wordjelly-auth 0.0.3 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/auth/version.rb +1 -1
- data/spec/auth_test.rb +7 -0
- data/spec/controllers/auth/admin_create_users_controller_spec.rb +141 -0
- data/spec/controllers/auth/clients_controller_spec.rb +223 -0
- data/spec/controllers/auth/search_controller_spec.rb +5 -0
- data/spec/controllers/auth/shopping/discounts_controller_spec.rb +54 -0
- data/spec/controllers/auth/users/profiles_controller_spec.rb +5 -0
- data/spec/dummy/README.rdoc +28 -0
- data/spec/dummy/Rakefile +6 -0
- data/spec/dummy/app/assets/javascripts/activity.js +2 -0
- data/spec/dummy/app/assets/javascripts/application.js +16 -0
- data/spec/dummy/app/assets/javascripts/home.js +2 -0
- data/spec/dummy/app/assets/javascripts/pollymer.min.js +170 -0
- data/spec/dummy/app/assets/javascripts/tests.js +2 -0
- data/spec/dummy/app/assets/javascripts/topics.js +2 -0
- data/spec/dummy/app/assets/stylesheets/activity.css +4 -0
- data/spec/dummy/app/assets/stylesheets/application.scss +16 -0
- data/spec/dummy/app/assets/stylesheets/home.css +4 -0
- data/spec/dummy/app/assets/stylesheets/tests.css +4 -0
- data/spec/dummy/app/assets/stylesheets/topics.css +4 -0
- data/spec/dummy/app/controllers/activity_controller.rb +3 -0
- data/spec/dummy/app/controllers/admins/confirmations_controller.rb +28 -0
- data/spec/dummy/app/controllers/admins/omniauth_callbacks_controller.rb +28 -0
- data/spec/dummy/app/controllers/admins/passwords_controller.rb +32 -0
- data/spec/dummy/app/controllers/admins/registrations_controller.rb +60 -0
- data/spec/dummy/app/controllers/admins/sessions_controller.rb +5 -0
- data/spec/dummy/app/controllers/admins/unlocks_controller.rb +28 -0
- data/spec/dummy/app/controllers/application_controller.rb +49 -0
- data/spec/dummy/app/controllers/home_controller.rb +13 -0
- data/spec/dummy/app/controllers/otp_controller.rb +3 -0
- data/spec/dummy/app/controllers/shopping/cart_items_controller.rb +28 -0
- data/spec/dummy/app/controllers/shopping/carts_controller.rb +4 -0
- data/spec/dummy/app/controllers/shopping/discounts_controller.rb +3 -0
- data/spec/dummy/app/controllers/shopping/payments_controller.rb +5 -0
- data/spec/dummy/app/controllers/shopping/products_controller.rb +2 -0
- data/spec/dummy/app/controllers/tests_controller.rb +58 -0
- data/spec/dummy/app/controllers/topics_controller.rb +63 -0
- data/spec/dummy/app/controllers/users/sessions_controller.rb +3 -0
- data/spec/dummy/app/controllers/webhooks_controller.rb +13 -0
- data/spec/dummy/app/helpers/activity_helper.rb +2 -0
- data/spec/dummy/app/helpers/api/v1/token_auth_helper.rb +2 -0
- data/spec/dummy/app/helpers/application_helper.rb +2 -0
- data/spec/dummy/app/helpers/home_helper.rb +2 -0
- data/spec/dummy/app/helpers/tests_helper.rb +2 -0
- data/spec/dummy/app/helpers/topics_helper.rb +2 -0
- data/spec/dummy/app/mailers/application_mailer.rb +4 -0
- data/spec/dummy/app/mailers/new.rb +3 -0
- data/spec/dummy/app/models/activity.rb +3 -0
- data/spec/dummy/app/models/admin.rb +12 -0
- data/spec/dummy/app/models/noti.rb +48 -0
- data/spec/dummy/app/models/noti_response.rb +9 -0
- data/spec/dummy/app/models/shopping/cart.rb +3 -0
- data/spec/dummy/app/models/shopping/cart_item.rb +7 -0
- data/spec/dummy/app/models/shopping/discount.rb +3 -0
- data/spec/dummy/app/models/shopping/payment.rb +16 -0
- data/spec/dummy/app/models/shopping/product.rb +6 -0
- data/spec/dummy/app/models/test.rb +5 -0
- data/spec/dummy/app/models/topic.rb +75 -0
- data/spec/dummy/app/models/user.rb +95 -0
- data/spec/dummy/app/views/home/index.html.erb +6 -0
- data/spec/dummy/app/views/home/send_notification.html.erb +2 -0
- data/spec/dummy/app/views/layouts/application.html.erb +26 -0
- data/spec/dummy/app/views/layouts/mailer.html.erb +8 -0
- data/spec/dummy/app/views/layouts/mailer.text.erb +1 -0
- data/spec/dummy/app/views/new/notification.html.erb +1 -0
- data/spec/dummy/app/views/new/notification.text.erb +1 -0
