diff --git a/app/controllers/devise_token_auth/concerns/set_user_by_token.rb b/app/controllers/devise_token_auth/concerns/set_user_by_token.rb index f8e2711a2..87bc41df3 100644 --- a/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +++ b/app/controllers/devise_token_auth/concerns/set_user_by_token.rb @@ -22,7 +22,7 @@ def set_user_by_token(mapping=nil) return unless rc # user has already been found and authenticated - return @user if @user and @user.class == rc + return @resource if @resource and @resource.class == rc # parse header for values necessary for authentication uid = request.headers['uid'] @@ -39,10 +39,10 @@ def set_user_by_token(mapping=nil) if user && user.valid_token?(@token, @client_id) sign_in(:user, user, store: false, bypass: true) - return @user = user + return @resource = user else # zero all values previously set values - return @user = nil + return @resource = nil end end @@ -50,20 +50,20 @@ def set_user_by_token(mapping=nil) def update_auth_header # cannot save object if model has invalid params - return unless @user and @user.valid? and @client_id + return unless @resource and @resource.valid? and @client_id # Lock the user record during any auth_header updates to ensure # we don't have write contention from multiple threads - @user.with_lock do + @resource.with_lock do # determine batch request status after request processing, in case # another processes has updated it during that processing - @is_batch_request = is_batch_request?(@user, @client_id) + @is_batch_request = is_batch_request?(@resource, @client_id) auth_header = {} if not DeviseTokenAuth.change_headers_on_each_request - auth_header = @user.build_auth_header(@token, @client_id) + auth_header = @resource.build_auth_header(@token, @client_id) # update the response header response.headers.merge!(auth_header) @@ -71,11 +71,11 @@ def update_auth_header # extend expiration of batch buffer to account for the duration of # this request elsif @is_batch_request - auth_header = @user.extend_batch_buffer(@token, @client_id) + auth_header = @resource.extend_batch_buffer(@token, @client_id) # update Authorization response header with new token else - auth_header = @user.create_new_auth_token(@client_id) + auth_header = @resource.create_new_auth_token(@client_id) # update the response header response.headers.merge!(auth_header) diff --git a/app/controllers/devise_token_auth/confirmations_controller.rb b/app/controllers/devise_token_auth/confirmations_controller.rb index ef4e2a21d..ed9bf1720 100644 --- a/app/controllers/devise_token_auth/confirmations_controller.rb +++ b/app/controllers/devise_token_auth/confirmations_controller.rb @@ -1,23 +1,23 @@ module DeviseTokenAuth class ConfirmationsController < DeviseTokenAuth::ApplicationController def show - @user = resource_class.confirm_by_token(params[:confirmation_token]) + @resource = resource_class.confirm_by_token(params[:confirmation_token]) - if @user and @user.id + if @resource and @resource.id # create client id client_id = SecureRandom.urlsafe_base64(nil, false) token = SecureRandom.urlsafe_base64(nil, false) token_hash = BCrypt::Password.create(token) expiry = (Time.now + DeviseTokenAuth.token_lifespan).to_i - @user.tokens[client_id] = { + @resource.tokens[client_id] = { token: token_hash, expiry: expiry } - @user.save! + @resource.save! - redirect_to(@user.build_auth_url(params[:redirect_url], { + redirect_to(@resource.build_auth_url(params[:redirect_url], { token: token, client_id: client_id, account_confirmation_success: true, diff --git a/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb b/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb index 0203573df..d60e9d3f7 100644 --- a/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +++ b/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb @@ -20,7 +20,7 @@ def redirect_callbacks def omniauth_success # find or create user by provider and provider uid - @user = resource_class.where({ + @resource = resource_class.where({ uid: auth_hash['uid'], provider: auth_hash['provider'] }).first_or_initialize @@ -33,34 +33,34 @@ def omniauth_success @auth_origin_url = generate_url(omniauth_params['auth_origin_url'], { token: @token, client_id: @client_id, - uid: @user.uid, + uid: @resource.uid, expiry: @expiry }) # set crazy password for new oauth users. this is only used to prevent # access via email sign-in. - unless @user.id + unless @resource.id p = SecureRandom.urlsafe_base64(nil, false) - @user.password = p - @user.password_confirmation = p + @resource.password = p + @resource.password_confirmation = p end - @user.tokens[@client_id] = { + @resource.tokens[@client_id] = { token: BCrypt::Password.create(@token), expiry: @expiry } # sync user info with provider, update/generate auth token - assign_provider_attrs(@user, auth_hash) + assign_provider_attrs(@resource, auth_hash) # assign any additional (whitelisted) attributes extra_params = whitelisted_params - @user.assign_attributes(extra_params) if extra_params + @resource.assign_attributes(extra_params) if extra_params # don't send confirmation email!!! - @user.skip_confirmation! + @resource.skip_confirmation! - @user.save! + @resource.save! # render user info to javascript postMessage communication window respond_to do |format| diff --git a/app/controllers/devise_token_auth/passwords_controller.rb b/app/controllers/devise_token_auth/passwords_controller.rb index 8a70d61ce..ce8385406 100644 --- a/app/controllers/devise_token_auth/passwords_controller.rb +++ b/app/controllers/devise_token_auth/passwords_controller.rb @@ -20,29 +20,29 @@ def create }, status: 401 end - @user = resource_class.where({ + @resource = resource_class.where({ email: resource_params[:email], provider: 'email' }).first errors = nil - if @user - @user.send_reset_password_instructions({ + if @resource + @resource.send_reset_password_instructions({ email: resource_params[:email], provider: 'email', redirect_url: params[:redirect_url], client_config: params[:config_name] }) - if @user.errors.empty? + if @resource.errors.empty? render json: { success: true, - message: "An email has been sent to #{@user.email} containing "+ + message: "An email has been sent to #{@resource.email} containing "+ "instructions for resetting your password." } else - errors = @user.errors + errors = @resource.errors end else errors = ["Unable to find user with email '#{resource_params[:email]}'."] @@ -59,27 +59,27 @@ def create # this is where users arrive after visiting the email confirmation link def edit - @user = resource_class.reset_password_by_token({ + @resource = resource_class.reset_password_by_token({ reset_password_token: resource_params[:reset_password_token] }) - if @user and @user.id + if @resource and @resource.id client_id = SecureRandom.urlsafe_base64(nil, false) token = SecureRandom.urlsafe_base64(nil, false) token_hash = BCrypt::Password.create(token) expiry = (Time.now + DeviseTokenAuth.token_lifespan).to_i - @user.tokens[client_id] = { + @resource.tokens[client_id] = { token: token_hash, expiry: expiry } # ensure that user is confirmed - @user.skip_confirmation! unless @user.confirmed_at + @resource.skip_confirmation! unless @resource.confirmed_at - @user.save! + @resource.save! - redirect_to(@user.build_auth_url(params[:redirect_url], { + redirect_to(@resource.build_auth_url(params[:redirect_url], { token: token, client_id: client_id, reset_password: true, @@ -92,7 +92,7 @@ def edit def update # make sure user is authorized - unless @user + unless @resource return render json: { success: false, errors: ['Unauthorized'] @@ -100,11 +100,11 @@ def update end # make sure account doesn't use oauth2 provider - unless @user.provider == 'email' + unless @resource.provider == 'email' return render json: { success: false, errors: ["This account does not require a password. Sign in using "+ - "your #{@user.provider.humanize} account instead."] + "your #{@resource.provider.humanize} account instead."] }, status: 422 end @@ -116,18 +116,18 @@ def update }, status: 422 end - if @user.update_attributes(password_resource_params) + if @resource.update_attributes(password_resource_params) return render json: { success: true, data: { - user: @user, + user: @resource, message: "Your password has been successfully updated." } } else return render json: { success: false, - errors: @user.errors + errors: @resource.errors }, status: 422 end end diff --git a/app/controllers/devise_token_auth/registrations_controller.rb b/app/controllers/devise_token_auth/registrations_controller.rb index 08f2858db..9796f85c1 100644 --- a/app/controllers/devise_token_auth/registrations_controller.rb +++ b/app/controllers/devise_token_auth/registrations_controller.rb @@ -33,16 +33,15 @@ def create else # email auth has been bypassed, authenticate user - @user = @resource @client_id = SecureRandom.urlsafe_base64(nil, false) @token = SecureRandom.urlsafe_base64(nil, false) - @user.tokens[@client_id] = { + @resource.tokens[@client_id] = { token: BCrypt::Password.create(@token), expiry: (Time.now + DeviseTokenAuth.token_lifespan).to_i } - @user.save! + @resource.save! update_auth_header end @@ -70,16 +69,16 @@ def create end def update - if @user - if @user.update_attributes(account_update_params) + if @resource + if @resource.update_attributes(account_update_params) render json: { status: 'success', - data: @user.as_json + data: @resource.as_json } else render json: { status: 'error', - errors: @user.errors + errors: @resource.errors }, status: 403 end else @@ -91,12 +90,12 @@ def update end def destroy - if @user - @user.destroy + if @resource + @resource.destroy render json: { status: 'success', - message: "Account with uid #{@user.uid} has been destroyed." + message: "Account with uid #{@resource.uid} has been destroyed." } else render json: { diff --git a/app/controllers/devise_token_auth/sessions_controller.rb b/app/controllers/devise_token_auth/sessions_controller.rb index 7fbe13966..0bfcb3879 100644 --- a/app/controllers/devise_token_auth/sessions_controller.rb +++ b/app/controllers/devise_token_auth/sessions_controller.rb @@ -4,30 +4,30 @@ class SessionsController < DeviseTokenAuth::ApplicationController before_filter :set_user_by_token, :only => [:destroy] def create - @user = resource_class.find_by_email(resource_params[:email]) + @resource = resource_class.find_by_email(resource_params[:email]) - if @user and valid_params? and @user.valid_password?(resource_params[:password]) and @user.confirmed? + if @resource and valid_params? and @resource.valid_password?(resource_params[:password]) and @resource.confirmed? # create client id @client_id = SecureRandom.urlsafe_base64(nil, false) @token = SecureRandom.urlsafe_base64(nil, false) - @user.tokens[@client_id] = { + @resource.tokens[@client_id] = { token: BCrypt::Password.create(@token), expiry: (Time.now + DeviseTokenAuth.token_lifespan).to_i } - @user.save + @resource.save render json: { - data: @user.as_json(except: [ + data: @resource.as_json(except: [ :tokens, :created_at, :updated_at ]) } - elsif @user and not @user.confirmed? + elsif @resource and not @resource.confirmed? render json: { success: false, errors: [ - "A confirmation email was sent to your account at #{@user.email}. "+ + "A confirmation email was sent to your account at #{@resource.email}. "+ "You must follow the instructions in the email before your account "+ "can be activated" ] @@ -42,7 +42,7 @@ def create def destroy # remove auth instance variables so that after_filter does not run - user = remove_instance_variable(:@user) if @user + user = remove_instance_variable(:@resource) if @resource client_id = remove_instance_variable(:@client_id) if @client_id remove_instance_variable(:@token) if @token diff --git a/app/controllers/devise_token_auth/token_validations_controller.rb b/app/controllers/devise_token_auth/token_validations_controller.rb index d0348d1a5..52da3d9b9 100644 --- a/app/controllers/devise_token_auth/token_validations_controller.rb +++ b/app/controllers/devise_token_auth/token_validations_controller.rb @@ -4,11 +4,11 @@ class TokenValidationsController < DeviseTokenAuth::ApplicationController before_filter :set_user_by_token, :only => [:validate_token] def validate_token - # @user will have been set by set_user_token concern - if @user + # @resource will have been set by set_user_token concern + if @resource render json: { success: true, - data: @user.as_json(except: [ + data: @resource.as_json(except: [ :tokens, :created_at, :updated_at ]) } diff --git a/app/views/devise_token_auth/omniauth_success.html.erb b/app/views/devise_token_auth/omniauth_success.html.erb index dca77c5ef..34ef6b740 100644 --- a/app/views/devise_token_auth/omniauth_success.html.erb +++ b/app/views/devise_token_auth/omniauth_success.html.erb @@ -1,4 +1,4 @@ -<% @user.as_json.each do |attr, val| %> +<% @resource.as_json.each do |attr, val| %> "<%= attr %>": "<%= val %>", <% end %> diff --git a/test/controllers/demo_group_controller_test.rb b/test/controllers/demo_group_controller_test.rb index 02b0359d2..2e9922fcf 100644 --- a/test/controllers/demo_group_controller_test.rb +++ b/test/controllers/demo_group_controller_test.rb @@ -11,15 +11,15 @@ class DemoGroupControllerTest < ActionDispatch::IntegrationTest describe "Token access" do before do # user - @user = users(:confirmed_email_user) - @user.skip_confirmation! - @user.save! + @resource = users(:confirmed_email_user) + @resource.skip_confirmation! + @resource.save! - @user_auth_headers = @user.create_new_auth_token + @resource_auth_headers = @resource.create_new_auth_token - @user_token = @user_auth_headers['access-token'] - @user_client_id = @user_auth_headers['client'] - @user_expiry = @user_auth_headers['expiry'] + @resource_token = @resource_auth_headers['access-token'] + @resource_client_id = @resource_auth_headers['client'] + @resource_expiry = @resource_auth_headers['expiry'] # mang @mang = mangs(:confirmed_email_user) @@ -36,9 +36,9 @@ class DemoGroupControllerTest < ActionDispatch::IntegrationTest describe 'user access' do before do # ensure that request is not treated as batch request - age_token(@user, @user_client_id) + age_token(@resource, @resource_client_id) - get '/demo/members_only_group', {}, @user_auth_headers + get '/demo/members_only_group', {}, @resource_auth_headers @resp_token = response.headers['access-token'] @resp_client_id = response.headers['client'] @@ -52,7 +52,7 @@ class DemoGroupControllerTest < ActionDispatch::IntegrationTest describe 'devise mappings' do it 'should define current_user' do - assert_equal @user, @controller.current_user + assert_equal @resource, @controller.current_user end it 'should define user_signed_in?' do @@ -60,19 +60,19 @@ class DemoGroupControllerTest < ActionDispatch::IntegrationTest end it 'should not define current_mang' do - refute_equal @user, @controller.current_mang + refute_equal @resource, @controller.current_mang end it 'should define current_member' do - assert_equal @user, @controller.current_member + assert_equal @resource, @controller.current_member end it 'should define current_members' do - assert @controller.current_members.include? @user + assert @controller.current_members.include? @resource end it 'should define member_signed_in?' do - assert @controller.current_members.include? @user + assert @controller.current_members.include? @resource end end end diff --git a/test/controllers/demo_mang_controller_test.rb b/test/controllers/demo_mang_controller_test.rb index fbab5b3c7..028de65a5 100644 --- a/test/controllers/demo_mang_controller_test.rb +++ b/test/controllers/demo_mang_controller_test.rb @@ -10,11 +10,11 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest describe DemoMangController do describe "Token access" do before do - @user = mangs(:confirmed_email_user) - @user.skip_confirmation! - @user.save! + @resource = mangs(:confirmed_email_user) + @resource.skip_confirmation! + @resource.save! - @auth_headers = @user.create_new_auth_token + @auth_headers = @resource.create_new_auth_token @token = @auth_headers['access-token'] @client_id = @auth_headers['client'] @@ -24,7 +24,7 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest describe 'successful request' do before do # ensure that request is not treated as batch request - age_token(@user, @client_id) + age_token(@resource, @client_id) get '/demo/members_only_mang', {}, @auth_headers @@ -36,7 +36,7 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest describe 'devise mappings' do it 'should define current_mang' do - assert_equal @user, @controller.current_mang + assert_equal @resource, @controller.current_mang end it 'should define mang_signed_in?' do @@ -44,7 +44,7 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest end it 'should not define current_user' do - refute_equal @user, @controller.current_user + refute_equal @resource, @controller.current_user end end @@ -61,7 +61,7 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest end it "should return the user's uid in the auth header" do - assert_equal @user.uid, @resp_uid + assert_equal @resource.uid, @resp_uid end it 'should not treat this request as a batch request' do @@ -70,9 +70,9 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest describe 'subsequent requests' do before do - @user.reload + @resource.reload # ensure that request is not treated as batch request - age_token(@user, @client_id) + age_token(@resource, @client_id) get '/demo/members_only_mang', {}, @auth_headers.merge({'access-token' => @resp_token}) end @@ -104,24 +104,24 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest describe 'disable change_headers_on_each_request' do before do DeviseTokenAuth.change_headers_on_each_request = false - @user.reload - age_token(@user, @client_id) + @resource.reload + age_token(@resource, @client_id) get '/demo/members_only_mang', {}, @auth_headers @first_is_batch_request = assigns(:is_batch_request) - @first_user = assigns(:user).dup + @first_user = assigns(:resource).dup @first_access_token = response.headers['access-token'] @first_response_status = response.status - @user.reload - age_token(@user, @client_id) + @resource.reload + age_token(@resource, @client_id) # use expired auth header get '/demo/members_only_mang', {}, @auth_headers @second_is_batch_request = assigns(:is_batch_request) - @second_user = assigns(:user).dup + @second_user = assigns(:resource).dup @second_access_token = response.headers['access-token'] @second_response_status = response.status end @@ -163,19 +163,19 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest describe 'batch requests' do describe 'success' do before do - age_token(@user, @client_id) + age_token(@resource, @client_id) #request.headers.merge!(@auth_headers) get '/demo/members_only_mang', {}, @auth_headers @first_is_batch_request = assigns(:is_batch_request) - @first_user = assigns(:user) + @first_user = assigns(:resource) @first_access_token = response.headers['access-token'] get '/demo/members_only_mang', {}, @auth_headers @second_is_batch_request = assigns(:is_batch_request) - @second_user = assigns(:user) + @second_user = assigns(:resource) @second_access_token = response.headers['access-token'] end @@ -202,24 +202,24 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest describe 'time out' do before do - @user.reload - age_token(@user, @client_id) + @resource.reload + age_token(@resource, @client_id) get '/demo/members_only_mang', {}, @auth_headers @first_is_batch_request = assigns(:is_batch_request) - @first_user = assigns(:user).dup + @first_user = assigns(:resource).dup @first_access_token = response.headers['access-token'] @first_response_status = response.status - @user.reload - age_token(@user, @client_id) + @resource.reload + age_token(@resource, @client_id) # use expired auth header get '/demo/members_only_mang', {}, @auth_headers @second_is_batch_request = assigns(:is_batch_request) - @second_user = assigns(:user) + @second_user = assigns(:resource) @second_access_token = response.headers['access-token'] @second_response_status = response.status end diff --git