cops 0.2.0.6

data/test/controllers/passwords_controller_test.rb

@@ -0,0 +1,184 @@
+require 'test_helper'
+
+class PasswordsControllerTest < ActionController::TestCase
+
+  tests BlueLightSpecial::PasswordsController
+
+  should_route :get, '/users/1/password/edit',
+    :controller => 'blue_light_special/passwords', :action  => 'edit', :user_id => '1'
+
+  context "a signed up user" do
+    setup do
+      @user = Factory(:user)
+    end
+
+    context "on GET to #new" do
+      setup { get :new, :user_id => @user.to_param }
+
+      should_respond_with :success
+      should_render_template "new"
+    end
+
+    context "on POST to #create" do
+      context "with correct email address" do
+        setup do
+          ActionMailer::Base.deliveries.clear
+          post :create, :password => { :email => @user.email }
+        end
+
+        should "generate a token for the change your password email" do
+          assert_not_nil @user.reload.password_reset_token
+        end
+
+        should "send the change your password email" do
+          Delayed::Job.work_off
+          assert_sent_email do |email|
+            email.subject =~ /change your password/i
+          end
+        end
+
+        should_set_the_flash_to /password/i
+        should_redirect_to_url_after_create
+      end
+
+      context "with incorrect email address" do
+        setup do
+          email = "user1@example.com"
+          assert ! ::User.exists?(['email = ?', email])
+          ActionMailer::Base.deliveries.clear
+          assert_equal @user.password_reset_token,
+                       @user.reload.password_reset_token
+
+          post :create, :password => { :email => email }
+        end
+
+        should "not generate a token for the change your password email" do
+          assert_equal @user.password_reset_token,
+                       @user.reload.password_reset_token
+        end
+
+        should "not send a password reminder email" do
+          assert ActionMailer::Base.deliveries.empty?
+        end
+
+        should "set the failure flash to Unknown email" do
+          assert_match /unknown email/i, flash.now[:failure]
+        end
+
+        should_render_template :new
+      end
+    end
+  end
+
+  context "a signed up user and forgotten password" do
+    setup do
+      @user = Factory(:user)
+      @user.forgot_password!
+    end
+
+    context "on GET to #edit with correct id and token" do
+      setup do
+        get :edit, :user_id => @user.to_param,
+                   :token   => @user.password_reset_token
+      end
+
+      should "find the user" do
+        assert_equal @user, assigns(:user)
+      end
+
+      should_respond_with :success
+      should_render_template "edit"
+      should_display_a_password_update_form
+    end
+
+    should_forbid "on GET to #edit with correct id but blank token" do
+      get :edit, :user_id => @user.to_param, :token => ""
+    end
+
+    should_forbid "on GET to #edit with correct id but no token" do
+      get :edit, :user_id => @user.to_param
+    end
+
+    context "on PUT to #update with matching password and password confirmation" do
+      setup do
+        new_password = "new_password"
+        @encrypted_new_password = @user.send(:encrypt, new_password)
+        assert_not_equal @encrypted_new_password, @user.encrypted_password
+
+        put(:update,
+            :user_id  => @user,
+            :token    => @user.password_reset_token,
+            :user     => {
+              :password              => new_password,
+              :password_confirmation => new_password
+            })
+        @user.reload
+      end
+
+      should "update password" do
+        assert_equal @encrypted_new_password,
+                     @user.encrypted_password
+      end
+
+      should "clear confirmation token" do
+        assert_nil @user.password_reset_token
+      end
+
+      should "set remember token" do
+        assert_not_nil @user.remember_token
+      end
+
+      should_set_the_flash_to(/signed in/i)
+      should_redirect_to_url_after_update
+    end
+
+    context "on PUT to #update with password but blank password confirmation" do
+      setup do
+        new_password = "new_password"
+        @encrypted_new_password = @user.send(:encrypt, new_password)
+
+        put(:update,
+            :user_id => @user.to_param,
+            :token   => @user.password_reset_token,
+            :user    => {
+              :password => new_password,
+              :password_confirmation => ''
+            })
+        @user.reload
+      end
+
+      should "not update password" do
+        assert_not_equal @encrypted_new_password,
+                         @user.encrypted_password
+      end
+
+      should "not clear token" do
+        assert_not_nil @user.password_reset_token
+      end
+
+      should_not_be_signed_in
+      should_not_set_the_flash
+      should_respond_with    :success
+      should_render_template :edit
+
+      should_display_a_password_update_form
+    end
+
+    should_forbid "on PUT to #update with id but no token" do
+      put :update, :user_id => @user.to_param, :token => ""
+    end
+  end
+
+  context "given two users and user one signs in" do
+    setup do
+      @user_one = Factory(:user)
+      @user_two = Factory(:user)
+      sign_in_as @user_one
+    end
+
+    should_forbid "when user one tries to change user two's password on GET with no token" do
+      get :edit, :user_id => @user_two.to_param
+    end
+  end
+
+end

