cops 0.2.0.6

data/generators/blue_light_special_tests/templates/test/integration/password_reset_test.rb

@@ -0,0 +1,128 @@
+require 'test_helper'
+
+class PasswordResetTest < ActionController::IntegrationTest
+  
+  context 'When requesting a password reset' do
+    
+    setup do
+      ActionMailer::Base.deliveries.clear
+    end
+    
+    teardown do
+      ActionMailer::Base.deliveries.clear
+    end
+    
+    context 'when not signed up' do
+      
+      should 'see "Unknown email"' do
+        request_password_reset('unknown@bob.bob')
+        assert_match(/Unknown email/, response.body)
+      end
+      
+      should 'not send an email' do
+        request_password_reset('unknown@bob.bob')
+        assert ActionMailer::Base.deliveries.empty?
+      end
+      
+    end
+    
+    context 'when signed up' do
+      
+      setup do
+        @user = Factory(:user, :email => 'bob@bob.bob')
+      end
+      
+      should 'see "instructions for changing your password"' do
+        request_password_reset(@user.email)
+        assert_match(/instructions for changing your password/, response.body)
+      end
+      
+      should 'send a password reset email to the user' do
+        request_password_reset(@user.email)
+        @user.reload # catch updated confirmation token
+        Delayed::Job.work_off
+        assert !@user.password_reset_token.blank?
+        assert_sent_email do |email|
+          email.recipients =~ /#{Regexp.escape @user.email}/i &&
+          email.subject =~ /password/i &&
+          email.body[:url] =~ /#{Regexp.escape @user.password_reset_token}/
+        end
+      end
+      
+    end
+    
+  end
+  
+  context 'After requesting a password reset' do
+    
+    setup do
+      ActionMailer::Base.deliveries.clear
+      @user = Factory(:user, :email => 'bob@bob.bob')
+    end
+    
+    teardown do
+      ActionMailer::Base.deliveries.clear
+    end
+    
+    context 'with failed password confirmation' do
+      
+      should 'see error messages' do
+        request_password_reset('bob@bob.bob')
+        @user.reload
+        change_password(@user, :password => 'goodpassword', :confirm => 'badpassword')
+        assert_match(/Password doesn't match confirmation/, response.body)
+      end
+      
+      should 'not be signed in' do
+        request_password_reset('bob@bob.bob')
+        @user.reload
+        change_password(@user, :password => 'goodpassword', :confirm => 'badpassword')
+        assert !controller.signed_in?
+      end
+      
+    end
+    
+    context 'with valid password and confirmation' do
+      
+      should 'be signed in' do
+        request_password_reset('bob@bob.bob')
+        @user.reload
+        change_password(@user)
+        assert controller.signed_in?
+      end
+      
+      should 'be able to sign in with new password' do
+        request_password_reset('bob@bob.bob')
+        @user.reload
+        change_password(@user)
+        sign_out
+        sign_in_as('bob@bob.bob', 'goodpassword')
+        assert controller.signed_in?
+      end
+      
+    end
+    
+  end
+  
+  
+  private
+  
+  
+  def request_password_reset(email)
+    visit new_password_url
+    fill_in "Email Address", :with => email
+    click_button "reset password"
+  end
+  
+  def change_password(user, options = {})
+    options[:password]  ||= 'goodpassword'
+    options[:confirm]   ||= options[:password]
+    
+    visit edit_user_password_path(:user_id => user,
+                                  :token   => user.password_reset_token)
+    fill_in "Choose password",    :with => options[:password]
+    fill_in "Confirm password",   :with => options[:confirm]
+    click_button "save this password"
+  end
+  
+end

data/generators/blue_light_special_tests/templates/test/integration/sign_in_test.rb

@@ -0,0 +1,66 @@
+require 'test_helper'
+
+class SignInTest < ActionController::IntegrationTest
+  
+  context 'Signing in as a User' do
+    
+    context 'who is not in the system' do
+      
+      should 'see a failure message' do
+        sign_in_as('someone@somewhere.com', 'password')
+        assert_match(/Bad email or password/, response.body)
+      end
+      
+      should 'not be signed in' do
+        sign_in_as "someone@somewhere.com", 'password'
+        assert !controller.signed_in?
+      end
+      
+    end
+    
+    context 'when confirmed' do
+      
+      setup do
+        @user = Factory(:user, :email => "bob@bob.bob", :password => "password")
+      end
+      
+      should 'be signed in' do
+        sign_in_as 'bob@bob.bob', 'password'
+        assert controller.signed_in?
+      end
+      
+      should 'see "Signed In"' do
+        sign_in_as 'bob@bob.bob', 'password'
+        assert_match %r{Signed in}, @response.body
+      end
+      
+      should 'be signed in on subsequent requests' do
+        sign_in_as 'bob@bob.bob', 'password'
+        reset_session
+        visit root_url
+        assert controller.signed_in?
+      end
+      
+    end
+        
+    context 'when confirmed but with bad credentials' do
+      
+      setup do
+        @user = Factory(:user, :email => 'bob@bob.bob', :password => 'password')
+      end
+      
+      should 'not be signed in' do
+        sign_in_as 'bob@bob.bob', 'badpassword'
+        assert !controller.signed_in?
+      end
+      
+      should 'see "Bad email or password"' do
+        sign_in_as 'bob@bob.bob', 'badpassword'
+        assert_match /Bad email or password/, response.body
+      end
+      
+    end
+    
+  end
+  
+end

data/generators/blue_light_special_tests/templates/test/integration/sign_out_test.rb

