Base.allow_forgery_protection = false
+	        User.delete_all
+	        Auth::Client.delete_all
+	        @u = User.new(attributes_for(:user_confirmed))
+	        @u.versioned_create
+	        @c = Auth::Client.where(:resource_id => @u.id).first
+	        @c.api_key = "test"
+	        @c.redirect_urls = ["http://www.google.com"]
+	        @c.app_ids << "test_app_id"
+	        @c.versioned_update
+	        @ap_key = @c.api_key
+		end
+		context " -- valid api key with redirect url" do
+			it " -- GET Request,should set the session variables " do
+				get new_user_session_path,{redirect_url: "http://www.google.com", api_key: @ap_key, current_app_id: @c.app_ids[0]}
+				expect(session[:client]).not_to be_nil
+				expect(session[:redirect_url]).not_to be_nil
+			end
+			it " -- CREATE request, should redirect with the auth_token and es " do
+				post user_session_path,{user: {login: @u.email, password: "password"},redirect_url: "http://www.google.com", api_key: @ap_key, current_app_id: @c.app_ids[0]}
+				user = assigns(:user)
+				expect(response.code).to eq("302")
+				expect(response).to redirect_to("http://www.google.com?authentication_token=#{user.authentication_token}&es=#{user.client_authentication[@c.app_ids[0]]}")
+				expect(user).not_to be_nil
+       			expect(user.errors.full_messages).to be_empty
+			end
+			it " -- DESTROY Request, should not redirect. " do
+				sign_in_as_a_valid_and_confirmed_user
+				delete destroy_user_session_path,{:id => @user.id, redirect_url: "http://www.google.com", api_key: @ap_key, current_app_id: @c.app_ids[0]}
+				expect(response.code).to eq("302")
+				expect(response).to redirect_to(root_path)
+				expect(@user.errors.full_messages).to be_empty
+			end
+		end
+		context " -- invalid api key with redirect url" do
+			it " -- yields new session" do
+				get new_user_session_path,{api_key: "dog", redirect_url:"http://www.google.com", current_app_id: @c.app_ids[0]}
+				res = assigns(:user)
+				expect(response.code).to eq("200")
+				expect(session[:client]).to be_nil
+				expect(session[:redirect_url]).to be_nil
+				expect(res).not_to be_nil
+				expect(res.errors.full_messages).to be_empty
+			end
+			it " -- create session successfully,but does not redirect" do
+				post user_session_path, {user: {login: @u.email, password: "password"}, api_key:"dog", redirect_url:"http://www.google.com", current_app_id: @c.app_ids[0]}
+				res = assigns(:user)
+				expect(session[:client]).to be_nil
+				expect(session[:redirect_url]).to be_nil
+				expect(res).not_to be_nil
+				expect(response).to redirect_to(root_path)
+				expect(res.errors.full_messages).to be_empty
+			end
+			it " -- destory session loads" do
+				sign_in_as_a_valid_and_confirmed_user
+				delete destroy_user_session_path,{:id => @user.id, api_key:"dog", redirect_url:"http://www.google.com", current_app_id: @c.app_ids[0]}
+				res = assigns(:user)
+				expect(session[:client]).to be_nil
+				expect(session[:redirect_url]).to be_nil
+				expect(response.code).to eq("302")
+				expect(response).to redirect_to(root_path)
+			end
+		end
+		context " -- no api key with redirect url" do
+			it " -- yields new session" do
+				get new_user_session_path,{ redirect_url:"http://www.google.com", current_app_id: @c.app_ids[0]}
+				res = assigns(:user)
+				expect(response.code).to eq("200")
+				expect(session[:client]).to be_nil
+				expect(session[:redirect_url]).to be_nil
+				expect(res).not_to be_nil
+				expect(res.errors.full_messages).to be_empty
+			end
+			it " -- create session successfully, but does not redirect" do
+				post new_user_session_path, {user: attributes_for(:user),  redirect_url:"http://www.google.com", current_app_id: @c.app_ids[0]}
+				res = assigns(:user)
+				expect(response.code).to eq("200")
+				expect(session[:client]).to be_nil
+				expect(session[:redirect_url]).to be_nil
+				expect(res).not_to be_nil
+				expect(res.errors.full_messages).to be_empty
+			end
+			it " -- destory session loads" do
+				sign_in_as_a_valid_and_confirmed_user
+				delete destroy_user_session_path,{:id => @user.id,  redirect_url:"http://www.google.com", current_app_id: @c.app_ids[0]}
+				expect(session[:client]).to be_nil
+				expect(session[:redirect_url]).to be_nil
+				expect(response.code).to eq("302")
+				expect(response).to redirect_to(root_path)
+			end
+		end
+		context " -- no api key, no redirect url" do
+			it " -- yields new session" do
+				get new_user_session_path
+				res = assigns(:user)
