blue_light_special_heroku_fork 0.2.0.1

data/lib/blue_light_special/extensions/errors.rb

@@ -0,0 +1,6 @@
+if defined?(ActionController)
+  module ActionController
+    class Forbidden < StandardError
+    end
+  end
+end

data/lib/blue_light_special/extensions/rescue.rb

@@ -0,0 +1,5 @@
+if defined?(ActionDispatch::ShowExceptions) # Rails 3
+  ActionDispatch::ShowExceptions.rescue_responses.update('ActionController::Forbidden' => :forbidden)
+elsif defined?(ActionController::Base)
+  ActionController::Base.rescue_responses.update('ActionController::Forbidden' => :forbidden)
+end

data/lib/blue_light_special/routes.rb

@@ -0,0 +1,55 @@
+module BlueLightSpecial
+  class Routes
+
+    # In your application's config/routes.rb, draw BlueLightSpecial's routes:
+    #
+    # @example
+    #   map.resources :posts
+    #   BlueLightSpecial::Routes.draw(map)
+    #
+    # If you need to override a BlueLightSpecial route, invoke your app route
+    # earlier in the file so Rails' router short-circuits when it finds
+    # your route:
+    #
+    # @example
+    #   map.resources :users, :only => [:new, :create]
+    #   BlueLightSpecial::Routes.draw(map)
+    def self.draw(map)
+      map.resources :passwords,
+        :controller => 'blue_light_special/passwords',
+        :only       => [:new, :create]
+
+      map.resource  :session,
+        :controller => 'blue_light_special/sessions',
+        :only       => [:new, :create, :destroy]
+
+      map.resources :users, :controller => 'blue_light_special/users' do |users|
+        users.resource :password,
+          :controller => 'blue_light_special/passwords',
+          :only       => [:create, :edit, :update]
+      end
+      
+      map.resource :impersonation,
+        :controller => 'blue_light_special/impersonations',
+        :only       => [:create, :destroy]
+      map.resources :impersonations,
+        :controller => 'blue_light_special/impersonations',
+        :only       => :index
+        
+      map.sign_up    'sign_up',
+        :controller   => 'blue_light_special/users',
+        :action       => 'new'
+      map.sign_in    'sign_in',
+        :controller   => 'blue_light_special/sessions',
+        :action       => 'new'
+      map.fb_connect 'fb_connect',
+        :controller   => 'blue_light_special/sessions',
+        :action       => 'create'
+      map.sign_out   'sign_out',
+        :controller   => 'blue_light_special/sessions',
+        :action       => 'destroy',
+        :method       => :delete
+    end
+
+  end
+end

