cops 0.2.0.6
Sign up to get free protection for your applications and to get access to all the features.
- data/LICENSE +20 -0
- data/README.rdoc +113 -0
- data/Rakefile +95 -0
- data/VERSION +1 -0
- data/app/controllers/blue_light_special/confirmations_controller.rb +76 -0
- data/app/controllers/blue_light_special/impersonations_controller.rb +44 -0
- data/app/controllers/blue_light_special/passwords_controller.rb +93 -0
- data/app/controllers/blue_light_special/sessions_controller.rb +76 -0
- data/app/controllers/blue_light_special/users_controller.rb +85 -0
- data/app/models/blue_light_special_mailer.rb +28 -0
- data/app/models/deliver_change_password_job.rb +19 -0
- data/app/models/deliver_welcome_job.rb +17 -0
- data/app/models/generic_mailer.rb +31 -0
- data/app/models/impersonation.rb +26 -0
- data/app/models/mimi_mailer.rb +30 -0
- data/app/views/generic_mailer/change_password.html.erb +9 -0
- data/app/views/generic_mailer/confirmation.html.erb +5 -0
- data/app/views/generic_mailer/welcome.html.erb +1 -0
- data/app/views/impersonations/index.html.erb +5 -0
- data/app/views/passwords/edit.html.erb +23 -0
- data/app/views/passwords/new.html.erb +15 -0
- data/app/views/sessions/new.html.erb +48 -0
- data/app/views/users/_form.html.erb +21 -0
- data/app/views/users/edit.html.erb +6 -0
- data/app/views/users/new.html.erb +6 -0
- data/app/views/users/show.html.erb +8 -0
- data/generators/blue_light_special/USAGE +1 -0
- data/generators/blue_light_special/blue_light_special_generator.rb +78 -0
- data/generators/blue_light_special/lib/insert_commands.rb +33 -0
- data/generators/blue_light_special/lib/rake_commands.rb +22 -0
- data/generators/blue_light_special/templates/README +20 -0
- data/generators/blue_light_special/templates/application.html.erb +50 -0
- data/generators/blue_light_special/templates/blue_light_special.rb +25 -0
- data/generators/blue_light_special/templates/blue_light_special.yml +45 -0
- data/generators/blue_light_special/templates/factories.rb +23 -0
- data/generators/blue_light_special/templates/migrations/create_users.rb +24 -0
- data/generators/blue_light_special/templates/migrations/update_users.rb +44 -0
- data/generators/blue_light_special/templates/style.css +31 -0
- data/generators/blue_light_special/templates/user.rb +3 -0
- data/generators/blue_light_special/templates/xd_receiver.html +10 -0
- data/generators/blue_light_special/templates/xd_receiver_ssl.html +10 -0
- data/generators/blue_light_special_admin/USAGE +1 -0
- data/generators/blue_light_special_admin/blue_light_special_admin_generator.rb +30 -0
- data/generators/blue_light_special_admin/lib/insert_commands.rb +33 -0
- data/generators/blue_light_special_admin/templates/README +16 -0
- data/generators/blue_light_special_admin/templates/app/controllers/admin/admin_controller.rb +14 -0
- data/generators/blue_light_special_admin/templates/app/controllers/admin/users_controller.rb +52 -0
- data/generators/blue_light_special_admin/templates/app/views/admin/users/_form.html.erb +25 -0
- data/generators/blue_light_special_admin/templates/app/views/admin/users/edit.html.erb +6 -0
- data/generators/blue_light_special_admin/templates/app/views/admin/users/index.html.erb +7 -0
- data/generators/blue_light_special_admin/templates/app/views/admin/users/new.html.erb +6 -0
