goma 0.0.1.gamma → 0.0.1.rc1

data/test/integration/password_authenticatable_integration_test.rb

@@ -0,0 +1,40 @@
+require 'test_helper'
+
+class PasswordAuthenticatableIntegrationTest < ActionDispatch::IntegrationTest
+  def setup
+    @user = Fabricate(:user)
+  end
+
+  test 'should login' do
+    visit new_session_url
+    fill_in :username_or_email, with: @user.email
+    fill_in :password, with: 'password'
+    click_button 'Login'
+    assert_equal root_url, current_url
+    assert_equal @user, _current_user
+  end
+
+  test 'should redirect back' do
+    visit secret_url
+    assert_equal root_url, current_url
+
+    visit new_session_url
+    fill_in :username_or_email, with: @user.email
+    fill_in :password, with: 'password'
+    click_button 'Login'
+    assert_equal secret_url, current_url
+    assert_equal @user, _current_user
+  end
+
+  test 'should redirect back to url with parameters' do
+    visit secret_url(page: 100)
+    assert_equal root_url, current_url
+
+    visit new_session_url
+    fill_in :username_or_email, with: @user.email
+    fill_in :password, with: 'password'
+    click_button 'Login'
+    assert_equal secret_url(page: 100), current_url
+    assert_equal @user, _current_user
+  end
+end

data/test/integration/recoverable_integration_test.rb

@@ -0,0 +1,96 @@
+require 'test_helper'
+
+class RecoverableIntegrationTest < ActionDispatch::IntegrationTest
+  def setup
+    @user = Fabricate(:user)
+  end
+
+  test 'should work reset password proccess' do
+    Goma.token_generator.stubs(:friendly_token).returns('sesame')
+    visit new_password_url
+    fill_in :username_or_email, with: @user.email
+    assert_difference 'ActionMailer::Base.deliveries.size', 1 do
+      click_button 'Send me reset password instructions'
+    end
+
+    email = ActionMailer::Base.deliveries.last
+    assert_match %r{/passwords/sesame/edit}, email.body.encoded
+
+    visit edit_password_url('sesame')
+    fill_in :user_password, with: 'newpassword'
+    fill_in :user_password_confirmation, with: 'newpassword'
+    click_button 'Change my password'
+    assert_equal root_url, current_url
+    assert_equal @user, _current_user
+
+    @user.reload
+    assert @user.valid_password?('newpassword')
+  end
+
+  test 'should execute validation check' do
+    Goma.token_generator.stubs(:friendly_token).returns('sesame')
+    visit new_password_url
+    fill_in :username_or_email, with: @user.email
+    assert_difference 'ActionMailer::Base.deliveries.size', 1 do
+      click_button 'Send me reset password instructions'
+    end
+
+    mail = ActionMailer::Base.deliveries.last
+    assert_match %r{/passwords/sesame/edit}, mail.body.encoded
+
+    visit edit_password_url('sesame')
+    fill_in :user_password, with: 'short'
+    fill_in :user_password_confirmation, with: 'short'
+    click_button 'Change my password'
+    assert_nil _current_user
+    @user.reload
+    assert @user.valid_password?('password')
+
+    fill_in :user_password, with: 'newpassword'
+    fill_in :user_password_confirmation, with: 'newpassword'
+    click_button 'Change my password'
+    assert_equal root_url, current_url
+    assert_equal @user, _current_user
+
+    @user.reload
+    assert @user.valid_password?('newpassword')
+  end
+
+  test 'should not accept wrong reset password token URL' do
+    Goma.token_generator.stubs(:friendly_token).returns('sesame')
+    visit new_password_url
+    fill_in :username_or_email, with: @user.email
+    click_button 'Send me reset password instructions'
+
+    visit edit_password_url('beans')
+    fill_in :user_password, with: 'newpassword'
+    fill_in :user_password_confirmation, with: 'newpassword'
+    click_button 'Change my password'
+
+    assert_match /You can't change your password in this page without coming from a password reset email/, _flash[:alert]
+    assert_match /Change my password/, page.body, 'should render "passwords/{token}/edit" template'
+
+    @user.reload
+    assert @user.valid_password?('password')
+  end
+
+  test 'should not accept expired reset password token URL' do
+    Goma.token_generator.stubs(:friendly_token).returns('sesame')
+    visit new_password_url
+    fill_in :username_or_email, with: @user.email
+    click_button 'Send me reset password instructions'
+
+    Timecop.travel 7.hours.from_now
+    visit edit_password_url('sesame')
+    fill_in :user_password, with: 'newpassword'
+    fill_in :user_password_confirmation, with: 'newpassword'
+    click_button 'Change my password'
+
+    assert_match /The password reset URL you visited has expired, please request a new one/, _flash[:alert]
+    assert_match /Forget your password\?/, page.body, 'should render "passwords/new" template'
+
+    @user.reload
+    assert @user.valid_password?('password')
+    Timecop.return
+  end
+end

