jcnetdev-restful-authentication 1.0.20080704
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG +68 -0
- data/README +176 -0
- data/Rakefile +22 -0
- data/TODO +15 -0
- data/generators/authenticated/USAGE +1 -0
- data/generators/authenticated/authenticated_generator.rb +478 -0
- data/generators/authenticated/lib/insert_routes.rb +50 -0
- data/generators/authenticated/templates/_model_partial.html.erb +8 -0
- data/generators/authenticated/templates/activation.html.erb +3 -0
- data/generators/authenticated/templates/authenticated_system.rb +187 -0
- data/generators/authenticated/templates/authenticated_test_helper.rb +22 -0
- data/generators/authenticated/templates/controller.rb +43 -0
- data/generators/authenticated/templates/helper.rb +2 -0
- data/generators/authenticated/templates/login.html.erb +16 -0
- data/generators/authenticated/templates/mailer.rb +25 -0
- data/generators/authenticated/templates/migration.rb +26 -0
- data/generators/authenticated/templates/model.rb +69 -0
- data/generators/authenticated/templates/model_controller.rb +86 -0
- data/generators/authenticated/templates/model_helper.rb +93 -0
- data/generators/authenticated/templates/model_helper_spec.rb +158 -0
- data/generators/authenticated/templates/observer.rb +11 -0
- data/generators/authenticated/templates/signup.html.erb +19 -0
- data/generators/authenticated/templates/signup_notification.html.erb +8 -0
- data/generators/authenticated/templates/site_keys.rb +38 -0
- data/generators/authenticated/templates/spec/controllers/access_control_spec.rb +90 -0
- data/generators/authenticated/templates/spec/controllers/authenticated_system_spec.rb +101 -0
- data/generators/authenticated/templates/spec/controllers/sessions_controller_spec.rb +139 -0
- data/generators/authenticated/templates/spec/controllers/users_controller_spec.rb +198 -0
- data/generators/authenticated/templates/spec/fixtures/users.yml +60 -0
- data/generators/authenticated/templates/spec/helpers/users_helper_spec.rb +141 -0
- data/generators/authenticated/templates/spec/models/user_spec.rb +290 -0
- data/generators/authenticated/templates/stories/rest_auth_stories.rb +22 -0
- data/generators/authenticated/templates/stories/rest_auth_stories_helper.rb +81 -0
- data/generators/authenticated/templates/stories/steps/ra_navigation_steps.rb +49 -0
- data/generators/authenticated/templates/stories/steps/ra_resource_steps.rb +179 -0
- data/generators/authenticated/templates/stories/steps/ra_response_steps.rb +171 -0
- data/generators/authenticated/templates/stories/steps/user_steps.rb +153 -0
- data/generators/authenticated/templates/stories/users/accounts.story +186 -0
- data/generators/authenticated/templates/stories/users/sessions.story +134 -0
- data/generators/authenticated/templates/test/functional_test.rb +88 -0
- data/generators/authenticated/templates/test/mailer_test.rb +31 -0
- data/generators/authenticated/templates/test/model_functional_test.rb +99 -0
- data/generators/authenticated/templates/test/unit_test.rb +164 -0
- data/init.rb +1 -0
- data/lib/authentication.rb +43 -0
- data/lib/authentication/by_cookie_token.rb +85 -0
- data/lib/authentication/by_password.rb +65 -0
- data/lib/authorization.rb +15 -0
- data/lib/authorization/aasm_roles.rb +64 -0
- data/lib/authorization/stateful_roles.rb +63 -0
- data/lib/trustification.rb +15 -0
- data/lib/trustification/email_validation.rb +20 -0
- data/rails/init.rb +3 -0
- data/restful-authentication.gemspec +74 -0
- metadata +116 -0
@@ -0,0 +1,153 @@
|
|
1
|
+
require File.dirname(__FILE__) + '/../helper'
|
2
|
+
|
3
|
+
RE_<%= file_name.capitalize %> = %r{(?:(?:the )? *(\w+) *)}
|
4
|
+
RE_<%= file_name.capitalize %>_TYPE = %r{(?: *(\w+)? *)}
|
5
|
+
steps_for(:<%= file_name %>) do
|
6
|
+
|
7
|
+
#
|
8
|
+
# Setting
|
9
|
+
#
|
10
|
+
|
11
|
+
Given "an anonymous <%= file_name %>" do
|
12
|
+
log_out!