- data/generators/blue_light_special_admin/templates/app/views/admin/users/show.html.erb +10 -0
- data/generators/blue_light_special_admin/templates/test/integration/admin/users_test.rb +201 -0
- data/generators/blue_light_special_tests/USAGE +1 -0
- data/generators/blue_light_special_tests/blue_light_special_tests_generator.rb +21 -0
- data/generators/blue_light_special_tests/templates/README +58 -0
- data/generators/blue_light_special_tests/templates/test/integration/edit_profile_test.rb +35 -0
- data/generators/blue_light_special_tests/templates/test/integration/facebook_test.rb +61 -0
- data/generators/blue_light_special_tests/templates/test/integration/impersonation_test.rb +39 -0
- data/generators/blue_light_special_tests/templates/test/integration/password_reset_test.rb +128 -0
- data/generators/blue_light_special_tests/templates/test/integration/sign_in_test.rb +66 -0
- data/generators/blue_light_special_tests/templates/test/integration/sign_out_test.rb +28 -0
- data/generators/blue_light_special_tests/templates/test/integration/sign_up_test.rb +47 -0
- data/lib/blue_light_special/authentication.rb +138 -0
- data/lib/blue_light_special/configuration.rb +34 -0
- data/lib/blue_light_special/extensions/errors.rb +6 -0
- data/lib/blue_light_special/extensions/rescue.rb +5 -0
- data/lib/blue_light_special/routes.rb +62 -0
- data/lib/blue_light_special/user.rb +279 -0
- data/lib/blue_light_special.rb +7 -0
- data/rails/init.rb +4 -0
- data/shoulda_macros/blue_light_special.rb +244 -0
- data/test/controllers/passwords_controller_test.rb +184 -0
- data/test/controllers/sessions_controller_test.rb +129 -0
- data/test/controllers/users_controller_test.rb +57 -0
- data/test/models/blue_light_special_mailer_test.rb +52 -0
- data/test/models/impersonation_test.rb +25 -0
- data/test/models/user_test.rb +213 -0
- data/test/rails_root/app/controllers/accounts_controller.rb +10 -0
- data/test/rails_root/app/controllers/application_controller.rb +6 -0
- data/test/rails_root/app/helpers/application_helper.rb +5 -0
- data/test/rails_root/app/helpers/confirmations_helper.rb +2 -0
- data/test/rails_root/app/helpers/passwords_helper.rb +2 -0
- data/test/rails_root/config/boot.rb +110 -0
- data/test/rails_root/config/environment.rb +22 -0
- data/test/rails_root/config/environments/development.rb +19 -0
- data/test/rails_root/config/environments/production.rb +1 -0
- data/test/rails_root/config/environments/test.rb +37 -0
- data/test/rails_root/config/initializers/inflections.rb +10 -0
- data/test/rails_root/config/initializers/mime_types.rb +5 -0
- data/test/rails_root/config/initializers/requires.rb +13 -0
- data/test/rails_root/config/initializers/time_formats.rb +4 -0
- data/test/rails_root/config/routes.rb +9 -0
- data/test/rails_root/public/dispatch.rb +10 -0
- data/test/rails_root/script/create_project.rb +52 -0
- data/test/rails_root/test/functional/accounts_controller_test.rb +23 -0
- data/test/test_helper.rb +21 -0
- metadata +212 -0
@@ -0,0 +1,184 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
class PasswordsControllerTest < ActionController::TestCase
|
4
|
+
|
5
|
+
tests BlueLightSpecial::PasswordsController
|
6
|
+
|
7
|
+
should_route :get, '/users/1/password/edit',
|
8
|
+
