devise-jdguyot 1.2.rc

data/test/integration/lockable_test.rb

@@ -0,0 +1,109 @@
+require 'test_helper'
+
+class LockTest < ActionController::IntegrationTest
+  
+  def visit_user_unlock_with_token(unlock_token)
+    visit user_unlock_path(:unlock_token => unlock_token)
+  end
+
+  test 'user should be able to request a new unlock token' do
+    user = create_user(:locked => true)
+    ActionMailer::Base.deliveries.clear
+
+    visit new_user_session_path
+    click_link "Didn't receive unlock instructions?"
+
+    fill_in 'email', :with => user.email
+    click_button 'Resend unlock instructions'
+
+    assert_template 'sessions/new'
+    assert_contain 'You will receive an email with instructions about how to unlock your account in a few minutes'
+    assert_equal 1, ActionMailer::Base.deliveries.size
+  end
+
+  test 'unlocked user should not be able to request a unlock token' do
+    user = create_user(:locked => false)
+    ActionMailer::Base.deliveries.clear
+
+    visit new_user_session_path
+    click_link "Didn't receive unlock instructions?"
+
+    fill_in 'email', :with => user.email
+    click_button 'Resend unlock instructions'
+
+    assert_template 'unlocks/new'
+    assert_contain 'not locked'
+    assert_equal 0, ActionMailer::Base.deliveries.size
+  end
+
+  test 'unlocked pages should not be available if email strategy is disabled' do
+    visit "/admins/sign_in"
+
+    assert_raise Webrat::NotFoundError do
+      click_link "Didn't receive unlock instructions?"
+    end
+
+    assert_raise NameError do
+      visit new_admin_unlock_path
+    end
+
+    visit "/admins/unlock/new"
+    assert_response :not_found
+  end
+
+  test 'user with invalid unlock token should not be able to unlock an account' do
+    visit_user_unlock_with_token('invalid_token')
+
+    assert_response :success
+    assert_current_url '/users/unlock?unlock_token=invalid_token'
+    assert_have_selector '#error_explanation'
+    assert_contain /Unlock token(.*)invalid/
+  end
+
+  test "locked user should be able to unlock account" do
+    user = create_user(:locked => true)
+    assert user.access_locked?
+
+    visit_user_unlock_with_token(user.unlock_token)
+
+    assert_current_url '/'
+    assert_contain 'Your account was successfully unlocked.'
+
+    assert_not user.reload.access_locked?
+  end
+
+  test "sign in user automatically after unlocking it's account" do
+    user = create_user(:locked => true)
+    visit_user_unlock_with_token(user.unlock_token)
+    assert warden.authenticated?(:user)
+  end
+
+  test "user should not be able to sign in when locked" do
+    user = sign_in_as_user(:locked => true)
+    assert_template 'sessions/new'
+    assert_contain 'Your account is locked.'
+    assert_not warden.authenticated?(:user)
+  end
+
+  test "user should not send a new e-mail if already locked" do
+    user = create_user(:locked => true)
+    user.failed_attempts = User.maximum_attempts + 1
+    user.save!
+
+    ActionMailer::Base.deliveries.clear
+
+    sign_in_as_user(:password => "invalid")
+    assert_contain 'Your account is locked.'
+    assert ActionMailer::Base.deliveries.empty?
+  end
+
+  test 'error message is configurable by resource name' do
+    store_translations :en, :devise => {
+      :failure => { :user => { :locked => "You are locked!" } }
+    } do
+      user = sign_in_as_user(:locked => true)
+      assert_contain 'You are locked!'
+    end
+  end
+
+end