- data/spec/dummy/app/views/shopping/_navigation_options.html.erb +1 -0
- data/spec/dummy/app/views/tests/_form.html.erb +25 -0
- data/spec/dummy/app/views/tests/edit.html.erb +6 -0
- data/spec/dummy/app/views/tests/index.html.erb +33 -0
- data/spec/dummy/app/views/tests/new.html.erb +5 -0
- data/spec/dummy/app/views/tests/show.html.erb +14 -0
- data/spec/dummy/app/views/topics/_form.html.erb +25 -0
- data/spec/dummy/app/views/topics/edit.html.erb +6 -0
- data/spec/dummy/app/views/topics/index.html.erb +29 -0
- data/spec/dummy/app/views/topics/new.html.erb +5 -0
- data/spec/dummy/app/views/topics/show.html.erb +14 -0
- data/spec/dummy/app/views/users/sessions/create.js.erb +6 -0
- data/spec/dummy/bin/bundle +3 -0
- data/spec/dummy/bin/rails +4 -0
- data/spec/dummy/bin/rake +4 -0
- data/spec/dummy/bin/setup +29 -0
- data/spec/dummy/config.ru +8 -0
- data/spec/dummy/config/application.rb +31 -0
- data/spec/dummy/config/boot.rb +5 -0
- data/spec/dummy/config/environment.rb +4 -0
- data/spec/dummy/config/environments/development.rb +57 -0
- data/spec/dummy/config/environments/production.rb +92 -0
- data/spec/dummy/config/environments/test.rb +44 -0
- data/spec/dummy/config/initializers/assets.rb +11 -0
- data/spec/dummy/config/initializers/aws.rb +15 -0
- data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/spec/dummy/config/initializers/cookies_serializer.rb +3 -0
- data/spec/dummy/config/initializers/devise.rb +273 -0
- data/spec/dummy/config/initializers/filter_parameter_logging.rb +4 -0
- data/spec/dummy/config/initializers/inflections.rb +16 -0
- data/spec/dummy/config/initializers/mime_types.rb +4 -0
- data/spec/dummy/config/initializers/preinitializer.rb +167 -0
- data/spec/dummy/config/initializers/redis.rb +9 -0
- data/spec/dummy/config/initializers/session_store.rb +3 -0
- data/spec/dummy/config/initializers/wrap_parameters.rb +9 -0
- data/spec/dummy/config/locales/devise.en.yml +62 -0
- data/spec/dummy/config/locales/en.yml +25 -0
- data/spec/dummy/config/mongoid.yml +142 -0
- data/spec/dummy/config/redis.yml +14 -0
- data/spec/dummy/config/routes.rb +38 -0
- data/spec/dummy/config/secrets.yml +22 -0
- data/spec/dummy/db/seeds.rb +48 -0
- data/spec/dummy/lib/admin/parameter_sanitizer.rb +9 -0
- data/spec/dummy/lib/assets/files/test_names.json +1 -0
- data/spec/dummy/lib/user/parameter_sanitizer.rb +8 -0
- data/spec/dummy/public/404.html +67 -0
- data/spec/dummy/public/422.html +67 -0
- data/spec/dummy/public/500.html +66 -0
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/shoryuken.yml +5 -0
- data/spec/dummy/sidekiq.yml +9 -0
- data/spec/dummy/sidekiq_prep.sh +6 -0
- data/spec/dummy/spec/controllers/activity_controller_spec.rb +5 -0
- data/spec/dummy/spec/controllers/tests_controller_spec.rb +141 -0
- data/spec/dummy/spec/factories/tests.rb +6 -0
- data/spec/dummy/spec/fixtures/new/send_notification +3 -0
- data/spec/dummy/spec/helpers/activity_helper_spec.rb +15 -0
- data/spec/dummy/spec/helpers/tests_helper_spec.rb +15 -0
- data/spec/dummy/spec/mailers/new_spec.rb +18 -0
- data/spec/dummy/spec/mailers/previews/new_preview.rb +13 -0
- data/spec/dummy/spec/models/test_spec.rb +5 -0
- data/spec/dummy/spec/requests/tests_spec.rb +10 -0
- data/spec/dummy/spec/routing/tests_routing_spec.rb +39 -0
- data/spec/dummy/spec/views/tests/edit.html.erb_spec.rb +21 -0
- data/spec/dummy/spec/views/tests/index.html.erb_spec.rb +22 -0
- data/spec/dummy/spec/views/tests/new.html.erb_spec.rb +21 -0
- data/spec/dummy/spec/views/tests/show.html.erb_spec.rb +16 -0
- data/spec/dummy/test/controllers/api/v1/token_auth_controller_test.rb +7 -0
- data/spec/dummy/test/controllers/home_controller_test.rb +9 -0
- data/spec/dummy/test/controllers/oauth_tests_controller_test.rb +7 -0
- data/spec/dummy/test/fixtures/oauth_tests.yml +11 -0
- data/spec/dummy/test/fixtures/users.yml +7 -0
- data/spec/dummy/test/models/oauth_test_test.rb +7 -0
- data/spec/dummy/test/models/user_test.rb +7 -0