data/test/integration/rememberable_integration_test.rb

@@ -92,4 +92,18 @@ class RememberableIntegrationTest < ActionDispatch::IntegrationTest
       refute request.env['warden'].user(:user)
     end
   end
+
+  test 'should exist remember view element' do
+    visit new_session_url
+    fill_in :username_or_email, with: @user.email
+    fill_in :password, with: 'password'
+    check :remember_me
+    click_button 'Login'
+
+    @user.reload
+    assert_equal root_url, current_url
+    assert_equal @user, _current_user
+    assert _cookies['remember_user_token']
+    assert_equal @user.serialize_into_cookie, _signed_cookie('remember_user_token')
+  end
 end

data/test/models/confirmable_test.rb

@@ -27,7 +27,7 @@ class ConfirmableTest < ActiveSupport::TestCase
     should "load user record with correct activation token" do
       raw_token = @user.raw_confirmation_token
       loaded_user = User.load_from_activation_token!(raw_token)
-      assert_equal @user.id, loaded_user.id
+      assert_equal @user, loaded_user
     end
 
     should "raise exception with incorrect activation token" do
@@ -54,7 +54,7 @@ class ConfirmableTest < ActiveSupport::TestCase
     should "return user record and nil with correct activation token" do
       raw_token = @user.raw_confirmation_token
       loaded_user, error = User.load_from_activation_token_with_error(raw_token)
-      assert_equal @user.id, loaded_user.id
+      assert_equal @user, loaded_user
       assert_nil error
     end
 
@@ -82,7 +82,7 @@ class ConfirmableTest < ActiveSupport::TestCase
     should "return user record with correct activation token" do
       raw_token = @user.raw_confirmation_token
       loaded_user = User.load_from_activation_token(raw_token)
-      assert_equal @user.id, loaded_user.id
+      assert_equal @user, loaded_user
     end
 
     should "return nil with incorrect activation token" do
@@ -148,7 +148,7 @@ class ConfirmableTest < ActiveSupport::TestCase
     should "find user record with correct email confirmation token" do
       raw_token = @user.raw_confirmation_token
       loaded_user = User.load_from_email_confirmation_token!(raw_token)
-      assert_equal @user.id, loaded_user.id
+      assert_equal @user, loaded_user
     end
 
     should "not find user record with incorrect confirmation token" do
@@ -177,7 +177,7 @@ class ConfirmableTest < ActiveSupport::TestCase
     should "return user record and nil with correct email_confirmation token" do
       raw_token = @user.raw_confirmation_token
       loaded_user, error = User.load_from_email_confirmation_token_with_error(raw_token)
-      assert_equal @user.id, loaded_user.id
+      assert_equal @user, loaded_user
       assert_nil error
     end
 
@@ -207,7 +207,7 @@ class ConfirmableTest < ActiveSupport::TestCase
     should "return user record with correct email_confirmation token" do
       raw_token = @user.raw_confirmation_token
       loaded_user = User.load_from_email_confirmation_token(raw_token)
-      assert_equal @user.id, loaded_user.id
+      assert_equal @user, loaded_user
     end
 
     should "return nil with incorrect email_confirmation token" do

data/test/models/omniauthable_test.rb

@@ -7,8 +7,8 @@ class OmniauthableTest < ActiveSupport::TestCase
   end
 
   should "create user from omniauth" do
-    User.any_instance.stubs(:fill_with_omniauth).with(@omniauth)
-    Authentication.any_instance.stubs(:fill_with_omniauth).with(@omniauth)
+    User.any_instance.expects(:fill_with_omniauth).with(@omniauth)
+    Authentication.any_instance.expects(:fill_with_omniauth).with(@omniauth)
 
