entrance 0.3.2 → 0.3.3

data/examples/sinatra-app/README.md

@@ -7,6 +7,7 @@ To run:
     git clone https://github.com/tomas/entrance
     cd entrance/examples/sinatra-app
     bundle install
+    # (start mongo, eg 'mongodb --dbpath=/var/lib/mongodb')
     bundle exec puma
 
 And ready-o. Then point your browser to localhost:9292 and sign up, then sign in using your credentials.

data/lib/entrance/addons/omniauth.rb

@@ -36,7 +36,7 @@ module Entrance
           end
 
           def password_required?
-            !via_omniauth? && (password.blank? || @password_changed)
+            !via_omniauth? && (password.nil? || @password_changed)
           end
 
         end

data/lib/entrance/ciphers.rb

@@ -14,7 +14,7 @@ module Entrance
       # same logic as restful authentication
       def self.encrypt(password, salt)
         digest = Entrance.config.secret
-        raise "Secret not set!" if digest.blank?
+        raise "Secret not set!" if digest.nil? or digest.strip == ''
 
         Entrance.config.stretches.times do
           str = [digest, salt, password, Entrance.config.secret].join(JOIN_STRING)
@@ -43,4 +43,4 @@ module Entrance
 
   end
 
-end
+end

data/lib/entrance/controller.rb

@@ -130,19 +130,11 @@ module Entrance
     # compat stuff between rails & sinatra
 
     def set_cookie!(name, cookie)
-      if respond_to?(:cookie)
-        cookies[name] = cookie
-      else
-        response.set_cookie(name, cookie)
-      end
+      response.set_cookie(name, cookie)
     end
 
     def delete_cookie!(name)
-      if respond_to?(:cookie)
-        cookies.delete(name)
-      else
-        response.delete_cookie(name)
-      end
+      response.delete_cookie(name)
     end
 
     def return_401
@@ -153,11 +145,6 @@ module Entrance
       end
     end
 
-    def redirect_with(url, type, message)
-      flash[type] = message if respond_to?(:flash)
-      common_redirect(url)
-    end
-
     def set_flash_message
       return unless respond_to?(:flash)
 
@@ -168,6 +155,11 @@ module Entrance
       end
     end
 
+    def redirect_with(url, type, message)
+      flash[type] = message if respond_to?(:flash)
+      common_redirect(url)
+    end
+
     # when redirecting to stored_path
     def common_redirect(url, with_base = false)
       if respond_to?(:redirect)

data/lib/entrance/model.rb

@@ -61,7 +61,7 @@ module Entrance
       end
 
       def authenticate(username, password)
-        return if username.blank? or password.blank?
+        return if [username, password].any? { |v| v.nil? || v.strip == '' }
 
         query = {}
         query[Entrance.config.username_attr] = username.to_s.downcase.strip
@@ -72,7 +72,7 @@ module Entrance
 
       def with_password_reset_token(token)
         Entrance.config.permit!(:reset)
-        return if token.blank?
+        return if token.nil?
 
         query = {}
         query[Entrance.config.reset_token_attr] = token.to_s.strip
@@ -130,14 +130,14 @@ module Entrance
     end
 
     def password=(new_password)
-      return if new_password.blank?
+      return if new_password.nil?
 
       @password = new_password # for validation
       @password_changed = true
 
       # if we're using salt and it is empty, generate one
       if Entrance.config.salt_attr \
-        and send(Entrance.config.salt_attr).blank?
+        and send(Entrance.config.salt_attr).nil?
           self.send(Entrance.config.salt_attr + '=', Entrance.generate_token)
       end
 
@@ -159,7 +159,7 @@ module Entrance
     end
 
     def password_required?
-      password.blank? || @password_changed
+      password.nil? || @password_changed
     end
 
   end

data/lib/entrance/version.rb

@@ -1,7 +1,7 @@
 module Entrance
   MAJOR = 0
   MINOR = 3
-  PATCH = 2
+  PATCH = 3
 
