RubyGems - goma - Versions diffs - 0.0.1.rc2 → 0.0.1.rc3 - Mend

goma 0.0.1.rc2 → 0.0.1.rc3

Files changed (59) hide show

@@ -113,7 +113,7 @@ module Goma
     end
     def not_authenticated
-      redirect_to root_path
+      redirect_to root_path, alert: 'Login required'
     end
   end

data/lib/goma/models/authenticatable.rb CHANGED

@@ -34,7 +34,7 @@ module Goma
         # You don't have to call this method directly.
         # This method is called from the modules defined under {Goma::Models}
         # @return [Object, Symbol] Object load from the token and nil or, if it failed, nil and a symbol which indicates reason
-        def load_from_token_with_error(raw_token, token_attr, token_sent_at_attr, valid_period=nil)
+        def load_from_token_with_error(raw_token, token_attr, token_sent_at_attr=nil, valid_period=nil)
           token = Goma.token_generator.digest(token_attr, raw_token)
           if record = self.find_by(token_attr => token)
             if valid_period.nil? || (Time.new.utc - record.send(token_sent_at_attr) <= valid_period)
@@ -91,8 +91,7 @@ module Goma
           target.module_eval <<-METHOD, __FILE__, __LINE__ + 1
           def load_from_#{purpose}_token_with_error(raw_token)
             token_attr         = goma_config.#{name}_token_attribute_name
-            token_sent_at_attr = goma_config.#{name}_token_sent_at_attribute_name
-            load_from_token_with_error(raw_token, token_attr, token_sent_at_attr)
+            load_from_token_with_error(raw_token, token_attr)
           end
           METHOD
         end
@@ -121,15 +120,25 @@ module Goma
       # instance methods
-      def define_token_generator_method_for(target, purpose)
-        target.module_eval <<-METHOD, __FILE__, __LINE__ + 1
-        def generate_#{purpose}_token
-          raw, enc = Goma.token_generator.generate(self.class, goma_config.#{purpose}_token_attribute_name)
-          self.send(goma_config.#{purpose}_token_to_send_setter, raw)
-          self.send(goma_config.#{purpose}_token_setter, enc)
-          self.send(goma_config.#{purpose}_token_sent_at_setter, Time.now.utc)
+      def define_token_generator_method_for(target, purpose, has_period: true)
+        if has_period
+          target.module_eval <<-METHOD, __FILE__, __LINE__ + 1
+          def generate_#{purpose}_token
+            raw, enc = Goma.token_generator.generate(self.class, goma_config.#{purpose}_token_attribute_name)
+            self.send(goma_config.#{purpose}_token_to_send_setter, raw)
+            self.send(goma_config.#{purpose}_token_setter, enc)
+            self.send(goma_config.#{purpose}_token_sent_at_setter, Time.now.utc)
+          end
+          METHOD
+        else
+          target.module_eval <<-METHOD, __FILE__, __LINE__ + 1
+          def generate_#{purpose}_token
+            raw, enc = Goma.token_generator.generate(self.class, goma_config.#{purpose}_token_attribute_name)
+            self.send(goma_config.#{purpose}_token_to_send_setter, raw)
+            self.send(goma_config.#{purpose}_token_setter, enc)
+          end
+          METHOD
         end
-        METHOD
       end
       def define_send_email_method_for(target, mailer_name, name)

data/lib/goma/models/confirmable.rb CHANGED

@@ -64,7 +64,7 @@ module Goma
       end
       def unactivated_access_allowed_period?
-        period = goma_config.allow_unconfirmed_access_for
+        period = goma_config.allow_unactivated_access_for
         return false if period == 0
         Time.now - created_at < period ? true : false

data/lib/goma/models/lockable.rb CHANGED

@@ -21,7 +21,7 @@ module Goma
         send_unlock_token_email
       end
-      DefinitionHelper.define_token_generator_method_for(self, :unlock)
+      DefinitionHelper.define_token_generator_method_for(self, :unlock, has_period: false)
       DefinitionHelper.define_send_email_method_for(self, :unlock_token, :unlock_token_email)
       def valid_password?(password)
@@ -53,7 +53,6 @@ module Goma
         self.send(goma_config.locked_at_setter, nil)
         self.send(goma_config.failed_attempts_setter, 0)
         self.send(goma_config.unlock_token_setter, nil)
-        self.send(goma_config.unlock_token_sent_at_setter, nil)
         save(validate: false)
       end

data/lib/goma/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Goma
-  VERSION = "0.0.1.rc2"
+  VERSION = "0.0.1.rc3"
 end