- data/spec/factories/client_factory.rb +77 -0
- data/spec/features/additional_login_param_feature_spec.rb +63 -0
- data/spec/features/extension_spec.rb +680 -0
- data/spec/features/redirect_disable_spec.rb +74 -0
- data/spec/fixtures/auth/clients.yml +13 -0
- data/spec/helpers/auth/admin_create_users_helper_spec.rb +15 -0
- data/spec/helpers/auth/resource_helper_spec.rb +15 -0
- data/spec/helpers/auth/search_helper_spec.rb +15 -0
- data/spec/helpers/auth/users/profiles_helper_spec.rb +15 -0
- data/spec/integration/navigation_test.rb +8 -0
- data/spec/mailers/auth/notifier_spec.rb +5 -0
- data/spec/mailers/previews/auth/notifier_preview.rb +4 -0
- data/spec/models/auth/admin_create_user_spec.rb +5 -0
- data/spec/models/auth/client_test.rb +9 -0
- data/spec/models/auth/shopping/discount_spec.rb +5 -0
- data/spec/rails_helper.rb +70 -0
- data/spec/requests/admin/confirmation_request_spec.rb +164 -0
- data/spec/requests/admin/password_request_spec.rb +191 -0
- data/spec/requests/admin/registration_request_spec.rb +574 -0
- data/spec/requests/admin/session_request_spec.rb +352 -0
- data/spec/requests/admin/unlock_request_spec.rb +178 -0
- data/spec/requests/admin_create_user_request_spec.rb +303 -0
- data/spec/requests/background_job_request_spec.rb +28 -0
- data/spec/requests/cart_item_request_spec.rb +381 -0
- data/spec/requests/cart_request_spec.rb +451 -0
- data/spec/requests/client_request_spec.rb +65 -0
- data/spec/requests/discount_request_spec.rb +589 -0
- data/spec/requests/payment_request_spec.rb +1254 -0
- data/spec/requests/search_request_spec.rb +173 -0
- data/spec/requests/topic_request_spec.rb +138 -0
- data/spec/requests/user/additional_login_param_and_email_validation_spec.rb +673 -0
- data/spec/requests/user/confirmation_request_spec.rb +189 -0
- data/spec/requests/user/omniauth_callbacks_request_spec.rb +682 -0
- data/spec/requests/user/otp_basic_flow_request_spec.rb +512 -0
- data/spec/requests/user/password_request_spec.rb +216 -0
- data/spec/requests/user/registration_request_spec.rb +615 -0
- data/spec/requests/user/session_request_spec.rb +361 -0
- data/spec/requests/user/unlock_request_spec.rb +208 -0
- data/spec/routing/admin/admin_routes_spec.rb +15 -0
- data/spec/routing/auth/admin_create_users_routing_spec.rb +39 -0
- data/spec/routing/clients_controller_routes_spec.rb +75 -0
- data/spec/routing/engine_routes_spec.rb +16 -0
- data/spec/spec_helper.rb +138 -0
- data/spec/support/factory_girl.rb +3 -0
- data/spec/support/omniauth_macros.rb +195 -0
- data/spec/support/payumoney_support.rb +11 -0
- data/spec/support/sign_in_support.rb +361 -0
- data/spec/support/wait_for_ajax.rb +11 -0
- data/spec/views/auth/admin_create_users/edit.html.erb_spec.rb +14 -0
- data/spec/views/auth/admin_create_users/index.html.erb_spec.rb +14 -0
- data/spec/views/auth/admin_create_users/new.html.erb_spec.rb +14 -0
- data/spec/views/auth/admin_create_users/show.html.erb_spec.rb +11 -0
- data/spec/views/auth/shopping/discounts/create.html.erb_spec.rb +5 -0
- data/spec/views/auth/shopping/discounts/destroy.html.erb_spec.rb +5 -0
- data/spec/views/auth/shopping/discounts/edit.html.erb_spec.rb +5 -0
- data/spec/views/auth/shopping/discounts/index.html.erb_spec.rb +5 -0
- data/spec/views/auth/shopping/discounts/new.html.erb_spec.rb +5 -0
- data/spec/views/auth/shopping/discounts/show.html.erb_spec.rb +5 -0
- data/spec/views/auth/shopping/discounts/update.html.erb_spec.rb +5 -0
- data/spec/views/profile/show.html.erb_spec.rb +5 -0
- metadata +401 -3
@@ -0,0 +1,361 @@
|
|
1
|
+
require "rails_helper"
|
2
|
+
|
3
|
+
=begin
|
4
|
+
in the following "web-app-context" tests and "json-request" tests, we sign in the same user whose client we use for authentication.
|
5
|
+
basically we have created one user in the before(:example) , and with it an asscoiated client is created.
|
6
|
+
now in all the tests, we sign in this user only, using its own client. normally we could also sign in other users using this client.
