authkit 0.0.1

data/lib/generators/authkit/templates/spec/controllers/email_confirmation_controller_spec.rb

@@ -0,0 +1,80 @@
+require 'spec_helper'
+
+describe EmailConfirmationController do
+  render_views
+
+  let(:user_params) { { email: "test@example.com", username: "test", password: "example", password_confirmation: "example" } }
+  let(:user) { User.new(user_params) }
+  let(:token) { "TOKEN" }
+
+  describe "GET 'show'" do
+    it "requires a valid token" do
+      User.should_receive(:user_from_token).with(token).and_return(nil)
+      get 'show', token: token
+      response.should be_redirect
+      flash[:error].should_not be_empty
+    end
+
+    describe "with a valid token" do
+      before(:each) do
+        user.confirmation_email = "new@example.com"
+        user.confirmation_token = token
+      end
+
+      describe "when the confirmation is successful" do
+        it "confirms the user email" do
+          User.should_receive(:user_from_token).with(token).and_return(user)
+          user.should_receive(:email_confirmed).and_return(true)
+          get 'show', token: token
+        end
+
+        it "signs the user in" do
+          User.should_receive(:user_from_token).with(token).and_return(user)
+          controller.should_receive(:login).with(user)
+          get 'show', token: token
+        end
+
+        it "sets the flash" do
+          User.should_receive(:user_from_token).with(token).and_return(user)
+          get 'show', token: token
+          flash[:notice].should_not be_nil
+        end
+
+        it "redirects the user" do
+          User.should_receive(:user_from_token).with(token).and_return(user)
+          get 'show', token: token
+          response.should be_redirect
+        end
+
+        describe "from json" do
+          it "returns http success" do
+            User.should_receive(:user_from_token).with(token).and_return(user)
+            get 'show', token: token, format: 'json'
+            response.should be_success
+          end
+        end
+
+      end
+
+      describe "when the confirmation is not successful" do
+        it "handles invalid confirmations" do
+          User.should_receive(:user_from_token).with(token).and_return(user)
+          user.should_receive(:email_confirmed).and_return(false)
+          get 'show', token: token
+          flash[:error].should_not be_empty
+          response.should be_redirect
+        end
+
+        describe "from json" do
+          it "returns a 422" do
+            User.should_receive(:user_from_token).with(token).and_return(user)
+            user.should_receive(:email_confirmed).and_return(false)
+            get 'show', token: token, format: 'json'
+            response.code.should == '422'
+          end
+        end
+
+      end
+    end
+  end
+end

data/lib/generators/authkit/templates/spec/controllers/password_change_controller_spec.rb

@@ -0,0 +1,98 @@
+require 'spec_helper'
+
+describe PasswordChangeController do
+  render_views
+
+  let(:user_params) { { email: "test@example.com", username: "test", password: "example", password_confirmation: "example" } }
+  let(:user) { User.new(user_params) }
+  let(:token) { "TOKEN" }
+
+  describe "GET 'show'" do
+    it "requires a valid token" do
+      User.should_receive(:user_from_token).with(token).and_return(nil)
+      get 'show', token: token
+      response.should be_redirect
+      flash[:error].should_not be_empty
+    end
+
+    it "returns http success" do
+      User.should_receive(:user_from_token).with(token).and_return(user)
+      get 'show', token: token
+      response.should be_success
+    end
+  end
+
+  describe "POST 'create'" do
+    it "requires a valid token" do
+      User.should_receive(:user_from_token).with(token).and_return(nil)
+      post 'create', {token: token, password: 'newpassword', password_confirmation: 'newpassword'}
+      response.should be_redirect
+      flash[:error].should_not be_empty
+    end
+
+    describe "with valid params" do
+      before(:each) do
+        User.should_receive(:user_from_token).with(token).and_return(user)
+      end
+
+      it "changes the password" do
+        expect {
+          post 'create', {token: token, password: 'newpassword', password_confirmation: 'newpassword'}
+        }.to change(user, :password_digest)
+
+        user.should be_valid
+      end
+
+      it "signs the user in" do
+        controller.should_receive(:login).with(user)
+        post 'create', {token: token, password: 'newpassword', password_confirmation: 'newpassword'}
+      end
+
+      it "redirects the user" do
+        post 'create', {token: token, password: 'newpassword', password_confirmation: 'newpassword'}
+        response.should be_redirect
+      end
+
+      it "sets the flash" do
+        post 'create', {token: token, password: 'newpassword', password_confirmation: 'newpassword'}
+        flash[:notice].should =~ /successfully/i
+      end
+
+      describe "from json" do
+        it "returns http success" do
+          post 'create', {token: token, password: 'newpassword', password_confirmation: 'newpassword', format: 'json'}
+          response.should be_success
+        end
+      end
+    end
+
+    describe "with invalid params" do
+      before(:each) do
+        User.should_receive(:user_from_token).with(token).and_return(user)
+      end
+
+      it "doesn't sign the user in" do
+        controller.should_not_receive(:login)
+        post 'create', {token: token, password: 'newpassword', password_confirmation: 'invalid'}
+      end
+
+      it "renders the show template" do
+        post 'create', {token: token, password: 'newpassword', password_confirmation: 'invalid'}
+        response.should render_template(:show)
+      end
+
+      it "has errors" do
+        post 'create', {token: token, password: 'newpassword', password_confirmation: 'invalid'}
+        assigns(:user).should have(2).errors_on(:password_confirmation)
+      end
+
+      describe "from json" do
+        it "returns an error" do
+          post 'create', {token: token, password: 'newpassword', password_confirmation: 'invalid', format: 'json'}
+          response.code.should == '422'
+          response.body.should =~ /doesn't match/i
+        end
+      end
+    end
+  end
+end

