clearance 1.7.0 → 1.8.0

data/spec/controllers/users_controller_spec.rb

@@ -1,88 +1,75 @@
-require 'spec_helper'
+require "spec_helper"
 
 describe Clearance::UsersController do
   it { should be_a Clearance::BaseController }
 
-  describe 'when signed out' do
-    before { sign_out }
+  describe "on GET to #new" do
+    context "when signed out" do
+      it "renders a form for a new user" do
+        get :new
 
-    describe 'on GET to #new' do
-      before { get :new }
-
-      it { is_expected.to respond_with(:success) }
-      it { is_expected.to render_template(:new) }
-      it { is_expected.not_to set_the_flash }
-    end
-
-    describe 'on GET to #new with email' do
-      before do
-        @email = 'a@example.com'
-        get :new, user: { email: @email }
+        expect(response).to be_success
+        expect(response).to render_template(:new)
       end
 
-      it 'should set assigned user email' do
-        expect(assigns(:user).email).to eq @email
+      it "defaults email field to the value provided in the query string" do
+        get :new, user: { email: "a@example.com" }
+
+        expect(assigns(:user).email).to eq "a@example.com"
+        expect(response).to be_success
+        expect(response).to render_template(:new)
       end
     end
 
-    describe 'on POST to #create with valid attributes' do
-      before do
-        user_attributes = FactoryGirl.attributes_for(:user)
-        @old_user_count = User.count
-        post :create, user: user_attributes
-      end
+    context "when signed in" do
+      it "redirects to the configured clearance redirect url" do
+        sign_in
 
-      it 'assigns a user' do
-        expect(assigns(:user)).to be_present
-      end
+        get :new
 
-      it 'should create a new user' do
-        expect(User.count).to eq @old_user_count + 1
+        expect(response).to redirect_to(Clearance.configuration.redirect_url)
       end
-
-      it { should redirect_to_url_after_create }
     end
+  end
 
-    describe 'on POST to #create with valid attributes and a session return url' do
-      before do
-        user_attributes = FactoryGirl.attributes_for(:user)
-        @old_user_count = User.count
-        @return_url = '/url_in_the_session'
-        @request.session[:return_to] = @return_url
-        post :create, user: user_attributes
-      end
+  describe "on POST to #create" do
+    context "when signed out" do
+      context "with valid attributes" do
+        it "assigns and creates a user then redirects to the redirect_url" do
+          user_attributes = FactoryGirl.attributes_for(:user)
+          old_user_count = User.count
 
-      it 'assigns a user' do
-        expect(assigns(:user)).to be_present
-      end
+          post :create, user: user_attributes
 
-      it 'should create a new user' do
-        expect(User.count).to eq @old_user_count + 1
+          expect(assigns(:user)).to be_present
+          expect(User.count).to eq old_user_count + 1
+          expect(response).to redirect_to(Clearance.configuration.redirect_url)
+        end
       end
 
-      it { should redirect_to(@return_url) }
-    end
-  end
+      context "with valid attributes and a session return url" do
+        it "assigns and creates a user then redirects to the return_url" do
+          user_attributes = FactoryGirl.attributes_for(:user)
+          old_user_count = User.count
+          return_url = "/url_in_the_session"
+          @request.session[:return_to] = return_url
 
-  describe 'A signed-in user' do
-    before do
-      @user = create(:user)
-      sign_in_as @user
-    end
-
-    describe 'GET to new' do
-      before { get :new }
+          post :create, user: user_attributes
 
-      it 'redirects to the home page' do
-        should redirect_to(Clearance.configuration.redirect_url)
+          expect(assigns(:user)).to be_present
+          expect(User.count).to eq old_user_count + 1
+          expect(response).to redirect_to(return_url)
+        end
       end
     end
 
-    describe 'POST to create' do
-      before { post :create, user: {} }
+    context "when signed in" do
+      it "redirects to the configured clearance redirect url" do
+        sign_in
+
+        post :create, user: {}
 
