Merge pull request lynndylanhurley#330 from colavitam/master

Tests to ensure standard devise has greater priority than tokens
Jylth · Aug 9, 2015 · a709a06 · a709a06
2 parents 1c26d0b + 2d14476
commit a709a06
Show file tree

Hide file tree

Showing 3 changed files with 71 additions and 2 deletions.
diff --git a/app/controllers/devise_token_auth/concerns/set_user_by_token.rb b/app/controllers/devise_token_auth/concerns/set_user_by_token.rb
@@ -69,7 +69,7 @@ def update_auth_header
     # Generate new client_id with existing authentication
     @client_id = nil unless @used_auth_by_token
 
-    if not DeviseTokenAuth.change_headers_on_each_request
+    if @used_auth_by_token and not DeviseTokenAuth.change_headers_on_each_request
       auth_header = @resource.build_auth_header(@token, @client_id)
 
       # update the response header

diff --git a/test/controllers/demo_user_controller_test.rb b/test/controllers/demo_user_controller_test.rb
@@ -258,11 +258,69 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
           end
         end
       end
+
+      describe 'existing Warden authentication with ignored token data' do
+        before do
+          @resource = users(:second_confirmed_email_user)
+          @resource.skip_confirmation!
+          @resource.save!
+          login_as( @resource, :scope => :user)
+
+          get '/demo/members_only', {}, @auth_headers
+
+          @resp_token       = response.headers['access-token']
+          @resp_client_id   = response.headers['client']
+          @resp_expiry      = response.headers['expiry']
+          @resp_uid         = response.headers['uid']
+        end
+
+        describe 'devise mappings' do
+          it 'should define current_user' do
+            assert_equal @resource, @controller.current_user
+          end
+
+          it 'should define user_signed_in?' do
+            assert @controller.user_signed_in?
+          end
+
+          it 'should not define current_mang' do
+            refute_equal @resource, @controller.current_mang
+          end
+        end
+
+        it 'should return success status' do
+          assert_equal 200, response.status
+        end
+
+        it 'should receive new token after successful request' do
+          assert @resp_token
+        end
+
+        it 'should set the token expiry in the auth header' do
+          assert @resp_expiry
+        end
+
+        it 'should return the client id in the auth header' do
+          assert @resp_client_id
+        end
+
+        it "should not use the existing token's client" do
+          refute_equal @auth_headers['client'], @resp_client_id
+        end
+
+        it "should return the user's uid in the auth header" do
+          assert @resp_uid
+        end
+
+        it "should not return the token user's uid in the auth header" do
+          refute_equal @resp_uid, @auth_headers['uid']
+        end
+      end
     end
 
     describe 'Existing Warden authentication' do
       before do
-        @resource = users(:confirmed_email_user)
+        @resource = users(:second_confirmed_email_user)
         @resource.skip_confirmation!
         @resource.save!
         login_as( @resource, :scope => :user)

diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml
@@ -10,6 +10,17 @@ confirmed_email_user:
   updated_at:         '<%= timestamp %>'
   encrypted_password: <%= User.new.send(:password_digest, 'secret123') %>
 
+<% @second_email = Faker::Internet.email %>
+second_confirmed_email_user:
+  uid:                "<%= @second_email %>"
+  email:              "<%= @second_email %>"
+  nickname:           'stimpy2'
+  provider:           'email'
+  confirmed_at:       '<%= timestamp %>'
+  created_at:         '<%= timestamp %>'
+  updated_at:         '<%= timestamp %>'
+  encrypted_password: <%= User.new.send(:password_digest, 'secret123') %>
+
 <% @fb_email = Faker::Internet.email %>
 duplicate_email_facebook_user:
   uid:                "<%= Faker::Number.number(10) %>"