Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Improve coverage, cache array in a constant.

  • Loading branch information...
commit d2223ee5e326a337eeb7b0300d148603216fdbe7 1 parent b6ab8d6
@josevalim josevalim authored
View
10 lib/devise/models/authenticatable.rb
@@ -51,6 +51,11 @@ module Models
module Authenticatable
extend ActiveSupport::Concern
+ BLACKLIST_FOR_SERIALIZATION = [:encrypted_password, :reset_password_token, :reset_password_sent_at,
+ :remember_created_at, :sign_in_count, :current_sign_in_at, :last_sign_in_at, :current_sign_in_ip,
+ :last_sign_in_ip, :password_salt, :confirmation_token, :confirmed_at, :confirmation_sent_at,
+ :unconfirmed_email, :failed_attempts, :unlock_token, :locked_at, :authentication_token]
+
included do
class_attribute :devise_modules, :instance_writer => false
self.devise_modules ||= []
@@ -114,10 +119,7 @@ def #{method}(options=nil)
if options[:force_except]
options[:except].concat Array(options[:force_except])
else
- options[:except].concat [:encrypted_password, :reset_password_token, :reset_password_send_at,
- :remember_created_at, :sign_in_count, :current_sign_in_at, :last_sign_in_at, :current_sign_in_ip,
- :last_sign_in_ip, :password_salt, :confirmation_token, :confirmed_at, :confirmation_sent_at,
- :unconfirmed_email, :failed_attempts, :unlock_token, :locked_at, :authentication_token]
+ options[:except].concat BLACKLIST_FOR_SERIALIZATION
end
super(options)
end
View
26 test/models/serializable_test.rb
@@ -6,8 +6,8 @@ class SerializableTest < ActiveSupport::TestCase
end
test 'should not include unsafe keys on XML' do
- assert_match /email/, @user.to_xml
- assert_no_match /confirmation-token/, @user.to_xml
+ assert_match /email/, @user.to_xml
+ assert_no_match /confirmation-token/, @user.to_xml
end
test 'should not include unsafe keys on XML even if a new except is provided' do
@@ -21,18 +21,28 @@ class SerializableTest < ActiveSupport::TestCase
end
test 'should not include unsafe keys on JSON' do
- assert_match /"email":/, @user.to_json
- assert_no_match /"confirmation_token":/, @user.to_json
+ assert_equal %w(created_at email facebook_token id updated_at username), from_json().keys.sort
end
test 'should not include unsafe keys on JSON even if a new except is provided' do
- assert_no_match /"email":/, @user.to_json(:except => :email)
- assert_no_match /"confirmation_token":/, @user.to_json(:except => :email)
+ assert_no_key "email", from_json(:except => :email)
+ assert_no_key "confirmation_token", from_json(:except => :email)
end
test 'should include unsafe keys on JSON if a force_except is provided' do
- assert_no_match /"email":/, @user.to_json(:force_except => :email)
- assert_match /"confirmation_token":/, @user.to_json(:force_except => :email)
+ assert_no_key "email", from_json(:force_except => :email)
+ assert_key "confirmation_token", from_json(:force_except => :email)
end
+ def assert_key(key, subject)
+ assert subject.key?(key), "Expected #{subject.inspect} to have key #{key.inspect}"
+ end
+
+ def assert_no_key(key, subject)
+ assert !subject.key?(key), "Expected #{subject.inspect} to not have key #{key.inspect}"
+ end
+
+ def from_json(options=nil)
+ ActiveSupport::JSON.decode(@user.to_json(options))["user"]
+ end
end
Please sign in to comment.
Something went wrong with that request. Please try again.