@@ -0,0 +1,28 @@
+require 'test_helper'
+
+class SignOutTest < ActionController::IntegrationTest
+  
+  context 'Signing out as a user' do
+    
+    should 'see "Signed out"' do
+      sign_up(:email => 'bob@bob.bob')
+      sign_out
+      assert_match(/Signed out/, response.body)
+    end
+  
+    should 'be signed out' do
+      sign_up(:email => 'bob@bob.bob')
+      sign_out
+      assert !controller.signed_in?
+    end
+  
+    should 'be signed out when I return' do
+      sign_up(:email => 'bob@bob.bob')
+      sign_out
+      visit root_url
+      assert !controller.signed_in?
+    end
+    
+  end
+  
+end

data/generators/blue_light_special_tests/templates/test/integration/sign_up_test.rb

@@ -0,0 +1,47 @@
+require 'test_helper'
+
+class SignUpTest < ActionController::IntegrationTest
+  
+  context 'Signing up as a new user' do
+    
+    setup do
+      ActionMailer::Base.deliveries.clear
+    end
+
+    teardown do
+      ActionMailer::Base.deliveries.clear
+    end
+    
+    context 'with invalid data' do
+      
+      should 'show error messages' do
+        sign_up(:email => 'invalidemail', :password_confirmation => '', :first_name => '', :last_name => '')
+        assert_match /Email is invalid/, response.body
+        assert_match /First name.*blank/, response.body
+        assert_match /Last name.*blank/, response.body
+        assert_match /Password doesn't match confirmation/, response.body
+      end
+      
+    end
+    
+    context 'with valid data' do
+      
+      should 'sign in the user' do
+        sign_up(:email => 'bob@bob.bob', :password => 'password', :password_confirmation => 'password')
+        assert controller.signed_in?
+      end
+    
+      should 'send a welcome email' do
+        sign_up(:email => 'bob@bob.bob', :password => 'password', :password_confirmation => 'password')
+        user = User.find_by_email('bob@bob.bob')
+        Delayed::Job.work_off
+        sent = ActionMailer::Base.deliveries.last
+        assert_equal user.email, sent.recipients
+        assert_match /welcome/i, sent.subject
+      end
+      
+    end
+    
+  end
+
+end

data/lib/blue_light_special/authentication.rb

@@ -0,0 +1,138 @@
+module BlueLightSpecial
+  module Authentication
+
+    def self.included(controller) # :nodoc:
+      controller.send(:include, InstanceMethods)
+      controller.extend(ClassMethods)
+    end
+
+    module ClassMethods
+      def self.extended(controller)
+        controller.helper_method :current_user, :signed_in?, 
+                                 :signed_out?,  :impersonating?
+        controller.hide_action   :current_user, :current_user=,
+                                 :signed_in?,   :signed_out?,
+                                 :sign_in,      :sign_out,
+                                 :authenticate, :deny_access,
+                                 :impersonating?
+      end
+    end
+
+    module InstanceMethods
+      # User in the current cookie
+      #
+      # @return [User, nil]
+      def current_user
+        @_current_user ||= user_from_cookie
+      end
+
+      # Set the current user
+      #
+      # @param [User]
+      def current_user=(user)
+        @_current_user = user
+      end
+
+      # Is the current user signed in?
+      #
+      # @return [true, false]
+      def signed_in?
+        ! current_user.nil?
+      end
+
+      # Is the current user signed out?
+      #
+      # @return [true, false]
+      def signed_out?
+        current_user.nil?
+      end
+
+      # Deny the user access if they are signed out.
+      #
+      # @example
+      #   before_filter :authenticate
+      def authenticate
+        deny_access unless signed_in?
+      end
+
+      # Sign user in to cookie.
+      #
+      # @param [User]
+      #
+      # @example
+      #   sign_in(@user)
+      def sign_in(user)
+        if user
+          cookies[:remember_token] = {
+            :value   => user.remember_token,
+            :expires => 1.year.from_now.utc
+          }
+          self.current_user = user
+        end
+      end
+
+      # Sign user out of cookie.
+      #
+      # @example
+      #   sign_out
+      def sign_out
+        current_user.reset_remember_token! if current_user
+        cookies.delete(:remember_token)
+        self.current_user = nil
+      end
+
+      # Store the current location and redirect to sign in.
+      # Display a failure flash message if included.
+      #
+      # @param [String] optional flash message to display to denied user
+      def deny_access(flash_message = nil)
+        store_location
+        flash[:failure] = flash_message if flash_message
+        redirect_to(sign_in_url)
+      end
+      
+      def impersonating?
+        !session[:admin_user_id].blank?
+      end
+      
+
+      protected
+
+      def user_from_cookie
+        if token = cookies[:remember_token]
+          ::User.find_by_remember_token(token)
+        end
+      end
+
+      def sign_user_in(user)
+        warn "[DEPRECATION] sign_user_in: unnecessary. use sign_in(user) instead."
+        sign_in(user)
+      end
+
+      def store_location
+        if request.get?
+          session[:return_to] = request.request_uri
+        end
+      end
+
+      def redirect_back_or(default)
+        redirect_to(return_to || default)
+        clear_return_to
+      end
+
+      def return_to
+        session[:return_to] || params[:return_to]
+      end
+
+      def clear_return_to
+        session[:return_to] = nil
+      end
+
+      def redirect_to_root
+        redirect_to('/')
+      end
+      
+    end
+    
+  end
+end

