devise 0.1.0

data/test/controllers/filters_test.rb

@@ -0,0 +1,97 @@
+require 'test/test_helper'
+require 'ostruct'
+
+class MockController < ApplicationController
+  attr_accessor :env
+
+  def request
+    self
+  end
+
+  def path
+    ''
+  end
+end
+
+class ControllerAuthenticableTest < ActionController::TestCase
+
+  def setup
+    @controller = MockController.new
+    @mock_warden = OpenStruct.new
+    @controller.env = { 'warden' => @mock_warden }
+  end
+
+  test 'setup warden' do
+    assert_not_nil @controller.warden
+  end
+
+  test 'provide access to warden instance' do
+    assert_equal @controller.warden, @controller.env['warden']
+  end
+
+  test 'run authenticate? with scope on warden' do
+    @mock_warden.expects(:authenticated?).with(:my_scope)
+    @controller.signed_in?(:my_scope)
+  end
+
+  test 'proxy signed_in? to authenticated' do
+    @mock_warden.expects(:authenticated?).with(:my_scope)
+    @controller.signed_in?(:my_scope)
+  end
+
+  test 'run user with scope on warden' do
+    @mock_warden.expects(:user).with(:admin).returns(true)
+    @controller.current_admin
+
+    @mock_warden.expects(:user).with(:user).returns(true)
+    @controller.current_user
+  end
+
+  test 'proxy logout to warden' do
+    @mock_warden.expects(:user).with(:user).returns(true)
+    @mock_warden.expects(:logout).with(:user).returns(true)
+    @controller.sign_out(:user)
+  end
+
+  test 'proxy user_authenticate! to authenticate with user scope' do
+    @mock_warden.expects(:authenticate!).with(:scope => :user)
+    @controller.authenticate_user!
+  end
+
+  test 'proxy admin_authenticate! to authenticate with admin scope' do
+    @mock_warden.expects(:authenticate!).with(:scope => :admin)
+    @controller.authenticate_admin!
+  end
+
+  test 'proxy user_authenticated? to authenticate with user scope' do
+    @mock_warden.expects(:authenticated?).with(:user)
+    @controller.user_signed_in?
+  end
+
+  test 'proxy admin_authenticated? to authenticate with admin scope' do
+    @mock_warden.expects(:authenticated?).with(:admin)
+    @controller.admin_signed_in?
+  end
+
+  test 'proxy user_session to session scope in warden' do
+    @mock_warden.expects(:session).with(:user).returns({})
+    @controller.user_session
+  end
+
+  test 'proxy admin_session to session scope in warden' do
+    @mock_warden.expects(:session).with(:admin).returns({})
+    @controller.admin_session
+  end
+
+  test 'require no authentication tests current mapping' do
+    @controller.expects(:resource_name).returns(:user)
+    @mock_warden.expects(:authenticated?).with(:user).returns(true)
+    @controller.expects(:redirect_to).with(root_path)
+    @controller.send :require_no_authentication
+  end
+
+  test 'sign in automatically proxy to set user on warden' do
+    @mock_warden.expects(:set_user).with(user = mock, :scope => :user).returns(true)
+    @controller.sign_in(:user, user)
+  end
+end

data/test/controllers/helpers_test.rb

@@ -0,0 +1,40 @@
+require 'test/test_helper'
+
+class HelpersTest < ActionController::TestCase
+  tests ApplicationController
+
+  test 'get resource name from request path' do
+    @request.path = '/users/session'
+    assert_equal :user, @controller.resource_name
+  end
+
+  test 'get resource name from specific request path' do
+    @request.path = '/admin_area/session'
+    assert_equal :admin, @controller.resource_name
+  end
+
+  test 'get resource class from request path' do
+    @request.path = '/users/session'
+    assert_equal User, @controller.resource_class
+  end
+
+  test 'get resource instance variable from request path' do
+    @request.path = '/admin_area/session'
+    @controller.instance_variable_set(:@admin, admin = Admin.new)
+    assert_equal admin, @controller.resource
+  end
+
+  test 'set resource instance variable from request path' do
+    @request.path = '/admin_area/session'
+
+    admin = @controller.send(:resource_class).new
+    @controller.send(:resource=, admin)
+
+    assert_equal admin, @controller.send(:resource)
+    assert_equal admin, @controller.instance_variable_get(:@admin)
+  end
+
+  test 'resources methods are not controller actions' do
+    assert @controller.class.action_methods.empty?
+  end
+end

