auth-slice 0.1.0

data/public/stylesheets/master.css

@@ -0,0 +1,157 @@
+body {
+  font-family: Arial, Verdana, sans-serif;
+  font-size: 14px;
+  background-color: #fff;
+  color: #000;
+  background-color: #fff;
+}
+
+html {
+  height: 100%;
+}
+
+hr {
+  border: 0px;
+  color: #ccc;
+  background-color: #cdcdcd;
+  height: 1px;
+  width: 100%;
+  text-align: left;
+}
+
+h1, h2, h3 {
+  color: #003399;
+  color: #09579A;
+  background-color: #fff;
+  font-family: Arial, Verdana, sans-serif;
+  font-weight: 300;
+}
+
+h1 {
+  font-size: 20px;
+}
+h2 {
+  font-size: 15px;
+}
+h3 {
+  font-size: 15px;
+}
+
+p {
+  line-height: 20px;
+  padding: 5px;
+}
+
+a, a:hover {
+  color: #0033CC;
+  background-color: #fff;
+  text-decoration: underline;
+}
+
+#container {
+  width: 95%;
+  text-align: left;
+  background-color: #fff;
+  margin-right: auto;
+  margin-left: auto;
+}
+
+#header-container {
+  width: 100%;
+  padding-top: 15px;
+}
+
+#header-container h1, #header-container h2 {
+  margin-left: 6px;
+  margin-bottom: 6px;
+}
+
+#main-container {
+  padding: 15px;
+  min-height: 400px;
+}
+
+#footer-container {
+  clear: both;
+  font-size: 12px;
+  font-family: Verdana, Arial, sans-serif;
+}
+
+#main-container ul {
+  margin-left: 3.0em;
+}
+
+.right {
+  float: right;
+  font-size: 100%;
+  margin-top: 5px;
+  color: #999;
+  background-color: #fff;
+}
+.left {
+  float: left;
+  font-size: 100%;
+  margin-top: 5px;
+  color: #999;
+  background-color: #fff;
+}
+
+a#google_signup {
+  background:transparent url(/images/btn-google-signup.png) no-repeat scroll 0% 0%;
+  color:#FFFFFF;
+  display:block;
+  font-size:14px;
+  height:67px;
+  line-height:22px;
+  margin:0pt;
+  padding:0px;
+  text-align:center;
+  text-decoration:none;
+  width:151px;
+}
+
+a#google_signup div {
+  padding-top:8px;
+}
+
+#openid_url, .openid_link {
+  background:#FFFFFF url(/images/openid-login.gif) no-repeat scroll 2px 50%;
+  padding-left:25px;
+  width:14.25em;
+}
+
+/** Form inputs **/
+label {
+  font-weight: bold;
+  display: block;
+}
+
+#remember_me {
+  margin: 2px 5px 0px 0px;
+  float: left;
+}
+
+div.error {
+  background-color:#FCECEC;
+}
+
+div.error ul {
+  padding-bottom:20px;
+}
+
+.error {
+  background-color:#FCECEC;
+}
+
+.error h2 {
+  background: #CC0000 no-repeat scroll left center;
+  border-color: #CC9999;
+  color:#FFFFFF;
+  border:1px solid #CCCCCC;
+  font-size:14px;
+  padding:5px 5px 5px 10px;
+}
+
+.error li {
+  color: #CC0000;
+}

data/spec/auth-slice_spec.rb

@@ -0,0 +1,52 @@
+require File.dirname(__FILE__) + '/spec_helper'
+
+describe "AuthSlice (module)" do
+  
+  it "should be registered in Merb::Slices.slices" do
+    Merb::Slices.slices.should include(AuthSlice)
+  end
+  
+  it "should have an :identifier property" do
+    AuthSlice.identifier.should == "auth-slice"
+  end
+  
+  it "should have a :root property" do
+    AuthSlice.root.should == current_slice_root
+    AuthSlice.root_path('app').should == current_slice_root / 'app'
+  end
+  
+  it "should have a dir_for method" do
+    app_path = AuthSlice.dir_for(:application)
+    app_path.should == current_slice_root / 'app'
+    [:view, :model, :controller, :helper, :mailer, :part].each do |type|
+      AuthSlice.dir_for(type).should == app_path / "#{type}s"
+    end
+    public_path = AuthSlice.dir_for(:public)
+    public_path.should == current_slice_root / 'public'
+    [:stylesheet, :javascript, :image].each do |type|
+      AuthSlice.dir_for(type).should == public_path / "#{type}s"
+    end
+  end
+  
+  it "should have a app_dir_for method" do
+    app_path = AuthSlice.app_dir_for(:application)
+    app_path.should == Merb.root / 'slices' / 'auth-slice' / 'app'
+    [:view, :model, :controller, :helper, :mailer, :part].each do |type|
+      AuthSlice.app_dir_for(type).should == app_path / "#{type}s"
+    end
+    public_path = AuthSlice.app_dir_for(:public)
+    public_path.should == Merb.dir_for(:public) / 'slices' / 'auth-slice'
+    [:stylesheet, :javascript, :image].each do |type|
+      AuthSlice.app_dir_for(type).should == public_path / "#{type}s"
+    end
+  end
+  
+  it "should have a public_dir_for method" do
+    public_path = AuthSlice.public_dir_for(:public)
+    public_path.should == '/slices' / 'auth-slice'
+    [:stylesheet, :javascript, :image].each do |type|
+      AuthSlice.public_dir_for(type).should == public_path / "#{type}s"
+    end
+  end
+  
+end

