#25121

Committed 08 Apr 2026 05:05PM UTC coverage: 13.745% (-17.8%) from 31.5%

Build Type

push

Committed by GitHub

Commit Message

Merge pull request #19 from mgmodell/copilot/write-tests-for-validators

Coverage Stats

229 of 1666 relevant lines covered (13.75%)

0.55 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

57.58

/lib/devise_token_auth/engine.rb

# frozen_string_literal: true

require 'devise_token_auth/rails/routes'

module DeviseTokenAuth
  class Engine < ::Rails::Engine
    isolate_namespace DeviseTokenAuth

    initializer 'devise_token_auth.url_helpers' do
      Devise.helpers << DeviseTokenAuth::Controllers::Helpers
    end
  end

  mattr_accessor :change_headers_on_each_request,
                 :max_number_of_devices,
                 :token_lifespan,
                 :token_cost,
                 :batch_request_buffer_throttle,
                 :omniauth_prefix,
                 :default_confirm_success_url,
                 :default_password_reset_url,
                 :redirect_whitelist,
                 :check_current_password_before_update,
                 :enable_standard_devise_support,
                 :remove_tokens_after_password_reset,
                 :default_callbacks,
                 :headers_names,
                 :cookie_enabled,
                 :cookie_name,
                 :cookie_attributes,
                 :bypass_sign_in,
                 :send_confirmation_email,
                 :require_client_password_reset_token,
                 :other_uid

  self.change_headers_on_each_request       = true
  self.max_number_of_devices                = 10
  self.token_lifespan                       = 2.weeks
  self.token_cost                           = 10
  self.batch_request_buffer_throttle        = 5.seconds
  self.omniauth_prefix                      = '/omniauth'
  self.default_confirm_success_url          = nil
  self.default_password_reset_url           = nil
  self.redirect_whitelist                   = nil
  self.check_current_password_before_update = false
  self.enable_standard_devise_support       = false
  self.remove_tokens_after_password_reset   = false
  self.default_callbacks                    = true
  self.headers_names                        = { 'authorization': 'Authorization',
                                                'access-token': 'access-token',
                                                'client': 'client',
                                                'expiry': 'expiry',
                                                'uid': 'uid',
                                                'token-type': 'token-type' }
  self.cookie_enabled                       = false
  self.cookie_name                          = 'auth_cookie'
  self.cookie_attributes                    = {}
  self.bypass_sign_in                       = true
  self.send_confirmation_email              = false
  self.require_client_password_reset_token  = false
  self.other_uid                            = nil

  def self.setup(&block)
    yield self

    Rails.application.config.after_initialize do
      if defined?(::OmniAuth)
        ::OmniAuth::config.path_prefix = Devise.omniauth_path_prefix = omniauth_prefix

        # Omniauth currently does not pass along omniauth.params upon failure redirect
        # see also: https://github.com/intridea/omniauth/issues/626
        OmniAuth::FailureEndpoint.class_eval do
          def redirect_to_failure
            message_key = env['omniauth.error.type']
            origin_query_param = env['omniauth.origin'] ? "&origin=#{CGI.escape(env['omniauth.origin'])}" : ''
            strategy_name_query_param = env['omniauth.error.strategy'] ? "&strategy=#{env['omniauth.error.strategy'].name}" : ''
            extra_params = env['omniauth.params'] ? "&#{env['omniauth.params'].to_query}" : ''
            new_path = "#{env['SCRIPT_NAME']}#{OmniAuth.config.path_prefix}/failure?message=#{message_key}#{origin_query_param}#{strategy_name_query_param}#{extra_params}"
            Rack::Response.new(['302 Moved'], 302, 'Location' => new_path).finish
          end
        end