data/test/models/lockable_test.rb CHANGED

@@ -7,7 +7,6 @@ class LockableTest < ActiveSupport::TestCase
     user.reload
     assert user.access_locked?
     assert user.unlock_token
-    assert user.unlock_token_sent_at
     assert user.locked_at
   end
@@ -87,7 +86,6 @@ class LockableTest < ActiveSupport::TestCase
     user.reload
     refute user.access_locked?
     assert_nil user.unlock_token
-    assert_nil user.unlock_token_sent_at
     assert_nil user.locked_at
   end

data/test/rails_app/app/controllers/confirmations_controller.rb CHANGED

@@ -41,15 +41,15 @@ class ConfirmationsController < ApplicationController
       redirect_to root_url, notice: 'Your new email was successfully confirmed.'
     else
       if err == :token_expired
-        flash.now[:alert] = "Your email confirmation URL has expired, please change your email again."
+        flash[:alert] = "Your email confirmation URL has expired, please change your email again."
       else
-        flash.now[:alert] = "Email confirmation failed. Please make sure you used the full URL provided."
+        flash[:alert] = "Email confirmation failed. Please make sure you used the full URL provided."
       end
       if current_user
-        render edit_user_url(current_user)
+        redirect_to edit_user_url(current_user)
       else
-        render root_url
+        redirect_to root_url
       end
     end
   end

data/test/rails_app/app/controllers/users_controller.rb CHANGED

@@ -18,7 +18,7 @@ class UsersController < ApplicationController
   # GET /users/1/edit
   def edit
-    not_authenticated unless current_user = @user
+    not_authenticated unless current_user == @user
   end
   # POST /users
@@ -34,7 +34,7 @@ class UsersController < ApplicationController
   # PATCH/PUT /users/1
   def update
-    not_authenticated unless current_user = @user
+    not_authenticated unless current_user == @user
     if @user.update(user_params)
       flash[:notice] = @user.raw_confirmation_token ?
                        'You updated your account successfully, but we need to verify your new email address. Please check your email and click on the confirmation link to finalize confirming your new email address.' :
@@ -47,7 +47,7 @@ class UsersController < ApplicationController
   # DELETE /users/1
   def destroy
-    not_authenticated unless current_user = @user
+    not_authenticated unless current_user == @user
     @user.destroy
     redirect_to users_url, notice: 'User was successfully destroyed.'
   end

data/test/rails_app/app/mailers/user_mailer.rb CHANGED

@@ -1,5 +1,5 @@
 class UserMailer < ActionMailer::Base
-  default from: "please-change-me-at-config-initializers-goma@example.com"
+  default from: Goma.config(:user).mailer_sender
   # Subject can be set in your I18n file at config/locales/en.yml
   # with the following lookup:

data/test/rails_app/config/initializers/goma.rb CHANGED

@@ -35,7 +35,7 @@ Goma.configure do |config|
   # config.activation_mailer_name = nil
   # config.email_confirmation_mailer_name = nil
   # config.confirmation_keys = [ :email ]
-  # config.allow_unconfirmed_access_for = 0
+  # config.allow_unactivated_access_for = 0
   # config.activate_within = 3.days
   # config.activation_needed_email_method_name = :activation_needed_email
   # config.activation_success_email_method_name = :activation_success_email
@@ -78,7 +78,6 @@ Goma.configure do |config|
   # config.unlock_in = 1.hour
   # config.last_attempt_warning = false # TODO not yet implemented
   # config.unlock_token_attribute_name = :unlock_token
-  # config.unlock_token_sent_at_attribute_name = :unlock_token_sent_at
   # config.unlock_token_to_send_attribute_name = :raw_unlock_token
   ####################################################

data/test/rails_app/db/migrate/{20140515111009_create_users.rb → 20140524062919_create_users.rb} RENAMED

@@ -21,7 +21,6 @@ class CreateUsers < ActiveRecord::Migration
       t.integer :failed_attempts, default: 0, null: false
       t.datetime :locked_at
       t.string :unlock_token
-      t.datetime :unlock_token_sent_at
       # Recoverable
       t.string :reset_password_token

data/test/rails_app/db/migrate/{20140515111010_create_authentications.rb → 20140524062920_create_authentications.rb} RENAMED

File without changes

data/test/rails_app/db/schema.rb CHANGED

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(version: 20140515111010) do
+ActiveRecord::Schema.define(version: 20140524062920) do
   create_table "authentications", force: true do |t|
     t.string   "provider"
@@ -37,7 +37,6 @@ ActiveRecord::Schema.define(version: 20140515111010) do
     t.integer  "failed_attempts",              default: 0, null: false
     t.datetime "locked_at"
     t.string   "unlock_token"
-    t.datetime "unlock_token_sent_at"
     t.string   "reset_password_token"
     t.datetime "reset_password_token_sent_at"
     t.integer  "login_count",                  default: 0, null: false

data/test/rails_app/test/controllers/authentications_controller_test.rb ADDED

@@ -0,0 +1,4 @@
+require 'test_helper'
+class AuthenticationsControllerTest < ActionController::TestCase
+end