-      it 'redirects to the home page' do
-        should redirect_to(Clearance.configuration.redirect_url)
+        expect(response).to redirect_to(Clearance.configuration.redirect_url)
       end
     end
   end

data/spec/dummy/app/models/user.rb

@@ -0,0 +1,3 @@
+class User < ActiveRecord::Base
+  include Clearance::User
+end

data/spec/dummy/app/models/user_with_optional_password.rb

@@ -0,0 +1,7 @@
+class UserWithOptionalPassword < User
+  private
+
+  def password_optional?
+    true
+  end
+end

data/spec/dummy/application.rb

@@ -1,4 +1,5 @@
 require "rails/all"
+require "clearance"
 
 module Dummy
   APP_ROOT = File.expand_path("..", __FILE__).freeze
@@ -23,6 +24,7 @@ module Dummy
     config.eager_load = false
     config.encoding = "utf-8"
     config.paths["app/controllers"] << "#{APP_ROOT}/app/controllers"
+    config.paths["app/models"] << "#{APP_ROOT}/app/models"
     config.paths["app/views"] << "#{APP_ROOT}/app/views"
     config.paths["config/database"] = "#{APP_ROOT}/config/database.yml"
     config.paths["log"] = "tmp/log/development.log"

data/spec/factories.rb

@@ -7,6 +7,10 @@ FactoryGirl.define do
     email
     password 'password'
 
+    trait :with_forgotten_password do
+      confirmation_token Clearance::Token.new
+    end
+
     factory :user_with_optional_password, class: 'UserWithOptionalPassword' do
       password nil
       encrypted_password ''

data/spec/{models → password_strategies}/bcrypt_migration_from_sha1_spec.rb

@@ -1,4 +1,5 @@
 require "spec_helper"
+include FakeModelWithPasswordStrategy
 
 describe Clearance::PasswordStrategies::BCryptMigrationFromSHA1 do
   describe "#password=" do

data/spec/password_strategies/bcrypt_spec.rb

@@ -0,0 +1,81 @@
+require "spec_helper"
+include FakeModelWithPasswordStrategy
+
+describe Clearance::PasswordStrategies::BCrypt do
+  describe "#password=" do
+    it "encrypts the password into encrypted_password" do
+      stub_bcrypt_password
+      model_instance = fake_model_with_bcrypt_strategy
+
+      model_instance.password = password
+
+      expect(model_instance.encrypted_password).to eq encrypted_password
+    end
+
+    it "encrypts with BCrypt using default cost in non test environments" do
+      stub_bcrypt_password
+      model_instance = fake_model_with_bcrypt_strategy
+      allow(Rails).to receive(:env).
+        and_return(ActiveSupport::StringInquirer.new("production"))
+
+      model_instance.password = password
+
+      expect(BCrypt::Password).to have_received(:create).with(
+        password,
+        cost: ::BCrypt::Engine::DEFAULT_COST
+      )
+    end
+
+    it "encrypts with BCrypt using minimum cost in test environment" do
+      stub_bcrypt_password
+      model_instance = fake_model_with_bcrypt_strategy
+
+      model_instance.password = password
+
+      expect(BCrypt::Password).to have_received(:create).with(
+        password,
+        cost: ::BCrypt::Engine::MIN_COST
+      )
+    end
+
+    def stub_bcrypt_password
+      allow(BCrypt::Password).to receive(:create).and_return(encrypted_password)
+    end
+
+    def encrypted_password
+      @encrypted_password ||= double("encrypted password")
+    end
+  end
+
+  describe "#authenticated?" do
+    context "given a password" do
+      it "is authenticated with BCrypt" do
+        model_instance = fake_model_with_bcrypt_strategy
+
+        model_instance.password = password
+
+        expect(model_instance).to be_authenticated(password)
+      end
+    end
+
+    context "given no password" do
+      it "is not authenticated" do
+        model_instance = fake_model_with_bcrypt_strategy
+
+        password = nil
+
+        expect(model_instance).not_to be_authenticated(password)
+      end
+    end
+  end
+
+  def fake_model_with_bcrypt_strategy
+    @model_instance ||= fake_model_with_password_strategy(
+      Clearance::PasswordStrategies::BCrypt
+    )
+  end
+
+  def password
+    "password"
+  end
+end