a/test/controllers/demo_user_controller_test.rb b/test/controllers/demo_user_controller_test.rb index a1483cd8c..81720de3f 100644 --- a/test/controllers/demo_user_controller_test.rb +++ b/test/controllers/demo_user_controller_test.rb @@ -10,11 +10,11 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest describe DemoUserController do describe "Token access" do before do - @user = users(:confirmed_email_user) - @user.skip_confirmation! - @user.save! + @resource = users(:confirmed_email_user) + @resource.skip_confirmation! + @resource.save! - @auth_headers = @user.create_new_auth_token + @auth_headers = @resource.create_new_auth_token @token = @auth_headers['access-token'] @client_id = @auth_headers['client'] @@ -24,7 +24,7 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest describe 'successful request' do before do # ensure that request is not treated as batch request - age_token(@user, @client_id) + age_token(@resource, @client_id) get '/demo/members_only', {}, @auth_headers @@ -36,7 +36,7 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest describe 'devise mappings' do it 'should define current_user' do - assert_equal @user, @controller.current_user + assert_equal @resource, @controller.current_user end it 'should define user_signed_in?' do @@ -44,7 +44,7 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest end it 'should not define current_mang' do - refute_equal @user, @controller.current_mang + refute_equal @resource, @controller.current_mang end end @@ -61,7 +61,7 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest end it "should return the user's uid in the auth header" do - assert_equal @user.uid, @resp_uid + assert_equal @resource.uid, @resp_uid end it 'should not treat this request as a batch request' do @@ -70,9 +70,9 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest describe 'subsequent requests' do before do - @user.reload + @resource.reload # ensure that request is not treated as batch request - age_token(@user, @client_id) + age_token(@resource, @client_id) get '/demo/members_only', {}, @auth_headers.merge({'access-token' => @resp_token}) end @@ -104,24 +104,24 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest describe 'disable change_headers_on_each_request' do before do DeviseTokenAuth.change_headers_on_each_request = false - @user.reload - age_token(@user, @client_id) + @resource.reload + age_token(@resource, @client_id) get '/demo/members_only', {}, @auth_headers @first_is_batch_request = assigns(:is_batch_request) - @first_user = assigns(:user).dup + @first_user = assigns(:resource).dup @first_access_token = response.headers['access-token'] @first_response_status = response.status - @user.reload - age_token(@user, @client_id) + @resource.reload + age_token(@resource, @client_id) # use expired auth header get '/demo/members_only', {}, @auth_headers @second_is_batch_request = assigns(:is_batch_request) - @second_user = assigns(:user).dup + @second_user = assigns(:resource).dup @second_access_token = response.headers['access-token'] @second_response_status = response.status end @@ -163,19 +163,19 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest describe 'batch requests' do describe 'success' do before do - age_token(@user, @client_id) + age_token(@resource, @client_id) #request.headers.merge!(@auth_headers) get '/demo/members_only', {}, @auth_headers @first_is_batch_request = assigns(:is_batch_request) - @first_user = assigns(:user) + @first_user = assigns(:resource) @first_access_token = response.headers['access-token'] get '/demo/members_only', {}, @auth_headers @second_is_batch_request = assigns(:is_batch_request) - @second_user = assigns(:user) + @second_user = assigns(:resource) @second_access_token = response.headers['access-token'] end @@ -202,24 +202,24 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest describe 'time out' do before do - @user.reload - age_token(@user, @client_id) + @resource.reload + age_token(@resource, @client_id) get '/demo/members_only', {}, @auth_headers @first_is_batch_request = assigns(:is_batch_request) - @first_user = assigns(:user).dup + @first_user = assigns(:resource).dup @first_access_token = response.headers['access-token'] @first_response_status = response.status - @user.reload - age_token(@user, @client_id) + @resource.reload + age_token(@resource, @client_id) # use expired auth header get '/demo/members_only', {}, @auth_headers @second_is_batch_request = assigns(:is_batch_request) - @second_user = assigns(:user) + @second_user = assigns(:resource) @second_access_token = response.headers['access-token'] @second_response_status = response.status end diff --git a/test/controllers/devise_token_auth/confirmations_controller_test.rb b/test/controllers/devise_token_auth/confirmations_controller_test.rb index c4deda4d6..6268408f4 100644 --- a/test/controllers/devise_token_auth/confirmations_controller_test.rb +++ b/test/controllers/devise_token_auth/confirmations_controller_test.rb @@ -35,11 +35,11 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase describe "success" do before do xhr :get, :show, {confirmation_token: @token, redirect_url: @redirect_url} - @user = assigns(:user) + @resource = assigns(:resource) end test "user should now be confirmed" do - assert @user.confirmed? + assert @resource.confirmed? end test "should redirect to success url" do @@ -52,8 +52,8 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase assert_raises(ActionController::RoutingError) { xhr :get, :show, {confirmation_token: "bogus"} } - @user = assigns(:user) - refute @user.confirmed? + @resource = assigns(:resource) + refute @resource.confirmed? end end end @@ -95,11 +95,11 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase before do @redirect_url = Faker::Internet.url xhr :get, :show, {confirmation_token: @token, redirect_url: @redirect_url} - @user = assigns(:user) + @resource = assigns(:resource) end test "user should now be confirmed" do - assert @user.confirmed? + assert @resource.confirmed? end end end diff --git a/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb b/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb index 35f63950f..3ca24bc4b 100644 --- a/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +++ b/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb @@ -30,7 +30,7 @@ class OmniauthTest < ActionDispatch::IntegrationTest auth_origin_url: @redirect_url } - @user = assigns(:user) + @resource = assigns(:resource) end test 'status should be success' do @@ -46,15 +46,15 @@ class OmniauthTest < ActionDispatch::IntegrationTest end test 'user should have been created' do - assert @user + assert @resource end test 'user should be assigned info from