|
13
|
+
end
|
14
|
+
|
15
|
+
Given "$an $<%= file_name %>_type <%= file_name %> with $attributes" do |_, <%= file_name %>_type, attributes|
|
16
|
+
create_<%= file_name %>! <%= file_name %>_type, attributes.to_hash_from_story
|
17
|
+
end
|
18
|
+
|
19
|
+
Given "$an $<%= file_name %>_type <%= file_name %> named '$login'" do |_, <%= file_name %>_type, login|
|
20
|
+
create_<%= file_name %>! <%= file_name %>_type, named_<%= file_name %>(login)
|
21
|
+
end
|
22
|
+
|
23
|
+
Given "$an $<%= file_name %>_type <%= file_name %> logged in as '$login'" do |_, <%= file_name %>_type, login|
|
24
|
+
create_<%= file_name %>! <%= file_name %>_type, named_<%= file_name %>(login)
|
25
|
+
log_in_<%= file_name %>!
|
26
|
+
end
|
27
|
+
|
28
|
+
Given "$actor is logged in" do |_, login|
|
29
|
+
log_in_<%= file_name %>! @<%= file_name %>_params || named_<%= file_name %>(login)
|
30
|
+
end
|
31
|
+
|
32
|
+
Given "there is no $<%= file_name %>_type <%= file_name %> named '$login'" do |_, login|
|
33
|
+
@<%= file_name %> = <%= class_name %>.find_by_login(login)
|
34
|
+
@<%= file_name %>.destroy! if @<%= file_name %>
|
35
|
+
@<%= file_name %>.should be_nil
|
36
|
+
end
|
37
|
+
|
38
|
+
#
|
39
|
+
# Actions
|
40
|
+
#
|
41
|
+
When "$actor logs out" do
|
42
|
+
log_out
|
43
|
+
end
|
44
|
+
|
45
|
+
When "$actor registers an account as the preloaded '$login'" do |_, login|
|
46
|
+
<%= file_name %> = named_<%= file_name %>(login)
|
47
|
+
<%= file_name %>['password_confirmation'] = <%= file_name %>['password']
|
48
|
+
create_<%= file_name %> <%= file_name %>
|
49
|
+
end
|
50
|
+
|
51
|
+
When "$actor registers an account with $attributes" do |_, attributes|
|
52
|
+
create_<%= file_name %> attributes.to_hash_from_story
|
53
|
+
end
|
54
|
+
<% if options[:include_activation] %>
|
55
|
+
When "$actor activates with activation code $attributes" do |_, activation_code|
|
56
|
+
activation_code = '' if activation_code == 'that is blank'
|
57
|
+
activate
|
58
|
+
end<% end %>
|
59
|
+
|
60
|
+
When "$actor logs in with $attributes" do |_, attributes|
|
61
|
+
log_in_<%= file_name %> attributes.to_hash_from_story
|
62
|
+
end
|
63
|
+
|
64
|
+
#
|
65
|
+
# Result
|
66
|
+
#
|
67
|
+
Then "$actor should be invited to sign in" do |_|
|
68
|
+
response.should render_template('/<%= controller_file_path %>/new')
|
69
|
+
end
|
70
|
+
|
71
|
+
Then "$actor should not be logged in" do |_|
|
72
|
+
controller.logged_in?.should_not be_true
|
73
|
+
end
|
74
|
+
|
75
|
+
Then "$login should be logged in" do |login|
|
76
|
+
controller.logged_in?.should be_true
|
77
|
+
controller.current_<%= file_name %>.should === @<%= file_name %>
|
78
|
+
controller.current_<%= file_name %>.login.should == login
|
79
|
+
end
|
80
|
+
|
81
|
+
end
|
82
|
+
|
83
|
+
def named_<%= file_name %> login
|
84
|
+
<%= file_name %>_params = {
|
85
|
+
'admin' => {'id' => 1, 'login' => 'addie', 'password' => '1234addie', 'email' => 'admin@example.com', },
|
86
|
+
'oona' => { 'login' => 'oona', 'password' => '1234oona', 'email' => 'unactivated@example.com'},
|
87
|
+
'reggie' => { 'login' => 'reggie', 'password' => 'monkey', 'email' => 'registered@example.com' },
|
88
|
+
}
|
89
|
+
<%= file_name %>_params[login.downcase]