data/spec/controllers/router_spec.rb

@@ -0,0 +1,29 @@
+require File.join(File.dirname(__FILE__), '..', 'spec_helper.rb')
+
+prefix = 'auth-slice'
+
+describe "Router.add_slice(:AuthSlice)" do
+  include Merb::Test::Rspec::RouteMatchers
+  
+  before(:all) do
+    Merb::Router.prepare { |r| r.add_slice(:AuthSlice) } if standalone?
+  end
+  
+  it "should have named routes for :login, :logout and :signup" do
+    [:login, :logout, :signup].each do |name|
+      url(name).should == "/#{prefix}/#{name}"
+    end
+  end
+
+  it "should route /#{prefix}/login to Session#new" do
+    request_to("/#{prefix}/login", :get).should route_to(AuthSlice::Users, :login)
+  end
+
+  it "should route /#{prefix}/login via post to Session#create" do
+    request_to("/#{prefix}/login", :post).should route_to(AuthSlice::Users, :login)
+  end
+
+  it "should route /#{prefix}/logout via delete to Session#destroy" do
+    request_to("/#{prefix}/logout", :delete).should route_to(AuthSlice::Users, :logout)
+  end
+end

data/spec/controllers/session_spec.rb

@@ -0,0 +1,87 @@
+require File.join(File.dirname(__FILE__), '..', 'spec_helper.rb')
+
+describe "Session Controller", "index action" do
+  before(:all) do    
+    Merb::Router.prepare { |r| r.add_slice(:AuthSlice) } if standalone?
+  end
+
+  def login_with(params = {}, &blk)
+    dispatch_to(AuthSlice::Users, :login, params, {:request_method => 'post'}, &blk)
+  end
+
+  def logout(&blk)
+    dispatch_to(AuthSlice::Users, :logout, {}, {}, &blk)
+  end
+  
+  it 'logins and redirects' do
+    controller = login_with(:username => 'quentin', :password => 'test') {|c|
+      c.should_receive(:verify_login).with('quentin', 'test').and_return(mock("User", :id => 1, :name => 'quentin'))
+    }
+    
+    controller.session[:user].should_not be_nil
+    controller.session[:user].should == 1
+    controller.should redirect_to("/")
+  end
+   
+  it 'fails login and does not redirect' do
+    controller = login_with(:username => 'quentin', :password => 'bad password') {|c|
+      c.should_receive(:verify_login).with('quentin', 'bad password').and_return(nil)
+    }
+    controller.session[:user].should be_nil
+    controller.should be_successful
+  end
+
+  it 'logs out' do
+    controller = logout {|c| 
+      c.stub!(:current_user).and_return(mock("User", :forget_me => true)) 
+    }
+    controller.session[:user].should be_nil
+    controller.should redirect
+  end
+
+  it 'remembers me' do
+    controller = login_with(:username => 'quentin', :password => 'test', :remember_me => "1") {|c|
+      user = mock("User", :id => 1)
+      c.should_receive(:verify_login).with('quentin', 'test').and_return(user)
+      user.should_receive(:remember_me)
+      user.should_receive(:remember_token).and_return("abc123")
+      user.should_receive(:remember_token_expires_at).and_return(Date.today)
+    }
+    controller.cookies["auth_token"].should_not be_nil
+  end
+ 
+  it 'does not remember me' do
+    controller = login_with(:username => 'quentin', :password => 'test', :remember_me => "0") {|c|
+      user = mock("User", :id => 1)
+      c.should_receive(:verify_login).with('quentin', 'test').and_return(user)
+    }
+    controller.cookies["auth_token"].should be_nil
+  end
+  
+  it 'deletes token on logout' do
+    controller = logout {|c| controller.stub!(:current_user).and_return(@quentin) }
+    controller.cookies["auth_token"].should == nil
+  end
+  
+  
+  it 'logs in with cookie' do
+    controller = login_with do |c|
+      c.request.env[Merb::Const::HTTP_COOKIE] = "auth_token=abc123"
+      c.should_receive(:verify_login).and_return(nil)
+      user = mock("User", :id => 1, :remember_token? => true)
+      c.should_receive(:find_user_by_remember_token).with('abc123').and_return(user)
+      user.should_receive(:remember_me)
+      user.should_receive(:remember_token).and_return("abc123")
+      user.should_receive(:remember_token_expires_at).and_return(Date.today)
+    end
+    controller.should be_logged_in
+  end
+
+  def auth_token(token)
+    CGI::Cookie.new('name' => 'auth_token', 'value' => token)
+  end
+    
+  def cookie_for(user)
+    auth_token user.remember_token
+  end
+end

