ggoodale-restful-authentication 1.1.1

data/generators/authenticated/templates/stories/steps/user_steps.rb

@@ -0,0 +1,153 @@
+require File.dirname(__FILE__) + '/../helper'
+
+RE_<%= file_name.capitalize %>      = %r{(?:(?:the )? *(\w+) *)}
+RE_<%= file_name.capitalize %>_TYPE = %r{(?: *(\w+)? *)}
+steps_for(:<%= file_name %>) do
+
+  #
+  # Setting
+  #
+  
+  Given "an anonymous <%= file_name %>" do 
+    log_out!
+  end
+
+  Given "$an $<%= file_name %>_type <%= file_name %> with $attributes" do |_, <%= file_name %>_type, attributes|
+    create_<%= file_name %>! <%= file_name %>_type, attributes.to_hash_from_story
+  end
+  
+  Given "$an $<%= file_name %>_type <%= file_name %> named '$login'" do |_, <%= file_name %>_type, login|
+    create_<%= file_name %>! <%= file_name %>_type, named_<%= file_name %>(login)
+  end
+  
+  Given "$an $<%= file_name %>_type <%= file_name %> logged in as '$login'" do |_, <%= file_name %>_type, login|
+    create_<%= file_name %>! <%= file_name %>_type, named_<%= file_name %>(login)
+    log_in_<%= file_name %>!
+  end
+  
+  Given "$actor is logged in" do |_, login|
+    log_in_<%= file_name %>! @<%= file_name %>_params || named_<%= file_name %>(login)
+  end
+  
+  Given "there is no $<%= file_name %>_type <%= file_name %> named '$login'" do |_, login|
+    @<%= file_name %> = <%= class_name %>.find_by_login(login)
+    @<%= file_name %>.destroy! if @<%= file_name %>
+    @<%= file_name %>.should be_nil
+  end
+  
+  #
+  # Actions
+  #
+  When "$actor logs out" do 
+    log_out
+  end
+
+  When "$actor registers an account as the preloaded '$login'" do |_, login|
+    <%= file_name %> = named_<%= file_name %>(login)
+    <%= file_name %>['password_confirmation'] = <%= file_name %>['password']
+    create_<%= file_name %> <%= file_name %>
+  end
+
+  When "$actor registers an account with $attributes" do |_, attributes|
+    create_<%= file_name %> attributes.to_hash_from_story
+  end
+<% if options[:include_activation] %>  
+  When "$actor activates with activation code $attributes" do |_, activation_code|
+    activation_code = '' if activation_code == 'that is blank'
+    activate 
+  end<% end %>  
+
+  When "$actor logs in with $attributes" do |_, attributes|
+    log_in_<%= file_name %> attributes.to_hash_from_story
+  end
+  
+  #
+  # Result
+  #
+  Then "$actor should be invited to sign in" do |_|
+    response.should render_template('/<%= controller_file_path %>/new')
+  end
+  
+  Then "$actor should not be logged in" do |_|
+    controller.logged_in?.should_not be_true
+  end
+    
+  Then "$login should be logged in" do |login|
+    controller.logged_in?.should be_true
+    controller.current_<%= file_name %>.should === @<%= file_name %>
+    controller.current_<%= file_name %>.login.should == login
+  end
+    
+end
+
+def named_<%= file_name %> login
+  <%= file_name %>_params = {
+    'admin'   => {'id' => 1, 'login' => 'addie', 'password' => '1234addie', 'email' => 'admin@example.com',       },
+    'oona'    => {          'login' => 'oona',   'password' => '1234oona',  'email' => 'unactivated@example.com'},
+    'reggie'  => {          'login' => 'reggie', 'password' => 'monkey',    'email' => 'registered@example.com' },
+    }
+  <%= file_name %>_params[login.downcase]
+end
+
+#
+# <%= class_name %> account actions.
+#
+# The ! methods are 'just get the job done'.  It's true, they do some testing of
+# their own -- thus un-DRY'ing tests that do and should live in the <%= file_name %> account
+# stories -- but the repetition is ultimately important so that a faulty test setup
+# fails early.  
+#
+
+def log_out 
+  get '/<%= controller_file_path %>/destroy'
+end
+
+def log_out!
+  log_out
+  response.should redirect_to('/')
+  follow_redirect!
