1143 extract @resource initialization out to a named overrideable met…

…hod (lynndylanhurley#1144)

lynndylanhurley#1143 extract @resource initialization out to a named overrideable method in registrations controller

app/controllers/devise_token_auth/application_controller.rb

@@ -17,6 +17,10 @@ def resource_errors
 
     protected
 
+    def blacklisted_redirect_url?
+      DeviseTokenAuth.redirect_whitelist && !DeviseTokenAuth::Url.whitelisted?(@redirect_url)
+    end
+
     def build_redirect_headers(access_token, client, redirect_header_options = {})
       {
         DeviseTokenAuth.headers_names[:"access-token"] => access_token,

app/controllers/devise_token_auth/passwords_controller.rb

@@ -11,21 +11,13 @@ def create
       end
 
       # give redirect value from params priority
-      @redirect_url = params[:redirect_url]
+      @redirect_url = params.fetch(
+          :redirect_url,
+          DeviseTokenAuth.default_password_reset_url
+        )
 
-      # fall back to default value if provided
-      @redirect_url ||= DeviseTokenAuth.default_password_reset_url
-
-      unless @redirect_url
-        return render_create_error_missing_redirect_url
-      end
-
-      # if whitelist is set, validate redirect_url against whitelist
-      if DeviseTokenAuth.redirect_whitelist
-        unless DeviseTokenAuth::Url.whitelisted?(@redirect_url)
-          return render_create_error_not_allowed_redirect_url
-        end
-      end
+      return render_create_error_missing_redirect_url unless @redirect_url
+      return render_create_error_not_allowed_redirect_url if blacklisted_redirect_url?
 
       @email = get_case_insensitive_field_from_resource_params(:email)
       @resource = find_resource(:uid, @email)

app/controllers/devise_token_auth/registrations_controller.rb

@@ -6,42 +6,37 @@ class RegistrationsController < DeviseTokenAuth::ApplicationController
     skip_after_action :update_auth_header, only: [:create, :destroy]
 
     def create
-      @resource            = resource_class.new(sign_up_params.except(:confirm_success_url))
-      @resource.provider   = provider
+      build_resource
 
-      # honor devise configuration for case_insensitive_keys
-      if resource_class.case_insensitive_keys.include?(:email)
-        @resource.email = sign_up_params[:email].try :downcase
-      else
-        @resource.email = sign_up_params[:email]
+      unless @resource.present?
+        raise DeviseTokenAuth::Errors::NoResourceDefinedError,
+          "#{self.class.name} #build_resource does not define @resource, execution stopped"
       end
 
       # give redirect value from params priority
-      @redirect_url = sign_up_params[:confirm_success_url]
-
-      # fall back to default value if provided
-      @redirect_url ||= DeviseTokenAuth.default_confirm_success_url
+      @redirect_url = params.fetch(
+        :confirm_success_url,
+        DeviseTokenAuth.default_confirm_success_url
+      )
 
       # success redirect url is required
       if confirmable_enabled? && !@redirect_url
         return render_create_error_missing_confirm_success_url
       end
 
       # if whitelist is set, validate redirect_url against whitelist
-      if DeviseTokenAuth.redirect_whitelist
-        unless DeviseTokenAuth::Url.whitelisted?(@redirect_url)
-          return render_create_error_redirect_url_not_allowed
-        end
-      end
+      return render_create_error_redirect_url_not_allowed if blacklisted_redirect_url?
 
       begin
         # override email confirmation, must be sent manually from ctrl
         resource_class.set_callback("create", :after, :send_on_create_confirmation_instructions)
         resource_class.skip_callback("create", :after, :send_on_create_confirmation_instructions)
+
         if @resource.respond_to? :skip_confirmation_notification!
           # Fix duplicate e-mails by disabling Devise confirmation e-mail
           @resource.skip_confirmation_notification!
         end
+
         if @resource.save
           yield @resource if block_given?
 
@@ -51,13 +46,10 @@ def create
               client_config: params[:config_name],
               redirect_url: @redirect_url
             })
-
           else
             # email auth has been bypassed, authenticate user
             @client_id, @token = @resource.create_token
-
             @resource.save!
-
             update_auth_header
           end
           render_create_success
@@ -88,15 +80,14 @@ def destroy
       if @resource
         @resource.destroy
         yield @resource if block_given?
-
         render_destroy_success
       else
         render_destroy_error
       end
     end
 
     def sign_up_params
-      params.permit([*params_for_resource(:sign_up), :confirm_success_url])
+      params.permit(*params_for_resource(:sign_up))
     end
 