     u = nil
     assert_difference ['User.count', 'Authentication.count'], 1 do

data/test/rails_app/app/controllers/authentications_controller.rb

@@ -12,4 +12,9 @@ class AuthenticationsController < ApplicationController
     force_login(user)
     redirect_back_or_to root_url, notice: "Successfully authenticated from #{omniauth[:provider]} account."
   end
+
+  def failure
+    flash[:alert] = "Could not authenticate you from #{params[:strategy].capitalize} because \"#{params[:message].humanize}\"."
+    redirect_to new_session_url
+  end
 end

data/test/rails_app/app/controllers/confirmations_controller.rb

@@ -8,8 +8,7 @@ class ConfirmationsController < ApplicationController
   # POST /confirmations
   def create
     @user = User.find_by_identifier(params[:username_or_email])
-    @user.generate_confirmation_token
-    @user.send_activation_needed_email
+    @user.resend_activation_needed_email
 
     redirect_to new_session_url, notice: "We are processing your request. You will receive new activation email in a few minutes."
   end
@@ -39,14 +38,19 @@ class ConfirmationsController < ApplicationController
 
     if @user
       @user.confirm_email!
-      redirect_to edit_user_url, notice: 'Your new email was successfully confirmed.'
+      redirect_to root_url, notice: 'Your new email was successfully confirmed.'
     else
       if err == :token_expired
         flash.now[:alert] = "Your email confirmation URL has expired, please change your email again."
       else
         flash.now[:alert] = "Email confirmation failed. Please make sure you used the full URL provided."
       end
-      render edit_user_url(current_user)
+
+      if current_user
+        render edit_user_url(current_user)
+      else
+        render root_url
+      end
     end
   end
 end

data/test/rails_app/app/controllers/passwords_controller.rb

@@ -16,16 +16,17 @@ class PasswordsController < ApplicationController
 
   # GET /passwords/1/edit
   def edit
-    @reset_password_token = params[:id]
+    @user = User.new
+    @user.raw_reset_password_token = params[:id]
   end
 
   # PATCH/PUT /passwords/1
   def update
-    @user, err = User.load_from_reset_password_token_with_error(params[:id])
+    @user, err = User.load_from_reset_password_token_with_error(params[:user][:raw_reset_password_token])
 
     if @user
       @user.unlock_access! if @user.lockable? && @user.access_locked?
-      @user.change_password!(params[:password], params[:password_confirmation])
+      @user.change_password!(params[:user][:password], params[:user][:password_confirmation])
       force_login(@user)
       redirect_back_or_to root_url, notice: 'Your password was changed successfully. You are now logged in.'
     else
@@ -33,9 +34,13 @@ class PasswordsController < ApplicationController
         flash.now[:alert] = "The password reset URL you visited has expired, please request a new one."
         render :new
       else
-        flash.now[:alert] = "You can't access this page without comming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided."
+        @user = User.new
+        flash.now[:alert] = "You can't change your password in this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided."
         render :edit
       end
     end
+  rescue ActiveRecord::RecordInvalid
+    @user.raw_reset_password_token = params[:user][:raw_reset_password_token]
+    render :edit
   end
 end

data/test/rails_app/app/controllers/unlocks_controller.rb

@@ -4,6 +4,7 @@ class UnlocksController < ApplicationController
   def show
     @user, err = User.load_from_unlock_token_with_error(params[:id])
     if @user
+      @user.unlock_access!
       flash[:notice] = "Your account has been unlocked successfully. Please continue to login."
       redirect_to new_session_url
     else

data/test/rails_app/app/controllers/users_controller.rb

@@ -1,4 +1,5 @@
 class UsersController < ApplicationController
+  before_action :require_user_login, only: [:edit, :update, :destroy]
   before_action :set_user, only: [:show, :edit, :update, :destroy]
 
   # GET /users
@@ -17,6 +18,7 @@ class UsersController < ApplicationController
 
   # GET /users/1/edit
   def edit
+    not_authenticated unless current_user = @user
   end
 
   # POST /users
@@ -26,14 +28,18 @@ class UsersController < ApplicationController
     if @user.save
       redirect_to new_session_url, notice: "You have signed up successfully. However, we could not sign you in because your account is not yet activated. You will receive an email with instructions about how to activate your account in a few minutes."
     else
-      render :new
+      update_email or render :new
     end
   end
 
