RubyGems - xing_backend_token_auth - Versions diffs - 0.1.31 - Mend

xing_backend_token_auth 0.1.31

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (122) hide show

checksums.yaml +7 -0
data/LICENSE +13 -0
data/README.md +679 -0
data/Rakefile +34 -0
data/app/controllers/devise_token_auth/application_controller.rb +22 -0
data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +110 -0
data/app/controllers/devise_token_auth/confirmations_controller.rb +31 -0
data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +169 -0
data/app/controllers/devise_token_auth/passwords_controller.rb +107 -0
data/app/controllers/devise_token_auth/registrations_controller.rb +99 -0
data/app/controllers/devise_token_auth/sessions_controller.rb +50 -0
data/app/controllers/devise_token_auth/token_validations_controller.rb +22 -0
data/app/serializers/devise_token_auth/error_messages_serializer.rb +16 -0
data/app/serializers/devise_token_auth/resource_errors_serializer.rb +24 -0
data/app/serializers/devise_token_auth/resource_serializer.rb +17 -0
data/app/serializers/devise_token_auth/success_message_serializer.rb +15 -0
data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
data/app/views/devise_token_auth/omniauth_failure.html.erb +2 -0
data/app/views/devise_token_auth/omniauth_success.html.erb +8 -0
data/app/views/layouts/omniauth_response.html.erb +31 -0
data/config/initializers/devise.rb +207 -0
data/config/initializers/token_auth_failure_app.rb +7 -0
data/config/locales/devise.en.yml +59 -0
data/config/routes.rb +5 -0
data/lib/devise_token_auth.rb +9 -0
data/lib/devise_token_auth/controllers/helpers.rb +129 -0
data/lib/devise_token_auth/controllers/url_helpers.rb +8 -0
data/lib/devise_token_auth/engine.rb +32 -0
data/lib/devise_token_auth/models/token_authenticatable.rb +195 -0
data/lib/devise_token_auth/rails/routes.rb +65 -0
data/lib/generators/devise_token_auth/USAGE +31 -0
data/lib/generators/devise_token_auth/install_generator.rb +100 -0
data/lib/generators/devise_token_auth/install_views_generator.rb +16 -0
data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +22 -0
data/lib/generators/devise_token_auth/templates/devise_token_auth_add_token_info_to_users.rb.erb +14 -0
data/lib/tasks/devise_token_auth_tasks.rake +4 -0
data/lib/xing_backend_token_auth.rb +1 -0
data/test/controllers/demo_group_controller_test.rb +126 -0
data/test/controllers/demo_mang_controller_test.rb +263 -0
data/test/controllers/demo_user_controller_test.rb +262 -0
data/test/controllers/devise_token_auth/confirmations_controller_test.rb +107 -0
data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +144 -0
data/test/controllers/devise_token_auth/passwords_controller_test.rb +275 -0
data/test/controllers/devise_token_auth/registrations_controller_test.rb +405 -0
data/test/controllers/devise_token_auth/registrations_controller_test.rb.orig +494 -0
data/test/controllers/devise_token_auth/sessions_controller_test.rb +169 -0
data/test/controllers/overrides/confirmations_controller_test.rb +44 -0
data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +44 -0
data/test/controllers/overrides/passwords_controller_test.rb +64 -0
data/test/controllers/overrides/registrations_controller_test.rb +42 -0
data/test/controllers/overrides/sessions_controller_test.rb +35 -0
data/test/controllers/overrides/token_validations_controller_test.rb +38 -0
data/test/dummy/README.rdoc +28 -0
data/test/dummy/Rakefile +6 -0
