RubyGems - dangerzone - Versions diffs - 0.0.0 → 0.5.0 - Mend

dangerzone 0.0.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

data/lib/dangerzone/templates/migration.rb CHANGED

@@ -3,15 +3,13 @@ class CreateUsersTableViaDangerzone < ActiveRecord::Migration
   def up
     create_table :users do |t|
       t.string   :email
-      t.string   :password
-      t.string   :password_confirmation
       t.string   :password_digest
       t.string   :sign_in_ip
       t.string   :remember_token
       t.string   :reset_password_token
       t.datetime :reset_password_sent_at
-      t.boolean  :confirmed,              :default => false
-      t.integer  :sign_in_count,          :default => 1
+      t.boolean  :confirmed,              default: false
+      t.integer  :sign_in_count,          default: 1
       t.timestamps
     end

data/lib/dangerzone/templates/models/user.rb CHANGED

@@ -1,25 +1,51 @@
 class User < ActiveRecord::Base
   has_secure_password
-  attr_accessible :email, :password, :password_confirmation
+  attr_accessible(
+    :email,
+    :password,
+    :password_confirmation,
+    :reset_password_token,
+    :reset_password_sent_at,
+    :sign_in_ip,
+    :sign_in_count,
+    :confirmed,
+    :remember_token )
   validates_presence_of :email
   validates_uniqueness_of :email
-  validates_format_of :email, :with => /.+@.+\..+/i
+  validates :password, :password_confirmation, presence: true, if: :new_record?
+  validates_format_of :email, with: /.+@.+\..+/i
+  before_save { self.email = self.email.try(:downcase) }
   def update_reset_password_credentials
-    self.reset_password_sent_at = Time.now
-    self.reset_password_token = SecureRandom.urlsafe_base64
-    self.save
+    self.update_attributes(
+      reset_password_sent_at: Time.now,
+      reset_password_token:  SecureRandom.urlsafe_base64 )
+  end
+  def sign_in!(ip, password_param)
+    return false unless self.confirmed && self.authenticate(password_param)
+    self.update_attributes(
+      sign_in_ip: ip,
+      sign_in_count: (self.sign_in_count + 1),
+      remember_token: SecureRandom.urlsafe_base64 )
   end
-  def confirm(request_remote_ip)
-    self.confirmed = true
-    self.reset_password_sent_at = nil
-    self.reset_password_token = nil
-    self.sign_in_ip = request_remote_ip
-    self.save
+  def confirm!(ip)
+    self.update_attributes(
+      sign_in_ip: ip,
+      confirmed: true,
+      reset_password_sent_at: nil,
+      reset_password_token: nil )
   end
+  def in_time?
+    (Time.now - self.reset_password_sent_at) < 24.hours if self.reset_password_sent_at
+  end
+  def token_matches?(token)
+    self.reset_password_token == token
+  end
 end

data/lib/dangerzone/templates/routes.rb CHANGED

@@ -13,6 +13,6 @@
   put '/resend_confirmation_email' => 'create_accounts#resend_confirmation_email', as: 'resend_confirmation_email'
   get '/forgot_password' => 'reset_passwords#new', as: 'forgot_password'
-  put '/reset_password' => 'reset_passwords#send_reset_password', as: 'send_reset_password'
+  put '/reset_password' => 'reset_passwords#requested_reset_password', as: 'requested_reset_password'
   get '/reset_password/:id/:reset_password_token' => 'reset_passwords#reset_password_form', as: 'reset_password_form'
   put '/update_password' => 'reset_passwords#update_password', as: 'update_password'

data/lib/dangerzone/templates/spec/controllers/create_accounts_controller_spec.rb ADDED

