dangerzone 0.0.0 → 0.5.0

data/lib/dangerzone/templates/migration.rb

@@ -3,15 +3,13 @@ class CreateUsersTableViaDangerzone < ActiveRecord::Migration
   def up
     create_table :users do |t|
       t.string   :email
-      t.string   :password
-      t.string   :password_confirmation
       t.string   :password_digest
       t.string   :sign_in_ip
       t.string   :remember_token
       t.string   :reset_password_token
       t.datetime :reset_password_sent_at
-      t.boolean  :confirmed,              :default => false
-      t.integer  :sign_in_count,          :default => 1
+      t.boolean  :confirmed,              default: false
+      t.integer  :sign_in_count,          default: 1
 
       t.timestamps
     end

data/lib/dangerzone/templates/models/user.rb

@@ -1,25 +1,51 @@
 class User < ActiveRecord::Base
-
   has_secure_password
 
-  attr_accessible :email, :password, :password_confirmation
+  attr_accessible(
+    :email,
+    :password,
+    :password_confirmation,
+    :reset_password_token,
+    :reset_password_sent_at,
+    :sign_in_ip,
+    :sign_in_count,
+    :confirmed,
+    :remember_token )
 
   validates_presence_of :email
   validates_uniqueness_of :email
-  validates_format_of :email, :with => /.+@.+\..+/i
+  validates :password, :password_confirmation, presence: true, if: :new_record?
+  validates_format_of :email, with: /.+@.+\..+/i
+
+  before_save { self.email = self.email.try(:downcase) }
 
   def update_reset_password_credentials
-    self.reset_password_sent_at = Time.now
-    self.reset_password_token = SecureRandom.urlsafe_base64
-    self.save
+    self.update_attributes(
+      reset_password_sent_at: Time.now,
+      reset_password_token:  SecureRandom.urlsafe_base64 )
+  end
+
+  def sign_in!(ip, password_param)
+    return false unless self.confirmed && self.authenticate(password_param)
+    self.update_attributes(
+      sign_in_ip: ip,
+      sign_in_count: (self.sign_in_count + 1),
+      remember_token: SecureRandom.urlsafe_base64 )
   end
 
-  def confirm(request_remote_ip)
-    self.confirmed = true
-    self.reset_password_sent_at = nil
-    self.reset_password_token = nil
-    self.sign_in_ip = request_remote_ip
-    self.save
+  def confirm!(ip)
+    self.update_attributes(
+      sign_in_ip: ip,
+      confirmed: true,
+      reset_password_sent_at: nil,
+      reset_password_token: nil )
   end
 
+  def in_time?
+    (Time.now - self.reset_password_sent_at) < 24.hours if self.reset_password_sent_at
+  end
+
+  def token_matches?(token)
+    self.reset_password_token == token
+  end
 end

data/lib/dangerzone/templates/routes.rb

@@ -13,6 +13,6 @@
   put '/resend_confirmation_email' => 'create_accounts#resend_confirmation_email', as: 'resend_confirmation_email'
 
   get '/forgot_password' => 'reset_passwords#new', as: 'forgot_password'
-  put '/reset_password' => 'reset_passwords#send_reset_password', as: 'send_reset_password'
+  put '/reset_password' => 'reset_passwords#requested_reset_password', as: 'requested_reset_password'
   get '/reset_password/:id/:reset_password_token' => 'reset_passwords#reset_password_form', as: 'reset_password_form'
   put '/update_password' => 'reset_passwords#update_password', as: 'update_password'

data/lib/dangerzone/templates/spec/controllers/create_accounts_controller_spec.rb

