lynndylanhurley · booleanbetrayal · Jan 4, 2016 · Dec 22, 2015
diff --git a/lib/devise_token_auth/rails/routes.rb b/lib/devise_token_auth/rails/routes.rb
@@ -33,6 +33,9 @@ def mount_devise_token_auth_for(resource, opts)
         # get full url path as if it were namespaced
         full_path = "#{@scope[:path]}/#{opts[:at]}"
 
+        # get namespace name
+        namespace_name = @scope[:as]
+
         # clear scope so controller routes aren't namespaced
         @scope = ActionDispatch::Routing::Mapper::Scope.new(
           path:         "",
@@ -43,7 +46,10 @@ def mount_devise_token_auth_for(resource, opts)
           parent:       nil
         )
 
-        devise_scope resource.underscore.gsub('/', '_').to_sym do
+        mapping_name = resource.underscore.gsub('/', '_')
+        mapping_name = "#{namespace_name}_#{mapping_name}" if namespace_name
+
+        devise_scope mapping_name.to_sym do
           # path to verify token validity
           get "#{full_path}/validate_token", controller: "#{token_validations_ctrl}", action: "validate_token"
 

diff --git a/test/controllers/devise_token_auth/token_validations_controller_test.rb b/test/controllers/devise_token_auth/token_validations_controller_test.rb
@@ -63,4 +63,29 @@ class DeviseTokenAuth::TokenValidationsControllerTest < ActionDispatch::Integrat
     end
 
   end
+
+  describe 'using namespaces with unused resource' do
+
+    before do
+      @resource = scoped_users(:confirmed_email_user)
+      @resource.skip_confirmation!
+      @resource.save!
+
+      @auth_headers = @resource.create_new_auth_token
+
+      @token     = @auth_headers['access-token']
+      @client_id = @auth_headers['client']
+      @expiry    = @auth_headers['expiry']
+
+      # ensure that request is not treated as batch request
+      age_token(@resource, @client_id)
+    end
+
+    test "should be successful" do
+      get '/api_v2/auth/validate_token', {}, @auth_headers
+      assert_equal 200, response.status
+    end
+
+  end
+
 end
diff --git a/test/dummy/app/models/scoped_user.rb b/test/dummy/app/models/scoped_user.rb
@@ -0,0 +1,7 @@
+class ScopedUser < ActiveRecord::Base
+  # Include default devise modules.
+  devise :database_authenticatable, :registerable,
+          :recoverable, :rememberable, :trackable, :validatable,
+          :confirmable, :omniauthable
+  include DeviseTokenAuth::Concerns::User
+end
diff --git a/test/dummy/config/routes.rb b/test/dummy/config/routes.rb
@@ -41,6 +41,19 @@
     end
   end
 
+  # test namespacing with not created devise mapping
+  namespace :api_v2, defaults: { format: :json } do
+    mount_devise_token_auth_for "ScopedUser",
+      at:          "auth",
+      controllers: {
+        omniauth_callbacks: "api_v2/omniauth_callbacks",
+        sessions:           "api_v2/sessions",
+        registrations:      "api_v2/registrations",
+        confirmations:      "api_v2/confirmations",
+        passwords:          "api_v2/passwords"
+      }
+  end
+
   # this route will authorize visitors using the User class
   get 'demo/members_only', to: 'demo_user#members_only'
 