+				expect(response.code).to eq("200")
+				expect(res).not_to be_nil
+				expect(res.errors.full_messages).to be_empty
+			end
+			it " -- create session successfully, but does not redirect" do
+				post new_user_session_path, {user: attributes_for(:user)}
+				res = assigns(:user)
+				expect(response.code).to eq("200")
+				expect(res).not_to be_nil
+				expect(res.errors.full_messages).to be_empty
+			end
+			it " -- destory session loads" do
+				sign_in_as_a_valid_and_confirmed_user
+				delete destroy_user_session_path,{:id => @user.id}
+				expect(response.code).to eq("302")
+			end
+		end
+	end
+	context " -- json requests " do
+		before(:example) do
+			ActionController::Base.allow_forgery_protection = true
+	        User.delete_all
+	        Auth::Client.delete_all
+	        @u = User.new(attributes_for(:user_confirmed))
+	        @u.versioned_create
+	        @c = Auth::Client.where(:resource_id => @u.id).first
+	        @c.api_key = "test"
+	        @c.redirect_urls = ["http://www.google.com"]
+	        @c.app_ids << "test_app_id"
+	        @c.versioned_update
+	        @ap_key = @c.api_key
+		end
+		after(:example) do
+			session.delete(:client)
+			session.delete(:redirect_url)
+		end
+		before(:each) do
+			@headers = { "CONTENT_TYPE" => "application/json" , "ACCEPT" => "application/json"}
+			#, "X-User-Token" => @u.authentication_token, "X-User-Es" => @u.client_authentication["test_app_id"], "X-User-Aid" => "test_app_id"
+		end
+		context " -- no api key" do
+			it " -- new session returns not authenticated" do
+				get new_user_session_path,nil,@headers
+        		expect(response.code).to eq("406")
+			end
+			it " -- create session retursn not authenticated" do
+				post new_user_session_path, {user: attributes_for(:user)}.to_json, @headers
+        		expect(response.code).to eq("401")
+			end
+			it " -- destroy session returns not authenticated" do
+				a = {:id => @u.id}
+		        delete destroy_user_session_path, a.to_json, @headers
+		        expect(response.code).to eq("406")
+			end
+		end
+		context " -- invalid api key " do
+			it " -- new session returns not authenticated" do
+				get new_user_registration_path,nil,@headers
+        		expect(response.code).to eq("401")
+			end
+			it " -- create session retursn not authenticated" do
+				post new_user_session_path, {user: attributes_for(:user)}.to_json, @headers
+        		expect(response.code).to eq("401")
+			end
+			it " -- destroy session returns not authenticated" do
+				a = {:id => @u.id}
+		        delete destroy_user_session_path, a.to_json, @headers
+		        expect(response.code).to eq("406")
+			end
+		end
+		context " -- valid api key" do
+			it " -- returns 406 when calling GET" do
+				get new_user_session_path, {api_key: @ap_key, current_app_id: @c.app_ids[0]}, @headers
+				expect(response.code).to eq("406")
+			end
+			it " -- returns the auth key and es when calling CREATE", :json_test => true do
+				params = {user: {login: @u.email, password: "password"}, api_key: @ap_key, current_app_id: @c.app_ids[0]}
+				post user_session_path, params.to_json, @headers
+        		expect(response.code).to eq("201")
+        		user_hash = JSON.parse(response.body)
+        		expect(user_hash.keys).to match_array(["authentication_token","es"])
+			end
+			it " -- returns a 401 Not Authenticated if login or passwod is wrong -- ", :wrong_password => true do
+				params = {user: {login: @u.email, password: "wrong_password"}, api_key: @ap_key, current_app_id: @c.app_ids[0]}
+				post user_session_path, params.to_json, @headers
+        		expect(response.code).to eq("401")
+			end
+			it " -- returns 406 when calling DESTROY" do
+				a = {:id => @u.id, :api_key => @ap_key, current_app_id: @c.app_ids[0]}
+		        delete destroy_user_session_path, a.to_json, @headers
+		        expect(response.code).to eq("406")
+			end
+		end
+	end
+	context " -- multiple clients -- ",:order => :defined do
+		before(:all) do
+			##create first user and associated client.
+			User.delete_all
+			Auth::Client.delete_all
+			@u = User.new(attributes_for(:user_confirmed))
+	        #@u.set_client_authentication("test_app_id")
+	        @u.versioned_create
+	        @c = Auth::Client.where(:resource_id => @u.id).first
+	        @c.api_key = "test"
+	        @c.redirect_urls = ["http://www.google.com"]
+	        @c.app_ids << "test_app_id"
+	        @c.versioned_update
+	        @ap_key = @c.api_key
+			##create another user and associated other client.
