janus 0.9.1 → 0.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: efac9f377f862b38faf519a989cdbeccc08251c8
-  data.tar.gz: 40c57afe330efb056c7ed7e2219c5d0968fc0cf6
+  metadata.gz: f73008d3812ab8275c869ee2e9abccaecd4133fb
+  data.tar.gz: 79ddf846b1d04560c7add204300756a21c1e159c
 SHA512:
-  metadata.gz: ff9cd1ececaa6405979cc93693788311c387743951817b49fde59ac7501ac8366b236ae620469ab721d2140dfb87f73c95ed792dec34678fddc62b8240e8ffeb
-  data.tar.gz: 2b94e5e8545101c77a20044ac59fb2b05671cc3943948fe405225db692b2bd7de1f4df06662c77ba5e053fd7e6f031198ab9401c360f6fd187798eb7cf45a699
+  metadata.gz: c781f9e06208ec6eea86da263ee76d89860a910921e458b7e68a64dc003175b49e059d76fb5390b62b55cc904a39b354d828de7678a5cc809aa18b6f9de08079
+  data.tar.gz: b66e7f792b3b5698e8a84b0b9c4fa48d904ea467a59489d115d7adbf61826234b8d8216cb024e44b3ead9a37e2ecc32e4c590603788083e4263df3551f346c75

data/.gitignore

@@ -1,4 +1,5 @@
-doc/
-pkg/
+/doc/
+/pkg/
 *.swp
-gemfiles/*.lock
+/gemfiles/*.lock
+/test/rails_app/db/test.sqlite3-journal

data/.travis.yml

@@ -3,12 +3,12 @@ script: bundle exec rake test
 
 rvm:
   - 1.9.3
-  - 2.1.2
+  - 2.1.5
 
 gemfile:
   - Gemfile
-  - gemfiles/Gemfile.rails-4.0-stable
   - gemfiles/Gemfile.rails-3.2-stable
+  - gemfiles/Gemfile.rails-4.1-stable
   - gemfiles/Gemfile.rails-head
 
 matrix:
@@ -21,3 +21,4 @@ matrix:
 env:
   global:
     - NOKOGIRI_USE_SYSTEM_LIBRARIES=1
+    - CODECLIMATE_REPO_TOKEN=13f6e67dc6be3f749e752a3231502a48ae5e2986a557375da4339fd556031358

data/CHANGELOG.md

@@ -1,8 +1,32 @@
-v0.9.1
+# Change Log
+
+## Unreleased
+
+
+## v0.10.0 - 2014-12-27
+
+### Changed
+
+- Rails 4.2.0 compatibility
+- Confirmations controller now returns 400 or 404 HTTP status codes when
+  failing to find a valid resource for the token (or missing token).
+- The `janus` instance is now accessible in Janus::TestHelper.
+
+### Fixed
+
+- Login failure when password wasn't set (invalid encrypted password).
+
+
+## v0.9.1 - 2014-08-27
+
+### Added
 
-- Fixed compatibility with the latest Rails 4.0 and 4.1 releases that fixed a
-  bug with strong parameters. See 5b5a7e7
 - `Janus::SessionsController#valid_host?(host)` to interrupt a blind redirection
   when `params[:return_to]` is the current host. See b120010.
 
+### Fixed
+
+- Compatibility with the latest Rails 4.0 and 4.1 releases that fixed a
+  bug with strong parameters. See 5b5a7e7
+
 Compare: https://github.com/ysbaddaden/janus/compare/v0.9.0...v0.9.1

data/VERSION

@@ -1 +1 @@
-0.9.1
+0.10.0

data/janus.gemspec

@@ -20,6 +20,7 @@ Gem::Specification.new do |gem|
   gem.add_dependency 'addressable'
 
   gem.add_development_dependency 'rails', '>= 3.0.0'
+  gem.add_development_dependency 'responders', '~> 2.0'
   gem.add_development_dependency 'sqlite3'
   gem.add_development_dependency 'bcrypt'
   gem.add_development_dependency 'scrypt'

data/lib/generators/janus/resource_generator.rb

@@ -71,6 +71,10 @@ module Janus
         route "janus :#{plural_name}, " + controllers.map { |ctrl| ":#{ctrl} => true" }.join(', ')
       end
 
