kotovalexarian-likes-github/heartcombo--devise
1
0
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2022-11-09 12:18:31 -05:00
Code Releases Activity

Reorganize tests for failure app and add entries to CHANGELOG.

Browse source
This commit is contained in:
José Valim 2010-08-31 23:55:25 +02:00
parent c8bd965462
commit 31d7020637
3 changed files with 63 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.rdoc
View file

@ -5,6 +5,7 @@
* enhancements
* Added OAuth 2 support
* sign_out_via is available in the router to configure the method used for sign out (by github.com/martinrehfeld)
* Improved Ajax requests handling in failure app (by github.com/spastorino)
* bugfix
* after_sign_in_path_for always receives a resource

16
lib/devise/failure_app.rb
View file

@ -33,7 +33,7 @@ module Devise
def http_auth
self.status = 401
self.headers["WWW-Authenticate"] = %(Basic realm=#{Devise.http_authentication_realm.inspect}) unless request.xhr?
self.headers["WWW-Authenticate"] = %(Basic realm=#{Devise.http_authentication_realm.inspect}) if http_auth_header?
self.content_type = request.format.to_s
self.response_body = http_auth_body
end
@ -67,6 +67,14 @@ module Devise
send(:"new_#{scope}_session_path")
end
# Choose whether we should respond in a http authentication fashion,
# including 401 and optional headers.
#
# This method allows the user to explicitly disable http authentication
# on ajax requests in case they want to redirect on failures instead of
# handling the errors on their own. This is useful in case your ajax API
# is the same as your public API and uses a format like JSON (so you
# cannot mark JSON as a navigational format).
def http_auth?
if request.xhr?
Devise.http_authenticatable_on_xhr
@ -75,6 +83,12 @@ module Devise
end
end
# It does not make sense to send authenticate headers in ajax requests
# or if the user disabled them.
def http_auth_header?
Devise.mappings[scope].to.http_authenticatable && !request.xhr?
end
def http_auth_body
method = :"to_#{request.format.to_sym}"
{}.respond_to?(method) ? { :error => i18n_message }.send(method) : i18n_message

77
test/failure_app_test.rb
View file

@ -17,7 +17,7 @@ class FailureTest < ActiveSupport::TestCase
'rack.input' => "",
'warden' => OpenStruct.new(:message => nil)
}.merge!(env_params)
@response = Devise::FailureApp.call(env).to_a
@request = ActionDispatch::Request.new(env)
end
@ -72,48 +72,65 @@ class FailureTest < ActiveSupport::TestCase
assert_equal 401, @response.first
end
test 'return WWW-authenticate headers' do
test 'return WWW-authenticate headers if model allows' do
call_failure('formats' => :xml)
assert_equal 'Basic realm="Application"', @response.second["WWW-Authenticate"]
end
test 'dont return WWW-authenticate on ajax call if http_authenticatable_on_xhr false' do
swap Devise, :http_authenticatable_on_xhr => false do
call_failure('formats' => :html, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
assert_equal 302, @response.first
assert_equal 'http://test.host/users/sign_in', @response.second["Location"]
assert_nil @response.second['WWW-Authenticate']
test 'does not return WWW-authenticate headers if model does not allow' do
swap Devise, :http_authenticatable => false do
call_failure('formats' => :xml)
assert_nil @response.second["WWW-Authenticate"]
end
end
test 'dont return WWW-authenticate on ajax call with formats => json if http_authenticatable_on_xhr false' do
swap Devise, :http_authenticatable_on_xhr => false do
call_failure('formats' => :json, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
assert_equal 302, @response.first
assert_equal 'http://test.host/users/sign_in', @response.second["Location"]
assert_nil @response.second['WWW-Authenticate']
end
end
test 'return WWW-authenticate on ajax call if http_authenticatable_on_xhr true' do
swap Devise, :http_authenticatable_on_xhr => true do
call_failure('formats' => :html, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
assert_equal 401, @response.first
assert_nil @response.second['WWW-Authenticate']
end
end
test 'uses the proxy failure message as response body' do
call_failure('formats' => :xml, 'warden' => OpenStruct.new(:message => :invalid))
assert_match '<error>Invalid email or password.</error>', @response.third.body
end
test 'works for any non navigational format' do
swap Devise, :navigational_formats => [] do
call_failure('formats' => :html)
assert_equal 401, @response.first
end
end
test 'uses the failure message as response body' do
call_failure('formats' => :xml, 'warden' => OpenStruct.new(:message => :invalid))
assert_match '<error>Invalid email or password.</error>', @response.third.body
end
context 'on ajax call' do
context 'when http_authenticatable_on_xhr is false' do
test 'dont return 401 with navigational formats' do
swap Devise, :http_authenticatable_on_xhr => false do
call_failure('formats' => :html, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
assert_equal 302, @response.first
assert_equal 'http://test.host/users/sign_in', @response.second["Location"]
end
end
test 'dont return 401 with non navigational formats' do
swap Devise, :http_authenticatable_on_xhr => false do
call_failure('formats' => :json, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
assert_equal 302, @response.first
assert_equal 'http://test.host/users/sign_in', @response.second["Location"]
end
end
end
context 'when http_authenticatable_on_xhr is true' do
test 'return 401' do
swap Devise, :http_authenticatable_on_xhr => true do
call_failure('formats' => :html, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
assert_equal 401, @response.first
end
end
test 'skip WWW-Authenticate header' do
swap Devise, :http_authenticatable_on_xhr => true do
call_failure('formats' => :html, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
assert_nil @response.second['WWW-Authenticate']
end
end
end
end
end
context 'With recall' do