        # Omniauth currently removes omniauth.params during mocked requests
        # see also: https://github.com/intridea/omniauth/pull/812
        #
        # In Rails 7.2+, follow_redirect! preserves the POST method for 307
        # redirects.  This means the router's 307 to /omniauth/:provider is
        # followed as a POST, which OmniAuth handles in mock_request_call.
        # However the session cookie written by that Rack response is not
        # reliably forwarded to the subsequent GET /omniauth/:provider/callback
        # request in integration tests, so session['omniauth.params'] is nil
        # when mock_callback_call runs.
        #
        # Fix: also encode the omniauth params as a query string in the
        # callback redirect URL (mock_request_call) so they are available in
        # request.params as a fallback (mock_callback_call).
        OmniAuth::Strategy.class_eval do
          def mock_request_call
            setup_phase
            @env['omniauth.origin'] = request.params['origin']
            @env['omniauth.origin'] = nil if env['omniauth.origin'] == ''
            omniauth_params = request.params.except('authenticity_token')
            session['omniauth.params'] = omniauth_params
            # Set env now so redirect_to_failure (failure path) and
            # mock_callback_call (success path) both have access to params.
            @env['omniauth.params'] = omniauth_params
            mocked_auth = OmniAuth.mock_auth_for(name.to_s)
            if mocked_auth.is_a?(Symbol)
              fail!(mocked_auth)
            else
              @env['omniauth.auth'] = mocked_auth
              # Encode params in the callback URL so they survive even when the
              # session cookie is not forwarded through the redirect chain.
              redirect_target = omniauth_params.any? ?
                "#{callback_url}?#{omniauth_params.to_query}" :
                callback_url
              redirect redirect_target
            end
          end

          def mock_callback_call
            setup_phase
            @env['omniauth.origin'] = session.delete('omniauth.origin')
            @env['omniauth.origin'] = nil if env['omniauth.origin'] == ''
            # Prefer the session (Rails ≤7.1) but fall back to request params
            # (Rails 7.2+ where the session cookie may not survive the redirect).
            @env['omniauth.params'] = session.delete('omniauth.params').presence ||
                                      request.params.except('authenticity_token') ||
                                      {}
            mocked_auth = OmniAuth.mock_auth_for(name.to_s)
            if mocked_auth.is_a?(Symbol)
              fail!(mocked_auth)
            else
              @env['omniauth.auth'] = mocked_auth
              OmniAuth.config.before_callback_phase.call(@env) if OmniAuth.config.before_callback_phase
              call_app!
            end
          end
        end