data/test/controllers/url_helpers_test.rb

@@ -0,0 +1,47 @@
+require 'test/test_helper'
+
+class RoutesTest < ActionController::TestCase
+  tests ApplicationController
+
+  def test_path_and_url(name, prepend_path=nil)
+    @request.path = '/users/session'
+    prepend_path = "#{prepend_path}_" if prepend_path
+
+    # Resource param
+    assert_equal @controller.send(:"#{prepend_path}#{name}_path", :user),
+                 send(:"#{prepend_path}user_#{name}_path")
+    assert_equal @controller.send(:"#{prepend_path}#{name}_url", :user),
+                 send(:"#{prepend_path}user_#{name}_url")
+
+    # Default url params
+    assert_equal @controller.send(:"#{prepend_path}#{name}_path", :user, :param => 123),
+                 send(:"#{prepend_path}user_#{name}_path", :param => 123)
+    assert_equal @controller.send(:"#{prepend_path}#{name}_url", :user, :param => 123),
+                 send(:"#{prepend_path}user_#{name}_url", :param => 123)
+
+    @request.path = nil
+    # With an AR object
+    assert_equal @controller.send(:"#{prepend_path}#{name}_path", User.new),
+                 send(:"#{prepend_path}user_#{name}_path")
+    assert_equal @controller.send(:"#{prepend_path}#{name}_url", User.new),
+                 send(:"#{prepend_path}user_#{name}_url")
+  end
+
+
+  test 'should alias session to mapped user session' do
+    test_path_and_url :session
+    test_path_and_url :session, :new
+    test_path_and_url :session, :destroy
+  end
+
+  test 'should alias password to mapped user password' do
+    test_path_and_url :password
+    test_path_and_url :password, :new
+    test_path_and_url :password, :edit
+  end
+
+  test 'should alias confirmation to mapped user confirmation' do
+    test_path_and_url :confirmation
+    test_path_and_url :confirmation, :new
+  end
+end