|
7
|
+
=end
|
8
|
+
|
9
|
+
RSpec.describe "session request spec",:session => true,:authentication => true, :type => :request do
|
10
|
+
|
11
|
+
|
12
|
+
|
13
|
+
context " -- web app requests" do
|
14
|
+
|
15
|
+
before(:example) do
|
16
|
+
|
17
|
+
ActionController::Base.allow_forgery_protection = false
|
18
|
+
User.delete_all
|
19
|
+
Auth::Client.delete_all
|
20
|
+
@u = User.new(attributes_for(:user_confirmed))
|
21
|
+
@u.versioned_create
|
22
|
+
@c = Auth::Client.where(:resource_id => @u.id).first
|
23
|
+
@c.api_key = "test"
|
24
|
+
@c.redirect_urls = ["http://www.google.com"]
|
25
|
+
@c.app_ids << "test_app_id"
|
26
|
+
@c.versioned_update
|
27
|
+
@ap_key = @c.api_key
|
28
|
+
end
|
29
|
+
|
30
|
+
|
31
|
+
|
32
|
+
context " -- valid api key with redirect url" do
|
33
|
+
|
34
|
+
it " -- GET Request,should set the session variables " do
|
35
|
+
|
36
|
+
get new_user_session_path,{redirect_url: "http://www.google.com", api_key: @ap_key, current_app_id: @c.app_ids[0]}
|
37
|
+
expect(session[:client]).not_to be_nil
|
38
|
+
expect(session[:redirect_url]).not_to be_nil
|
39
|
+
|
40
|
+
end
|
41
|
+
|
42
|
+
it " -- CREATE request, should redirect with the auth_token and es " do
|
43
|
+
|
44
|
+
|
45
|
+
post user_session_path,{user: {login: @u.email, password: "password"},redirect_url: "http://www.google.com", api_key: @ap_key, current_app_id: @c.app_ids[0]}
|
46
|
+
user = assigns(:user)
|
47
|
+
expect(response.code).to eq("302")
|
48
|
+
expect(response).to redirect_to("http://www.google.com?authentication_token=#{user.authentication_token}&es=#{user.client_authentication[@c.app_ids[0]]}")
|
49
|
+
expect(user).not_to be_nil
|
50
|
+
expect(user.errors.full_messages).to be_empty
|
51
|
+
|
52
|
+
end
|
53
|
+
|
54
|
+
it " -- DESTROY Request, should not redirect. " do
|
55
|
+
|
56
|
+
sign_in_as_a_valid_and_confirmed_user
|
57
|
+
delete destroy_user_session_path,{:id => @user.id, redirect_url: "http://www.google.com", api_key: @ap_key, current_app_id: @c.app_ids[0]}
|
58
|
+
expect(response.code).to eq("302")
|
59
|
+
expect(response).to redirect_to(root_path)
|
60
|
+
expect(@user.errors.full_messages).to be_empty
|
61
|
+
end
|
62
|
+
|
63
|
+
end
|
64
|
+
|
65
|
+
|
66
|
+
context " -- invalid api key with redirect url" do
|
67
|
+
|
68
|
+
it " -- yields new session" do
|
69
|
+
|
70
|
+
get new_user_session_path,{api_key: "dog", redirect_url:"http://www.google.com", current_app_id: @c.app_ids[0]}
|
71
|
+
res = assigns(:user)
|
72
|
+
expect(response.code).to eq("200")
|
73
|
+
expect(session[:client]).to be_nil
|
74
|
+
expect(session[:redirect_url]).to be_nil
|
75
|
+
expect(res).not_to be_nil
|
76
|
+
expect(res.errors.full_messages).to be_empty
|
77
|
+
|
78
|
+
|
79
|
+
end
|
80
|
+
|
81
|
+
it " -- create session successfully,but does not redirect" do
|
82
|
+
post user_session_path, {user: {login: @u.email, password: "password"}, api_key:"dog", redirect_url:"http://www.google.com", current_app_id: @c.app_ids[0]}
|
83
|
+
res = assigns(:user)
|
84
|
+
expect(session[:client]).to be_nil
|
85
|
+
expect(session[:redirect_url]).to be_nil
|
86
|
+
expect(res).not_to be_nil
|
87
|
+
expect(response).to redirect_to(root_path)
|
88
|
+
expect(res.errors.full_messages).to be_empty
|
89
|
+
|
90
|
+
end
|
91
|
+
|
92
|
+
it " -- destory session loads" do
|
93
|
+
sign_in_as_a_valid_and_confirmed_user
|
94
|
+
delete destroy_user_session_path,{:id => @user.id, api_key:"dog", redirect_url:"http://www.google.com", current_app_id: @c.app_ids[0]}
|
95
|
+
res = assigns(:user)
|
96
|
+
expect(session[:client]).to be_nil
|
97
|
+
expect(session[:redirect_url]).to be_nil
|
98
|
+
expect(response.code).to eq("302")
|
99
|
+
expect(response).to redirect_to(root_path)
|
100
|
+
|
101
|
+
end
|
102
|
+
|
103
|
+
|
104
|
+
end
|
105
|
+
|
106
|
+
|
107
|
+
context " -- no api key with redirect url" do
|
108
|
+
|
109
|
+
it " -- yields new session" do
|
110
|
+
|
111
|
+
get new_user_session_path,{ redirect_url:"http://www.google.com", current_app_id: @c.app_ids[0]}
|
112
|
+
res = assigns(:user)
|
113
|
+
expect(response.code).to eq("200")
|
114
|
+
expect(session[:client]).to be_nil
|
115
|
+
expect(session[:redirect_url]).to be_nil
|
116
|
+
expect(res).not_to be_nil
|
117
|
+
expect(res.errors.full_messages).to be_empty
|
118
|
+
|
119
|
+
end
|
120
|
+
|
121
|
+
it " -- create session successfully, but does not redirect" do
|
122
|
+
post new_user_session_path, {user: attributes_for(:user), redirect_url:"http://www.google.com", current_app_id: @c.app_ids[0]}
|
123
|
+
res = assigns(:user)
|
124
|
+
expect(response.code).to eq("200")
