clearance 1.0.0.rc4 → 1.0.0.rc6

data/lib/clearance/password_strategies/sha1.rb

@@ -30,9 +30,13 @@ module Clearance
 
       def initialize_salt_if_necessary
         if salt.blank?
-          self.salt = generate_random_code
+          self.salt = generate_salt
         end
       end
+
+      def generate_salt
+        SecureRandom.hex(20).encode('UTF-8')
+      end
     end
   end
 end

data/lib/clearance/testing.rb

@@ -17,6 +17,6 @@ end
 if defined?(RSpec) && RSpec.respond_to?(:configure)
   RSpec.configure do |config|
     config.include Clearance::Testing::Matchers
-    config.include Clearance::Testing::Helpers
+    config.include Clearance::Testing::Helpers, :type => :controller
   end
 end

data/lib/clearance/testing/app/controllers/application_controller.rb

@@ -1,5 +1,5 @@
 class ApplicationController < ActionController::Base
-  include Clearance::Authentication
+  include Clearance::Controller
 
   def show
     render :text => '', :layout => 'application'

data/lib/clearance/user.rb

@@ -1,4 +1,5 @@
 require 'digest/sha1'
+require 'email_validator'
 
 module Clearance
   module User
@@ -10,29 +11,41 @@ module Clearance
 
       include Validations
       include Callbacks
-      include (Clearance.configuration.password_strategy ||
-        Clearance::PasswordStrategies::BCrypt)
+      include(
+        Clearance.configuration.password_strategy ||
+        Clearance::PasswordStrategies::BCrypt
+      )
     end
 
     module ClassMethods
       def authenticate(email, password)
-        if user = find_by_email(email.to_s.downcase)
+        if user = find_by_normalized_email(email)
           if user.authenticated? password
             return user
           end
         end
       end
+
+      def find_by_normalized_email(email)
+        find_by_email normalize_email(email)
+      end
+
+      def normalize_email(email)
+        email.to_s.downcase.gsub(/\s+/, "")
+      end
     end
 
     module Validations
       extend ActiveSupport::Concern
 
       included do
-        validates_presence_of :email, :unless => :email_optional?
-        validates_uniqueness_of :email, :allow_blank => true
-        validates_format_of :email, :with => %r{^[a-z0-9!#\$%&'*+\/=?^_`{|}~-]+(?:\.[a-z0-9!#\$%&'*+\/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?$}i, :allow_blank => true
+        validates :email,
+          email: true,
+          presence: true,
+          uniqueness: { allow_blank: true },
+          unless: :email_optional?
 
-        validates_presence_of :password, :unless => :password_optional?
+        validates :password, presence: true, unless: :password_optional?
       end
     end
 
@@ -40,7 +53,7 @@ module Clearance
       extend ActiveSupport::Concern
 
       included do
-        before_validation :downcase_email
+        before_validation :normalize_email
         before_create :generate_remember_token
       end
     end
@@ -69,8 +82,8 @@ module Clearance
 
     private
 
-    def downcase_email
-      self.email = email.to_s.downcase
+    def normalize_email
+      self.email = self.class.normalize_email(email)
     end
 
     def email_optional?

data/lib/clearance/version.rb

@@ -1,3 +1,3 @@
 module Clearance
-  VERSION = '1.0.0.rc4'
+  VERSION = '1.0.0.rc6'
 end

data/lib/generators/clearance/install/install_generator.rb

@@ -15,7 +15,7 @@ module Clearance
         inject_into(
           ApplicationController,
           'app/controllers/application_controller.rb',
-          'include Clearance::Authentication'
+          'include Clearance::Controller'
         )
       end
 

data/lib/generators/clearance/specs/templates/support/integration.rb

@@ -1,3 +1,5 @@
+Dir[Rails.root.join("spec/support/integration/*.rb")].each { |f| require f }
+
 RSpec.configure do |config|
   config.include Integration::ClearanceHelpers, :type => :request
   config.include Integration::ActionMailerHelpers, :type => :request

