goma 0.0.1.beta → 0.0.1.gamma

data/lib/goma/config.rb

@@ -42,27 +42,31 @@ module Goma
     include Goma::Configurable
     config_accessor(:default_mailer_name)                          { 'UserMailer' }
     config_accessor(:mailer_sender)
-    config_accessor(:authentication_keys)                          { [:email] }
-    config_accessor(:email_regexp)                                 { /\A[^@]+@[^@]+\z/ }
-    config_accessor(:password_length)                              { 6..128 }
-    config_accessor(:case_insensitive_keys)                        { [:email] }
-    config_accessor(:strip_whitespace_keys)                        { [:email] }
     config_accessor(:clean_up_csrf_token_on_authentication)        { true }
     config_accessor(:secret_key)
-    config_accessor(:encryptor)                                    { :bcrypt }
-    config_accessor(:stretches)                                    { 10 }
-    config_accessor(:pepper)
     config_accessor(:serialization_method)                         { :goma }
     config_accessor(:scopes)                                       { [:user] }
     config_accessor(:default_scope)                                { :user }
-    config_accessor(:modules)                                      { [:password_authenticatable] }
+    config_accessor(:modules)                                      { [] }
     config_accessor(:save_return_to_url)                           { true }
     config_accessor(:not_authenticated_action)                     { :not_authenticated }
 
+
+    # Password authenticatable
+    config_accessor(:authentication_keys)                          { [:email] }
+    config_accessor(:case_insensitive_keys)                        { [:email] }
+    config_accessor(:strip_whitespace_keys)                        { [:email] }
+    config_accessor(:encryptor)                                    { :bcrypt }
+    config_accessor(:pepper)
+    config_accessor(:stretches)                                    { 10 }
     config_accessor(:email_attribute_name)                         { :email }
     config_accessor(:password_attribute_name)                      { :password }
     config_accessor(:encrypted_password_attribute_name)            { :encrypted_password }
 
+    # Validatable
+    config_accessor(:password_length)                              { 8..128 }
+    config_accessor(:email_regexp)                                 { /\A[^@]+@[^@]+\z/ }
+
     # Confirmable
     config_accessor(:activation_mailer_name)                       { nil }
     config_accessor(:email_confirmation_mailer_name)               { nil }
@@ -86,7 +90,7 @@ module Goma
     config_accessor(:remember_for)                                 { 2.weeks }
     config_accessor(:extend_remember_period)                       { false }
     config_accessor(:rememberable_options)                         { {} }
-    config_accessor(:remember_token_attribute_name)                { :remember_token }
+    config_accessor(:remember_token_attribute_name)                { nil }
     config_accessor(:remember_created_at_attribute_name)           { :remember_created_at }
 
     # Timeoutable
@@ -96,17 +100,17 @@ module Goma
 
     # Lockable
     config_accessor(:unlock_token_mailer_name)                     { nil }
-    config_accessor(:unlock_token_email_method_name)               { :unlock_email }
+    config_accessor(:unlock_token_email_method_name)               { :unlock_token_email }
     config_accessor(:lock_strategy)                                { :failed_attempts }
     config_accessor(:unlock_keys)                                  { :email }
     config_accessor(:unlock_strategies)                            { [:email, :time] }
     config_accessor(:maximum_attempts)                             { 20 }
     config_accessor(:failed_attempts_attribute_name)               { :failed_attempts }
     config_accessor(:locked_at_attribute_name)                     { :locked_at }
+    config_accessor(:unlock_in)                                    { 1.hour }
     config_accessor(:unlock_token_attribute_name)                  { :unlock_token }
     config_accessor(:unlock_token_sent_at_attribute_name)          { :unlock_token_sent_at }
     config_accessor(:unlock_token_to_send_attribute_name)          { :raw_unlock_token }
-    config_accessor(:unlock_in)                                    { 1.hour }
 
     # Recoverable
     config_accessor(:reset_password_mailer_name)                   { nil }
@@ -125,17 +129,10 @@ module Goma
     config_accessor(:last_login_ip_attribute_name)                 { :last_login_ip }
 