:controller => 'blue_light_special/passwords', :action => 'edit', :user_id => '1'
|
9
|
+
|
10
|
+
context "a signed up user" do
|
11
|
+
setup do
|
12
|
+
@user = Factory(:user)
|
13
|
+
end
|
14
|
+
|
15
|
+
context "on GET to #new" do
|
16
|
+
setup { get :new, :user_id => @user.to_param }
|
17
|
+
|
18
|
+
should_respond_with :success
|
19
|
+
should_render_template "new"
|
20
|
+
end
|
21
|
+
|
22
|
+
context "on POST to #create" do
|
23
|
+
context "with correct email address" do
|
24
|
+
setup do
|
25
|
+
ActionMailer::Base.deliveries.clear
|
26
|
+
post :create, :password => { :email => @user.email }
|
27
|
+
end
|
28
|
+
|
29
|
+
should "generate a token for the change your password email" do
|
30
|
+
assert_not_nil @user.reload.password_reset_token
|
31
|
+
end
|
32
|
+
|
33
|
+
should "send the change your password email" do
|
34
|
+
Delayed::Job.work_off
|
35
|
+
assert_sent_email do |email|
|
36
|
+
email.subject =~ /change your password/i
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
should_set_the_flash_to /password/i
|
41
|
+
should_redirect_to_url_after_create
|
42
|
+
end
|
43
|
+
|
44
|
+
context "with incorrect email address" do
|
45
|
+
setup do
|
46
|
+
email = "user1@example.com"
|
47
|
+
assert ! ::User.exists?(['email = ?', email])
|
48
|
+
ActionMailer::Base.deliveries.clear
|
49
|
+
assert_equal @user.password_reset_token,
|
50
|
+
@user.reload.password_reset_token
|
51
|
+
|
52
|
+
post :create, :password => { :email => email }
|
53
|
+
end
|
54
|
+
|
55
|
+
should "not generate a token for the change your password email" do
|
56
|
+
assert_equal @user.password_reset_token,
|
57
|
+
@user.reload.password_reset_token
|
58
|
+
end
|
59
|
+
|
60
|
+
should "not send a password reminder email" do
|
61
|
+
assert ActionMailer::Base.deliveries.empty?
|
62
|
+
end
|
63
|
+
|
64
|
+
should "set the failure flash to Unknown email" do
|
65
|
+
assert_match /unknown email/i, flash.now[:failure]
|
66
|
+
end
|
67
|
+
|
68
|
+
should_render_template :new
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
context "a signed up user and forgotten password" do
|
74
|
+
setup do
|
75
|
+
@user = Factory(:user)
|
76
|
+
@user.forgot_password!
|
77
|
+
end
|
78
|
+
|
79
|
+
context "on GET to #edit with correct id and token" do
|
80
|
+
setup do
|
81
|
+
get :edit, :user_id => @user.to_param,
|
82
|
+
:token => @user.password_reset_token
|
83
|
+
end
|
84
|
+
|
85
|
+
should "find the user" do
|
86
|
+
assert_equal @user, assigns(:user)
|
87
|
+
end
|
88
|
+
|
89
|
+
should_respond_with :success
|
90
|
+
should_render_template "edit"
|
91
|
+
should_display_a_password_update_form
|
92
|
+
end
|
93
|
+
|
94
|
+
should_forbid "on GET to #edit with correct id but blank token" do
|
95
|
+
get :edit, :user_id => @user.to_param, :token => ""
|
96
|
+
end
|
97
|
+
|
98
|
+
should_forbid "on GET to #edit with correct id but no token" do
|
99
|
+
get :edit, :user_id => @user.to_param
|
100
|
+
end
|
101
|
+
|
102
|
+
context "on PUT to #update with matching password and password confirmation" do
|
103
|
+
setup do
|
104
|
+
new_password = "new_password"
|
105
|
+
@encrypted_new_password = @user.send(:encrypt, new_password)
|
106
|
+
assert_not_equal @encrypted_new_password, @user.encrypted_password
|
107
|
+
|
108
|
+
put(:update,
|
109
|
+