data/spec/controllers/users_spec.rb

@@ -0,0 +1,37 @@
+require File.join(File.dirname(__FILE__), '..', 'spec_helper.rb')
+
+def user_hash(options = {})
+  { 'name'                   => 'ctran',
+    'username'               => "ctran",
+    'email'                  => "ctran@example.com",
+    'password'               => "sekret",
+    'password_confirmation'  => "sekret"}.merge(options)
+end
+
+describe AuthSlice::Users do
+  before(:all) do
+    Merb::Router.prepare { |r| r.add_slice(:AuthSlice) } if standalone?
+  end
+  
+  before(:each) do
+    @user = mock("User", user_hash)
+    AuthSlice::User.should_receive(:new).with(user_hash).and_return(@user)
+  end
+  
+  it 'allows signup and redirect to /' do
+    @user.should_receive(:save).and_return(true)
+    
+    controller = dispatch_to(AuthSlice::Users, :signup, {'auth_slice::user' => user_hash }, {:request_method => 'post'})
+    controller.assigns(:user).should == @user
+    controller.should redirect_to('/')
+   end
+
+   it 'reject signup and render errors in template' do
+     @user.should_receive(:save).and_return(false)
+     controller = dispatch_to(AuthSlice::Users, :signup, {'auth_slice::user' => user_hash}, {:request_method => 'post'}) {|c| 
+       c.should_receive(:render)
+     }
+     controller.assigns(:user).should == @user
+     controller.should respond_successfully
+   end
+end

data/spec/controllers/view_helper_spec.rb

@@ -0,0 +1,27 @@
+require File.dirname(__FILE__) + '/../spec_helper'
+
+module AuthSlice
+  class Main < Application
+    def index
+      'index'
+    end
+  end
+end
+
+describe "AuthSlice::Main (controller)" do
+  before :all do
+    Merb::Router.prepare { |r| r.add_slice(:AuthSlice) } if standalone?
+  end
+  
+  it "should have helper methods for dealing with public paths" do
+    controller = dispatch_to(AuthSlice::Main, :index)
+    controller.public_path_for(:image).should == "/slices/auth-slice/images"
+    controller.public_path_for(:javascript).should == "/slices/auth-slice/javascripts"
+    controller.public_path_for(:stylesheet).should == "/slices/auth-slice/stylesheets"
+  end
+  
+  it "should have a slice-specific _template_root" do
+    AuthSlice::Main._template_root.should == AuthSlice.dir_for(:view)
+    AuthSlice::Main._template_root.should == AuthSlice::Application._template_root
+  end
+end

data/spec/models/ar_user_spec.rb

@@ -0,0 +1,21 @@
+require File.join( File.dirname(__FILE__), "shared_user_spec")
+
+require 'activerecord'
+use_orm :activerecord
+
+describe "User with Activerecord adapter" do
+  before(:all) do
+    ActiveRecord::Base.establish_connection(:adapter  => "sqlite3", :database => ":memory:")
+    AuthSlice.use_adapter(:activerecord)
+  end
+  
+  before(:each) do
+    AuthSlice::User.create_db_table
+  end
+  
+  after(:each) do
+    AuthSlice::User.drop_db_table
+  end
+  
+  it_should_behave_like "AuthSlice::User"
+end