|
90
|
+
end
|
91
|
+
|
92
|
+
#
|
93
|
+
# <%= class_name %> account actions.
|
94
|
+
#
|
95
|
+
# The ! methods are 'just get the job done'. It's true, they do some testing of
|
96
|
+
# their own -- thus un-DRY'ing tests that do and should live in the <%= file_name %> account
|
97
|
+
# stories -- but the repetition is ultimately important so that a faulty test setup
|
98
|
+
# fails early.
|
99
|
+
#
|
100
|
+
|
101
|
+
def log_out
|
102
|
+
get '/<%= controller_file_path %>/destroy'
|
103
|
+
end
|
104
|
+
|
105
|
+
def log_out!
|
106
|
+
log_out
|
107
|
+
response.should redirect_to('/')
|
108
|
+
follow_redirect!
|
109
|
+
end
|
110
|
+
|
111
|
+
def create_<%= file_name %>(<%= file_name %>_params={})
|
112
|
+
@<%= file_name %>_params ||= <%= file_name %>_params
|
113
|
+
post "/<%= model_controller_file_path %>", :<%= file_name %> => <%= file_name %>_params
|
114
|
+
@<%= file_name %> = <%= class_name %>.find_by_login(<%= file_name %>_params['login'])
|
115
|
+
end
|
116
|
+
|
117
|
+
def create_<%= file_name %>!(<%= file_name %>_type, <%= file_name %>_params)
|
118
|
+
<%= file_name %>_params['password_confirmation'] ||= <%= file_name %>_params['password'] ||= <%= file_name %>_params['password']
|
119
|
+
create_<%= file_name %> <%= file_name %>_params
|
120
|
+
response.should redirect_to('/')
|
121
|
+
follow_redirect!
|
122
|
+
<% if options[:include_activation] %>
|
123
|
+
# fix the <%= file_name %>'s activation status
|
124
|
+
activate_<%= file_name %>! if <%= file_name %>_type == 'activated'<% end %>
|
125
|
+
end
|
126
|
+
|
127
|
+
<% if options[:include_activation] %>
|
128
|
+
def activate_<%= file_name %> activation_code=nil
|
129
|
+
activation_code = @<%= file_name %>.activation_code if activation_code.nil?
|
130
|
+
get "/activate/#{activation_code}"
|
131
|
+
end
|
132
|
+
|
133
|
+
def activate_<%= file_name %>! *args
|
134
|
+
activate_<%= file_name %> *args
|
135
|
+
response.should redirect_to('/login')
|
136
|
+
follow_redirect!