+end
+
+def create_<%= file_name %>(<%= file_name %>_params={})
+  @<%= file_name %>_params       ||= <%= file_name %>_params
+  post "/<%= model_controller_file_path %>", :<%= file_name %> => <%= file_name %>_params
+  @<%= file_name %> = <%= class_name %>.find_by_login(<%= file_name %>_params['login'])
+end
+
+def create_<%= file_name %>!(<%= file_name %>_type, <%= file_name %>_params)
+  <%= file_name %>_params['password_confirmation'] ||= <%= file_name %>_params['password'] ||= <%= file_name %>_params['password']
+  create_<%= file_name %> <%= file_name %>_params
+  response.should redirect_to('/')
+  follow_redirect!
+<% if options[:include_activation] %> 
+  # fix the <%= file_name %>'s activation status
+  activate_<%= file_name %>! if <%= file_name %>_type == 'activated'<% end %>
+end
+
+<% if options[:include_activation] %> 
+def activate_<%= file_name %> activation_code=nil
+  activation_code = @<%= file_name %>.activation_code if activation_code.nil?
+  get "/activate/#{activation_code}"
+end
+
+def activate_<%= file_name %>! *args
+  activate_<%= file_name %> *args
+  response.should redirect_to('/login')
+  follow_redirect!
+  response.should have_flash("notice", /Signup complete!/)
+end<% end %>
+
+def log_in_<%= file_name %> <%= file_name %>_params=nil
+  @<%= file_name %>_params ||= <%= file_name %>_params
+  <%= file_name %>_params  ||= @<%= file_name %>_params
+  post "/<%= controller_routing_path %>", <%= file_name %>_params
+  @<%= file_name %> = <%= class_name %>.find_by_login(<%= file_name %>_params['login'])
+  controller.current_<%= file_name %>
+end
+
+def log_in_<%= file_name %>! *args
+  log_in_<%= file_name %> *args
+  response.should redirect_to('/')
+  follow_redirect!
+  response.should have_flash("notice", /Logged in successfully/)
+end

data/generators/authenticated/templates/stories/users/accounts.story

@@ -0,0 +1,186 @@
+Visitors should be in control of creating an account and of proving their
+essential humanity/accountability or whatever it is people think the
+id-validation does.  We should be fairly skeptical about this process, as the
+identity+trust chain starts here.
+
+Story: Creating an account
+  As an anonymous <%= file_name %>
+  I want to be able to create an account
+  So that I can be one of the cool kids
+
+  #
+  # Account Creation: Get entry form
+  #
+  Scenario: Anonymous <%= file_name %> can start creating an account
+    Given an anonymous <%= file_name %>
+    When  she goes to /signup
+    Then  she should be at the '<%= model_controller_routing_path %>/new' page
+     And  the page should look AWESOME
+     And  she should see a <form> containing a textfield: Login, textfield: Email, password: Password, password: 'Confirm Password', submit: 'Sign up'
+
+  #
+  # Account Creation
+  #
+  Scenario: Anonymous <%= file_name %> can create an account
+    Given an anonymous <%= file_name %>
+     And  no <%= file_name %> with login: 'Oona' exists
+    When  she registers an account as the preloaded 'Oona'
+    Then  she should be redirected to the home page
+    When  she follows that redirect!
+    Then  she should see a notice message 'Thanks for signing up!'
+     And  a <%= file_name %> with login: 'oona' should exist
+     And  the <%= file_name %> should have login: 'oona', and email: 'unactivated@example.com'
+<% if options[:include_activation] %>
+     And  the <%= file_name %>'s activation_code should not be nil
+     And  the <%= file_name %>'s activated_at    should     be nil
+     And  she should not be logged in
+<% else %>
+     And  oona should be logged in
+<% end %>
+
+  #
+  # Account Creation Failure: Account exists
+  #
+<% if options[:include_activation] %>
+  Scenario: Anonymous <%= file_name %> can not create an account replacing a non-activated account
+    Given an anonymous <%= file_name %>
+     And  a registered <%= file_name %> named 'Reggie'
+     And  the <%= file_name %> has activation_code: 'activate_me', activated_at: nil! 
