2010-03-26 06:27:19 -04:00
require 'test_helper'
2010-01-14 09:47:14 -05:00
class RememberMeTest < ActionController :: IntegrationTest
def create_user_and_remember ( add_to_token = '' )
user = create_user
user . remember_me!
2010-03-31 07:31:45 -04:00
raw_cookie = User . serialize_into_cookie ( user ) . tap { | a | a . last << add_to_token }
cookies [ 'remember_user_token' ] = generate_signed_cookie ( raw_cookie )
2010-01-14 09:47:14 -05:00
user
end
2010-03-31 07:31:45 -04:00
def generate_signed_cookie ( raw_cookie )
2010-04-05 05:46:26 -04:00
request = ActionDispatch :: TestRequest . new
2010-03-31 07:31:45 -04:00
request . cookie_jar . signed [ 'raw_cookie' ] = raw_cookie
request . cookie_jar [ 'raw_cookie' ]
end
2010-07-23 10:31:42 -04:00
def signed_cookie ( key )
controller . send ( :cookies ) . signed [ key ]
end
def cookie_expires ( key )
2010-12-25 06:04:04 -05:00
cookie = response . headers [ " Set-Cookie " ] . split ( " \n " ) . grep ( / ^ #{ key } / ) . first
expires = cookie . split ( " ; " ) . map ( & :strip ) . grep ( / ^expires= / ) . first
2011-02-22 13:41:23 -05:00
Time . parse ( expires ) . utc
2010-07-23 10:31:42 -04:00
end
2010-01-14 09:47:14 -05:00
test 'do not remember the user if he has not checked remember me option' do
user = sign_in_as_user
2010-05-16 08:13:43 -04:00
assert_nil request . cookies [ " remember_user_cookie " ]
2010-01-14 09:47:14 -05:00
end
2011-06-28 21:13:35 -04:00
test 'handles unverified requests gets rid of caches' do
swap UsersController , :allow_forgery_protection = > true do
post exhibit_user_url ( 1 )
assert_not warden . authenticated? ( :user )
create_user_and_remember
post exhibit_user_url ( 1 )
assert_equal " User is not authenticated " , response . body
assert_not warden . authenticated? ( :user )
end
end
2010-01-14 09:47:14 -05:00
test 'generate remember token after sign in' do
user = sign_in_as_user :remember_me = > true
2010-05-16 08:13:43 -04:00
assert request . cookies [ " remember_user_token " ]
end
2010-09-25 15:13:54 -04:00
test 'generate remember token after sign in setting cookie options' do
2010-05-16 08:13:43 -04:00
# We test this by asserting the cookie is not sent after the redirect
# since we changed the domain. This is the only difference with the
# previous test.
2010-09-25 15:13:54 -04:00
swap Devise , :cookie_options = > { :domain = > " omg.somewhere.com " } do
2010-05-16 08:13:43 -04:00
user = sign_in_as_user :remember_me = > true
assert_nil request . cookies [ " remember_user_token " ]
end
2010-01-14 09:47:14 -05:00
end
2010-09-25 15:13:54 -04:00
test 'generate remember token after sign in setting session options' do
begin
Rails . configuration . session_options [ :domain ] = " omg.somewhere.com "
user = sign_in_as_user :remember_me = > true
assert_nil request . cookies [ " remember_user_token " ]
ensure
Rails . configuration . session_options . delete ( :domain )
end
end
2010-01-14 09:47:14 -05:00
test 'remember the user before sign in' do
user = create_user_and_remember
get users_path
assert_response :success
assert warden . authenticated? ( :user )
assert warden . user ( :user ) == user
2011-05-23 12:22:32 -04:00
assert_match / remember_user_token[^ \ n]*HttpOnly / , response . headers [ " Set-Cookie " ] , " Expected Set-Cookie header in response to set HttpOnly flag on remember_user_token cookie. "
2010-01-14 09:47:14 -05:00
end
2011-04-29 02:56:35 -04:00
test 'remember the user before sign up and redirect him to his home' do
user = create_user_and_remember
get new_user_registration_path
assert warden . authenticated? ( :user )
assert_redirected_to root_path
end
2011-02-15 04:58:38 -05:00
test 'cookies are destroyed on unverified requests' do
swap ApplicationController , :allow_forgery_protection = > true do
user = create_user_and_remember
get users_path
assert warden . authenticated? ( :user )
post root_path , :authenticity_token = > 'INVALID'
assert_not warden . authenticated? ( :user )
end
end
2010-07-23 17:57:31 -04:00
test 'does not extend remember period through sign in' do
swap Devise , :extend_remember_period = > true , :remember_for = > 1 . year do
user = create_user
user . remember_me!
user . remember_created_at = old = 10 . days . ago
user . save
sign_in_as_user :remember_me = > true
user . reload
assert warden . user ( :user ) == user
2010-07-26 14:25:02 -04:00
assert_equal old . to_i , user . remember_created_at . to_i
2010-07-23 17:57:31 -04:00
end
end
2010-05-16 08:13:43 -04:00
test 'do not remember other scopes' do
2010-02-23 13:47:45 -05:00
user = create_user_and_remember
get root_path
assert_response :success
assert warden . authenticated? ( :user )
assert_not warden . authenticated? ( :admin )
end
2010-01-14 09:47:14 -05:00
test 'do not remember with invalid token' do
user = create_user_and_remember ( 'add' )
get users_path
assert_not warden . authenticated? ( :user )
2010-04-03 05:43:31 -04:00
assert_redirected_to new_user_session_path
2010-01-14 09:47:14 -05:00
end
2010-05-16 08:13:43 -04:00
test 'do not remember with expired token' do
2010-01-14 09:47:14 -05:00
user = create_user_and_remember
2010-02-16 15:23:58 -05:00
swap Devise , :remember_for = > 0 do
get users_path
assert_not warden . authenticated? ( :user )
2010-04-03 05:43:31 -04:00
assert_redirected_to new_user_session_path
2010-02-16 15:23:58 -05:00
end
2010-01-14 09:47:14 -05:00
end
2010-09-25 06:37:06 -04:00
test 'do not remember the user anymore after forget' do
2010-01-14 09:47:14 -05:00
user = create_user_and_remember
get users_path
assert warden . authenticated? ( :user )
2010-09-25 06:37:06 -04:00
2010-01-14 09:47:14 -05:00
get destroy_user_session_path
assert_not warden . authenticated? ( :user )
2010-09-25 06:37:06 -04:00
assert_nil warden . cookies [ 'remember_user_token' ]
get users_path
assert_not warden . authenticated? ( :user )
2010-01-14 09:47:14 -05:00
end
2010-09-25 06:37:06 -04:00
test 'changing user password expires remember me token' do
2010-01-14 09:47:14 -05:00
user = create_user_and_remember
2010-09-25 06:37:06 -04:00
user . password = " another_password "
user . password_confirmation = " another_password "
user . save!
2010-01-14 09:47:14 -05:00
get users_path
assert_not warden . authenticated? ( :user )
end
2010-12-22 00:04:54 -05:00
end