|
125
|
+
expect(session[:client]).to be_nil
|
126
|
+
expect(session[:redirect_url]).to be_nil
|
127
|
+
expect(res).not_to be_nil
|
128
|
+
expect(res.errors.full_messages).to be_empty
|
129
|
+
end
|
130
|
+
|
131
|
+
it " -- destory session loads" do
|
132
|
+
sign_in_as_a_valid_and_confirmed_user
|
133
|
+
delete destroy_user_session_path,{:id => @user.id, redirect_url:"http://www.google.com", current_app_id: @c.app_ids[0]}
|
134
|
+
expect(session[:client]).to be_nil
|
135
|
+
expect(session[:redirect_url]).to be_nil
|
136
|
+
expect(response.code).to eq("302")
|
137
|
+
expect(response).to redirect_to(root_path)
|
138
|
+
end
|
139
|
+
|
140
|
+
|
141
|
+
end
|
142
|
+
|
143
|
+
|
144
|
+
context " -- no api key, no redirect url" do
|
145
|
+
|
146
|
+
it " -- yields new session" do
|
147
|
+
|
148
|
+
get new_user_session_path
|
149
|
+
res = assigns(:user)
|
150
|
+
expect(response.code).to eq("200")
|
151
|
+
expect(res).not_to be_nil
|
152
|
+
expect(res.errors.full_messages).to be_empty
|
153
|
+
end
|
154
|
+
|
155
|
+
it " -- create session successfully, but does not redirect" do
|
156
|
+
post new_user_session_path, {user: attributes_for(:user)}
|
157
|
+
res = assigns(:user)
|
158
|
+
expect(response.code).to eq("200")
|
159
|
+
expect(res).not_to be_nil
|
160
|
+
expect(res.errors.full_messages).to be_empty
|
161
|
+
end
|
162
|
+
|
163
|
+
it " -- destory session loads" do
|
164
|
+
sign_in_as_a_valid_and_confirmed_user
|
165
|
+
delete destroy_user_session_path,{:id => @user.id}
|
166
|
+
expect(response.code).to eq("302")
|
167
|
+
end
|
168
|
+
|
169
|
+
end
|
170
|
+
|
171
|
+
end
|
172
|
+
|
173
|
+
context " -- json requests " do
|
174
|
+
|
175
|
+
before(:example) do
|
176
|
+
ActionController::Base.allow_forgery_protection = true
|
177
|
+
User.delete_all
|
178
|
+
Auth::Client.delete_all
|
179
|
+
@u = User.new(attributes_for(:user_confirmed))
|
180
|
+
@u.versioned_create
|
181
|
+
@c = Auth::Client.where(:resource_id => @u.id).first
|
182
|
+
@c.api_key = "test"
|
183
|
+
@c.redirect_urls = ["http://www.google.com"]
|
184
|
+
@c.app_ids << "test_app_id"
|
185
|
+
@c.versioned_update
|
186
|
+
@ap_key = @c.api_key
|
187
|
+
end
|
188
|
+
|
189
|
+
after(:example) do
|
190
|
+
session.delete(:client)
|
191
|
+
session.delete(:redirect_url)
|
192
|
+
end
|
193
|
+
|
194
|
+
before(:each) do
|
195
|
+
@headers = { "CONTENT_TYPE" => "application/json" , "ACCEPT" => "application/json"}
|
196
|
+
#, "X-User-Token" => @u.authentication_token, "X-User-Es" => @u.client_authentication["test_app_id"], "X-User-Aid" => "test_app_id"
|
197
|
+
end
|
198
|
+
|
199
|
+
context " -- no api key" do
|
200
|
+
|
201
|
+
it " -- new session returns not authenticated" do
|
202
|
+
get new_user_session_path,nil,@headers
|
203
|
+
expect(response.code).to eq("406")
|
204
|
+
end
|
205
|
+
|
206
|
+
it " -- create session retursn not authenticated" do
|
207
|
+
post new_user_session_path, {user: attributes_for(:user)}.to_json, @headers
|
208
|
+
expect(response.code).to eq("401")
|
209
|
+
end
|
210
|
+
|
211
|
+
it " -- destroy session returns not authenticated" do
|
212
|
+
|
213
|
+
a = {:id => @u.id}
|
214
|
+
delete destroy_user_session_path, a.to_json, @headers
|
215
|
+
expect(response.code).to eq("406")
|
216
|
+
end
|
217
|
+
|
218
|
+
end
|
219
|
+
|
220
|
+
context " -- invalid api key " do
|
221
|
+
|
222
|
+
it " -- new session returns not authenticated" do
|
223
|
+
get new_user_registration_path,nil,@headers
|
224
|
+
expect(response.code).to eq("401")
|
225
|
+
|
226
|
+
end
|
227
|
+
|
228
|
+
it " -- create session retursn not authenticated" do
|
229
|
+
post new_user_session_path, {user: attributes_for(:user)}.to_json, @headers
|
230
|
+
expect(response.code).to eq("401")
|
231
|
+
end
|
232
|
+
|
233
|
+
it " -- destroy session returns not authenticated" do
|
234
|
+
|
235
|
+
a = {:id => @u.id}
|
236
|
+
delete destroy_user_session_path, a.to_json, @headers
|
237
|
+
expect(response.code).to eq("406")
|
238
|
+
end
|
239
|
+
|
240
|
+
end
|
241
|
+
|
242
|
+
context " -- valid api key" do
|
243
|
+
|
244
|
+
it " -- returns 406 when calling GET" do
|
245
|
+
|
246
|
+
get new_user_session_path, {api_key: @ap_key, current_app_id: @c.app_ids[0]}, @headers
|
247
|
+
expect(response.code).to eq("406")
|
248
|
+
|
249
|
+
end
|
250
|
+
|
251
|
+
it " -- returns the auth key and es when calling CREATE", :json_test => true do
|
252
|
+
|
253
|
+
|
254
|
+
params = {user: {login: @u.email, password: "password"}, api_key: @ap_key, current_app_id: @c.app_ids[0]}
|
255
|
+
|
256
|
+
post user_session_path, params.to_json, @headers