data/test/integration/authenticable_test.rb

@@ -0,0 +1,191 @@
+require 'test/test_helper'
+
+class AuthenticationTest < ActionController::IntegrationTest
+
+  test 'home should be accessible without signed in' do
+    visit '/'
+    assert_response :success
+    assert_template 'home/index'
+  end
+
+  test 'sign in as user should not authenticate admin scope' do
+    sign_in_as_user
+
+    assert warden.authenticated?(:user)
+    assert_not warden.authenticated?(:admin)
+  end
+
+  test 'sign in as admin should not authenticate user scope' do
+    sign_in_as_admin
+
+    assert warden.authenticated?(:admin)
+    assert_not warden.authenticated?(:user)
+  end
+
+  test 'sign in as both user and admin at same time' do
+    sign_in_as_user
+    sign_in_as_admin
+
+    assert warden.authenticated?(:user)
+    assert warden.authenticated?(:admin)
+  end
+
+  test 'sign out as user should not touch admin authentication' do
+    sign_in_as_user
+    sign_in_as_admin
+
+    get destroy_user_session_path
+    assert_not warden.authenticated?(:user)
+    assert warden.authenticated?(:admin)
+  end
+
+  test 'sign out as admin should not touch user authentication' do
+    sign_in_as_user
+    sign_in_as_admin
+
+    get destroy_admin_session_path
+    assert_not warden.authenticated?(:admin)
+    assert warden.authenticated?(:user)
+  end
+
+  test 'not signed in as admin should not be able to access admins actions' do
+    get admins_path
+
+    assert_redirected_to new_admin_session_path(:unauthenticated => true)
+    assert_not warden.authenticated?(:admin)
+  end
+
+  test 'signed in as user should not be able to access admins actions' do
+    sign_in_as_user
+    assert warden.authenticated?(:user)
+    assert_not warden.authenticated?(:admin)
+
+    get admins_path
+    assert_redirected_to new_admin_session_path(:unauthenticated => true)
+  end
+
+  test 'signed in as admin should be able to access admin actions' do
+    sign_in_as_admin
+    assert warden.authenticated?(:admin)
+    assert_not warden.authenticated?(:user)
+
+    get admins_path
+
+    assert_response :success
+    assert_template 'admins/index'
+    assert_contain 'Welcome Admin'
+  end
+
+  test 'admin signing in with invalid email should return to sign in form with error message' do
+    sign_in_as_admin do
+      fill_in 'email', :with => 'wrongemail@test.com'
+    end
+
+    assert_response :success
+    assert_template 'sessions/new'
+    assert_contain 'Invalid email or password'
+    assert_not warden.authenticated?(:admin)
+  end
+
+  test 'admin signing in with invalid pasword should return to sign in form with error message' do
+    sign_in_as_admin do
+      fill_in 'password', :with => 'abcdef'
+    end
+
+    assert_response :success
+    assert_template 'sessions/new'
+    assert_contain 'Invalid email or password'
+    assert_not warden.authenticated?(:admin)
+  end
+
+  test 'error message is configurable by resource name' do
+    begin
+      I18n.backend.store_translations(:en, :devise => { :sessions =>
+        { :admin => { :unauthenticated => "Invalid credentials" } } })
+
+      sign_in_as_admin do
+        fill_in 'password', :with => 'abcdef'
+      end
+
+      assert_contain 'Invalid credentials'
+    ensure
+      I18n.reload!
+    end
+  end
+
+  test 'authenticated admin should not be able to sign as admin again' do
+    sign_in_as_admin
+    get new_admin_session_path
+
+    assert_response :redirect
+    assert_redirected_to root_path
+    assert warden.authenticated?(:admin)
+  end
+
+  test 'authenticated admin should be able to sign out' do
+    sign_in_as_admin
+    assert warden.authenticated?(:admin)
+
+    get destroy_admin_session_path
+    assert_response :redirect
+    assert_redirected_to root_path
+
+    get root_path
+    assert_contain 'Signed out successfully'
+    assert_not warden.authenticated?(:admin)
+  end
+
+  test 'unauthenticated admin does not set message on sign out' do
+    get destroy_admin_session_path
+    assert_response :redirect
+    assert_redirected_to root_path
+
+    get root_path
+    assert_not_contain 'Signed out successfully'
+  end
+
+  test 'redirect from warden shows error message' do
+    get admins_path
+
+    warden_path = new_admin_session_path(:unauthenticated => true)
+    assert_redirected_to warden_path
+
+    get warden_path
+    assert_contain 'Invalid email or password.'
+  end
+
+  test 'render 404 on roles without permission' do
+    get 'admin_area/password/new'
+    assert_response :not_found
+    assert_not_contain 'Send me reset password instructions'
+  end
+
+  test 'return to default url if no other was requested' do
+    sign_in_as_user
+
+    assert_template 'home/index'
+    assert_nil session[:return_to]
+  end
+
+  test 'return to given url after sign in' do
+    get users_path
+    assert_redirected_to new_user_session_path(:unauthenticated => true)
+    assert_equal users_path, session[:"user.return_to"]
+    follow_redirect!
+
+    sign_in_as_user :visit => false
+    assert_template 'users/index'
+    assert_nil session[:"user.return_to"]
+  end
+
+  test 'return to configured home path after sign in' do
+    sign_in_as_admin
+    assert_equal "/admin_area/home", @request.path
+  end
+
+  test 'allows session to be set by a given scope' do
+    sign_in_as_user
+    visit 'users/index'
+    assert_equal "Cart", @controller.user_session[:cart]
+  end
+end

data/test/integration/confirmable_test.rb

@@ -0,0 +1,60 @@
+require 'test/test_helper'
+
+class ConfirmationTest < ActionController::IntegrationTest
+
+  def visit_user_confirmation_with_token(confirmation_token)
+    visit user_confirmation_path(:confirmation_token => confirmation_token)
+  end
+
+  test 'user should be able to request a new confirmation' do
+    user = create_user(:confirm => false)
+    ActionMailer::Base.deliveries.clear
+
+    visit new_user_session_path
+    click_link 'Didn\'t receive confirmation instructions?'
+
+    fill_in 'email', :with => user.email
+    click_button 'Resend confirmation instructions'
+
+    assert_template 'sessions/new'
+    assert_contain 'You will receive an email with instructions about how to confirm your account in a few minutes'
+    assert_equal 1, ActionMailer::Base.deliveries.size
+  end
+
+  test 'user with invalid confirmation token should not be able to confirm an account' do
+    visit_user_confirmation_with_token('invalid_confirmation')
+
+    assert_response :success
+    assert_template 'confirmations/new'
+    assert_have_selector '#errorExplanation'
+    assert_contain 'Confirmation token is invalid'
+  end
+
+  test 'user with valid confirmation token should be able to confirm an account' do
+    user = create_user(:confirm => false)
+    assert_not user.confirmed?
+
+    visit_user_confirmation_with_token(user.confirmation_token)
+
+    assert_template 'home/index'
+    assert_contain 'Your account was successfully confirmed.'
+
+    assert user.reload.confirmed?
+  end
+
+  test 'user already confirmed user should not be able to confirm the account again' do
+    user = create_user
+    visit_user_confirmation_with_token(user.confirmation_token)
+
+    assert_template 'confirmations/new'
+    assert_have_selector '#errorExplanation'
+    assert_contain 'already confirmed'
+  end
+
+  test 'sign in user automatically after confirming it\'s email' do
+    user = create_user(:confirm => false)
+    visit_user_confirmation_with_token(user.confirmation_token)
+
+    assert warden.authenticated?(:user)
+  end
+end

