2017-12-21 17:36:29 +00:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2011-04-15 08:38:16 +00:00
|
|
|
require 'test_helper'
|
2011-04-15 00:57:56 +00:00
|
|
|
|
2015-08-18 23:42:56 +00:00
|
|
|
class SessionsControllerTest < Devise::ControllerTestCase
|
2011-04-15 00:57:56 +00:00
|
|
|
tests Devise::SessionsController
|
2016-04-29 18:46:49 +00:00
|
|
|
include Devise::Test::ControllerHelpers
|
2011-04-15 00:57:56 +00:00
|
|
|
|
2013-06-25 18:44:39 +00:00
|
|
|
test "#create doesn't raise unpermitted params when sign in fails" do
|
2013-12-04 20:22:57 +00:00
|
|
|
begin
|
2016-05-02 13:46:57 +00:00
|
|
|
subscriber = ActiveSupport::Notifications.subscribe %r{unpermitted_parameters} do |name, start, finish, id, payload|
|
2013-12-04 20:22:57 +00:00
|
|
|
flunk "Unpermitted params: #{payload}"
|
|
|
|
end
|
|
|
|
request.env["devise.mapping"] = Devise.mappings[:user]
|
|
|
|
request.session["user_return_to"] = 'foo.bar'
|
|
|
|
create_user
|
2015-08-18 23:42:56 +00:00
|
|
|
post :create, params: { user: {
|
|
|
|
email: "wrong@email.com",
|
|
|
|
password: "wrongpassword"
|
|
|
|
}
|
2013-12-04 20:22:57 +00:00
|
|
|
}
|
|
|
|
assert_equal 200, @response.status
|
|
|
|
ensure
|
|
|
|
ActiveSupport::Notifications.unsubscribe(subscriber)
|
2013-06-25 18:44:39 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2012-05-25 07:39:50 +00:00
|
|
|
test "#create works even with scoped views" do
|
2014-02-25 16:42:55 +00:00
|
|
|
swap Devise, scoped_views: true do
|
2012-05-25 07:39:50 +00:00
|
|
|
request.env["devise.mapping"] = Devise.mappings[:user]
|
|
|
|
post :create
|
|
|
|
assert_equal 200, @response.status
|
|
|
|
assert_template "users/sessions/new"
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2012-11-04 20:34:20 +00:00
|
|
|
test "#create delete the url stored in the session if the requested format is navigational" do
|
|
|
|
request.env["devise.mapping"] = Devise.mappings[:user]
|
|
|
|
request.session["user_return_to"] = 'foo.bar'
|
|
|
|
|
|
|
|
user = create_user
|
2015-04-19 14:41:06 +00:00
|
|
|
user.confirm
|
2015-08-18 23:42:56 +00:00
|
|
|
post :create, params: { user: {
|
|
|
|
email: user.email,
|
|
|
|
password: user.password
|
|
|
|
}
|
2012-11-04 20:34:20 +00:00
|
|
|
}
|
|
|
|
assert_nil request.session["user_return_to"]
|
|
|
|
end
|
|
|
|
|
|
|
|
test "#create doesn't delete the url stored in the session if the requested format is not navigational" do
|
|
|
|
request.env["devise.mapping"] = Devise.mappings[:user]
|
|
|
|
request.session["user_return_to"] = 'foo.bar'
|
|
|
|
|
|
|
|
user = create_user
|
2015-04-19 14:41:06 +00:00
|
|
|
user.confirm
|
2015-08-18 23:42:56 +00:00
|
|
|
post :create, params: { format: 'json', user: {
|
|
|
|
email: user.email,
|
|
|
|
password: user.password
|
|
|
|
}
|
2012-11-04 20:34:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
assert_equal 'foo.bar', request.session["user_return_to"]
|
|
|
|
end
|
|
|
|
|
2011-04-17 17:37:19 +00:00
|
|
|
test "#create doesn't raise exception after Warden authentication fails when TestHelpers included" do
|
2011-04-15 00:57:56 +00:00
|
|
|
request.env["devise.mapping"] = Devise.mappings[:user]
|
2015-08-18 23:42:56 +00:00
|
|
|
post :create, params: { user: {
|
|
|
|
email: "nosuchuser@example.com",
|
|
|
|
password: "wevdude"
|
|
|
|
}
|
2011-04-17 17:37:19 +00:00
|
|
|
}
|
|
|
|
assert_equal 200, @response.status
|
|
|
|
assert_template "devise/sessions/new"
|
2011-04-15 00:57:56 +00:00
|
|
|
end
|
2012-03-26 15:50:39 +00:00
|
|
|
|
2012-06-23 21:43:35 +00:00
|
|
|
test "#destroy doesn't set the flash if the requested format is not navigational" do
|
|
|
|
request.env["devise.mapping"] = Devise.mappings[:user]
|
|
|
|
user = create_user
|
2015-04-19 14:41:06 +00:00
|
|
|
user.confirm
|
2015-08-18 23:42:56 +00:00
|
|
|
post :create, params: { format: 'json', user: {
|
|
|
|
email: user.email,
|
|
|
|
password: user.password
|
|
|
|
}
|
2012-06-23 21:43:35 +00:00
|
|
|
}
|
2014-02-25 16:42:55 +00:00
|
|
|
delete :destroy, format: 'json'
|
2012-06-23 21:43:35 +00:00
|
|
|
assert flash[:notice].blank?, "flash[:notice] should be blank, not #{flash[:notice].inspect}"
|
|
|
|
assert_equal 204, @response.status
|
|
|
|
end
|
|
|
|
|
2012-05-25 07:39:50 +00:00
|
|
|
if defined?(ActiveRecord) && ActiveRecord::Base.respond_to?(:mass_assignment_sanitizer)
|
|
|
|
test "#new doesn't raise mass-assignment exception even if sign-in key is attr_protected" do
|
|
|
|
request.env["devise.mapping"] = Devise.mappings[:user]
|
|
|
|
|
|
|
|
ActiveRecord::Base.mass_assignment_sanitizer = :strict
|
|
|
|
User.class_eval { attr_protected :email }
|
|
|
|
|
|
|
|
begin
|
2016-06-27 19:48:12 +00:00
|
|
|
assert_nothing_raised do
|
2014-02-25 16:42:55 +00:00
|
|
|
get :new, user: { email: "allez viens!" }
|
2012-03-26 15:50:39 +00:00
|
|
|
end
|
2012-05-25 07:39:50 +00:00
|
|
|
ensure
|
|
|
|
ActiveRecord::Base.mass_assignment_sanitizer = :logger
|
|
|
|
User.class_eval { attr_accessible :email }
|
2012-03-20 18:52:42 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2012-11-04 20:34:20 +00:00
|
|
|
end
|