|
257
|
+
expect(response.code).to eq("201")
|
258
|
+
user_hash = JSON.parse(response.body)
|
259
|
+
expect(user_hash.keys).to match_array(["authentication_token","es"])
|
260
|
+
|
261
|
+
end
|
262
|
+
|
263
|
+
it " -- returns a 401 Not Authenticated if login or passwod is wrong -- ", :wrong_password => true do
|
264
|
+
|
265
|
+
params = {user: {login: @u.email, password: "wrong_password"}, api_key: @ap_key, current_app_id: @c.app_ids[0]}
|
266
|
+
|
267
|
+
post user_session_path, params.to_json, @headers
|
268
|
+
expect(response.code).to eq("401")
|
269
|
+
|
270
|
+
end
|
271
|
+
|
272
|
+
it " -- returns 406 when calling DESTROY" do
|
273
|
+
a = {:id => @u.id, :api_key => @ap_key, current_app_id: @c.app_ids[0]}
|
274
|
+
delete destroy_user_session_path, a.to_json, @headers
|
275
|
+
expect(response.code).to eq("406")
|
276
|
+
end
|
277
|
+
|
278
|
+
end
|
279
|
+
|
280
|
+
end
|
281
|
+
|
282
|
+
context " -- multiple clients -- ",:order => :defined do
|
283
|
+
|
284
|
+
before(:all) do
|
285
|
+
##create first user and associated client.
|
286
|
+
User.delete_all
|
287
|
+
Auth::Client.delete_all
|
288
|
+
@u = User.new(attributes_for(:user_confirmed))
|
289
|
+
#@u.set_client_authentication("test_app_id")
|
290
|
+
@u.versioned_create
|
291
|
+
@c = Auth::Client.where(:resource_id => @u.id).first
|
292
|
+
@c.api_key = "test"
|
293
|
+
@c.redirect_urls = ["http://www.google.com"]
|
294
|
+
@c.app_ids << "test_app_id"
|
295
|
+
@c.versioned_update
|
296
|
+
@ap_key = @c.api_key
|
297
|
+
|
298
|
+
##create another user and associated other client.
|
299
|
+
@u2 = User.new(attributes_for(:user_confirmed))
|
300
|
+
#@u2.set_client_authentication("test_app_id2")
|
301
|
+
@u2.versioned_create
|
302
|
+
@c2 = Auth::Client.where(:resource_id => @u2.id).first
|
303
|
+
@c2.api_key = "test2"
|
304
|
+
@c2.redirect_urls = ["http://www.yahoo.com"]
|
305
|
+
@c2.app_ids << "test_app_id2"
|
306
|
+
@c2.versioned_update
|
307
|
+
@ap_key2 = @c2.api_key
|
308
|
+
ActionController::Base.allow_forgery_protection = false
|
309
|
+
end
|
310
|
+
|
311
|
+
it " -- signs in user using first client -- " do
|
312
|
+
params = {user: {login: @u.email, password: "password"}, api_key: @ap_key, current_app_id: @c.app_ids[0]}
|
313
|
+
post user_session_path, params
|
314
|
+
end
|
315
|
+
|
316
|
+
it "-- signs in user using second client -- " do
|
317
|
+
params = {user: {login: @u.email, password: "password"}, api_key: @ap_key2, current_app_id: @c2.app_ids[0]}
|
318
|
+
|
319
|
+
post new_user_session_path, params
|
320
|
+
@signed_in_user = assigns(:user)
|
321
|
+
expect(@signed_in_user.client_authentication[@c.app_ids[0]]).not_to be_nil
|
322
|
+
expect(@signed_in_user.client_authentication[@c2.app_ids[0]]).not_to be_nil
|
323
|
+
end
|
324
|
+
|
325
|
+
end
|
326
|
+
|
327
|
+
context " -- same client with multiple app ids -- " do
|
328
|
+
|
329
|
+
before(:all) do
|
330
|
+
##create first user and associated client.
|
331
|
+
User.delete_all
|
332
|
+
Auth::Client.delete_all
|
333
|
+
@u = User.new(attributes_for(:user_confirmed))
|
334
|
+
|
335
|
+
@u.versioned_create
|
336
|
+
@c = Auth::Client.where(:resource_id => @u.id).first
|
337
|
+
@c.api_key = "test"
|
338
|
+
@c.redirect_urls = ["http://www.google.com"]
|
339
|
+
@c.app_ids << "test_app_id"
|
340
|
+
@c.app_ids << "test_app_id2"
|
341
|
+
@c.versioned_update
|
342
|
+
@ap_key = @c.api_key
|
343
|
+
end
|
344
|
+
|
345
|
+
it " -- signs in user with first app id -- " do
|
346
|
+
params = {user: {login: @u.email, password: "password"}, api_key: @ap_key, current_app_id: @c.app_ids[0]}
|
347
|
+
post new_user_session_path, params
|
348
|
+
end
|
349
|
+
|
350
|
+
it " -- signs in user with second app id -- " do
|
351
|
+
params = {user: {login: @u.email, password: "password"}, api_key: @ap_key, current_app_id: @c.app_ids[1]}
|
352
|
+
post new_user_session_path, params
|
353
|
+
@signed_in_user = assigns(:user)
|
354
|
+
expect(@signed_in_user.client_authentication[@c.app_ids[0]]).not_to be_nil
|
355
|
+
expect(@signed_in_user.client_authentication[@c.app_ids[1]]).not_to be_nil
|
356
|
+
end
|
357
|
+
|
358
|
+
end
|
359
|
+
|
360
|
+
|
361
|
+
end
|
@@ -0,0 +1,208 @@
|
|
1
|
+
require "rails_helper"
|
2
|
+
|
3
|
+
RSpec.describe "unlock request spec", :type => :request,:authentication => true, unlock: true do
|
4
|
+
|
5
|
+
before(:example) do
|
6
|
+
ActionController::Base.allow_forgery_protection = false
|
7
|
+
User.delete_all
|
8
|
+
Auth::Client.delete_all
|
9
|
+
@u = User.new(attributes_for(:user_confirmed))
|
10
|
+
@u.save
|
11
|
+
@u.lock_access!