data/test/dummy/app/assets/images/logo.jpg +0 -0
data/test/dummy/app/assets/images/omniauth-provider-settings.png +0 -0
data/test/dummy/app/assets/javascripts/application.js +13 -0
data/test/dummy/app/assets/stylesheets/application.css +15 -0
data/test/dummy/app/controllers/application_controller.rb +16 -0
data/test/dummy/app/controllers/demo_group_controller.rb +13 -0
data/test/dummy/app/controllers/demo_mang_controller.rb +12 -0
data/test/dummy/app/controllers/demo_user_controller.rb +12 -0
data/test/dummy/app/controllers/overrides/confirmations_controller.rb +32 -0
data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +14 -0
data/test/dummy/app/controllers/overrides/passwords_controller.rb +39 -0
data/test/dummy/app/controllers/overrides/registrations_controller.rb +27 -0
data/test/dummy/app/controllers/overrides/sessions_controller.rb +26 -0
data/test/dummy/app/controllers/overrides/token_validations_controller.rb +23 -0
data/test/dummy/app/controllers/registrations_controller.rb +2 -0
data/test/dummy/app/helpers/application_helper.rb +1065 -0
data/test/dummy/app/models/evil_user.rb +5 -0
data/test/dummy/app/models/mang.rb +5 -0
data/test/dummy/app/models/user.rb +20 -0
data/test/dummy/app/views/layouts/application.html.erb +14 -0
data/test/dummy/bin/bundle +3 -0
data/test/dummy/bin/rails +8 -0
data/test/dummy/bin/rake +8 -0
data/test/dummy/bin/spring +18 -0
data/test/dummy/config.ru +16 -0
data/test/dummy/config/application.rb +23 -0
data/test/dummy/config/boot.rb +5 -0
data/test/dummy/config/database.yml +31 -0
data/test/dummy/config/environment.rb +5 -0
data/test/dummy/config/environments/development.rb +44 -0
data/test/dummy/config/environments/production.rb +82 -0
data/test/dummy/config/environments/test.rb +40 -0
data/test/dummy/config/initializers/assets.rb +8 -0
data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
data/test/dummy/config/initializers/cookies_serializer.rb +3 -0
data/test/dummy/config/initializers/devise_token_auth.rb +22 -0
data/test/dummy/config/initializers/figaro.rb +1 -0
data/test/dummy/config/initializers/filter_parameter_logging.rb +4 -0
data/test/dummy/config/initializers/inflections.rb +16 -0
data/test/dummy/config/initializers/mime_types.rb +4 -0
data/test/dummy/config/initializers/omniauth.rb +8 -0
data/test/dummy/config/initializers/session_store.rb +3 -0
data/test/dummy/config/initializers/wrap_parameters.rb +14 -0
data/test/dummy/config/locales/en.yml +23 -0
data/test/dummy/config/routes.rb +32 -0
data/test/dummy/config/secrets.yml +22 -0
data/test/dummy/config/spring.rb +1 -0
data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +56 -0
data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +56 -0
data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +6 -0
data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +5 -0
data/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb +57 -0
data/test/dummy/db/schema.rb +111 -0
data/test/dummy/public/404.html +67 -0
data/test/dummy/public/422.html +67 -0
data/test/dummy/public/500.html +66 -0
data/test/dummy/public/favicon.ico +0 -0
data/test/fixtures/evil_users.yml +29 -0
data/test/fixtures/mangs.yml +29 -0
data/test/fixtures/users.yml +29 -0
data/test/integration/navigation_test.rb +10 -0
data/test/lib/generators/devise_token_auth/install_generator_test.rb +131 -0
data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +23 -0
data/test/models/user_test.rb +81 -0
data/test/test_helper.rb +60 -0
metadata +320 -0

