2010-03-26 06:27:19 -04:00
|
|
|
require 'test_helper'
|
2010-01-23 21:38:52 -05:00
|
|
|
|
|
|
|
|
class TokenAuthenticationTest < ActionController::IntegrationTest
|
|
|
|
|
|
2010-04-01 13:09:33 -04:00
|
|
|
test 'authenticate with valid authentication token key and value through params' do
|
2010-02-02 07:21:00 -05:00
|
|
|
swap Devise, :token_authentication_key => :secret_token do
|
2010-04-01 13:09:33 -04:00
|
|
|
sign_in_as_new_user_with_token
|
|
|
|
|
|
|
|
|
|
assert_response :success
|
2010-09-25 14:28:14 -04:00
|
|
|
assert_current_url "/users?secret_token=#{VALID_AUTHENTICATION_TOKEN}"
|
2010-04-01 13:09:33 -04:00
|
|
|
assert_contain 'Welcome'
|
|
|
|
|
assert warden.authenticated?(:user)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2011-07-23 11:45:45 -04:00
|
|
|
test 'authenticate with valid authentication token key and value through params, when params with the same key as scope exist' do
|
|
|
|
|
swap Devise, :token_authentication_key => :secret_token do
|
|
|
|
|
user = create_user_with_authentication_token
|
|
|
|
|
post exhibit_user_path(user), Devise.token_authentication_key => user.authentication_token, :user => { :some => "data" }
|
|
|
|
|
|
|
|
|
|
assert_response :success
|
|
|
|
|
assert_contain 'User is authenticated'
|
|
|
|
|
assert warden.authenticated?(:user)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2010-09-25 14:28:14 -04:00
|
|
|
test 'authenticate with valid authentication token key but does not store if stateless' do
|
|
|
|
|
swap Devise, :token_authentication_key => :secret_token, :stateless_token => true do
|
|
|
|
|
sign_in_as_new_user_with_token
|
|
|
|
|
assert warden.authenticated?(:user)
|
|
|
|
|
|
|
|
|
|
get users_path
|
|
|
|
|
assert_redirected_to new_user_session_path
|
|
|
|
|
assert_not warden.authenticated?(:user)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2010-04-01 13:09:33 -04:00
|
|
|
test 'authenticate with valid authentication token key and value through http' do
|
|
|
|
|
swap Devise, :token_authentication_key => :secret_token do
|
|
|
|
|
sign_in_as_new_user_with_token(:http_auth => true)
|
2010-01-23 21:38:52 -05:00
|
|
|
|
|
|
|
|
assert_response :success
|
2010-05-16 13:13:20 -04:00
|
|
|
assert_match '<email>user@test.com</email>', response.body
|
2010-01-23 21:38:52 -05:00
|
|
|
assert warden.authenticated?(:user)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2010-04-01 13:09:33 -04:00
|
|
|
test 'does authenticate with valid authentication token key and value through params if not configured' do
|
|
|
|
|
swap Devise, :token_authentication_key => :secret_token, :params_authenticatable => [:database] do
|
|
|
|
|
sign_in_as_new_user_with_token
|
|
|
|
|
|
|
|
|
|
assert_contain 'You need to sign in or sign up before continuing'
|
|
|
|
|
assert_contain 'Sign in'
|
|
|
|
|
assert_not warden.authenticated?(:user)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test 'does authenticate with valid authentication token key and value through http if not configured' do
|
|
|
|
|
swap Devise, :token_authentication_key => :secret_token, :http_authenticatable => [:database] do
|
|
|
|
|
sign_in_as_new_user_with_token(:http_auth => true)
|
|
|
|
|
|
|
|
|
|
assert_response 401
|
|
|
|
|
assert_contain 'Invalid email or password.'
|
|
|
|
|
assert_not warden.authenticated?(:user)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test 'does not authenticate with improper authentication token key' do
|
2010-02-02 07:21:00 -05:00
|
|
|
swap Devise, :token_authentication_key => :donald_duck_token do
|
|
|
|
|
sign_in_as_new_user_with_token(:auth_token_key => :secret_token)
|
2010-04-03 05:43:31 -04:00
|
|
|
assert_equal new_user_session_path, @request.path
|
2010-01-23 21:38:52 -05:00
|
|
|
|
2010-02-02 07:21:00 -05:00
|
|
|
assert_contain 'You need to sign in or sign up before continuing'
|
|
|
|
|
assert_contain 'Sign in'
|
|
|
|
|
assert_not warden.authenticated?(:user)
|
|
|
|
|
end
|
2010-01-23 21:38:52 -05:00
|
|
|
end
|
|
|
|
|
|
2010-04-01 13:09:33 -04:00
|
|
|
test 'does not authenticate with improper authentication token value' do
|
2010-04-03 07:11:45 -04:00
|
|
|
store_translations :en, :devise => {:failure => {:invalid_token => 'LOL, that was not a single character correct.'}} do
|
2010-01-23 21:38:52 -05:00
|
|
|
sign_in_as_new_user_with_token(:auth_token => '*** INVALID TOKEN ***')
|
2010-04-03 05:43:31 -04:00
|
|
|
assert_equal new_user_session_path, @request.path
|
2010-01-23 21:38:52 -05:00
|
|
|
|
|
|
|
|
assert_contain 'LOL, that was not a single character correct.'
