Merge branch 'jartek-exclude_devise_modules'.

Fixes #78 #80 #60.
lynndylanhurley · Dec 22, 2014 · 46e3ac7 · 46e3ac7
2 parents d4d5335 + 503a91a
commit 46e3ac7
Show file tree

Hide file tree

Showing 13 changed files with 208 additions and 6 deletions.
diff --git a/app/controllers/devise_token_auth/registrations_controller.rb b/app/controllers/devise_token_auth/registrations_controller.rb
@@ -17,7 +17,7 @@ def create
       end
 
       # success redirect url is required
-      unless params[:confirm_success_url]
+      if resource_class.devise_modules.include?(:confirmable) && !params[:confirm_success_url]
         return render json: {
           status: 'error',
           data:   @resource,
@@ -76,7 +76,7 @@ def create
 
     def update
       if @resource
-        
+
         if @resource.update_attributes(account_update_params)
           render json: {
             status: 'success',

diff --git a/app/models/devise_token_auth/concerns/user.rb b/app/models/devise_token_auth/concerns/user.rb
@@ -2,11 +2,12 @@ module DeviseTokenAuth::Concerns::User
   extend ActiveSupport::Concern
 
   included do
-    # Include default devise modules. Others available are:
-    # :confirmable, :lockable, :timeoutable and :omniauthable
-    devise :database_authenticatable, :registerable,
+    # Hack to check if devise is already enabled
+    unless self.method_defined?(:devise_modules)
+      devise :database_authenticatable, :registerable,
           :recoverable, :rememberable, :trackable, :validatable,
           :confirmable, :omniauthable
+    end
 
     serialize :tokens, JSON
 
@@ -186,6 +187,9 @@ def extend_batch_buffer(token, client_id)
     return build_auth_header(token, client_id)
   end
 
+  def confirmed?
+    self.devise_modules.exclude?(:confirmable) || super
+  end
 
   protected
 

diff --git a/lib/generators/devise_token_auth/install_generator.rb b/lib/generators/devise_token_auth/install_generator.rb
@@ -30,6 +30,10 @@ def create_user_model
         inclusion = "include DeviseTokenAuth::Concerns::User"
         unless parse_file_for_line(fname, inclusion)
           inject_into_file fname, after: "class #{user_class} < ActiveRecord::Base\n" do <<-'RUBY'
+  # Include default devise modules.
+  devise :database_authenticatable, :registerable,
+          :recoverable, :rememberable, :trackable, :validatable,
+          :confirmable, :omniauthable
   include DeviseTokenAuth::Concerns::User
           RUBY
           end