data/spec/password_strategies/blowfish_spec.rb

@@ -0,0 +1,55 @@
+require "spec_helper"
+include FakeModelWithPasswordStrategy
+
+describe Clearance::PasswordStrategies::Blowfish do
+  describe "#password=" do
+    context "when the password is set" do
+      it "does not initialize the salt" do
+        model_instance = fake_model_with_blowfish_strategy
+        model_instance.salt = salt
+        model_instance.password = password
+
+        expect(model_instance.salt).to eq salt
+      end
+
+      it "encrypts the password using Blowfish and the existing salt" do
+        model_instance = fake_model_with_blowfish_strategy
+        model_instance.salt = salt
+        model_instance.salt = salt
+        model_instance.password = password
+        cipher = OpenSSL::Cipher::Cipher.new("bf-cbc").encrypt
+        cipher.key = Digest::SHA256.digest(salt)
+        expected = cipher.update("--#{salt}--#{password}--") << cipher.final
+
+        encrypted_password = Base64.decode64(model_instance.encrypted_password)
+
+        expect(encrypted_password).to eq expected
+      end
+    end
+
+    context "when the salt is not set" do
+      it "should initialize the salt" do
+        model_instance = fake_model_with_blowfish_strategy
+        model_instance.salt = salt
+        model_instance.salt = nil
+        model_instance.password = password
+
+        expect(model_instance.salt).not_to be_nil
+      end
+    end
+  end
+
+  def fake_model_with_blowfish_strategy
+    @model_instance ||= fake_model_with_password_strategy(
+      Clearance::PasswordStrategies::Blowfish
+    )
+  end
+
+  def salt
+    "salt"
+  end
+
+  def password
+    "password"
+  end
+end

data/spec/password_strategies/password_strategies_spec.rb

@@ -0,0 +1,28 @@
+require "spec_helper"
+include FakeModelWithoutPasswordStrategy
+
+describe "Password strategy configuration" do
+  describe "when Clearance.configuration.password_strategy is set" do
+    it "includes the value it is set to" do
+      mock_password_strategy = Module.new
+
+      Clearance.configuration.password_strategy = mock_password_strategy
+
+      expect(model_instance).to be_kind_of(mock_password_strategy)
+    end
+  end
+
+  describe "when Clearance.configuration.password_strategy is not set" do
+    it "includes Clearance::PasswordStrategies::BCrypt" do
+      Clearance.configuration.password_strategy = nil
+
+      expect(model_instance).to be_kind_of(
+        Clearance::PasswordStrategies::BCrypt
+      )
+    end
+  end
+
+  def model_instance
+    fake_model_without_password_strategy
+  end
+end

data/spec/password_strategies/sha1_spec.rb

@@ -0,0 +1,53 @@
+require "spec_helper"
+include FakeModelWithPasswordStrategy
+
+describe Clearance::PasswordStrategies::SHA1 do
+  describe "#password=" do
+    context "when the salt is set" do
+      it "does not initialize the salt when assigned" do
+        model_instance = fake_model_with_sha1_strategy
+
+        model_instance.salt = salt
+
+        expect(model_instance.salt).to eq salt
+      end
+
+      it "encrypts the password using SHA1 and the existing salt" do
+        model_instance = fake_model_with_sha1_strategy
+        model_instance.salt = salt
+        model_instance.password = password
+
+        expected = Digest::SHA1.hexdigest("--#{salt}--#{password}--")
+
+        expect(model_instance.encrypted_password).to eq expected
+      end
+    end
+
+    context "when the salt is set" do
+      it "generates the salt" do
+        model_instance = fake_model_with_sha1_strategy
+        model_instance.password = ""
+
+        expect(model_instance.salt).not_to be_nil
+      end
+
+      it "doesn't encrypt the password" do
+        model_instance = fake_model_with_sha1_strategy
+
+        expect(model_instance.encrypted_password).to be_nil
+      end
+    end
+  end
+
+  def fake_model_with_sha1_strategy
+    fake_model_with_password_strategy(Clearance::PasswordStrategies::SHA1)
+  end
+
+  def salt
+    "salt"
+  end
+
+  def password
+    "password"
+  end
+end

data/spec/support/clearance.rb

@@ -4,22 +4,6 @@ Clearance.configure do |config|
   # need an empty block to initialize the configuration object
 end
 
-class ApplicationController < ActionController::Base
-  include Clearance::Controller
-end
-
-class User < ActiveRecord::Base
-  include Clearance::User
-end
-
-class UserWithOptionalPassword < User
-  private
-
-  def password_optional?
-    true
-  end
-end
-
 module Clearance
   module Test
     module Redirects

data/spec/support/fake_model_with_password_strategy.rb

@@ -8,7 +8,3 @@ module FakeModelWithPasswordStrategy
     end.new
   end
 end
-
-RSpec.configure do |config|
-  config.include FakeModelWithPasswordStrategy
-end

data/spec/support/fake_model_without_password_strategy.rb

@@ -0,0 +1,19 @@
+module FakeModelWithoutPasswordStrategy
+  def fake_model_without_password_strategy
+    Class.new do
+      include ActiveModel::Validations
+
+      validates_with UniquenessValidator
+
+      def self.before_validation(*); end
+      def self.before_create(*); end
+
+      include Clearance::User
+    end.new
+  end
+end
+
+class UniquenessValidator < ActiveModel::Validator
+  def validate(_record)
+  end
+end