clearance 0.8.4 → 0.8.5

data/generators/clearance_views/templates/formtastic/sessions/new.html.erb

@@ -12,7 +12,7 @@
 
 <ul>
   <li>
-    <%= link_to "Sign up", new_user_path %>
+    <%= link_to "Sign up", sign_up_path %>
   </li>
   <li>
     <%= link_to "Forgot password?", new_password_path %>

data/lib/clearance.rb

@@ -1,6 +1,7 @@
 require 'clearance/extensions/errors'
 require 'clearance/extensions/rescue'
-require 'clearance/extensions/routes'
 
+require 'clearance/configuration'
+require 'clearance/routes'
 require 'clearance/authentication'
 require 'clearance/user'

data/lib/clearance/authentication.rb

@@ -87,7 +87,7 @@ module Clearance
       def deny_access(flash_message = nil)
         store_location
         flash[:failure] = flash_message if flash_message
-        redirect_to(new_session_url)
+        redirect_to(sign_in_url)
       end
 
       protected
@@ -123,7 +123,7 @@ module Clearance
       end
 
       def redirect_to_root
-        redirect_to(root_url)
+        redirect_to('/')
       end
     end
 

data/lib/clearance/configuration.rb

@@ -0,0 +1,25 @@
+module Clearance
+  class Configuration
+    attr_accessor :mailer_sender
+
+    def initialize
+      @mailer_sender = 'donotreply@example.com'
+    end
+  end
+
+  class << self
+    attr_accessor :configuration
+  end
+
+  # Configure Clearance someplace sensible,
+  # like config/initializers/clearance.rb
+  #
+  # @example
+  #   Clearance.configure do |config|
+  #     config.mailer_sender = 'donotreply@example.com'
+  #   end
+  def self.configure
+    self.configuration ||= Configuration.new
+    yield(configuration)
+  end
+end

data/lib/clearance/routes.rb

@@ -0,0 +1,49 @@
+module Clearance
+  class Routes
+
+    # In your application's config/routes.rb, draw Clearance's routes:
+    #
+    # @example
+    #   map.resources :posts
+    #   Clearance::Routes.draw(map)
+    #
+    # If you need to override a Clearance route, invoke your app route
+    # earlier in the file so Rails' router short-circuits when it finds
+    # your route:
+    #
+    # @example
+    #   map.resources :users, :only => [:new, :create]
+    #   Clearance::Routes.draw(map)
+    def self.draw(map)
+      map.resources :passwords,
+        :controller => 'clearance/passwords',
+        :only       => [:new, :create]
+
+      map.resource  :session,
+        :controller => 'clearance/sessions',
+        :only       => [:new, :create, :destroy]
+
+      map.resources :users, :controller => 'clearance/users' do |users|
+        users.resource :password,
+          :controller => 'clearance/passwords',
+          :only       => [:create, :edit, :update]
+
+        users.resource :confirmation,
+          :controller => 'clearance/confirmations',
+          :only       => [:new, :create]
+      end
+
+      map.sign_up  'sign_up',
+        :controller => 'clearance/users',
+        :action     => 'new'
+      map.sign_in  'sign_in',
+        :controller => 'clearance/sessions',
+        :action     => 'new'
+      map.sign_out 'sign_out',
+        :controller => 'clearance/sessions',
+        :action     => 'destroy',
+        :method     => :delete
+    end
+
+  end
+end

data/lib/clearance/user.rb

@@ -24,29 +24,11 @@ module Clearance
       model.extend(ClassMethods)
 
       model.send(:include, InstanceMethods)
-      model.send(:include, AttrAccessible)
       model.send(:include, AttrAccessor)
       model.send(:include, Validations)
       model.send(:include, Callbacks)
     end
 
