require 'test_helper' require 'ostruct' class FailureTest < ActiveSupport::TestCase def self.context(name, &block) instance_eval(&block) end def call_failure(env_params={}) env = { 'REQUEST_URI' => 'http://test.host/', 'HTTP_HOST' => 'test.host', 'REQUEST_METHOD' => 'GET', 'warden.options' => { :scope => :user }, 'rack.session' => {}, 'action_dispatch.request.formats' => Array(env_params.delete('formats') || Mime::HTML), 'rack.input' => "", 'warden' => OpenStruct.new(:message => nil) }.merge!(env_params) @response = Devise::FailureApp.call(env).to_a @request = ActionDispatch::Request.new(env) end context 'When redirecting' do test 'return 302 status' do call_failure assert_equal 302, @response.first end test 'return 302 status for wildcard requests' do call_failure 'action_dispatch.request.formats' => nil, 'HTTP_ACCEPT' => '*/*' assert_equal 302, @response.first end test 'return to the default redirect location' do call_failure assert_equal 'You need to sign in or sign up before continuing.', @request.flash[:alert] assert_equal 'http://test.host/users/sign_in', @response.second['Location'] end test 'uses the proxy failure message as symbol' do call_failure('warden' => OpenStruct.new(:message => :test)) assert_equal 'test', @request.flash[:alert] assert_equal 'http://test.host/users/sign_in', @response.second["Location"] end test 'uses the proxy failure message as string' do call_failure('warden' => OpenStruct.new(:message => 'Hello world')) assert_equal 'Hello world', @request.flash[:alert] assert_equal 'http://test.host/users/sign_in', @response.second["Location"] end test 'set content type to default text/html' do call_failure assert_equal 'text/html; charset=utf-8', @response.second['Content-Type'] end test 'setup a default message' do call_failure assert_match /You are being/, @response.last.body assert_match /redirected/, @response.last.body assert_match /users\/sign_in/, @response.last.body end test 'works for any navigational format' do swap Devise, :navigational_formats => [:xml] do call_failure('formats' => :xml) assert_equal 302, @response.first end end test 'redirects the correct format if it is a non-html format request' do swap Devise, :navigational_formats => [:js] do call_failure('formats' => :js) assert_equal 'http://test.host/users/sign_in.js', @response.second["Location"] end end end context 'For HTTP request' do test 'return 401 status' do call_failure('formats' => :xml) assert_equal 401, @response.first end test 'return 401 status for unknown formats' do call_failure 'formats' => [] assert_equal 401, @response.first end test 'return WWW-authenticate headers if model allows' do call_failure('formats' => :xml) assert_equal 'Basic realm="Application"', @response.second["WWW-Authenticate"] end test 'does not return WWW-authenticate headers if model does not allow' do swap Devise, :http_authenticatable => false do call_failure('formats' => :xml) assert_nil @response.second["WWW-Authenticate"] end end test 'works for any non navigational format' do swap Devise, :navigational_formats => [] do call_failure('formats' => :html) assert_equal 401, @response.first end end test 'uses the failure message as response body' do call_failure('formats' => :xml, 'warden' => OpenStruct.new(:message => :invalid)) assert_match 'Invalid email or password.', @response.third.body end context 'on ajax call' do context 'when http_authenticatable_on_xhr is false' do test 'dont return 401 with navigational formats' do swap Devise, :http_authenticatable_on_xhr => false do call_failure('formats' => :html, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest') assert_equal 302, @response.first assert_equal 'http://test.host/users/sign_in', @response.second["Location"] end end test 'dont return 401 with non navigational formats' do swap Devise, :http_authenticatable_on_xhr => false do call_failure('formats' => :json, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest') assert_equal 302, @response.first assert_equal 'http://test.host/users/sign_in.json', @response.second["Location"] end end end context 'when http_authenticatable_on_xhr is true' do test 'return 401' do swap Devise, :http_authenticatable_on_xhr => true do call_failure('formats' => :html, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest') assert_equal 401, @response.first end end test 'skip WWW-Authenticate header' do swap Devise, :http_authenticatable_on_xhr => true do call_failure('formats' => :html, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest') assert_nil @response.second['WWW-Authenticate'] end end end end end context 'With recall' do test 'calls the original controller if invalid email or password' do env = { "warden.options" => { :recall => "devise/sessions#new", :attempted_path => "/users/sign_in" }, "devise.mapping" => Devise.mappings[:user], "warden" => stub_everything } call_failure(env) assert @response.third.body.include?('

Sign in

') assert @response.third.body.include?('Invalid email or password.') end test 'calls the original controller if not confirmed email' do env = { "warden.options" => { :recall => "devise/sessions#new", :attempted_path => "/users/sign_in", :message => :unconfirmed }, "devise.mapping" => Devise.mappings[:user], "warden" => stub_everything } call_failure(env) assert @response.third.body.include?('

Sign in

') assert @response.third.body.include?('You have to confirm your account before continuing.') end test 'calls the original controller if inactive account' do env = { "warden.options" => { :recall => "devise/sessions#new", :attempted_path => "/users/sign_in", :message => :inactive }, "devise.mapping" => Devise.mappings[:user], "warden" => stub_everything } call_failure(env) assert @response.third.body.include?('

Sign in

') assert @response.third.body.include?('Your account was not activated yet.') end end end