+      def delivery_method
+        Rails.version >= "4.2.0" ? "deliver_later" : "deliver"
+      end
+
       private
         def controllers
           strategies & %w{session registration confirmation password}

data/lib/generators/templates/confirmations_controller.erb

@@ -2,7 +2,7 @@ class <%= class_name.pluralize %>::ConfirmationsController < Janus::Confirmation
   respond_to :html
 
   # def deliver_confirmation_instructions(<%= singular_name %>)
-  #   <%= class_name %>Mailer.confirmation_instructions(<%= singular_name %>).deliver
+  #   <%= class_name %>Mailer.confirmation_instructions(<%= singular_name %>).<%= delivery_method %>
   # end
 
   # def after_resending_confirmation_instructions_url(<%= singular_name %>)

data/lib/generators/templates/passwords_controller.erb

@@ -2,7 +2,7 @@ class <%= class_name.pluralize %>::PasswordsController < Janus::PasswordsControl
   respond_to :html
 
   # def deliver_reset_password_instructions(<%= singular_name %>)
-  #   <%= class_name %>Mailer.reset_password_instructions(<%= singular_name %>).deliver
+  #   <%= class_name %>Mailer.reset_password_instructions(<%= singular_name %>).<%= delivery_method %>
   # end
 
   # def after_password_change_url(<%= singular_name %>)

data/lib/generators/templates/registrations_controller.erb

@@ -2,7 +2,7 @@ class <%= class_name.pluralize %>::RegistrationsController < Janus::Registration
   respond_to :html
 
   # def deliver_confirmation_instructions(<%= singular_name %>)
-  #   <%= class_name %>Mailer.confirmation_instructions(<%= singular_name %>).deliver
+  #   <%= class_name %>Mailer.confirmation_instructions(<%= singular_name %>).<%= delivery_method %>
   # end
 
   # def after_sign_up_url(<%= singular_name %>)

data/lib/janus/controllers/confirmations_controller.rb

@@ -5,30 +5,15 @@ class Janus::ConfirmationsController < ApplicationController
 
   helper JanusHelper
 
-  def show
-    self.resource = resource_class.find_for_confirmation(params[resource_class.confirmation_key])
-
-    if resource
-      resource.confirm!
+  before_filter :load_resource_from_confirmation_token, :only => :show
+  before_filter :load_resource_from_authentication_params, :only => :create
 
-      respond_to do |format|
-        format.html do
-          redirect_to after_confirmation_url(resource),
-            :notice => t('flash.janus.confirmations.edit.confirmed')
-        end
-
-        format.any { head :ok }
-      end
-    else
-      respond_to do |format|
-        format.html do
-          self.resource = resource_class.new
-          resource.errors.add(:base, :invalid_token)
-          render 'new'
-        end
+  def show
+    resource.confirm!
 
-        format.any { head :bad_request }
-      end
+    respond_with_success do
+      redirect_to after_confirmation_url(resource),
+        notice: t('flash.janus.confirmations.edit.confirmed')
     end
   end
 
@@ -38,36 +23,19 @@ class Janus::ConfirmationsController < ApplicationController
   end
 
   def create
-    self.resource = resource_class.find_for_database_authentication(resource_authentication_params)
-
-    if resource
-      deliver_confirmation_instructions(resource)
-
-      respond_to do |format|
-        format.html do
-          redirect_to after_resending_confirmation_instructions_url(resource),
-            :notice => t('flash.janus.confirmations.create.email_sent')
-        end
+    deliver_confirmation_instructions(resource)
 
-        format.any  { head :ok }
-      end
-    else
-      respond_to do |format|
-        format.html do
-          self.resource = resource_class.new
-          resource.errors.add(:base, :not_found)
-          render 'new'
-        end
-
-        format.any { head :not_found }
-      end
+    respond_with_success do
+      redirect_to after_resending_confirmation_instructions_url(resource),
+        notice: t('flash.janus.confirmations.create.email_sent')
     end
   end
 
   # Simple wrapper for Mailer#confirmation_instructions.deliver to
   # allow customization of the email (eg: to pass additional data).
   def deliver_confirmation_instructions(resource)
-    mailer_class.confirmation_instructions(resource).deliver
+    mail = mailer_class.confirmation_instructions(resource)
+    mail.respond_to?(:deliver_later) ? mail.deliver_later : mail.deliver
   end
 