:user_id => @user,
|
110
|
+
:token => @user.password_reset_token,
|
111
|
+
:user => {
|
112
|
+
:password => new_password,
|
113
|
+
:password_confirmation => new_password
|
114
|
+
})
|
115
|
+
@user.reload
|
116
|
+
end
|
117
|
+
|
118
|
+
should "update password" do
|
119
|
+
assert_equal @encrypted_new_password,
|
120
|
+
@user.encrypted_password
|
121
|
+
end
|
122
|
+
|
123
|
+
should "clear confirmation token" do
|
124
|
+
assert_nil @user.password_reset_token
|
125
|
+
end
|
126
|
+
|
127
|
+
should "set remember token" do
|
128
|
+
assert_not_nil @user.remember_token
|
129
|
+
end
|
130
|
+
|
131
|
+
should_set_the_flash_to(/signed in/i)
|
132
|
+
should_redirect_to_url_after_update
|
133
|
+
end
|
134
|
+
|
135
|
+
context "on PUT to #update with password but blank password confirmation" do
|
136
|
+
setup do
|
137
|
+
new_password = "new_password"
|
138
|
+
@encrypted_new_password = @user.send(:encrypt, new_password)
|
139
|
+
|
140
|
+
put(:update,
|
141
|
+
:user_id => @user.to_param,
|
142
|
+
:token => @user.password_reset_token,
|
143
|
+
:user => {
|
144
|
+
:password => new_password,
|
145
|
+
:password_confirmation => ''
|
146
|
+
})
|
147
|
+
@user.reload
|
148
|
+
end
|
149
|
+
|
150
|
+
should "not update password" do
|
151
|
+
assert_not_equal @encrypted_new_password,
|
152
|
+
@user.encrypted_password
|
153
|
+
end
|
154
|
+
|
155
|
+
should "not clear token" do
|
156
|
+
assert_not_nil @user.password_reset_token
|
157
|
+
end
|
158
|
+
|
159
|
+
should_not_be_signed_in
|
160
|
+
should_not_set_the_flash
|
161
|
+
should_respond_with :success
|
162
|
+
should_render_template :edit
|
163
|
+
|
164
|
+
should_display_a_password_update_form
|
165
|
+
end
|
166
|
+
|
167
|
+
should_forbid "on PUT to #update with id but no token" do
|
168
|
+
put :update, :user_id => @user.to_param, :token => ""
|
169
|
+
end
|
170
|
+
end
|
171
|
+
|
172
|
+
context "given two users and user one signs in" do
|
173
|
+
setup do
|
174
|
+
@user_one = Factory(:user)
|
175
|
+
@user_two = Factory(:user)
|
176
|
+
sign_in_as @user_one
|
177
|
+
end
|
178
|
+
|
179
|
+
should_forbid "when user one tries to change user two's password on GET with no token" do
|
180
|
+
get :edit, :user_id => @user_two.to_param
|
181
|
+
end
|
182
|
+
end
|
183
|
+
|
184
|
+
end
|
@@ -0,0 +1,129 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
class SessionsControllerTest < ActionController::TestCase
|
4
|
+
|
5
|
+
tests BlueLightSpecial::SessionsController
|
6
|
+
|
7
|
+
should_filter_params :password
|
8
|
+
|
9
|
+
context "on GET to /sessions/new" do
|
10
|
+
setup { get :new }
|
11
|
+
|
12
|
+
should_respond_with :success
|
13
|
+
should_render_template :new
|
14
|
+
should_not_set_the_flash
|
15
|
+
should_display_a_sign_in_form
|
16
|
+
end
|
17
|
+
|
18
|
+
context "on POST to #create with good credentials" do
|
19
|
+
setup do
|
20
|
+
@user = Factory(:user)
|
21
|
+
@user.update_attribute(:remember_token, "old-token")
|
22
|
+
post :create, :session => {
|
23
|
+
:email => @user.email,
|
24
|
+
:password => @user.password }
|
25
|
+
end
|
26
|
+
|
27
|
+
should_set_the_flash_to /signed in/i
|
28
|
+
should_redirect_to_url_after_create
|
29
|
+
|
30
|
+
should 'set the cookie' do
|
31
|
+
assert ! cookies['remember_token'].empty?
