From 006bddee4bbe9f5ff9edc936d54725ce061be720 Mon Sep 17 00:00:00 2001 From: Ken Jones Date: Wed, 12 Jun 2024 07:11:52 +0100 Subject: [PATCH] Disable parameter wrapping in TokensController (#42) * Disable parameter wrapping in Devise::Api::TokensController * Fix failing Devise::Api::Responses::TokenResponse specs --- .../devise/api/tokens_controller.rb | 1 + .../api/responses/token_response_spec.rb | 102 ++++++------------ 2 files changed, 32 insertions(+), 71 deletions(-) diff --git a/app/controllers/devise/api/tokens_controller.rb b/app/controllers/devise/api/tokens_controller.rb index 74f84c6..6964081 100644 --- a/app/controllers/devise/api/tokens_controller.rb +++ b/app/controllers/devise/api/tokens_controller.rb @@ -4,6 +4,7 @@ module Devise module Api class TokensController < Devise.api.config.base_controller.constantize + wrap_parameters false skip_before_action :verify_authenticity_token, raise: false before_action :authenticate_devise_api_token!, only: %i[info] diff --git a/spec/devise/api/responses/token_response_spec.rb b/spec/devise/api/responses/token_response_spec.rb index 6085acd..34302b3 100644 --- a/spec/devise/api/responses/token_response_spec.rb +++ b/spec/devise/api/responses/token_response_spec.rb @@ -3,10 +3,26 @@ require 'spec_helper' RSpec.describe Devise::Api::Responses::TokenResponse do - context 'action types' do - let(:resource_owner) { double('resource_owner') } - let(:token) { double('token', resource_owner: resource_owner) } + let(:resource_owner) do + FactoryBot.build( + :user, + id: 1, + email: 'test@development.com', + created_at: Time.now, + updated_at: Time.now + ) + end + let(:token) do + FactoryBot.build( + :devise_api_token, + resource_owner: resource_owner, + access_token: 'access_token', + refresh_token: 'refresh_token', + expires_in: 3600 + ) + end + context 'action types' do it 'has a list of actions' do expect(described_class::ACTIONS).to eq(%i[sign_in sign_up refresh revoke info]) end @@ -21,17 +37,6 @@ end context 'sign in' do - let(:resource_owner) do - double('resource_owner', - id: 1, - email: 'test@development.com', - created_at: Time.now, - updated_at: Time.now) - end - let(:token) do - double('token', resource_owner: resource_owner, access_token: 'access_token', refresh_token: 'refresh_token', - expires_in: 3600) - end let(:token_response) { described_class.new(nil, token: token, action: :sign_in) } it 'returns the correct body' do @@ -45,7 +50,7 @@ email: 'test@development.com', created_at: resource_owner.created_at, updated_at: resource_owner.updated_at - } + }.stringify_keys }) end @@ -55,24 +60,10 @@ end context 'sign up' do - let(:supported_devise_modules) { double('supported_devise_modules', confirmable?: true) } - let(:resource_owner_class) { double('resource_owner_class', supported_devise_modules: supported_devise_modules) } - let(:resource_owner) do - double('resource_owner', - id: 1, - email: 'test@development.com', - created_at: Time.now, - updated_at: Time.now, - class: resource_owner_class, - confirmed?: true) - end - let(:token) do - double('token', resource_owner: resource_owner, access_token: 'access_token', refresh_token: 'refresh_token', - expires_in: 3600) - end let(:token_response) { described_class.new(nil, token: token, action: :sign_up) } it 'returns the correct body' do + allow(resource_owner).to receive(:confirmed?).and_return(true) expect(token_response.body).to eq({ token: 'access_token', refresh_token: 'refresh_token', @@ -83,7 +74,7 @@ email: 'test@development.com', created_at: resource_owner.created_at, updated_at: resource_owner.updated_at - }, + }.stringify_keys, confirmable: { confirmed: true } @@ -96,17 +87,6 @@ end context 'refresh' do - let(:resource_owner) do - double('resource_owner', - id: 1, - email: 'test@development.com', - created_at: Time.now, - updated_at: Time.now) - end - let(:token) do - double('token', resource_owner: resource_owner, access_token: 'access_token', refresh_token: 'refresh_token', - expires_in: 3600) - end let(:token_response) { described_class.new(nil, token: token, action: :refresh) } it 'returns the correct body' do @@ -120,7 +100,7 @@ email: 'test@development.com', created_at: resource_owner.created_at, updated_at: resource_owner.updated_at - } + }.stringify_keys }) end @@ -130,17 +110,6 @@ end context 'revoke' do - let(:resource_owner) do - double('resource_owner', - id: 1, - email: 'test@development.com', - created_at: Time.now, - updated_at: Time.now) - end - let(:token) do - double('token', resource_owner: resource_owner, access_token: 'access_token', refresh_token: 'refresh_token', - expires_in: 3600) - end let(:token_response) { described_class.new(nil, token: token, action: :revoke) } it 'returns the correct body' do @@ -153,26 +122,17 @@ end context 'info' do - let(:resource_owner) do - double('resource_owner', - id: 1, - email: 'test@development.com', - created_at: Time.now, - updated_at: Time.now) - end - let(:token) do - double('token', resource_owner: resource_owner, access_token: 'access_token', refresh_token: 'refresh_token', - expires_in: 3600) - end let(:token_response) { described_class.new(nil, token: token, action: :info) } it 'returns the correct body' do - expect(token_response.body).to eq({ - id: 1, - email: 'test@development.com', - created_at: resource_owner.created_at, - updated_at: resource_owner.updated_at - }) + expect(token_response.body).to eq( + { + id: 1, + email: 'test@development.com', + created_at: resource_owner.created_at, + updated_at: resource_owner.updated_at + }.stringify_keys + ) end it 'returns the correct status' do