   # Where to redirect after the instructions have been sent.
@@ -79,4 +47,17 @@ class Janus::ConfirmationsController < ApplicationController
   def after_confirmation_url(resource)
     root_url
   end
+
+  private
+
+  def load_resource_from_confirmation_token
+    token = params[resource_class.confirmation_key]
+    self.resource = resource_class.find_for_confirmation(token)
+    respond_with_failure(:invalid_token, :status => :bad_request) unless resource
+  end
+
+  def load_resource_from_authentication_params
+    self.resource = resource_class.find_for_database_authentication(resource_authentication_params)
+    respond_with_failure(:not_found) unless resource
+  end
 end

data/lib/janus/controllers/internal_helpers.rb

@@ -56,5 +56,29 @@ module Janus
     def mailer_class
       @mailer_class ||= (janus_scope.camelize + 'Mailer').constantize
     end
+
+    def respond_with_success(&block)
+      respond_to do |format|
+        format.html(&block)
+        format.any { head :ok }
+      end
+    end
+
+    def respond_with_failure(error, options = {})
+      status = options[:status] || error
+
+      respond_to do |format|
+        format.html do
+          self.resource = initialize_resource
+          resource.errors.add(:base, error)
+          render 'new', status: status
+        end
+        format.any { head status }
+      end
+    end
+
+    def initialize_resource
+      resource_class.new
+    end
   end
 end

data/lib/janus/controllers/passwords_controller.rb

@@ -67,7 +67,8 @@ class Janus::PasswordsController < ApplicationController
   # Simple wrapper for Mailer#reset_password_instructions.deliver to
   # allow customization of the email (eg: to pass additional data).
   def deliver_reset_password_instructions(resource)
-    mailer_class.reset_password_instructions(resource).deliver
+    mail = mailer_class.reset_password_instructions(resource)
+    mail.respond_to?(:deliver_later) ? mail.deliver_later : mail.deliver
   end
 
   # Either redirects the user to after_password_change_url or to

data/lib/janus/controllers/registrations_controller.rb

@@ -48,7 +48,8 @@ class Janus::RegistrationsController < ApplicationController
   # Simple wrapper for Mailer#confirmation_instructions.deliver to
   # allow customization of the email (eg: to pass additional data).
   def deliver_confirmation_instructions(resource)
-    mailer_class.confirmation_instructions(resource).deliver
+    mail = mailer_class.confirmation_instructions(resource)
+    mail.respond_to?(:deliver_later) ? mail.deliver_later : mail.deliver
   end
 
   # Where to redirect after user has registered.

data/lib/janus/controllers/sessions_controller.rb

@@ -1,19 +1,18 @@
 require 'addressable/uri'
 
-# This controller is responsible for creating and destroying
-# authenticated user sessions.
+# This controller is responsible for creating and destroying user sessions.
 #
 # The creation uses the DatabaseAuthenticatable strategy, while the destruction
 # simply destroys any session, whatever strategy it was created with. Janus
-# hooks will be called, of course, allowing to destroy any Rememberable cookies
-# for instance, as well as any user defined behavior.
+# hooks will be called, allowing to destroy any Rememberable cookies as well as
+# any user defined behavior.
 #
 class Janus::SessionsController < ApplicationController
   include Janus::InternalHelpers
-#  include Janus::UrlHelpers
 
   helper JanusHelper
-#  skip_before_filter :authenticate_user!
+
+  before_filter :load_resource_from_authentication_params, :only => :create
 
   def new
     params[:return_to] ||= request.env["HTTP_REFERER"]
@@ -27,35 +26,17 @@ class Janus::SessionsController < ApplicationController
   end
 
   def create
-    self.resource = resource_class.find_for_database_authentication(resource_authentication_params)
-
-    if resource && resource.valid_password?(params[resource_name][:password])
+    if valid_resource?
       janus.login(resource, :scope => janus_scope, :rememberable => params[:remember_me])
-
-      respond_to do |format|
-        format.html { redirect_after_sign_in(resource) }
-        format.any  { head :ok }
-      end
+      respond_with_success { redirect_after_sign_in(resource) }
     else
-      respond_to do |format|
-        format.html do
-          self.resource ||= resource_class.new(resource_authentication_params)
-          resource.clean_up_passwords
-          resource.errors.add(:base, :not_found)
-          render "new", :status => :unauthorized
-        end
-        format.any { head :unauthorized }
-      end
+      respond_with_failure :unauthorized
     end
   end
 
   def destroy
     janus.logout(janus_scope)
-
-    respond_to do |format|
-      format.html { redirect_to after_sign_out_url(janus_scope) }
-      format.any  { head :ok }
-    end
+    respond_with_success { redirect_to after_sign_out_url(janus_scope) }
   end
 
