clearance 0.16.3 → 1.0.0.rc1

data/spec/controllers/sessions_controller_spec.rb

@@ -1,7 +1,7 @@
 require 'spec_helper'
 
 describe Clearance::SessionsController do
-  describe "on GET to /sessions/new" do
+  describe 'on GET to /sessions/new' do
     before { get :new }
 
     it { should respond_with(:success) }
@@ -9,95 +9,88 @@ describe Clearance::SessionsController do
     it { should_not set_the_flash }
   end
 
-  describe "on POST to #create with good credentials" do
+  describe 'on POST to #create with good credentials' do
     before do
       @user = create(:user)
-      @user.update_attribute(:remember_token, "old-token")
-      post :create, :session => {
-                      :email    => @user.email,
-                      :password => @user.password }
+      @user.update_attribute :remember_token, 'old-token'
+      post :create, :session => { :email => @user.email, :password => @user.password }
     end
 
     it { should redirect_to_url_after_create }
 
-    it "sets the user in the clearance session" do
+    it 'sets the user in the clearance session' do
       controller.current_user.should == @user
     end
 
-    it "should not change the remember token" do
-      @user.reload.remember_token.should == "old-token"
+    it 'should not change the remember token' do
+      @user.reload.remember_token.should == 'old-token'
     end
   end
 
-  describe "on POST to #create with good credentials and a session return url" do
+  describe 'on POST to #create with good credentials and a session return url' do
     before do
       @user = create(:user)
       @return_url = '/url_in_the_session'
       @request.session[:return_to] = @return_url
-      post :create, :session => {
-                      :email    => @user.email,
-                      :password => @user.password }
+      post :create, :session => { :email => @user.email, :password => @user.password }
     end
 
-    it "redirects to the return URL" do
+    it 'redirects to the return URL' do
       should redirect_to(@return_url)
     end
   end
 
-  describe "on POST to #create with good credentials and a request return url" do
+  describe 'on POST to #create with good credentials and a request return url' do
     before do
       @user = create(:user)
       @return_url = '/url_in_the_request'
-      post :create, :session => {
-                      :email     => @user.email,
-                      :password  => @user.password },
-                      :return_to => @return_url
+      post :create, :session => { :email => @user.email, :password  => @user.password },
+        :return_to => @return_url
     end
 
-    it "redirects to the return URL" do
+    it 'redirects to the return URL' do
       should redirect_to(@return_url)
     end
   end
 
-  describe "on POST to #create with good credentials and a session return url and request return url" do
+  describe 'on POST to #create with good credentials and a session return url and request return url' do
     before do
       @user = create(:user)
       @return_url = '/url_in_the_session'
       @request.session[:return_to] = @return_url
-      post :create, :session => {
-                      :email     => @user.email,
-                      :password  => @user.password },
-                      :return_to => '/url_in_the_request'
+      post :create, :session => { :email => @user.email, :password => @user.password },
+        :return_to => '/url_in_the_request'
     end
 
-    it "redirects to the return url" do
+    it 'redirects to the return url' do
       should redirect_to(@return_url)
     end
   end
 
-  describe "on DELETE to #destroy given a signed out user" do
+  describe 'on DELETE to #destroy given a signed out user' do
     before do
       sign_out
       delete :destroy
     end
+
     it { should redirect_to_url_after_destroy }
   end
 
-  describe "on DELETE to #destroy with a cookie" do
+  describe 'on DELETE to #destroy with a cookie' do
     before do
       @user = create(:user)
-      @user.update_attribute(:remember_token, "old-token")
-      @request.cookies["remember_token"] = "old-token"
+      @user.update_attribute :remember_token, 'old-token'
+      @request.cookies['remember_token'] = 'old-token'
       delete :destroy
     end
 
     it { should redirect_to_url_after_destroy }
 
-    it "should reset the remember token" do
-      @user.reload.remember_token.should_not == "old-token"
+    it 'should reset the remember token' do
+      @user.reload.remember_token.should_not == 'old-token'
     end
 
-    it "should unset the current user" do
+    it 'should unset the current user' do
       @controller.current_user.should be_nil
     end
   end

data/spec/controllers/users_controller_spec.rb

@@ -1,10 +1,10 @@
 require 'spec_helper'
 
 describe Clearance::UsersController do
-  describe "when signed out" do
+  describe 'when signed out' do
     before { sign_out }
 
-    describe "on GET to #new" do
+    describe 'on GET to #new' do
       before { get :new }
 
       it { should respond_with(:success) }
@@ -12,18 +12,18 @@ describe Clearance::UsersController do
       it { should_not set_the_flash }
     end
 
