devise_invitable 1.1.8 → 1.2.1

data/README.rdoc

@@ -5,6 +5,10 @@ It adds support to devise[http://github.com/plataformatec/devise] for send invit
 
 DeviseInvitable currently only support Rails 3, if you want to use it with Rails 2.3 you must install version {0.2.3}[http://rubygems.org/gems/devise_invitable/versions/0.2.3]
 
+If you want to use Rails 4 or devise 3, you must use git:
+
+  gem 'devise_invitable', :github => 'scambra/devise_invitable'
+
 == Installation
 
 Install DeviseInvitable gem, it will also install dependencies (such as devise and warden):
@@ -46,6 +50,7 @@ Add t.invitable to your Devise model migration:
     ...
       ## Invitable
       t.string   :invitation_token, :limit => 60
+      t.datetime :invitation_created_at
       t.datetime :invitation_sent_at
       t.datetime :invitation_accepted_at
       t.integer  :invitation_limit
@@ -59,6 +64,7 @@ or for a model that already exists, define a migration to add DeviseInvitable to
 
   change_table :users do |t|
       t.string   :invitation_token, :limit => 60
+      t.datetime :invitation_created_at
       t.datetime :invitation_sent_at
       t.datetime :invitation_accepted_at
       t.integer  :invitation_limit
@@ -76,6 +82,7 @@ or for a model that already exists, define a migration to add DeviseInvitable to
 If you are using Mongoid, define the following fields and indexes within your invitable model:
 
   field :invitation_token, type: String
+  field :invitation_created_at, type: Time
   field :invitation_sent_at, type: Time
   field :invitation_accepted_at, type: Time
   field :invitation_limit, type: Integer
@@ -129,6 +136,10 @@ You can also use the generator to generate scoped views:
 
   rails generate devise_invitable:views users
 
+Then turn scoped views on in config/initializers/devise.rb:
+
+  config.scoped_views = true
+
 Please refer to {Devise's README}[http://github.com/plataformatec/devise] for more information about views.
 
 == Configuring controllers
@@ -173,8 +184,7 @@ When skip_invitation is used, you must also then set the invitation_sent_at fiel
 token. Failure to do so will yield "Invalid invitation token" errors when the user attempts to accept the invite.
 You can set it like so:
 
-  user.invitation_sent_at = Time.now.utc
-  user.save!
+  user.deliver_invitation
 
 You can add :skip_invitation to attributes hash if skip_invitation is added to attr_accessible.
 

data/app/controllers/devise/invitations_controller.rb

@@ -8,16 +8,16 @@ class Devise::InvitationsController < DeviseController
 
   # GET /resource/invitation/new
   def new
-    build_resource
+    self.resource = resource_class.new
     render :new
   end
 
   # POST /resource/invitation
   def create
-    self.resource = resource_class.invite!(resource_params, current_inviter)
+    self.resource = resource_class.invite!(invite_params, current_inviter)
 
     if resource.errors.empty?
-      set_flash_message :notice, :send_instructions, :email => self.resource.email
+      set_flash_message :notice, :send_instructions, :email => self.resource.email if self.resource.invitation_sent_at
       respond_with resource, :location => after_invite_path_for(resource)
     else
       respond_with_navigational(resource) { render :new }
@@ -31,7 +31,7 @@ class Devise::InvitationsController < DeviseController
 
   # PUT /resource/invitation
   def update
-    self.resource = resource_class.accept_invitation!(resource_params)
+    self.resource = resource_class.accept_invitation!(update_resource_params)
 
     if resource.errors.empty?
       flash_message = resource.active_for_authentication? ? :updated : :updated_not_active                                                                                        
@@ -57,7 +57,7 @@ class Devise::InvitationsController < DeviseController
 
   def has_invitations_left?
     unless current_inviter.nil? || current_inviter.has_invitations_left?
-      build_resource
+      self.resource = resource_class.new
       set_flash_message :alert, :no_invitations_remaining
       respond_with_navigational(resource) { render :new }
     end
@@ -69,6 +69,14 @@ class Devise::InvitationsController < DeviseController
       redirect_to after_sign_out_path_for(resource_name)
     end
   end
+
+  def invite_params
+    devise_parameter_sanitizer.for(:invite)
+  end
+
+  def update_resource_params
+    devise_parameter_sanitizer.for(:accept_invitation)
+  end
   
 end
 

data/app/controllers/devise_invitable/registrations_controller.rb

@@ -1,8 +1,8 @@
 class DeviseInvitable::RegistrationsController < Devise::RegistrationsController
   protected
 