data/lib/generators/authkit/templates/spec/controllers/password_reset_controller_spec.rb

@@ -0,0 +1,87 @@
+require 'spec_helper'
+
+describe PasswordResetController do
+  render_views
+
+  let(:user_params) { { email: "test@example.com", username: "test", password: "example", password_confirmation: "example" } }
+  let(:user) { User.new(user_params) }
+
+  describe "GET 'show'" do
+    it "returns http success" do
+      get 'show'
+      response.should be_success
+    end
+  end
+
+  describe "POST 'create'" do
+    before(:each) do
+      User.stub(:find_by_username_or_email).with("test@example.com").and_return(user)
+      User.stub(:find_by_username_or_email).with("unknown@example.com").and_return(nil)
+      user.stub(:persisted?).and_return(true)
+      user.stub(:id).and_return(1)
+    end
+
+    it "redirects the user" do
+      post :create, {email: "test@example.com"}
+      response.should be_redirect
+    end
+
+    it "finds the user by the email or user name" do
+      User.should_receive(:find_by_username_or_email).with("test@example.com").and_return(user)
+      post :create, {email: "test@example.com"}
+    end
+
+    it "downcases the email or user name" do
+      User.should_receive(:find_by_username_or_email).with("test@example.com").and_return(user)
+      post :create, {email: "TEST@EXAMPLE.COM"}
+    end
+
+    it "logs any current user out if it finds the user" do
+      controller.should_receive(:logout)
+      post :create, {email: "test@example.com"}
+    end
+
+    it "resets the password if it finds the user" do
+      user.should_receive(:send_reset_password).and_return(true)
+      post :create, {email: "test@example.com"}
+    end
+
+    it "does not reset the password if it does not find a user" do
+      User.any_instance.should_not_receive(:send_reset_password)
+      post :create, {email: "unknown@example.com"}
+    end
+
+    describe "from json" do
+      it "returns http success" do
+        post :create, {email: "test@example.com", format: "json"}
+        response.should be_success
+      end
+    end
+
+    describe "with invalid email" do
+      describe "from html" do
+        it "sets the flash message" do
+          post :create, {email: "unknown@example.com"}
+          flash.now[:error].should_not be_empty
+        end
+
+        it "renders the show page" do
+          post :create, {email: "unknown@example.com"}
+          response.should render_template(:show)
+        end
+      end
+
+      describe "from json" do
+        it "returns an error" do
+          post :create, {email: "unknown@example.com", format: "json"}
+          response.body.should =~ /invalid user name or email/i
+        end
+
+        it "returns forbidden status" do
+          post :create, {email: "unknown@example.com", format: "json"}
+          response.code.should == '422'
+        end
+      end
+    end
+  end
+end

data/lib/generators/authkit/templates/spec/controllers/sessions_controller_spec.rb