|
137
|
+
response.should have_flash("notice", /Signup complete!/)
|
138
|
+
end<% end %>
|
139
|
+
|
140
|
+
def log_in_<%= file_name %> <%= file_name %>_params=nil
|
141
|
+
@<%= file_name %>_params ||= <%= file_name %>_params
|
142
|
+
<%= file_name %>_params ||= @<%= file_name %>_params
|
143
|
+
post "/<%= controller_routing_path %>", <%= file_name %>_params
|
144
|
+
@<%= file_name %> = <%= class_name %>.find_by_login(<%= file_name %>_params['login'])
|
145
|
+
controller.current_<%= file_name %>
|
146
|
+
end
|
147
|
+
|
148
|
+
def log_in_<%= file_name %>! *args
|
149
|
+
log_in_<%= file_name %> *args
|
150
|
+
response.should redirect_to('/')
|
151
|
+
follow_redirect!
|
152
|
+
response.should have_flash("notice", /Logged in successfully/)
|
153
|
+
end
|
@@ -0,0 +1,186 @@
|
|
1
|
+
Visitors should be in control of creating an account and of proving their
|
2
|
+
essential humanity/accountability or whatever it is people think the
|
3
|
+
id-validation does. We should be fairly skeptical about this process, as the
|
4
|
+
identity+trust chain starts here.
|
5
|
+
|
6
|
+
Story: Creating an account
|
7
|
+
As an anonymous <%= file_name %>
|
8
|
+
I want to be able to create an account
|
9
|
+
So that I can be one of the cool kids
|
10
|
+
|
11
|
+
#
|
12
|
+
# Account Creation: Get entry form
|
13
|
+
#
|
14
|
+
Scenario: Anonymous <%= file_name %> can start creating an account
|
15
|
+
Given an anonymous <%= file_name %>
|
16
|
+
When she goes to /signup
|
17
|
+
Then she should be at the '<%= model_controller_routing_path %>/new' page
|
18
|
+
And the page should look AWESOME
|
19
|
+
And she should see a <form> containing a textfield: Login, textfield: Email, password: Password, password: 'Confirm Password', submit: 'Sign up'
|
20
|
+
|
21
|
+
#
|
22
|
+
# Account Creation
|
23
|
+
#
|
24
|
+
Scenario: Anonymous <%= file_name %> can create an account
|
25
|
+
Given an anonymous <%= file_name %>
|
26
|
+
And no <%= file_name %> with login: 'Oona' exists
|
27
|
+
When she registers an account as the preloaded 'Oona'
|
28
|
+
Then she should be redirected to the home page
|
29
|
+
When she follows that redirect!
|
30
|
+
Then she should see a notice message 'Thanks for signing up!'
|
31
|
+
And a <%= file_name %> with login: 'oona' should exist
|
32
|
+
And the <%= file_name %> should have login: 'oona', and email: 'unactivated@example.com'
|
33
|
+
<% if options[:include_activation] %>
|
34
|
+
And the <%= file_name %>'s activation_code should not be nil
|
35
|
+
And the <%= file_name %>'s activated_at should be nil
|
36
|
+
And she should not be logged in
|
37
|
+
<% else %>
|
38
|
+
And oona should be logged in
|
39
|
+
<% end %>
|
40
|
+
|
41
|
+
#
|
42
|
+
# Account Creation Failure: Account exists
|
43
|
+
#
|
44
|
+
<% if options[:include_activation] %>
|
45
|
+
Scenario: Anonymous <%= file_name %> can not create an account replacing a non-activated account
|
46
|
+
Given an anonymous <%= file_name %>
|
47
|
+
And a registered <%= file_name %> named 'Reggie'
|
48
|
+
And the <%= file_name %> has activation_code: 'activate_me', activated_at: nil!