   VERSION = [MAJOR, MINOR, PATCH].join('.')
 end

data/lib/entrance.rb

@@ -16,7 +16,7 @@ module Entrance
   end
 
   def self.model
-    @model ||= config.model.constantize
+    @model ||= Kernel.const_get(config.model)
   end
 
   def self.generate_token(length = 40)

data/spec/controller_spec.rb

@@ -0,0 +1,332 @@
+require './lib/entrance/controller'
+require './spec/fake_model'
+require 'rspec/mocks'
+
+describe 'Controller' do
+
+  class TestController
+    include Entrance::Controller
+
+    def session
+      @session ||= {}
+    end
+  end
+
+  let(:controller) { TestController.new }
+
+  describe 'when included' do
+
+    describe 'if receiver does not respond_to #helper_method' do
+
+      class EmptyClass; end
+
+      it 'does not explode' do
+        EmptyClass.should_not_receive(:helper_method).once
+
+        class EmptyClass
+          include Entrance::Controller
+        end
+      end
+
+    end
+
+    describe 'if received responds_to #helper_method' do
+
+      class FooClass
+        def helper_method(list)
+          # puts 'received'
+        end
+      end
+
+      it 'calls that method' do
+        FooClass.should_receive(:helper_method).once
+
+        class FooClass
+          include Entrance::Controller
+        end
+      end
+
+    end
+
+  end
+
+  # authenticate_and_login(username, password, remember_me = false)
+  describe '.authenticate_and_login' do
+
+    describe 'blank username' do
+
+      it 'does not call login!' do
+        controller.should_not_receive(:login!)
+        controller.authenticate_and_login('', 'test')
+      end
+
+    end
+
+    describe 'valid username' do
+
+      describe 'blank password' do
+
+        it 'does not call login!' do
+          controller.should_not_receive(:login!)
+          controller.authenticate_and_login('test@test.com', '')
+        end
+
+      end
+
+      describe 'invalid password' do
+
+        it 'does not call login!' do
+          controller.should_not_receive(:login!)
+          controller.authenticate_and_login('test@test.com', 'invalid')
+        end
+
+      end
+
+      describe 'valid password' do
+
+        it 'calls login!' do
+          controller.should_receive(:login!).and_return(FakeUser.new)
+          controller.authenticate_and_login('test@test.com', 'test')
+        end
+
+        it 'returns user' do
+          controller.should_receive(:login!).and_return(FakeUser.new)
+          res = controller.authenticate_and_login('test@test.com', 'test')
+          res.should be_a FakeUser
+        end
+
+        describe 'no remember_me' do
+
+          it 'does not set remember cookie' do
+            FakeUser.any_instance.should_not_receive('remember_me!')
+            controller.should_not_receive(:set_remember_cookie)
+            controller.authenticate_and_login('test@test.com', 'test')
+          end
+
+        end
+
+        describe 'remember_me = false' do
+
+          it 'does not call user.set_remember_token' do
+            FakeUser.any_instance.should_not_receive('remember_me!')
+            controller.should_not_receive(:set_remember_cookie)
+            controller.authenticate_and_login('test@test.com', 'test')
+          end
+
+        end
+
+        describe 'remember_me = true' do
+
+          describe 'if remember option is disabled' do
+
+          it 'does not set remember cookie' do
+            FakeUser.any_instance.should_not_receive('remember_me!')
+            controller.should_not_receive(:set_remember_cookie)
+            controller.authenticate_and_login('test@test.com', 'test')
+          end
+
+          end
+
+          describe 'if remember option is enabled' do
+
+            before do
+              Entrance.config.stub(:can?).and_return(true)
+            end
+
+            it 'calls set_remember_cookie' do
+              FakeUser.any_instance.should_receive('remember_me!').and_return('foobar')
+              controller.should_receive(:set_remember_cookie)
+              controller.authenticate_and_login('test@test.com', 'test', true)
+            end
+
+          end
+
+        end
+
+      end
+
+    end
+
+  end
+
+  # login!(user, remember_me = false)
+  describe 'login!' do
+
+    describe 'with invalid user' do
+
+      it 'raises error' do
+        expect do
+          controller.login! 'foobar'
+        end.to raise_error(RuntimeError)
+      end
+
+    end
+
+    describe 'with valid user' do
+
+      let(:user) {
+        user = FakeUser.new
+        user.email = 'aaa@bbb.com'
+        user
+      }
+
+      it 'calls current_user setter' do
+        controller.should_receive(:current_user=).with(user).and_return(true)
+        controller.login!(user)
+      end
+
+      it 'sets user_id in session' do
+        controller.login!(user)
+        controller.session[:user_id].should == 'aaa@bbb.com'
+      end
+
+      describe 'with remember_me true' do
+
+        # this is basically tested above so we can skip it
+
+      end
+
+    end
+
+  end
+
+  # logout!
+  describe 'logout!' do
+
+    describe 'with empty session' do
+
+      before do
+        controller.session.should be_empty
+      end
+
+      it 'leaves session as it is' do
+        controller.logout!
+        controller.session.should be_empty
+      end
+
+    end
+
+    describe 'with existing user_id in session' do
+
+      before do
+        controller.session[:user_id] = '1234'
+      end
+
+      it 'sets user_id to nil' do
+        controller.logout!
+        controller.session[:user_id].should be_nil
+      end
+
+    end
+
+  end
+
+  describe 'current_user' do
+
+    describe 'with @current_user instance var not set' do
+
+      before do
+        controller.instance_variable_get('@current_user').should be_nil
+      end
+
+      it 'calls login_from_session' do
+        controller.should_receive(:login_from_session)
+        controller.current_user
+      end
+
+      describe 'login_from_session succeeds' do
+
+        it 'returns user' do
+          controller.should_receive(:login_from_session).and_return(FakeUser.new)
+          res = controller.current_user
+          res.should be_a FakeUser
+        end
+
+        it 'does not call login_with_cookie' do
+          controller.should_receive(:login_from_session).and_return(FakeUser.new)
+          controller.should_not_receive(:login_from_cookie)
+          controller.current_user
+        end
+
+      end
+
+      describe 'login_from_session fails' do
+
+        it 'calls login_with_cookie' do
+          controller.should_receive(:login_from_session).and_return(nil)
+          controller.should_receive(:login_from_cookie)
+          controller.current_user
+        end
+
+        describe 'login_from_cookie succeeds' do
+
+          it 'returns user' do
+            controller.should_receive(:login_from_session).and_return(nil)
+            controller.should_receive(:login_from_cookie).and_return(FakeUser.new)
+            res = controller.current_user
+            res.should be_a FakeUser
+          end
+
+        end
+
+      end
+
+    end
+
+    describe 'with @current_user instance var set' do
+
+      before do
+        @user = FakeUser.new
+        controller.instance_variable_set('@current_user', @user)
+      end
+
+      it 'does not call login_from_session' do
+        controller.should_not_receive(:login_from_session)
+        controller.current_user
+      end
+
+    end
+
+  end
+
+
+  describe 'logged_in?' do
+
+  end
+
+  describe 'logged_out?' do
+
+  end
+
+  describe 'login_required' do
+
+    describe 'if logged in' do
+
+      before do
+        controller.stub(:logged_in?).and_return(true)
+      end
+
+      it 'does not call access_denied' do
+        controller.should_not_receive(:access_denied)
+        controller.login_required
+      end
+
+    end
+
+    describe 'if logged out' do
+
+      before do
+        controller.stub(:logged_in?).and_return(false)
+      end
+
+      it 'calls access_denied' do
+        controller.should_receive(:access_denied)
+        controller.login_required
+      end
+
+    end
+
+  end
+
+
+end