data/test/controllers/demo_user_controller_test.rb ADDED

@@ -0,0 +1,262 @@
+require 'test_helper'
+#  was the web request successful?
+#  was the user redirected to the right page?
+#  was the user successfully authenticated?
+#  was the correct object stored in the response?
+#  was the appropriate message delivered in the json payload?
+class DemoUserControllerTest < ActionDispatch::IntegrationTest
+  describe DemoUserController do
+    describe "Token access" do
+      before do
+        @user = users(:confirmed_email_user)
+        @user.skip_confirmation!
+        @user.save!
+        @auth_headers = @user.create_new_auth_token
+        @token     = @auth_headers['access-token']
+        @client_id = @auth_headers['client']
+        @expiry    = @auth_headers['expiry']
+      end
+      describe 'successful request' do
+        before do
+          # ensure that request is not treated as batch request
+          age_token(@user, @client_id)
+          get '/demo/members_only', {}, @auth_headers
+          @resp_token       = response.headers['access-token']
+          @resp_client_id   = response.headers['client']
+          @resp_expiry      = response.headers['expiry']
+          @resp_uid         = response.headers['uid']
+        end
+        describe 'devise mappings' do
+          it 'should define current_user' do
+            assert_equal @user, @controller.current_user
+          end
+          it 'should define user_signed_in?' do
+            assert @controller.user_signed_in?
+          end
+          it 'should not define current_mang' do
+            refute_equal @user, @controller.current_mang
+          end
+        end
+        it 'should return success status' do
+          assert_equal 200, response.status
+        end
+        it 'should receive new token after successful request' do
+          refute_equal @token, @resp_token
+        end
+        it 'should preserve the client id from the first request' do
+          assert_equal @client_id, @resp_client_id
+        end
+        it "should return the user's uid in the auth header" do
+          assert_equal @user.uid, @resp_uid
+        end
+        it 'should not treat this request as a batch request' do
+          refute assigns(:is_batch_request)
+        end
+        describe 'subsequent requests' do
+          before do
+            @user.reload
+            # ensure that request is not treated as batch request
+            age_token(@user, @client_id)
+            get '/demo/members_only', {}, @auth_headers.merge({'access-token' => @resp_token})
+          end
+          it 'should not treat this request as a batch request' do
+            refute assigns(:is_batch_request)
+          end
+          it "should allow a new request to be made using new token" do
+            assert_equal 200, response.status
+          end
+        end
+      end
+      describe 'failed request' do
+        before do
+          get '/demo/members_only', {}, @auth_headers.merge({'access-token' => "bogus"})
+        end
+        it 'should not return any auth headers' do
+          refute response.headers['access-token']
+        end
+        it 'should return error: unauthorized status' do
+          assert_equal 401, response.status
+        end
+      end
+      describe 'disable change_headers_on_each_request' do
+        before do
+          DeviseTokenAuth.change_headers_on_each_request = false
+          @user.reload
+          age_token(@user, @client_id)
+          get '/demo/members_only', {}, @auth_headers
+          @first_is_batch_request = assigns(:is_batch_request)
+          @first_user = assigns(:user).dup
+          @first_access_token = response.headers['access-token']
+          @first_response_status = response.status
+          @user.reload
+          age_token(@user, @client_id)
+          # use expired auth header
+          get '/demo/members_only', {}, @auth_headers
+          @second_is_batch_request = assigns(:is_batch_request)
+          @second_user = assigns(:user).dup
+          @second_access_token = response.headers['access-token']
+          @second_response_status = response.status
+        end
+        after do
+          DeviseTokenAuth.change_headers_on_each_request = true
+        end
+        it 'should allow the first request through' do
+          assert_equal 200, @first_response_status
+        end
+        it 'should allow the second request through' do
+          assert_equal 200, @second_response_status
+        end
+        it 'should return auth headers from the first request' do
+          assert @first_access_token
+        end
+        it 'should not treat either requests as batch requests' do
+          refute @first_is_batch_request
+          refute @second_is_batch_request
+        end
+        it 'should return auth headers from the second request' do
+          assert @second_access_token
+        end
+        it 'should define user during first request' do
+          assert @first_user
+        end
+        it 'should define user during second request' do
+          assert @second_user
+        end
+      end
+      describe 'batch requests' do
+        describe 'success' do
+          before do
+            age_token(@user, @client_id)
+            #request.headers.merge!(@auth_headers)
+            get '/demo/members_only', {}, @auth_headers
+            @first_is_batch_request = assigns(:is_batch_request)
+            @first_user = assigns(:user)
+            @first_access_token = response.headers['access-token']
+            get '/demo/members_only', {}, @auth_headers
+            @second_is_batch_request = assigns(:is_batch_request)
+            @second_user = assigns(:user)
+            @second_access_token = response.headers['access-token']
+          end
+          it 'should allow both requests through' do
+            assert_equal 200, response.status
+          end
+          it 'should not treat the first request as a batch request' do
+            refute @first_is_batch_request
+          end
+          it 'should treat the second request as a batch request' do
+            assert @second_is_batch_request
+          end
+          it 'should return access token for first (non-batch) request' do
+            assert @first_access_token
+          end
+          it 'should also return auth headers for second (batched) requests' do
+            assert @second_access_token
+          end
+        end
+        describe 'time out' do
+          before do
+            @user.reload
+            age_token(@user, @client_id)
+            get '/demo/members_only', {}, @auth_headers
+            @first_is_batch_request = assigns(:is_batch_request)
+            @first_user = assigns(:user).dup
+            @first_access_token = response.headers['access-token']
+            @first_response_status = response.status
+            @user.reload
+            age_token(@user, @client_id)
+            # use expired auth header
+            get '/demo/members_only', {}, @auth_headers
+            @second_is_batch_request = assigns(:is_batch_request)
+            @second_user = assigns(:user)
+            @second_access_token = response.headers['access-token']
+            @second_response_status = response.status
+          end
+          it 'should allow the first request through' do
+            assert_equal 200, @first_response_status
+          end
+          it 'should not allow the second request through' do
+            assert_equal 401, @second_response_status
+          end
+          it 'should not treat first request as batch request' do
+            refute @secord_is_batch_request
+          end
+          it 'should return auth headers from the first request' do
+            assert @first_access_token
+          end
+          it 'should not treat second request as batch request' do
+            refute @secord_is_batch_request
+          end
+          it 'should not return auth headers from the second request' do
+            refute @second_access_token
+          end
+          it 'should define user during first request' do
+            assert @first_user
+          end
+          it 'should not define user during second request' do
+            refute @second_user
+          end
+        end
+      end
+    end
+  end
+end