data/lib/blue_light_special/user.rb

@@ -0,0 +1,247 @@
+require 'digest/sha1'
+
+module BlueLightSpecial
+  module User
+    
+    Admin = 'admin'
+    
+    # Hook for all BlueLightSpecial::User modules.
+    #
+    # If you need to override parts of BlueLightSpecial::User,
+    # extend and include à la carte.
+    #
+    # @example
+    #   extend ClassMethods
+    #   include InstanceMethods
+    #   include AttrAccessor
+    #   include Callbacks
+    #
+    # @see ClassMethods
+    # @see InstanceMethods
+    # @see AttrAccessible
+    # @see AttrAccessor
+    # @see Validations
+    # @see Callbacks
+    def self.included(model)
+      model.extend(ClassMethods)
+
+      model.send(:include, InstanceMethods)
+      model.send(:include, AttrAccessor)
+      model.send(:include, Validations)
+      model.send(:include, Callbacks)
+    end
+
+    module AttrAccessor
+      # Hook for attr_accessor virtual attributes.
+      #
+      # :password, :password_confirmation
+      def self.included(model)
+        model.class_eval do
+          attr_accessor :password, :password_confirmation
+        end
+      end
+    end
+
+    module Validations
+      # Hook for validations.
+      #
+      # :email must be present, unique, formatted
+      #
+      # If password is required,
+      # :password must be present, confirmed
+      def self.included(model)
+        model.class_eval do
+          validates_presence_of     :email, :unless => :email_optional?
+          validates_uniqueness_of   :email, :case_sensitive => false, :allow_blank => true
+          validates_format_of       :email, :with => %r{.+@.+\..+}, :allow_blank => true
+
+          validates_presence_of     :password, :unless => :password_optional?
+          validates_confirmation_of :password, :unless => :password_optional?
+          
+          validates_presence_of     :first_name, :last_name
+        end
+      end
+    end
+
+    module Callbacks
+      # Hook for callbacks.
+      #
+      # salt, token, password encryption are handled before_save.
+      def self.included(model)
+        model.class_eval do
+          before_save   :initialize_salt,
+                        :encrypt_password
+          before_create :generate_remember_token
+          after_create  :send_welcome_email
+        end
+      end
+    end
+
+    module InstanceMethods
+      # Am I authenticated with given password?
+      #
+      # @param [String] plain-text password
+      # @return [true, false]
+      # @example
+      #   user.authenticated?('password')
+      def authenticated?(password)
+        encrypted_password == encrypt(password)
+      end
+
+      # Set the remember token.
+      #
+      # @deprecated Use {#reset_remember_token!} instead
+      def remember_me!
+        warn "[DEPRECATION] remember_me!: use reset_remember_token! instead"
+        reset_remember_token!
+      end
+
+      # Reset the remember token.
+      #
+      # @example
+      #   user.reset_remember_token!
+      def reset_remember_token!
+        generate_remember_token
+        save(false)
+      end
+
+      # Mark my account as forgotten password.
+      #
+      # @example
+      #   user.forgot_password!
+      def forgot_password!
+        generate_password_reset_token
+        save(false)
+      end
+
+      # Update my password.
+      #
+      # @param [String, String] password and password confirmation
+      # @return [true, false] password was updated or not
+      # @example
+      #   user.update_password('new-password', 'new-password')
+      def update_password(new_password, new_password_confirmation)
+        self.password              = new_password
+        self.password_confirmation = new_password_confirmation
+        if valid?
+          self.password_reset_token = nil
+        end
+        save
+      end
+      
+      def facebook_user?
+        !self.facebook_uid.blank?
+      end
+      
+      ##
+      # Returns +true+ if the user is an admin.
+      # 
+      def admin?
+        self.role == Admin
+      end
+      
+      ##
+      # Returns the user's full name.
+      #
+      def name
+        "#{self.first_name} #{self.last_name}"
+      end
+      
+      protected
+
+      def generate_hash(string)
+        Digest::SHA1.hexdigest(string)
+      end
+
+      def initialize_salt
+        if new_record?
+          self.salt = generate_hash("--#{Time.now.utc}--#{password}--#{rand}--")
+        end
+      end
+
+      def encrypt_password
+        return if password.blank?
+        self.encrypted_password = encrypt(password)
+      end
+
+      def encrypt(string)
+        generate_hash("--#{salt}--#{string}--")
+      end
+      
+      def generate_password_reset_token
+        self.password_reset_token = encrypt("--#{Time.now.utc}--#{password}--#{rand}--")
+      end
+      
+      def generate_remember_token
+        self.remember_token = encrypt("--#{Time.now.utc}--#{encrypted_password}--#{id}--#{rand}--")
+      end
+
+      # Always false. Override to allow other forms of authentication
+      # (username, facebook, etc).
+      # @return [Boolean] true if the email field be left blank for this user
+      def email_optional?
+        false
+      end
+
+      # True if the password has been set and the password is not being
+      # updated. Override to allow other forms of # authentication (username,
+      # facebook, etc).
+      # @return [Boolean] true if the password field can be left blank for this user
+      def password_optional?
+        facebook_user? || (encrypted_password.present? && password.blank?)
+      end
+
+      def password_required?
+        # warn "[DEPRECATION] password_required?: use !password_optional? instead"
+        !password_optional?
+      end
+      
+      def send_welcome_email
+        if BlueLightSpecial.configuration.use_delayed_job
+          Delayed::Job.enqueue DeliverWelcomeJob.new(self.id)
+        else
+          if user = ::User.find_by_id(self.id)
+            BlueLightSpecialMailer.deliver_welcome(user)
+          end
+        end
+      end
+      
+    end
+
+    module ClassMethods
+      # Authenticate with email and password.
+      #
+      # @param [String, String] email and password
+      # @return [User, nil] authenticated user or nil
+      # @example
+      #   User.authenticate("email@example.com", "password")
+      def authenticate(email, password)
+        return nil  unless user = find_by_email(email)
+        return user if     user.authenticated?(password)
+      end
+      
+      def find_facebook_user(facebook_session, facebook_uid)
+        return nil unless BlueLightSpecial.configuration.use_facebook_connect && facebook_session && facebook_uid
+        
+        begin
+          facebook_user = MiniFB::Session.new(BlueLightSpecial.configuration.facebook_api_key,
+                                              BlueLightSpecial.configuration.facebook_secret_key,
+                                              facebook_session, facebook_uid).user
+        rescue MiniFB::FaceBookError
+          facebook_user = nil
+        end
+        return nil unless facebook_user
+        
+        user = ::User.find_by_facebook_uid(facebook_uid) || ::User.find_by_email(facebook_user['email']) || ::User.new
+        user.tap do |user|
+          user.facebook_uid     = facebook_uid
+          user.email            = facebook_user['email']
+          user.first_name       = facebook_user['first_name']
+          user.last_name        = facebook_user['last_name']
+          user.save
+        end
+      end
+    end
+
+  end
+end