provider' do - assert_equal 'chongbong@aol.com', @user.email + assert_equal 'chongbong@aol.com', @resource.email end test 'user should be of the correct class' do - assert_equal User, @user.class + assert_equal User, @resource.class end test 'response contains all serializable attributes for user' do @@ -88,7 +88,7 @@ class OmniauthTest < ActionDispatch::IntegrationTest name: @unpermitted_param } - @user = assigns(:user) + @resource = assigns(:resource) end test 'status shows success' do @@ -96,11 +96,11 @@ class OmniauthTest < ActionDispatch::IntegrationTest end test 'additional attribute was passed' do - assert_equal @fav_color, @user.favorite_color + assert_equal @fav_color, @resource.favorite_color end test 'non-whitelisted attributes are ignored' do - refute_equal @unpermitted_param, @user.name + refute_equal @unpermitted_param, @resource.name end end end @@ -113,7 +113,7 @@ class OmniauthTest < ActionDispatch::IntegrationTest auth_origin_url: @redirect_url } - @user = assigns(:user) + @resource = assigns(:resource) end test 'status should be success' do @@ -129,15 +129,15 @@ class OmniauthTest < ActionDispatch::IntegrationTest end test 'user should have been created' do - assert @user + assert @resource end test 'user should be assigned info from provider' do - assert_equal 'chongbong@aol.com', @user.email + assert_equal 'chongbong@aol.com', @resource.email end test 'user should be of the correct class' do - assert_equal Mang, @user.class + assert_equal Mang, @resource.class end end end diff --git a/test/controllers/devise_token_auth/passwords_controller_test.rb b/test/controllers/devise_token_auth/passwords_controller_test.rb index a4b8d104c..fd737d914 100644 --- a/test/controllers/devise_token_auth/passwords_controller_test.rb +++ b/test/controllers/devise_token_auth/passwords_controller_test.rb @@ -10,19 +10,19 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase describe DeviseTokenAuth::PasswordsController do describe "Password reset" do before do - @user = users(:confirmed_email_user) + @resource = users(:confirmed_email_user) @redirect_url = 'http://ng-token-auth.dev' end describe 'request password reset' do before do xhr :post, :create, { - email: @user.email, + email: @resource.email, redirect_url: @redirect_url } @mail = ActionMailer::Base.deliveries.last - @user.reload + @resource.reload @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1]) @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1]) @@ -38,7 +38,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase end test 'the email should be addressed to the user' do - assert_equal @mail.to.first, @user.email + assert_equal @mail.to.first, @resource.email end test 'the email body should contain a link with redirect url as a query param' do @@ -54,7 +54,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase reset_password_token: @mail_reset_token }) - assert_equal user.id, @user.id + assert_equal user.id, @resource.id end describe 'password reset link failure' do @@ -75,7 +75,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase redirect_url: @mail_redirect_url } - @user.reload + @resource.reload raw_qs = response.location.split('?')[1] @qs = Rack::Utils.parse_nested_query(raw_qs) @@ -100,7 +100,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase end test 'response auth params should be valid' do - assert @user.valid_token?(@token, @client_id) + assert @resource.valid_token?(@token, @client_id) end end end @@ -108,7 +108,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase describe "change password" do describe 'success' do before do - @auth_headers = @user.create_new_auth_token + @auth_headers = @resource.create_new_auth_token request.headers.merge!(@auth_headers) @new_password = Faker::Internet.password @@ -117,7 +117,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase password_confirmation: @new_password } - @user.reload + @resource.reload end test "request should be successful" do @@ -125,13 +125,13 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase end test "new password should authenticate user" do - assert @user.valid_password?(@new_password) + assert @resource.valid_password?(@new_password) end end describe 'password mismatch error' do before do - @auth_headers = @user.create_new_auth_token + @auth_headers = @resource.create_new_auth_token request.headers.merge!(@auth_headers) @new_password = Faker::Internet.password @@ -148,7 +148,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase describe 'unauthorized user' do before do - @auth_headers = @user.create_new_auth_token + @auth_headers = @resource.create_new_auth_token @new_password = Faker::Internet.password xhr :put, :update, { @@ -174,16 +174,16 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase end before do - @user = mangs(:confirmed_email_user) + @resource = mangs(:confirmed_email_user) @redirect_url = 'http://ng-token-auth.dev' xhr :post, :create, { - email: @user.email, + email: @resource.email, redirect_url: @redirect_url } @mail = ActionMailer::Base.deliveries.last - @user.reload + @resource.reload @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1]) @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1]) @@ -199,22 +199,22 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase reset_password_token: @mail_reset_token }) - assert_equal user.id, @user.id + assert_equal user.id, @resource.id end end describe 'unconfirmed user' do before do - @user = users(:unconfirmed_email_user) + @resource = users(:unconfirmed_email_user) @redirect_url = 'http://ng-token-auth.dev' xhr :post, :create, { - email: @user.email, + email: @resource.email, redirect_url: @redirect_url } @mail = ActionMailer::Base.deliveries.last - @user.reload + @resource.reload @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1]) @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1]) @@ -225,28 +225,28 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase redirect_url: @mail_redirect_url } - @user.reload + @resource.reload end test 'unconfirmed email user should now be confirmed' do - assert @user.confirmed_at + assert @resource.confirmed_at end end describe 'alternate user type' do before do - @user = users(:confirmed_email_user) + @resource = users(:confirmed_email_user) @redirect_url = 'http://ng-token-auth.dev' @config_name = "altUser" xhr :post, :create, { - email: @user.email, + email: @resource.email, redirect_url: @redirect_url, config_name: @config_name } @mail = ActionMailer::Base.deliveries.last - @user.reload + @resource.reload @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1]) @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1]) diff --git a/test/controllers/devise_token_auth/registrations_controller_test.rb