@@ -0,0 +1,179 @@
+require 'spec_helper'
+describe CreateAccountsController do
+  before { ActionMailer::Base.deliveries = [] }
+  describe '#create' do
+    it "saves an unconfirmed user" do
+      params = { user: FactoryGirl.attributes_for(:user, :confirmed) }
+      post :create, params
+      expect(assigns(:user).confirmed).to be_false
+    end
+    describe 'when successful' do
+      let(:valid_params) { { user: FactoryGirl.attributes_for(:user) } }
+      before { post :create, valid_params }
+      it "assigns a user with the values in valid_params" do
+        expect(assigns(:user).email).to eq(valid_params[:user][:email])
+      end
+      it "sends them a confirmation email" do
+        expect(ActionMailer::Base.deliveries).to_not be_empty
+      end
+      it "saves the user" do
+        expect(assigns(:user)).to be_persisted
+      end
+      it "redirects them to check_your_email" do
+        expect(response).to redirect_to :check_your_email
+      end
+    end
+    describe 'when unsuccessful' do
+      let(:invalid_params) { {:user => { email: 'x' }}}
+      before(:each) { post :create, invalid_params }
+      it "redirects them to the sign up page" do
+        expect(response).to redirect_to :sign_up
+      end
+      it "does not persist @user" do
+        expect(assigns(:user)).to be_new_record
+      end
+      it "does not send them an email" do
+        expect(ActionMailer::Base.deliveries).to be_empty
+      end
+    end
+  end
+  describe '#new' do
+    it "renders the new template" do
+      get :new
+      expect(response).to render_template :new
+    end
+  end
+  describe '#resend_confirmation_email' do
+    let(:user){ FactoryGirl.create(:user) }
+    describe "when user is not confirmed and has valid email" do
+      it "redirects to the check_your_email page" do
+        put :resend_confirmation_email, email: user.email
+        expect(response).to redirect_to :check_your_email
+      end
+      it "sends a confirmation email" do
+        put :resend_confirmation_email, email: user.email
+        expect(ActionMailer::Base.deliveries).to_not be_empty
+      end
+      it "updates the user's reset password credentials" do
+        old_token = user.reset_password_token
+        old_time = user.reset_password_sent_at
+        put :resend_confirmation_email, email: user.email
+        user.reload
+        expect(user.reset_password_token).to_not eq(old_token)
+        expect(user.reset_password_sent_at).to_not eq(old_time)
+      end
+    end
+    describe "when user is already confirmed" do
+      let(:confirmed_user) { FactoryGirl.create(:user, :confirmed) }
+      it "redirects to the check_your_email page" do
+        put :resend_confirmation_email, email: confirmed_user.email
+        expect(response).to redirect_to :check_your_email
+      end
+      it "does not send an email" do
+        put :resend_confirmation_email, email: confirmed_user.email
+        expect(ActionMailer::Base.deliveries).to be_empty
+      end
+      it "does not update their reset password credentials" do
+        user.should_not_receive :update_reset_password_credentials
+        put :resend_confirmation_email, email: confirmed_user.email
+      end
+    end
+    describe "when email in params does not belong to any user" do
+      it "redirects to the check_your_email page when there is no email in params" do
+        put :resend_confirmation_email
+        expect(response).to redirect_to :check_your_email
+      end
+      it "does not send an email" do
+        put :resend_confirmation_email, email: 'not_there@example.com'
+        expect(ActionMailer::Base.deliveries).to be_empty
+      end
+      it "does not update their reset password credentials" do
+        user.should_not_receive :update_reset_password_credentials
+        put :resend_confirmation_email, email: 'not_there@example.com'
+      end
+    end
+  end
+  describe "#confirm" do
+    let(:user){ FactoryGirl.create(:user) }
+    before { user.update_reset_password_credentials }
+    context "user has proper reset password credentials" do
+      before { get :confirm, id: user.id, reset_password_token: user.reset_password_token }
+      it "redirects to the root_url" do
+        expect(response).to redirect_to root_url
+      end
+      it "confirms the user" do
+        expect(User.first.confirmed).to be_true
+      end
+      it "puts the user's id in the session hash" do
+        expect(session[:user_id]).to eq(user.id)
+      end
+    end
+    context "user does not have right token" do
+      before { get :confirm, id: user.id, reset_password_token: 'wrong'}
+      it "redirects them to the sign up page" do
+        expect(response).to redirect_to :sign_up
+      end
+      it "does not confirm the user" do
+        expect(User.first.confirmed).to be_false
+      end
+      it "does not set the session hash to the user's id" do
+        expect(session[:user_id]).to be_nil
+      end
+    end
+    context "user is trying to confirm after more than an hour" do
+      before do
+        user.reset_password_sent_at = Time.now - 2.days
+        user.save
+        get :confirm, id: user.id, reset_password_token: user.reset_password_token
+      end
+      it "redirects them to the sign up page" do
+        expect(response).to redirect_to :sign_up
+      end
+      it "does not confirm the user" do
+        expect(User.first.confirmed).to be_false
+      end
+      it "does not set the session hash to the user's id" do
+        expect(session[:user_id]).to be_nil
+      end
+    end
+  end
+end

data/lib/dangerzone/templates/spec/controllers/reset_passwords_controller_spec.rb ADDED

@@ -0,0 +1,131 @@
+require 'spec_helper'
+describe ResetPasswordsController do
+  describe '#requested_reset_password' do
+    before { ActionMailer::Base.deliveries = []}
+    let(:user) { FactoryGirl.create(:user) }
+    it "renders to forgot_password page (:new)" do
+      put :requested_reset_password, email: user.email
+      expect(response).to redirect_to :forgot_password
+    end
+    context 'when update_reset_password_credentials is successful' do
+      it "sends an email" do
+        put :requested_reset_password, email: user.email
+        expect(ActionMailer::Base.deliveries).to_not be_empty
+      end
+      it "updates the user's reset password credentials" do
+        old_token = user.reset_password_token
+        old_time = user.reset_password_sent_at
+        put :requested_reset_password, email: user.email
+        expect(User.first.reset_password_token).to_not eq(old_token)
+        expect(User.first.reset_password_sent_at).to_not eq(old_time)
+      end
+    end
+    context 'when update_reset_password_credentials fails' do
+      it "doesn't send an email" do
+        put :requested_reset_password, email: "not an email"
+        expect(ActionMailer::Base.deliveries).to be_empty
+      end
+    end
+  end
+  describe '#reset_password_form' do
+    let(:user){ FactoryGirl.create(:user) }
+    before { user.update_reset_password_credentials }
+    context "user has proper reset password credentials" do
+      it "renders reset password form" do
+        get :reset_password_form, id: user.id, reset_password_token: user.reset_password_token
+        expect(response).to render_template :reset_password_form
+      end
+    end
+    context "user does not have right token" do
+      before { get :reset_password_form, id: user.id, reset_password_token: 'wrong'}
+      it "renders the forgot password page" do
+        expect(response).to redirect_to :forgot_password
+      end
+      it "does not set the session hash to the user's id" do
+        expect(session[:reset_password_user_id]).to be_nil
+      end
+    end
+    context "user is trying to reset password after more than an hour" do
+      before do
+        user.reset_password_sent_at = Time.now - 2.days
+        user.save
+        get :reset_password_form, id: user.id, reset_password_token: user.reset_password_token
+      end
+      it "renders the forgot password page" do
+        expect(response).to redirect_to :forgot_password
+      end
+      it "does not set the session hash to the user's id" do
+        expect(session[:reset_password_user_id]).to be_nil
+      end
+    end
+  end
+  describe '#update_password' do
+    let(:user){ FactoryGirl.create(:user) }
+    before do
+      user.update_reset_password_credentials
+      session[:reset_password_user_id] = user.id
+    end
+    context 'the user is in time' do
+      context 'and their password and confirmation match' do
+        before { put :update_password, password: 'new_password', password_confirmation: 'new_password', id: user.id }
+        it "sets session[:user_id] to their user id" do
+          expect(session[:user_id]).to eq(user.id)
+        end
+        it "redirects them to the root_url" do
+          expect(response).to redirect_to :root
+        end
+      end
+      context "but their password and confirmation don't match" do
+        it "redirects them to the reset password form" do
+          put :update_password, password: 'new_password', password_confirmation: "doesn't match", id: user.id
+          expect(response).to redirect_to reset_password_form_path(user.id, user.reset_password_token)
+        end
+      end
+    end
+    context "user is too late" do
+      it "redirects to #requested_reset_password" do
+        user.reset_password_sent_at = Time.now - 2.days
+        user.save
+        put :update_password, password: 'new_password', password_confirmation: 'new_password', id: user.id
+        expect(response).to redirect_to :forgot_password
+      end
+    end
+    context "incorrect id comes in" do
+      it "redirects to #forgot_password" do
+        put :update_password, password: 'new_password', password_confirmation: 'new_password', id: 1234124
+        expect(response).to redirect_to :forgot_password
+      end
+    end
+  end
+  describe '#new' do
+    it "renders the new template" do
+      get :new
+      expect(response).to render_template :new
+    end
+  end
+end