   # An overridable method that returns the default path to return the just
@@ -93,7 +74,7 @@ class Janus::SessionsController < ApplicationController
   # actually returns URL to prevent infinite loops. We must for instance
   # never return to new_sesssion_path.
   #
-  # If you ever needd to override this method, don't forget to call `super`.
+  # If you ever need to override this method, don't forget to call `super`.
   # For instance:
   #
   #   def never_return_to(scope)
@@ -103,8 +84,13 @@ class Janus::SessionsController < ApplicationController
   def never_return_to(scope)
     scope = Janus.scope_for(scope)
     list = [new_session_path(scope)]
+
     begin
-      list + [ destroy_session_path(scope), new_password_path(scope), edit_password_path(scope) ]
+      list + [
+        destroy_session_path(scope),
+        new_password_path(scope),
+        edit_password_path(scope)
+      ]
     rescue NoMethodError
       list
     end
@@ -123,25 +109,41 @@ class Janus::SessionsController < ApplicationController
       unless never_return_to(user).include?(return_to.path)
         # path or same host redirection
         if valid_host?(return_to.host || request.host)
-          redirect_to params[:return_to]
-          return
+          redirect_to params[:return_to] and return
         end
 
         # external host redirection
         if valid_remote_host?(return_to.host)
-          if user.class.include?(Janus::Models::RemoteAuthenticatable)
-            query = return_to.query_values || {}
-            return_to.query_values = query.merge(
-              user.class.remote_authentication_key => user.generate_remote_token!
-            )
-          end
-
-          redirect_to return_to.to_s
-          return
+          add_remote_authentication_key(return_to, user) if user.class.include?(Janus::Models::RemoteAuthenticatable)
+          redirect_to return_to.to_s and return
         end
       end
     end
 
     redirect_to after_sign_in_url(user)
   end
+
+  def add_remote_authentication_key(return_to, user)
+    query = return_to.query_values || {}
+    return_to.query_values = query.merge(
+      user.class.remote_authentication_key => user.generate_remote_token!
+    )
+  end
+
+  private
+
+  def valid_resource?
+    resource && resource.valid_password?(params[resource_name][:password])
+  end
+
+  def initialize_resource
+    resource_class
+      .new(resource_authentication_params)
+      .tap(&:clean_up_passwords)
+  end
+
+  def load_resource_from_authentication_params
+    self.resource = resource_class.find_for_database_authentication(resource_authentication_params)
+    respond_with_failure :unauthorized unless resource
+  end
 end

data/lib/janus/models/database_authenticatable.rb

@@ -57,8 +57,10 @@ module Janus
         when :bcrypt
           ::BCrypt::Password.new(encrypted_password) == salted_password(password)
         when :scrypt
-          ::SCrypt::Password.new(encrypted_password) == salted_password(password)
+          ::SCrypt::Password.new(encrypted_password || "") == salted_password(password)
         end
+      rescue BCrypt::Errors::InvalidHash, SCrypt::Errors::InvalidHash
+        false
       end
 
       # Digests a password using either bcrypt or scrypt (as configured by `config.encryptor`).

data/lib/janus/test_helper.rb

@@ -1,5 +1,7 @@
 module Janus
   module TestHelper
+    attr_reader :janus
+
     def self.included(klass)
       klass.class_eval do
         setup { @janus = Janus::Manager.new(request, cookies) }
@@ -7,23 +9,25 @@ module Janus
     end
 
     def sign_in(user, options = {})
-      @janus.login(user, options)
+      janus.login(user, options)
     end
 
     def sign_out(user_or_scope = nil)
       if user_or_scope
-        @janus.logout(Janus.scope_for(user_or_scope))
+        janus.logout(Janus.scope_for(user_or_scope))
       else
-        @janus.logout
+        janus.logout
       end
     end
 
     def assert_authenticated(scope)
-      assert @janus.authenticated?(scope), "Expected #{scope} to be authenticated."
+      assert janus.authenticated?(scope), "Expected #{scope} to be authenticated."
     end
 
