has_editable_password 0.0.3 → 0.1.0

checksums.yaml

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    YTZhOWU5OTA1YzJkYTU5MmFiYWQyMWYxMWYyMjQyZjczZDA0Y2RhNg==
+    YjE0YjFiMmY0YzBhMTk5YWUwMDAxNGJiMGEyZmY5OWJiYzY1NWE5OQ==
   data.tar.gz: !binary |-
-    MTc5ZjRjNDMzOTE0OWQ1OTU3NmVlYWRlNGZlY2EyYTU1NjZjM2QxZA==
+    MjE2MjYyZjA1NTRlYmUxZjE5MmQ2YTI2ZDUyOWNlZmFiYjUxOTc2Mw==
 SHA512:
   metadata.gz: !binary |-
-    YTc1NTFiODYxZmUwZmUxYTM3MDMwZWZmNTE2NTJlMDE4MmEzMzk1ZmM0OTg3
-    MmZlYmRhNzdiNjMyNmUyNmJlMjkwMGUzZTk4YTE1NzZjNGZmNmJmYzQ2MTE5
-    Y2UyMWQzOTAyZmE5MzBlZGI0ZjMyZDMwZTU5OGVhMWYzZmU1ZTg=
+    M2U1MGQ0NDUxMzdjYmRlMWQzNGU4MGRmYmEwZTYzYWQ0NzhhYjdiMzRmMTNl
+    OWRlZDZlYWRiY2VjOTRiNDYzYjBmMjZhZTZkZTMxMWQ1NDliMTNkZWUxNWVl
+    YmU2NzI2ZWEzOGQ4OThkNmE2OTY0MmJmZjJlMjM4ZTljZmEwYjI=
   data.tar.gz: !binary |-
-    MjIxZTNmMjMwNTI2ZTcxMWEyNTFjMGNkM2EyMTgyOWJjNDdmMzA3MmRlY2Zm
-    NzMwMzk0N2VjNjRkOWJhMjRhOTI1MzllZGU4MGYzNjk2YzI0N2E0ZjEwMjM0
-    MjY3YTEzMDEyMDVmZjQ4ZTc0MjM1OWUxODNiMTg3ZWQyNWM4ZDc=
+    ZDMyZTJhNmQ4YmFkZjY3NWZjMTdmYTFjZjIxMTU2MGY3ZDg3NWU3OGY3NDdl
+    MWY5ZDc5MWJiYjYzMTBlMjMxOWE2MTVmMjljODMwZDgzNmY4YmY5YTAyYWJk
+    ZjMzNTMxOWI4ZWNkN2ZiYjE1MGZlNTFmZDE3OTM0YmM5NTZkYmY=

data/lib/has_editable_password.rb

@@ -15,11 +15,30 @@ module HasEditablePassword
     validate :password_change, on: :update, if: :password_digest_changed?
 
     def password=(value)
-      @old_password_digest = self.password_digest unless @old_password_digest or self.password_digest.blank?
+      @old_password_digest = password_digest unless @old_password_digest or password_digest.blank?
+
+      unless password_digest.blank? or password_digest_changed?
+        self.previous_password_digest = password_digest if respond_to? :previous_password_digest=
+        self.password_digest_updated = Time.now if respond_to? :password_digest_updated=
+      end
+
       super(value)
     end
   end
 
+  ##
+  # Creates a new +password_recovery_token+
+  #
+  # If a token was already there it is discarded. Also sets
+  # +password_recovery_token_creation+ to the current time.
+  # Unless specified it calls +save+ to store the token in the database.
+  #
+  # options[:length] - this is the length of the SecureRandom string generated
+  #   as the token. Since the token is base64_encoded it will be longer than
+  #   that. Default is 32.
+  # options[:save] - you can use this if you don't want save to be called.
+  #   generate_recovery_token(save: false)
+  #
   def generate_recovery_token(options = {})
     token = SecureRandom.urlsafe_base64(options.delete(:length) || 32)
     self.password_recovery_token = BCrypt::Password.create(token)
@@ -28,10 +47,17 @@ module HasEditablePassword
     token
   end
 
+  ##
+  # Returns true if the +recovery_token+ matches with the stored one and the
+  # token creation time is less than 24 hours ago
+  #
   def valid_recovery_token?
     recovery_token_match? and !recovery_token_expired?
   end
 
+  ##
+  # Returns true if +current_password+ matches the stored +password_digest+.
+  #
   def current_password_match?
     if @current_password
       if @old_password_digest

data/lib/version.rb

@@ -1 +1 @@
-VERSION = '0.0.3'
+VERSION = '0.1.0'

data/spec/has_editable_password_spec.rb

@@ -33,6 +33,48 @@ describe HasEditablePassword do
       user.password = 'secret'
       expect(BCrypt::Password.new(user.password_digest)).to eq 'secret'
     end
+
+    context 'previous_password_digest= exists' do
+      it 'sets the previous_password_digest field' do
+        expect(user).to receive :previous_password_digest=
+        user.password = 'new_secret'
+      end
+    end
+
+    context 'previous_password_digest= does not exist' do
+      before { user.stub(:respond_to?).and_return false }
+
+      it 'does not set the previous_password_digest field' do
+        expect(user).to_not receive :previous_password_digest=
+        user.password = 'new_secret'
+      end
+    end
+
+    context 'password_digest_updated= exists' do
+      it 'sets the password_digest_updated field' do
+        expect(user).to receive(:password_digest_updated=)
+        user.password = 'new_secret'
+      end
+    end
+
+    context 'password_digest_updated= does not exist' do
+      before { user.stub(:respond_to?).and_return false }
+
+      it 'does not set the password_digest_updated field' do
+        expect(user).to_not receive(:password_digest_updated=)
+        user.password = 'new_secret'
+      end
+    end
+
+    it 'only updates the previous_password and password_updated fields once' do
+      user.password = 'new_secret'
+      user.stub(:password_digest_changed?).and_return true
+      user.password = 'banana'
+
+      # Twice just to improve comprension
+      expect(BCrypt::Password.new(user.previous_password_digest)).to_not eq 'new_secret'
+      expect(BCrypt::Password.new(user.previous_password_digest)).to eq 'secret'
+    end
   end
 
   describe '#generate_recovery_token' do

data/spec/spec_helper.rb

@@ -19,6 +19,8 @@ class User
   attr_accessor :password_digest
   attr_accessor :password_recovery_token
   attr_accessor :password_recovery_token_creation
+  attr_accessor :previous_password_digest
+  attr_accessor :password_digest_updated
 
   def initialize(hash = {})
     hash.each do |k, v|
@@ -26,13 +28,8 @@ class User
     end
   end
 
-  def attributes
-    keys = [ 'password', 'password_confirmation' ]
-    values = keys.map do |k|
-      send(k)
-    end
-
-    Hash[keys.zip(values)]
+  def password_digest_changed?
+    false
   end
 
   def save

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: has_editable_password
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.1.0
 platform: ruby
 authors:
 - Francesco Boffa