data/lib/dangerzone/templates/spec/controllers/sessions_controller_spec.rb ADDED

@@ -0,0 +1,135 @@
+require 'spec_helper'
+describe SessionsController do
+  describe '#new' do
+    let(:confirmed_user) { FactoryGirl.create(:user) }
+    it 'renders the :new page' do
+      get :new
+      expect(response).to render_template :new
+    end
+    it 'redirects to root if user is already signed in' do
+      session[:user_id] = 5
+      get :new
+      expect(response).to redirect_to :root
+    end
+  end
+  describe '#destroy' do
+    it 'clears the permanent cookies' do
+      cookies.permanent[:remember_token] = 'remember token'
+      delete :destroy
+      expect(cookies[:remember_token]).to be_nil
+    end
+    it 'clears the session hash' do
+      session[:user_id] = 5
+      delete :destroy
+      expect(session[:user_id]).to be_nil
+    end
+    it 'redirects to the sign in page' do
+      delete :destroy
+      expect(response).to redirect_to :sign_in
+    end
+  end
+  describe '#create' do
+    let(:user){ FactoryGirl.create(:user, :confirmed) }
+    let(:params){ {email: user.email, password: 'password1234'} }
+    before { controller.reset_session }
+    it 'clears cookies before signing in so 2 people cannot be signed in at once (w/out remember me)' do
+      session[:user_id] = 'x'
+      cookies.permanent[:remember_token] = 'some token'
+      post :create, params
+      expect(session[:user_id]).to eq(user.id)
+      expect(cookies[:remember_token]).to be_nil
+    end
+    it 'clears cookies before signing in so 2 people cannot be signed in at once (with remember me)' do
+      session[:user_id] = 'x'
+      cookies.permanent[:remember_token] = 'some token'
+      params[:remember_me] = '1'
+      post :create, params
+      expect(session[:user_id]).to be_nil
+      expect(cookies[:remember_token]).to eq(assigns(:user).remember_token)
+    end
+    context 'when a non user email tries to login' do
+      it 'redirects to the sign in page' do
+        post :create
+        expect(response).to redirect_to :sign_in
+      end
+    end
+    context 'incorrect password' do
+      it 'redirects to the sign in page' do
+        params[:password] = 'wrong'
+        post :create, params
+        expect(response).to redirect_to :sign_in
+      end
+    end
+    context 'user is not confirmed' do
+      it 'redirects to the sign in page' do
+        params[:email] = FactoryGirl.create(:user).email
+        post :create, params
+        expect(response).to redirect_to :sign_in
+      end
+    end
+    context 'password is correct and user is confirmed' do
+      it 'updates the their sign in ip' do
+        user.sign_in_ip = 'old ip'
+        user.save
+        post :create, params
+        expect(assigns(:user)).to_not eq('old ip')
+      end
+      it 'increments the their sign in count' do
+        old_sign_in_count = user.sign_in_count
+        post :create, params
+        expect(assigns(:user).sign_in_count).to eq(old_sign_in_count + 1)
+      end
+      it 'redirects to the root url' do
+        post :create, params
+        expect(response).to redirect_to :root
+      end
+      it 'saves the user' do
+        old_updated_at = user.updated_at
+        post :create, params
+        expect(assigns(:user)).to_not eq(old_updated_at)
+      end
+      context 'user has selected remember me' do
+        before { params[:remember_me] = '1' }
+        it 'gives the user a new remember token' do
+          old_token = user.remember_token
+          post :create, params
+          expect(assigns(:user)).to_not eq(old_token)
+        end
+        it 'puts the their id in the permanent cookies' do
+          post :create, params
+          expect(cookies[:remember_token]).to_not be_nil
+        end
+      end
+      context 'user has not selected remember me' do
+        it 'puts the their id in the session hash' do
+          post :create, params
+          expect(session[:user_id]).to eq(user.id)
+        end
+      end
+    end
+  end
+end