data/test/controllers/devise_token_auth/confirmations_controller_test.rb ADDED

@@ -0,0 +1,107 @@
+require 'test_helper'
+#  was the web request successful?
+#  was the user redirected to the right page?
+#  was the user successfully authenticated?
+#  was the correct object stored in the response?
+#  was the appropriate message delivered in the json payload?
+class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
+  describe DeviseTokenAuth::ConfirmationsController do
+    describe "Confirmation" do
+      before do
+        @redirect_url = Faker::Internet.url
+        @new_user = users(:unconfirmed_email_user)
+        @new_user.send_confirmation_instructions({
+          redirect_url: @redirect_url
+        })
+        @mail          = ActionMailer::Base.deliveries.last
+        @token         = @mail.body.match(/confirmation_token=([^&]*)&/)[1]
+        @client_config = @mail.body.match(/config=([^&]*)&/)[1]
+      end
+      test 'should generate raw token' do
+        assert @token
+      end
+      test "should include config name as 'default' in confirmation link" do
+        assert_equal "default", @client_config
+      end
+      test "should store token hash in user" do
+        assert @new_user.confirmation_token
+      end
+      describe "success" do
+        before do
+          xhr :get, :show, {confirmation_token: @token, redirect_url: @redirect_url}
+          @user = assigns(:user)
+        end
+        test "user should now be confirmed" do
+          assert @user.confirmed?
+        end
+        test "should redirect to success url" do
+          assert_redirected_to(/^#{@redirect_url}/)
+        end
+      end
+      describe "failure" do
+        test "user should not be confirmed" do
+          assert_raises(ActionController::RoutingError) {
+            xhr :get, :show, {confirmation_token: "bogus"}
+          }
+          @user = assigns(:user)
+          refute @user.confirmed?
+        end
+      end
+    end
+    # test with non-standard user class
+    describe "Alternate user model" do
+      setup do
+        @request.env['devise.mapping'] = Devise.mappings[:mang]
+      end
+      teardown do
+        @request.env['devise.mapping'] = Devise.mappings[:user]
+      end
+      before do
+        @config_name = "altUser"
+        @new_user    = mangs(:unconfirmed_email_user)
+        @new_user.send_confirmation_instructions(client_config: @config_name)
+        @mail          = ActionMailer::Base.deliveries.last
+        @token         = @mail.body.match(/confirmation_token=(.*)\"/)[1]
+        @client_config = @mail.body.match(/config=(.*)\&/)[1]
+      end
+      test 'should generate raw token' do
+        assert @token
+      end
+      test "should include config name in confirmation link" do
+        assert_equal @config_name, @client_config
+      end
+      test "should store token hash in user" do
+        assert @new_user.confirmation_token
+      end
+      describe "success" do
+        before do
+          @redirect_url = Faker::Internet.url
+          xhr :get, :show, {confirmation_token: @token, redirect_url: @redirect_url}
+          @user = assigns(:user)
+        end
+        test "user should now be confirmed" do
+          assert @user.confirmed?
+        end
+      end
+    end
+  end
+end

