add unit and integration tests for case insensitive keys

2022-11-09 12:18:31 -05:00 · 2010-11-20 15:54:01 +01:00 · 2010-11-20 15:54:01 +01:00 · 8d1e23c67d
commit 8d1e23c67d
parent e911abf13b
5 changed files with 63 additions and 5 deletions
--- a/lib/devise/models/authenticatable.rb
+++ b/lib/devise/models/authenticatable.rb
@ -100,7 +100,7 @@ module Devise
        #   end
        #
        def find_for_authentication(conditions)
-          case_insensitive_keys.each { |k| attributes[k].try(:downcase!) }
+          case_insensitive_keys.each { |k| conditions[k].try(:downcase!) }
          to_adapter.find_first(conditions)
        end

--- a/test/integration/database_authenticatable_test.rb
+++ b/test/integration/database_authenticatable_test.rb
@ -1,6 +1,28 @@
 require 'test_helper'

 class DatabaseAuthenticationTest < ActionController::IntegrationTest
+  test 'sign in with email of different case should succeed when email is in the list of case insensitive keys' do
+    create_user(:email => 'Foo@Bar.com')
+    
+    sign_in_as_user do
+      fill_in 'email', :with => 'foo@bar.com'
+    end
+    
+    assert warden.authenticated?(:user)
+  end
+
+  test 'sign in with email of different case should fail when email is NOT the list of case insensitive keys' do
+    swap Devise, :case_insensitive_keys => [] do
+      create_user(:email => 'Foo@Bar.com')
+      
+      sign_in_as_user do
+        fill_in 'email', :with => 'foo@bar.com'
+      end
+      
+      assert_not warden.authenticated?(:user)
+    end
+  end
+
  test 'sign in should not authenticate if not using proper authentication keys' do
    swap Devise, :authentication_keys => [:username] do
      sign_in_as_user
--- a/test/integration/recoverable_test.rb
+++ b/test/integration/recoverable_test.rb
@ -27,6 +27,32 @@ class PasswordTest < ActionController::IntegrationTest
    click_button 'Change my password'
  end

+  test 'reset password with email of different case should succeed when email is in the list of case insensitive keys' do
+    create_user(:email => 'Foo@Bar.com')
+    
+    request_forgot_password do
+      fill_in 'email', :with => 'foo@bar.com'
+    end
+    
+    assert_current_url '/users/sign_in'
+    assert_contain 'You will receive an email with instructions about how to reset your password in a few minutes.'
+  end
+
+  test 'reset password with email of different case should fail when email is NOT the list of case insensitive keys' do
+    swap Devise, :case_insensitive_keys => [] do
+      create_user(:email => 'Foo@Bar.com')
+      
+      request_forgot_password do
+        fill_in 'email', :with => 'foo@bar.com'
+      end
+      
+      assert_response :success
+      assert_current_url '/users/password'
+      assert_have_selector "input[type=email][value='foo@bar.com']"
+      assert_contain 'not found'
+    end
+  end
+
  test 'authenticated user should not be able to visit forgot password page' do
    sign_in_as_user
    assert warden.authenticated?(:user)
--- a/test/models/database_authenticatable_test.rb
+++ b/test/models/database_authenticatable_test.rb
@ -2,6 +2,16 @@ require 'test_helper'
 require 'digest/sha1'

 class DatabaseAuthenticatableTest < ActiveSupport::TestCase
+  test 'should downcase case insensitive keys when saving' do
+    # case_insensitive_keys is set to :email by default.
+    email = 'Foo@Bar.com'
+    user = new_user(:email => email)
+    
+    assert_equal email, user.email
+    user.save!
+    assert_equal email.downcase, user.email
+  end
+  
  test 'should respond to password and password confirmation' do
    user = new_user
    assert user.respond_to?(:password)
--- a/test/support/integration.rb
+++ b/test/support/integration.rb
@ -9,9 +9,9 @@ class ActionDispatch::IntegrationTest
    @user ||= begin
      user = User.create!(
        :username => 'usertest',
-        :email => 'user@test.com',
-        :password => '123456',
-        :password_confirmation => '123456',
+        :email => options[:email] || 'user@test.com',
+        :password => options[:password] || '123456',
+        :password_confirmation => options[:password] || '123456',
        :created_at => Time.now.utc
      )
      user.confirm! unless options[:confirm] == false
@ -32,7 +32,7 @@ class ActionDispatch::IntegrationTest
  def sign_in_as_user(options={}, &block)
    user = create_user(options)
    visit_with_option options[:visit], new_user_session_path
-    fill_in 'email', :with => 'user@test.com'
+    fill_in 'email', :with => options[:email] || 'user@test.com'
    fill_in 'password', :with => options[:password] || '123456'
    check 'remember me' if options[:remember_me] == true
    yield if block_given?