   # PATCH/PUT /users/1
   def update
+    not_authenticated unless current_user = @user
     if @user.update(user_params)
-      redirect_to @user, notice: 'User was successfully updated.'
+      flash[:notice] = @user.raw_confirmation_token ?
+                       'You updated your account successfully, but we need to verify your new email address. Please check your email and click on the confirmation link to finalize confirming your new email address.' :
+                       'You updated your account successfully'
+      redirect_to @user
     else
       render :edit
     end
@@ -41,6 +47,7 @@ class UsersController < ApplicationController
 
   # DELETE /users/1
   def destroy
+    not_authenticated unless current_user = @user
     @user.destroy
     redirect_to users_url, notice: 'User was successfully destroyed.'
   end
@@ -55,4 +62,20 @@ class UsersController < ApplicationController
     def user_params
       params.require(:user).permit(:username, :email, :password, :password_confirmation)
     end
+
+    def update_email
+      @user = User.find_by(username: params[:user][:username])
+      if @user.activated?
+        return false
+      end
+
+      if ( Time.now <= @user.confirmation_token_sent_at + 259200 ) &&
+        !@user.valid_password?(params[:user][:password])
+        flash[:alert] = 'This username was already registered. If you want to change your email address, please make sure you entered correct password.'
+        return false
+      end
+
+      @user.resend_activation_needed_email(to: params[:user][:email])
+      redirect_to new_session_url
+    end
 end

data/test/rails_app/app/views/confirmations/new.html.erb

@@ -1,9 +1,9 @@
 <h1>Resend activation instructions</h1>
 
-<%= form_tag(:confirmations_url, method: :post) do %>
+<%= form_tag(confirmations_url, method: :post) do %>
   <div class="field">
     <%= label_tag :username_or_email %><br>
-    <%= text_field_tag :username_or_email
+    <%= text_field_tag :username_or_email %>
   </div>
   <div class="actions">
     <%= submit_tag "Resend activation instructions" %>

data/test/rails_app/app/views/layouts/application.html.erb

@@ -7,7 +7,9 @@
   <%= csrf_meta_tags %>
 </head>
 <body>
-
+<% flash.each do |k, v| -%>
+  <%= content_tag :div, v, id: "flash_#{k}" %>
+<% end -%>
 <%= yield %>
 
 </body>

data/test/rails_app/app/views/passwords/edit.html.erb

@@ -1,18 +1,18 @@
 <h1>Change your password</h1>
 
-<%= form_for(@password) do |f| %>
-  <% if @password.errors.any? %>
+<%= form_for(@user, url: password_url, html: {method: :put}) do |f| %>
+  <% if @user && @user.errors.any? %>
     <div id="error_explanation">
-      <h2><%= pluralize(@password.errors.count, "error") %> prohibited this password from being saved:</h2>
+      <h2><%= pluralize(@user.errors.count, "error") %> prohibited this user from being saved:</h2>
 
       <ul>
-      <% @password.errors.full_messages.each do |msg| %>
+      <% @user.errors.full_messages.each do |msg| %>
         <li><%= msg %></li>
       <% end %>
       </ul>
     </div>
   <% end %>
-
+  <%= f.hidden_field :raw_reset_password_token %>
   <div class="field">
     <%= f.label :password %><br>
     <%= f.password_field :password %>
@@ -22,6 +22,6 @@
     <%= f.password_field :password_confirmation %>
   </div>
   <div class="actions">
-    <%= f.submit %>
+    <%= f.submit 'Change my password' %>
   </div>
 <% end %>

data/test/rails_app/app/views/unlocks/new.html.erb

@@ -3,7 +3,7 @@
 <%= form_tag(unlocks_url, method: :post) do %>
   <div class="field">
     <%= label_tag :username_or_email %><br>
-    <%= text_field_tag :username_or_email
+    <%= text_field_tag :username_or_email %>
   </div>
   <div class="actions">
     <%= submit_tag "Resend unlock instructions" %>

data/test/rails_app/app/views/user_mailer/activation_needed_email.text.erb

@@ -3,4 +3,4 @@ Welcome, <%= @user.email %>
 
 You can activate your account through the link below:
 
-<%= activate_confirmation_url(@user.raw_confirmation_token) %>
+<%= confirmation_url(@user.raw_confirmation_token) %>