     # Omniauthable
-    config_accessor(:oauth_providers)                              { {} }
     config_accessor(:oauth_authentication_class_name)              { 'Authentication' }
     config_accessor(:oauth_provider_attribute_name)                { :provider }
     config_accessor(:oauth_uid_attribute_name)                     { :uid }
-    def omniauth(provider, app_id=nil, app_secret=nil)
-      oauth_providers[provider] = {key: app_id, secret: app_secret}
-    end
 
-    # TODO
-    config_accessor(:salt_attribute_name)                       { nil }
-    config_accessor(:salt_join_token)                           { '' }
 
     self.instance_methods(false).grep(/attribute_name$/).each do |conf_name|
       name = conf_name.to_s[0...-15]

data/lib/goma/models/confirmable.rb

@@ -82,7 +82,7 @@ module Goma
       end
 
       def send_activation_needed_email?
-        goma_config.activation_needed_email_method_name && !@skip_activation_needed_email
+        !activated? && goma_config.activation_needed_email_method_name && !@skip_activation_needed_email
       end
 
       def send_activation_success_email?

data/lib/goma/models/rememberable.rb

@@ -28,13 +28,13 @@ module Goma
 
       def forget_me!
         return unless persisted?
-        send(goma_config.remember_token_setter, nil)
+        send(goma_config.remember_token_setter, nil) if goma_config.remember_token_attribute_name
         send(goma_config.remember_created_at_setter, nil)
         save(validate: false)
       end
 
       def rememberable_value
-        if respond_to?(:remember_token)
+        if goma_config.remember_token_attribute_name
           send(goma_config.remember_token_getter)
         elsif salt = authenticatable_salt
           salt

data/lib/goma/railtie.rb

@@ -89,15 +89,6 @@ module Goma
           Goma::Encryptors.const_get(Goma.config.encryptor.to_s.classify)
       end
 
-      if Goma.config.modules.include?(:omniauthable)
-        config.app_middleware.use ::OmniAuth::Builder do
-          Goma.config.oauth_providers.each do |service, oauth|
-            provider(service) and next if service.to_sym == :developer
-            provider service, oauth[:key], oauth[:secret]
-          end
-        end
-      end
-
       require 'goma/routes'
     end
   end

data/lib/goma/version.rb

@@ -1,3 +1,3 @@
 module Goma
-  VERSION = "0.0.1.beta"
+  VERSION = "0.0.1.gamma"
 end

data/test/controllers/confirmations_controller_test.rb

@@ -0,0 +1,14 @@
+require 'test_helper'
+
+class ConfirmationsControllerTest < ActionController::TestCase
+  test 'should activate user' do
+    user = User.new(username: 'foo', email: 'foo@example.com', password: 'password', password_confirmation: 'password')
+    user.save!
+
+    get :show, id: user.raw_confirmation_token
+    assert_redirected_to new_session_url
+    assert flash[:notice]
+    user.reload
+    assert user.activated?
+  end
+end

data/test/controllers/lockable_controller_test.rb

@@ -14,10 +14,10 @@ class LockableControllerTest < ActionController::TestCase
 
   should 'be reset failed_attempts when user logs in successfully' do
     assert_equal 0, @user.failed_attempts
-    2.times{ post :create, {username_or_email: @user.email, password: 'wrong'} }
+    2.times{ post :create, {username_or_email: @user.email, password: 'wrongpass'} }
     assert_equal 2, @user.reload.failed_attempts
 
-    post :create, {username_or_email: @user.email, password: 'secret'}
+    post :create, {username_or_email: @user.email, password: 'password'}
     assert_equal 0, @user.reload.failed_attempts
   end
 
@@ -33,13 +33,13 @@ class LockableControllerTest < ActionController::TestCase
     should 'be locked when number of login attemps exceeds config.maximum_attempts' do
       assert_no_difference 'ActionMailer::Base.deliveries.count' do
         5.times do
-          post :create, {username_or_email: @user.email, password: 'wrong'}
+          post :create, {username_or_email: @user.email, password: 'wrongpass'}
         end
       end
       refute @user.reload.access_locked?
 