-    def assert_not_authenticated(scope)
-      assert !@janus.authenticated?(scope), "Expected #{scope} to not be authenticated."
+    def refute_authenticated(scope)
+      refute janus.authenticated?(scope), "Expected #{scope} to not be authenticated."
     end
+
+    alias_method :assert_not_authenticated, :refute_authenticated
   end
 end

data/test/functional/janus/mailer_test.rb

@@ -4,7 +4,8 @@ class Janus::MailerTest < ActionMailer::TestCase
   test "reset_password_instructions" do
     users(:julien).generate_reset_password_token!
 
-    mail = UserMailer.reset_password_instructions(users(:julien)).deliver
+    mail = UserMailer.reset_password_instructions(users(:julien))
+    mail.respond_to?(:deliver_now) ? mail.deliver_now : mail.deliver
     assert_equal [users(:julien).email], mail.to
     assert !mail.subject.blank?
 

data/test/functional/janus/manager_test.rb

@@ -52,7 +52,7 @@ class Janus::ManagerTest < ActionController::TestCase
     @janus.login(users(:martha), :scope => :admin)
 
     @janus.logout(:admin)
-    assert_not_nil session['janus']
+    refute_nil session['janus']
 
     @janus.logout(:user)
     assert_nil session['janus']

data/test/functional/users/confirmations_controller_test.rb

@@ -15,7 +15,7 @@ class Users::ConfirmationsControllerTest < ActionController::TestCase
   test "should not get show without token" do
     assert_no_difference('User.count(:confirmed_at)') do
       get :show
-      assert_response :ok
+      assert_response :bad_request
       assert_template 'new'
       assert_select '#error_explanation'
     end
@@ -24,7 +24,7 @@ class Users::ConfirmationsControllerTest < ActionController::TestCase
   test "should not get show with blank token" do
     assert_no_difference('User.count(:confirmed_at)') do
       get :show, :token => ""
-      assert_response :ok
+      assert_response :bad_request
       assert_template 'new'
       assert_select '#error_explanation'
     end
@@ -35,7 +35,7 @@ class Users::ConfirmationsControllerTest < ActionController::TestCase
 
     assert_no_difference('User.count(:confirmed_at)') do
       get :show, :token => "aiorujfqptezjsmdguspfofkn"
-      assert_response :ok
+      assert_response :bad_request
       assert_template 'new'
       assert_select '#error_explanation'
     end
@@ -59,9 +59,9 @@ class Users::ConfirmationsControllerTest < ActionController::TestCase
   test "should not create" do
     assert_no_email do
       post :create, :user => { :email => 'nobody@example.com' }
+      assert_response :not_found
     end
 
-    assert_response :ok
     assert_template 'new'
     assert_select '#error_explanation'
   end

data/test/functional/users/passwords_controller_test.rb

@@ -99,8 +99,8 @@ class Users::PasswordsControllerTest < ActionController::TestCase
 
     users(:julien).reload
 
-    assert_not_nil users(:julien).reset_password_token
-    assert_not_nil users(:julien).reset_password_sent_at
+    refute_nil users(:julien).reset_password_token
+    refute_nil users(:julien).reset_password_sent_at
     assert !users(:julien).valid_password?(@attributes[:password])
   end
 

data/test/functional/users/sessions_controller_test.rb

@@ -19,7 +19,7 @@ class Users::SessionsControllerTest < ActionController::TestCase
     assert_response :ok
     assert_select '#user_email', 1
     assert_select '#user_password', 1
-    assert_select 'input[name=return_to][value=/some/path]', 1
+    assert_select "input[name=return_to][value='/some/path']", 1
   end
 
   test "new should pass return_to" do
@@ -27,7 +27,7 @@ class Users::SessionsControllerTest < ActionController::TestCase
     assert_response :ok
     assert_select '#user_email', 1
     assert_select '#user_password', 1
-    assert_select 'input[name=return_to][value=' + root_path + ']', 1
+    assert_select "input[name=return_to][value='" + root_path + "']", 1
   end
 
   test "should create" do
@@ -68,7 +68,7 @@ class Users::SessionsControllerTest < ActionController::TestCase
     assert_select "#user_email[value='" + users(:julien).email + "']"
     assert_select "#user_password[value='secret']", 0
     assert_select '#error_explanation'
-    assert_not_authenticated(:user)
+    refute_authenticated(:user)
   end
 