data/rails/init.rb

@@ -0,0 +1,4 @@
+require 'delayed_job'
+require 'mini_fb'
+require 'mad_mimi_mailer'
+require 'blue_light_special'

data/shoulda_macros/blue_light_special.rb

@@ -0,0 +1,244 @@
+module BlueLightSpecial
+  module Shoulda
+
+    # STATE OF AUTHENTICATION
+
+    def should_be_signed_in_as(&block)
+      warn "[DEPRECATION] should_be_signed_in_as cannot be used in functional tests anymore now that it depends on cookies, which are unavailable until the next request."
+      should "be signed in as #{block.bind(self).call}" do
+        user = block.bind(self).call
+        assert_not_nil user,
+          "please pass a User. try: should_be_signed_in_as { @user }"
+        assert_equal user, @controller.send(:current_user),
+          "#{user.inspect} is not the current_user, " <<
+          "which is #{@controller.send(:current_user).inspect}"
+      end
+    end
+
+    def should_not_be_signed_in
+      warn "[DEPRECATION] should_not_be_signed_in is no longer a valid test since we now store a remember_token in cookies, not user_id in session"
+      should "not be signed in" do
+        assert_nil session[:user_id]
+      end
+    end
+
+    def should_deny_access_on(http_method, action, opts = {})
+      warn "[DEPRECATION] should_deny_access_on: use a setup & should_deny_access(:flash => ?)"
+      flash_message = opts.delete(:flash)
+      context "on #{http_method} to #{action}" do
+        setup do
+          send(http_method, action, opts)
+        end
+
+        should_deny_access(:flash => flash_message)
+      end
+    end
+
+    def should_deny_access(opts = {})
+      if opts[:flash]
+        should_set_the_flash_to opts[:flash]
+      else
+        should_not_set_the_flash
+      end
+
+      should_redirect_to('sign in page') { sign_in_url }
+    end
+
+    # HTTP FLUENCY
+
+    def should_forbid(description, &block)
+      should "forbid #{description}" do
+        assert_raises ActionController::Forbidden do
+          instance_eval(&block)
+        end
+      end
+    end
+
+    # CONTEXTS
+
+    def signed_in_user_context(&blk)
+      warn "[DEPRECATION] signed_in_user_context: creates a Mystery Guest, causes Obscure Test"
+      context "A signed in user" do
+        setup do
+          @user = Factory(:user)
+          sign_in_as @user
+        end
+        merge_block(&blk)
+      end
+    end
+
+    def public_context(&blk)
+      warn "[DEPRECATION] public_context: common case is no-op. call sign_out otherwise"
+      context "The public" do
+        setup { sign_out }
+        merge_block(&blk)
+      end
+    end
+
+    # CREATING USERS
+
+    def should_create_user_successfully
+      warn "[DEPRECATION] should_create_user_successfully: not meant to be public, no longer used internally"
+      should_assign_to :user
+      should_change 'User.count', :by => 1
+      should_redirect_to_url_after_create
+    end
+
+    # RENDERING
+
+    def should_render_nothing
+      should "render nothing" do
+        assert @response.body.blank?
+      end
+    end
+
+    # REDIRECTS
+
+    def should_redirect_to_url_after_create
+      should_redirect_to("the post-create url") do
+        @controller.send(:url_after_create)
+      end
+    end
+
+    def should_redirect_to_url_after_update
+      should_redirect_to("the post-update url") do
+        @controller.send(:url_after_update)
+      end
+    end
+
+    def should_redirect_to_url_after_destroy
+      should_redirect_to("the post-destroy url") do
+        @controller.send(:url_after_destroy)
+      end
+    end
+
+    def should_redirect_to_url_already_confirmed
+      should_redirect_to("the already confirmed url") do
+        @controller.send(:url_already_confirmed)
+      end
+    end
+
+    # VALIDATIONS
+
+    def should_validate_confirmation_of(attribute, opts = {})
+      warn "[DEPRECATION] should_validate_confirmation_of: not meant to be public, no longer used internally"
+      raise ArgumentError if opts[:factory].nil?
+
+      context "on save" do
+        should_validate_confirmation_is_not_blank opts[:factory], attribute
+        should_validate_confirmation_is_not_bad   opts[:factory], attribute
+      end
+    end
+
+    def should_validate_confirmation_is_not_blank(factory, attribute, opts = {})
+      warn "[DEPRECATION] should_validate_confirmation_is_not_blank: not meant to be public, no longer used internally"