data/test/controllers/sessions_controller_test.rb

@@ -0,0 +1,129 @@
+require 'test_helper'
+
+class SessionsControllerTest < ActionController::TestCase
+
+  tests BlueLightSpecial::SessionsController
+
+  should_filter_params :password
+
+  context "on GET to /sessions/new" do
+    setup { get :new }
+
+    should_respond_with    :success
+    should_render_template :new
+    should_not_set_the_flash
+    should_display_a_sign_in_form
+  end
+
+  context "on POST to #create with good credentials" do
+    setup do
+      @user = Factory(:user)
+      @user.update_attribute(:remember_token, "old-token")
+      post :create, :session => {
+                      :email    => @user.email,
+                      :password => @user.password }
+    end
+
+    should_set_the_flash_to /signed in/i
+    should_redirect_to_url_after_create
+
+    should 'set the cookie' do
+      assert ! cookies['remember_token'].empty?
+    end
+
+    should "not change the remember token" do
+      assert_equal "old-token", @user.reload.remember_token
+    end
+  end
+
+  context "on POST to #create with good credentials and a session return url" do
+    setup do
+      @user = Factory(:user)
+      @return_url = '/url_in_the_session'
+      @request.session[:return_to] = @return_url
+      post :create, :session => {
+                      :email    => @user.email,
+                      :password => @user.password }
+    end
+
+    should_redirect_to("the return URL") { @return_url }
+  end
+
+  context "on POST to #create with good credentials and a request return url" do
+    setup do
+      @user = Factory(:user)
+      @return_url = '/url_in_the_request'
+      post :create, :session => {
+                      :email     => @user.email,
+                      :password  => @user.password },
+                      :return_to => @return_url
+    end
+
+    should_redirect_to("the return URL") { @return_url }
+  end
+
+  context "on POST to #create with good credentials and a session return url and request return url" do
+    setup do
+      @user = Factory(:user)
+      @return_url = '/url_in_the_session'
+      @request.session[:return_to] = @return_url
+      post :create, :session => {
+                      :email     => @user.email,
+                      :password  => @user.password },
+                      :return_to => '/url_in_the_request'
+    end
+
+    should_redirect_to("the return URL") { @return_url }
+  end
+
+  context "on POST to #create with bad credentials" do
+    setup do
+      post :create, :session => {
+                      :email       => 'bad.email@example.com',
+                      :password    => "bad value" }
+    end
+
+    should_set_the_flash_to /bad/i
+    should_respond_with    :unauthorized
+    should_render_template :new
+    should_not_be_signed_in
+
+    should 'not create the cookie' do
+      assert_nil cookies['remember_token']
+    end
+  end
+
+  context "on DELETE to #destroy given a signed out user" do
+    setup do
+      sign_out
+      delete :destroy
+    end
+    should_set_the_flash_to(/signed out/i)
+    should_redirect_to_url_after_destroy
+  end
+
+  context "on DELETE to #destroy with a cookie" do
+    setup do
+      @user = Factory(:user)
+      @user.update_attribute(:remember_token, "old-token")
+      @request.cookies["remember_token"] = "old-token"
+      delete :destroy
+    end
+
+    should_set_the_flash_to(/signed out/i)
+    should_redirect_to_url_after_destroy
+
+    should "delete the cookie token" do
+      assert_nil cookies['remember_token']
+    end
+
+    should "reset the remember token" do
+      assert_not_equal "old-token", @user.reload.remember_token
+    end
+
+    should "unset the current user" do
+      assert_nil @controller.current_user
+    end
+  end
+
+end

data/test/controllers/users_controller_test.rb

@@ -0,0 +1,57 @@
+require 'test_helper'
+
+class UsersControllerTest < ActionController::TestCase
+
+  tests BlueLightSpecial::UsersController
+
+  should_filter_params :password
+
+  context "when signed out" do
+    setup { sign_out }
+
+    context "on GET to #new" do
+      setup { get :new }
+
+      should_respond_with :success
+      should_render_template :new
+      should_not_set_the_flash
+
+      should_display_a_sign_up_form
+    end
+
+    context "on GET to #new with email" do
+      setup do
+        @email = "a@example.com"
+        get :new, :user => { :email => @email }
+      end
+
+      should "set assigned user's email" do
+        assert_equal @email, assigns(:user).email
+      end
+    end
+
+    context "on POST to #create with valid attributes" do
+      setup do
+        user_attributes = Factory.attributes_for(:user)
+        post :create, :user => user_attributes
+      end
+
+      should_assign_to :user
+      should_change 'User.count', :by => 1
+      should_redirect_to_url_after_create
+    end
+  end
+
+  signed_in_user_context do
+    context "GET to new" do
+      setup { get :new }
+      should_redirect_to("the home page") { root_url }
+    end
+
+    context "POST to create" do
+      setup { post :create, :user => {} }
+      should_redirect_to("the home page") { root_url }
+    end
+  end
+
+end