|
49
|
+
And we try hard to remember the <%= file_name %>'s updated_at, and created_at
|
50
|
+
When she registers an account with login: 'reggie', password: 'monkey', and email: 'different@example.com'
|
51
|
+
Then she should be at the '<%= model_controller_routing_path %>/new' page
|
52
|
+
And she should see an errorExplanation message 'Login has already been taken'
|
53
|
+
And she should not see an errorExplanation message 'Email has already been taken'
|
54
|
+
And a <%= file_name %> with login: 'reggie' should exist
|
55
|
+
And the <%= file_name %> should have email: 'registered@example.com'
|
56
|
+
And the <%= file_name %>'s activation_code should not be nil
|
57
|
+
And the <%= file_name %>'s activated_at should be nil
|
58
|
+
And the <%= file_name %>'s created_at should stay the same under to_s
|
59
|
+
And the <%= file_name %>'s updated_at should stay the same under to_s
|
60
|
+
And she should not be logged in<% end %>
|
61
|
+
|
62
|
+
Scenario: Anonymous <%= file_name %> can not create an account replacing an activated account
|
63
|
+
Given an anonymous <%= file_name %>
|
64
|
+
And an activated <%= file_name %> named 'Reggie'
|
65
|
+
And we try hard to remember the <%= file_name %>'s updated_at, and created_at
|
66
|
+
When she registers an account with login: 'reggie', password: 'monkey', and email: 'reggie@example.com'
|
67
|
+
Then she should be at the '<%= model_controller_routing_path %>/new' page
|
68
|
+
And she should see an errorExplanation message 'Login has already been taken'
|
69
|
+
And she should not see an errorExplanation message 'Email has already been taken'
|
70
|
+
And a <%= file_name %> with login: 'reggie' should exist
|
71
|
+
And the <%= file_name %> should have email: 'registered@example.com'
|
72
|
+
<% if options[:include_activation] %>
|
73
|
+
And the <%= file_name %>'s activation_code should be nil
|
74
|
+
And the <%= file_name %>'s activated_at should not be nil<% end %>
|
75
|
+
And the <%= file_name %>'s created_at should stay the same under to_s
|
76
|
+
And the <%= file_name %>'s updated_at should stay the same under to_s
|
77
|
+
And she should not be logged in
|
78
|
+
|
79
|
+
#
|
80
|
+
# Account Creation Failure: Incomplete input
|
81
|
+
#
|
82
|
+
Scenario: Anonymous <%= file_name %> can not create an account with incomplete or incorrect input
|
83
|
+
Given an anonymous <%= file_name %>
|
84
|
+
And no <%= file_name %> with login: 'Oona' exists
|
85
|
+
When she registers an account with login: '', password: 'monkey', password_confirmation: 'monkey' and email: 'unactivated@example.com'
|
86
|
+
Then she should be at the '<%= model_controller_routing_path %>/new' page
|
87
|
+
And she should see an errorExplanation message 'Login can't be blank'
|
88
|
+
And no <%= file_name %> with login: 'oona' should exist
|
89
|
+
|
90
|
+
Scenario: Anonymous <%= file_name %> can not create an account with no password
|
91
|
+
Given an anonymous <%= file_name %>
|
92
|
+
And no <%= file_name %> with login: 'Oona' exists
|
93
|
+
When she registers an account with login: 'oona', password: '', password_confirmation: 'monkey' and email: 'unactivated@example.com'
|
94
|
+
Then she should be at the '<%= model_controller_routing_path %>/new' page
|
95
|
+
And she should see an errorExplanation message 'Password can't be blank'
|
96
|
+
And no <%= file_name %> with login: 'oona' should exist
|
97
|
+
|
98
|
+
Scenario: Anonymous <%= file_name %> can not create an account with no password_confirmation
|
99
|
+
Given an anonymous <%= file_name %>
|
100
|
+
And no <%= file_name %> with login: 'Oona' exists
|
101
|
+
When she registers an account with login: 'oona', password: 'monkey', password_confirmation: '' and email: 'unactivated@example.com'
|
102
|
+
Then she should be at the '<%= model_controller_routing_path %>/new' page
|
103
|
+