-  def build_resource(*args)
-    hash = args.pop || resource_params || {}
+  def build_resource(hash = nil)
+    hash ||= resource_params || {}
     if hash[:email]
       self.resource = resource_class.where(:email => hash[:email], :encrypted_password => '').first
       if self.resource

data/lib/devise_invitable.rb

@@ -2,6 +2,7 @@ module DeviseInvitable
   autoload :Inviter, 'devise_invitable/inviter'
   autoload :Mailer, 'devise_invitable/mailer'
   autoload :Mapping, 'devise_invitable/mapping'
+  autoload :ParameterSanitizer, 'devise_invitable/parameter_sanitizer'
   module Controllers
     autoload :UrlHelpers, 'devise_invitable/controllers/url_helpers'
     autoload :Registrations, 'devise_invitable/controllers/registrations'

data/lib/devise_invitable/model.rb

@@ -42,7 +42,7 @@ module Devise
         attr_writer :skip_password
 
         scope :active, lambda { where(:invitation_token => nil) }
-        if defined?(Mongoid) && self < Mongoid::Document
+        if defined?(Mongoid) && defined?(Mongoid::Document) && self < Mongoid::Document
           scope :invitation_not_accepted, lambda { where(:invitation_accepted_at => nil, :invitation_token.ne => nil) }
           scope :invitation_accepted, lambda { where(:invitation_accepted_at.ne => nil) }
         else
@@ -50,15 +50,13 @@ module Devise
           scope :invitation_accepted, lambda { where(arel_table[:invitation_accepted_at].not_eq(nil)) }
 
           [:before_invitation_accepted, :after_invitation_accepted].each do |callback_method|
-            send callback_method do
-              notify_observers callback_method
-            end
+            send callback_method
           end
         end
       end
 
       def self.required_fields(klass)
-        fields = [:invitation_token, :invitation_sent_at, :invitation_accepted_at,
+        fields = [:invitation_token, :invitation_created_at, :invitation_sent_at, :invitation_accepted_at,
          :invitation_limit, :invited_by_id, :invited_by_type]
         if Devise.invited_by_class_name
           fields -= [:invited_by_type]
@@ -67,7 +65,7 @@ module Devise
       end
 
       def invitation_fields
-        fields = [:invitation_sent_at, :invited_by_id, :invited_by_type]
+        fields = [:invitation_created_at, :invitation_sent_at, :invited_by_id, :invited_by_type]
         if Devise.invited_by_class_name
           fields -= [:invited_by_type]
         end
@@ -129,7 +127,8 @@ module Devise
         end
 
         generate_invitation_token if self.invitation_token.nil?
-        self.invitation_sent_at = Time.now.utc unless @skip_invitation
+        self.invitation_created_at = Time.now.utc
+        self.invitation_sent_at = self.invitation_created_at unless @skip_invitation
         self.invited_by = invited_by if invited_by
 
         # Call these before_validate methods since we aren't validating on save
@@ -178,6 +177,7 @@ module Devise
 
         # Deliver the invitation email
         def deliver_invitation
+          self.update_attribute :invitation_sent_at, Time.now.utc unless self.invitation_sent_at
           send_devise_notification(:invitation_instructions)
         end
 
@@ -201,7 +201,8 @@ module Devise
         #   invitation_period_valid?   # will always return true
         #
         def invitation_period_valid?
-          invitation_sent_at && (self.class.invite_for.to_i.zero? || invitation_sent_at.utc >= self.class.invite_for.ago)
+          time = invitation_created_at || invitation_sent_at
+          time && (self.class.invite_for.to_i.zero? || time.utc >= self.class.invite_for.ago)
         end
 
         # Generates a new random token for invitation, and stores the time
@@ -221,12 +222,13 @@ module Devise
           end
         end
 
-        # Attempt to find a user by it's email. If a record is not found, create a new
-        # user and send invitation to it. If user is found, returns the user with an
-        # email already exists error.
-        # If user is found and still have pending invitation, email is resend unless
-        # resend_invitation is set to false
-        # Attributes must contain the user email, other attributes will be set in the record
+        # Attempt to find a user by its email. If a record is not found,
+        # create a new user and send an invitation to it. If the user is found,
+        # return the user with an email already exists error.
+        # If the user is found and still has a pending invitation, invitation
+        # email is resent unless resend_invitation is set to false.
+        # Attributes must contain the user's email, other attributes will be
+        # set in the record
         def _invite(attributes={}, invited_by=nil, &block)
           invite_key_array = invite_key_fields
           attributes_hash = {}
@@ -235,7 +237,7 @@ module Devise
           end
 
           invitable = find_or_initialize_with_errors(invite_key_array, attributes_hash)
-          invitable.assign_attributes(attributes, :as => inviter_role(invited_by))
+          invitable.assign_attributes(attributes)
           invitable.invited_by = invited_by
 
           invitable.skip_password = true
@@ -255,12 +257,6 @@ module Devise
           [invitable, mail]
         end
 