@@ -0,0 +1,179 @@
+require 'spec_helper'
+
+describe CreateAccountsController do
+  before { ActionMailer::Base.deliveries = [] }
+
+  describe '#create' do
+
+    it "saves an unconfirmed user" do
+      params = { user: FactoryGirl.attributes_for(:user, :confirmed) }
+      post :create, params
+      expect(assigns(:user).confirmed).to be_false
+    end
+
+    describe 'when successful' do
+      let(:valid_params) { { user: FactoryGirl.attributes_for(:user) } }
+      before { post :create, valid_params }
+
+      it "assigns a user with the values in valid_params" do
+        expect(assigns(:user).email).to eq(valid_params[:user][:email])
+      end
+
+      it "sends them a confirmation email" do
+        expect(ActionMailer::Base.deliveries).to_not be_empty
+      end
+
+      it "saves the user" do
+        expect(assigns(:user)).to be_persisted
+      end
+
+      it "redirects them to check_your_email" do
+        expect(response).to redirect_to :check_your_email
+      end
+    end
+
+    describe 'when unsuccessful' do
+      let(:invalid_params) { {:user => { email: 'x' }}}
+      before(:each) { post :create, invalid_params }
+
+      it "redirects them to the sign up page" do
+        expect(response).to redirect_to :sign_up
+      end
+
+      it "does not persist @user" do
+        expect(assigns(:user)).to be_new_record
+      end
+
+      it "does not send them an email" do
+        expect(ActionMailer::Base.deliveries).to be_empty
+      end
+    end
+  end
+
+  describe '#new' do
+    it "renders the new template" do
+      get :new
+      expect(response).to render_template :new
+    end
+  end
+
+  describe '#resend_confirmation_email' do
+    let(:user){ FactoryGirl.create(:user) }
+
+    describe "when user is not confirmed and has valid email" do
+
+      it "redirects to the check_your_email page" do
+        put :resend_confirmation_email, email: user.email
+        expect(response).to redirect_to :check_your_email
+      end
+
+      it "sends a confirmation email" do
+        put :resend_confirmation_email, email: user.email
+        expect(ActionMailer::Base.deliveries).to_not be_empty
+      end
+
+      it "updates the user's reset password credentials" do
+        old_token = user.reset_password_token
+        old_time = user.reset_password_sent_at
+        put :resend_confirmation_email, email: user.email
+        user.reload
+        expect(user.reset_password_token).to_not eq(old_token)
+        expect(user.reset_password_sent_at).to_not eq(old_time)
+      end
+    end
+
+    describe "when user is already confirmed" do
+      let(:confirmed_user) { FactoryGirl.create(:user, :confirmed) }
+
+      it "redirects to the check_your_email page" do
+        put :resend_confirmation_email, email: confirmed_user.email
+        expect(response).to redirect_to :check_your_email
+      end
+
+      it "does not send an email" do
+        put :resend_confirmation_email, email: confirmed_user.email
+        expect(ActionMailer::Base.deliveries).to be_empty
+      end
+
+      it "does not update their reset password credentials" do
+        user.should_not_receive :update_reset_password_credentials
+        put :resend_confirmation_email, email: confirmed_user.email
+      end
+    end
+
+    describe "when email in params does not belong to any user" do
+
+      it "redirects to the check_your_email page when there is no email in params" do
+        put :resend_confirmation_email
+        expect(response).to redirect_to :check_your_email
+      end
+
+      it "does not send an email" do
+        put :resend_confirmation_email, email: 'not_there@example.com'
+        expect(ActionMailer::Base.deliveries).to be_empty
+      end
+
+      it "does not update their reset password credentials" do
+        user.should_not_receive :update_reset_password_credentials
+        put :resend_confirmation_email, email: 'not_there@example.com'
+      end
+    end
+  end
+
+  describe "#confirm" do
+    let(:user){ FactoryGirl.create(:user) }
+    before { user.update_reset_password_credentials }
+
+    context "user has proper reset password credentials" do
+      before { get :confirm, id: user.id, reset_password_token: user.reset_password_token }
+
+      it "redirects to the root_url" do
+        expect(response).to redirect_to root_url
+      end
+
+      it "confirms the user" do
+        expect(User.first.confirmed).to be_true
+      end
+
+      it "puts the user's id in the session hash" do
+        expect(session[:user_id]).to eq(user.id)
+      end
+    end
+
+    context "user does not have right token" do
+      before { get :confirm, id: user.id, reset_password_token: 'wrong'}
+
+      it "redirects them to the sign up page" do
+        expect(response).to redirect_to :sign_up
+      end
+
+      it "does not confirm the user" do
+        expect(User.first.confirmed).to be_false
+      end
+
+      it "does not set the session hash to the user's id" do
+        expect(session[:user_id]).to be_nil
+      end
+    end
+
+    context "user is trying to confirm after more than an hour" do
+      before do
+        user.reset_password_sent_at = Time.now - 2.days
+        user.save
+        get :confirm, id: user.id, reset_password_token: user.reset_password_token
+      end
+
+      it "redirects them to the sign up page" do
+        expect(response).to redirect_to :sign_up
+      end
+
+      it "does not confirm the user" do
+        expect(User.first.confirmed).to be_false
+      end
+
+      it "does not set the session hash to the user's id" do
+        expect(session[:user_id]).to be_nil
+      end
+    end
+  end
+end

data/lib/dangerzone/templates/spec/controllers/reset_passwords_controller_spec.rb