+			@u2 = User.new(attributes_for(:user_confirmed))
+	        #@u2.set_client_authentication("test_app_id2")
+	        @u2.versioned_create
+			@c2 = Auth::Client.where(:resource_id => @u2.id).first
+	        @c2.api_key = "test2"
+	        @c2.redirect_urls = ["http://www.yahoo.com"]
+	        @c2.app_ids << "test_app_id2"
+	        @c2.versioned_update
+	        @ap_key2 = @c2.api_key
+	        ActionController::Base.allow_forgery_protection = false
+		end
+		it " -- signs in user using first client -- " do
+			params = {user: {login: @u.email, password: "password"}, api_key: @ap_key, current_app_id: @c.app_ids[0]}
+			post user_session_path, params
+		end
+		it "-- signs in user using second client -- " do
+			params = {user: {login: @u.email, password: "password"}, api_key: @ap_key2, current_app_id: @c2.app_ids[0]}
+			post new_user_session_path, params
+			@signed_in_user = assigns(:user)
+			expect(@signed_in_user.client_authentication[@c.app_ids[0]]).not_to be_nil
+			expect(@signed_in_user.client_authentication[@c2.app_ids[0]]).not_to be_nil
+		end
+	end
+	context " -- same client with multiple app ids -- " do
+		before(:all) do
+			##create first user and associated client.
+			User.delete_all
+			Auth::Client.delete_all
+			@u = User.new(attributes_for(:user_confirmed))
+	        @u.versioned_create
+	        @c = Auth::Client.where(:resource_id => @u.id).first
+	        @c.api_key = "test"
+	        @c.redirect_urls = ["http://www.google.com"]
+	        @c.app_ids << "test_app_id"
+	        @c.app_ids << "test_app_id2"
+	        @c.versioned_update
+	        @ap_key = @c.api_key
+	    end
+	    it " -- signs in user with first app id -- " do
+	    	params = {user: {login: @u.email, password: "password"}, api_key: @ap_key, current_app_id: @c.app_ids[0]}
+			post new_user_session_path, params
+	    end
+	    it " -- signs in user with second app id -- " do
+	    	params = {user: {login: @u.email, password: "password"}, api_key: @ap_key, current_app_id: @c.app_ids[1]}
+			post new_user_session_path, params
+	    	@signed_in_user = assigns(:user)
+			expect(@signed_in_user.client_authentication[@c.app_ids[0]]).not_to be_nil
+			expect(@signed_in_user.client_authentication[@c.app_ids[1]]).not_to be_nil
+	    end
+	end
+end

data/spec/requests/user/unlock_request_spec.rb ADDED

@@ -0,0 +1,208 @@
+require "rails_helper"
+RSpec.describe "unlock request spec", :type => :request,:authentication => true, unlock: true do
+	before(:example) do
+		ActionController::Base.allow_forgery_protection = false
+      	User.delete_all
+      	Auth::Client.delete_all
+      	@u = User.new(attributes_for(:user_confirmed))
+      	@u.save
+      	@u.lock_access!
+      	@u.save
+      	##HERE THE USER IS NOT CONFIRMED, SO THE CLIENT IS NOT CREATED IN THE AFTER_sAVE BLOCK.
+      	##AS A RESULT WE MANUALLY CREATE A CLIENT.
+      	##WE USE THIS SAME CLIENT FOR THE API_KEY AND REDIRECT_URL.
+      	##NORMALLY THIS WOULD BE A CLIENT OF ANOTHER USER, ENTIRELY.
