double_auth_engine 0.0.4 → 0.0.5

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    double_auth_engine (0.0.3)
+    double_auth_engine (0.0.4)
       declarative_authorization
       friendly_id
       kb-authlogic
@@ -37,7 +37,7 @@ GEM
       activesupport (= 3.0.5)
     activesupport (3.0.5)
     arel (2.0.9)
-    babosa (0.3.3)
+    babosa (0.3.4)
     builder (2.1.2)
     capybara (0.4.1.2)
       celerity (>= 0.7.9)

data/README.md

@@ -46,6 +46,7 @@ A <del>strike</del> means its done!
 
 * <del>Add Authlogic</del>
 * <del>Add Password Reset</del>
+* <del>Change Password</del>
 * <del>Update generator with ActionMailer monkey patch</del>
 * <del>Update install generator to add include to ApplicationController</del>
 * <del>Update README for mailer settings</del>

data/app/views/user_sessions/new.html.erb

@@ -6,8 +6,8 @@
 </head>
 <body>
 <%= form_for @user_session do |f| %>
-  <%= f.label :login, "Login or Email" %>
-  <%= f.text_field :login %>
+  <%= f.label :email, "Email" %>
+  <%= f.text_field :email %>
   <%= f.label :password, "Password" %>
   <%= f.password_field :password %>
   <%= link_to 'Forgot Password?', forgot_password_path %>

data/app/views/users/change_password.html.erb

@@ -0,0 +1,10 @@
+<%= form_tag update_password_user_path(@user), :method => :put do %>
+  <%= label_tag :current_password, "Current Password:", :class => "required-field" %>
+  <%= password_field_tag :current_password %>
+  <%= label_tag :password, "New Password:", :class => "required-field" %>
+  <%= password_field_tag :password %>
+  <%= label_tag :password_confirmation, "Confirm New Password:", :class => "required-field" %>
+  <%= password_field_tag :password_confirmation %>
+  <%= submit_tag "Save" %>
+  <%= link_to "Cancel", user_path(@user) %>
+<% end %>

data/app/views/users/new.html.erb

@@ -8,8 +8,6 @@
 <%= form_for @user do |f| %>
   <%= f.label :name, "Name" %>
   <%= f.text_field :name %>
-  <%= f.label :login, "Login" %>
-  <%= f.text_field :login %>
   <%= f.label :email, "Email" %>
   <%= f.text_field :email %>
   <%= f.label :password, "Password" %>

data/config/routes.rb

@@ -3,7 +3,12 @@ Rails.application.routes.draw do
   match 'login', :to => 'user_sessions#new'
   match 'logout', :to => 'user_sessions#destroy'
 
-  resources :users
+  resources :users do
+    member do
+      get "change_password"
+      put "update_password"
+    end
+  end
   resources :user_sessions
 
   match '/forgot_password', :controller => 'password_resets', :action => 'new'

data/lib/double_auth_engine/controllers/users_controller_mixin.rb

@@ -3,7 +3,7 @@ module DoubleAuthEngine
     def self.included(base)
       base.class_eval do
         skip_before_filter :require_user, :only => [:new, :create]
-        filter_access_to [:edit, :update], :attribute_check => true
+        filter_access_to [:edit, :update, :change_password, :update_password], :attribute_check => true
         respond_to :html, :json, :js
       end
       base.send :include, InstanceMethods
@@ -60,6 +60,24 @@ module DoubleAuthEngine
           format.xml { head :ok }
         end
       end
+      
+      def update_password
+        @user = User.find(params[:id])
+        if @user.valid_password? params[:current_password]
+          @user.password              = params[:password]
+          @user.password_confirmation = params[:password_confirmation]
+          if @user.save
+            flash[:notice] = "Your password has been updated"
+            redirect_to user_path(@user)
+          else
+            flash[:error] = @user.errors.full_messages.first
+            render :action => "change_password"
+          end
+        else
+          flash[:error] = "Your Current Password Does not Match"
+          render :action => "change_password"
+        end
+      end
     end
   end
 end

data/lib/double_auth_engine/generators/double_auth_engine/templates/authorization_rules.rb