data/lib/blue_light_special/configuration.rb

@@ -0,0 +1,34 @@
+module BlueLightSpecial
+  class Configuration
+    attr_accessor :mailer_sender
+    attr_accessor :impersonation_hash
+    attr_accessor :use_facebook_connect
+    attr_accessor :facebook_api_key
+    attr_accessor :facebook_secret_key
+    attr_accessor :use_delayed_job
+
+    def initialize
+      @mailer_sender          = 'donotreply@example.com'
+      @impersonation_hash     = 'e76e05e1ddf74560ffb64c02a1c1b26c'
+      @user_facebook_connect  = false
+      @use_delayed_job  = true
+    end
+  end
+
+  class << self
+    attr_accessor :configuration
+  end
+
+  # Configure BlueLightSpecial someplace sensible,
+  # like config/initializers/blue_light_special.rb
+  #
+  # @example
+  #   BlueLightSpecial.configure do |config|
+  #     config.mailer_sender = 'donotreply@example.com'
+  #     config.impersonation_hash = 'abc123def456...'
+  #   end
+  def self.configure
+    self.configuration ||= Configuration.new
+    yield(configuration)
+  end
+end

data/lib/blue_light_special/extensions/errors.rb

@@ -0,0 +1,6 @@
+if defined?(ActionController)
+  module ActionController
+    class Forbidden < StandardError
+    end
+  end
+end

data/lib/blue_light_special/extensions/rescue.rb

@@ -0,0 +1,5 @@
+if defined?(ActionDispatch::ShowExceptions) # Rails 3
+  ActionDispatch::ShowExceptions.rescue_responses.update('ActionController::Forbidden' => :forbidden)
+elsif defined?(ActionController::Base)
+  ActionController::Base.rescue_responses.update('ActionController::Forbidden' => :forbidden)
+end

data/lib/blue_light_special/routes.rb

@@ -0,0 +1,62 @@
+module BlueLightSpecial
+  class Routes
+
+    # In your application's config/routes.rb, draw BlueLightSpecial's routes:
+    #
+    # @example
+    #   map.resources :posts
+    #   BlueLightSpecial::Routes.draw(map)
+    #
+    # If you need to override a BlueLightSpecial route, invoke your app route
+    # earlier in the file so Rails' router short-circuits when it finds
+    # your route:
+    #
+    # @example
+    #   map.resources :users, :only => [:new, :create]
+    #   BlueLightSpecial::Routes.draw(map)
+    def self.draw(map)
+      map.resources :passwords,
+        :controller => 'blue_light_special/passwords',
+        :only       => [:new, :create]
+
+      map.resource  :session,
+        :controller => 'blue_light_special/sessions',
+        :only       => [:new, :create, :destroy]
+
+      map.resources :users, :controller => 'blue_light_special/users' do |users|
+        users.resource :password,
+          :controller => 'blue_light_special/passwords',
+          :only       => [:create, :edit, :update]
+          
+        users.resource :confirmation,
+          :controller => 'blue_light_special/confirmations',
+          :only       => [:new, :create]
+      end
+      
+      map.resource :impersonation,
+        :controller => 'blue_light_special/impersonations',
+        :only       => [:create, :destroy]
+      map.resources :impersonations,
+        :controller => 'blue_light_special/impersonations',
+        :only       => :index
+        
+      map.sign_up    'sign_up',
+        :controller   => 'blue_light_special/users',
+        :action       => 'new'
+      map.sign_in    'sign_in',
+        :controller   => 'blue_light_special/sessions',
+        :action       => 'new'
+      map.fb_connect 'fb_connect',
+        :controller   => 'blue_light_special/sessions',
+        :action       => 'create'
+      map.fb_disconnect 'fb_disconnect',
+        :controller   => 'blue_light_special/users',
+        :action       => 'facebook_remove'
+      map.sign_out   'sign_out',
+        :controller   => 'blue_light_special/sessions',
+        :action       => 'destroy',
+        :method       => :delete
+    end
+
+  end
+end