clearance 0.10.3.2 → 0.10.4

data/spec/controllers/sessions_controller_spec.rb

@@ -0,0 +1,160 @@
+require 'spec_helper'
+
+describe Clearance::SessionsController do
+  describe "on GET to /sessions/new" do
+    before { get :new }
+
+    it { should respond_with(:success) }
+    it { should render_template(:new) }
+    it { should_not set_the_flash }
+  end
+
+  describe "on POST to #create with good credentials" do
+    before do
+      @user = Factory(:user)
+      @user.update_attribute(:remember_token, "old-token")
+      post :create, :session => {
+                      :email    => @user.email,
+                      :password => @user.password }
+    end
+
+    it { should set_the_flash.to(/signed in/i) }
+    it { should redirect_to_url_after_create }
+
+    it "sets a remember token cookie" do
+      should set_cookie("remember_token", "old-token", Clearance.configuration.cookie_expiration.call)
+    end
+
+    it "should have a default of 1 year from now" do
+      Clearance.configuration.cookie_expiration.call.should be_within(100).of(1.year.from_now)
+    end
+
+    it "should not change the remember token" do
+      @user.reload.remember_token.should == "old-token"
+    end
+  end
+
+  describe "on POST to #create with good credentials - cookie duration set to 2 weeks" do
+    custom_duration = 2.weeks.from_now.utc
+
+    before do
+      Clearance.configuration.cookie_expiration = lambda { custom_duration }
+      @user = Factory(:user)
+      @user.update_attribute(:remember_token, "old-token2")
+      post :create, :session => {
+                      :email    => @user.email,
+                      :password => @user.password }
+    end
+
+    it "sets a remember token cookie" do
+      should set_cookie("remember_token", "old-token2", custom_duration)
+    end
+
+    after do
+      # restore default Clearance configuration
+      Clearance.configuration = nil
+      Clearance.configure {}
+    end
+  end
+
+  describe "on POST to #create with good credentials - cookie expiration set to nil (session cookie)" do
+    before do
+      Clearance.configuration.cookie_expiration = lambda { nil }
+      @user = Factory(:user)
+      @user.update_attribute(:remember_token, "old-token3")
+      post :create, :session => {
+                      :email    => @user.email,
+                      :password => @user.password }
+    end
+
+    it "unsets a remember token cookie" do
+      should set_cookie("remember_token", "old-token3", nil)
+    end
+
+    after do
+      # restore default Clearance configuration
+      Clearance.configuration = nil
+      Clearance.configure {}
+    end
+  end
+
+  describe "on POST to #create with good credentials and a session return url" do
+    before do
+      @user = Factory(:user)
+      @return_url = '/url_in_the_session'
+      @request.session[:return_to] = @return_url
+      post :create, :session => {
+                      :email    => @user.email,
+                      :password => @user.password }
+    end
+
+    it "redirects to the return URL" do
+      should redirect_to(@return_url)
+    end
+  end
+
+  describe "on POST to #create with good credentials and a request return url" do
+    before do
+      @user = Factory(:user)
+      @return_url = '/url_in_the_request'
+      post :create, :session => {
+                      :email     => @user.email,
+                      :password  => @user.password },
+                      :return_to => @return_url
+    end
+
+    it "redirects to the return URL" do
+      should redirect_to(@return_url)
+    end
+  end
+
+  describe "on POST to #create with good credentials and a session return url and request return url" do
+    before do
+      @user = Factory(:user)
+      @return_url = '/url_in_the_session'
+      @request.session[:return_to] = @return_url
+      post :create, :session => {
+                      :email     => @user.email,
+                      :password  => @user.password },
+                      :return_to => '/url_in_the_request'
+    end
+
+    it "redirects to the return url" do
+      should redirect_to(@return_url)
+    end
+  end
+
+  describe "on DELETE to #destroy given a signed out user" do
+    before do
+      sign_out
+      delete :destroy
+    end
+    it { should set_the_flash.to(/signed out/i) }
+    it { should redirect_to_url_after_destroy }
+  end
+
+  describe "on DELETE to #destroy with a cookie" do
+    before do
+      @user = Factory(:user)
+      @user.update_attribute(:remember_token, "old-token")
+      @request.cookies["remember_token"] = "old-token"
+      delete :destroy
+    end
+
+    it { should set_the_flash.to(/signed out/i) }
+    it { should redirect_to_url_after_destroy }
+
+    it "should delete the cookie token" do
+      cookies['remember_token'].should be_nil
+    end
+
+    it "should reset the remember token" do
+      @user.reload.remember_token.should_not == "old-token"
+    end
+
+    it "should unset the current user" do
+      @controller.current_user.should be_nil
+    end
+  end
+
+end