data/spec/clearance/back_door_spec.rb

@@ -0,0 +1,39 @@
+require 'spec_helper'
+
+describe Clearance::BackDoor do
+  it 'signs in as a given user' do
+    user_id = '123'
+    user = stub('user')
+    User.stubs(:find).with(user_id).returns(user)
+    env = env_for_user_id(user_id)
+    back_door = Clearance::BackDoor.new(mock_app)
+
+    result = back_door.call(env)
+
+    env[:clearance].should have_received(:sign_in).with(user)
+    result.should eq mock_app.call(env)
+  end
+
+  it 'delegates directly without a user' do
+    env = env_without_user_id
+    back_door = Clearance::BackDoor.new(mock_app)
+
+    result = back_door.call(env)
+
+    env[:clearance].should have_received(:sign_in).never
+    result.should eq mock_app.call(env)
+  end
+
+  def env_without_user_id
+    env_for_user_id('')
+  end
+
+  def env_for_user_id(user_id)
+    clearance = stub('clearance', sign_in: true)
+    Rack::MockRequest.env_for("/?as=#{user_id}").merge(clearance: clearance)
+  end
+
+  def mock_app
+    lambda { |env| [200, {}, ['okay']] }
+  end
+end

data/spec/controllers/denies_controller_spec.rb

@@ -1,7 +1,8 @@
 require 'spec_helper'
 
 class DeniesController < ActionController::Base
-  include Clearance::Authentication
+  include Clearance::Controller
+
   before_filter :authorize, :only => :show
 
   def new
@@ -23,7 +24,7 @@ describe DeniesController do
   before do
     Rails.application.routes.draw do
       resource :deny, :only => [:new, :show]
-      match 'sign_in'  => 'clearance/sessions#new', :as => 'sign_in'
+      get '/sign_in'  => 'clearance/sessions#new', :as => 'sign_in'
     end
   end
 

data/spec/controllers/flashes_controller_spec.rb

@@ -1,7 +1,7 @@
 require 'spec_helper'
 
 class FlashesController < ActionController::Base
-  include Clearance::Authentication
+  include Clearance::Controller
 
   def set_flash
     flash[:notice] = params[:message]
@@ -16,8 +16,8 @@ end
 describe FlashesController do
   before do
     Rails.application.routes.draw do
-      match 'set_flash' => 'flashes#set_flash'
-      match 'view_flash' => 'flashes#view_flash'
+      get '/set_flash' => 'flashes#set_flash'
+      get '/view_flash' => 'flashes#view_flash'
     end
   end
 

data/spec/controllers/forgeries_controller_spec.rb

@@ -1,7 +1,8 @@
 require 'spec_helper'
 
 class ForgeriesController < ActionController::Base
-  include Clearance::Authentication
+  include Clearance::Controller
+
   protect_from_forgery
   before_filter :authorize
 
@@ -18,7 +19,7 @@ describe ForgeriesController do
     before do
       Rails.application.routes.draw do
         resources :forgeries
-        match 'sign_in'  => 'clearance/sessions#new', :as => 'sign_in'
+        get '/sign_in'  => 'clearance/sessions#new', :as => 'sign_in'
       end
 
       @user = create(:user)

data/spec/controllers/passwords_controller_spec.rb

@@ -35,6 +35,20 @@ describe Clearance::PasswordsController do
         it { should respond_with(:success) }
       end
 
+      describe 'with correct email address capitalized differently' do
+        before do
+          ActionMailer::Base.deliveries.clear
+          post :create, :password => { :email => @user.email.upcase }
+        end
+
+        it 'should generate a token for the change your password email' do
+          @user.reload.confirmation_token.should_not be_nil
+        end
+
+        it { should have_sent_email.with_subject(/change your password/i) }
+        it { should respond_with(:success) }
+      end
+
       describe 'with incorrect email address' do
         before do
           email = 'user1@example.com'

data/spec/mailers/clearance_mailer_spec.rb

@@ -21,7 +21,15 @@ describe ClearanceMailer do
     @email.body.to_s.should =~ regexp
   end
 