|
12
|
+
@u.save
|
13
|
+
##HERE THE USER IS NOT CONFIRMED, SO THE CLIENT IS NOT CREATED IN THE AFTER_sAVE BLOCK.
|
14
|
+
##AS A RESULT WE MANUALLY CREATE A CLIENT.
|
15
|
+
##WE USE THIS SAME CLIENT FOR THE API_KEY AND REDIRECT_URL.
|
16
|
+
##NORMALLY THIS WOULD BE A CLIENT OF ANOTHER USER, ENTIRELY.
|
17
|
+
@c = Auth::Client.new(:resource_id => @u.id)
|
18
|
+
@c.api_key = "test"
|
19
|
+
@c.redirect_urls = ["http://www.google.com"]
|
20
|
+
@c.app_ids << "test_app_id"
|
21
|
+
@c.versioned_create
|
22
|
+
@ap_key = @c.api_key
|
23
|
+
@headers = { "CONTENT_TYPE" => "application/json" , "ACCEPT" => "application/json"}
|
24
|
+
|
25
|
+
end
|
26
|
+
|
27
|
+
after(:example) do
|
28
|
+
User.delete_all
|
29
|
+
Auth::Client.delete_all
|
30
|
+
end
|
31
|
+
|
32
|
+
context "--- web app requests--" do
|
33
|
+
|
34
|
+
before(:example) do
|
35
|
+
|
36
|
+
ActionController::Base.allow_forgery_protection = false
|
37
|
+
|
38
|
+
end
|
39
|
+
|
40
|
+
|
41
|
+
context "-- invalid api key -- " do
|
42
|
+
|
43
|
+
it " -- new -- " do
|
44
|
+
|
45
|
+
get new_user_unlock_path,{}
|
46
|
+
expect(response.code).to eq("200")
|
47
|
+
|
48
|
+
end
|
49
|
+
|
50
|
+
it " -- create -- " do
|
51
|
+
|
52
|
+
prev_msg_count = ActionMailer::Base.deliveries.size
|
53
|
+
post user_unlock_path,{user:{email: @u.email}}
|
54
|
+
expect(response.code).to eq("302")
|
55
|
+
message = ActionMailer::Base.deliveries[-1].to_s
|
56
|
+
token = nil
|
57
|
+
message.scan(/unlock_token=(?<unlock_token>.*)\"/) do |ll|
|
58
|
+
|
59
|
+
j = Regexp.last_match
|
60
|
+
token = j[:unlock_token]
|
61
|
+
|
62
|
+
end
|
63
|
+
new_msg_count = ActionMailer::Base.deliveries.size
|
64
|
+
expect(token).not_to be(nil)
|
65
|
+
expect(new_msg_count - prev_msg_count).to eq(1)
|
66
|
+
@u.reload
|
67
|
+
|
68
|
+
|
69
|
+
end
|
70
|
+
|
71
|
+
it " -- show -- ", problem: true do
|
72
|
+
|
73
|
+
@u.send_unlock_instructions
|
74
|
+
@u.reload
|
75
|
+
message = ActionMailer::Base.deliveries[-1].to_s
|
76
|
+
token = nil
|
77
|
+
message.scan(/unlock_token=(?<unlock_token>.*)\"/) do |ll|
|
78
|
+
|
79
|
+
j = Regexp.last_match
|
80
|
+
token = j[:unlock_token]
|
81
|
+
|
82
|
+
end
|
83
|
+
get user_unlock_path,{unlock_token: token}
|
84
|
+
expect(response.code).to eql("302")
|
85
|
+
@u.reload
|
86
|
+
expect(@u.access_locked?).not_to be_truthy
|
87
|
+
expect(@u.unlock_token).to be_nil
|
88
|
+
expect(@u.locked_at).to be_nil
|
89
|
+
|
90
|
+
end
|
91
|
+
|
92
|
+
end
|
93
|
+
|
94
|
+
context " -- valid api key + redirect_url -- " do
|
95
|
+
|
96
|
+
it " -- new should not redirect" do
|
97
|
+
get new_user_unlock_path, {redirect_url: "http://www.google.com", api_key: @ap_key, current_app_id: @c.app_ids[0]}
|
98
|
+
expect(session[:client]).not_to be_nil
|
99
|
+
expect(session[:redirect_url]).not_to be_nil
|
100
|
+
expect(response.code).to eq("200")
|
101
|
+
end
|
102
|
+
|
103
|
+
it " -- create should not redirect" do
|
104
|
+
prev_msg_count = ActionMailer::Base.deliveries.size
|
105
|
+
post user_unlock_path,{user:{email: @u.email},redirect_url: "http://www.google.com", api_key: @ap_key, current_app_id: @c.app_ids[0]}
|
106
|
+
expect(session[:client]).not_to be_nil
|
107
|
+
expect(session[:redirect_url]).not_to be_nil
|
108
|
+
expect(response.code).to eq("302")