data/spec/fake_model.rb

@@ -0,0 +1,52 @@
+require 'entrance'
+
+Entrance.configure do |config|
+  config.model         = 'FakeUser'
+  config.unique_key    = 'email'
+  config.username_attr = 'email'
+  config.password_attr = 'password'
+
+  # disabling reset password and remember options
+  config.reset_token_attr    = nil
+  config.remember_token_attr = nil
+  # config.cookie_secure       = false
+
+  config.access_denied_redirect_to = '/login'
+end
+
+############################################################
+# admin user model
+
+class FakeUser
+  attr_accessor :email, :password #, :remember_token
+
+  USERS = {
+    'test@test.com' => 'test',
+    'foo@test.com'  => 'foo'
+  }
+
+  def self.where(query)
+    email = query['email']
+    # puts "User logging in: #{email}"
+    return [] unless USERS[email]
+
+    user = new
+    user.email    = email
+    user.password = USERS[email]
+
+    # puts "Initialized user: #{user.inspect}"
+    [user]
+  end
+
+  def update_attribute(key, val)
+    # puts "Updating #{key} -> #{val}"
+    send("#{key}=", val)
+  end
+
+  def authenticated?(string)
+    password == string
+  end
+
+  include Entrance::Model # ensure after we declare the .where method
+
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: entrance
 version: !ruby/object:Gem::Version
-  version: 0.3.2
+  version: 0.3.3
   prerelease: 
 platform: ruby
 authors:
@@ -119,6 +119,8 @@ files:
 - lib/entrance/controller.rb
 - lib/entrance/model.rb
 - lib/entrance/version.rb
+- spec/controller_spec.rb
+- spec/fake_model.rb
 homepage: https://github.com/tomas/entrance
 licenses: []
 post_install_message: