accounts 0.0.1

data/demo/views/forgot_password.haml

@@ -0,0 +1,21 @@
+!!!
+%html{html_attrs}
+  / Copyright Westside Consulting LLC, Ann Arbor, MI, USA, 2012
+
+  %body.forgot_password
+
+    %h1 Forgot my password
+
+    %form.forgot_password(action="/forgot-password" method="POST")
+      .label_input
+        %label{:for=>"email"} E-mail
+        %input{:name=>"email", :id=>"email", :type=>"text"} 
+      .button
+        %button{:type => "submit", } Submit
+
+    %p
+      We will send an e-mail to you with a one-time link that will 
+      take you to a page that will allow you to change your password.
+
+    %p
+      Meanwhile, if you remember your password, it will still work until you change it.

data/demo/views/logon.haml

@@ -0,0 +1,24 @@
+!!!
+
+%html{html_attrs}
+  / Copyright Westside Consulting LLC, Ann Arbor, MI, USA, 2012
+
+  %body
+
+    %h1 Sign in
+
+    %form#login_form(action="logon" method="POST")
+      .label_input
+        %label{:for=>"email"} E-mail
+        %input{:name=>"email", :id=>"email", :type=>"text", :value=>@email}
+      .label_input
+        %label{:for=>"password"} Password
+        %input{:name=>"password", :id=>"password", :type=>"password"} 
+      .button
+        %button{:type => "submit"} Submit
+
+    .reset_password
+      %a{:href=>"/forgot-password"} I forgot my password.
+
+    .register
+      %a{:href=>"/register"} Register!

data/demo/views/register.haml

@@ -0,0 +1,15 @@
+!!!
+
+%html{html_attrs}
+  / Copyright Westside Consulting LLC, Ann Arbor, MI, USA, 2012
+
+  %body
+
+    %h1 Register
+
+    %form#login_form{:action => '/register', :method => 'post'}
+      .label_input
+        %label{:for=>"email"} E-mail
+        %input{:name=>"email", :id=>"email", :type=>"text"} 
+      .button
+        %button{:type => "submit"} Submit

data/demo/web_app.rb

@@ -0,0 +1,99 @@
+# Copyright Westside Consulting LLC, Ann Arbor, MI, USA, 2012
+
+require 'pp'
+require 'rubygems'
+require 'bundler/setup'
+#Bundler.require(:default, :test, :development) # didn't work
+
+# development
+require 'mail-store-agent'
+require 'mail-single_file_delivery'
+require 'haml'
+
+# runtime
+require 'rack'
+require 'sinatra'
+require 'thin'
+require 'data_mapper'
+require 'dm-types'
+require 'dm-timestamps'
+require 'dm-postgres-adapter'
+require 'mail'
+require 'logger'
+require 'accounts'
+
+class MyWebApp < Sinatra::Base
+  use ::Accounts::Server;
+
+  DataMapper.auto_migrate!  # empty database
+  STDERR.puts "WARNING: called DataMapper.auto_migrate! to clear database"
+
+  enable :logging
+
+  # Web app class must define this.
+  # In a production environment you might want to replace this with something like Rack::Session::Pool
+  enable :sessions
+
+  not_found do
+    %Q{Page not found.  Go to <a href="home">home page</a>.}
+  end
+
+  error 403 do
+    "Access denied"
+  end
+
+  get '/' do
+    %Q{Welcome visitor!  Please <a href="/logon">log on</a>.}
+  end
+
+  get '/welcome' do
+    account = Accounts::Account.get(session[:account_id]) or return 403
+    "Welcome #{account.email}!"
+  end
+
+  get '/logon' do
+    @email = params[:email] || ''
+    haml :logon
+  end
+
+  get '/logout' do
+    session[:account_id] = nil
+    redirect to('/logon')
+  end
+
+  get '/register' do
+    haml :register
+  end
+
+  get '/forgot-password' do
+    haml :forgot_password
+  end
+
+  get '/change-password' do
+    return 403 unless session[:account_id]
+    haml :change_password
+  end
+
+  get '/change-email' do
+    return 403 unless session[:account_id]
+    haml :change_email
+  end
+
+  if app_file == $0
+    STDERR.puts "Running standalone"
+    # Run as stand-along web app
+    Mail.defaults do
+      delivery_method Mail::SingleFileDelivery::Agent, :filename => '/tmp/mail-test-fifo'
+    end
+    require 'sinatra/reloader'
+    register Sinatra::Reloader
+    enable :reloader
+    run!
+  else
+    # Probably running under Cucumber
+    Mail.defaults do
+      delivery_method(:test)
+      Mail::TestMailer.deliveries = MailStoreAgent.new
+    end
+  end
+end