       assert_difference 'ActionMailer::Base.deliveries.count', 1 do
-        post :create, {username_or_email: @user.email, password: 'wrong'}
+        post :create, {username_or_email: @user.email, password: 'wrongpass'}
       end
       assert @user.reload.access_locked?
     end
@@ -47,7 +47,7 @@ class LockableControllerTest < ActionController::TestCase
 
     should 'not be unlocked after config.unlock_in time' do
       6.times do
-        post :create, {username_or_email: @user.email, password: 'wrong'}
+        post :create, {username_or_email: @user.email, password: 'wrongpass'}
       end
       assert @user.reload.access_locked?
 
@@ -70,20 +70,20 @@ class LockableControllerTest < ActionController::TestCase
     should 'be locked without sending email' do
       assert_no_difference 'ActionMailer::Base.deliveries.count' do
         5.times do
-          post :create, {username_or_email: @user.email, password: 'wrong'}
+          post :create, {username_or_email: @user.email, password: 'wrongpass'}
         end
       end
       refute @user.reload.access_locked?
 
       assert_no_difference 'ActionMailer::Base.deliveries.count' do
-        post :create, {username_or_email: @user.email, password: 'wrong'}
+        post :create, {username_or_email: @user.email, password: 'wrongpass'}
       end
       assert @user.reload.access_locked?
     end
 
     should 'be unlocked after config.unlock_in time' do
       6.times do
-        post :create, {username_or_email: @user.email, password: 'wrong'}
+        post :create, {username_or_email: @user.email, password: 'wrongpass'}
       end
       assert @user.reload.access_locked?
 

data/test/controllers/sessions_controller_test.rb

@@ -7,21 +7,21 @@ class SessionsControllerTest < ActionController::TestCase
   end
 
   test 'should login with email' do
-    post :create, {username_or_email: @user.email, password: 'secret'}
+    post :create, {username_or_email: @user.email, password: 'password'}
     assert_redirected_to root_url
     assert flash[:notice]
     assert_equal @user, current_user
   end
 
   test 'should login with username' do
-    post :create, {username_or_email: @user.username, password: 'secret'}
+    post :create, {username_or_email: @user.username, password: 'password'}
     assert_redirected_to root_url
     assert flash[:notice]
     assert_equal @user, current_user
   end
 
   test 'should not login with incorrect password' do
-    post :create, {username_or_email: @user.email, password: 'wrong'}
+    post :create, {username_or_email: @user.email, password: 'wrongpass'}
     assert_nil current_user
     assert_response :success
     assert_template :new
@@ -30,7 +30,7 @@ class SessionsControllerTest < ActionController::TestCase
 
   test 'should login with case-insensitive key case-insensitively' do
     assert :email.in? @user.goma_config.case_insensitive_keys
-    post :create, {username_or_email: @user.email.upcase, password: 'secret'}
+    post :create, {username_or_email: @user.email.upcase, password: 'password'}
     assert_redirected_to root_url
     assert flash[:notice]
     assert_equal @user, current_user
@@ -38,7 +38,7 @@ class SessionsControllerTest < ActionController::TestCase
 
   test 'should login with strip-whitespace key whitespace-strippingly' do
     assert :email.in? @user.goma_config.strip_whitespace_keys
-    post :create, {username_or_email: " " + @user.email + '  ', password: 'secret'}
+    post :create, {username_or_email: " " + @user.email + '  ', password: 'password'}
     assert_redirected_to root_url
     assert flash[:notice]
     assert_equal @user, current_user
@@ -46,7 +46,7 @@ class SessionsControllerTest < ActionController::TestCase
 
   test 'should not login with non case-insensitive key case-insensitively' do
     refute :username.in? @user.goma_config.case_insensitive_keys
-    post :create, {username_or_email: @user.username.upcase, password: 'secret'}
+    post :create, {username_or_email: @user.username.upcase, password: 'password'}
     assert_nil current_user
     assert_response :success
     assert_template :new
@@ -55,7 +55,7 @@ class SessionsControllerTest < ActionController::TestCase
 