   test "should fail to create with bad password" do
@@ -78,7 +78,7 @@ class Users::SessionsControllerTest < ActionController::TestCase
     assert_select "#user_email[value='" + users(:martha).email + "']"
     assert_select "#user_password[value='force me in']", 0
     assert_select '#error_explanation'
-    assert_not_authenticated(:user)
+    refute_authenticated(:user)
   end
 
   test "should fail to create with unknown user" do
@@ -88,7 +88,7 @@ class Users::SessionsControllerTest < ActionController::TestCase
     assert_select "#user_email[value='nobody@localhost']"
     assert_select "#user_password[value='secret']", 0
     assert_select '#error_explanation'
-    assert_not_authenticated(:user)
+    refute_authenticated(:user)
   end
 
   test "should destroy" do
@@ -96,12 +96,12 @@ class Users::SessionsControllerTest < ActionController::TestCase
 
     get :destroy
     assert_redirected_to root_url
-    assert_not_authenticated(:user)
+    refute_authenticated(:user)
   end
 
   test "destroy should silently logout anonymous" do
     get :destroy
     assert_redirected_to root_url
-    assert_not_authenticated(:user)
+    refute_authenticated(:user)
   end
 end

data/test/integration/users/rememberable_test.rb

@@ -14,7 +14,7 @@ class Users::RememberableTest < ActionDispatch::IntegrationTest
 
     sign_out :user
     visit root_url
-    assert_not_authenticated
+    refute_authenticated
   end
 
   test "registration should remember user" do
@@ -27,6 +27,6 @@ class Users::RememberableTest < ActionDispatch::IntegrationTest
 
     sign_out :user
     visit root_url
-    assert_not_authenticated
+    refute_authenticated
   end
 end

data/test/integration/users/remote_test.rb

@@ -6,7 +6,7 @@ class Users::RemoteTest < ActionDispatch::IntegrationTest
   test "service login" do
     # user visits a remote site
     visit blog_url(:host => 'test.host')
-    assert_not_authenticated
+    refute_authenticated
 
     # user clicks the sign in link
     click_link 'sign_in'
@@ -31,7 +31,7 @@ class Users::RemoteTest < ActionDispatch::IntegrationTest
 
     # user visits a remote site
     visit blog_url(:host => 'test.host')
-    assert_not_authenticated
+    refute_authenticated
 
     # user clicks the sign in link of remote site which should redirect her back
     click_link 'sign_in'
@@ -53,7 +53,7 @@ class Users::RemoteTest < ActionDispatch::IntegrationTest
     visit root_url(:host => 'test.host')
 
     # session should have been invalidated
-    assert_not_authenticated
+    refute_authenticated
   end
 
   test "session invalidation should not reset the user session_token" do
@@ -64,7 +64,7 @@ class Users::RemoteTest < ActionDispatch::IntegrationTest
     sign_in users(:julien)
 
     visit root_url(:host => 'test.host')
-    assert_not_authenticated
+    refute_authenticated
 
     visit root_url
     assert_authenticated

data/test/integration/users/token_authenticatable_test.rb

@@ -15,7 +15,7 @@ class Users::TokenAuthenticatableTest < ActionDispatch::IntegrationTest
 
   test "should not sign user with invalid token" do
     visit root_url(:auth_token => 'unknown token')
-    assert_not_authenticated
+    refute_authenticated
   end
 
   test "should reuse token" do
@@ -36,7 +36,7 @@ class Users::TokenAuthenticatableTest < ActionDispatch::IntegrationTest
       sign_out :user
 
       visit root_url(:auth_token => token)
-      assert_not_authenticated
+      refute_authenticated
     end
   end
 end

data/test/integration/users/trackable_test.rb

@@ -6,7 +6,7 @@ class Users::TrackableTest < ActionDispatch::IntegrationTest
   test "should track user" do
     current_sign_in_at = users(:julien).reload.current_sign_in_at
     sign_in users(:julien)
-    assert_not_equal current_sign_in_at, users(:julien).reload.current_sign_in_at
+    refute_equal current_sign_in_at, users(:julien).reload.current_sign_in_at
   end
 