data/features/change-email.feature

@@ -0,0 +1,51 @@
+# Copyright Westside Consulting LLC, Ann Arbor, MI, USA, 2012
+
+@change-email
+Feature: Users can change their e-mails
+
+  @email-taken
+  Scenario: Alice cannot change her e-mail to one that is already taken
+    Given I register "alice@wunder.land" with password "caterpillar"
+    And I register "caterpillar@wunder.land" with password "caterpillar"
+    And "alice@wunder.land" is authenticated with password "caterpillar"
+    When Alice visits "/change-email"
+    And she fills in "email" with "caterpillar@wunder.land" 
+    And she presses "Submit"
+    Then she should see "caterpillar@wunder.land is already taken"
+
+  @request-change-email
+  Scenario: Alice requests to change email to an available email
+    Given "alice@wunder.land" is registered with password "caterpillar"
+    And "alice@wunder.land" is authenticated with password "caterpillar"
+    When she visits "/change-email"
+    And she fills in "email" with "alice@looking.glass" 
+    And she presses "Submit"
+    Then she should see "Check your e-mail"
+    And "alice@wunder.land" opens an email containing "You have requested to change your e-mail to alice@looking.glass"
+    And "alice@looking.glass" should receive an email
+
+  Scenario: Alice can still log on with her previous e-mail
+    Given "alice@wunder.land" is registered with password "caterpillar"
+    When she visits "/logon"
+    And she fills in "email" with "alice@wunder.land" 
+    And she fills in "password" with "caterpillar"
+    And she presses "Submit"
+    Then she should be on "/welcome"
+    And she should see "Welcome alice@wunder.land"
+
+  Scenario: Alice follows confirmation link
+    Given "alice@looking.glass" opens an email containing "/response-token/"
+    When she visits link from email
+    And "email" form-input should contain "alice@looking.glass" 
+    And she fills in "password" with "caterpillar"
+    And she presses "Submit"
+    Then she should be on "/welcome"
+    And she should see "Welcome alice@looking.glass"
+
+  Scenario: Alice can not log on with her previous e-mail
+    Given "alice@looking.glass" is registered with password "caterpillar"
+    When she visits "/logon"
+    And she fills in "email" with "alice@wunder.land" 
+    And she fills in "password" with "caterpillar"
+    And she presses "Submit"
+    Then she should not see "Welcome alice@wunder.land"