data/test/models/blue_light_special_mailer_test.rb

@@ -0,0 +1,52 @@
+require 'test_helper'
+
+class BlueLightSpecialMailerTest < ActiveSupport::TestCase
+
+  context "A change password email" do
+    setup do
+      @user  = Factory(:user)
+      @user.forgot_password!
+      BlueLightSpecialMailer.deliver_mimi_change_password @user
+      @email = ActionMailer::Base.deliveries.last
+    end
+
+    should "be from DO_NOT_REPLY" do
+      assert_equal BlueLightSpecial.configuration.mailer_sender, @email.from
+    end
+
+    should "be sent to user" do
+      assert_match /#{@user.email}/i, @email.recipients
+    end
+
+    should "contain a link to edit the user's password" do
+      host = ActionMailer::Base.default_url_options[:host]
+      regexp = %r{http://#{host}/users/#{@user.id}/password/edit\?token=#{@user.password_reset_token}}
+      assert_match regexp, @email.body[:url]
+    end
+    
+    should "set its subject" do
+      assert_match /Change your password/, @email.subject
+    end
+  end
+  
+  context "A welcome email" do
+    setup do
+      @user  = Factory(:user)
+      Delayed::Job.work_off
+      @email = ActionMailer::Base.deliveries.last
+    end
+
+    should "be from DO_NOT_REPLY" do
+      assert_equal BlueLightSpecial.configuration.mailer_sender, @email.from
+    end
+
+    should "be sent to user" do
+      assert_match /#{@user.email}/i, @email.recipients
+    end
+
+    should "set its subject" do
+      assert_match /welcome/i, @email.subject
+    end
+  end
+
+end

data/test/models/impersonation_test.rb

@@ -0,0 +1,25 @@
+require 'test_helper'
+
+class ImpersonationTest < ActiveSupport::TestCase
+  
+  context 'An Impersonation' do
+    
+    should 'generate a hash based on the id' do
+      hash1 = Impersonation.hash_for(1)
+      hash2 = Impersonation.hash_for(2)
+      assert_not_equal(hash1, hash2)
+    end
+    
+    should 'not generate a nil hash' do
+      assert_not_nil(Impersonation.hash_for(23))
+    end
+    
+    should 'not raise an exception for nil' do
+      assert_raise(ArgumentError) do
+        Impersonation.hash_for(nil)
+      end
+    end
+    
+  end
+  
+end