data/spec/controllers/users_controller_spec.rb

@@ -0,0 +1,64 @@
+require 'spec_helper'
+
+describe Clearance::UsersController do
+  describe "when signed out" do
+    before { sign_out }
+
+    describe "on GET to #new" do
+      before { get :new }
+
+      it { should respond_with(:success) }
+      it { should render_template(:new) }
+      it { should_not set_the_flash }
+    end
+
+    describe "on GET to #new with email" do
+      before do
+        @email = "a@example.com"
+        get :new, :user => { :email => @email }
+      end
+
+      it "should set assigned user's email" do
+        assigns(:user).email.should == @email
+      end
+    end
+
+    describe "on POST to #create with valid attributes" do
+      before do
+        user_attributes = Factory.attributes_for(:user)
+        @old_user_count = User.count
+        post :create, :user => user_attributes
+      end
+
+      it { should assign_to(:user) }
+
+      it "should create a new user" do
+        User.count.should == @old_user_count + 1
+      end
+
+      it { should set_the_flash.to(/signed up/i) }
+      it { should redirect_to_url_after_create }
+    end
+  end
+
+  describe "A signed-in user" do
+    before do
+      @user = Factory(:user)
+      sign_in_as @user
+    end
+
+    describe "GET to new" do
+      before { get :new }
+      it "redirects to the home page" do
+        should redirect_to(root_url)
+      end
+    end
+
+    describe "POST to create" do
+      before { post :create, :user => {} }
+      it "redirects to the home page" do
+        should redirect_to(root_url)
+      end
+    end
+  end
+end

data/spec/models/clearance_mailer_spec.rb

@@ -0,0 +1,27 @@
+require 'spec_helper'
+
+describe ClearanceMailer do
+  before do
+    @user  = Factory(:user)
+    @user.forgot_password!
+    @email = ClearanceMailer.change_password(@user)
+  end
+
+  it "should be from DO_NOT_REPLY" do
+    Clearance.configuration.mailer_sender.should =~ /#{@email.from[0]}/i
+  end
+
+  it "should be sent to user" do
+    @email.to.first.should =~ /#{@user.email}/i
+  end
+
+  it "should contain a link to edit the user's password" do
+    host = ActionMailer::Base.default_url_options[:host]
+    regexp = %r{http://#{host}/users/#{@user.id}/password/edit\?token=#{@user.confirmation_token}}
+    @email.body.to_s.should =~ regexp
+  end
+
+  it "should set its subject" do
+    @email.subject.should =~ /Change your password/
+  end
+end