data/test/rails_app/test/controllers/confirmations_controller_test.rb ADDED

@@ -0,0 +1,127 @@
+require 'test_helper'
+class ConfirmationsControllerTest < ActionController::TestCase
+  setup do
+    @user = users(:unactivated_user)
+  end
+  test "should get new" do
+    get :new
+    assert_response :success
+  end
+  test "should create confirmation" do
+    user = User.create({ username: "username1", email: "user1@example.com", password: "password", password_confirmation: "password" })
+    assert_difference 'ActionMailer::Base.deliveries.size', 1 do
+      post :create, username_or_email: user.email
+    end
+    assert_redirected_to new_session_url
+    assert_match /You will receive new activation email/, flash[:notice]
+  end
+  test "should activate user" do
+    user = User.create({ username: "username2", email: "user2@example.com", password: "password", password_confirmation: "password" })
+    assert_difference 'ActionMailer::Base.deliveries.size', 1 do
+      get :show, id: user.raw_confirmation_token
+    end
+    assert_redirected_to new_session_url
+    assert_match /Your account was successfully activated/, flash[:notice]
+    user.reload
+    assert user.activated?
+  end
+  test "should not activate user with wrong token" do
+    user = User.create({ username: "username3", email: "user3@example.com", password: "password", password_confirmation: "password" })
+    assert_no_difference 'ActionMailer::Base.deliveries.size' do
+      get :show, id: 'oops'
+    end
+    assert_response :success
+    assert_template :new
+    assert_match /Not found any account by this URL/, flash[:alert]
+    user.reload
+    refute user.activated?
+  end
+  test "should not activate user with expired token" do
+    user = User.create({ username: "username4", email: "user4@example.com", password: "password", password_confirmation: "password" })
+    user.update_column(:confirmation_token_sent_at, 4.days.ago)
+    assert_no_difference 'ActionMailer::Base.deliveries.size' do
+      get :show, id: user.raw_confirmation_token
+    end
+    assert_response :success
+    assert_template :new
+    assert_match /Your activation URL has expired/, flash[:alert]
+    user.reload
+    refute user.activated?
+  end
+  test "should confirm email" do
+    user = users(:one)
+    email = user.email
+    user.update(email: 'new@example.com')
+    assert_equal 'new@example.com', user.unconfirmed_email
+    assert_equal email, user.email
+    assert_difference 'ActionMailer::Base.deliveries.size', 1 do
+      get :email, id: user.raw_confirmation_token
+    end
+    assert_redirected_to root_path
+    assert_match /Your new email was successfully confirmed/, flash[:notice]
+    user.reload
+    assert_equal 'new@example.com', user.email
+    assert_nil user.unconfirmed_email
+  end
+  test "should not confirm email with wrong token" do
+    user = users(:one)
+    email = user.email
+    user.update(email: 'new@example.com')
+    assert_equal 'new@example.com', user.unconfirmed_email
+    assert_equal email, user.email
+    assert_no_difference 'ActionMailer::Base.deliveries.size' do
+      get :email, id: 'oops'
+    end
+    assert_redirected_to root_path
+    assert_match /Please make sure you used the full URL provided/, flash[:alert]
+    user.reload
+    assert_equal email, user.email
+    assert_equal 'new@example.com', user.unconfirmed_email
+  end
+  test "should not confirm email with expired token" do
+    user = users(:one)
+    email = user.email
+    user.update(email: 'new@example.com')
+    user.update_column(:confirmation_token_sent_at, 4.days.ago)
+    assert_equal 'new@example.com', user.unconfirmed_email
+    assert_equal email, user.email
+    assert_no_difference 'ActionMailer::Base.deliveries.size' do
+      get :email, id: user.raw_confirmation_token
+    end
+    assert_redirected_to root_path
+    assert_match /Your email confirmation URL has expired/, flash[:alert]
+    user.reload
+    assert_equal email, user.email
+    assert_equal 'new@example.com', user.unconfirmed_email
+  end
+  test "should be redirected to edit_user_url when failed to confirm email with wrong token if logged in" do
+    user = users(:one)
+    force_login(user)
+    user.update(email: 'new@example.com')
+    get :email, id: 'oops'
+    assert_redirected_to edit_user_url(user)
+    assert_match /Please make sure you used the full URL provided/, flash[:alert]
+    user.reload
+  end
+  test "should be redirected to edit_user_url when failed to confirm email with expired token if logged in" do
+    user = users(:one)
+    force_login(user)
+    user.update(email: 'new@example.com')
+    user.update_column(:confirmation_token_sent_at, 4.days.ago)
+    get :email, id: user.raw_confirmation_token
+    assert_redirected_to edit_user_url(user)
+    assert_match /Your email confirmation URL has expired/, flash[:alert]
+  end
+end