data/spec/models/dm_user_spec.rb

@@ -0,0 +1,20 @@
+require File.join( File.dirname(__FILE__), "shared_user_spec")
+
+use_orm :datamapper
+
+describe "User with Datamapper adapter" do
+  before(:all) do
+    DataMapper.setup(:default, 'sqlite3::memory:')
+    AuthSlice.use_adapter(:datamapper)
+  end
+  
+  before(:each) do
+    AuthSlice::User.create_db_table
+  end
+  
+  after(:each) do
+    AuthSlice::User.drop_db_table
+  end
+
+  it_should_behave_like "AuthSlice::User"
+end

data/spec/models/shared_user_spec.rb

@@ -0,0 +1,251 @@
+require File.join( File.dirname(__FILE__), "..", "spec_helper" )
+
+def valid_user_hash(options = {})
+  { :name                   => 'ctran',
+    :username               => "ctran",
+    :email                  => "ctran@example.com",
+    :password               => "sekret",
+    :password_confirmation  => "sekret"}.merge(options)
+end
+
+describe "AuthSlice::User", :shared => true do
+  describe "username" do
+    it "should require username field" do
+      user = AuthSlice::User.new
+      user.should respond_to(:username)
+      user.should_not be_valid
+      user.errors.on(:username).should_not be_nil
+    end
+  
+    it "should fail validation with username less than 3 chars" do
+      user = AuthSlice::User.new
+      user.username = "AB"
+      user.should_not be_valid
+      user.errors.on(:username).should_not be_nil
+    end
+  
+    it "should require username with between 3 and 40 chars" do
+      user = AuthSlice::User.new(valid_user_hash(:username => nil))
+      [3,40].each do |num|
+        user.username = "a" * num
+        user.should be_valid
+        user.errors.on(:username).should be_nil
+      end
+    end
+  
+    it "should fail validation with username over 90 chars" do
+      user = AuthSlice::User.new
+      user.username = "A" * 41
+      user.valid?
+      user.errors.on(:username).should_not be_nil    
+    end
+  
+    it "should make a valid user with all required fields set" do
+      user = AuthSlice::User.new(valid_user_hash)
+      user.save.should be_true
+      user.errors.should be_empty    
+    end
+  
+    it "should set timestamps after save" do
+      user = AuthSlice::User.new(valid_user_hash)
+      user.save.should be_true
+      user.created_at.should_not be_nil
+      user.updated_at.should_not be_nil   
+    end
+  
+    it "should make sure username is unique" do
+      user = AuthSlice::User.new( valid_user_hash(:username => "Daniel") )
+      user2 = AuthSlice::User.new( valid_user_hash(:username => "Daniel"))
+      user.save.should be_true
+      user.username.should == "daniel"
+      user2.save.should be_false
+      user2.errors.on(:username).should_not be_nil
+    end
+  
+    it "should make sure username is unique regardless of case" do
+      user = AuthSlice::User.new( valid_user_hash(:username => "Daniel") )
+      user2 = AuthSlice::User.new( valid_user_hash(:username => "daniel"))
+      user.save.should be_true
+      user.username = "Daniel"
+      user2.save.should be_false
+      user2.errors.on(:username).should_not be_nil
+    end
+  
+    it "should downcase username" do
+      user = AuthSlice::User.new( valid_user_hash(:username => "DaNieL"))
+      user.username.should == "daniel"    
+    end  
+  
+    it "should authenticate a user using a class method" do
+      user = AuthSlice::User.new(valid_user_hash)
+      user.save.should be_true
+      AuthSlice::User.authenticate(valid_user_hash[:username], valid_user_hash[:password]).should_not be_nil
+    end
+  
+    it "should not authenticate a user using the wrong password" do
+      user = AuthSlice::User.new(valid_user_hash)  
+      user.save.should be_true
+      AuthSlice::User.authenticate(valid_user_hash[:username], "not_the_password").should be_nil
+    end
+  
+    it "should not authenticate a user using the wrong username" do
+      user = AuthSlice::User.create(valid_user_hash)  
+      AuthSlice::User.authenticate("not_the_username", valid_user_hash[:password]).should be_nil
+    end
+  
+    it "should not authenticate a user that does not exist" do
+      AuthSlice::User.authenticate("i_dont_exist", "password").should be_nil
+    end
+  end
+
+  describe "the password fields for User" do
+    before(:each) do
+      @user = AuthSlice::User.new( valid_user_hash )
+    end
+  
+    it "should respond to password" do
+      @user.should respond_to(:password)    
+    end
+  
+    it "should respond to password_confirmation" do
+      @user.should respond_to(:password_confirmation)
+    end
+  
+    it "should have a protected password_required method" do
+      @user.protected_methods.should include("password_required?")
+    end
+  
+    it "should respond to crypted_password" do
+      @user.should respond_to(:crypted_password)    
+    end
+  
+    it "should require password if password is required" do
+      user = AuthSlice::User.new( valid_user_hash(:password => nil))
+      user.stub!(:password_required?).and_return(true)
+      user.should_not be_valid
+      user.errors.on(:password).should_not be_nil
+      user.errors.on(:password).should_not be_empty
+    end
+  
+    it "should set the salt" do
+      user = AuthSlice::User.new(valid_user_hash)
+      user.salt.should be_nil
+      user.send(:encrypt_password)
+      user.salt.should_not be_nil    
+    end
+  
+    it "should require the password on create" do
+      user = AuthSlice::User.new(valid_user_hash(:password => nil))
+      user.save.should_not be_true
+      user.errors.on(:password).should_not be_nil
+      user.errors.on(:password).should_not be_empty
+    end  
+  
+    it "should require password_confirmation if the password_required?" do
+      user = AuthSlice::User.new(valid_user_hash(:password_confirmation => nil))
+      user.save.should_not be_true
+      (user.errors.on(:password) || user.errors.on(:password_confirmation)).should_not be_nil
+    end
+  
+    it "should fail when password is outside 4 and 40 chars" do
+      [3,41].each do |num|
+        user = AuthSlice::User.new(valid_user_hash(:password => ("a" * num)))
+        user.should_not be_valid
+        user.errors.on(:password).should_not be_nil
+      end
+    end
+  
+    it "should pass when password is within 4 and 40 chars" do
+      [4,30,40].each do |num|
+        user = AuthSlice::User.new(valid_user_hash(:password => ("a" * num), :password_confirmation => ("a" * num)))
+        user.should be_valid
+        user.errors.on(:password).should be_nil
+      end    
+    end
+  
+    it "should autenticate against a password" do
+      user = AuthSlice::User.new(valid_user_hash)
+      user.save.should be_true
+      user.should be_authenticated(valid_user_hash[:password])
+    end
+  
+    it "should not require a password when saving an existing user" do
+      user = AuthSlice::User.create(valid_user_hash)
+      user = AuthSlice::User.find_by_username(valid_user_hash[:username])
+      user.password.should be_nil
+      user.password_confirmation.should be_nil
+      user.username = "some_different_username_to_allow_saving"
+      user.save.should be_true
+    end
+  end
+
+  describe "remember_me" do
+    predicate_matchers[:remember_token] = :remember_token?
+  
+    before do
+      @user = AuthSlice::User.new(valid_user_hash)
+    
+      t = Date.today
+      Date.stub!(:today).and_return(t)
+    end
+  
+    it "should have a remember_token_expires_at attribute" do
+      @user.attributes.keys.any?{|a| a.to_s == "remember_token_expires_at"}.should_not be_nil
+    end  
+  
+    it "should return true if remember_token_expires_at is set and is in the future" do
+      @user.remember_token_expires_at = Date.today + 7
+      @user.should remember_token    
+    end
+  
+    it "should set remember_token_expires_at to a specific date" do
+      time = Date.new(2009,12,25)
+      @user.remember_me_until(time)
+      @user.remember_token_expires_at.should == time    
+    end
+  
+    it "should set the remember_me token when remembering" do
+      time = Date.new(2009,12,25)
+      @user.remember_me_until(time)
+      @user.remember_token.should_not be_nil
+      @user.save
+      @user = AuthSlice::User.find_by_username(valid_user_hash[:username])
+      @user.remember_token.should_not be_nil
+      @user.remember_token_expires_at.should == time
+    end
+  
+    it "should set remember_me token for" do
+      remember_until = Date.today + 7
+      @user.remember_me_for(7)
+      @user.remember_token_expires_at.should == (remember_until)
+    end
+  
+    it "should remember_me token for two weeks" do
+      @user.remember_me
+      @user.remember_token_expires_at.should == (Date.today + 14)
+    end
+  
+    it "should forget me" do
+      @user.remember_me
+      @user.save
+      @user.forget_me
+      @user.remember_token.should be_nil
+      @user.remember_token_expires_at.should be_nil    
+    end
+  
+    it "should persist the remember_me token to the database" do
+      @user.remember_me
+      @user.save
+    
+      @user = AuthSlice::User.find_by_username(valid_user_hash[:username])
+      @user.remember_token.should_not be_nil
+      @user.remember_token_expires_at == (Date.today + 14)
+  
+      @user.forget_me
+
+      @user = AuthSlice::User.find_by_username(valid_user_hash[:username])
+      @user.remember_token.should be_nil
+      @user.remember_token_expires_at.should be_nil
+    end
+  end
+end