-        # Override this method if the invitable is using Mass Assignment Security
-        # and the inviter has a non-default role.
-        def inviter_role(inviter)
-          :default
-        end
-
         def invite!(attributes={}, invited_by=nil, &block)
           invitable, mail = _invite(attributes, invited_by, &block)
           invitable
@@ -280,7 +276,7 @@ module Devise
           invitable = find_or_initialize_with_error_by(:invitation_token, attributes.delete(:invitation_token))
           invitable.errors.add(:invitation_token, :invalid) if invitable.invitation_token && invitable.persisted? && !invitable.valid_invitation?
           if invitable.errors.empty?
-            invitable.assign_attributes(attributes, :as => inviter_role(self))
+            invitable.assign_attributes(attributes)
             invitable.accept_invitation!
           end
           invitable

data/lib/devise_invitable/parameter_sanitizer.rb

@@ -0,0 +1,11 @@
+module DeviseInvitable
+  module ParameterSanitizer
+    def invite
+      default_params.permit(resource_class.invite_key_fields)
+    end
+
+    def accept_invitation
+      default_params.permit([:password, :password_confirmation, :invitation_token])
+    end
+  end
+end

data/lib/devise_invitable/rails.rb

@@ -17,6 +17,7 @@ module DeviseInvitable
     # extend mapping with after_initialize becuase is not reloaded
     config.after_initialize do
       Devise::Mapping.send :include, DeviseInvitable::Mapping
+      Devise::ParameterSanitizer.send :include, DeviseInvitable::ParameterSanitizer
     end
   end
 end

data/lib/devise_invitable/version.rb

@@ -1,3 +1,3 @@
 module DeviseInvitable
-  VERSION = '1.1.8'
+  VERSION = '1.2.1'
 end

data/lib/generators/active_record/templates/migration.rb

@@ -1,7 +1,8 @@
 class DeviseInvitableAddTo<%= table_name.camelize %> < ActiveRecord::Migration
   def up
     change_table :<%= table_name %> do |t|
-      t.string     :invitation_token, :limit => 60
+      t.string     :invitation_token
+      t.datetime   :invitation_created_at
       t.datetime   :invitation_sent_at
       t.datetime   :invitation_accepted_at
       t.integer    :invitation_limit

data/test/functional/controller_helpers_test.rb

@@ -0,0 +1,39 @@
+require 'test_helper'
+
+class ControllerHelpersTest < ActionController::TestCase
+  tests ApplicationController
+
+  test "after invite path defaults to after sign in path" do
+    assert_equal @controller.after_sign_in_path_for(:user), @controller.after_invite_path_for(:user)
+  end
+  
+  test "after accept path defaults to after sign in path" do
+    assert_equal @controller.after_sign_in_path_for(:user), @controller.after_accept_path_for(:user)
+  end
+  
+  test 'after invite path is customizable from application controller' do
+    custom_path = 'customized/after/invite/path'
+    @controller.instance_eval "def after_invite_path_for(resource) '#{custom_path}' end"
+    assert_equal @controller.after_invite_path_for(:user), custom_path
+  end
+  
+  test 'after accept path is customizable from application controller' do
+    custom_path = 'customized/after/accept/path'
+    @controller.instance_eval "def after_accept_path_for(resource) '#{custom_path}' end"
+    assert_equal @controller.after_accept_path_for(:user), custom_path
+  end
+  
+  test 'is not a devise controller' do
+    assert !@controller.devise_controller?
+  end
+  
+  test 'invitations controller respects definition for after invite path in application controller' do
+    assert Devise::InvitationsController.method_defined? :after_invite_path_for
+    assert !Devise::InvitationsController.instance_methods(false).include?(:after_invite_path_for)
+  end
+  
+  test 'invitations controller respects definition for after accept path in application controller' do
+    assert Devise::InvitationsController.method_defined? :after_accept_path_for
+    assert !Devise::InvitationsController.instance_methods(false).include?(:after_accept_path_for)
+  end
+end