diff --git a/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb b/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb
@@ -0,0 +1,60 @@
+include MigrationDatabaseHelper
+
+class DeviseTokenAuthCreateScopedUsers < ActiveRecord::Migration
+  def change
+    create_table(:scoped_users) do |t|
+      ## Required
+      t.string :provider, :null => false
+      t.string :uid, :null => false, :default => ""
+
+      ## Database authenticatable
+      t.string :encrypted_password, :null => false, :default => ""
+
+      ## Recoverable
+      t.string   :reset_password_token
+      t.datetime :reset_password_sent_at
+
+      ## Rememberable
+      t.datetime :remember_created_at
+
+      ## Trackable
+      t.integer  :sign_in_count, :default => 0, :null => false
+      t.datetime :current_sign_in_at
+      t.datetime :last_sign_in_at
+      t.string   :current_sign_in_ip
+      t.string   :last_sign_in_ip
+
+      ## Confirmable
+      t.string   :confirmation_token
+      t.datetime :confirmed_at
+      t.datetime :confirmation_sent_at
+      t.string   :unconfirmed_email # Only if using reconfirmable
+
+      ## Lockable
+      # t.integer  :failed_attempts, :default => 0, :null => false # Only if lock strategy is :failed_attempts
+      # t.string   :unlock_token # Only if unlock strategy is :email or :both
+      # t.datetime :locked_at
+
+      ## User Info
+      t.string :name
+      t.string :nickname
+      t.string :image
+      t.string :email
+
+      ## Tokens
+      if json_supported_database?
+        t.json :tokens
+      else
+        t.text :tokens
+      end
+
+      t.timestamps
+    end
+
+    add_index :scoped_users, :email
+    add_index :scoped_users, [:uid, :provider],     :unique => true
+    add_index :scoped_users, :reset_password_token, :unique => true
+    # add_index :scoped_users, :confirmation_token,   :unique => true
+    # add_index :scoped_users, :unlock_token,         :unique => true
+  end
+end
diff --git a/test/dummy/db/schema.rb b/test/dummy/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20150708104536) do
+ActiveRecord::Schema.define(version: 20160103235141) do
 
   create_table "evil_users", force: :cascade do |t|
     t.string   "email"
@@ -122,6 +122,35 @@
   add_index "only_email_users", ["email"], name: "index_only_email_users_on_email"
   add_index "only_email_users", ["uid", "provider"], name: "index_only_email_users_on_uid_and_provider", unique: true
 
+  create_table "scoped_users", force: :cascade do |t|
+    t.string   "provider",                            null: false
+    t.string   "uid",                    default: "", null: false
+    t.string   "encrypted_password",     default: "", null: false
+    t.string   "reset_password_token"
+    t.datetime "reset_password_sent_at"
+    t.datetime "remember_created_at"
+    t.integer  "sign_in_count",          default: 0,  null: false
+    t.datetime "current_sign_in_at"
+    t.datetime "last_sign_in_at"
+    t.string   "current_sign_in_ip"
+    t.string   "last_sign_in_ip"
+    t.string   "confirmation_token"
+    t.datetime "confirmed_at"
+    t.datetime "confirmation_sent_at"
+    t.string   "unconfirmed_email"
+    t.string   "name"
+    t.string   "nickname"
+    t.string   "image"
+    t.string   "email"
+    t.text     "tokens"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
+  add_index "scoped_users", ["email"], name: "index_scoped_users_on_email"
+  add_index "scoped_users", ["reset_password_token"], name: "index_scoped_users_on_reset_password_token", unique: true
+  add_index "scoped_users", ["uid", "provider"], name: "index_scoped_users_on_uid_and_provider", unique: true
+
   create_table "unconfirmable_users", force: :cascade do |t|
     t.string   "provider",                            null: false
     t.string   "uid",                    default: "", null: false

diff --git a/test/fixtures/scoped_users.yml b/test/fixtures/scoped_users.yml
@@ -0,0 +1,10 @@
+<% timestamp = DateTime.parse(2.weeks.ago.to_s).to_time.strftime("%F %T") %>
+<% @email = Faker::Internet.email %>
+confirmed_email_user:
+  uid:                 "<%= @email %>"
+  email:               "<%= @email %>"
+  provider:            'email'
+  confirmed_at:        '<%= timestamp %>'
+  created_at:          '<%= timestamp %>'
+  updated_at:          '<%= timestamp %>'
+  encrypted_password:  <%= User.new.send(:password_digest, 'secret123') %>