   test 'should not login with non strip-whitespace key whitespace-strippingly' do
     refute :username.in? @user.goma_config.strip_whitespace_keys
-    post :create, {username_or_email: " " + @user.username + '  ', password: 'secret'}
+    post :create, {username_or_email: " " + @user.username + '  ', password: 'password'}
     assert_nil current_user
     assert_response :success
     assert_template :new
@@ -64,7 +64,7 @@ class SessionsControllerTest < ActionController::TestCase
 
   test 'should raise exception when login! with incorrect password' do
     assert_raise Goma::InvalidIdOrPassword do
-      @controller.login!(@user.email, 'wrong')
+      @controller.login!(@user.email, 'wrongpass')
     end
   end
 

data/test/controllers/users_controller_test.rb

@@ -4,20 +4,9 @@ class UsersControllerTest < ActionController::TestCase
   # This test might not be needed
   test 'should create user' do
     assert_difference 'User.count', 1 do
-      post :create, {user: {username: 'foo', email: 'foo@example.com', password: 'secret', password_confirmation: 'secret'}}
+      post :create, {user: {username: 'foo', email: 'foo@example.com', password: 'password', password_confirmation: 'password'}}
     end
-    assert_redirected_to root_url
+    assert_redirected_to new_session_url
     assert flash[:notice]
   end
-
-  test 'should activate user' do
-    user = User.new(username: 'foo', email: 'foo@example.com', password: 'secret', password_confirmation: 'secret')
-    user.save!
-
-    get :activate, id: user.raw_confirmation_token
-    assert_redirected_to root_url
-    assert flash[:notice]
-    user.reload
-    assert user.activated?
-  end
 end

data/test/fabricators/users_fabricator.rb

@@ -1,8 +1,8 @@
 Fabricator(:user) do
   username { sequence(:username) { |i| "user#{i}" } }
   email { sequence(:email) { |i| "user#{i}@example.com" } }
-  password 'secret'
-  password_confirmation 'secret'
+  password 'password'
+  password_confirmation 'password'
   activated_at Time.new.utc
 end
 

data/test/integration/{authenticatable_test.rb → authenticatable_integration_test.rb}

@@ -1,26 +1,26 @@
 require 'test_helper'
 
-class AuthenticatableSessionTest < ActionDispatch::IntegrationTest
+class AuthenticatableSessionIntegrationTest < ActionDispatch::IntegrationTest
   def setup
     @user = Fabricate(:user)
   end
 
   test 'should login' do
-    post 'session', username_or_email: @user.email, password: 'secret'
+    post 'session', username_or_email: @user.email, password: 'password'
     assert_equal @user, request.env['warden'].user(:user)
   end
 
   test 'should redirect back correctly' do
     get 'secret/index'
     assert_redirected_to root_url
-    post 'session', username_or_email: @user.email, password: 'secret'
+    post 'session', username_or_email: @user.email, password: 'password'
     assert_redirected_to secret_index_url
   end
 
   test 'should redirect back url with parameters correctly' do
     get 'secret/index?page=100'
     assert_redirected_to root_url
-    post 'session', username_or_email: @user.email, password: 'secret'
+    post 'session', username_or_email: @user.email, password: 'password'
     assert_redirected_to '/secret/index?page=100'
   end
 end

data/test/integration/omniauthable_integration_test.rb

@@ -0,0 +1,26 @@
+require 'test_helper'
+
+class OmniauthableIntegrationTest < ActionDispatch::IntegrationTest
+  def setup
+    OmniAuth.config.mock_auth[:twitter] = OmniAuth::AuthHash.new({
+      provider: 'twitter',
+      uid:      '1234567'
+    })
+  end
+
+  test 'should create user with omniauth' do
+    get '/auth/twitter'
+    assert_redirected_to '/auth/twitter/callback'
+
+    assert_no_difference 'ActionMailer::Base.deliveries.count' do
+      assert_difference ['User.count', 'Authentication.count'], 1 do
+        follow_redirect!
+      end
+    end
+    assert_redirected_to root_url
+
+    assert current_user
+    assert_equal 'twitter', current_user.authentications.first.provider
+    assert_equal '1234567', current_user.authentications.first.uid
+  end
+end

data/test/integration/{rememberable_test.rb → rememberable_integration_test.rb}

@@ -1,12 +1,12 @@
 require 'test_helper'
 