|
32
|
+
end
|
33
|
+
|
34
|
+
should "not change the remember token" do
|
35
|
+
assert_equal "old-token", @user.reload.remember_token
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
context "on POST to #create with good credentials and a session return url" do
|
40
|
+
setup do
|
41
|
+
@user = Factory(:user)
|
42
|
+
@return_url = '/url_in_the_session'
|
43
|
+
@request.session[:return_to] = @return_url
|
44
|
+
post :create, :session => {
|
45
|
+
:email => @user.email,
|
46
|
+
:password => @user.password }
|
47
|
+
end
|
48
|
+
|
49
|
+
should_redirect_to("the return URL") { @return_url }
|
50
|
+
end
|
51
|
+
|
52
|
+
context "on POST to #create with good credentials and a request return url" do
|
53
|
+
setup do
|
54
|
+
@user = Factory(:user)
|
55
|
+
@return_url = '/url_in_the_request'
|
56
|
+
post :create, :session => {
|
57
|
+
:email => @user.email,
|
58
|
+
:password => @user.password },
|
59
|
+
:return_to => @return_url
|
60
|
+
end
|
61
|
+
|
62
|
+
should_redirect_to("the return URL") { @return_url }
|
63
|
+
end
|
64
|
+
|
65
|
+
context "on POST to #create with good credentials and a session return url and request return url" do
|
66
|
+
setup do
|
67
|
+
@user = Factory(:user)
|
68
|
+
@return_url = '/url_in_the_session'
|
69
|
+
@request.session[:return_to] = @return_url
|
70
|
+
post :create, :session => {
|
71
|
+
:email => @user.email,
|
72
|
+
:password => @user.password },
|
73
|
+
:return_to => '/url_in_the_request'
|
74
|
+
end
|
75
|
+
|
76
|
+
should_redirect_to("the return URL") { @return_url }
|
77
|
+
end
|
78
|
+
|
79
|
+
context "on POST to #create with bad credentials" do
|
80
|
+
setup do
|
81
|
+
post :create, :session => {
|
82
|
+
:email => 'bad.email@example.com',
|
83
|
+
:password => "bad value" }
|
84
|
+
end
|
85
|
+
|
86
|
+
should_set_the_flash_to /bad/i
|
87
|
+
should_respond_with :unauthorized
|
88
|
+
should_render_template :new
|
89
|
+
should_not_be_signed_in
|
90
|
+
|
91
|
+
should 'not create the cookie' do
|
92
|
+
assert_nil cookies['remember_token']
|
93
|
+
end
|
94
|
+
end
|
95
|
+
|
96
|
+
context "on DELETE to #destroy given a signed out user" do
|
97
|
+
setup do
|
98
|
+
sign_out
|
99
|
+
delete :destroy
|
100
|
+
end
|
101
|
+
should_set_the_flash_to(/signed out/i)
|
102
|
+
should_redirect_to_url_after_destroy
|
103
|
+
end
|
104
|
+
|
105
|
+
context "on DELETE to #destroy with a cookie" do
|
106
|
+
setup do
|
107
|
+
@user = Factory(:user)
|
108
|
+
@user.update_attribute(:remember_token, "old-token")
|
109
|
+
@request.cookies["remember_token"] = "old-token"
|
110
|
+
delete :destroy
|
111
|
+
end
|
112
|
+
|
113
|
+
should_set_the_flash_to(/signed out/i)
|
114
|
+
should_redirect_to_url_after_destroy
|
115
|
+
|
116
|
+
should "delete the cookie token" do
|
117
|
+
assert_nil cookies['remember_token']
|
118
|
+
end
|
119
|
+
|
120
|
+
should "reset the remember token" do
|
121
|
+
assert_not_equal "old-token", @user.reload.remember_token
|
122
|
+
end
|
123
|
+
|
124
|
+
should "unset the current user" do
|
125
|
+
assert_nil @controller.current_user
|
126
|
+
end
|
127
|
+
end
|
128
|
+
|
129
|
+
end
|
@@ -0,0 +1,57 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
class UsersControllerTest < ActionController::TestCase
|
4
|
+
|
5
|
+
tests BlueLightSpecial::UsersController
|
6
|
+
|
7
|
+