@@ -0,0 +1,111 @@
+require 'spec_helper'
+
+describe SessionsController do
+  render_views
+
+  let(:user_params) { { email: "test@example.com", username: "test", password: "example", password_confirmation: "example" } }
+  let(:user) { User.new(user_params) }
+  let(:logged_in_session) { { user_id: "1" } }
+
+  before(:each) do
+    User.stub(:find_by).with("1").and_return(user)
+  end
+
+  describe "GET 'new'" do
+    it "returns http success" do
+      get 'new'
+      response.should be_success
+    end
+  end
+
+  describe "POST 'create'" do
+    before(:each) do
+      User.stub(:find_by_username_or_email).with("test@example.com").and_return(user)
+      User.stub(:find_by_username_or_email).with("unknown@example.com").and_return(nil)
+    end
+
+    it "redirects the user" do
+      post :create, {email: "test@example.com", password: "example"}
+      response.should be_redirect
+    end
+
+    it "finds the user by the email or user name" do
+      User.should_receive(:find_by_username_or_email).with("test@example.com").and_return(user)
+      post :create, {email: "test@example.com", password: "example"}
+    end
+
+    it "downcases the email or user name" do
+      User.should_receive(:find_by_username_or_email).with("test@example.com").and_return(user)
+      post :create, {email: "TEST@EXAMPLE.COM", password: "example"}
+    end
+
+    it "authenticates if it finds the user" do
+      user.should_receive(:authenticate).and_return(true)
+      post :create, {email: "test@example.com", password: "example"}
+    end
+
+    it "does not authenticate if it does not find a user" do
+      User.any_instance.should_not_receive(:authenticate)
+      post :create, {email: "unknown@example.com", password: "example"}
+    end
+
+    it "signs the user in" do
+      post :create, {email: "test@example.com", password: "example"}
+      controller.send(:current_user).should == user
+    end
+
+    describe "from json" do
+      it "returns http success" do
+        post :create, {email: "test@example.com", password: "example", format: "json"}
+        response.should be_success
+      end
+    end
+
+    describe "with invalid password" do
+      describe "from html" do
+        it "sets the flash message" do
+          post :create, {email: "test@example.com", password: "wrongpassword"}
+          flash.now[:error].should_not be_empty
+        end
+
+        it "renders the new page" do
+          post :create, {email: "test@example.com", password: "wrongpassword"}
+          response.should render_template(:new)
+        end
+      end
+
+      describe "from json" do
+        it "returns an error" do
+          post :create, {email: "test@example.com", password: "wrongpassword", format: "json"}
+          response.body.should =~ /invalid user name or password/i
+        end
+
+        it "returns forbidden status" do
+          post :create, {email: "test@example.com", password: "wrongpassword", format: "json"}
+          response.code.should == '422'
+        end
+      end
+    end
+  end
+
+  describe "DELETE 'destroy'" do
+    it "logs the user out" do
+      delete "destroy", {}, logged_in_session
+      controller.send(:current_user).should be_nil
+    end
+
+    describe "from html" do
+      it "redirects the user" do
+        delete "destroy", {}, logged_in_session
+        response.should redirect_to(root_path)
+      end
+    end
+
+    describe "from json" do
+      it "returns http success" do
+        delete "destroy", {format: 'json'}, logged_in_session
+        response.should be_success
+      end
+    end
+  end
+end