+      	@c = Auth::Client.new(:resource_id => @u.id)
+        @c.api_key = "test"
+      	@c.redirect_urls = ["http://www.google.com"]
+      	@c.app_ids << "test_app_id"
+      	@c.versioned_create
+      	@ap_key = @c.api_key
+      	@headers = { "CONTENT_TYPE" => "application/json" , "ACCEPT" => "application/json"}
+    end
+	after(:example) do
+		User.delete_all
+      	Auth::Client.delete_all
+	end
+	context "--- web app requests--" do
+		before(:example) do
+			ActionController::Base.allow_forgery_protection = false
+		end
+		context "-- invalid api key -- " do
+			it " -- new -- " do
+				get new_user_unlock_path,{}
+				expect(response.code).to eq("200")
+			end
+			it " -- create -- " do
+				prev_msg_count = ActionMailer::Base.deliveries.size
+				post user_unlock_path,{user:{email: @u.email}}
+				expect(response.code).to eq("302")
+				message = ActionMailer::Base.deliveries[-1].to_s
+    			token = nil
+      			message.scan(/unlock_token=(?<unlock_token>.*)\"/) do |ll|
+      				j = Regexp.last_match
+      				token = j[:unlock_token]
+      			end
+    			new_msg_count = ActionMailer::Base.deliveries.size
+    			expect(token).not_to be(nil)
+    			expect(new_msg_count - prev_msg_count).to eq(1)
+				@u.reload
+			end
+			it " -- show -- ", problem: true do
+				@u.send_unlock_instructions
+				@u.reload
+				message = ActionMailer::Base.deliveries[-1].to_s
+    			token = nil
+      			message.scan(/unlock_token=(?<unlock_token>.*)\"/) do |ll|
+      				j = Regexp.last_match
+      				token = j[:unlock_token]
+      			end
+    			get user_unlock_path,{unlock_token: token}
+    			expect(response.code).to eql("302")
+    			@u.reload
+    			expect(@u.access_locked?).not_to be_truthy
+    			expect(@u.unlock_token).to be_nil
+    			expect(@u.locked_at).to be_nil
+			end
+		end
+		context " -- valid api key + redirect_url -- " do
+			it " -- new should not redirect" do
+				get new_user_unlock_path, {redirect_url: "http://www.google.com", api_key: @ap_key, current_app_id: @c.app_ids[0]}
+				expect(session[:client]).not_to be_nil
+				expect(session[:redirect_url]).not_to be_nil
+				expect(response.code).to eq("200")
+			end
+			it " -- create should not redirect" do
+				prev_msg_count = ActionMailer::Base.deliveries.size
+				post user_unlock_path,{user:{email: @u.email},redirect_url: "http://www.google.com", api_key: @ap_key, current_app_id: @c.app_ids[0]}
+				expect(session[:client]).not_to be_nil
+				expect(session[:redirect_url]).not_to be_nil
+				expect(response.code).to eq("302")
+				message = ActionMailer::Base.deliveries[-1].to_s
+    			token = nil
+      			message.scan(/unlock_token=(?<unlock_token>.*)\"/) do |ll|
+      				j = Regexp.last_match
+      				token = j[:unlock_token]
+      			end
+    			new_msg_count = ActionMailer::Base.deliveries.size
+    			expect(token).not_to be(nil)
+    			expect(new_msg_count - prev_msg_count).to eq(1)
+				expect(response.location=~/google/).to be_nil
+			end
+			it " -- show should not redirect" do
+				@u.send_unlock_instructions
+				@u.reload
+				message = ActionMailer::Base.deliveries[-1].to_s
+    			token = nil
+      			message.scan(/unlock_token=(?<unlock_token>.*)\"/) do |ll|
+      				j = Regexp.last_match
+      				token = j[:unlock_token]
+      			end
+    			get user_unlock_path,{unlock_token: token,redirect_url: "http://www.google.com", api_key: @ap_key, current_app_id: @c.app_ids[0]}
+    			expect(session[:client]).not_to be_nil
+				expect(session[:redirect_url]).not_to be_nil
+    			expect(response.code).to eql("302")
+    			db_user = User.where(:email => @u.email).first
+    			expect(db_user.access_locked?).not_to be_truthy
+    			expect(db_user.unlock_token).to be_nil
+    			expect(db_user.locked_at).to be_nil
+    			expect(response.location=~/google/).to be_nil
+			end
+		end
+	end
+	context "-- json request -- " do
+		context " -- valid api key -- " do
+			it " -- new -- " do
+				get new_user_unlock_path,{api_key: @ap_key, current_app_id: @c.app_ids[0]}.to_json,@headers
+				expect(response.code).to eq("406")
+			end
+			it " -- create -- " do
+				prev_msg_count = ActionMailer::Base.deliveries.size
+				post user_unlock_path,{user:{email: @u.email},api_key: @ap_key, current_app_id: @c.app_ids[0]}.to_json,@headers
+				message = ActionMailer::Base.deliveries[-1].to_s
+    			token = nil
+      			message.scan(/unlock_token=(?<unlock_token>.*)\"/) do |ll|
+      				j = Regexp.last_match
+      				token = j[:unlock_token]
+      			end
+    			new_msg_count = ActionMailer::Base.deliveries.size
+    			expect(token).not_to be(nil)
+    			expect(new_msg_count - prev_msg_count).to eq(1)
+				expect(response.code).to eq("201")
+			end
+			it " -- show -- " do
+				@u.send_unlock_instructions
+				@u.reload
+				message = ActionMailer::Base.deliveries[-1].to_s
+    			token = nil
+      			message.scan(/unlock_token=(?<unlock_token>.*)\"/) do |ll|
+      				j = Regexp.last_match
+      				token = j[:unlock_token]
+      			end
+    			get user_unlock_path,{unlock_token: token, api_key: @ap_key, current_app_id: @c.app_ids[0]},@headers
+    			@u.reload
+    			expect(@u.unlock_token).to be_nil
+    			expect(@u.locked_at).to be_nil
+				expect(response.code).to eq("201")
+			end
+		end
+	end
+end