b/test/controllers/devise_token_auth/registrations_controller_test.rb index e2230e171..51370e7b8 100644 --- a/test/controllers/devise_token_auth/registrations_controller_test.rb +++ b/test/controllers/devise_token_auth/registrations_controller_test.rb @@ -21,7 +21,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration unpermitted_param: '(x_x)' } - @user = assigns(:resource) + @resource = assigns(:resource) @data = JSON.parse(response.body) @mail = ActionMailer::Base.deliveries.last end @@ -31,11 +31,11 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration end test "user should have been created" do - assert @user.id + assert @resource.id end test "user should not be confirmed" do - assert_nil @user.confirmed_at + assert_nil @resource.confirmed_at end test "new user data should be returned as json" do @@ -43,7 +43,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration end test "new user should receive confirmation email" do - assert_equal @user.email, @mail['to'].to_s + assert_equal @resource.email, @mail['to'].to_s end test "new user password should not be returned" do @@ -69,7 +69,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration operating_thetan: @operating_thetan } - @user = assigns(:resource) + @resource = assigns(:resource) @data = JSON.parse(response.body) @mail = ActionMailer::Base.deliveries.last @@ -83,7 +83,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration end test "additional sign_up params should be considered" do - assert_equal @operating_thetan, @user.operating_thetan + assert_equal @operating_thetan, @resource.operating_thetan end test 'config_name param is included in the confirmation email link' do @@ -104,7 +104,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration confirm_success_url: Faker::Internet.url } - @user = assigns(:resource) + @resource = assigns(:resource) @data = JSON.parse(response.body) end @@ -113,7 +113,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration end test "user should have been created" do - assert_nil @user.id + assert_nil @resource.id end test "error should be returned in the response" do @@ -136,7 +136,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration confirm_success_url: Faker::Internet.url } - @user = assigns(:resource) + @resource = assigns(:resource) @data = JSON.parse(response.body) end @@ -145,7 +145,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration end test "user should have been created" do - assert_nil @user.id + assert_nil @resource.id end test "error should be returned in the response" do @@ -287,7 +287,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration confirm_success_url: Faker::Internet.url } - @user = assigns(:resource) + @resource = assigns(:resource) @data = JSON.parse(response.body) end @@ -296,7 +296,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration end test "user should have been created" do - assert @user.id + assert @resource.id end test "new user data should be returned as json" do @@ -313,7 +313,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration confirm_success_url: Faker::Internet.url } - @user = assigns(:resource) + @resource = assigns(:resource) @data = JSON.parse(response.body) @mail = ActionMailer::Base.deliveries.last end @@ -323,20 +323,20 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration end test "use should be a Mang" do - assert_equal "Mang", @user.class.name + assert_equal "Mang", @resource.class.name end test "Mang should be destroyed" do - @auth_headers = @user.create_new_auth_token + @auth_headers = @resource.create_new_auth_token @client_id = @auth_headers['client'] # ensure request is not treated as batch request - age_token(@user, @client_id) + age_token(@resource, @client_id) delete "/mangs", {}, @auth_headers assert_equal 200, response.status - refute Mang.where(id: @user.id).first + refute Mang.where(id: @resource.id).first end end @@ -352,11 +352,11 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration config_name: @config_name } - @user = assigns(:resource) + @resource = assigns(:resource) @data = JSON.parse(response.body) @mail = ActionMailer::Base.deliveries.last - @user.reload + @resource.reload @mail_reset_token = @mail.body.match(/confirmation_token=([^&]*)&/)[1] @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=(.*)\"/)[1]) @@ -379,7 +379,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration confirm_success_url: Faker::Internet.url } - @user = assigns(:user) + @resource = assigns(:resource) @token = response.headers["access-token"] @client_id = response.headers["client"] end @@ -389,11 +389,11 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration end test "user was created" do - assert @user + assert @resource end test "user was confirmed" do - assert @user.confirmed? + assert @resource.confirmed? end test "auth headers were returned in response" do @@ -405,7 +405,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration end test "response token is valid" do - assert @user.valid_token?(@token, @client_id) + assert @resource.valid_token?(@token, @client_id) end end end diff --git a/test/controllers/devise_token_auth/sessions_controller_test.rb b/test/controllers/devise_token_auth/sessions_controller_test.rb index 580c85e03..83d09e3de 100644 --- a/test/controllers/devise_token_auth/sessions_controller_test.rb +++ b/test/controllers/devise_token_auth/sessions_controller_test.rb @@ -22,7 +22,7 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase password: 'secret123' } - @user = assigns(:user) + @resource = assigns(:resource) @data = JSON.parse(response.body) end @@ -70,7 +70,7 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase password: 'bogus' } - @user = assigns(:user) + @resource = assigns(:resource) @data = JSON.parse(response.body) end @@ -91,7 +91,7 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase email: @unconfirmed_user.email, password: 'secret123' } - @user = assigns(:user) + @resource = assigns(:resource) @data = JSON.parse(response.body) end @@ -110,7 +110,7 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase email: -> { Faker::Internet.email }, password: -> { Faker::Number.number(10) } } - @user = assigns(:user) + @resource = assigns(:resource) @data = JSON.parse(response.body) end @@ -142,7 +142,7 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase password: 'secret123' } - @user = assigns(:user) + @resource = assigns(:resource) @data = JSON.parse(response.body) end diff --git a/test/controllers/overrides/omniauth_callbacks_controller_test.rb b/test/controllers/overrides/omniauth_callbacks_controller_test.rb index 0d0af3e36..65265f0ef 100644 --- a/test/controllers/overrides/omniauth_callbacks_controller_test.rb +++ b/test/controllers/overrides/omniauth_callbacks_controller_test.rb @@ -26,7 +26,7 @@ class Overrides::OmniauthCallbacksControllerTest < ActionDispatch::IntegrationTe favorite_color: @favorite_color } - @user = assigns(:user) + @resource = assigns(:resource) end test 'request is successful' do @@ -34,11 +34,11 @@ class Overrides::OmniauthCallbacksControllerTest < ActionDispatch::IntegrationTe end test 'controller was overridden' do - assert_equal @user.nickname, Overrides::OmniauthCallbacksController::DEFAULT_NICKNAME + assert_equal @resource.nickname, Overrides::OmniauthCallbacksController::DEFAULT_NICKNAME end test 'whitelisted param was allowed' do - assert_equal @favorite_color, @user.favorite_color + assert_equal @favorite_color, @resource.favorite_color end end end diff --git a/test/controllers/overrides/passwords_controller_test.rb b/test/controllers/overrides/passwords_controller_test.rb index fdfe29361..6a32c8f0e 100644 --- a/test/controllers/overrides/passwords_controller_test.rb +++ b/test/controllers/overrides/passwords_controller_test.rb @@ -9,16 +9,16 @@ class Overrides::PasswordsControllerTest < ActionDispatch::IntegrationTest describe Overrides::PasswordsController do before do - @user = evil_users(:confirmed_email_user) + @resource = evil_users(:confirmed_email_user) @redirect_url = Faker::Internet.url post "/evil_user_auth/password", { - email: @user.email, + email: @resource.email, redirect_url: @redirect_url } @mail = ActionMailer::Base.deliveries.last - @user.reload + @resource.reload @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1]) @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1]) @@ -29,7 +29,7 @@ class Overrides::PasswordsControllerTest < ActionDispatch::IntegrationTest redirect_url: @mail_redirect_url } - @user.reload + @resource.reload raw_qs = response.location.split('?')[1] @qs = Rack::Utils.parse_nested_query(raw_qs) diff --git a/test/controllers/overrides/sessions_controller_test.rb b/test/controllers/overrides/sessions_controller_test.rb index ed0b47b59..9d9686587 100644 --- a/test/controllers/overrides/sessions_controller_test.rb +++ b/test/controllers/overrides/sessions_controller_test.rb @@ -18,7 +18,7 @@ class Overrides::RegistrationsControllerTest < ActionDispatch::IntegrationTest password: 'secret123' } - @user = assigns(:user) + @resource = assigns(:resource) @data = JSON.parse(response.body) end diff --git a/test/controllers/overrides/token_validations_controller_test.rb b/test/controllers/overrides/token_validations_controller_test.rb index c56ca1d7f..c5f00525f 100644 --- a/test/controllers/overrides/token_validations_controller_test.rb +++ b/test/controllers/overrides/token_validations_controller_test.rb @@ -9,18 +9,18 @@ class Overrides::TokenValidationsControllerTest < ActionDispatch::IntegrationTest describe Overrides::TokenValidationsController do before do - @user = evil_users(:confirmed_email_user) - @user.skip_confirmation! - @user.save! + @resource = evil_users(:confirmed_email_user) + @resource.skip_confirmation! + @resource.save! - @auth_headers = @user.create_new_auth_token + @auth_headers = @resource.create_new_auth_token @token = @auth_headers['access-token'] @client_id = @auth_headers['client'] @expiry = @auth_headers['expiry'] # ensure that request is not treated as batch request - age_token(@user, @client_id) + age_token(@resource, @client_id) get '/evil_user_auth/validate_token', {}, @auth_headers diff --git a/test/dummy/app/controllers/demo_mang_controller.rb b/test/dummy/app/controllers/demo_mang_controller.rb index 462a9a8c1..7d052867a 100644 --- a/test/dummy/app/controllers/demo_mang_controller.rb +++ b/test/dummy/app/controllers/demo_mang_controller.rb @@ -4,8 +4,8 @@ class DemoMangController < ApplicationController def members_only render json: { data: { - message: "Welcome #{@user.name}", - user: @user + message: "Welcome #{current_mang.name}", + user: current_mang } }, status: 200 end diff --git a/test/dummy/app/controllers/demo_user_controller.rb b/test/dummy/app/controllers/demo_user_controller.rb index a4726bc7b..9bf3191b0 100644 --- a/test/dummy/app/controllers/demo_user_controller.rb +++ b/test/dummy/app/controllers/demo_user_controller.rb @@ -4,8 +4,8 @@ class DemoUserController < ApplicationController def members_only render json: { data: { - message: "Welcome #{@user.name}", - user: @user + message: "Welcome #{current_user.name}", + user: current_user } }, status: 200 end diff --git a/test/dummy/app/controllers/overrides/confirmations_controller.rb b/test/dummy/app/controllers/overrides/confirmations_controller.rb index 0efa1be81..30e3e635c 100644 --- a/test/dummy/app/controllers/overrides/confirmations_controller.rb +++ b/test/dummy/app/controllers/overrides/confirmations_controller.rb @@ -1,23 +1,23 @@ module Overrides class ConfirmationsController < DeviseTokenAuth::ConfirmationsController def show - @user = resource_class.confirm_by_token(params[:confirmation_token]) + @resource = resource_class.confirm_by_token(params[:confirmation_token]) - if @user and @user.id + if @resource and @resource.id # create client id client_id = SecureRandom.urlsafe_base64(nil, false) token = SecureRandom.urlsafe_base64(nil, false) token_hash = BCrypt::Password.create(token) expiry = (Time.now + DeviseTokenAuth.token_lifespan).to_i - @user.tokens[client_id] = { + @resource.tokens[client_id] = { token: token_hash, expiry: expiry } - @user.save! + @resource.save! - redirect_to(@user.build_auth_url(params[:redirect_url], { + redirect_to(@resource.build_auth_url(params[:redirect_url], { token: token, client_id: client_id, account_confirmation_success: true, diff --git a/test/dummy/app/controllers/overrides/passwords_controller.rb b/test/dummy/app/controllers/overrides/passwords_controller.rb index b7c5a2abd..a27d43772 100644 --- a/test/dummy/app/controllers/overrides/passwords_controller.rb +++ b/test/dummy/app/controllers/overrides/passwords_controller.rb @@ -4,27 +4,27 @@ class PasswordsController < DeviseTokenAuth::PasswordsController # this is where users arrive after visiting the email confirmation link def edit - @user = resource_class.reset_password_by_token({ + @resource = resource_class.reset_password_by_token({ reset_password_token: resource_params[:reset_password_token] }) - if @user and @user.id + if @resource and @resource.id client_id = SecureRandom.urlsafe_base64(nil, false) token = SecureRandom.urlsafe_base64(nil, false) token_hash = BCrypt::Password.create(token) expiry = (Time.now + DeviseTokenAuth.token_lifespan).to_i - @user.tokens[client_id] = { + @resource.tokens[client_id] = { token: token_hash, expiry: expiry } # ensure