-    describe "on GET to #new with email" do
+    describe 'on GET to #new with email' do
       before do
-        @email = "a@example.com"
+        @email = 'a@example.com'
         get :new, :user => { :email => @email }
       end
 
-      it "should set assigned user's email" do
+      it 'should set assigned user email' do
         assigns(:user).email.should == @email
       end
     end
 
-    describe "on POST to #create with valid attributes" do
+    describe 'on POST to #create with valid attributes' do
       before do
         user_attributes = FactoryGirl.attributes_for(:user)
         @old_user_count = User.count
@@ -32,14 +32,14 @@ describe Clearance::UsersController do
 
       it { should assign_to(:user) }
 
-      it "should create a new user" do
+      it 'should create a new user' do
         User.count.should == @old_user_count + 1
       end
 
       it { should redirect_to_url_after_create }
     end
 
-    describe "on POST to #create with valid attributes and a session return url" do
+    describe 'on POST to #create with valid attributes and a session return url' do
       before do
         user_attributes = FactoryGirl.attributes_for(:user)
         @old_user_count = User.count
@@ -50,7 +50,7 @@ describe Clearance::UsersController do
 
       it { should assign_to(:user) }
 
-      it "should create a new user" do
+      it 'should create a new user' do
         User.count.should == @old_user_count + 1
       end
 
@@ -58,22 +58,24 @@ describe Clearance::UsersController do
     end
   end
 
-  describe "A signed-in user" do
+  describe 'A signed-in user' do
     before do
       @user = create(:user)
       sign_in_as @user
     end
 
-    describe "GET to new" do
+    describe 'GET to new' do
       before { get :new }
-      it "redirects to the home page" do
+
+      it 'redirects to the home page' do
         should redirect_to(root_url)
       end
     end
 
-    describe "POST to create" do
+    describe 'POST to create' do
       before { post :create, :user => {} }
-      it "redirects to the home page" do
+
+      it 'redirects to the home page' do
         should redirect_to(root_url)
       end
     end

data/spec/factories.rb

@@ -1,12 +1,10 @@
 FactoryGirl.define do
-
   sequence :email do |n|
     "user#{n}@example.com"
   end
 
   factory :user do
     email
-    password "password"
+    password 'password'
   end
-
 end

data/spec/mailers/clearance_mailer_spec.rb

@@ -7,21 +7,21 @@ describe ClearanceMailer do
     @email = ClearanceMailer.change_password(@user)
   end
 
-  it "should be from DO_NOT_REPLY" do
+  it 'is from DO_NOT_REPLY' do
     Clearance.configuration.mailer_sender.should =~ /#{@email.from[0]}/i
   end
 
-  it "should be sent to user" do
+  it 'is sent to user' do
     @email.to.first.should =~ /#{@user.email}/i
   end
 
-  it "should contain a link to edit the user's password" do
+  it 'contains a link to edit the password' do
     host = ActionMailer::Base.default_url_options[:host]
     regexp = %r{http://#{host}/users/#{@user.id}/password/edit\?token=#{@user.confirmation_token}}
     @email.body.to_s.should =~ regexp
   end
 
-  it "should set its subject" do
+  it 'should set its subject' do
     @email.subject.should =~ /Change your password/
   end
 end

data/spec/models/bcrypt_migration_from_sha1_spec.rb

@@ -0,0 +1,71 @@
+require 'spec_helper'
+
+describe Clearance::PasswordStrategies::BCryptMigrationFromSHA1 do
+  subject do
+    Class.new do
+      attr_accessor :encrypted_password
+      attr_accessor :salt
+      include Clearance::PasswordStrategies::BCryptMigrationFromSHA1
+    end.new
+  end
+
+  describe '#password=' do
+    let(:salt) { 'salt' }
+    let(:password) { 'password' }
+    let(:encrypted_password) { stub('encrypted password') }
+
+    before do
+      subject.salt = salt
+      subject.encrypted_password = Digest::SHA1.hexdigest("--#{salt}--#{password}--")
+      BCrypt::Password.stubs :create => encrypted_password
+      subject.password = password
+    end
+
+    it 'encrypts the password into a BCrypt-encrypted encrypted_password' do
+      subject.encrypted_password.should == encrypted_password
+    end
+
+    it 'encrypts with BCrypt' do
+      BCrypt::Password.should have_received(:create).with(password)
+    end
+  end
+
+  describe '#authenticated?' do
+    let(:password) { 'password' }
+    let(:salt) { 'salt' }
+    let(:sha1_hash) { Digest::SHA1.hexdigest("--#{salt}--#{password}--") }
+
+    context 'with a SHA1-encrypted password' do
+      before do
+        subject.salt = salt
+        subject.encrypted_password = sha1_hash
+      end
+
+      it 'is authenticated' do
+        subject.should be_authenticated(password)
+      end
+
+      it 'changes the hash into a BCrypt-encrypted one' do
+        subject.authenticated? password
+        subject.encrypted_password.should_not == sha1_hash
+      end
+    end
+
+    context 'with a BCrypt-encrypted password' do
+      let(:bcrypt_hash) { ::BCrypt::Password.create(password) }
+
+      before do
+        subject.encrypted_password = bcrypt_hash
+      end
+
+      it 'is authenticated' do
+        subject.should be_authenticated(password)
+      end
+
+      it 'does not change the hash' do
+        subject.authenticated? password
+        subject.encrypted_password.to_s.should == bcrypt_hash.to_s
+      end
+    end
+  end
+end