   test "remote authentication should not track user" do

data/test/rails_app/config/application.rb

@@ -39,5 +39,8 @@ module RailsApp
 
     # Configure sensitive parameters which will be filtered from the log file.
     config.filter_parameters += [:current_password, :password, :password_confirmation]
+
+    # GlobalId chokes on app names with underscores
+    config.global_id.app = "rails-app" if config.respond_to?(:global_id)
   end
 end

data/test/rails_app/config/environments/test.rb

@@ -31,4 +31,6 @@ RailsApp::Application.configure do
 
   # Print deprecation notices to the stderr
   config.active_support.deprecation = :stderr
+
+  config.active_support.test_order = :random
 end

data/test/rails_app/db/migrate/20130412104138_create_admins.rb

@@ -4,7 +4,7 @@ class CreateAdmins < ActiveRecord::Migration
       t.string :email
       t.string :encrypted_password
 
-      t.timestamps
+      t.timestamps :null => true
     end
   end
 end

data/test/test_helper.rb

@@ -1,9 +1,16 @@
 ENV["RAILS_ENV"] = "test"
 
+begin
+  require 'codeclimate-test-reporter'
+  CodeClimate::TestReporter.start
+rescue LoadError
+end
+
 require File.expand_path('../rails_app/config/environment', __FILE__)
 require 'rails/test_help'
 require 'capybara/rails'
 require 'minitest/mock'
+require 'minitest/pride'
 
 ActiveRecord::Migration.verbose = false
 ActiveRecord::Migrator.migrate(Rails.root.join('db', 'migrate').to_s)
@@ -102,7 +109,7 @@ class ActionDispatch::IntegrationTest
     assert has_selector?("a#my_page"), "Expected user to be authenticated."
   end
 
-  def assert_not_authenticated
+  def refute_authenticated
     assert has_selector?("a#sign_in"), "Expected user to not be authenticated."
   end
 

data/test/unit/confirmable_test.rb

@@ -7,8 +7,8 @@ class ConfirmableTest < ActiveSupport::TestCase
 
   test "generate_confirmation_token" do
     @user.generate_confirmation_token
-    assert_not_nil @user.confirmation_token
-    assert_not_nil @user.confirmation_sent_at
+    refute_nil @user.confirmation_token
+    refute_nil @user.confirmation_sent_at
     assert_nil @user.confirmed_at
 
     @user.reload
@@ -22,7 +22,7 @@ class ConfirmableTest < ActiveSupport::TestCase
     @user.confirm!
     assert_nil @user.confirmation_token
     assert_nil @user.confirmation_sent_at
-    assert_not_nil @user.confirmed_at
+    refute_nil @user.confirmed_at
   end
 
   test "find_for_confirmation" do

data/test/unit/rememberable_test.rb

@@ -7,8 +7,8 @@ class RememberableTest < ActiveSupport::TestCase
 
   test "remember_token" do
     @user.remember_me!
-    assert_not_nil @user.remember_token
-    assert_not_nil @user.remember_created_at
+    refute_nil @user.remember_token
+    refute_nil @user.remember_created_at
 
     @user.forget_me!
     assert_nil @user.remember_token
@@ -19,7 +19,7 @@ class RememberableTest < ActiveSupport::TestCase
     @user.remember_me!
     token = @user.remember_token
     @user.remember_me!
-    assert_not_equal token, @user.remember_token
+    refute_equal token, @user.remember_token
   end
 
   test "find_for_remember_authentication" do

data/test/unit/remote_authenticatable_test.rb

@@ -7,7 +7,7 @@ class RemoteAuthenticatableTest < ActiveSupport::TestCase
 
   test "session token" do
     @user.generate_session_token!
-    assert_not_nil @user.session_token
+    refute_nil @user.session_token
 