data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb ADDED

@@ -0,0 +1,144 @@
+require 'test_helper'
+#  was the web request successful?
+#  was the user redirected to the right page?
+#  was the user successfully authenticated?
+#  was the correct object stored in the response?
+#  was the appropriate message delivered in the json payload?
+class OmniauthTest < ActionDispatch::IntegrationTest
+  setup do
+    OmniAuth.config.test_mode = true
+    OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new({
+      :provider => 'facebook',
+      :uid => '123545',
+      :info => {
+        name: 'chong',
+        email: 'chongbong@aol.com'
+      }
+    })
+  end
+  before do
+    @redirect_url = "http://ng-token-auth.dev/"
+  end
+  describe 'default user model' do
+    describe 'from api to provider' do
+      before do
+        get_via_redirect '/auth/facebook', {
+          auth_origin_url: @redirect_url
+        }
+        @user = assigns(:user)
+      end
+      test 'status should be success' do
+        assert_equal 200, response.status
+      end
+      test 'request should determine the correct resource_class' do
+        assert_equal 'User', controller.omniauth_params['resource_class']
+      end
+      test 'request should pass correct redirect_url' do
+        assert_equal @redirect_url, controller.omniauth_params['auth_origin_url']
+      end
+      test 'user should have been created' do
+        assert @user
+      end
+      test 'user should be assigned info from provider' do
+        assert_equal 'chongbong@aol.com', @user.email
+      end
+      test 'user should be of the correct class' do
+        assert_equal User, @user.class
+      end
+      test 'response contains all serializable attributes for user' do
+        post_message = JSON.parse(/postMessage\((?<data>.*), '\*'\);/m.match(response.body)[:data])
+        assert post_message["id"]
+        assert post_message["email"]
+        assert post_message["uid"]
+        assert post_message["name"]
+        assert post_message["favorite_color"]
+        assert post_message["message"]
+        assert post_message["client_id"]
+        assert post_message["auth_token"]
+        refute post_message["tokens"]
+        refute post_message["password"]
+      end
+      test 'session vars have been cleared' do
+        refute request.session['dta.omniauth.auth']
+        refute request.session['dta.omniauth.params']
+      end
+    end
+    describe 'pass additional params' do
+      before do
+        @fav_color = 'alizarin crimson'
+        @unpermitted_param = "M. Bison"
+        get_via_redirect '/auth/facebook', {
+          auth_origin_url: @redirect_url,
+          favorite_color: @fav_color,
+          name: @unpermitted_param
+        }
+        @user = assigns(:user)
+      end
+      test 'status shows success' do
+        assert_equal 200, response.status
+      end
+      test 'additional attribute was passed' do
+        assert_equal @fav_color, @user.favorite_color
+      end
+      test 'non-whitelisted attributes are ignored' do
+        refute_equal @unpermitted_param, @user.name
+      end
+    end
+  end
+  describe 'alternate user model' do
+    describe 'from api to provider' do
+      before do
+        get_via_redirect '/mangs/facebook', {
+          auth_origin_url: @redirect_url
+        }
+        @user = assigns(:user)
+      end
+      test 'status should be success' do
+        assert_equal 200, response.status
+      end
+      test 'request should determine the correct resource_class' do
+        assert_equal 'Mang', controller.omniauth_params['resource_class']
+      end
+      test 'request should pass correct redirect_url' do
+        assert_equal @redirect_url, controller.omniauth_params['auth_origin_url']
+      end
+      test 'user should have been created' do
+        assert @user
+      end
+      test 'user should be assigned info from provider' do
+        assert_equal 'chongbong@aol.com', @user.email
+      end
+      test 'user should be of the correct class' do
+        assert_equal Mang, @user.class
+      end
+    end
+  end
+end