data/test/rails_app/test/controllers/passwords_controller_test.rb ADDED

@@ -0,0 +1,65 @@
+require 'test_helper'
+class PasswordsControllerTest < ActionController::TestCase
+  setup do
+    @user = users(:one)
+  end
+  test "should get new" do
+    get :new
+    assert_response :success
+  end
+  test "should resend reset password token with email" do
+    @user.send_reset_password_instructions!
+    reset_password_token = @user.unlock_token
+    assert_difference 'ActionMailer::Base.deliveries.size', 1 do
+      post :create, username_or_email: @user.email
+    end
+    assert_redirected_to new_session_url
+    @user.reload
+    assert_not_equal reset_password_token, @user.reset_password_token
+  end
+  test "should get edit" do
+    @user.send_reset_password_instructions!
+    raw_reset_password_token = @user.raw_reset_password_token
+    get :edit, id: raw_reset_password_token
+    assert_response :success
+    assert_match /<input[^>]*type="hidden"[^>]*value="#{raw_reset_password_token}"/, response.body
+  end
+  test "should update password" do
+    @user.send_reset_password_instructions!
+    raw_reset_password_token = @user.raw_reset_password_token
+    patch :update, id: raw_reset_password_token, user: { raw_reset_password_token: raw_reset_password_token, password: 'newpassword', password_confirmation: 'newpassword' }
+    assert_redirected_to root_path
+    @user.reload
+    assert @user.valid_password? 'newpassword'
+    refute @user.valid_password? 'password'
+  end
+  test "should not update password with wrong token" do
+    @user.send_reset_password_instructions!
+    raw_reset_password_token = @user.raw_reset_password_token
+    patch :update, id: raw_reset_password_token, user: { raw_reset_password_token: 'oops', password: 'newpassword', password_confirmation: 'newpassword' }
+    assert_template :edit
+    assert_match /make sure you used the full URL provided/, flash[:alert]
+    @user.reload
+    refute @user.valid_password? 'newpassword'
+    assert @user.valid_password? 'password'
+  end
+  test "should not update password with expired token" do
+    @user.send_reset_password_instructions!
+    raw_reset_password_token = @user.raw_reset_password_token
+    @user.update_column(:reset_password_token_sent_at, 21601.seconds.ago)
+    patch :update, id: raw_reset_password_token, user: { raw_reset_password_token: raw_reset_password_token, password: 'newpassword', password_confirmation: 'newpassword' }
+    assert_template :new
+    assert_match /The password reset URL you visited has expired/, flash[:alert]
+    @user.reload
+    refute @user.valid_password? 'newpassword'
+    assert @user.valid_password? 'password'
+  end
+end

data/test/rails_app/test/controllers/sessions_controller_test.rb ADDED

@@ -0,0 +1,70 @@
+require 'test_helper'
+class SessionsControllerTest < ActionController::TestCase
+  setup do
+    @user = users(:one)
+  end
+  test "should get new" do
+    get :new
+    assert_response :success
+  end
+  test "should login with username" do
+    refute logged_in?
+    post :create, username_or_email: @user.username, password: 'password'
+    assert logged_in?
+    assert_redirected_to root_path
+    assert_match /Login successful/, flash[:notice]
+  end
+  test "should not login with username with wrong password" do
+    refute logged_in?
+    post :create, username_or_email: @user.username, password: 'wrongpass'
+    refute logged_in?
+    assert_template :new
+    assert_match /Login failed/, flash[:alert]
+  end
+  test "should not login unactivated user with username" do
+    unactivated_user = users(:unactivated_user)
+    refute logged_in?
+    post :create, username_or_email: unactivated_user.username, password: 'password'
+    refute logged_in?
+    assert_template :new
+    assert_match /Not activated/, flash[:alert]
+  end
+  test "should login with email" do
+    refute logged_in?
+    post :create, username_or_email: @user.email, password: 'password'
+    assert logged_in?
+    assert_redirected_to root_path
+    assert_match /Login successful/, flash[:notice]
+  end
+  test "should not login with email with wrong password" do
+    refute logged_in?
+    post :create, username_or_email: @user.email, password: 'wrongpass'
+    refute logged_in?
+    assert_template :new
+    assert_match /Login failed/, flash[:alert]
+  end
+  test "should not login unactivated user with email" do
+    unactivated_user = users(:unactivated_user)
+    refute logged_in?
+    post :create, username_or_email: unactivated_user.email, password: 'password'
+    refute logged_in?
+    assert_template :new
+    assert_match /Not activated/, flash[:alert]
+  end
+  test "should logout user" do
+    force_login(@user)
+    assert logged_in?
+    delete :destroy, id: @user
+    assert_redirected_to root_path
+    assert_match /Logged out/, flash[:notice]
+    refute logged_in?
+  end
+end