-class RememberableTest < ActionDispatch::IntegrationTest
+class RememberableIntegrationTest < ActionDispatch::IntegrationTest
   def setup
     @user = Fabricate(:user)
   end
 
   test 'should not remember when remember_me is not set' do
-    post 'session', username_or_email: @user.email, password: 'secret'
+    post 'session', username_or_email: @user.email, password: 'password'
     assert @user, request.env['warden'].user(:user)
 
     Timecop.freeze 30.minutes.from_now
@@ -19,7 +19,7 @@ class RememberableTest < ActionDispatch::IntegrationTest
   test 'should remember' do
     swap ApplicationController, allow_forgery_protection: true do
       get 'session/new'
-      post 'session', username_or_email: @user.email, password: 'secret', remember_me: '1', authenticity_token: session['_csrf_token']
+      post 'session', username_or_email: @user.email, password: 'password', remember_me: '1', authenticity_token: session['_csrf_token']
 
       @user.reload
       assert @user, request.env['warden'].user(:user)
@@ -38,7 +38,7 @@ class RememberableTest < ActionDispatch::IntegrationTest
     swap ApplicationController, allow_forgery_protection: true do
       get 'session/new'
       assert_raise ActionController::InvalidAuthenticityToken do
-        post 'session', username_or_email: @user.email, password: 'secret', remember_me: '1'
+        post 'session', username_or_email: @user.email, password: 'password', remember_me: '1'
       end
 
       refute request.env['warden'].user(:user)
@@ -51,7 +51,7 @@ class RememberableTest < ActionDispatch::IntegrationTest
     swap ApplicationController, allow_forgery_protection: true do
       get 'session/new'
       assert_raise ActionController::InvalidAuthenticityToken do
-        post 'session', username_or_email: @user.email, password: 'secret', remember_me: '1', authenticity_token: 'wrong'
+        post 'session', username_or_email: @user.email, password: 'password', remember_me: '1', authenticity_token: 'wrong'
       end
 
       refute request.env['warden'].user(:user)
@@ -63,7 +63,7 @@ class RememberableTest < ActionDispatch::IntegrationTest
   test 'should login with remember cookie' do
     swap ApplicationController, allow_forgery_protection: true do
       get 'session/new'
-      post 'session', username_or_email: @user.email, password: 'secret', remember_me: '1', authenticity_token: session['_csrf_token']
+      post 'session', username_or_email: @user.email, password: 'password', remember_me: '1', authenticity_token: session['_csrf_token']
 
       reset!
 
@@ -81,7 +81,7 @@ class RememberableTest < ActionDispatch::IntegrationTest
   test  'should forget when logout' do
     swap ApplicationController, allow_forgery_protection: true do
       get 'session/new'
-      post 'session', username_or_email: @user.email, password: 'secret', remember_me: '1', authenticity_token: session['_csrf_token']
+      post 'session', username_or_email: @user.email, password: 'password', remember_me: '1', authenticity_token: session['_csrf_token']
       assert @user, request.env['warden'].user(:user)
 
       delete 'session', authenticity_token: session['_csrf_token']

data/test/integration/{routes_test.rb → routes_integration_test.rb}

@@ -1,8 +1,8 @@
 require 'test_helper'
 