diff --git a/lib/generators/devise_token_auth/templates/user.rb b/lib/generators/devise_token_auth/templates/user.rb
@@ -1,3 +1,7 @@
 class <%= user_class %> < ActiveRecord::Base
+  # Include default devise modules.
+  devise :database_authenticatable, :registerable,
+          :recoverable, :rememberable, :trackable, :validatable,
+          :confirmable, :omniauthable
   include DeviseTokenAuth::Concerns::User
 end
diff --git a/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb b/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb
@@ -164,4 +164,14 @@ class OmniauthTest < ActionDispatch::IntegrationTest
       end
     end
   end
+
+  describe 'User with only :database_authenticatable and :registerable included' do
+    test 'OnlyEmailUser should not be able to use OAuth' do
+      assert_raises(ActionController::RoutingError) {
+        get_via_redirect '/only_email_auth/facebook', {
+          auth_origin_url: @redirect_url
+        }
+      }
+    end
+  end
 end
diff --git a/test/controllers/devise_token_auth/registrations_controller_test.rb b/test/controllers/devise_token_auth/registrations_controller_test.rb
@@ -454,5 +454,36 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
         assert @resource.valid_token?(@token, @client_id)
       end
     end
+
+
+    describe 'User with only :database_authenticatable and :registerable included' do
+      setup do
+        @mails_sent = ActionMailer::Base.deliveries.count
+
+        post '/only_email_auth', {
+          email: Faker::Internet.email,
+          password: "secret123",
+          password_confirmation: "secret123",
+          confirm_success_url: Faker::Internet.url,
+          unpermitted_param: '(x_x)'
+        }
+
+        @resource = assigns(:resource)
+        @data = JSON.parse(response.body)
+        @mail = ActionMailer::Base.deliveries.last
+      end
+
+      test 'user was created' do
+        assert @resource.id
+      end
+
+      test 'email confirmation was not sent' do
+        assert_equal @mails_sent, ActionMailer::Base.deliveries.count
+      end
+
+      test 'user is confirmed' do
+        assert @resource.confirmed?
+      end
+    end
   end
 end
diff --git a/test/controllers/devise_token_auth/sessions_controller_test.rb b/test/controllers/devise_token_auth/sessions_controller_test.rb
@@ -217,5 +217,33 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
         assert_equal @existing_user.email, @data['data']['email']
       end
     end
+
+    describe 'User with only :database_authenticatable and :registerable included' do
+      setup do
+        @request.env['devise.mapping'] = Devise.mappings[:only_email_user]
+      end
+
+      teardown do
+        @request.env['devise.mapping'] = Devise.mappings[:user]
+      end
+
+      before do
+        @existing_user = only_email_users(:user)
+        @existing_user.save!
+
+        xhr :post, :create, {
+          email: @existing_user.email,
+          password: 'secret123'
+        }
+
+        @resource = assigns(:resource)
+        @data = JSON.parse(response.body)
+      end
+
+      test 'user should be able to sign in without confirmation' do
+        assert 200, response.status
+        refute OnlyEmailUser.method_defined?(:confirmed_at)
+      end
+    end
   end
 end
diff --git a/test/dummy/app/models/only_email_user.rb b/test/dummy/app/models/only_email_user.rb
@@ -0,0 +1,5 @@
+class OnlyEmailUser < ActiveRecord::Base
+  # Include default devise modules.
+  devise :database_authenticatable, :registerable
+  include DeviseTokenAuth::Concerns::User
+end
diff --git a/test/dummy/config/routes.rb b/test/dummy/config/routes.rb
@@ -19,6 +19,8 @@
     token_validations:  'overrides/token_validations'
   }
 
+  mount_devise_token_auth_for 'OnlyEmailUser', at: '/only_email_auth', skip: [:omniauth_callbacks]
+
   # this route will authorize visitors using the User class
   get 'demo/members_only', to: 'demo_user#members_only'
 

diff --git a/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb b/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb
@@ -0,0 +1,54 @@
+class DeviseTokenAuthCreateOnlyEmailUsers < ActiveRecord::Migration
+  def change
+    create_table(:only_email_users) do |t|
+      ## Required
+      t.string :provider, :null => false
+      t.string :uid, :null => false, :default => ""
+
+      ## Database authenticatable
+      t.string :encrypted_password, :null => false, :default => ""
+
+      ## Recoverable
+      #t.string   :reset_password_token
+      #t.datetime :reset_password_sent_at
+
+      ## Rememberable
+      #t.datetime :remember_created_at
+
+      ## Trackable
+      #t.integer  :sign_in_count, :default => 0, :null => false
+      #t.datetime :current_sign_in_at
+      #t.datetime :last_sign_in_at
+      #t.string   :current_sign_in_ip
+      #t.string   :last_sign_in_ip
+
+      ## Confirmable
+      #t.string   :confirmation_token
+      #t.datetime :confirmed_at
+      #t.datetime :confirmation_sent_at
+      #t.string   :unconfirmed_email # Only if using reconfirmable
+
+      ## Lockable
+      # t.integer  :failed_attempts, :default => 0, :null => false # Only if lock strategy is :failed_attempts
+      # t.string   :unlock_token # Only if unlock strategy is :email or :both
+      # t.datetime :locked_at
+
+      ## User Info
+      t.string :name
+      t.string :nickname
+      t.string :image
+      t.string :email
+
+      ## Tokens
+      t.text :tokens
+
+      t.timestamps
+    end
+
+    add_index :only_email_users, :email
+    add_index :only_email_users, [:uid, :provider],     :unique => true
+    #add_index :only_email_users, :reset_password_token, :unique => true
+    # add_index :only_email_users, :confirmation_token,   :unique => true
+    # add_index :only_email_users, :unlock_token,         :unique => true
+  end
+end
diff --git a/test/dummy/db/schema.rb b/test/dummy/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20140928231203) do
+ActiveRecord::Schema.define(version: 20141222035835) do
 