data/test/integration/recoverable_test.rb

@@ -0,0 +1,131 @@
+require 'test/test_helper'
+
+class PasswordTest < ActionController::IntegrationTest
+
+  def visit_new_password_path
+    visit new_user_session_path
+    click_link 'Forgot password?'
+  end
+
+  def request_forgot_password(&block)
+    visit_new_password_path
+
+    assert_response :success
+    assert_template 'passwords/new'
+    assert_not warden.authenticated?(:user)
+
+    fill_in 'email', :with => 'user@test.com'
+    yield if block_given?
+    click_button 'Send me reset password instructions'
+  end
+
+  def reset_password(options={}, &block)
+    unless options[:visit] == false
+      visit edit_user_password_path(:reset_password_token => options[:reset_password_token])
+    end
+    assert_response :success
+    assert_template 'passwords/edit'
+
+    fill_in 'Password', :with => '987654321'
+    fill_in 'Password confirmation', :with => '987654321'
+    yield if block_given?
+    click_button 'Change my password'
+  end
+
+  test 'authenticated user should not be able to visit forgot password page' do
+    sign_in_as_user
+    assert warden.authenticated?(:user)
+
+    get new_user_password_path
+
+    assert_response :redirect
+    assert_redirected_to root_path
+  end
+
+  test 'not authenticated user should be able to request a forgot password' do
+    create_user
+    request_forgot_password
+
+    assert_template 'sessions/new'
+    assert_contain 'You will receive an email with instructions about how to reset your password in a few minutes.'
+  end
+
+  test 'not authenticated user with invalid email should receive an error message' do
+    request_forgot_password do
+      fill_in 'email', :with => 'invalid.test@test.com'
+    end
+
+    assert_response :success
+    assert_template 'passwords/new'
+    assert_have_selector 'input[type=text][value=\'invalid.test@test.com\']'
+    assert_contain 'Email not found'
+  end
+
+  test 'authenticated user should not be able to visit edit password page' do
+    sign_in_as_user
+
+    get edit_user_password_path
+
+    assert_response :redirect
+    assert_redirected_to root_path
+    assert warden.authenticated?(:user)
+  end
+
+  test 'not authenticated user with invalid reset password token should not be able to change his password' do
+    user = create_user
+    reset_password :reset_password_token => 'invalid_reset_password'
+
+    assert_response :success
+    assert_template 'passwords/edit'
+    assert_have_selector '#errorExplanation'
+    assert_contain 'Reset password token is invalid'
+    assert_not user.reload.valid_password?('987654321')
+  end
+
+  test 'not authenticated user with valid reset password token but invalid password should not be able to change his password' do
+    user = create_user
+    request_forgot_password
+    reset_password :reset_password_token => user.reload.reset_password_token do
+      fill_in 'Password confirmation', :with => 'other_password'
+    end
+
+    assert_response :success
+    assert_template 'passwords/edit'
+    assert_have_selector '#errorExplanation'
+    assert_contain 'Password doesn\'t match confirmation'
+    assert_not user.reload.valid_password?('987654321')
+  end
+
+  test 'not authenticated user with valid data should be able to change his password' do
+    user = create_user
+    request_forgot_password
+    reset_password :reset_password_token => user.reload.reset_password_token
+
+    assert_template 'home/index'
+    assert_contain 'Your password was changed successfully.'
+    assert user.reload.valid_password?('987654321')
+  end
+
+  test 'after entering invalid data user should still be able to change his password' do
+    user = create_user
+    request_forgot_password
+    reset_password :reset_password_token => user.reload.reset_password_token do
+      fill_in 'Password confirmation', :with => 'other_password'
+    end
+    assert_response :success
+    assert_have_selector '#errorExplanation'
+    assert_not user.reload.valid_password?('987654321')
+
+    reset_password :reset_password_token => user.reload.reset_password_token, :visit => false
+    assert_contain 'Your password was changed successfully.'
+    assert user.reload.valid_password?('987654321')
+  end
+
+  test 'sign in user automatically after changing it\'s password' do
+    user = create_user
+    request_forgot_password
+    reset_password :reset_password_token => user.reload.reset_password_token
+
+    assert warden.authenticated?(:user)
+  end
+end