data/test/functional/registrations_controller_test.rb

@@ -0,0 +1,59 @@
+require 'test_helper'
+require 'model_tests_helper'
+
+class DeviseInvitable::RegistrationsControllerTest < ActionController::TestCase
+  def setup
+    @issuer = new_user#users(:issuer)
+    @issuer.valid?
+    assert @issuer.valid?, 'starting with a valid user record'
+
+    # josevalim: you are required to do that because the routes sets this kind
+    # of stuff automatically. But functional tests are not using the routes.
+    # see https://github.com/plataformatec/devise/issues/1196
+    @request.env["devise.mapping"] = Devise.mappings[:user]
+  end
+
+  test "invited users may still sign up directly by themselves" do
+    # invite the invitee
+    sign_in @issuer
+    invitee_email = "invitee@example.org"
+
+    User.invite!(:email => invitee_email) do |u|
+      u.skip_invitation = true
+      u.invited_by = @issuer
+    end
+    sign_out @issuer
+
+    @invitee = User.where(:email => invitee_email).first
+    assert_blank @invitee.encrypted_password, "the password should be unset"
+
+    # sign_up the invitee
+    assert_difference('ActionMailer::Base.deliveries.size') do
+      post :create, :user => {:email => invitee_email, :password => "1password", :bio => '.'}
+    end
+
+    @invitee = User.where(:email => invitee_email).first
+    assert_present @invitee.encrypted_password
+    assert_not_nil @invitee.invitation_accepted_at
+    assert_nil @invitee.invitation_token
+    assert_present @invitee.invited_by_id
+    assert_present @invitee.invited_by_type
+    assert !@invitee.confirmed?
+    assert_present @invitee.confirmation_token
+  end
+
+  test "not invitable resources can register" do
+    @request.env["devise.mapping"] = Devise.mappings[:admin]
+    invitee_email = "invitee@example.org"
+
+    post :create, :admin => {:email => invitee_email, :password => "1password"}
+
+    @invitee = Admin.where(:email => invitee_email).first
+    assert_present @invitee.encrypted_password
+  end
+
+  test "missing params on a create should not cause an error" do
+
+    assert_nothing_raised { post :create }
+  end
+end

data/test/generators/views_generator_test.rb

@@ -0,0 +1,40 @@
+require 'test_helper'
+require 'fileutils'
+require 'rails/generators'
+require File.expand_path('../../lib/generators/devise_invitable/views_generator.rb', File.dirname(__FILE__))
+
+class ViewsGeneratorTest < ::Rails::Generators::TestCase
+  tests DeviseInvitable::Generators::ViewsGenerator
+  destination File.expand_path('../../tmp', File.dirname(__FILE__))
+
+  test 'views get copied' do
+    run_generator
+
+    assert_directory @mailer_path       = 'app/views/devise/mailer'
+    assert_directory @invitations_path  = 'app/views/devise/invitations'
+    assert_files
+  end
+
+  test 'views can be scoped' do
+    run_generator %w(octopussies)
+
+    assert_directory @mailer_path       = 'app/views/octopussies/mailer'
+    assert_directory @invitations_path  = 'app/views/octopussies/invitations'
+    assert_files
+  end
+
+  def teardown
+    FileUtils.rm_r Dir['../../tmp/*']
+  end
+
+  private
+  def assert_files
+    assert views = { @invitations_path => %w/edit.html.erb new.html.erb/, @mailer_path => %w/invitation_instructions.html.erb/ }
+
+    views.each do |path, files|
+      files.each do |file|
+        assert_file File.join path, file
+      end
+    end
+  end
+end

data/test/generators_test.rb

@@ -0,0 +1,34 @@
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..'))
+require 'test_helper'
+require 'rails/generators'
+require 'generators/devise_invitable/devise_invitable_generator'
+
+class GeneratorsTest < ActiveSupport::TestCase
+  RAILS_APP_PATH = File.expand_path("../rails_app", __FILE__)
+
+  test "rails g should include the 6 generators" do
+    @output     = `cd #{RAILS_APP_PATH} && rails g`
+    generators  = %w/devise_invitable devise_invitable:form_for devise_invitable:install devise_invitable:invitation_views devise_invitable:simple_form_for devise_invitable:views/
+
+    generators.each do |generator|
+      @output.include? generator
+    end
+  end
+
+  test "rails g devise_invitable:install" do
+    @output = `cd #{RAILS_APP_PATH} && rails g devise_invitable:install -p`
+    assert @output.match(%r{(inject|insert).+  config/initializers/devise\.rb\n})
+    assert @output.match(%r|create.+  config/locales/devise_invitable\.en\.yml\n|)
+  end
+
+  test "rails g devise_invitable Octopussy" do
+    @output = `cd #{RAILS_APP_PATH} && rails g devise_invitable Octopussy -p`
+    assert @output.match(%r{(inject|insert).+  app/models/octopussy\.rb\n})
+    assert @output.match(%r|invoke.+  #{DEVISE_ORM}\n|)
+    if DEVISE_ORM == :active_record
+      assert @output.match(%r|create.+  db/migrate/\d{14}_devise_invitable_add_to_octopussies\.rb\n|)
+    elsif DEVISE_ORM == :mongoid
+      assert !@output.match(%r|create.+  db/migrate/\d{14}_devise_invitable_add_to_octopussies\.rb\n|)
+    end
+  end
+end