-class RoutesTest < ActionDispatch::IntegrationTest
+class RoutesIntegrationTest < ActionDispatch::IntegrationTest
   def setup
-    @user = Fabricate(:user, password: 'secret')
+    @user = Fabricate(:user, password: 'password')
   end
 
   test 'constraints user_logged_in? should work correctly' do
@@ -10,7 +10,7 @@ class RoutesTest < ActionDispatch::IntegrationTest
     assert_response 200
     assert_instance_of HomeController, @controller
     assert_equal 'a_page_for_visitors', @controller.action_name
-    post 'session', username_or_email: @user.email, password: 'secret'
+    post 'session', username_or_email: @user.email, password: 'password'
     get 'a_page'
     assert_response 200
     assert_instance_of HomeController, @controller
@@ -18,7 +18,7 @@ class RoutesTest < ActionDispatch::IntegrationTest
   end
 
   test 'constraints current_user{|u|... should work correctly' do
-    post 'session', username_or_email: @user.email, password: 'secret'
+    post 'session', username_or_email: @user.email, password: 'password'
 
     assert_raise ActionController::RoutingError do
       get 'a_path_constraints_current_user_with_arity_block'
@@ -33,7 +33,7 @@ class RoutesTest < ActionDispatch::IntegrationTest
   end
 
   test 'constraints current_user{... should work correctly' do
-    post 'session', username_or_email: @user.email, password: 'secret'
+    post 'session', username_or_email: @user.email, password: 'password'
 
     assert_raise ActionController::RoutingError do
       get 'a_path_constraints_current_user_with_no_arity_block'
@@ -56,7 +56,7 @@ class RoutesTest < ActionDispatch::IntegrationTest
     should 'work correctly with constraints user_logged_in?' do
       swap ApplicationController, allow_forgery_protection: true do
         get 'session/new'
-        post 'session', username_or_email: @user.email, password: 'secret', remember_me: '1', authenticity_token: session['_csrf_token']
+        post 'session', username_or_email: @user.email, password: 'password', remember_me: '1', authenticity_token: session['_csrf_token']
         reset!
 
         get 'a_page'
@@ -81,7 +81,7 @@ class RoutesTest < ActionDispatch::IntegrationTest
         end
 
         get 'session/new'
-        post 'session', username_or_email: @user.email, password: 'secret', remember_me: '1', authenticity_token: session['_csrf_token']
+        post 'session', username_or_email: @user.email, password: 'password', remember_me: '1', authenticity_token: session['_csrf_token']
         reset!
 
         @user.reload
@@ -101,7 +101,7 @@ class RoutesTest < ActionDispatch::IntegrationTest
         end
 
         get 'session/new'
-        post 'session', username_or_email: @user.email, password: 'secret', remember_me: '1', authenticity_token: session['_csrf_token']
+        post 'session', username_or_email: @user.email, password: 'password', remember_me: '1', authenticity_token: session['_csrf_token']
         reset!
 
         @user.reload

data/test/integration/{timeoutable_test.rb → timeoutable_integration_test.rb}

@@ -1,9 +1,9 @@
 require 'test_helper'
 
-class TimeoutableTest < ActionDispatch::IntegrationTest
+class TimeoutableIntegrationTest < ActionDispatch::IntegrationTest
   def setup
     @user = Fabricate(:user)
-    post 'session', username_or_email: @user.email, password: 'secret'
+    post 'session', username_or_email: @user.email, password: 'password'
   end
 
   test "should set goma.last_request_at immediately after login" do
@@ -107,7 +107,7 @@ end
 # #     Goma.config.validate_session_even_in_not_login_area = false
 # #     reinclude_timeout_module
 #     @user = Fabricate(:user)
-#     post 'session', username_or_email: @user.email, password: 'secret'
+#     post 'session', username_or_email: @user.email, password: 'password'
 #   end
 # #
 # #   def teardown

data/test/integration/{trackable_test.rb → trackable_integration_test.rb}

@@ -1,6 +1,6 @@
 require 'test_helper'
 
-class TrackableTest < ActionDispatch::IntegrationTest
+class TrackableIntegrationTest < ActionDispatch::IntegrationTest
   def setup
     @user = Fabricate(:user)
   end
@@ -14,7 +14,7 @@ class TrackableTest < ActionDispatch::IntegrationTest
 