data/spec/models/user_spec.rb

@@ -0,0 +1,260 @@
+require 'spec_helper'
+
+describe User do
+
+  # db
+
+  it { should have_db_index(:email) }
+  it { should have_db_index(:remember_token) }
+
+  # signing up
+
+  describe "When signing up" do
+    it { should validate_presence_of(:email) }
+    it { should validate_presence_of(:password) }
+    it { should allow_value("foo@example.co.uk").for(:email) }
+    it { should allow_value("foo@example.com").for(:email) }
+    it { should_not allow_value("foo@").for(:email) }
+    it { should_not allow_value("foo@example..com").for(:email) }
+    it { should_not allow_value("foo@.example.com").for(:email) }
+    it { should_not allow_value("foo").for(:email) }
+    it { should_not allow_value("example.com").for(:email) }
+
+    it "should require password confirmation on create" do
+      user = Factory.build(:user, :password              => 'blah',
+                                  :password_confirmation => 'boogidy')
+      (user.save).should_not be
+      user.errors[:password].should be_any
+    end
+
+    it "should require non blank password confirmation on create" do
+      user = Factory.build(:user, :password              => 'blah',
+                                  :password_confirmation => '')
+      (user.save).should_not be
+      user.errors[:password].should be_any
+    end
+
+    it "should initialize salt" do
+      Factory(:user).salt.should_not be_nil
+    end
+
+    describe "encrypt password" do
+      before do
+        @salt = "salt"
+        @user = Factory.build(:user, :salt => @salt)
+        def @user.initialize_salt; end
+        @user.save!
+        @password = @user.password
+
+        @user.send(:encrypt, @password)
+        @expected = Digest::SHA1.hexdigest("--#{@salt}--#{@password}--")
+      end
+
+      it "should create an encrypted password using SHA1 encryption" do
+        @user.encrypted_password.should == @expected
+      end
+    end
+
+    it "should store email in down case" do
+      user = Factory(:user, :email => "John.Doe@example.com")
+      user.email.should == "john.doe@example.com"
+    end
+  end
+
+  describe "When multiple users have signed up" do
+    before { Factory(:user) }
+    it { should validate_uniqueness_of(:email) }
+  end
+
+  # authenticating
+
+  describe "A user" do
+    before do
+      @user     = Factory(:user)
+      @password = @user.password
+    end
+
+    it "is authenticated with correct email and password" do
+      (::User.authenticate(@user.email, @password)).should be
+      @user.should be_authenticated(@password)
+    end
+
+    it "is authenticated with correct uppercased email and correct password" do
+      (::User.authenticate(@user.email.upcase, @password)).should be
+      @user.should be_authenticated(@password)
+    end
+
+    it "is authenticated with incorrect credentials" do
+      (::User.authenticate(@user.email, 'bad_password')).should_not be
+      @user.should_not be_authenticated('bad password')
+    end
+  end
+
+  # resetting remember token
+
+  describe "When resetting authentication with reset_remember_token!" do
+    before do
+      @user  = Factory(:user)
+      @user.remember_token = "old-token"
+      @user.reset_remember_token!
+    end
+
+    it "should change the remember token" do
+      @user.remember_token.should_not == "old-token"
+    end
+  end
+
+  # updating password
+
+  describe "An email confirmed user" do
+    before do
+      @user = Factory(:user)
+      @old_encrypted_password = @user.encrypted_password
+    end
+
+    describe "who updates password with confirmation" do
+      before do
+        @user.update_password("new_password", "new_password")
+      end
+
+      it "should change encrypted password" do
+        @user.encrypted_password.should_not == @old_encrypted_password
+      end
+    end
+  end
+
+  it "should not generate the same remember token for users with the same password at the same time" do
+    Time.stubs(:now => Time.now)
+    password    = 'secret'
+    first_user  = Factory(:user,
+                          :password              => password,
+                          :password_confirmation => password)
+    second_user = Factory(:user,
+                          :password              => password,
+                          :password_confirmation => password)
+
+    second_user.remember_token.should_not == first_user.remember_token
+  end
+
+  # recovering forgotten password
+
+  describe "An user" do
+    before do
+      @user = Factory(:user)
+      @old_encrypted_password = @user.encrypted_password
+    end
+
+    describe "who requests password reminder" do
+      before do
+        @user.confirmation_token.should be_nil
+        @user.forgot_password!
+      end
+
+      it "should generate confirmation token" do
+        @user.confirmation_token.should_not be_nil
+      end
+
+      describe "and then updates password" do
+        describe 'with confirmation' do
+          before do
+            @user.update_password("new_password", "new_password")
+          end
+
+          it "should change encrypted password" do
+            @user.encrypted_password.should_not == @old_encrypted_password
+          end
+
+          it "should clear confirmation token" do
+            @user.confirmation_token.should be_nil
+          end
+        end
+
+        describe 'without confirmation' do
+          before do
+            @user.update_password("new_password", "")
+          end
+
+          it "should not change encrypted password" do
+            @old_encrypted_password.should == @user.encrypted_password
+          end
+
+          it "should not clear confirmation token" do
+            @user.confirmation_token.should_not be_nil
+          end
+        end
+
+        describe 'with blank password and confirmation' do
+          before do
+            @user.update_password("", "")
+          end
+
+          it "does not change encrypted password" do
+            @user.encrypted_password.should == @old_encrypted_password
+          end
+
+          it "does not clear confirmation token" do
+            @user.confirmation_token.should_not be_nil
+          end
+        end
+      end
+    end
+
+  end
+
+  # optional email/password fields
+  describe "a user with an optional email" do
+    before do
+      @user = User.new
+      class << @user
+        def email_optional?
+          true
+        end
+      end
+    end
+
+    subject { @user }
+
+    it { should allow_value(nil).for(:email) }
+    it { should allow_value("").for(:email) }
+  end
+
+  describe "a user with an optional password" do
+    before do
+      @user = User.new
+      class << @user
+        def password_optional?
+          true
+        end
+      end
+    end
+
+    subject { @user }
+
+    it { should allow_value(nil).for(:password) }
+    it { should allow_value("").for(:password) }
+  end
+
+  describe "user factory" do
+    it "should create a valid user with just an overridden password" do
+      Factory.build(:user, :password => "test").should be_valid
+    end
+  end
+
+  describe "when user exists before Clearance was installed" do
+    before do
+      @user = Factory(:user)
+      sql  = "update users set salt = NULL, encrypted_password = NULL, remember_token = NULL where id = #{@user.id}"
+      ActiveRecord::Base.connection.update(sql)
+      @user.reload.salt.should be_nil
+      @user.reload.encrypted_password.should be_nil
+      @user.reload.remember_token.should be_nil
+    end
+
+    it "should initialize salt, generate remember token, and save encrypted password on update_password" do
+      @user.update_password('password', 'password')
+      @user.salt.should_not be_nil
+      @user.encrypted_password.should_not be_nil
+      @user.remember_token.should_not be_nil
+    end
+  end
+end