@@ -0,0 +1,131 @@
+require 'spec_helper'
+
+describe ResetPasswordsController do
+
+  describe '#requested_reset_password' do
+    before { ActionMailer::Base.deliveries = []}
+    let(:user) { FactoryGirl.create(:user) }
+
+    it "renders to forgot_password page (:new)" do
+      put :requested_reset_password, email: user.email
+      expect(response).to redirect_to :forgot_password
+    end
+
+    context 'when update_reset_password_credentials is successful' do
+
+      it "sends an email" do
+        put :requested_reset_password, email: user.email
+        expect(ActionMailer::Base.deliveries).to_not be_empty
+      end
+
+      it "updates the user's reset password credentials" do
+        old_token = user.reset_password_token
+        old_time = user.reset_password_sent_at
+        put :requested_reset_password, email: user.email
+        expect(User.first.reset_password_token).to_not eq(old_token)
+        expect(User.first.reset_password_sent_at).to_not eq(old_time)
+      end
+    end
+
+    context 'when update_reset_password_credentials fails' do
+      it "doesn't send an email" do
+        put :requested_reset_password, email: "not an email"
+        expect(ActionMailer::Base.deliveries).to be_empty
+      end
+    end
+  end
+
+  describe '#reset_password_form' do
+    let(:user){ FactoryGirl.create(:user) }
+    before { user.update_reset_password_credentials }
+
+    context "user has proper reset password credentials" do
+      it "renders reset password form" do
+        get :reset_password_form, id: user.id, reset_password_token: user.reset_password_token
+        expect(response).to render_template :reset_password_form
+      end
+    end
+
+    context "user does not have right token" do
+      before { get :reset_password_form, id: user.id, reset_password_token: 'wrong'}
+
+      it "renders the forgot password page" do
+        expect(response).to redirect_to :forgot_password
+      end
+
+      it "does not set the session hash to the user's id" do
+        expect(session[:reset_password_user_id]).to be_nil
+      end
+    end
+
+    context "user is trying to reset password after more than an hour" do
+      before do
+        user.reset_password_sent_at = Time.now - 2.days
+        user.save
+        get :reset_password_form, id: user.id, reset_password_token: user.reset_password_token
+      end
+
+      it "renders the forgot password page" do
+        expect(response).to redirect_to :forgot_password
+      end
+
+      it "does not set the session hash to the user's id" do
+        expect(session[:reset_password_user_id]).to be_nil
+      end
+    end
+  end
+
+  describe '#update_password' do
+    let(:user){ FactoryGirl.create(:user) }
+    before do
+      user.update_reset_password_credentials
+      session[:reset_password_user_id] = user.id
+    end
+
+    context 'the user is in time' do
+
+      context 'and their password and confirmation match' do
+        before { put :update_password, password: 'new_password', password_confirmation: 'new_password', id: user.id }
+
+        it "sets session[:user_id] to their user id" do
+          expect(session[:user_id]).to eq(user.id)
+        end
+
+        it "redirects them to the root_url" do
+          expect(response).to redirect_to :root
+        end
+      end
+
+      context "but their password and confirmation don't match" do
+        it "redirects them to the reset password form" do
+          put :update_password, password: 'new_password', password_confirmation: "doesn't match", id: user.id
+          expect(response).to redirect_to reset_password_form_path(user.id, user.reset_password_token)
+        end
+      end
+
+    end
+
+    context "user is too late" do
+      it "redirects to #requested_reset_password" do
+        user.reset_password_sent_at = Time.now - 2.days
+        user.save
+        put :update_password, password: 'new_password', password_confirmation: 'new_password', id: user.id
+        expect(response).to redirect_to :forgot_password
+      end
+    end
+
+    context "incorrect id comes in" do
+      it "redirects to #forgot_password" do
+        put :update_password, password: 'new_password', password_confirmation: 'new_password', id: 1234124
+        expect(response).to redirect_to :forgot_password
+      end
+    end
+  end
+
+  describe '#new' do
+    it "renders the new template" do
+      get :new
+      expect(response).to render_template :new
+    end
+  end
+end

data/lib/dangerzone/templates/spec/controllers/sessions_controller_spec.rb

@@ -0,0 +1,135 @@
+require 'spec_helper'
+
+describe SessionsController do
+
+  describe '#new' do
+    let(:confirmed_user) { FactoryGirl.create(:user) }
+
+    it 'renders the :new page' do
+      get :new
+      expect(response).to render_template :new
+    end
+
+    it 'redirects to root if user is already signed in' do
+      session[:user_id] = 5
+      get :new
+      expect(response).to redirect_to :root
+    end
+  end
+
+  describe '#destroy' do
+
+    it 'clears the permanent cookies' do
+      cookies.permanent[:remember_token] = 'remember token'
+      delete :destroy
+      expect(cookies[:remember_token]).to be_nil
+    end
+
+    it 'clears the session hash' do
+      session[:user_id] = 5
+      delete :destroy
+      expect(session[:user_id]).to be_nil
+    end
+
+    it 'redirects to the sign in page' do
+      delete :destroy
+      expect(response).to redirect_to :sign_in
+    end
+  end
+
+  describe '#create' do
+    let(:user){ FactoryGirl.create(:user, :confirmed) }
+    let(:params){ {email: user.email, password: 'password1234'} }
+
+    before { controller.reset_session }
+
+    it 'clears cookies before signing in so 2 people cannot be signed in at once (w/out remember me)' do
+      session[:user_id] = 'x'
+      cookies.permanent[:remember_token] = 'some token'
+      post :create, params
+      expect(session[:user_id]).to eq(user.id)
+      expect(cookies[:remember_token]).to be_nil
+    end
+
+    it 'clears cookies before signing in so 2 people cannot be signed in at once (with remember me)' do
+      session[:user_id] = 'x'
+      cookies.permanent[:remember_token] = 'some token'
+      params[:remember_me] = '1'
+      post :create, params
+      expect(session[:user_id]).to be_nil
+      expect(cookies[:remember_token]).to eq(assigns(:user).remember_token)
+    end
+
+    context 'when a non user email tries to login' do
+      it 'redirects to the sign in page' do
+        post :create
+        expect(response).to redirect_to :sign_in
+      end
+    end
+
+    context 'incorrect password' do
+      it 'redirects to the sign in page' do
+        params[:password] = 'wrong'
+        post :create, params
+        expect(response).to redirect_to :sign_in
+      end
+    end
+
+    context 'user is not confirmed' do
+      it 'redirects to the sign in page' do
+        params[:email] = FactoryGirl.create(:user).email
+        post :create, params
+        expect(response).to redirect_to :sign_in
+      end
+    end
+
+    context 'password is correct and user is confirmed' do
+
+      it 'updates the their sign in ip' do
+        user.sign_in_ip = 'old ip'
+        user.save
+        post :create, params
+        expect(assigns(:user)).to_not eq('old ip')
+      end
+
+      it 'increments the their sign in count' do
+        old_sign_in_count = user.sign_in_count
+        post :create, params
+        expect(assigns(:user).sign_in_count).to eq(old_sign_in_count + 1)
+      end
+
+      it 'redirects to the root url' do
+        post :create, params
+        expect(response).to redirect_to :root
+      end
+
+      it 'saves the user' do
+        old_updated_at = user.updated_at
+        post :create, params
+        expect(assigns(:user)).to_not eq(old_updated_at)
+      end
+
+      context 'user has selected remember me' do
+        before { params[:remember_me] = '1' }
+
+        it 'gives the user a new remember token' do
+          old_token = user.remember_token
+          post :create, params
+          expect(assigns(:user)).to_not eq(old_token)
+        end
+
+        it 'puts the their id in the permanent cookies' do
+          post :create, params
+          expect(cookies[:remember_token]).to_not be_nil
+        end
+      end
+
+      context 'user has not selected remember me' do
+        it 'puts the their id in the session hash' do
+          post :create, params
+          expect(session[:user_id]).to eq(user.id)
+        end
+      end
+    end
+  end
+end