heartcombo--devise/test/integration/token_authenticatable_test.rb

require 'test_helper'

class TokenAuthenticationTest < ActionController::IntegrationTest

  test 'authenticate with valid authentication token key and value through params' do
    swap Devise, :token_authentication_key => :secret_token do
      sign_in_as_new_user_with_token

      assert_response :success
      assert_template 'users/index'
      assert_contain 'Welcome'
      assert warden.authenticated?(:user)
    end
  end

  test 'authenticate with valid authentication token key and value through http' do
    swap Devise, :token_authentication_key => :secret_token do
      sign_in_as_new_user_with_token(:http_auth => true)

      assert_response :success
      assert_match '<email>user@test.com</email>', response.body
      assert warden.authenticated?(:user)
    end
  end

  test 'does authenticate with valid authentication token key and value through params if not configured' do
    swap Devise, :token_authentication_key => :secret_token, :params_authenticatable => [:database] do
      sign_in_as_new_user_with_token

      assert_contain 'You need to sign in or sign up before continuing'
      assert_contain 'Sign in'
      assert_not warden.authenticated?(:user)
    end
  end

  test 'does authenticate with valid authentication token key and value through http if not configured' do
    swap Devise, :token_authentication_key => :secret_token, :http_authenticatable => [:database] do
      sign_in_as_new_user_with_token(:http_auth => true)

      assert_response 401
      assert_contain 'Invalid email or password.'
      assert_not warden.authenticated?(:user)
    end
  end

  test 'does not authenticate with improper authentication token key' do
    swap Devise, :token_authentication_key => :donald_duck_token do
      sign_in_as_new_user_with_token(:auth_token_key => :secret_token)
      assert_equal new_user_session_path, @request.path

      assert_contain 'You need to sign in or sign up before continuing'
      assert_contain 'Sign in'
      assert_not warden.authenticated?(:user)
    end
  end

  test 'does not authenticate with improper authentication token value' do
    store_translations :en, :devise => {:failure => {:invalid_token => 'LOL, that was not a single character correct.'}} do
      sign_in_as_new_user_with_token(:auth_token => '*** INVALID TOKEN ***')
      assert_equal new_user_session_path, @request.path

      assert_contain 'LOL, that was not a single character correct.'
      assert_contain 'Sign in'
      assert_not warden.authenticated?(:user)
    end
  end

  private

    def sign_in_as_new_user_with_token(options = {})
      options[:auth_token_key] ||= Devise.token_authentication_key
      options[:auth_token]     ||= VALID_AUTHENTICATION_TOKEN

      user = create_user(options)
      user.authentication_token = VALID_AUTHENTICATION_TOKEN
      user.save

      if options[:http_auth]
        header = "Basic #{ActiveSupport::Base64.encode64("#{VALID_AUTHENTICATION_TOKEN}:X")}"
        get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => header
      else
        visit users_path(options[:auth_token_key].to_sym => options[:auth_token])
      end

      user
    end

end
Compatibility with Ruby 1.9.1 and 1.9.2. 2010-03-26 10:27:19 +00:00			`require 'test_helper'`
Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. Signed-off-by: José Valim <jose.valim@gmail.com> 2010-01-24 02:38:52 +00:00
			`class TokenAuthenticationTest < ActionController::IntegrationTest`

TokenAuthenticatable now works with HTTP Basic Auth by default (take a look at Highrise API for a good example). This basically allows you to pass the authentication token as HTTP Basic Auth username. 2010-04-01 17:09:33 +00:00			`test 'authenticate with valid authentication token key and value through params' do`
Tidy up token authentication implementation. 2010-02-02 12:21:00 +00:00			`swap Devise, :token_authentication_key => :secret_token do`
TokenAuthenticatable now works with HTTP Basic Auth by default (take a look at Highrise API for a good example). This basically allows you to pass the authentication token as HTTP Basic Auth username. 2010-04-01 17:09:33 +00:00			`sign_in_as_new_user_with_token`

			`assert_response :success`
			`assert_template 'users/index'`
			`assert_contain 'Welcome'`
			`assert warden.authenticated?(:user)`
			`end`
			`end`

			`test 'authenticate with valid authentication token key and value through http' do`
			`swap Devise, :token_authentication_key => :secret_token do`
			`sign_in_as_new_user_with_token(:http_auth => true)`
Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. Signed-off-by: José Valim <jose.valim@gmail.com> 2010-01-24 02:38:52 +00:00
			`assert_response :success`
Added navigational formats to specify when it should return a 302 and when a 401, closes #234 and #249. 2010-05-16 17:13:20 +00:00			`assert_match '<email>user@test.com</email>', response.body`
Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. Signed-off-by: José Valim <jose.valim@gmail.com> 2010-01-24 02:38:52 +00:00			`assert warden.authenticated?(:user)`
			`end`
			`end`