data/features/change-password.feature

@@ -0,0 +1,89 @@
+# Copyright Westside Consulting LLC, Ann Arbor, MI, USA, 2012
+
+@change-password
+Feature: Users can change their passwords
+
+  @registers-confirms
+  Scenario: Alice requests to register
+    Given I have unregistered "alice@wunder.land"
+    When she visits "/register"
+    And she fills in "email" with "alice@wunder.land" 
+    And she presses "Submit"
+    Then she should see "Check your e-mail"
+
+  Scenario: Alice changes her password
+    Given "alice@wunder.land" opens an email containing "/response-token/"
+    Then she visits link from email
+    And she should see "Change Password"
+    And she fills in "password" with "caterpillar" 
+    And she fills in "password2" with "caterpillar" 
+    And she presses "Submit"
+    Then she should see "You have changed your password."
+    And "alice@wunder.land" should receive an email
+    And "admin@accounts.test" should receive an email
+    And "admin@accounts.test" opens an email containing "alice@wunder.land has registered and confirmed"
+
+  Scenario: Alice can log on with password "caterpillar"
+    Given "alice@wunder.land" opens an email containing "The password for alice@wunder.land has changed."
+    When she visits "/logon"
+    And she fills in "email" with "alice@wunder.land" 
+    And she fills in "password" with "caterpillar"
+    And she presses "Submit"
+    Then she should be on "/welcome"
+    And she should see "Welcome alice@wunder.land"
+
+  Scenario: Alice can not log on with password "alice"
+    When she visits "/logon"
+    And she fills in "email" with "alice@wunder.land" 
+    And she fills in "password" with "alice"
+    And she presses "Submit"
+    Then she should be on "/logon"
+    And she should not see "Welcome alice@wunder.land"
+
+  Scenario: Alice attempts to visit restricted page without first authenticating
+    Given Alice has logged out
+    When she visits "/welcome"
+    And she should not see "Welcome alice@wunder.land"
+
+  Scenario: Alice changes her password again
+    Given Alice visits "/logon"
+    And she fills in "email" with "alice@wunder.land" 
+    And she fills in "password" with "caterpillar"
+    And she presses "Submit"
+    And she visits "/change-password"
+    Then she fills in "password" with "whiterabbit" 
+    And she fills in "password2" with "whiterabbit" 
+    And she presses "Submit"
+    Then she should see "You have changed your password."
+
+  Scenario: Alice tries to log on with her defunct password
+    Given "alice@wunder.land" opens an email containing "The password for alice@wunder.land has changed."
+    When she visits "/logon"
+    And she fills in "email" with "alice@wunder.land" 
+    And she fills in "password" with "caterpillar"
+    And she presses "Submit"
+    Then she should not see "Welcome alice@wunder.land"
+
+  Scenario: Only authenticated users can change their password
+    Given I have unregistered "dormouse@alice.com"
+    When he visits "/change-password"
+    Then he should not see "Change Password"
+
+  Scenario: Alice forgets her password
+    Given Alice visits "/forgot-password"
+    When she fills in "email" with "alice@wunder.land" 
+    And she presses "Submit"
+    Then she should see "Check your e-mail"
+    And "alice@wunder.land" should receive an email
+
+  Scenario: Alice can reset her password again
+    Given "alice@wunder.land" opens an email containing "/response-token/"
+    When she visits link from email
+    Then alice should see "Change Password"
+    #But she remembers it again and goes to tea with Caterpillar. :)
+
+  Scenario: Unknown user attempts to reset password
+    Given MadHatter visits "/forgot-password"
+    When he fills in "email" with "madhatter@wunder.land" 
+    And he presses "Submit"
+    Then he should see "madhatter@wunder.land does not match any account"

data/features/register.feature

@@ -0,0 +1,42 @@
+# Copyright Westside Consulting LLC, Ann Arbor, MI, USA, 2012
+
+@register
+Feature: Visitors can register
+
+  Scenario: Unregistered user requests to register
+    Given I have unregistered "alice@wunder.land"
+    When she visits "/register"
+    And she fills in "email" with "alice@wunder.land" 
+    And she presses "Submit"
+    Then she should see "Check your e-mail"
+    And "alice@wunder.land" should receive an email
+
+  Scenario: Unconfirmed user requests to register again will get another e-mail
+    Given "alice@wunder.land" is registered
+    When she visits "/register"
+    And she fills in "email" with "alice@wunder.land" 
+    And she presses "Submit"
+    Then page has content "Check your e-mail"
+    And "alice@wunder.land" should receive an email
+
+  Scenario: Confirm registration with stale link doesn't do anything
+    Given "alice@wunder.land" opens an email containing "/response-token/"
+    When she visits link from email
+    Then Alice should see "Page not found"
+    And "alice@wunder.land" is not confirmed
+
+  Scenario: Confirm registration with active link is successful
+    Given "alice@wunder.land" opens an email containing "/response-token/"
+    When she visits link from email
+    Then alice should see "Change Password"
+    And "admin@accounts.test" should receive an email
+    And "admin@accounts.test" opens an email containing "alice@wunder.land has registered and confirmed"
+    And "alice@wunder.land" is confirmed
+
+  Scenario: Confirmed user requests to register again will fail
+    Given "alice@wunder.land" is registered
+    When I visits "/register"
+    And I fills in "email" with "alice@wunder.land" 
+    And I presses "Submit"
+    Then page has content "alice@wunder.land is already registered"
+    And "alice@wunder.land" should not receive an email