should_filter_params :password
|
8
|
+
|
9
|
+
context "when signed out" do
|
10
|
+
setup { sign_out }
|
11
|
+
|
12
|
+
context "on GET to #new" do
|
13
|
+
setup { get :new }
|
14
|
+
|
15
|
+
should_respond_with :success
|
16
|
+
should_render_template :new
|
17
|
+
should_not_set_the_flash
|
18
|
+
|
19
|
+
should_display_a_sign_up_form
|
20
|
+
end
|
21
|
+
|
22
|
+
context "on GET to #new with email" do
|
23
|
+
setup do
|
24
|
+
@email = "a@example.com"
|
25
|
+
get :new, :user => { :email => @email }
|
26
|
+
end
|
27
|
+
|
28
|
+
should "set assigned user's email" do
|
29
|
+
assert_equal @email, assigns(:user).email
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
context "on POST to #create with valid attributes" do
|
34
|
+
setup do
|
35
|
+
user_attributes = Factory.attributes_for(:user)
|
36
|
+
post :create, :user => user_attributes
|
37
|
+
end
|
38
|
+
|
39
|
+
should_assign_to :user
|
40
|
+
should_change 'User.count', :by => 1
|
41
|
+
should_redirect_to_url_after_create
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
signed_in_user_context do
|
46
|
+
context "GET to new" do
|
47
|
+
setup { get :new }
|
48
|
+
should_redirect_to("the home page") { root_url }
|
49
|
+
end
|
50
|
+
|
51
|
+
context "POST to create" do
|
52
|
+
setup { post :create, :user => {} }
|
53
|
+
should_redirect_to("the home page") { root_url }
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
end
|
@@ -0,0 +1,52 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
class BlueLightSpecialMailerTest < ActiveSupport::TestCase
|
4
|
+
|
5
|
+
context "A change password email" do
|
6
|
+
setup do
|
7
|
+
@user = Factory(:user)
|
8
|
+
@user.forgot_password!
|
9
|
+
BlueLightSpecialMailer.deliver_mimi_change_password @user
|
10
|
+
@email = ActionMailer::Base.deliveries.last
|
11
|
+
end
|
12
|
+
|
13
|
+
should "be from DO_NOT_REPLY" do
|
14
|
+
assert_equal BlueLightSpecial.configuration.mailer_sender, @email.from
|
15
|
+
end
|
16
|
+
|
17
|
+
should "be sent to user" do
|
18
|
+
assert_match /#{@user.email}/i, @email.recipients
|
19
|
+
end
|
20
|
+
|
21
|
+
should "contain a link to edit the user's password" do
|
22
|
+
host = ActionMailer::Base.default_url_options[:host]
|
23
|
+
regexp = %r{http://#{host}/users/#{@user.id}/password/edit\?token=#{@user.password_reset_token}}
|
24
|
+
assert_match regexp, @email.body[:url]
|
25
|
+
end
|
26
|
+
|
27
|
+
should "set its subject" do
|
28
|
+
assert_match /Change your password/, @email.subject
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
context "A welcome email" do
|
33
|
+
setup do
|
34
|
+
@user = Factory(:user)
|
35
|
+
Delayed::Job.work_off
|
36
|
+
@email = ActionMailer::Base.deliveries.last
|
37
|
+
end
|
38
|
+
|
39
|
+
should "be from DO_NOT_REPLY" do
|
40
|
+
assert_equal BlueLightSpecial.configuration.mailer_sender, @email.from
|
41
|
+
end
|
42
|
+
|
43
|
+
should "be sent to user" do
|
44
|
+
assert_match /#{@user.email}/i, @email.recipients
|
45
|
+
end
|
46
|
+
|
47
|
+
should "set its subject" do
|
48
|
+
assert_match /welcome/i, @email.subject
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
class ImpersonationTest < ActiveSupport::TestCase
|
4
|
+
|
5
|
+
context 'An Impersonation' do
|
6
|
+
|
7
|
+
should 'generate a hash based on the id' do
|
8
|
+
hash1 = Impersonation.hash_for(1)
|
9
|