   create_table "evil_users", force: true do |t|
     t.string   "email"
@@ -77,6 +77,22 @@
   add_index "mangs", ["reset_password_token"], name: "index_mangs_on_reset_password_token", unique: true
   add_index "mangs", ["uid", "provider"], name: "index_mangs_on_uid_and_provider", unique: true
 
+  create_table "only_email_users", force: true do |t|
+    t.string   "provider",                        null: false
+    t.string   "uid",                default: "", null: false
+    t.string   "encrypted_password", default: "", null: false
+    t.string   "name"
+    t.string   "nickname"
+    t.string   "image"
+    t.string   "email"
+    t.text     "tokens"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
+  add_index "only_email_users", ["email"], name: "index_only_email_users_on_email"
+  add_index "only_email_users", ["uid", "provider"], name: "index_only_email_users_on_uid_and_provider", unique: true
+
   create_table "users", force: true do |t|
     t.string   "email"
     t.string   "encrypted_password",          default: "", null: false

diff --git a/test/fixtures/only_email_users.yml b/test/fixtures/only_email_users.yml
@@ -0,0 +1,9 @@
+<% timestamp = DateTime.parse(2.weeks.ago.to_s).to_time.strftime("%F %T") %>
+<% @email = Faker::Internet.email %>
+user:
+  uid:                 "<%= @email %>"
+  email:               "<%= @email %>"
+  provider:            'email'
+  created_at:          '<%= timestamp %>'
+  updated_at:          '<%= timestamp %>'
+  encrypted_password:  <%= User.new.send(:password_digest, 'secret123') %>
diff --git a/test/models/only_email_user_test.rb b/test/models/only_email_user_test.rb
@@ -0,0 +1,35 @@
+require 'test_helper'
+
+class OnlyEmailUserTest < ActiveSupport::TestCase
+  describe OnlyEmailUser do
+    test 'trackable is disabled' do
+      refute OnlyEmailUser.method_defined?(:sign_in_count)
+      refute OnlyEmailUser.method_defined?(:current_sign_in_at)
+      refute OnlyEmailUser.method_defined?(:last_sign_in_at)
+      refute OnlyEmailUser.method_defined?(:current_sign_in_ip)
+      refute OnlyEmailUser.method_defined?(:last_sign_in_ip)
+    end
+
+    test 'confirmable is disabled' do
+      refute OnlyEmailUser.method_defined?(:confirmation_token)
+      refute OnlyEmailUser.method_defined?(:confirmed_at)
+      refute OnlyEmailUser.method_defined?(:confirmation_sent_at)
+      refute OnlyEmailUser.method_defined?(:unconfirmed_email)
+    end
+
+    test 'lockable is disabled' do
+      refute OnlyEmailUser.method_defined?(:failed_attempts)
+      refute OnlyEmailUser.method_defined?(:unlock_token)
+      refute OnlyEmailUser.method_defined?(:locked_at)
+    end
+
+    test 'recoverable is disabled' do
+      refute OnlyEmailUser.method_defined?(:reset_password_token)
+      refute OnlyEmailUser.method_defined?(:reset_password_sent_at)
+    end
+
+    test 'rememberable is disabled' do
+      refute OnlyEmailUser.method_defined?(:remember_created_at)
+    end
+  end
+end