@@ -1,6 +1,7 @@
 authorization do
   role :guest do
-    has_permission_on :users, :to => [:modify, :destroy] do
+    has_permission_on :users, :to => [:add, :read]
+    has_permission_on :users, :to => [:modify, :destroy, :change_password, :update_password] do
       if_attribute :id => is { user.id }
     end
   end
@@ -16,4 +17,4 @@ privileges do
   privilege :modify, :includes => [:edit, :update]
   privilege :read, :includes => [:index, :show]
   privilege :write, :includes => [:add, :modify]
-end
+end

data/lib/double_auth_engine/version.rb

@@ -1,3 +1,3 @@
 module DoubleAuthEngine
-  VERSION = "0.0.4"
+  VERSION = "0.0.5"
 end

data/spec/dummy/config/authorization_rules.rb

@@ -1,7 +1,7 @@
 authorization do
   role :guest do
     has_permission_on :users, :to => [:add, :read]
-    has_permission_on :users, :to => [:modify, :destroy] do
+    has_permission_on :users, :to => [:modify, :destroy, :change_password, :update_password] do
       if_attribute :id => is { user.id }
     end
   end

data/spec/dummy/spec/authorizations/user_spec.rb

@@ -47,6 +47,7 @@ describe "User Authorizations" do
                                 :password_confirmation => "testing",
                                 :email => Faker::Internet.email)
       end
+      
       it "to access the 'edit' action for another user" do
         should_not_be_allowed_to(:edit, @alt_user)
       end
@@ -58,6 +59,14 @@ describe "User Authorizations" do
       it "to access the 'destroy' action for another user" do
         should_not_be_allowed_to(:update, @alt_user)
       end
+      
+      it "to access the 'change_password' action for another user" do
+        should_not_be_allowed_to(:change_password, @alt_user)
+      end
+
+      it "to access the 'update_password' action for another user" do
+        should_not_be_allowed_to(:update_password, @alt_user)
+      end
     end
   end
 

data/spec/dummy/spec/controllers/users_controller_spec.rb

@@ -122,4 +122,26 @@ describe UsersController do
       assigns[:users].should_not be_nil
     end
   end
+  
+  describe "PUT 'update_password'" do    
+    it "should render the change_password template if the current password does not match the supplied current password" do
+      controller.current_user.stub(:valid_password?).and_return(false)
+      put :update_password, :id => controller.current_user.id
+      response.should render_template("change_password")
+    end
+
+    it "should render the change_password template if the new password does not match the password_confirmation" do
+      controller.current_user.stub(:valid_password?).and_return(true)
+      controller.current_user.stub(:save).and_return(false)
+      put :update_password, :id => controller.current_user.id
+      response.should render_template("change_password")
+    end
+
+    it "should redirect to the user profile page if the password change is successful" do
+      controller.current_user.stub(:valid_password?).and_return(true)
+      controller.current_user.stub(:save).and_return(true)
+      put :update_password, :id => controller.current_user.id
+      response.status.should == 200
+    end
+  end
 end

metadata

@@ -2,7 +2,7 @@
 name: double_auth_engine
 version: !ruby/object:Gem::Version 
   prerelease: 
-  version: 0.0.4
+  version: 0.0.5
 platform: ruby
 authors: 
 - Kyle Bolton
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-05-05 00:00:00 -04:00
+date: 2011-05-11 00:00:00 -04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -74,6 +74,7 @@ files:
 - app/views/password_resets/edit.html.erb
 - app/views/password_resets/new.html.erb
 - app/views/user_sessions/new.html.erb
+- app/views/users/change_password.html.erb
 - app/views/users/edit.html.erb
 - app/views/users/index.html.erb
 - app/views/users/new.html.erb