+      should "validate #{attribute}_confirmation is not blank" do
+        model = Factory.build(factory, blank_confirmation_options(attribute))
+        model.save
+        assert_confirmation_error(model, attribute,
+          "#{attribute}_confirmation cannot be blank")
+      end
+    end
+
+    def should_validate_confirmation_is_not_bad(factory, attribute, opts = {})
+      warn "[DEPRECATION] should_validate_confirmation_is_not_bad: not meant to be public, no longer used internally"
+      should "validate #{attribute}_confirmation is different than #{attribute}" do
+        model = Factory.build(factory, bad_confirmation_options(attribute))
+        model.save
+        assert_confirmation_error(model, attribute, 
+          "#{attribute}_confirmation cannot be different than #{attribute}")
+      end
+    end
+
+    # FORMS
+
+    def should_display_a_password_update_form
+      warn "[DEPRECATION] should_display_a_password_update_form: not meant to be public, no longer used internally"
+      should "have a form for the user's token, password, and password confirm" do
+        update_path = ERB::Util.h(
+          user_password_path(@user, :token => @user.password_reset_token)
+        )
+
+        assert_select 'form[action=?]', update_path do
+          assert_select 'input[name=_method][value=?]', 'put'
+          assert_select 'input[name=?]', 'user[password]'
+          assert_select 'input[name=?]', 'user[password_confirmation]'
+        end
+      end
+    end
+
+    def should_display_a_sign_up_form
+      warn "[DEPRECATION] should_display_a_sign_up_form: not meant to be public, no longer used internally"
+      should "display a form to sign up" do
+        assert_select "form[action=#{users_path}][method=post]",
+        true, "There must be a form to sign up" do
+          assert_select "input[type=text][name=?]",
+            "user[email]", true, "There must be an email field"
+          assert_select "input[type=password][name=?]",
+            "user[password]", true, "There must be a password field"
+          assert_select "input[type=password][name=?]",
+            "user[password_confirmation]", true, "There must be a password confirmation field"
+          assert_select "input[type=submit]", true,
+            "There must be a submit button"
+        end
+      end
+    end
+
+    def should_display_a_sign_in_form
+      warn "[DEPRECATION] should_display_a_sign_in_form: not meant to be public, no longer used internally"
+      should 'display a "sign in" form' do
+        assert_select "form[action=#{session_path}][method=post]",
+          true, "There must be a form to sign in" do
+            assert_select "input[type=text][name=?]",
+              "session[email]", true, "There must be an email field"
+            assert_select "input[type=password][name=?]",
+              "session[password]", true, "There must be a password field"
+            assert_select "input[type=submit]", true,
+              "There must be a submit button"
+        end
+      end
+    end
+  end
+end
+
+module BlueLightSpecial
+  module Shoulda
+    module Helpers
+      def sign_in_as(user)
+        @controller.current_user = user
+        return user
+      end
+
+      def sign_in
+        sign_in_as Factory(:user)
+      end
+
+      def sign_out
+        @controller.current_user = nil
+      end
+
+      def blank_confirmation_options(attribute)
+        warn "[DEPRECATION] blank_confirmation_options: not meant to be public, no longer used internally"
+        opts = { attribute => attribute.to_s }
+        opts.merge("#{attribute}_confirmation".to_sym => "")
+      end
+
+      def bad_confirmation_options(attribute)
+        warn "[DEPRECATION] bad_confirmation_options: not meant to be public, no longer used internally"
+        opts = { attribute => attribute.to_s }
+        opts.merge("#{attribute}_confirmation".to_sym => "not_#{attribute}")
+      end
+
+      def assert_confirmation_error(model, attribute, message = "confirmation error")
+        warn "[DEPRECATION] assert_confirmation_error: not meant to be public, no longer used internally"
+        assert model.errors.on(attribute).include?("doesn't match confirmation"),
+          message
+      end
+    end
+  end
+end
+
+class Test::Unit::TestCase
+  include BlueLightSpecial::Shoulda::Helpers
+end
+Test::Unit::TestCase.extend(BlueLightSpecial::Shoulda)