-  it 'should set its subject' do
+  it 'sets its subject' do
     @email.subject.should =~ /Change your password/
   end
+
+  it 'contains opening text in the body' do
+    @email.body.should =~ /a link to change your password/
+  end
+
+  it 'contains closing text in the body' do
+    @email.body.should =~ /Your password has not been changed/
+  end
 end

data/spec/models/bcrypt_migration_from_sha1_spec.rb

@@ -2,12 +2,9 @@ require 'spec_helper'
 
 describe Clearance::PasswordStrategies::BCryptMigrationFromSHA1 do
   subject do
-    Class.new do
-      attr_reader :password
-      attr_accessor :encrypted_password
-      attr_accessor :salt
-      include Clearance::PasswordStrategies::BCryptMigrationFromSHA1
-    end.new
+    fake_model_with_password_strategy(
+      Clearance::PasswordStrategies::BCryptMigrationFromSHA1
+    )
   end
 
   describe '#password=' do
@@ -27,13 +24,12 @@ describe Clearance::PasswordStrategies::BCryptMigrationFromSHA1 do
     end
 
     it 'encrypts with BCrypt' do
-      BCrypt::Password.should have_received(:create).with(password)
+      BCrypt::Password.should have_received(:create).with(password, anything)
     end
 
     it 'sets the pasword on the subject' do
       subject.password.should be_present
     end
-
   end
 
   describe '#authenticated?' do
@@ -45,6 +41,7 @@ describe Clearance::PasswordStrategies::BCryptMigrationFromSHA1 do
       before do
         subject.salt = salt
         subject.encrypted_password = sha1_hash
+        subject.stubs :save => true
       end
 
       it 'is authenticated' do
@@ -61,6 +58,11 @@ describe Clearance::PasswordStrategies::BCryptMigrationFromSHA1 do
           subject.authenticated? 'bad' + password
         }.should_not raise_error(BCrypt::Errors::InvalidHash)
       end
+
+      it 'saves the subject to database' do
+        subject.authenticated? password
+        subject.should have_received(:save)
+      end
     end
 
     context 'with a BCrypt-encrypted password' do
@@ -80,5 +82,4 @@ describe Clearance::PasswordStrategies::BCryptMigrationFromSHA1 do
       end
     end
   end
-
 end

data/spec/models/bcrypt_spec.rb

@@ -2,10 +2,7 @@ require 'spec_helper'
 
 describe Clearance::PasswordStrategies::BCrypt do
   subject do
-    Class.new do
-      attr_accessor :encrypted_password
-      include Clearance::PasswordStrategies::BCrypt
-    end.new
+    fake_model_with_password_strategy(Clearance::PasswordStrategies::BCrypt)
   end
 
   describe '#password=' do
@@ -14,15 +11,32 @@ describe Clearance::PasswordStrategies::BCrypt do
 
     before do
       BCrypt::Password.stubs :create => encrypted_password
-      subject.password = password
     end
 
     it 'encrypts the password into encrypted_password' do
+      subject.password = password
+
       subject.encrypted_password.should == encrypted_password
     end
 
-    it 'encrypts with BCrypt' do
-      BCrypt::Password.should have_received(:create).with(password)
+    it 'encrypts with BCrypt using default cost in non test environments' do
+      Rails.stubs :env => ActiveSupport::StringInquirer.new("production")
+
+      subject.password = password
+
+      BCrypt::Password.should have_received(:create).with(
+        password,
+        :cost => ::BCrypt::Engine::DEFAULT_COST
+      )
+    end
+
+    it 'encrypts with BCrypt using minimum cost in test environment' do
+      subject.password = password
+
+      BCrypt::Password.should have_received(:create).with(
+        password,
+        :cost => ::BCrypt::Engine::MIN_COST
+      )
     end
   end
 