data/spec/models/bcrypt_spec.rb

@@ -0,0 +1,40 @@
+require 'spec_helper'
+
+describe Clearance::PasswordStrategies::BCrypt do
+  subject do
+    Class.new do
+      attr_accessor :encrypted_password
+      include Clearance::PasswordStrategies::BCrypt
+    end.new
+  end
+
+  describe '#password=' do
+    let(:password) { 'password' }
+    let(:encrypted_password) { stub('encrypted password') }
+
+    before do
+      BCrypt::Password.stubs :create => encrypted_password
+      subject.password = password
+    end
+
+    it 'encrypts the password into encrypted_password' do
+      subject.encrypted_password.should == encrypted_password
+    end
+
+    it 'encrypts with BCrypt' do
+      BCrypt::Password.should have_received(:create).with(password)
+    end
+  end
+
+  describe '#authenticated?' do
+    let(:password) { 'password' }
+
+    before do
+      subject.password = password
+    end
+
+    it 'is authenticated with BCrypt' do
+      subject.should be_authenticated(password)
+    end
+  end
+end

data/spec/models/blowfish_spec.rb

@@ -3,41 +3,42 @@ require 'spec_helper'
 describe Clearance::PasswordStrategies::Blowfish do
   subject do
     Class.new do
-      attr_accessor :salt, :password, :encrypted_password
+      attr_accessor :salt, :encrypted_password
       include Clearance::PasswordStrategies::Blowfish
 
-      def generate_random_code; "code"; end
+      def generate_random_code; 'code'; end
     end.new
   end
 
-  describe "#encrypt_password" do
-    context "when the password is set" do
-      let(:salt) { "salt" }
-      let(:password) { "password" }
+  describe '#password=' do
+    context 'when the password is set' do
+      let(:salt) { 'salt' }
+      let(:password) { 'password' }
 
       before do
         subject.salt = salt
         subject.password = password
-        subject.send(:encrypt_password)
       end
 
-      it "should encrypt the password using Blowfish into encrypted_password" do
+      it 'does not initialize the salt' do
+        subject.salt.should == salt
+      end
+
+      it 'encrypts the password using Blowfish and the existing salt' do
         cipher = OpenSSL::Cipher::Cipher.new('bf-cbc').encrypt
         cipher.key = Digest::SHA256.digest(salt)
         expected = cipher.update("--#{salt}--#{password}--") << cipher.final
-        
         subject.encrypted_password.should == expected
       end
     end
 
-    context "when the salt is not set" do
+    context 'when the salt is not set' do
       before do
         subject.salt = nil
-
-        subject.send(:encrypt_password)
+        subject.password = 'whatever'
       end
 
-      it "should initialize the salt" do
+      it 'should initialize the salt' do
         subject.salt.should_not be_nil
       end
     end

data/spec/models/{clearance_user_spec.rb → password_strategies_spec.rb}

@@ -13,21 +13,21 @@ describe Clearance::User do
     end.new
   end
 
-  describe "when Clearance.configuration.password_strategy is set" do
+  describe 'when Clearance.configuration.password_strategy is set' do
     let(:mock_password_strategy) { Module.new }
 
     before { Clearance.configuration.password_strategy = mock_password_strategy }
 
-    it "includes the value it is set to" do
+    it 'includes the value it is set to' do
       subject.should be_kind_of(mock_password_strategy)
     end
   end
 
-  describe "when Clearance.configuration.password_strategy is not set" do
+  describe 'when Clearance.configuration.password_strategy is not set' do
     before { Clearance.configuration.password_strategy = nil }
 
-    it "includes Clearance::PasswordStrategies::SHA1" do
-      subject.should be_kind_of(Clearance::PasswordStrategies::SHA1)
+    it 'includes Clearance::PasswordStrategies::BCrypt' do
+      subject.should be_kind_of(Clearance::PasswordStrategies::BCrypt)
     end
   end
 end