-
Notifications
You must be signed in to change notification settings - Fork 0
/
specification:
66 lines (42 loc) · 2.18 KB
/
specification:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
specification:
1.setup:
- should skip modules if told to skip, and routes should not get generated.
- should also skip those steps in oauth registration.
- should generate routes for multiple resources.
- should generate omniauth_failure_path if at least one resource has omniauth enabled.
- should use app controllers if specified in the opts.
- should enable token_auth by default.
- should skip token_auth if told to
- should provide way to invalidate and refresh tokens.
- redirect_url behaviour - with json_api and web app.
- should allow client to set redirect_urls.
- redirect_url should work with oauth.
2.api :
- should create user provided api_key
- should update user provided api_key
- should get auth_token on sign_up/sign_in, provided api_key
- should be able to request password change , provided api_key
- should be able to call omniauth_callback, provided api_key
- after calling the omniauth_callback should return the auth_token(test for facebook and google)
- test with android java app.
3.web application :
-start the tests in a brand new app, using this as a gem.
-preinitializer should have 2 resources, one called admin and the other called user.
-it should use app controllers for admin and basic controllers for user
-then test everything set above.
-----------------------------
client_controller_tests
redirect_url_tests -> after normal sign in , and omniauth_sign_in
omniauth_api_tests
basic_devise_tests
options_tests
-----------------------------
confirmations_controller -> has no protection
passwords_controller -> calls require_no_auth everywhere, so it is fully protected.
omniauth_callbacks_controller -> (omni_concern) -> needs to be protected, can be done without too much trouble
registrations_controller -> need to modify two functions, require_no_authentication(which we are modifying anyways, and authenticate_scope!) this will protect all json requests, furthermore certain actions are not to be served by json at all.
sessions_controller ->
verify_signed_out_user -> for destroy need to add the hook here as well.
unlocks_controller -> completely protected by require_no_authentication.
need to figure out how to send json responses.
----------