     @user.destroy_session_token!
     assert_nil @user.session_token

data/test/unit/remote_token_test.rb

@@ -4,6 +4,6 @@ class RemoteTokenTest < ActiveSupport::TestCase
   test "should create" do
     remote_token = RemoteToken.create(:user => users(:julien))
     assert remote_token.persisted?, remote_token.errors.to_xml
-    assert_not_nil remote_token.token
+    refute_nil remote_token.token
   end
 end

data/test/unit/reset_password_test.rb

@@ -8,8 +8,8 @@ class ResetPasswordTest < ActiveSupport::TestCase
   test "generate reset password token" do
     assert @user.generate_reset_password_token!
     assert @user.persisted?
-    assert_not_nil @user.reset_password_token
-    assert_not_nil @user.reset_password_sent_at
+    refute_nil @user.reset_password_token
+    refute_nil @user.reset_password_sent_at
   end
 
   test "reset password" do
@@ -25,8 +25,8 @@ class ResetPasswordTest < ActiveSupport::TestCase
     @user.generate_reset_password_token!
     user = User.find_for_password_reset(@user.reset_password_token)
     assert_equal @user, user
-    assert_not_nil user.reset_password_token
-    assert_not_nil user.reset_password_sent_at
+    refute_nil user.reset_password_token
+    refute_nil user.reset_password_sent_at
   end
 
   test "should not find user with bad tokens" do

data/test/unit/trackable_test.rb

@@ -7,15 +7,15 @@ class TrackableTest < ActiveSupport::TestCase
 
     assert_nil     users(:julien).last_sign_in_at
     assert_nil     users(:julien).last_sign_in_ip
-    assert_not_nil users(:julien).current_sign_in_at
+    refute_nil users(:julien).current_sign_in_at
     assert_equal '127.0.0.1', users(:julien).current_sign_in_ip
 
     users(:julien).track!('127.0.0.2')
     users(:julien).reload
 
-    assert_not_nil users(:julien).last_sign_in_at
-    assert_not_nil users(:julien).last_sign_in_ip
-    assert_not_nil users(:julien).current_sign_in_at
+    refute_nil users(:julien).last_sign_in_at
+    refute_nil users(:julien).last_sign_in_ip
+    refute_nil users(:julien).current_sign_in_at
     assert_equal '127.0.0.2', users(:julien).current_sign_in_ip
   end
 end

data/test/unit/user_test.rb

@@ -7,6 +7,7 @@ class UserTest < ActiveSupport::TestCase
 
   test "valid_password?" do
     user = User.new(:password => "azerty")
+    refute user.valid_password?("secret")
     assert user.valid_password?("azerty")
     refute user.valid_password?("secret")
 
@@ -22,6 +23,16 @@ class UserTest < ActiveSupport::TestCase
     end
   end
 
+  test "valid_password? without encrypted password" do
+    refute User.new.valid_password?("")
+    refute User.new.valid_password?("secret")
+
+    with_encryptor :scrypt do
+      refute User.new.valid_password?("")
+      refute User.new.valid_password?("some lame guessing")
+    end
+  end
+
   test "should validate current_password on update" do
     @user.update_attributes(:email => 'julien@example.fr', :current_password => 'secret')
     assert @user.persisted?, @user.errors.to_xml
@@ -33,7 +44,7 @@ class UserTest < ActiveSupport::TestCase
   test "password" do
     user = User.new(:password => "my pwd")
     assert_equal "my pwd", user.password
-    assert_not_nil user.encrypted_password
+    refute_nil user.encrypted_password
   end
 
   test "should confirm password" do
@@ -46,12 +57,12 @@ class UserTest < ActiveSupport::TestCase
 
   test "clean_up_passwords" do
     user = User.new(:email => 'julien@example.com', :password => 'abc', :password_confirmation => 'def')
-    assert_not_nil user.email
-    assert_not_nil user.password
-    assert_not_nil user.password_confirmation
+    refute_nil user.email
+    refute_nil user.password
+    refute_nil user.password_confirmation
 
     user.clean_up_passwords
-    assert_not_nil user.email
+    refute_nil user.email
     assert_nil user.password
     assert_nil user.password_confirmation
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: janus
 version: !ruby/object:Gem::Version
-  version: 0.9.1
+  version: 0.10.0
 platform: ruby
 authors:
 - Julien Portalier
@@ -30,7 +30,7 @@ cert_chain:
   KVqCN//9bevjMk5OiMi9X3Wu/GtVWDwC6OTWFWKd54KgbuWlakO8LC1SMmStnCIF
   W4qpyMWMZMcB4ZN/0mUVzY5xwrislBtsmQVUSw==
   -----END CERTIFICATE-----
-date: 2014-08-27 00:00:00.000000000 Z
+date: 2014-12-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -60,6 +60,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 3.0.0
+- !ruby/object:Gem::Dependency
+  name: responders
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement