Refactor tests for old token removal when max clients are exceeded.

Evan-M · Evan-M · commit 9ebc5bd71216 · 2018-03-19T14:57:00.000-07:00
diff --git a/test/controllers/demo_user_controller_test.rb b/test/controllers/demo_user_controller_test.rb
@@ -407,6 +407,53 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
           DeviseTokenAuth.headers_names[:'access-token'] = 'access-token'
         end
       end
+
+      describe 'maximum concurrent devices per user' do
+        before do
+          # Set the max_number_of_devices to a lower number
+          #  to expedite tests! (Default is 10)
+          DeviseTokenAuth.max_number_of_devices = 5
+
+          # @max_devices = DeviseTokenAuth.max_number_of_devices
+        end
+
+        it 'should limit the maximum number of concurrent devices' do
+          # increment the number of devices until the maximum is exceeded
+          1.upto(DeviseTokenAuth.max_number_of_devices + 1).each do |n|
+            # initial_tokens = @resource.reload.tokens
+
+            assert_equal(
+              [n, DeviseTokenAuth.max_number_of_devices].min,
+              @resource.reload.tokens.length
+            )
+
+            # Add a new device (and token) ahead of the next iteration
+            @resource.create_new_auth_token
+
+            # refute_equal initial_tokens, @resource.reload.tokens
+          end
+        end
+
+        it 'should drop the oldest token when the maximum number of devices is exceeded' do
+          # create the maximum number of tokens
+          1.upto(DeviseTokenAuth.max_number_of_devices).each do
+            @resource.create_new_auth_token
+          end
+
+          # get the oldest token
+          oldest_token, _ = @resource.reload.tokens \
+                              .min_by { |cid, v| v[:expiry] || v["expiry"] }
+
+          # create another token, thereby dropping the oldest token
+          @resource.create_new_auth_token
+
+          assert_not_includes @resource.reload.tokens.keys, oldest_token
+        end
+
+        after do
+          DeviseTokenAuth.max_number_of_devices = 10
+        end
+      end
     end
 
     describe 'bypass_sign_in' do
@@ -503,17 +550,8 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
             refute_equal @resource, @controller.current_mang
           end
 
-          it 'should increase the number of tokens by a factor of 2 up to 11' do
-            @first_token = @resource.tokens.keys.first
 
-            DeviseTokenAuth.max_number_of_devices = 11
-            (1..10).each do |n|
-              assert_equal [11, 2 * n].min, @resource.reload.tokens.keys.length
-              get '/demo/members_only', params: {}, headers: nil
-            end
 
-            assert_not_includes @resource.reload.tokens.keys, @first_token
-          end
         end
 
         it 'should return success status' do
diff --git a/test/controllers/devise_token_auth/sessions_controller_test.rb b/test/controllers/devise_token_auth/sessions_controller_test.rb
@@ -75,23 +75,46 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
 
         describe "with multiple clients and headers don't change in each request" do
           before do
-            DeviseTokenAuth.max_number_of_devices = 1
+            # Set the max_number_of_devices to a lower number
+            #  to expedite tests! (Default is 10)
+            DeviseTokenAuth.max_number_of_devices = 2
             DeviseTokenAuth.change_headers_on_each_request = false
-            @tokens = []
-            (1..3).each do |n|
-              post :create,
-                   params: {
-                     email: @existing_user.email,
-                     password: 'secret123'
-                   }
-              @tokens << @existing_user.reload.tokens
+
+            @user_session_params = {
+              email: @existing_user.email,
+              password: 'secret123'
+            }
+          end
+
+          test 'should limit the maximum number of concurrent devices' do
+            # increment the number of devices until the maximum is exceeded
+            1.upto(DeviseTokenAuth.max_number_of_devices + 1).each do |n|
+              initial_tokens = @existing_user.reload.tokens
+
+              assert_equal(
+                [n, DeviseTokenAuth.max_number_of_devices].min,
+                @existing_user.reload.tokens.length
+              )
+
+              # Already have the max number of devices
+              post :create, params: @user_session_params
+
+              # A session for a new device maintains the max number of concurrent devices
+              refute_equal initial_tokens, @existing_user.reload.tokens
             end
           end
 
-          test 'should delete old tokens' do
-            current_tokens = @existing_user.reload.tokens
-            assert_equal 1, current_tokens.count
-            assert_equal @tokens.pop.keys.first, current_tokens.keys.first
+          test 'should drop old tokens when max number of devices is exceeded' do
+            1.upto(DeviseTokenAuth.max_number_of_devices).each do |n|
+              post :create, params: @user_session_params
+            end
+
+            oldest_token, _ = @existing_user.reload.tokens \
+                                .min_by { |cid, v| v[:expiry] || v["expiry"] }
+
+            post :create, params: @user_session_params
+
+            assert_not_includes @existing_user.reload.tokens.keys, oldest_token
           end
 
           after do