that user is confirmed - @user.skip_confirmation! unless @user.confirmed_at + @resource.skip_confirmation! unless @resource.confirmed_at - @user.save! + @resource.save! - redirect_to(@user.build_auth_url(params[:redirect_url], { + redirect_to(@resource.build_auth_url(params[:redirect_url], { token: token, client_id: client_id, reset_password: true, diff --git a/test/dummy/app/controllers/overrides/registrations_controller.rb b/test/dummy/app/controllers/overrides/registrations_controller.rb index 5d2b597f6..2d8274992 100644 --- a/test/dummy/app/controllers/overrides/registrations_controller.rb +++ b/test/dummy/app/controllers/overrides/registrations_controller.rb @@ -3,17 +3,17 @@ class RegistrationsController < DeviseTokenAuth::RegistrationsController OVERRIDE_PROOF = "(^^,)" def update - if @user - if @user.update_attributes(account_update_params) + if @resource + if @resource.update_attributes(account_update_params) render json: { status: 'success', - data: @user.as_json, + data: @resource.as_json, override_proof: OVERRIDE_PROOF } else render json: { status: 'error', - errors: @user.errors + errors: @resource.errors }, status: 403 end else diff --git a/test/dummy/app/controllers/overrides/sessions_controller.rb b/test/dummy/app/controllers/overrides/sessions_controller.rb index 4d76cf587..06cd691ac 100644 --- a/test/dummy/app/controllers/overrides/sessions_controller.rb +++ b/test/dummy/app/controllers/overrides/sessions_controller.rb @@ -3,31 +3,31 @@ class SessionsController < DeviseTokenAuth::SessionsController OVERRIDE_PROOF = "(^^,)" def create - @user = resource_class.find_by_email(resource_params[:email]) + @resource = resource_class.find_by_email(resource_params[:email]) - if @user and valid_params? and @user.valid_password?(resource_params[:password]) and @user.confirmed? + if @resource and valid_params? and @resource.valid_password?(resource_params[:password]) and @resource.confirmed? # create client id @client_id = SecureRandom.urlsafe_base64(nil, false) @token = SecureRandom.urlsafe_base64(nil, false) - @user.tokens[@client_id] = { + @resource.tokens[@client_id] = { token: BCrypt::Password.create(@token), expiry: (Time.now + DeviseTokenAuth.token_lifespan).to_i } - @user.save + @resource.save render json: { - data: @user.as_json(except: [ + data: @resource.as_json(except: [ :tokens, :created_at, :updated_at ]), override_proof: OVERRIDE_PROOF } - elsif @user and not @user.confirmed? + elsif @resource and not @resource.confirmed? render json: { success: false, errors: [ - "A confirmation email was sent to your account at #{@user.email}. "+ + "A confirmation email was sent to your account at #{@resource.email}. "+ "You must follow the instructions in the email before your account "+ "can be activated" ] diff --git a/test/dummy/app/controllers/overrides/token_validations_controller.rb b/test/dummy/app/controllers/overrides/token_validations_controller.rb index 84f8e310b..7d65ca00a 100644 --- a/test/dummy/app/controllers/overrides/token_validations_controller.rb +++ b/test/dummy/app/controllers/overrides/token_validations_controller.rb @@ -3,11 +3,11 @@ class TokenValidationsController < DeviseTokenAuth::TokenValidationsController OVERRIDE_PROOF = '(^^,)' def validate_token - # @user will have been set by set_user_by_token concern - if @user + # @resource will have been set by set_user_by_token concern + if @resource render json: { success: true, - data: @user.as_json(except: [ + data: @resource.as_json(except: [ :tokens, :created_at, :updated_at ]), override_proof: OVERRIDE_PROOF diff --git a/test/models/user_test.rb b/test/models/user_test.rb index 7dc48231c..b0f08026c 100644 --- a/test/models/user_test.rb +++ b/test/models/user_test.rb @@ -6,74 +6,74 @@ class UserTest < ActiveSupport::TestCase @password = Faker::Internet.password(10, 20) @email = Faker::Internet.email @success_url = Faker::Internet.url - @user = User.new() + @resource = User.new() end describe 'serialization' do test 'hash should not include sensitive info' do - refute @user.as_json[:tokens] + refute @resource.as_json[:tokens] end end describe 'email registration' do test 'model should not save if email is blank' do - @user.provider = 'email' - @user.password = @password - @user.password_confirmation = @password + @resource.provider = 'email' + @resource.password = @password + @resource.password_confirmation = @password - refute @user.save - assert @user.errors.messages[:email] + refute @resource.save + assert @resource.errors.messages[:email] end end describe 'oauth2 authentication' do test 'model should save even if email is blank' do - @user.provider = 'facebook' - @user.password = @password - @user.password_confirmation = @password + @resource.provider = 'facebook' + @resource.password = @password + @resource.password_confirmation = @password - assert @user.save - refute @user.errors.messages[:email] + assert @resource.save + refute @resource.errors.messages[:email] end end describe 'token expiry' do before do - @user = users(:confirmed_email_user) - @user.skip_confirmation! - @user.save! + @resource = users(:confirmed_email_user) + @resource.skip_confirmation! + @resource.save! - @auth_headers = @user.create_new_auth_token + @auth_headers = @resource.create_new_auth_token @token = @auth_headers['access-token'] @client_id = @auth_headers['client'] end test 'should properly indicate whether token is current' do - assert @user.token_is_current?(@token, @client_id) + assert @resource.token_is_current?(@token, @client_id) # we want to update the expiry without forcing a cleanup (see below) - @user.tokens[@client_id]['expiry'] = Time.now.to_i - 10.seconds - refute @user.token_is_current?(@token, @client_id) + @resource.tokens[@client_id]['expiry'] = Time.now.to_i - 10.seconds + refute @resource.token_is_current?(@token, @client_id) end end describe 'expired tokens are destroyed on save' do before do - @user = users(:confirmed_email_user) - @user.skip_confirmation! - @user.save! + @resource = users(:confirmed_email_user) + @resource.skip_confirmation! + @resource.save! - @old_auth_headers = @user.create_new_auth_token - @new_auth_headers = @user.create_new_auth_token - expire_token(@user, @old_auth_headers['client']) + @old_auth_headers = @resource.create_new_auth_token + @new_auth_headers = @resource.create_new_auth_token + expire_token(@resource, @old_auth_headers['client']) end test 'expired token was removed' do - refute @user.tokens[@old_auth_headers['client']] + refute @resource.tokens[@old_auth_headers['client']] end test 'current token was not removed' do - assert @user.tokens[@new_auth_headers['client']] + assert @resource.tokens[@new_auth_headers['client']] end end end