     Timecop.freeze 10.minutes.from_now
     @login_at = Time.now.utc
-    post 'session', username_or_email: @user.email, password: 'secret'
+    post 'session', username_or_email: @user.email, password: 'password'
 
     Timecop.travel 10.minutes.from_now
 
@@ -40,7 +40,7 @@ class TrackableTest < ActionDispatch::IntegrationTest
 
     Timecop.freeze 10.minutes.from_now
     @second_login_at = Time.now.utc
-    post 'session', {username_or_email: @user.email, password: 'secret'}, {'REMOTE_ADDR' => '192.168.1.10'}
+    post 'session', {username_or_email: @user.email, password: 'password'}, {'REMOTE_ADDR' => '192.168.1.10'}
 
     Timecop.travel 10.minutes.from_now
 

data/test/models/confirmable_test.rb

@@ -3,7 +3,7 @@ require "test_helper"
 class ConfirmableTest < ActiveSupport::TestCase
   context "A newly created user" do
     setup do
-      @user = User.new(username: 'foo', email: 'foo@example.com', password: 'secret')
+      @user = User.new(username: 'foo', email: 'foo@example.com', password: 'password')
     end
 
     should "not be activated" do

data/test/models/validatable_test.rb

@@ -7,43 +7,43 @@ class ValidatableTest < ActiveSupport::TestCase
 
   test 'should pass all the validations with valid data' do
     assert_difference 'User.count', 1 do
-      User.create!(username: 'bar', email: 'bar@example.com', password: 'secret', password_confirmation: 'secret')
+      User.create!(username: 'bar', email: 'bar@example.com', password: 'password', password_confirmation: 'password')
     end
   end
 
   test 'should validates_presence_of :username' do
     assert_raise ActiveRecord::RecordInvalid do
-      user = User.create!(username: nil, email: 'bar@example.com', password: 'secret', password_confirmation: 'secret')
+      user = User.create!(username: nil, email: 'bar@example.com', password: 'password', password_confirmation: 'password')
     end
   end
 
   test 'should validates_uniqueness_of :username' do
     assert_raise ActiveRecord::RecordInvalid do
-      user = User.create!(username: 'foo', email: 'bar@example.com', password: 'secret', password_confirmation: 'secret')
+      user = User.create!(username: 'foo', email: 'bar@example.com', password: 'password', password_confirmation: 'password')
     end
   end
 
   test 'should validates_presence_of :email' do
     assert_raise ActiveRecord::RecordInvalid do
-      user = User.create!(username: 'foo', email: nil, password: 'secret', password_confirmation: 'secret')
+      user = User.create!(username: 'foo', email: nil, password: 'password', password_confirmation: 'password')
     end
   end
 
   test 'should validates_uniqueness_of :email' do
     assert_raise ActiveRecord::RecordInvalid do
-      user = User.create!(username: 'bar', email: 'foo@example.com', password: 'secret', password_confirmation: 'secret')
+      user = User.create!(username: 'bar', email: 'foo@example.com', password: 'password', password_confirmation: 'password')
     end
   end
 
   test 'should validates_format_of :email' do
     assert_raise ActiveRecord::RecordInvalid do
-      user = User.create!(username: 'bar', email: 'bar.example.com', password: 'secret', password_confirmation: 'secret')
+      user = User.create!(username: 'bar', email: 'bar.example.com', password: 'password', password_confirmation: 'password')
     end
   end
 
   test 'should validates_length_of :password with too short password' do
     assert_raise ActiveRecord::RecordInvalid do
-      user = User.create!(username: 'bar', email: 'bar@example.com', password: 's' * 5, password_confirmation: 's' * 5)
+      user = User.create!(username: 'bar', email: 'bar@example.com', password: 's' * 7, password_confirmation: 's' * 7)
     end
   end
 

data/test/rails_app/app/assets/stylesheets/authentications.css

@@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/test/rails_app/app/assets/stylesheets/confirmations.css

@@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/test/rails_app/app/assets/stylesheets/passwords.css

@@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/test/rails_app/app/assets/stylesheets/unlocks.css

@@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/