data/lib/generators/authkit/templates/spec/controllers/users_controller_spec.rb

@@ -0,0 +1,195 @@
+require 'spec_helper'
+
+describe UsersController do
+  render_views
+
+  let(:user_params) { { email: "test@example.com", username: "test", password: "example", password_confirmation: "example" } }
+  let(:invalid_params) { user_params.merge(password: 'newpassword', password_confirmation: 'wrongpassword') }
+  let(:user) { User.new(user_params) }
+  let(:logged_in_session) { { user_id: "1" } }
+
+  before(:each) do
+    User.stub(:find_by).with("1").and_return(user)
+  end
+
+  describe "GET 'new'" do
+    it "returns http success" do
+      get :new
+      response.should be_success
+      assigns(:user).should be_a_new(User)
+    end
+  end
+
+  describe "POST 'create'" do
+    describe "with valid params" do
+      describe "from html" do
+        it "creates a new user" do
+          expect {
+            post :create, {user: user_params}, {}
+          }.to change(User, :count).by(1)
+        end
+
+        it "confirms the email" do
+          User.any_instance.should_receive(:send_confirmation)
+          post :create, {user: user_params}, {}
+        end
+
+        it "signs the user in" do
+          post :create, {user: user_params}, {}
+          controller.send(:current_user).should == assigns(:user)
+        end
+
+        it "redirects to the root" do
+          post :create, {user: user_params}
+          response.should be_redirect
+        end
+      end
+
+      describe "from json" do
+        it "creates the user" do
+          expect {
+            post :create, {user: user_params, format: 'json'}, {}
+          }.to change(User, :count).by(1)
+        end
+
+        it "signs the user in" do
+          post :create, {user: user_params, format: 'json'}, {}
+          controller.send(:current_user).should == assigns(:user)
+        end
+
+        it "returns http success" do
+          post :create, {user: user_params, format: 'json'}
+          response.should be_success
+        end
+      end
+    end
+
+    describe "with invalid params" do
+      describe "from html" do
+        it "renders the new page" do
+          post :create, {user: invalid_params}, {}
+          response.should render_template("new")
+        end
+
+        it "does not create a user" do
+          expect {
+            post :create, {user: invalid_params}, {}
+          }.to_not change(User, :count)
+        end
+
+        it "sets the errors" do
+          post :create, {user: invalid_params}, {}
+          assigns(:user).should have(2).errors_on(:password_confirmation)
+        end
+      end
+
+      describe "from json" do
+        it "returns a 422" do
+          post :create, {user: invalid_params, format: 'json'}, {}
+          response.code.should == '422'
+        end
+
+        it "includes the errors in the json" do
+          post :create, {user: invalid_params, format: 'json'}, {}
+          assigns(:user).should have(2).errors_on(:password_confirmation)
+          response.body.should =~ /doesn't match Password/i
+        end
+      end
+    end
+  end
+
+  describe "GET 'edit'" do
+    it "redirects if there is no current user" do
+      get :edit
+      response.should be_redirect
+    end
+
+    it "edits the current user" do
+      get :edit, {}, logged_in_session
+      response.should be_success
+    end
+  end
+
+  describe "PUT 'update'" do
+    it "redirects if there is no current user" do
+      put :update, {user: user_params.merge(first_name: "Alvarez")}
+      response.should be_redirect
+    end
+
+    describe "with valid params" do
+      describe "when changing the email" do
+        it "doesn't send the confirmation the email if unchanged" do
+          user.email = user.confirmation_email
+          user.confirmation_email = nil
+          user.should_not_receive(:send_confirmation)
+          put :update, {user: user_params.merge(confirmation_email: "test@example.com")}, logged_in_session
+        end
+
+        it "doesn't reconfirm if the confirmation email is unchanged" do
+          user.should_not_receive(:send_confirmation)
+          put :update, {user: user_params.merge(confirmation_email: "test@example.com")}, logged_in_session
+        end
+
+        it "confirms the confirmation email" do
+          user.email = "old@example.com"
+          user.should_receive(:send_confirmation).and_return(true)
+          put :update, {user: user_params.merge(confirmation_email: "new@example.com")}, logged_in_session
+        end
+      end
+
+      describe "from html" do
+        it "updates the user" do
+          expect {
+            put :update, {user: user_params.merge(first_name: "Alvarez")}, logged_in_session
+          }.to change(user, :first_name)
+        end
+
+        it "redirects the user" do
+          put :update, {user: user_params}, logged_in_session
+          response.should be_redirect
+        end
+      end
+
+      describe "from json" do
+        it "updates the user" do
+          expect {
+            put :update, {user: user_params.merge(first_name: "Alvarez"), format: 'json'}, logged_in_session
+          }.to change(user, :first_name)
+        end
+      end
+    end
+
+    describe "with invalid params" do
+      describe "from html" do
+        before(:each) do
+          put :update, {user: invalid_params}, logged_in_session
+        end
+
+        it "renders the edit page" do
+          response.should render_template('edit')
+          response.should be_success
+        end
+
+        it "sets the errors" do
+          user.should have(2).errors_on(:password_confirmation)
+        end
+      end
+
+      describe "from json" do
+        before(:each) do
+          put :update, {user: invalid_params, format: 'json'}, logged_in_session
+        end
+
+        it "returns a 422" do
+          response.code.should == '422'
+        end
+
+        it "includes the errors in the json" do
+          user.should have(2).errors_on(:password_confirmation)
+          response.body.should =~ /doesn't match Password/i
+        end
+      end
+    end
+  end
+end
+