data/test/integration/omniauthable_test.rb

@@ -0,0 +1,107 @@
+require 'test_helper'
+
+class OmniauthableIntegrationTest < ActionController::IntegrationTest
+  FACEBOOK_INFO = {
+    :id => '12345',
+    :link => 'http://facebook.com/josevalim',
+    :email => 'user@example.com',
+    :first_name => 'Jose',
+    :last_name => 'Valim',
+    :website => 'http://blog.plataformatec.com.br'
+  }
+
+  ACCESS_TOKEN = {
+    :access_token => "plataformatec"
+  }
+
+  setup do
+    stub_facebook!
+    Devise::OmniAuth.short_circuit_authorizers!
+  end
+
+  teardown do
+    Devise::OmniAuth.unshort_circuit_authorizers!
+    Devise::OmniAuth.reset_stubs!
+  end
+
+  def stub_facebook!
+    Devise::OmniAuth.stub!(:facebook) do |b|
+      b.post('/oauth/access_token') { [200, {}, ACCESS_TOKEN.to_json] }
+      b.get('/me?access_token=plataformatec') { [200, {}, FACEBOOK_INFO.to_json] }
+    end
+  end
+
+  test "can access omniauth.auth in the env hash" do
+    visit "/users/sign_in"
+    click_link "Sign in with Facebook"
+
+    json = ActiveSupport::JSON.decode(response.body)
+
+    assert_equal "12345",         json["uid"]
+    assert_equal "facebook",      json["provider"]
+    assert_equal "josevalim",     json["user_info"]["nickname"]
+    assert_equal FACEBOOK_INFO,   json["extra"]["user_hash"].symbolize_keys
+    assert_equal "plataformatec", json["credentials"]["token"]
+  end
+
+  test "cleans up session on sign up" do  
+    assert_no_difference "User.count" do
+      visit "/users/sign_in"
+      click_link "Sign in with Facebook"
+    end
+
+    assert session["devise.facebook_data"]
+
+    assert_difference "User.count" do
+      visit "/users/sign_up"
+      fill_in "Password", :with => "123456"
+      fill_in "Password confirmation", :with => "123456"
+      click_button "Sign up"
+    end
+
+    assert_current_url "/"
+    assert_contain "You have signed up successfully."
+    assert_contain "Hello User user@example.com"
+    assert_not session["devise.facebook_data"]
+  end
+
+  test "cleans up session on cancel" do  
+    assert_no_difference "User.count" do
+      visit "/users/sign_in"
+      click_link "Sign in with Facebook"
+    end
+
+    assert session["devise.facebook_data"]
+    visit "/users/cancel"
+    assert !session["devise.facebook_data"]
+  end
+
+  test "cleans up session on sign in" do  
+    assert_no_difference "User.count" do
+      visit "/users/sign_in"
+      click_link "Sign in with Facebook"
+    end
+
+    assert session["devise.facebook_data"]
+    user = sign_in_as_user
+    assert !session["devise.facebook_data"]
+  end
+
+  test "handles callback error parameter according to the specification" do
+    visit "/users/auth/facebook/callback?error=access_denied"
+    assert_current_url "/users/sign_in"
+    assert_contain 'Could not authorize you from Facebook because "Access denied".'
+  end
+
+  test "handles other exceptions from omniauth" do
+    Devise::OmniAuth.stub!(:facebook) do |b|
+      b.post('/oauth/access_token') { [401, {}, {}.to_json] }
+    end
+
+    visit "/users/sign_in"
+    click_link "Sign in with facebook"
+
+    assert_current_url "/users/sign_in"
+    assert_contain 'Could not authorize you from Facebook because "Invalid credentials".'
+  end
+end

data/test/integration/recoverable_test.rb

@@ -0,0 +1,160 @@
+require 'test_helper'
+
+class PasswordTest < ActionController::IntegrationTest
+
+  def visit_new_password_path
+    visit new_user_session_path
+    click_link 'Forgot your password?'
+  end
+
+  def request_forgot_password(&block)
+    visit_new_password_path
+    assert_response :success
+    assert_not warden.authenticated?(:user)
+
+    fill_in 'email', :with => 'user@test.com'
+    yield if block_given?
+    click_button 'Send me reset password instructions'
+  end
+
+  def reset_password(options={}, &block)    
+    visit edit_user_password_path(:reset_password_token => options[:reset_password_token]) unless options[:visit] == false
+    assert_response :success
+
+    fill_in 'New password', :with => '987654321'
+    fill_in 'Confirm new password', :with => '987654321'
+    yield if block_given?
+    click_button 'Change my password'
+  end
+
+  test 'reset password with email of different case should succeed when email is in the list of case insensitive keys' do
+    create_user(:email => 'Foo@Bar.com')
+    
+    request_forgot_password do
+      fill_in 'email', :with => 'foo@bar.com'
+    end
+    
+    assert_current_url '/users/sign_in'
+    assert_contain 'You will receive an email with instructions about how to reset your password in a few minutes.'
+  end
+
+  test 'reset password with email of different case should fail when email is NOT the list of case insensitive keys' do
+    swap Devise, :case_insensitive_keys => [] do
+      create_user(:email => 'Foo@Bar.com')
+      
+      request_forgot_password do
+        fill_in 'email', :with => 'foo@bar.com'
+      end
+      
+      assert_response :success
+      assert_current_url '/users/password'
+      assert_have_selector "input[type=email][value='foo@bar.com']"
+      assert_contain 'not found'
+    end
+  end
+
+  test 'authenticated user should not be able to visit forgot password page' do
+    sign_in_as_user
+    assert warden.authenticated?(:user)
+
+    get new_user_password_path
+
+    assert_response :redirect
+    assert_redirected_to root_path
+  end
+
+  test 'not authenticated user should be able to request a forgot password' do
+    create_user
+    request_forgot_password
+
+    assert_current_url '/users/sign_in'
+    assert_contain 'You will receive an email with instructions about how to reset your password in a few minutes.'
+  end
+
+  test 'not authenticated user with invalid email should receive an error message' do
+    request_forgot_password do
+      fill_in 'email', :with => 'invalid.test@test.com'
+    end
+
+    assert_response :success
+    assert_current_url '/users/password'
+    assert_have_selector "input[type=email][value='invalid.test@test.com']"
+    assert_contain 'not found'
+  end
+
+  test 'authenticated user should not be able to visit edit password page' do
+    sign_in_as_user
+    get edit_user_password_path
+    assert_response :redirect
+    assert_redirected_to root_path
+    assert warden.authenticated?(:user)
+  end
+
+  test 'not authenticated user with invalid reset password token should not be able to change his password' do
+    user = create_user
+    reset_password :reset_password_token => 'invalid_reset_password'
+
+    assert_response :success
+    assert_current_url '/users/password'
+    assert_have_selector '#error_explanation'
+    assert_contain /Reset password token(.*)invalid/
+    assert_not user.reload.valid_password?('987654321')
+  end
+
+  test 'not authenticated user with valid reset password token but invalid password should not be able to change his password' do
+    user = create_user
+    request_forgot_password
+    reset_password :reset_password_token => user.reload.reset_password_token do
+      fill_in 'Confirm new password', :with => 'other_password'
+    end
+
+    assert_response :success
+    assert_current_url '/users/password'
+    assert_have_selector '#error_explanation'
+    assert_contain 'Password doesn\'t match confirmation'
+    assert_not user.reload.valid_password?('987654321')
+  end
+
+  test 'not authenticated user with valid data should be able to change his password' do
+    user = create_user
+    request_forgot_password
+    reset_password :reset_password_token => user.reload.reset_password_token
+
+    assert_current_url '/'
+    assert_contain 'Your password was changed successfully.'
+    assert user.reload.valid_password?('987654321')
+  end
+
+  test 'after entering invalid data user should still be able to change his password' do
+    user = create_user
+    request_forgot_password
+    reset_password :reset_password_token => user.reload.reset_password_token do
+      fill_in 'Confirm new password', :with => 'other_password'
+    end
+    assert_response :success
+    assert_have_selector '#error_explanation'
+    assert_not user.reload.valid_password?('987654321')
+
+    reset_password :reset_password_token => user.reload.reset_password_token, :visit => false
+    assert_contain 'Your password was changed successfully.'
+    assert user.reload.valid_password?('987654321')
+  end
+
+  test 'sign in user automatically after changing it\'s password' do
+    user = create_user
+    request_forgot_password
+    reset_password :reset_password_token => user.reload.reset_password_token
+
+    assert warden.authenticated?(:user)
+  end
+
+  test 'does not sign in user automatically after changing it\'s password if it\'s not active' do
+    user = create_user(:confirm => false)
+    request_forgot_password
+    reset_password :reset_password_token => user.reload.reset_password_token
+
+    assert_equal new_user_session_path, @request.path
+    assert !warden.authenticated?(:user)
+  end
+
+end

data/test/integration/registerable_test.rb

@@ -0,0 +1,179 @@
+require 'test_helper'
+
+class RegistrationTest < ActionController::IntegrationTest
+
+  test 'a guest admin should be able to sign in successfully' do
+    get new_admin_session_path
+    click_link 'Sign up'
+
+    assert_template 'registrations/new'
+
+    fill_in 'email', :with => 'new_user@test.com'
+    fill_in 'password', :with => 'new_user123'
+    fill_in 'password confirmation', :with => 'new_user123'
+    click_button 'Sign up'
+
+    assert_contain 'Welcome! You have signed up successfully.'
+    assert warden.authenticated?(:admin)
+
+    admin = Admin.last :order => "id"
+    assert_equal admin.email, 'new_user@test.com'
+  end
+
+  test 'a guest user should be able to sign up successfully and be blocked by confirmation' do
+    get new_user_registration_path
+
+    fill_in 'email', :with => 'new_user@test.com'
+    fill_in 'password', :with => 'new_user123'
+    fill_in 'password confirmation', :with => 'new_user123'
+    click_button 'Sign up'
+
+    assert_contain 'You have signed up successfully. However, we could not sign you in because your account is unconfirmed.'
+    assert_not_contain 'You have to confirm your account before continuing'
+
+    assert_not warden.authenticated?(:user)
+
+    user = User.last :order => "id"
+    assert_equal user.email, 'new_user@test.com'
+    assert_not user.confirmed?
+  end
+
+  test 'a guest user cannot sign up with invalid information' do
+    get new_user_registration_path
+
+    fill_in 'email', :with => 'invalid_email'
+    fill_in 'password', :with => 'new_user123'
+    fill_in 'password confirmation', :with => 'new_user321'
+    click_button 'Sign up'
+
+    assert_template 'registrations/new'
+    assert_have_selector '#error_explanation'
+    assert_contain "Email is invalid"
+    assert_contain "Password doesn't match confirmation"
+    assert_contain "2 errors prohibited"
+    assert_nil User.first
+
+    assert_not warden.authenticated?(:user)
+  end
+
+  test 'a guest should not sign up with email/password that already exists' do
+    user = create_user
+    get new_user_registration_path
+
+    fill_in 'email', :with => 'user@test.com'
+    fill_in 'password', :with => '123456'
+    fill_in 'password confirmation', :with => '123456'
+    click_button 'Sign up'
+
+    assert_current_url '/users'
+    assert_contain(/Email.*already.*taken/)
+
+    assert_not warden.authenticated?(:user)
+  end
+
+  test 'a guest should not be able to change account' do
+    get edit_user_registration_path
+    assert_redirected_to new_user_session_path
+    follow_redirect!
+    assert_contain 'You need to sign in or sign up before continuing.'
+  end
+
+  test 'a signed in user should not be able to access sign up' do
+    sign_in_as_user
+    get new_user_registration_path
+    assert_redirected_to root_path
+  end
+
+  test 'a signed in user should be able to edit his account' do
+    sign_in_as_user
+    get edit_user_registration_path
+
+    fill_in 'email', :with => 'user.new@email.com'
+    fill_in 'current password', :with => '123456'
+    click_button 'Update'
+
+    assert_current_url '/'
+    assert_contain 'You updated your account successfully.'
+
+    assert_equal "user.new@email.com", User.first.email
+  end
+
+  test 'a signed in user should still be able to use the website after changing his password' do
+    sign_in_as_user
+    get edit_user_registration_path
+
+    fill_in 'password', :with => '12345678'
+    fill_in 'password confirmation', :with => '12345678'
+    fill_in 'current password', :with => '123456'
+    click_button 'Update'
+
+    assert_contain 'You updated your account successfully.'
+    get users_path
+    assert warden.authenticated?(:user)
+  end
+
+  test 'a signed in user should not change his current user with invalid password' do
+    sign_in_as_user
+    get edit_user_registration_path
+
+    fill_in 'email', :with => 'user.new@email.com'
+    fill_in 'current password', :with => 'invalid'
+    click_button 'Update'
+
+    assert_template 'registrations/edit'
+    assert_contain 'user@test.com'
+    assert_have_selector 'form input[value="user.new@email.com"]'
+
+    assert_equal "user@test.com", User.first.email
+  end
+
+  test 'a signed in user should be able to edit his password' do
+    sign_in_as_user
+    get edit_user_registration_path
+
+    fill_in 'password', :with => 'pas123'
+    fill_in 'password confirmation', :with => 'pas123'
+    fill_in 'current password', :with => '123456'
+    click_button 'Update'
+
+    assert_current_url '/'
+    assert_contain 'You updated your account successfully.'
+
+    assert User.first.valid_password?('pas123')
+  end
+
+  test 'a signed in user should not be able to edit his password with invalid confirmation' do
+    sign_in_as_user
+    get edit_user_registration_path
+
+    fill_in 'password', :with => 'pas123'
+    fill_in 'password confirmation', :with => ''
+    fill_in 'current password', :with => '123456'
+    click_button 'Update'
+
+    assert_contain "Password doesn't match confirmation"
+    assert_not User.first.valid_password?('pas123')
+  end
+
+  test 'a signed in user should be able to cancel his account' do
+    sign_in_as_user
+    get edit_user_registration_path
+
+    click_link "Cancel my account", :method => :delete
+    assert_contain "Bye! Your account was successfully cancelled. We hope to see you again soon."
+
+    assert User.all.empty?
+  end
+
+  test 'a user should be able to cancel sign up by deleting data in the session' do
+    get "/set"
+    assert_equal "something", @request.session["devise.foo_bar"]
+
+    get "/users/sign_up"
+    assert_equal "something", @request.session["devise.foo_bar"]
+
+    get "/users/cancel"
+    assert_nil @request.session["devise.foo_bar"]
+    assert_redirected_to new_user_registration_path
+  end
+end