data/test/models/user_test.rb

@@ -0,0 +1,213 @@
+require 'test_helper'
+
+class UserTest < ActiveSupport::TestCase
+
+  # signing up
+
+  context "When signing up" do
+    should_validate_presence_of :email, :password
+    should_allow_values_for     :email, "foo@example.com"
+    should_not_allow_values_for :email, "foo"
+    should_not_allow_values_for :email, "example.com"
+
+    should "require password confirmation on create" do
+      user = Factory.build(:user, :password              => 'blah',
+                                  :password_confirmation => 'boogidy')
+      assert ! user.save
+      assert user.errors.on(:password)
+    end
+
+    should "require non blank password confirmation on create" do
+      user = Factory.build(:user, :password              => 'blah',
+                                  :password_confirmation => '')
+      assert ! user.save
+      assert user.errors.on(:password)
+    end
+
+    should "initialize salt" do
+      assert_not_nil Factory(:user).salt
+    end
+
+    should "initialize confirmation token" do
+      assert_not_nil Factory(:user)
+    end
+
+    context "encrypt password" do
+      setup do
+        @salt = "salt"
+        @user = Factory.build(:user, :salt => @salt)
+        def @user.initialize_salt; end
+        @user.save!
+        @password = @user.password
+
+        @user.send(:encrypt, @password)
+        @expected = Digest::SHA1.hexdigest("--#{@salt}--#{@password}--")
+      end
+
+      should "create an encrypted password using SHA1 encryption" do
+        assert_equal @expected, @user.encrypted_password
+      end
+    end
+
+    should "store email in exact case" do
+      user = Factory(:user, :email => "John.Doe@example.com")
+      assert_equal "John.Doe@example.com", user.email
+    end
+  end
+
+  context "When multiple users have signed up" do
+    setup { Factory(:user) }
+    should_validate_uniqueness_of :email
+  end
+
+  # authenticating
+
+  context "A user" do
+    setup do
+      @user     = Factory(:user)
+      @password = @user.password
+    end
+
+    should "authenticate with good credentials" do
+      assert ::User.authenticate(@user.email, @password)
+      assert @user.authenticated?(@password)
+    end
+
+    should "not authenticate with bad credentials" do
+      assert ! ::User.authenticate(@user.email, 'bad_password')
+      assert ! @user.authenticated?('bad_password')
+    end
+  end
+
+  # resetting remember token
+
+  context "When resetting authentication with reset_remember_token!" do
+    setup do
+      @user  = Factory(:user)
+      @user.remember_token = "old-token"
+      @user.reset_remember_token!
+    end
+
+    should "change the remember token" do
+      assert_not_equal "old-token", @user.remember_token
+    end
+  end
+
+  # updating password
+
+  context "An email confirmed user" do
+    setup do
+      @user = Factory(:user)
+      @old_encrypted_password = @user.encrypted_password
+    end
+
+    context "who updates password with confirmation" do
+      setup do
+        @user.update_password("new_password", "new_password")
+      end
+
+      should "change encrypted password" do
+        assert_not_equal @user.encrypted_password,
+                         @old_encrypted_password
+      end
+    end
+  end
+
+  should "not generate the same remember token for users with the same password at the same time" do
+    Time.stubs(:now => Time.now)
+    password    = 'secret'
+    first_user  = Factory(:user,
+                          :password              => password,
+                          :password_confirmation => password)
+    second_user = Factory(:user,
+                          :password              => password,
+                          :password_confirmation => password)
+
+    assert_not_equal first_user.remember_token, second_user.remember_token
+  end
+
+  # recovering forgotten password
+
+  context "An email confirmed user" do
+    setup do
+      @user = Factory(:user)
+      @old_encrypted_password = @user.encrypted_password
+    end
+
+    context "who requests password reminder" do
+      setup do
+        assert_nil @user.password_reset_token
+        @user.forgot_password!
+      end
+
+      should "generate password reset token" do
+        assert_not_nil @user.password_reset_token
+      end
+
+      context "and then updates password" do
+        context 'with confirmation' do
+          setup do
+            @user.update_password("new_password", "new_password")
+          end
+
+          should "change encrypted password" do
+            assert_not_equal @user.encrypted_password,
+                             @old_encrypted_password
+          end
+
+          should "clear password reset token" do
+            assert_nil @user.password_reset_token
+          end
+        end
+
+        context 'without confirmation' do
+          setup do
+            @user.update_password("new_password", "")
+          end
+
+          should "not change encrypted password" do
+            assert_equal @user.encrypted_password,
+                         @old_encrypted_password
+          end
+
+          should "not clear password reset token" do
+            assert_not_nil @user.password_reset_token
+          end
+        end
+      end
+    end
+
+  end
+
+  # optional email/password fields
+  context "a user with an optional email" do
+    setup do
+      @user = User.new
+      class << @user
+        def email_optional?
+          true
+        end
+      end
+    end
+
+    subject { @user }
+
+    should_allow_values_for :email, nil, ""
+  end
+
+  context "a user with an optional password" do
+    setup do
+      @user = User.new
+      class << @user
+        def password_optional?
+          true
+        end
+      end
+    end
+
+    subject { @user }
+
+    should_allow_values_for :password, nil, ""
+  end
+
+end

data/test/rails_root/app/controllers/accounts_controller.rb

@@ -0,0 +1,10 @@
+class AccountsController < ApplicationController
+   before_filter :authenticate
+
+   def edit
+   end
+
+   def create
+     redirect_to edit_account_path
+   end
+end

data/test/rails_root/app/controllers/application_controller.rb

@@ -0,0 +1,6 @@
+class ApplicationController < ActionController::Base
+  helper :all
+  protect_from_forgery
+  include BlueLightSpecial::Authentication
+  before_filter :authenticate
+end

data/test/rails_root/app/helpers/application_helper.rb

@@ -0,0 +1,5 @@
+module ApplicationHelper
+  def body_class
+    "#{controller.controller_name} #{controller.controller_name}-#{controller.action_name}"
+  end
+end

data/test/rails_root/app/helpers/confirmations_helper.rb

@@ -0,0 +1,2 @@
+module ConfirmationsHelper
+end

data/test/rails_root/app/helpers/passwords_helper.rb

@@ -0,0 +1,2 @@
+module PasswordsHelper
+end