|
109
|
+
message = ActionMailer::Base.deliveries[-1].to_s
|
110
|
+
token = nil
|
111
|
+
message.scan(/unlock_token=(?<unlock_token>.*)\"/) do |ll|
|
112
|
+
|
113
|
+
j = Regexp.last_match
|
114
|
+
token = j[:unlock_token]
|
115
|
+
|
116
|
+
end
|
117
|
+
new_msg_count = ActionMailer::Base.deliveries.size
|
118
|
+
expect(token).not_to be(nil)
|
119
|
+
|
120
|
+
expect(new_msg_count - prev_msg_count).to eq(1)
|
121
|
+
expect(response.location=~/google/).to be_nil
|
122
|
+
end
|
123
|
+
|
124
|
+
it " -- show should not redirect" do
|
125
|
+
|
126
|
+
@u.send_unlock_instructions
|
127
|
+
@u.reload
|
128
|
+
message = ActionMailer::Base.deliveries[-1].to_s
|
129
|
+
token = nil
|
130
|
+
message.scan(/unlock_token=(?<unlock_token>.*)\"/) do |ll|
|
131
|
+
|
132
|
+
j = Regexp.last_match
|
133
|
+
token = j[:unlock_token]
|
134
|
+
|
135
|
+
end
|
136
|
+
get user_unlock_path,{unlock_token: token,redirect_url: "http://www.google.com", api_key: @ap_key, current_app_id: @c.app_ids[0]}
|
137
|
+
|
138
|
+
expect(session[:client]).not_to be_nil
|
139
|
+
expect(session[:redirect_url]).not_to be_nil
|
140
|
+
expect(response.code).to eql("302")
|
141
|
+
db_user = User.where(:email => @u.email).first
|
142
|
+
expect(db_user.access_locked?).not_to be_truthy
|
143
|
+
expect(db_user.unlock_token).to be_nil
|
144
|
+
expect(db_user.locked_at).to be_nil
|
145
|
+
expect(response.location=~/google/).to be_nil
|
146
|
+
end
|
147
|
+
|
148
|
+
end
|
149
|
+
|
150
|
+
end
|
151
|
+
|
152
|
+
|
153
|
+
context "-- json request -- " do
|
154
|
+
|
155
|
+
|
156
|
+
context " -- valid api key -- " do
|
157
|
+
|
158
|
+
it " -- new -- " do
|
159
|
+
|
160
|
+
get new_user_unlock_path,{api_key: @ap_key, current_app_id: @c.app_ids[0]}.to_json,@headers
|
161
|
+
expect(response.code).to eq("406")
|
162
|
+
|
163
|
+
end
|
164
|
+
|
165
|
+
it " -- create -- " do
|
166
|
+
|
167
|
+
prev_msg_count = ActionMailer::Base.deliveries.size
|
168
|
+
post user_unlock_path,{user:{email: @u.email},api_key: @ap_key, current_app_id: @c.app_ids[0]}.to_json,@headers
|
169
|
+
|
170
|
+
message = ActionMailer::Base.deliveries[-1].to_s
|
171
|
+
token = nil
|
172
|
+
message.scan(/unlock_token=(?<unlock_token>.*)\"/) do |ll|
|
173
|
+
|
174
|
+
j = Regexp.last_match
|
175
|
+
token = j[:unlock_token]
|
176
|
+
|
177
|
+
end
|
178
|
+
new_msg_count = ActionMailer::Base.deliveries.size
|
179
|
+
expect(token).not_to be(nil)
|
180
|
+
expect(new_msg_count - prev_msg_count).to eq(1)
|
181
|
+
expect(response.code).to eq("201")
|
182
|
+
|
183
|
+
end
|
184
|
+
|
185
|
+
it " -- show -- " do
|
186
|
+
@u.send_unlock_instructions
|
187
|
+
@u.reload
|
188
|
+
message = ActionMailer::Base.deliveries[-1].to_s
|
189
|
+
token = nil
|
190
|
+
message.scan(/unlock_token=(?<unlock_token>.*)\"/) do |ll|
|
191
|
+
|
192
|
+
j = Regexp.last_match
|
193
|
+
token = j[:unlock_token]
|
194
|
+
|
195
|
+
end
|
196
|
+
get user_unlock_path,{unlock_token: token, api_key: @ap_key, current_app_id: @c.app_ids[0]},@headers
|
197
|
+
@u.reload
|
198
|
+
expect(@u.unlock_token).to be_nil
|
199
|
+
expect(@u.locked_at).to be_nil
|
200
|
+
expect(response.code).to eq("201")
|
201
|
+
|
202
|
+
end
|
203
|
+
|
204
|
+
end
|
205
|
+
|
206
|
+
end
|
207
|
+
|
208
|
+
end
|