|
|
|
|
|
assert_contain 'Sign in'
|
|
|
|
|
assert_not warden.authenticated?(:user)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2011-02-14 10:45:00 -05:00
|
|
|
test 'authenticate with valid authentication token key and do not store if stateless and timeoutable are enabled' do
|
2011-02-15 04:07:08 -05:00
|
|
|
swap Devise, :token_authentication_key => :secret_token, :stateless_token => true, :timeout_in => (0.1).second do
|
2011-02-14 10:45:00 -05:00
|
|
|
user = sign_in_as_new_user_with_token
|
|
|
|
|
assert warden.authenticated?(:user)
|
|
|
|
|
|
2011-02-15 04:07:08 -05:00
|
|
|
# Expiring does not work because we are setting the session value when accessing it
|
|
|
|
|
sleep 0.3
|
|
|
|
|
|
2011-02-14 10:45:00 -05:00
|
|
|
get_users_path_as_existing_user(user)
|
|
|
|
|
assert warden.authenticated?(:user)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2011-03-07 18:54:55 -05:00
|
|
|
test 'should not be subject to injection' do
|
|
|
|
|
swap Devise, :token_authentication_key => :secret_token do
|
|
|
|
|
user1 = create_user_with_authentication_token()
|
|
|
|
|
|
2011-03-11 14:46:08 -05:00
|
|
|
# Clean up user cache
|
|
|
|
|
@user = nil
|
2011-03-07 18:54:55 -05:00
|
|
|
|
2011-03-11 14:46:08 -05:00
|
|
|
user2 = create_user_with_authentication_token(:email => "another@test.com")
|
|
|
|
|
user2.update_attribute(:authentication_token, "ANOTHERTOKEN")
|
2011-03-07 18:54:55 -05:00
|
|
|
|
2011-03-11 14:46:08 -05:00
|
|
|
assert_not_equal user1, user2
|
|
|
|
|
visit users_path(Devise.token_authentication_key.to_s + '[$ne]' => user1.authentication_token)
|
|
|
|
|
assert_nil warden.user(:user)
|
2011-03-07 18:54:55 -05:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2010-01-23 21:38:52 -05:00
|
|
|
private
|
|
|
|
|
|
2010-02-05 19:33:32 -05:00
|
|
|
def sign_in_as_new_user_with_token(options = {})
|
2011-02-15 04:07:08 -05:00
|
|
|
user = options.delete(:user) || create_user_with_authentication_token(options)
|
2010-02-02 07:21:00 -05:00
|
|
|
|
2011-02-15 04:07:08 -05:00
|
|
|
options[:auth_token_key] ||= Devise.token_authentication_key
|
|
|
|
|
options[:auth_token] ||= user.authentication_token
|
2010-02-02 07:21:00 -05:00
|
|
|
|
2010-04-01 13:09:33 -04:00
|
|
|
if options[:http_auth]
|
|
|
|
|
header = "Basic #{ActiveSupport::Base64.encode64("#{VALID_AUTHENTICATION_TOKEN}:X")}"
|
2010-05-16 13:13:20 -04:00
|
|
|
get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => header
|
2010-04-01 13:09:33 -04:00
|
|
|
else
|
|
|
|
|
visit users_path(options[:auth_token_key].to_sym => options[:auth_token])
|
|
|
|
|
end
|
|
|
|
|
|
2010-01-23 21:38:52 -05:00
|
|
|
user
|
|
|
|
|
end
|
|
|
|
|
|
2011-03-11 14:46:08 -05:00
|
|
|
def create_user_with_authentication_token(options={})
|
2011-02-15 04:07:08 -05:00
|
|
|
user = create_user(options)
|
2011-03-11 14:46:08 -05:00
|
|
|
user.authentication_token = VALID_AUTHENTICATION_TOKEN
|
2011-02-15 04:07:08 -05:00
|
|
|
user.save
|
|
|
|
|
user
|
2011-02-14 10:45:00 -05:00
|
|
|
end
|
|
|
|
|
|
2011-02-15 04:07:08 -05:00
|
|
|
def get_users_path_as_existing_user(user)
|
|
|
|
|
sign_in_as_new_user_with_token(:user => user)
|
|
|
|
|
end
|
2011-03-07 18:54:55 -05:00
|
|
|
|
2010-01-23 21:38:52 -05:00
|
|
|
end
|
