Improve tests and update CHANGELOG.

CHANGELOG.rdoc

@@ -8,7 +8,8 @@
   * rememberable cookie now is httponly by default (by github.com/JamesFerguson)
   * Add missing confirmation_keys (by github.com/JohnPlummer)
   * Ensure after_* hooks are called on RegistrationsController
-  * When using database_authenticatable Devise will now only create an email field when appropriate (if using default authentication_keys or custom authentication_keys with email included) (by github.com)
+  * When using database_authenticatable Devise will now only create an email field when appropriate (if using default authentication_keys or custom authentication_keys with email included)
+  * Ensure stateless token does not trigger timeout (by github.com/pixelauthority)
 
 * deprecations
   * Deprecated anybody_signed_in? in favor of signed_in? (by github.com/gavinhughes)

test/integration/token_authenticatable_test.rb

@@ -77,12 +77,13 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
   end
 
   test 'authenticate with valid authentication token key and do not store if stateless and timeoutable are enabled' do
-    swap Devise, :token_authentication_key => :secret_token, :stateless_token => true, :timeout_in => 1.second do
+    swap Devise, :token_authentication_key => :secret_token, :stateless_token => true, :timeout_in => (0.1).second do
       user = sign_in_as_new_user_with_token
       assert warden.authenticated?(:user)
 
-      # TODO: replace sleep
-      sleep 2
+      # Expiring does not work because we are setting the session value when accessing it
+      sleep 0.3
+
       get_users_path_as_existing_user(user)
       assert warden.authenticated?(:user)
     end
@@ -91,12 +92,10 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
   private
 
     def sign_in_as_new_user_with_token(options = {})
-      options[:auth_token_key] ||= Devise.token_authentication_key
-      options[:auth_token]     ||= VALID_AUTHENTICATION_TOKEN
+      user = options.delete(:user) || create_user_with_authentication_token(options)
 
-      user = create_user(options)
-      user.authentication_token = VALID_AUTHENTICATION_TOKEN
-      user.save
+      options[:auth_token_key] ||= Devise.token_authentication_key
+      options[:auth_token]     ||= user.authentication_token
 
       if options[:http_auth]
         header = "Basic #{ActiveSupport::Base64.encode64("#{VALID_AUTHENTICATION_TOKEN}:X")}"
@@ -108,15 +107,14 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
       user
     end
 
-    def get_users_path_as_existing_user(user, options = {})
-      options[:auth_token_key] ||= Devise.token_authentication_key
-
-      if options[:http_auth]
-        header = "Basic #{ActiveSupport::Base64.encode64("#{VALID_AUTHENTICATION_TOKEN}:X")}"
-        get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => header
-      else
-        get users_path(options[:auth_token_key].to_sym => user.authentication_token)
-      end
+    def create_user_with_authentication_token(options)
+      user = create_user(options)
+      user.authentication_token = VALID_AUTHENTICATION_TOKEN
+      user.save
+      user
     end
 
+    def get_users_path_as_existing_user(user)
+      sign_in_as_new_user_with_token(:user => user)
+    end
 end