      end
    end
  end
end

1	# frozen_string_literal: true
2
3	require 'devise_token_auth/rails/routes'	1✔
4
5	module DeviseTokenAuth	1✔
6	class Engine < ::Rails::Engine	1✔
7	isolate_namespace DeviseTokenAuth	1✔
8
9	initializer 'devise_token_auth.url_helpers' do	1✔
10	Devise.helpers << DeviseTokenAuth::Controllers::Helpers	1✔
11	end
12	end
13
14	mattr_accessor :change_headers_on_each_request,	1✔
15	:max_number_of_devices,
16	:token_lifespan,
17	:token_cost,
18	:batch_request_buffer_throttle,
19	:omniauth_prefix,
20	:default_confirm_success_url,
21	:default_password_reset_url,
22	:redirect_whitelist,
23	:check_current_password_before_update,
24	:enable_standard_devise_support,
25	:remove_tokens_after_password_reset,
26	:default_callbacks,
27	:headers_names,
28	:cookie_enabled,
29	:cookie_name,
30	:cookie_attributes,
31	:bypass_sign_in,
32	:send_confirmation_email,
33	:require_client_password_reset_token,
34	:other_uid
35
36	self.change_headers_on_each_request = true	1✔
37	self.max_number_of_devices = 10	1✔
38	self.token_lifespan = 2.weeks	1✔
39	self.token_cost = 10	1✔
40	self.batch_request_buffer_throttle = 5.seconds	1✔
41	self.omniauth_prefix = '/omniauth'	1✔
42	self.default_confirm_success_url = nil	1✔
43	self.default_password_reset_url = nil	1✔
44	self.redirect_whitelist = nil	1✔
45	self.check_current_password_before_update = false	1✔
46	self.enable_standard_devise_support = false	1✔
47	self.remove_tokens_after_password_reset = false	1✔
48	self.default_callbacks = true	1✔
49	self.headers_names = { 'authorization': 'Authorization',	1✔
50	'access-token': 'access-token',
51	'client': 'client',
52	'expiry': 'expiry',
53	'uid': 'uid',
54	'token-type': 'token-type' }
55	self.cookie_enabled = false	1✔
56	self.cookie_name = 'auth_cookie'	1✔
57	self.cookie_attributes = {}	1✔
58	self.bypass_sign_in = true	1✔
59	self.send_confirmation_email = false	1✔
60	self.require_client_password_reset_token = false	1✔
61	self.other_uid = nil	1✔
62
63	def self.setup(&block)	1✔
64	yield self	1✔
65
66	Rails.application.config.after_initialize do	1✔
67	if defined?(::OmniAuth)	1✔
68	::OmniAuth::config.path_prefix = Devise.omniauth_path_prefix = omniauth_prefix	1✔
69
70	# Omniauth currently does not pass along omniauth.params upon failure redirect
71	# see also: https://github.com/intridea/omniauth/issues/626
72	OmniAuth::FailureEndpoint.class_eval do	1✔
73	def redirect_to_failure	1✔
74	message_key = env['omniauth.error.type']	×
75	origin_query_param = env['omniauth.origin'] ? "&origin=#{CGI.escape(env['omniauth.origin'])}" : ''	×
76	strategy_name_query_param = env['omniauth.error.strategy'] ? "&strategy=#{env['omniauth.error.strategy'].name}" : ''	×
77	extra_params = env['omniauth.params'] ? "&#{env['omniauth.params'].to_query}" : ''	×
78	new_path = "#{env['SCRIPT_NAME']}#{OmniAuth.config.path_prefix}/failure?message=#{message_key}#{origin_query_param}#{strategy_name_query_param}#{extra_params}"	×
79	Rack::Response.new(['302 Moved'], 302, 'Location' => new_path).finish	×
80	end
81	end
82
83	# Omniauth currently removes omniauth.params during mocked requests
84	# see also: https://github.com/intridea/omniauth/pull/812
85	#
86	# In Rails 7.2+, follow_redirect! preserves the POST method for 307
87	# redirects. This means the router's 307 to /omniauth/:provider is
88	# followed as a POST, which OmniAuth handles in mock_request_call.
89	# However the session cookie written by that Rack response is not
90	# reliably forwarded to the subsequent GET /omniauth/:provider/callback
91	# request in integration tests, so session['omniauth.params'] is nil
92	# when mock_callback_call runs.
93	#
94	# Fix: also encode the omniauth params as a query string in the
95	# callback redirect URL (mock_request_call) so they are available in
96	# request.params as a fallback (mock_callback_call).
97	OmniAuth::Strategy.class_eval do	1✔
98	def mock_request_call	1✔
99	setup_phase	×
100	@env['omniauth.origin'] = request.params['origin']	×
101	@env['omniauth.origin'] = nil if env['omniauth.origin'] == ''	×
102	omniauth_params = request.params.except('authenticity_token')	×
103	session['omniauth.params'] = omniauth_params	×
104	# Set env now so redirect_to_failure (failure path) and
105	# mock_callback_call (success path) both have access to params.
106	@env['omniauth.params'] = omniauth_params	×
107	mocked_auth = OmniAuth.mock_auth_for(name.to_s)	×
108	if mocked_auth.is_a?(Symbol)	×
109	fail!(mocked_auth)	×
110	else
111	@env['omniauth.auth'] = mocked_auth	×
112	# Encode params in the callback URL so they survive even when the
113	# session cookie is not forwarded through the redirect chain.
114	redirect_target = omniauth_params.any? ?	×
115	"#{callback_url}?#{omniauth_params.to_query}" :
116	callback_url
117	redirect redirect_target	×
118	end
119	end
120
121	def mock_callback_call	1✔
122	setup_phase	×
123	@env['omniauth.origin'] = session.delete('omniauth.origin')	×
124	@env['omniauth.origin'] = nil if env['omniauth.origin'] == ''	×
125	# Prefer the session (Rails ≤7.1) but fall back to request params
126	# (Rails 7.2+ where the session cookie may not survive the redirect).
127	@env['omniauth.params'] = session.delete('omniauth.params').presence \|\|	×
128	request.params.except('authenticity_token') \|\|
129	{}
130	mocked_auth = OmniAuth.mock_auth_for(name.to_s)	×
131	if mocked_auth.is_a?(Symbol)	×
132	fail!(mocked_auth)	×
133	else
134	@env['omniauth.auth'] = mocked_auth	×
135	OmniAuth.config.before_callback_phase.call(@env) if OmniAuth.config.before_callback_phase	×
136	call_app!	×
137	end
138	end
139	end
140
141	end
142	end
143	end
144	end

mgmodell / devise_token_auth_multi_email / #25121

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous