heartcombo--devise/test/models/token_authenticatable_test.rb

require 'test_helper'

class TokenAuthenticatableTest < ActiveSupport::TestCase

  test 'should reset authentication token' do
    user = new_user
    user.reset_authentication_token
    previous_token = user.authentication_token
    user.reset_authentication_token
    assert_not_equal previous_token, user.authentication_token
  end

  test 'should ensure authentication token' do
    user = new_user
    user.ensure_authentication_token
    previous_token = user.authentication_token
    user.ensure_authentication_token
    assert_equal previous_token, user.authentication_token
  end

  test 'should authenticate a valid user with authentication token and return it' do
    user = create_user
    user.ensure_authentication_token!
    user.confirm!
    authenticated_user = User.find_for_token_authentication(:auth_token => user.authentication_token)
    assert_equal authenticated_user, user
  end

  test 'should return nil when authenticating an invalid user by authentication token' do
    user = create_user
    user.ensure_authentication_token!
    user.confirm!
    authenticated_user = User.find_for_token_authentication(:auth_token => user.authentication_token.reverse)
    assert_nil authenticated_user
  end

  test 'should not be subject to injection' do
    user1 = create_user
    user1.ensure_authentication_token!
    user1.confirm!

    user2 = create_user
    user2.ensure_authentication_token!
    user2.confirm!

    user = User.find_for_token_authentication(:auth_token => {'$ne' => user1.authentication_token})
    assert_nil user
  end

  test 'required_fields should contain the fields that Devise uses' do
    assert_same_content Devise::Models::TokenAuthenticatable.required_fields(User), [
      :authentication_token
    ]
  end
end
Compatibility with Ruby 1.9.1 and 1.9.2. 2010-03-26 06:27:19 -04:00			`require 'test_helper'`
Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. Signed-off-by: José Valim <jose.valim@gmail.com> 2010-01-23 21:38:52 -05:00
			`class TokenAuthenticatableTest < ActiveSupport::TestCase`

			`test 'should reset authentication token' do`
			`user = new_user`
Tidy up token authentication implementation. 2010-02-02 07:21:00 -05:00			`user.reset_authentication_token`
Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. Signed-off-by: José Valim <jose.valim@gmail.com> 2010-01-23 21:38:52 -05:00			`previous_token = user.authentication_token`
Tidy up token authentication implementation. 2010-02-02 07:21:00 -05:00			`user.reset_authentication_token`
Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. Signed-off-by: José Valim <jose.valim@gmail.com> 2010-01-23 21:38:52 -05:00			`assert_not_equal previous_token, user.authentication_token`
			`end`

Tidy up token authentication implementation. 2010-02-02 07:21:00 -05:00			`test 'should ensure authentication token' do`
			`user = new_user`
			`user.ensure_authentication_token`
			`previous_token = user.authentication_token`
			`user.ensure_authentication_token`
			`assert_equal previous_token, user.authentication_token`
			`end`

Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. Signed-off-by: José Valim <jose.valim@gmail.com> 2010-01-23 21:38:52 -05:00			`test 'should authenticate a valid user with authentication token and return it' do`
			`user = create_user`
Small changes to token_authenticatable. 2010-04-06 07:26:56 -04:00			`user.ensure_authentication_token!`
Tidy up token authentication implementation. 2010-02-02 07:21:00 -05:00			`user.confirm!`
Small changes to token_authenticatable. 2010-04-06 07:26:56 -04:00			`authenticated_user = User.find_for_token_authentication(:auth_token => user.authentication_token)`
Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. Signed-off-by: José Valim <jose.valim@gmail.com> 2010-01-23 21:38:52 -05:00			`assert_equal authenticated_user, user`
			`end`

			`test 'should return nil when authenticating an invalid user by authentication token' do`
			`user = create_user`
Small changes to token_authenticatable. 2010-04-06 07:26:56 -04:00			`user.ensure_authentication_token!`
Tidy up token authentication implementation. 2010-02-02 07:21:00 -05:00			`user.confirm!`
Small changes to token_authenticatable. 2010-04-06 07:26:56 -04:00			`authenticated_user = User.find_for_token_authentication(:auth_token => user.authentication_token.reverse)`
Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. Signed-off-by: José Valim <jose.valim@gmail.com> 2010-01-23 21:38:52 -05:00			`assert_nil authenticated_user`
			`end`

fix for possible injection with mongo Signed-off-by: José Valim <jose.valim@gmail.com> 2011-03-07 18:54:55 -05:00			`test 'should not be subject to injection' do`
Improve previous patch. 2011-03-11 14:46:08 -05:00			`user1 = create_user`
			`user1.ensure_authentication_token!`
			`user1.confirm!`
fix for possible injection with mongo Signed-off-by: José Valim <jose.valim@gmail.com> 2011-03-07 18:54:55 -05:00
Improve previous patch. 2011-03-11 14:46:08 -05:00			`user2 = create_user`
			`user2.ensure_authentication_token!`
			`user2.confirm!`
fix for possible injection with mongo Signed-off-by: José Valim <jose.valim@gmail.com> 2011-03-07 18:54:55 -05:00
Improve previous patch. 2011-03-11 14:46:08 -05:00			`user = User.find_for_token_authentication(:auth_token => {'$ne' => user1.authentication_token})`
			`assert_nil user`
fix for possible injection with mongo Signed-off-by: José Valim <jose.valim@gmail.com> 2011-03-07 18:54:55 -05:00			`end`
Required fields on token_authenticatable 2012-02-17 12:50:15 -05:00
			`test 'required_fields should contain the fields that Devise uses' do`
Fixing some tests and adding an assert message 2012-02-20 07:12:26 -05:00			`assert_same_content Devise::Models::TokenAuthenticatable.required_fields(User), [`
Required fields on token_authenticatable 2012-02-17 12:50:15 -05:00			`:authentication_token`
			`]`
			`end`
Warn about an incompatibility between Devise and Mongoid 2011-02-25 16:17:14 -05:00			`end`