+     And  we try hard to remember the <%= file_name %>'s updated_at, and created_at
+    When  she registers an account with login: 'reggie', password: 'monkey', and email: 'different@example.com'
+    Then  she should be at the '<%= model_controller_routing_path %>/new' page
+     And  she should     see an errorExplanation message 'Login has already been taken'
+     And  she should not see an errorExplanation message 'Email has already been taken'
+     And  a <%= file_name %> with login: 'reggie' should exist
+     And  the <%= file_name %> should have email: 'registered@example.com'
+     And  the <%= file_name %>'s activation_code should not be nil
+     And  the <%= file_name %>'s activated_at    should     be nil
+     And  the <%= file_name %>'s created_at should stay the same under to_s
+     And  the <%= file_name %>'s updated_at should stay the same under to_s
+     And  she should not be logged in<% end %>
+     
+  Scenario: Anonymous <%= file_name %> can not create an account replacing an activated account
+    Given an anonymous <%= file_name %>
+     And  an activated <%= file_name %> named 'Reggie'
+     And  we try hard to remember the <%= file_name %>'s updated_at, and created_at
+    When  she registers an account with login: 'reggie', password: 'monkey', and email: 'reggie@example.com'
+    Then  she should be at the '<%= model_controller_routing_path %>/new' page
+     And  she should     see an errorExplanation message 'Login has already been taken'
+     And  she should not see an errorExplanation message 'Email has already been taken'
+     And  a <%= file_name %> with login: 'reggie' should exist
+     And  the <%= file_name %> should have email: 'registered@example.com'
+<% if options[:include_activation] %>
+     And  the <%= file_name %>'s activation_code should     be nil
+     And  the <%= file_name %>'s activated_at    should not be nil<% end %>
+     And  the <%= file_name %>'s created_at should stay the same under to_s
+     And  the <%= file_name %>'s updated_at should stay the same under to_s
+     And  she should not be logged in
+
+  #
+  # Account Creation Failure: Incomplete input
+  #
+  Scenario: Anonymous <%= file_name %> can not create an account with incomplete or incorrect input
+    Given an anonymous <%= file_name %>
+     And  no <%= file_name %> with login: 'Oona' exists
+    When  she registers an account with login: '',     password: 'monkey', password_confirmation: 'monkey' and email: 'unactivated@example.com'
+    Then  she should be at the '<%= model_controller_routing_path %>/new' page
+     And  she should     see an errorExplanation message 'Login can't be blank'
+     And  no <%= file_name %> with login: 'oona' should exist
+     
+  Scenario: Anonymous <%= file_name %> can not create an account with no password
+    Given an anonymous <%= file_name %>
+     And  no <%= file_name %> with login: 'Oona' exists
+    When  she registers an account with login: 'oona', password: '',       password_confirmation: 'monkey' and email: 'unactivated@example.com'
+    Then  she should be at the '<%= model_controller_routing_path %>/new' page
+     And  she should     see an errorExplanation message 'Password can't be blank'
+     And  no <%= file_name %> with login: 'oona' should exist
+     
+  Scenario: Anonymous <%= file_name %> can not create an account with no password_confirmation
+    Given an anonymous <%= file_name %>
+     And  no <%= file_name %> with login: 'Oona' exists
+    When  she registers an account with login: 'oona', password: 'monkey', password_confirmation: ''       and email: 'unactivated@example.com'
+    Then  she should be at the '<%= model_controller_routing_path %>/new' page
+     And  she should     see an errorExplanation message 'Password confirmation can't be blank'
+     And  no <%= file_name %> with login: 'oona' should exist
+     
+  Scenario: Anonymous <%= file_name %> can not create an account with mismatched password & password_confirmation
+    Given an anonymous <%= file_name %>
+     And  no <%= file_name %> with login: 'Oona' exists
+    When  she registers an account with login: 'oona', password: 'monkey', password_confirmation: 'monkeY' and email: 'unactivated@example.com'
+    Then  she should be at the '<%= model_controller_routing_path %>/new' page
+     And  she should     see an errorExplanation message 'Password doesn't match confirmation'
+     And  no <%= file_name %> with login: 'oona' should exist
+     
+  Scenario: Anonymous <%= file_name %> can not create an account with bad email
+    Given an anonymous <%= file_name %>
+     And  no <%= file_name %> with login: 'Oona' exists
+    When  she registers an account with login: 'oona', password: 'monkey', password_confirmation: 'monkey' and email: ''
+    Then  she should be at the '<%= model_controller_routing_path %>/new' page
+     And  she should     see an errorExplanation message 'Email can't be blank'
+     And  no <%= file_name %> with login: 'oona' should exist
+    When  she registers an account with login: 'oona', password: 'monkey', password_confirmation: 'monkey' and email: 'unactivated@example.com'
+    Then  she should be redirected to the home page
+    When  she follows that redirect!
+    Then  she should see a notice message 'Thanks for signing up!'
