test/integration/authenticatable_test.rb in devise-2.2.3 vs test/integration/authenticatable_test.rb in devise-2.2.4
- old
+ new
@@ -1,8 +1,8 @@
require 'test_helper'
-class AuthenticationSanityTest < ActionController::IntegrationTest
+class AuthenticationSanityTest < ActionDispatch::IntegrationTest
test 'home should be accessible without sign in' do
visit '/'
assert_response :success
assert_template 'home/index'
end
@@ -132,11 +132,11 @@
assert_equal "Oops, not found", response.body
assert_equal 404, response.status
end
end
-class AuthenticationRoutesRestrictions < ActionController::IntegrationTest
+class AuthenticationRoutesRestrictions < ActionDispatch::IntegrationTest
test 'not signed in should not be able to access private route (authenticate denied)' do
get private_path
assert_redirected_to new_admin_session_path
assert_not warden.authenticated?(:admin)
end
@@ -252,11 +252,11 @@
assert_template 'home/join'
assert_contain 'Join'
end
end
-class AuthenticationRedirectTest < ActionController::IntegrationTest
+class AuthenticationRedirectTest < ActionDispatch::IntegrationTest
test 'redirect from warden shows sign in or sign up message' do
get admins_path
warden_path = new_admin_session_path
assert_redirected_to warden_path
@@ -315,11 +315,11 @@
visit new_user_session_path
assert_equal flash[:alert], I18n.t("devise.failure.already_authenticated")
end
end
-class AuthenticationSessionTest < ActionController::IntegrationTest
+class AuthenticationSessionTest < ActionDispatch::IntegrationTest
test 'destroyed account is signed out' do
sign_in_as_user
get '/users'
User.destroy_all
@@ -331,26 +331,38 @@
sign_in_as_user
get '/users'
assert_equal "Cart", @controller.user_session[:cart]
end
- test 'does not explode when invalid user class is stored in session' do
- klass = User
- paths = ActiveSupport::Dependencies.autoload_paths.dup
-
+ test 'does not explode when class name is still stored in session' do
+ # In order to test that old sessions do not break with the new scoped
+ # deserialization, we need to serialize the session the old way. This is
+ # done by removing the newly used scoped serialization method
+ # (#user_serialize) and bringing back the old uncsoped #serialize method
+ # that includes the record's class name in the serialization.
begin
- sign_in_as_user
- assert warden.authenticated?(:user)
+ Warden::SessionSerializer.class_eval do
+ alias_method :original_serialize, :serialize
+ alias_method :original_user_serialize, :user_serialize
+ remove_method :user_serialize
- Object.send :remove_const, :User
- ActiveSupport::Dependencies.autoload_paths.clear
+ def serialize(record)
+ klass = record.class
+ array = klass.serialize_into_session(record)
+ array.unshift(klass.name)
+ end
+ end
- visit "/users"
- assert_not warden.authenticated?(:user)
+ sign_in_as_user
+ assert warden.authenticated?(:user)
ensure
- Object.const_set(:User, klass)
- ActiveSupport::Dependencies.autoload_paths.replace(paths)
+ Warden::SessionSerializer.class_eval do
+ alias_method :serialize, :original_serialize
+ remove_method :original_serialize
+ alias_method :user_serialize, :original_user_serialize
+ remove_method :original_user_serialize
+ end
end
end
test 'session id is changed on sign in' do
get '/users'
@@ -362,11 +374,11 @@
sign_in_as_user
assert_not_equal session_id, request.session["session_id"]
end
end
-class AuthenticationWithScopedViewsTest < ActionController::IntegrationTest
+class AuthenticationWithScopedViewsTest < ActionDispatch::IntegrationTest
test 'renders the scoped view if turned on and view is available' do
swap Devise, :scoped_views => true do
assert_raise Webrat::NotFoundError do
sign_in_as_user
end
@@ -403,11 +415,11 @@
end
end
end
end
-class AuthenticationOthersTest < ActionController::IntegrationTest
+class AuthenticationOthersTest < ActionDispatch::IntegrationTest
test 'handles unverified requests gets rid of caches' do
swap UsersController, :allow_forgery_protection => true do
post exhibit_user_url(1)
assert_not warden.authenticated?(:user)
@@ -502,45 +514,57 @@
post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '12345678'}
assert_response :success
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
end
- test 'sign out with xml format returns ok response' do
+ test 'sign out with html redirects' do
sign_in_as_user
+ get destroy_user_session_path
+ assert_response :redirect
+ assert_current_url '/'
+
+ sign_in_as_user
+ get destroy_user_session_path(:format => 'html')
+ assert_response :redirect
+ assert_current_url '/'
+ end
+
+ test 'sign out with xml format returns no content' do
+ sign_in_as_user
get destroy_user_session_path(:format => 'xml')
assert_response :no_content
assert_not warden.authenticated?(:user)
end
- test 'sign out with json format returns empty json response' do
+ test 'sign out with json format returns no content' do
sign_in_as_user
get destroy_user_session_path(:format => 'json')
assert_response :no_content
assert_not warden.authenticated?(:user)
end
test 'sign out with non-navigational format via XHR does not redirect' do
- swap Devise, :navigational_formats => ['*/*', :html] do
+ swap Devise, :navigational_formats => ['*/*', :html] do
sign_in_as_user
xml_http_request :get, destroy_user_session_path, {}, { "HTTP_ACCEPT" => "application/json,text/javascript,*/*" } # NOTE: Bug is triggered by combination of XHR and */*.
assert_response :no_content
assert_not warden.authenticated?(:user)
end
end
# Belt and braces ... Perhaps this test is not necessary?
test 'sign out with navigational format via XHR does redirect' do
- swap Devise, :navigational_formats => ['*/*', :html] do
+ swap Devise, :navigational_formats => ['*/*', :html] do
sign_in_as_user
xml_http_request :get, destroy_user_session_path, {}, { "HTTP_ACCEPT" => "text/html,*/*" }
assert_response :redirect
assert_not warden.authenticated?(:user)
end
end
end
-class AuthenticationKeysTest < ActionController::IntegrationTest
+class AuthenticationKeysTest < ActionDispatch::IntegrationTest
test 'missing authentication keys cause authentication to abort' do
swap Devise, :authentication_keys => [:subdomain] do
sign_in_as_user
assert_contain "Invalid email or password."
assert_not warden.authenticated?(:user)
@@ -553,11 +577,11 @@
assert warden.authenticated?(:user)
end
end
end
-class AuthenticationRequestKeysTest < ActionController::IntegrationTest
+class AuthenticationRequestKeysTest < ActionDispatch::IntegrationTest
test 'request keys are used on authentication' do
host! 'foo.bar.baz'
swap Devise, :request_keys => [:subdomain] do
User.expects(:find_for_authentication).with(:subdomain => 'foo', :email => 'user@test.com').returns(create_user)
@@ -594,11 +618,11 @@
assert warden.authenticated?(:user)
end
end
end
-class AuthenticationSignOutViaTest < ActionController::IntegrationTest
+class AuthenticationSignOutViaTest < ActionDispatch::IntegrationTest
def sign_in!(scope)
sign_in_as_admin(:visit => send("new_#{scope}_session_path"))
assert warden.authenticated?(scope)
end
@@ -646,7 +670,30 @@
sign_in!(:sign_out_via_delete_or_post)
assert_raise ActionController::RoutingError do
get destroy_sign_out_via_delete_or_post_session_path
end
assert warden.authenticated?(:sign_out_via_delete_or_post)
+ end
+end
+
+class DoubleAuthenticationRedirectTest < ActionDispatch::IntegrationTest
+ test 'signed in as user redirects when visiting user sign in page' do
+ sign_in_as_user
+ get new_user_session_path(:format => :html)
+ assert_redirected_to '/'
+ end
+
+ test 'signed in as admin redirects when visiting admin sign in page' do
+ sign_in_as_admin
+ get new_admin_session_path(:format => :html)
+ assert_redirected_to '/admin_area/home'
+ end
+
+ test 'signed in as both user and admin redirects when visiting admin sign in page' do
+ sign_in_as_user
+ sign_in_as_admin
+ get new_user_session_path(:format => :html)
+ assert_redirected_to '/'
+ get new_admin_session_path(:format => :html)
+ assert_redirected_to '/admin_area/home'
end
end