data/features/step_definitions/steps.rb

@@ -0,0 +1,102 @@
+# Copyright Westside Consulting LLC, Ann Arbor, MI, USA, 2012
+
+When /^page has "([^"]*)"$/ do |arg1|
+  #STDERR.puts page.body
+  page.body.should have_selector(arg1)
+end
+
+When /^page has content "([^"]*)"$/ do |arg1|
+  #STDERR.puts page.body
+  page.body.should have_content(arg1)
+end
+
+When /^"([^"]*)" is suspended$/ do |arg1|
+  pending # express the regexp above with the code you wish you had
+end
+
+When /^\w+ visits link from email$/ do
+  @new_mail.should_not be_nil
+  @new_mail.body.to_s =~ /(http\S+)/
+  link = $1
+  link.should_not be_nil
+  #STDERR.puts "link = #{link}"
+  visit link
+end
+
+When /^"([^"]*)" is (not )?confirmed$/ do |arg1, bool|
+  account = Accounts::Account.first( :email => arg1 )
+  should_be_confirmed = !bool
+
+  if (should_be_confirmed) then
+    account.should_not be_nil
+    account.status.should include :email_confirmed
+  else
+    account.status.should_not include :email_confirmed if account
+  end
+end
+
+When /^\w+ visits? "([^"]*)"$/ do |arg1|
+  visit arg1
+  #save_and_open_page
+end
+
+When /^I should see raw html: "([^"]*)"$/ do |arg1|
+  page.html.should match /#{arg1}/ 
+end
+
+When /^I have unregistered "([^"]*)"$/ do |arg1|
+  account = Accounts::Account.all( :email => arg1 )
+  account.destroy if account
+  Accounts::Account.all( :email => arg1 ).should have(0).items
+end
+
+When /^"([^"]*)" is (not )?registered$/ do |arg1, bool|
+  Accounts::Account.all( :email => arg1 ).should have(bool ? 0 : 1).items
+end
+
+When /^"([^"]*)" opens an email containing "([^"]*)"$/ do |arg1, arg2|
+  Mail::TestMailer.deliveries.accounts.should include(arg1)
+  @new_mail = Mail::TestMailer.deliveries.get(arg1)
+  @new_mail.should_not be_nil
+  @new_mail.body.should match /#{arg2}/
+end
+
+When /^"([^"]*)" should receive an email$/ do |arg1|
+  Mail::TestMailer.deliveries.accounts.should include(arg1)
+  Mail::TestMailer.deliveries.peek(arg1).should_not be_nil
+end
+
+When /^"([^"]*)" should not receive an email$/ do |arg1|
+  msg = Mail::TestMailer.deliveries.peek(arg1)
+  msg.should be_nil
+end
+
+When /^(?:\S+ )(?:is|has) logged out$/ do
+  visit '/logout'
+end
+
+When /^I register "([^"]*)" with password "([^"]*)"$/ do |arg1, arg2|
+  account = Accounts::Account.create ({ :email => arg1 })
+  account.set_password arg2
+end
+
+When /^"([^"]*)" is registered with password "([^"]*)"$/ do |arg1, arg2|
+  account = Accounts::Account.first ({ :email => arg1 })
+  account.should_not be_nil
+  account.confirm_password(arg2).should be_true
+end
+
+When /^"([^"]*)" is authenticated with password "([^"]*)"$/ do |arg1, arg2|
+  visit '/logon'
+  current_path.should be == '/logon'
+  fill_in('email', :with => arg1)
+  fill_in('password', :with => arg2)
+  click_button("Submit")
+  current_path.should be == '/welcome'
+  page.body.should match "Welcome #{arg1}"
+end
+
+Then /^"([^"]*)" form\-input should contain "([^"]*)"$/ do |arg1, arg2|
+  find("input[@name=#{arg1}]").value.should be == arg2
+end
+