github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-04-28 03:00:29 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
5-rc
devise/test/integration/trackable_test.rb
Marc Busqué 34238e9f18 Update trackable fields only in a database sign in 
References #4584 and waiting-for-dev/devise-jwt#23

* Bug
Users that use devise-jwt, will not have the correct behavior of trackable
feature. As a request for APIs always requires authentication since there
is no session in APIs world, Devise counts +1 on every request since it
contains authentication info.

It happens because Devise has a trackable hook that updates the trackable
info everytime that the user is signed in by Warden.

* Fix
We are moving update_trackable_fields! from trackable hook (which was removed)
to sign_in_out and database_authenticatable. This way, update_trackable_fields!
is going to run only when the user signed in by Devise (only one time).
2019-09-19 10:22:29 -03:00

99 lines
2.4 KiB
Ruby
Raw Permalink Blame History

# frozen_string_literal: true
require 'test_helper'
class TrackableHooksTest < Devise::IntegrationTest
test "trackable should not run model validations" do
sign_in_as_user
refute User.validations_performed
end
test "current and last sign in timestamps are updated on each sign in" do
user = create_user
assert_nil user.current_sign_in_at
assert_nil user.last_sign_in_at
sign_in_as_user
user.reload
assert user.current_sign_in_at.acts_like?(:time)
assert user.last_sign_in_at.acts_like?(:time)
assert_equal user.current_sign_in_at, user.last_sign_in_at
assert user.current_sign_in_at >= user.created_at
delete destroy_user_session_path
new_time = 2.seconds.from_now
Time.stubs(:now).returns(new_time)
sign_in_as_user
user.reload
assert user.current_sign_in_at > user.last_sign_in_at
end
test "current and last sign in remote ip are updated on each sign in" do
user = create_user
assert_nil user.current_sign_in_ip
assert_nil user.last_sign_in_ip
sign_in_as_user
user.reload
assert_equal "127.0.0.1", user.current_sign_in_ip
assert_equal "127.0.0.1", user.last_sign_in_ip
end
test "current remote ip returns original ip behind a non transparent proxy" do
user = create_user
arbitrary_ip = '200.121.1.69'
sign_in_as_user do
header 'HTTP_X_FORWARDED_FOR', arbitrary_ip
end
user.reload
assert_equal arbitrary_ip, user.current_sign_in_ip
end
test "increase sign in count" do
user = create_user
assert_equal 0, user.sign_in_count
sign_in_as_user
user.reload
assert_equal 1, user.sign_in_count
delete destroy_user_session_path
sign_in_as_user
user.reload
assert_equal 2, user.sign_in_count
end
test "does not update anything if user has signed out along the way" do
swap Devise, allow_unconfirmed_access_for: 0.days do
user = create_user(confirm: false)
sign_in_as_user
user.reload
assert_nil user.current_sign_in_at
assert_nil user.last_sign_in_at
end
end
test "do not track if devise.skip_trackable is set" do
user = create_user
sign_in_as_user do
header 'devise.skip_trackable', '1'
end
user.reload
assert_equal 0, user.sign_in_count
delete destroy_user_session_path
sign_in_as_user do
header 'devise.skip_trackable', false
end
user.reload
assert_equal 1, user.sign_in_count
end
end
Reference in New Issue View Git Blame Copy Permalink