+
hash2 = Impersonation.hash_for(2)
|
10
|
+
assert_not_equal(hash1, hash2)
|
11
|
+
end
|
12
|
+
|
13
|
+
should 'not generate a nil hash' do
|
14
|
+
assert_not_nil(Impersonation.hash_for(23))
|
15
|
+
end
|
16
|
+
|
17
|
+
should 'not raise an exception for nil' do
|
18
|
+
assert_raise(ArgumentError) do
|
19
|
+
Impersonation.hash_for(nil)
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
end
|
24
|
+
|
25
|
+
end
|
@@ -0,0 +1,213 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
class UserTest < ActiveSupport::TestCase
|
4
|
+
|
5
|
+
# signing up
|
6
|
+
|
7
|
+
context "When signing up" do
|
8
|
+
should_validate_presence_of :email, :password
|
9
|
+
should_allow_values_for :email, "foo@example.com"
|
10
|
+
should_not_allow_values_for :email, "foo"
|
11
|
+
should_not_allow_values_for :email, "example.com"
|
12
|
+
|
13
|
+
should "require password confirmation on create" do
|
14
|
+
user = Factory.build(:user, :password => 'blah',
|
15
|
+
:password_confirmation => 'boogidy')
|
16
|
+
assert ! user.save
|
17
|
+
assert user.errors.on(:password)
|
18
|
+
end
|
19
|
+
|
20
|
+
should "require non blank password confirmation on create" do
|
21
|
+
user = Factory.build(:user, :password => 'blah',
|
22
|
+
:password_confirmation => '')
|
23
|
+
assert ! user.save
|
24
|
+
assert user.errors.on(:password)
|
25
|
+
end
|
26
|
+
|
27
|
+
should "initialize salt" do
|
28
|
+
assert_not_nil Factory(:user).salt
|
29
|
+
end
|
30
|
+
|
31
|
+
should "initialize confirmation token" do
|
32
|
+
assert_not_nil Factory(:user)
|
33
|
+
end
|
34
|
+
|
35
|
+
context "encrypt password" do
|
36
|
+
setup do
|
37
|
+
@salt = "salt"
|
38
|
+
@user = Factory.build(:user, :salt => @salt)
|
39
|
+
def @user.initialize_salt; end
|
40
|
+
@user.save!
|
41
|
+
@password = @user.password
|
42
|
+
|
43
|
+
@user.send(:encrypt, @password)
|
44
|
+
@expected = Digest::SHA1.hexdigest("--#{@salt}--#{@password}--")
|
45
|
+
end
|
46
|
+
|
47
|
+
should "create an encrypted password using SHA1 encryption" do
|
48
|
+
assert_equal @expected, @user.encrypted_password
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
should "store email in exact case" do
|
53
|
+
user = Factory(:user, :email => "John.Doe@example.com")
|
54
|
+
assert_equal "John.Doe@example.com", user.email
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
58
|
+
context "When multiple users have signed up" do
|
59
|
+
setup { Factory(:user) }
|
60
|
+
should_validate_uniqueness_of :email
|
61
|
+
end
|
62
|
+
|
63
|
+
# authenticating
|
64
|
+
|
65
|
+
context "A user" do
|
66
|
+
setup do
|
67
|
+
@user = Factory(:user)
|
68
|
+
@password = @user.password
|
69
|
+
end
|
70
|
+
|
71
|
+
should "authenticate with good credentials" do
|
72
|
+
assert ::User.authenticate(@user.email, @password)
|
73
|
+
assert @user.authenticated?(@password)
|
74
|
+
end
|
75
|
+
|
76
|
+
should "not authenticate with bad credentials" do
|
77
|
+
assert ! ::User.authenticate(@user.email, 'bad_password')
|
78
|
+
assert ! @user.authenticated?('bad_password')
|
79
|
+
end
|
80
|
+
end
|
81
|
+
|
82
|
+
# resetting remember token
|
83
|
+
|
84
|
+
context "When resetting authentication with reset_remember_token!" do
|
85
|
+
setup do
|
86
|
+
@user = Factory(:user)
|
87
|
+
@user.remember_token = "old-token"
|
88
|
+
@user.reset_remember_token!