data/spec/models/blowfish_spec.rb

@@ -2,12 +2,7 @@ require 'spec_helper'
 
 describe Clearance::PasswordStrategies::Blowfish do
   subject do
-    Class.new do
-      attr_accessor :salt, :encrypted_password
-      include Clearance::PasswordStrategies::Blowfish
-
-      def generate_random_code; 'code'; end
-    end.new
+    fake_model_with_password_strategy(Clearance::PasswordStrategies::Blowfish)
   end
 
   describe '#password=' do

data/spec/models/password_strategies_spec.rb

@@ -2,10 +2,16 @@ require 'spec_helper'
 
 describe Clearance::User do
   subject do
+    class UniquenessValidator < ActiveModel::Validator
+      def validate(record)
+      end
+    end
+
     Class.new do
-      def self.validates_presence_of(*args); end
-      def self.validates_uniqueness_of(*args); end
-      def self.validates_format_of(*args); end
+      include ActiveModel::Validations
+
+      validates_with UniquenessValidator
+
       def self.before_validation(*args); end
       def self.before_create(*args); end
 

data/spec/models/sha1_spec.rb

@@ -2,12 +2,7 @@ require 'spec_helper'
 
 describe Clearance::PasswordStrategies::SHA1 do
   subject do
-    Class.new do
-      attr_accessor :salt, :encrypted_password
-      include Clearance::PasswordStrategies::SHA1
-
-      def generate_random_code; "code"; end
-    end.new
+    fake_model_with_password_strategy(Clearance::PasswordStrategies::SHA1)
   end
 
   describe '#password=' do

data/spec/models/user_spec.rb

@@ -15,8 +15,8 @@ describe User do
     it { should_not allow_value('foo').for(:email) }
     it { should_not allow_value('example.com').for(:email) }
 
-    it 'stores email in down case' do
-      user = create(:user, :email => 'John.Doe@example.com')
+    it 'stores email in down case and removes whitespace' do
+      user = create(:user, :email => 'Jo hn.Do e @exa mp le.c om')
       user.email.should == 'john.doe@example.com'
     end
   end
@@ -33,27 +33,28 @@ describe User do
     end
 
     it 'is authenticated with correct email and password' do
-      (Clearance.configuration.user_model.authenticate(@user.email, @password)).
-        should be
+      User.authenticate(@user.email, @password).should eq(@user)
       @user.should be_authenticated(@password)
     end
 
     it 'is authenticated with correct uppercased email and correct password' do
-      (Clearance.configuration.user_model.authenticate(@user.email.upcase, @password)).
-        should be
+      User.authenticate(@user.email.upcase, @password).should eq(@user)
       @user.should be_authenticated(@password)
     end
 
     it 'is authenticated with incorrect credentials' do
-      (Clearance.configuration.user_model.authenticate(@user.email, 'bad_password')).
-        should_not be
+      User.authenticate(@user.email, 'bad_password').should be_nil
       @user.should_not be_authenticated('bad password')
     end
+
+    it 'is retrieved via a case-insensitive search' do
+      User.find_by_normalized_email(@user.email.upcase).should eq(@user)
+    end
   end
 
   describe 'when resetting authentication with reset_remember_token!' do
     before do
-      @user  = create(:user)
+      @user = create(:user)
       @user.remember_token = 'old-token'
       @user.reset_remember_token!
     end
@@ -139,6 +140,7 @@ describe User do
   describe 'a user with an optional email' do
     before do
       @user = User.new
+
       class << @user
         def email_optional?
           true
@@ -175,6 +177,14 @@ describe User do
     end
   end
 
+  describe 'email address normalization' do
+    let(:email) { 'Jo hn.Do e @exa mp le.c om' }
+
+    it 'downcases the address and strips spaces' do
+      User.normalize_email(email).should eq 'john.doe@example.com'
+    end
+  end
+
   describe 'the password setter on a User' do
     let(:password) { 'a-password' }
     before { subject.send(:password=, password) }