     def account_update_params
@@ -105,6 +96,18 @@ def account_update_params
 
     protected
 
+    def build_resource
+      @resource            = resource_class.new(sign_up_params)
+      @resource.provider   = provider
+
+      # honor devise configuration for case_insensitive_keys
+      if resource_class.case_insensitive_keys.include?(:email)
+        @resource.email = sign_up_params[:email].try(:downcase)
+      else
+        @resource.email = sign_up_params[:email]
+      end
+    end
+
     def render_create_error_missing_confirm_success_url
       response = {
         status: 'error',

lib/devise_token_auth.rb

@@ -3,6 +3,7 @@
 require "devise_token_auth/controllers/helpers"
 require "devise_token_auth/controllers/url_helpers"
 require "devise_token_auth/url"
+require "devise_token_auth/errors"
 
 module DeviseTokenAuth
 end

lib/devise_token_auth/errors.rb

@@ -0,0 +1,5 @@
+module DeviseTokenAuth
+  module Errors
+    class NoResourceDefinedError < StandardError ; end
+  end
+end

test/controllers/custom/custom_registrations_controller_test.rb

@@ -50,5 +50,14 @@ class Custom::RegistrationsControllerTest < ActionDispatch::IntegrationTest
       assert @controller.destroy_block_called?,
              'destroy failed to yield resource to provided block'
     end
+
+    describe 'when overriding #build_resource' do
+      test 'it fails' do
+        Custom::RegistrationsController.any_instance.stubs(:build_resource).returns(nil)
+        assert_raises DeviseTokenAuth::Errors::NoResourceDefinedError do
+          post '/nice_user_auth', params: @create_params
+        end
+      end
+    end
   end
 end

test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb

@@ -1,6 +1,4 @@
 require 'test_helper'
-require 'mocha/minitest'
-
 #  was the web request successful?
 #  was the user redirected to the right page?
 #  was the user successfully authenticated?

test/controllers/overrides/registrations_controller_test.rb

@@ -8,33 +8,35 @@
 
 class Overrides::RegistrationsControllerTest < ActionDispatch::IntegrationTest
   describe Overrides::RegistrationsController do
-    setup do
-      @existing_user  = evil_users(:confirmed_email_user)
-      @auth_headers   = @existing_user.create_new_auth_token
-      @client_id      = @auth_headers['client']
-      @favorite_color = 'pink'
-
-      # ensure request is not treated as batch request
-      age_token(@existing_user, @client_id)
-
-      # test valid update param
-      @new_operating_thetan = 1_000_000
-
-      put '/evil_user_auth',
-          params: { favorite_color: @favorite_color },
-          headers: @auth_headers
-
-      @data = JSON.parse(response.body)
-      @existing_user.reload
-    end
-
-    test 'user was updated' do
-      assert_equal @favorite_color, @existing_user.favorite_color
-    end
-
-    test 'controller was overridden' do
-      assert_equal Overrides::RegistrationsController::OVERRIDE_PROOF,
-                   @data['override_proof']
+    describe 'Succesful Registration update' do
+      setup do
+        @existing_user  = evil_users(:confirmed_email_user)
+        @auth_headers   = @existing_user.create_new_auth_token
+        @client_id      = @auth_headers['client']
+        @favorite_color = 'pink'
+
+        # ensure request is not treated as batch request
+        age_token(@existing_user, @client_id)
+
+        # test valid update param
+        @new_operating_thetan = 1_000_000
+
+        put '/evil_user_auth',
+            params: { favorite_color: @favorite_color },
+            headers: @auth_headers
+
+        @data = JSON.parse(response.body)
+        @existing_user.reload
+      end
+
+      test 'user was updated' do
+        assert_equal @favorite_color, @existing_user.favorite_color
+      end
+
+      test 'controller was overridden' do
+        assert_equal Overrides::RegistrationsController::OVERRIDE_PROOF,
+                     @data['override_proof']
+      end
     end
   end
 end

test/dummy/app/controllers/custom/registrations_controller.rb

@@ -35,5 +35,4 @@ def destroy_block_called?
   def render_create_success
     render json: {custom: "foo"}
   end
-
 end

test/test_helper.rb

@@ -1,24 +1,13 @@
 require 'simplecov'
 
-# SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter[
-#   SimpleCov::Formatter::HTMLFormatter,
-#   CodeClimate::TestReporter::Formatter
-# ]
-
 SimpleCov.start 'rails'
 
 ENV['RAILS_ENV'] = 'test'
 
 require File.expand_path('../dummy/config/environment', __FILE__)
 require 'rails/test_help'
 require 'minitest/rails'
-
-# To add Capybara feature tests add `gem "minitest-rails-capybara"`
-# to the test group in the Gemfile and uncomment the following:
-# require "minitest/rails/capybara"
-
-# Uncomment for awesome colorful output
-# require "minitest/pride"
+require 'mocha/minitest'
 
 ActiveSupport::TestCase.fixture_path = File.expand_path('../fixtures', __FILE__)
 ActionDispatch::IntegrationTest.fixture_path = File.expand_path('../fixtures', __FILE__)