add unit and integration tests for case insensitive keys

heartcombo · Nov 20, 2010 · 8d1e23c · 8d1e23c
1 parent e911abf
commit 8d1e23c
Show file tree

Hide file tree

Showing 5 changed files with 63 additions and 5 deletions.
diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb
@@ -100,7 +100,7 @@ def http_authenticatable?(strategy)
         #   end
         #
         def find_for_authentication(conditions)
-          case_insensitive_keys.each { |k| attributes[k].try(:downcase!) }
+          case_insensitive_keys.each { |k| conditions[k].try(:downcase!) }
           to_adapter.find_first(conditions)
         end
 

diff --git a/test/integration/database_authenticatable_test.rb b/test/integration/database_authenticatable_test.rb
@@ -1,6 +1,28 @@
 require 'test_helper'
 
 class DatabaseAuthenticationTest < ActionController::IntegrationTest
+  test 'sign in with email of different case should succeed when email is in the list of case insensitive keys' do
+    create_user(:email => 'Foo@Bar.com')
+
+    sign_in_as_user do
+      fill_in 'email', :with => 'foo@bar.com'
+    end
+
+    assert warden.authenticated?(:user)
+  end
+
+  test 'sign in with email of different case should fail when email is NOT the list of case insensitive keys' do
+    swap Devise, :case_insensitive_keys => [] do
+      create_user(:email => 'Foo@Bar.com')
+
+      sign_in_as_user do
+        fill_in 'email', :with => 'foo@bar.com'
+      end
+
+      assert_not warden.authenticated?(:user)
+    end
+  end
+
   test 'sign in should not authenticate if not using proper authentication keys' do
     swap Devise, :authentication_keys => [:username] do
       sign_in_as_user

diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb
@@ -27,6 +27,32 @@ def reset_password(options={}, &block)
     click_button 'Change my password'
   end
 
+  test 'reset password with email of different case should succeed when email is in the list of case insensitive keys' do
+    create_user(:email => 'Foo@Bar.com')
+
+    request_forgot_password do
+      fill_in 'email', :with => 'foo@bar.com'
+    end
+
+    assert_current_url '/users/sign_in'
+    assert_contain 'You will receive an email with instructions about how to reset your password in a few minutes.'
+  end
+
+  test 'reset password with email of different case should fail when email is NOT the list of case insensitive keys' do
+    swap Devise, :case_insensitive_keys => [] do
+      create_user(:email => 'Foo@Bar.com')
+
+      request_forgot_password do
+        fill_in 'email', :with => 'foo@bar.com'
+      end
+
+      assert_response :success
+      assert_current_url '/users/password'
+      assert_have_selector "input[type=email][value='foo@bar.com']"
+      assert_contain 'not found'
+    end
+  end
+
   test 'authenticated user should not be able to visit forgot password page' do
     sign_in_as_user
     assert warden.authenticated?(:user)

diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb
@@ -2,6 +2,16 @@
 require 'digest/sha1'
 
 class DatabaseAuthenticatableTest < ActiveSupport::TestCase
+  test 'should downcase case insensitive keys when saving' do
+    # case_insensitive_keys is set to :email by default.
+    email = 'Foo@Bar.com'
+    user = new_user(:email => email)
+
+    assert_equal email, user.email
+    user.save!
+    assert_equal email.downcase, user.email
+  end
+
   test 'should respond to password and password confirmation' do
     user = new_user
     assert user.respond_to?(:password)

diff --git a/test/support/integration.rb b/test/support/integration.rb
@@ -9,9 +9,9 @@ def create_user(options={})
     @user ||= begin
       user = User.create!(
         :username => 'usertest',
-        :email => 'user@test.com',
-        :password => '123456',
-        :password_confirmation => '123456',
+        :email => options[:email] || 'user@test.com',
+        :password => options[:password] || '123456',
+        :password_confirmation => options[:password] || '123456',
         :created_at => Time.now.utc
       )
       user.confirm! unless options[:confirm] == false
@@ -32,7 +32,7 @@ def create_admin(options={})
   def sign_in_as_user(options={}, &block)
     user = create_user(options)
     visit_with_option options[:visit], new_user_session_path
-    fill_in 'email', :with => 'user@test.com'
+    fill_in 'email', :with => options[:email] || 'user@test.com'
     fill_in 'password', :with => options[:password] || '123456'
     check 'remember me' if options[:remember_me] == true
     yield if block_given?