TokenAuthenticatable now works with HTTP Basic Auth by default (take a look at Highrise API for a good example). This basically allows you to pass the authentication token as HTTP Basic Auth username. 2010-04-01 17:09:33 +00:00			`test 'does authenticate with valid authentication token key and value through params if not configured' do`
			`swap Devise, :token_authentication_key => :secret_token, :params_authenticatable => [:database] do`
			`sign_in_as_new_user_with_token`

			`assert_contain 'You need to sign in or sign up before continuing'`
			`assert_contain 'Sign in'`
			`assert_not warden.authenticated?(:user)`
			`end`
			`end`

			`test 'does authenticate with valid authentication token key and value through http if not configured' do`
			`swap Devise, :token_authentication_key => :secret_token, :http_authenticatable => [:database] do`
			`sign_in_as_new_user_with_token(:http_auth => true)`

			`assert_response 401`
			`assert_contain 'Invalid email or password.'`
			`assert_not warden.authenticated?(:user)`
			`end`
			`end`

			`test 'does not authenticate with improper authentication token key' do`
Tidy up token authentication implementation. 2010-02-02 12:21:00 +00:00			`swap Devise, :token_authentication_key => :donald_duck_token do`
			`sign_in_as_new_user_with_token(:auth_token_key => :secret_token)`
No need to append ?unauthenticated=true in URLs anymore since Flash was moved to a middleware in Rails 3. 2010-04-03 09:43:31 +00:00			`assert_equal new_user_session_path, @request.path`
Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. Signed-off-by: José Valim <jose.valim@gmail.com> 2010-01-24 02:38:52 +00:00
Tidy up token authentication implementation. 2010-02-02 12:21:00 +00:00			`assert_contain 'You need to sign in or sign up before continuing'`
			`assert_contain 'Sign in'`
			`assert_not warden.authenticated?(:user)`
			`end`
Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. Signed-off-by: José Valim <jose.valim@gmail.com> 2010-01-24 02:38:52 +00:00			`end`

TokenAuthenticatable now works with HTTP Basic Auth by default (take a look at Highrise API for a good example). This basically allows you to pass the authentication token as HTTP Basic Auth username. 2010-04-01 17:09:33 +00:00			`test 'does not authenticate with improper authentication token value' do`
Move failure messages from devise.sessions to devise.failure. 2010-04-03 11:11:45 +00:00			`store_translations :en, :devise => {:failure => {:invalid_token => 'LOL, that was not a single character correct.'}} do`
Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. Signed-off-by: José Valim <jose.valim@gmail.com> 2010-01-24 02:38:52 +00:00			`sign_in_as_new_user_with_token(:auth_token => '* INVALID TOKEN *')`
No need to append ?unauthenticated=true in URLs anymore since Flash was moved to a middleware in Rails 3. 2010-04-03 09:43:31 +00:00			`assert_equal new_user_session_path, @request.path`
Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. Signed-off-by: José Valim <jose.valim@gmail.com> 2010-01-24 02:38:52 +00:00
			`assert_contain 'LOL, that was not a single character correct.'`
			`assert_contain 'Sign in'`
			`assert_not warden.authenticated?(:user)`
			`end`
			`end`

			`private`

Add Http Basic Authentication support. 2010-02-06 00:33:32 +00:00			`def sign_in_as_new_user_with_token(options = {})`
Tidy up token authentication implementation. 2010-02-02 12:21:00 +00:00			`options[:auth_token_key] \|\|= Devise.token_authentication_key`
			`options[:auth_token] \|\|= VALID_AUTHENTICATION_TOKEN`

Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. Signed-off-by: José Valim <jose.valim@gmail.com> 2010-01-24 02:38:52 +00:00			`user = create_user(options)`
			`user.authentication_token = VALID_AUTHENTICATION_TOKEN`
			`user.save`
Tidy up token authentication implementation. 2010-02-02 12:21:00 +00:00
TokenAuthenticatable now works with HTTP Basic Auth by default (take a look at Highrise API for a good example). This basically allows you to pass the authentication token as HTTP Basic Auth username. 2010-04-01 17:09:33 +00:00			`if options[:http_auth]`
			`header = "Basic #{ActiveSupport::Base64.encode64("#{VALID_AUTHENTICATION_TOKEN}:X")}"`
Added navigational formats to specify when it should return a 302 and when a 401, closes #234 and #249. 2010-05-16 17:13:20 +00:00			`get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => header`
TokenAuthenticatable now works with HTTP Basic Auth by default (take a look at Highrise API for a good example). This basically allows you to pass the authentication token as HTTP Basic Auth username. 2010-04-01 17:09:33 +00:00			`else`
			`visit users_path(options[:auth_token_key].to_sym => options[:auth_token])`
			`end`

Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. Signed-off-by: José Valim <jose.valim@gmail.com> 2010-01-24 02:38:52 +00:00			`user`
			`end`

			`end`