|
89
|
+
end
|
90
|
+
|
91
|
+
should "change the remember token" do
|
92
|
+
assert_not_equal "old-token", @user.remember_token
|
93
|
+
end
|
94
|
+
end
|
95
|
+
|
96
|
+
# updating password
|
97
|
+
|
98
|
+
context "An email confirmed user" do
|
99
|
+
setup do
|
100
|
+
@user = Factory(:user)
|
101
|
+
@old_encrypted_password = @user.encrypted_password
|
102
|
+
end
|
103
|
+
|
104
|
+
context "who updates password with confirmation" do
|
105
|
+
setup do
|
106
|
+
@user.update_password("new_password", "new_password")
|
107
|
+
end
|
108
|
+
|
109
|
+
should "change encrypted password" do
|
110
|
+
assert_not_equal @user.encrypted_password,
|
111
|
+
@old_encrypted_password
|
112
|
+
end
|
113
|
+
end
|
114
|
+
end
|
115
|
+
|
116
|
+
should "not generate the same remember token for users with the same password at the same time" do
|
117
|
+
Time.stubs(:now => Time.now)
|
118
|
+
password = 'secret'
|
119
|
+
first_user = Factory(:user,
|
120
|
+
:password => password,
|
121
|
+
:password_confirmation => password)
|
122
|
+
second_user = Factory(:user,
|
123
|
+
:password => password,
|
124
|
+
:password_confirmation => password)
|
125
|
+
|
126
|
+
assert_not_equal first_user.remember_token, second_user.remember_token
|
127
|
+
end
|
128
|
+
|
129
|
+
# recovering forgotten password
|
130
|
+
|
131
|
+
context "An email confirmed user" do
|
132
|
+
setup do
|
133
|
+
@user = Factory(:user)
|
134
|
+
@old_encrypted_password = @user.encrypted_password
|
135
|
+
end
|
136
|
+
|
137
|
+
context "who requests password reminder" do
|
138
|
+
setup do
|
139
|
+
assert_nil @user.password_reset_token
|
140
|
+
@user.forgot_password!
|
141
|
+
end
|
142
|
+
|
143
|
+
should "generate password reset token" do
|
144
|
+
assert_not_nil @user.password_reset_token
|
145
|
+
end
|
146
|
+
|
147
|
+
context "and then updates password" do
|
148
|
+
context 'with confirmation' do
|
149
|
+
setup do
|
150
|
+
@user.update_password("new_password", "new_password")
|
151
|
+
end
|
152
|
+
|
153
|
+
should "change encrypted password" do
|
154
|
+
assert_not_equal @user.encrypted_password,
|
155
|
+
@old_encrypted_password
|
156
|
+
end
|
157
|
+
|
158
|
+
should "clear password reset token" do
|
159
|
+
assert_nil @user.password_reset_token
|
160
|
+
end
|
161
|
+
end
|
162
|
+
|
163
|
+
context 'without confirmation' do
|
164
|
+
setup do
|
165
|
+
@user.update_password("new_password", "")
|
166
|
+
end
|
167
|
+
|
168
|
+
should "not change encrypted password" do
|
169
|
+
assert_equal @user.encrypted_password,
|
170
|
+
@old_encrypted_password
|
171
|
+
end
|
172
|
+
|
173
|
+
should "not clear password reset token" do
|
174
|
+
assert_not_nil @user.password_reset_token
|
175
|
+
end
|
176
|
+
end
|
177
|
+
end
|
178
|
+
end
|
179
|
+
|
180
|
+
end
|
181
|
+
|
182
|
+
# optional email/password fields
|
183
|
+
context "a user with an optional email" do
|
184
|
+
setup do
|
185
|
+
@user = User.new
|
186
|
+
class << @user
|
187
|
+
def email_optional?
|
188
|
+
true
|
189
|
+
end
|
190
|
+
end
|
191
|
+
end
|
192
|
+
|
193
|
+
subject { @user }
|
194
|
+
|
195
|
+
should_allow_values_for :email, nil, ""
|
196
|
+
end
|
197
|
+
|
198
|
+
context "a user with an optional password" do
|
199
|
+
setup do
|
200
|
+
@user = User.new
|
201
|
+
class << @user
|
202
|
+
def password_optional?
|
203
|
+
true
|
204
|
+
end
|
205
|
+
end
|
206
|
+
end
|
207
|
+
|
208
|
+
subject { @user }
|
209
|
+
|
210
|
+
should_allow_values_for :password, nil, ""
|
211
|
+
end
|
212
|
+
|
213
|
+
end
|