+     And  a <%= file_name %> with login: 'oona' should exist
+     And  the <%= file_name %> should have login: 'oona', and email: 'unactivated@example.com'
+<% if options[:include_activation] %>
+     And  the <%= file_name %>'s activation_code should not be nil
+     And  the <%= file_name %>'s activated_at    should     be nil
+     And  she should not be logged in
+<% else %>
+     And  oona should be logged in
+<% end %>
+     
+<% if options[:include_activation] %>
+Story: Activating an account
+  As a registered, but not yet activated, <%= file_name %>
+  I want to be able to activate my account
+  So that I can log in to the site
+
+  #
+  # Successful activation
+  #
+  Scenario: Not-yet-activated <%= file_name %> can activate her account
+    Given a registered <%= file_name %> named 'Reggie'
+     And  the <%= file_name %> has activation_code: 'activate_me', activated_at: nil! 
+     And  we try hard to remember the <%= file_name %>'s updated_at, and created_at
+    When  she goes to /activate/activate_me
+    Then  she should be redirected to 'login'
+    When  she follows that redirect!
+    Then  she should see a notice message 'Signup complete!'
+     And  a <%= file_name %> with login: 'reggie' should exist
+     And  the <%= file_name %> should have login: 'reggie', and email: 'registered@example.com'
+     And  the <%= file_name %>'s activation_code should     be nil
+     And  the <%= file_name %>'s activated_at    should not be nil
+     And  she should not be logged in
+
+  #
+  # Unsuccessful activation
+  #
+  Scenario: Not-yet-activated <%= file_name %> can't activate her account with a blank activation code
+    Given a registered <%= file_name %> named 'Reggie'
+     And  the <%= file_name %> has activation_code: 'activate_me', activated_at: nil! 
+     And  we try hard to remember the <%= file_name %>'s updated_at, and created_at
+    When  she goes to /activate/
+    Then  she should be redirected to the home page
+    When  she follows that redirect!
+    Then  she should see an error  message 'activation code was missing'
+     And  a <%= file_name %> with login: 'reggie' should exist
+     And  the <%= file_name %> should have login: 'reggie', activation_code: 'activate_me', and activated_at: nil!
+     And  the <%= file_name %>'s updated_at should stay the same under to_s
+     And  she should not be logged in
+  
+  Scenario: Not-yet-activated <%= file_name %> can't activate her account with a bogus activation code
+    Given a registered <%= file_name %> named 'Reggie'
+     And  the <%= file_name %> has activation_code: 'activate_me', activated_at: nil! 
+     And  we try hard to remember the <%= file_name %>'s updated_at, and created_at
+    When  she goes to /activate/i_haxxor_joo
+    Then  she should be redirected to the home page
+    When  she follows that redirect!
+    Then  she should see an error  message 'couldn\'t find a <%= file_name %> with that activation code'
+     And  a <%= file_name %> with login: 'reggie' should exist
+     And  the <%= file_name %> should have login: 'reggie', activation_code: 'activate_me', and activated_at: nil!
+     And  the <%= file_name %>'s updated_at should stay the same under to_s
+     And  she should not be logged in
+<% end %>

data/generators/authenticated/templates/stories/users/sessions.story

@@ -0,0 +1,134 @@
+Users want to know that nobody can masquerade as them.  We want to extend trust
+only to visitors who present the appropriate credentials.  Everyone wants this
+identity verification to be as secure and convenient as possible.
+
+Story: Logging in
+  As an anonymous <%= file_name %> with an account
+  I want to log in to my account
+  So that I can be myself
+
+  #
+  # Log in: get form
+  #
+  Scenario: Anonymous <%= file_name %> can get a login form.
+    Given an anonymous <%= file_name %>
+    When  she goes to /login
+    Then  she should be at the new <%= controller_file_name %> page
+     And  the page should look AWESOME
+     And  she should see a <form> containing a textfield: Login, password: Password, and submit: 'Log in'
+  
+  #
+  # Log in successfully, but don't remember me
+  #
+  Scenario: Anonymous <%= file_name %> can log in
+    Given an anonymous <%= file_name %>
+     And  an activated <%= file_name %> named 'reggie'
+    When  she creates a singular <%= controller_file_name %> with login: 'reggie', password: 'monkey', remember me: ''
+    Then  she should be redirected to the home page
+    When  she follows that redirect!
+    Then  she should see a notice message 'Logged in successfully'
+     And  reggie should be logged in
+     And  she should not have an auth_token cookie
+   
+  Scenario: Logged-in <%= file_name %> who logs in should be the new one
+    Given an activated <%= file_name %> named 'reggie'
+     And  an activated <%= file_name %> logged in as 'oona'
+    When  she creates a singular <%= controller_file_name %> with login: 'reggie', password: 'monkey', remember me: ''
+    Then  she should be redirected to the home page
+    When  she follows that redirect!