-    module AttrAccessible
-      # Hook for attr_accessible white list.
-      #
-      # :email, :password, :password_confirmation
-      #
-      # Append other attributes that must be mass-assigned in your model.
-      #
-      # @example
-      #   include Clearance::User
-      #   attr_accessible :location, :gender
-      def self.included(model)
-        model.class_eval do
-          attr_accessible :email, :password, :password_confirmation
-        end
-      end
-    end
-
     module AttrAccessor
       # Hook for attr_accessor virtual attributes.
       #

data/shoulda_macros/clearance.rb

@@ -54,7 +54,7 @@ module Clearance
         should_not_set_the_flash
       end
 
-      should_redirect_to('new_session_url') { new_session_url }
+      should_redirect_to('sign in page') { sign_in_url }
     end
 
     # HTTP FLUENCY

data/test/controllers/confirmations_controller_test.rb

@@ -0,0 +1,100 @@
+require 'test_helper'
+
+class ConfirmationsControllerTest < ActionController::TestCase
+
+  tests Clearance::ConfirmationsController
+
+  should_filter_params :token
+
+  context "a user whose email has not been confirmed" do
+    setup { @user = Factory(:user) }
+
+    should "have a token" do
+      assert_not_nil @user.confirmation_token
+      assert_not_equal "", @user.confirmation_token
+    end
+
+    context "on GET to #new with correct id and token" do
+      setup do
+        get :new, :user_id => @user.to_param,
+                  :token   => @user.confirmation_token
+      end
+
+      should_set_the_flash_to /confirmed email/i
+      should_set_the_flash_to /signed in/i
+      should_redirect_to_url_after_create
+    end
+
+    context "with an incorrect token" do
+      setup do
+        @bad_token = "bad token"
+        assert_not_equal @bad_token, @user.confirmation_token
+      end
+
+      should_forbid "on GET to #new with incorrect token" do
+        get :new, :user_id => @user.to_param,
+                  :token   => @bad_token
+      end
+    end
+
+    should_forbid "on GET to #new with blank token" do
+      get :new, :user_id => @user.to_param, :token => ""
+    end
+
+    should_forbid "on GET to #new with no token" do
+      get :new, :user_id => @user.to_param
+    end
+  end
+
+  context "a signed in confirmed user on GET to #new with token" do
+    setup do
+      @user  = Factory(:user)
+      @token = @user.confirmation_token
+      @user.confirm_email!
+      sign_in_as @user
+
+      get :new, :user_id => @user.to_param, :token => @token
+    end
+
+    should_set_the_flash_to /confirmed email/i
+    should_redirect_to_url_after_create
+  end
+
+  context "a bad user" do
+    setup do
+      @user  = Factory(:user)
+      @token = @user.confirmation_token
+      @user.confirm_email!
+
+      @bad_user = Factory(:email_confirmed_user)
+      sign_in_as @bad_user
+    end
+
+    should_forbid "on GET to #new with token for another user" do
+      get :new, :user_id => @user.to_param, :token => @token
+    end
+  end
+
+  context "a signed out confirmed user on GET to #new with token" do
+    setup do
+      @user  = Factory(:user)
+      @token = @user.confirmation_token
+      @user.confirm_email!
+      get :new, :user_id => @user.to_param, :token => @token
+    end
+
+    should_set_the_flash_to /already confirmed/i
+    should_set_the_flash_to /sign in/i
+    should_not_be_signed_in
+    should_redirect_to_url_already_confirmed
+  end
+
+  context "no users" do
+    setup { assert_equal 0, ::User.count }
+
+    should_forbid "on GET to #new with nonexistent id and token" do
+      get :new, :user_id => '123', :token => '123'
+    end
+  end
+
+end

data/test/controllers/passwords_controller_test.rb

@@ -0,0 +1,183 @@
+require 'test_helper'
+
+class PasswordsControllerTest < ActionController::TestCase
+
+  tests Clearance::PasswordsController
+
+  should_route :get, '/users/1/password/edit',
+    :controller => 'clearance/passwords', :action  => 'edit', :user_id => '1'
+
+  context "a signed up user" do
+    setup do
+      @user = Factory(:user)
+    end
+
+    context "on GET to #new" do
+      setup { get :new, :user_id => @user.to_param }
+
+      should_respond_with :success
+      should_render_template "new"
+    end
+
+    context "on POST to #create" do
+      context "with correct email address" do
+        setup do
+          ActionMailer::Base.deliveries.clear
+          post :create, :password => { :email => @user.email }
+        end
+
+        should "generate a token for the change your password email" do
+          assert_not_nil @user.reload.confirmation_token
+        end
+
+        should "send the change your password email" do
+          assert_sent_email do |email|
+            email.subject =~ /change your password/i
+          end
+        end
+
+        should_set_the_flash_to /password/i
+        should_redirect_to_url_after_create
+      end
+
+      context "with incorrect email address" do
+        setup do
+          email = "user1@example.com"
+          assert ! ::User.exists?(['email = ?', email])
+          ActionMailer::Base.deliveries.clear
+          assert_equal @user.confirmation_token,
+                       @user.reload.confirmation_token
+
+          post :create, :password => { :email => email }
+        end
+
+        should "not generate a token for the change your password email" do
+          assert_equal @user.confirmation_token,
+                       @user.reload.confirmation_token
+        end
+
+        should "not send a password reminder email" do
+          assert ActionMailer::Base.deliveries.empty?
+        end
+
+        should "set the failure flash to Unknown email" do
+          assert_match /unknown email/i, flash.now[:failure]
+        end
+
+        should_render_template :new
+      end
+    end
+  end
+
+  context "a signed up user and forgotten password" do
+    setup do
+      @user = Factory(:user)
+      @user.forgot_password!
+    end
+
+    context "on GET to #edit with correct id and token" do
+      setup do
+        get :edit, :user_id => @user.to_param,
+                   :token   => @user.confirmation_token
+      end
+
+      should "find the user" do
+        assert_equal @user, assigns(:user)
+      end
+
+      should_respond_with :success
+      should_render_template "edit"
+      should_display_a_password_update_form
+    end
+
+    should_forbid "on GET to #edit with correct id but blank token" do
+      get :edit, :user_id => @user.to_param, :token => ""
+    end
+
+    should_forbid "on GET to #edit with correct id but no token" do
+      get :edit, :user_id => @user.to_param
+    end
+
+    context "on PUT to #update with matching password and password confirmation" do
+      setup do
+        new_password = "new_password"
+        @encrypted_new_password = @user.send(:encrypt, new_password)
+        assert_not_equal @encrypted_new_password, @user.encrypted_password
+
+        put(:update,
+            :user_id  => @user,
+            :token    => @user.confirmation_token,
+            :user     => {
+              :password              => new_password,
+              :password_confirmation => new_password
+            })
+        @user.reload
+      end
+
+      should "update password" do
+        assert_equal @encrypted_new_password,
+                     @user.encrypted_password
+      end
+
+      should "clear confirmation token" do
+        assert_nil @user.confirmation_token
+      end
+
+      should "set remember token" do
+        assert_not_nil @user.remember_token
+      end
+
+      should_set_the_flash_to(/signed in/i)
+      should_redirect_to_url_after_update
+    end
+
+    context "on PUT to #update with password but blank password confirmation" do
+      setup do
+        new_password = "new_password"
+        @encrypted_new_password = @user.send(:encrypt, new_password)
+
+        put(:update,
+            :user_id => @user.to_param,
+            :token   => @user.confirmation_token,
+            :user    => {
+              :password => new_password,
+              :password_confirmation => ''
+            })
+        @user.reload
+      end
+
+      should "not update password" do
+        assert_not_equal @encrypted_new_password,
+                         @user.encrypted_password
+      end
+
+      should "not clear token" do
+        assert_not_nil @user.confirmation_token
+      end
+
+      should_not_be_signed_in
+      should_not_set_the_flash
+      should_respond_with    :success
+      should_render_template :edit
+
+      should_display_a_password_update_form
+    end
+
+    should_forbid "on PUT to #update with id but no token" do
+      put :update, :user_id => @user.to_param, :token => ""
+    end
+  end
+
+  context "given two users and user one signs in" do
+    setup do
+      @user_one = Factory(:user)
+      @user_two = Factory(:user)
+      sign_in_as @user_one
+    end
+
+    should_forbid "when user one tries to change user two's password on GET with no token" do
+      get :edit, :user_id => @user_two.to_param
+    end
+  end
+
+end

data/test/controllers/sessions_controller_test.rb

@@ -0,0 +1,141 @@
+require 'test_helper'
+
+class SessionsControllerTest < ActionController::TestCase
+
+  tests Clearance::SessionsController
+
+  should_filter_params :password
+
+  context "on GET to /sessions/new" do
+    setup { get :new }
+
+    should_respond_with    :success
+    should_render_template :new
+    should_not_set_the_flash
+    should_display_a_sign_in_form
+  end
+
+  context "on POST to #create with unconfirmed credentials" do
+    setup do
+      @user = Factory(:user)
+      ActionMailer::Base.deliveries.clear
+      post :create, :session => {
+                      :email    => @user.email,
+                      :password => @user.password }
+    end
+
+    should_deny_access(:flash => /User has not confirmed email. Confirmation email will be resent./i)
+
+    should "send the confirmation email" do
+      assert_not_nil email = ActionMailer::Base.deliveries[0]
+      assert_match /account confirmation/i, email.subject
+    end
+  end
+
+  context "on POST to #create with good credentials" do
+    setup do
+      @user = Factory(:email_confirmed_user)
+      post :create, :session => {
+                      :email    => @user.email,
+                      :password => @user.password }
+    end
+
+    should_set_the_flash_to /signed in/i
+    should_redirect_to_url_after_create
+
+    should 'set the cookie' do
+      assert ! cookies['remember_token'].empty?
+    end
+
+    should 'set the token in users table' do
+      assert_not_nil @user.reload.remember_token
+    end
+  end
+
+  context "on POST to #create with good credentials and a session return url" do
+    setup do
+      @user = Factory(:email_confirmed_user)
+      @return_url = '/url_in_the_session'
+      @request.session[:return_to] = @return_url
+      post :create, :session => {
+                      :email    => @user.email,
+                      :password => @user.password }
+    end
+
+    should_redirect_to("the return URL") { @return_url }
+  end
+
+  context "on POST to #create with good credentials and a request return url" do
+    setup do
+      @user = Factory(:email_confirmed_user)
+      @return_url = '/url_in_the_request'
+      post :create, :session => {
+                      :email     => @user.email,
+                      :password  => @user.password },
+                      :return_to => @return_url
+    end
+
+    should_redirect_to("the return URL") { @return_url }
+  end
+
+  context "on POST to #create with good credentials and a session return url and request return url" do
+    setup do
+      @user = Factory(:email_confirmed_user)
+      @return_url = '/url_in_the_session'
+      @request.session[:return_to] = @return_url
+      post :create, :session => {
+                      :email     => @user.email,
+                      :password  => @user.password },
+                      :return_to => '/url_in_the_request'
+    end
+
+    should_redirect_to("the return URL") { @return_url }
+  end
+
+  context "on POST to #create with bad credentials" do
+    setup do
+      post :create, :session => {
+                      :email       => 'bad.email@example.com',
+                      :password    => "bad value" }
+    end
+
+    should_set_the_flash_to /bad/i
+    should_respond_with    :unauthorized
+    should_render_template :new
+    should_not_be_signed_in
+
+    should 'not create the cookie' do
+      assert_nil cookies['remember_token']
+    end
+  end
+
+  context "on DELETE to #destroy given a signed out user" do
+    setup do
+      sign_out
+      delete :destroy
+    end
+    should_set_the_flash_to(/signed out/i)
+    should_redirect_to_url_after_destroy
+  end
+
+  context "on DELETE to #destroy with a cookie" do
+    setup do
+      @user = Factory(:email_confirmed_user)
+      cookies['remember_token'] = CGI::Cookie.new('token', 'value')
+      sign_in_as @user
+      delete :destroy
+    end
+
+    should_set_the_flash_to(/signed out/i)
+    should_redirect_to_url_after_destroy
+
+    should "delete the cookie token" do
+      assert_nil cookies['remember_token']
+    end
+
+    should "delete the database token" do
+      assert_nil @user.reload.remember_token
+    end
+  end
+
+end