+    Then  she should see a notice message 'Logged in successfully'
+     And  reggie should be logged in
+     And  she should not have an auth_token cookie
+  
+  #
+  # Log in successfully, remember me
+  #
+  Scenario: Anonymous <%= file_name %> can log in and be remembered
+    Given an anonymous <%= file_name %>
+     And  an activated <%= file_name %> named 'reggie'
+    When  she creates a singular <%= controller_file_name %> with login: 'reggie', password: 'monkey', remember me: '1'
+    Then  she should be redirected to the home page
+    When  she follows that redirect!
+    Then  she should see a notice message 'Logged in successfully'
+     And  reggie should be logged in
+     And  she should have an auth_token cookie
+	      # assumes fixtures were run sometime
+     And  her session store should have <%= file_name %>_id: 4
+   
+  #
+  # Log in unsuccessfully
+  #
+  
+  Scenario: Logged-in <%= file_name %> who fails logs in should be logged out
+    Given an activated <%= file_name %> named 'oona'
+    When  she creates a singular <%= controller_file_name %> with login: 'oona', password: '1234oona', remember me: '1'
+    Then  she should be redirected to the home page
+    When  she follows that redirect!
+    Then  she should see a notice message 'Logged in successfully'
+     And  oona should be logged in
+     And  she should have an auth_token cookie
+    When  she creates a singular <%= controller_file_name %> with login: 'reggie', password: 'i_haxxor_joo'
+    Then  she should be at the new <%= controller_file_name %> page
+    Then  she should see an error message 'Couldn't log you in as 'reggie''
+     And  she should not be logged in
+     And  she should not have an auth_token cookie
+     And  her session store should not have <%= file_name %>_id
+  
+  Scenario: Log-in with bogus info should fail until it doesn't
+    Given an activated <%= file_name %> named 'reggie'
+    When  she creates a singular <%= controller_file_name %> with login: 'reggie', password: 'i_haxxor_joo'
+    Then  she should be at the new <%= controller_file_name %> page
+    Then  she should see an error message 'Couldn't log you in as 'reggie''
+     And  she should not be logged in
+     And  she should not have an auth_token cookie
+     And  her session store should not have <%= file_name %>_id
+    When  she creates a singular <%= controller_file_name %> with login: 'reggie', password: ''
+    Then  she should be at the new <%= controller_file_name %> page
+    Then  she should see an error message 'Couldn't log you in as 'reggie''
+     And  she should not be logged in
+     And  she should not have an auth_token cookie
+     And  her session store should not have <%= file_name %>_id
+    When  she creates a singular <%= controller_file_name %> with login: '', password: 'monkey'
+    Then  she should be at the new <%= controller_file_name %> page
+    Then  she should see an error message 'Couldn't log you in as '''
+     And  she should not be logged in
+     And  she should not have an auth_token cookie
+     And  her session store should not have <%= file_name %>_id
+    When  she creates a singular <%= controller_file_name %> with login: 'leonard_shelby', password: 'monkey'
+    Then  she should be at the new <%= controller_file_name %> page
+    Then  she should see an error message 'Couldn't log you in as 'leonard_shelby''
+     And  she should not be logged in
+     And  she should not have an auth_token cookie
+     And  her session store should not have <%= file_name %>_id
+    When  she creates a singular <%= controller_file_name %> with login: 'reggie', password: 'monkey', remember me: '1'
+    Then  she should be redirected to the home page
+    When  she follows that redirect!
+    Then  she should see a notice message 'Logged in successfully'
+     And  reggie should be logged in
+     And  she should have an auth_token cookie
+	      # assumes fixtures were run sometime
+     And  her session store should have <%= file_name %>_id: 4
+
+
+  #
+  # Log out successfully (should always succeed)
+  #
+  Scenario: Anonymous (logged out) <%= file_name %> can log out.
+    Given an anonymous <%= file_name %>
+    When  she goes to /logout
+    Then  she should be redirected to the home page
+    When  she follows that redirect!
+    Then  she should see a notice message 'You have been logged out'
+     And  she should not be logged in
+     And  she should not have an auth_token cookie
+     And  her session store should not have <%= file_name %>_id
+
+  Scenario: Logged in <%= file_name %> can log out.
+    Given an activated <%= file_name %> logged in as 'reggie'
+    When  she goes to /logout
+    Then  she should be redirected to the home page
+    When  she follows that redirect!
+    Then  she should see a notice message 'You have been logged out'
+     And  she should not be logged in
+     And  she should not have an auth_token cookie
+     And  her session store should not have <%= file_name %>_id