And she should see an errorExplanation message 'Password confirmation can't be blank'
|
104
|
+
And no <%= file_name %> with login: 'oona' should exist
|
105
|
+
|
106
|
+
Scenario: Anonymous <%= file_name %> can not create an account with mismatched password & password_confirmation
|
107
|
+
Given an anonymous <%= file_name %>
|
108
|
+
And no <%= file_name %> with login: 'Oona' exists
|
109
|
+
When she registers an account with login: 'oona', password: 'monkey', password_confirmation: 'monkeY' and email: 'unactivated@example.com'
|
110
|
+
Then she should be at the '<%= model_controller_routing_path %>/new' page
|
111
|
+
And she should see an errorExplanation message 'Password doesn't match confirmation'
|
112
|
+
And no <%= file_name %> with login: 'oona' should exist
|
113
|
+
|
114
|
+
Scenario: Anonymous <%= file_name %> can not create an account with bad email
|
115
|
+
Given an anonymous <%= file_name %>
|
116
|
+
And no <%= file_name %> with login: 'Oona' exists
|
117
|
+
When she registers an account with login: 'oona', password: 'monkey', password_confirmation: 'monkey' and email: ''
|
118
|
+
Then she should be at the '<%= model_controller_routing_path %>/new' page
|
119
|
+
And she should see an errorExplanation message 'Email can't be blank'
|
120
|
+
And no <%= file_name %> with login: 'oona' should exist
|
121
|
+
When she registers an account with login: 'oona', password: 'monkey', password_confirmation: 'monkey' and email: 'unactivated@example.com'
|
122
|
+
Then she should be redirected to the home page
|
123
|
+
When she follows that redirect!
|
124
|
+
Then she should see a notice message 'Thanks for signing up!'
|
125
|
+
And a <%= file_name %> with login: 'oona' should exist
|
126
|
+
And the <%= file_name %> should have login: 'oona', and email: 'unactivated@example.com'
|
127
|
+
<% if options[:include_activation] %>
|
128
|
+
And the <%= file_name %>'s activation_code should not be nil
|
129
|
+
And the <%= file_name %>'s activated_at should be nil
|
130
|
+
And she should not be logged in
|
131
|
+
<% else %>
|
132
|
+
And oona should be logged in
|
133
|
+
<% end %>
|
134
|
+
|
135
|
+
<% if options[:include_activation] %>
|
136
|
+
Story: Activating an account
|
137
|
+
As a registered, but not yet activated, <%= file_name %>
|
138
|
+
I want to be able to activate my account
|
139
|
+
So that I can log in to the site
|
140
|
+
|
141
|
+
#
|
142
|
+
# Successful activation
|
143
|
+
#
|
144
|
+
Scenario: Not-yet-activated <%= file_name %> can activate her account
|
145
|
+
Given a registered <%= file_name %> named 'Reggie'
|
146
|
+
And the <%= file_name %> has activation_code: 'activate_me', activated_at: nil!
|
147
|
+
And we try hard to remember the <%= file_name %>'s updated_at, and created_at
|
148
|
+
When she goes to /activate/activate_me
|
149
|
+
Then she should be redirected to 'login'
|
150
|
+
When she follows that redirect!
|
151
|
+
Then she should see a notice message 'Signup complete!'
|
152
|
+
And a <%= file_name %> with login: 'reggie' should exist
|
153
|
+
And the <%= file_name %> should have login: 'reggie', and email: 'registered@example.com'
|
154
|
+
And the <%= file_name %>'s activation_code should be nil
|
155
|
+
And the <%= file_name %>'s activated_at should not be nil
|
156
|
+
And she should not be logged in
|
157
|
+
|
158
|
+
#
|
159
|
+
# Unsuccessful activation
|
160
|
+
#
|
161
|
+
Scenario: Not-yet-activated <%= file_name %> can't activate her account with a blank activation code
|
162
|
+
Given a registered <%= file_name %> named 'Reggie'
|
163
|
+
And the <%= file_name %> has activation_code: 'activate_me', activated_at: nil!
|
164
|
+
And we try hard to remember the <%= file_name %>'s updated_at, and created_at
|
165
|
+
When she goes to /activate/
|
166
|
+
Then she should be redirected to the home page
|
167
|
+
When she follows that redirect!
|
168
|
+
Then she should see an error message 'activation code was missing'
|
169
|
+
And a <%= file_name %> with login: 'reggie' should exist
|
170
|
+
And the <%= file_name %> should have login: 'reggie', activation_code: 'activate_me', and activated_at: nil!
|
171
|
+
And the <%= file_name %>'s updated_at should stay the same under to_s
|
172
|
+
And she should not be logged in
|
173
|
+
|
174
|
+
Scenario: Not-yet-activated <%= file_name %> can't activate her account with a bogus activation code
|
175
|
+
Given a registered <%= file_name %> named 'Reggie'
|
176
|
+
And the <%= file_name %> has activation_code: 'activate_me', activated_at: nil!
|
177
|
+
And we try hard to remember the <%= file_name %>'s updated_at, and created_at
|
178
|
+
When she goes to /activate/i_haxxor_joo
|
179
|
+
Then she should be redirected to the home page
|
180
|
+
When she follows that redirect!
|
181
|
+
Then she should see an error message 'couldn\'t find a <%= file_name %> with that activation code'
|
182
|
+
And a <%= file_name %> with login: 'reggie' should exist
|
183
|
+
And the <%= file_name %> should have login: 'reggie', activation_code: 'activate_me', and activated_at: nil!
|
184
|
+
And the <%= file_name %>'s updated_at should stay the same under to_s
|
185
|
+
And she should not be logged in
|
186
|
+
<% end %>
|
@@ -0,0 +1,134 @@
|
|
1
|
+
Users want to know that nobody can masquerade as them. We want to extend trust
|
2
|
+
only to visitors who present the appropriate credentials. Everyone wants this
|
3
|
+
identity verification to be as secure and convenient as possible.
|
4
|
+
|
5
|
+
Story: Logging in
|
6
|
+
As an anonymous <%= file_name %> with an account
|
7
|
+
I want to log in to my account
|
8
|
+
So that I can be myself
|
9
|
+
|
10
|
+
#
|
11
|
+
# Log in: get form
|
12
|
+
#
|
13
|
+
Scenario: Anonymous <%= file_name %> can get a login form.
|
14
|
+
Given an anonymous <%= file_name %>
|
15
|
+
When she goes to /login
|
16
|
+
Then she should be at the new <%= controller_file_name %> page
|
17
|
+
And the page should look AWESOME
|
18
|
+
And she should see a <form> containing a textfield: Login, password: Password, and submit: 'Log in'
|
19
|
+
|
20
|
+
#
|
21
|
+
# Log in successfully, but don't remember me
|
22
|
+
#
|
23
|
+
Scenario: Anonymous <%= file_name %> can log in
|
24
|
+
Given an anonymous <%= file_name %>
|
25
|
+
And an activated <%= file_name %> named 'reggie'
|
26
|
+
When she creates a singular <%= controller_file_name %> with login: 'reggie', password: 'monkey', remember me: ''
|
27
|
+
Then she should be redirected to the home page
|
28
|
+
When she follows that redirect!
|
29
|
+
Then she should see a notice message 'Logged in successfully'
|
30
|
+
And reggie should be logged in
|
31
|
+
And she should not have an auth_token cookie
|
32
|
+
|
33
|
+
Scenario: Logged-in <%= file_name %> who logs in should be the new one
|
34
|
+
Given an activated <%= file_name %> named 'reggie'
|
35
|
+
And an activated <%= file_name %> logged in as 'oona'
|
36
|
+
When she creates a singular <%= controller_file_name %> with login: 'reggie', password: 'monkey', remember me: ''
|
37
|
+
Then she should be redirected to the home page
|
38
|
+
When she follows that redirect!
|
39
|
+
Then she should see a notice message 'Logged in successfully'
|
40
|
+
And reggie should be logged in
|
41
|
+
And she should not have an auth_token cookie
|
42
|
+
|
43
|
+
#
|
44
|
+
# Log in successfully, remember me
|
45
|
+
#
|
46
|
+
Scenario: Anonymous <%= file_name %> can log in and be remembered
|
47
|
+
Given an anonymous <%= file_name %>
|
48
|
+
And an activated <%= file_name %> named 'reggie'
|
49
|
+
When she creates a singular <%= controller_file_name %> with login: 'reggie', password: 'monkey', remember me: '1'
|
50
|
+
Then she should be redirected to the home page
|
51
|
+
When she follows that redirect!
|
52
|
+
Then she should see a notice message 'Logged in successfully'
|
53
|
+
And reggie should be logged in
|
54
|
+
And she should have an auth_token cookie
|
55
|
+
# assumes fixtures were run sometime
|
56
|
+
And her session store should have <%= file_name %>_id: 4
|
57
|
+
|
58
|
+
#
|
59
|
+
# Log in unsuccessfully
|
60
|
+
#
|
61
|
+
|
62
|
+
Scenario: Logged-in <%= file_name %> who fails logs in should be logged out
|
63
|
+
Given an activated <%= file_name %> named 'oona'
|
64
|
+
When she creates a singular <%= controller_file_name %> with login: 'oona', password: '1234oona', remember me: '1'
|
65
|
+
Then she should be redirected to the home page
|
66
|
+
When she follows that redirect!
|
67
|
+
Then she should see a notice message 'Logged in successfully'
|
68
|
+
And oona should be logged in
|
69
|
+
And she should have an auth_token cookie
|
70
|
+
When she creates a singular <%= controller_file_name %> with login: 'reggie', password: 'i_haxxor_joo'
|
71
|
+
Then she should be at the new <%= controller_file_name %> page
|
72
|
+
Then she should see an error message 'Couldn't log you in as 'reggie''
|
73
|
+
And she should not be logged in
|
74
|
+
And she should not have an auth_token cookie
|
75
|
+
And her session store should not have <%= file_name %>_id
|
76
|
+
|
77
|
+
Scenario: Log-in with bogus info should fail until it doesn't
|
78
|
+
Given an activated <%= file_name %> named 'reggie'
|
79
|
+
When she creates a singular <%= controller_file_name %> with login: 'reggie', password: 'i_haxxor_joo'
|
80
|
+
Then she should be at the new <%= controller_file_name %> page
|
81
|
+
Then she should see an error message 'Couldn't log you in as 'reggie''
|
82
|
+
And she should not be logged in
|
83
|
+
And she should not have an auth_token cookie
|
84
|
+
And her session store should not have <%= file_name %>_id
|
85
|
+
When she creates a singular <%= controller_file_name %> with login: 'reggie', password: ''
|
86
|
+
Then she should be at the new <%= controller_file_name %> page
|
87
|
+
Then she should see an error message 'Couldn't log you in as 'reggie''
|
88
|
+
And she should not be logged in
|
89
|
+
And she should not have an auth_token cookie
|
90
|
+
And her session store should not have <%= file_name %>_id
|
91
|
+
When she creates a singular <%= controller_file_name %> with login: '', password: 'monkey'
|
92
|
+
Then she should be at the new <%= controller_file_name %> page
|
93
|
+
Then she should see an error message 'Couldn't log you in as '''
|
94
|
+
And she should not be logged in
|
95
|
+
And she should not have an auth_token cookie
|
96
|
+
And her session store should not have <%= file_name %>_id
|
97
|
+
When she creates a singular <%= controller_file_name %> with login: 'leonard_shelby', password: 'monkey'
|
98
|
+
Then she should be at the new <%= controller_file_name %> page
|
99
|
+
Then she should see an error message 'Couldn't log you in as 'leonard_shelby''
|
100
|
+
And she should not be logged in
|
101
|
+
And she should not have an auth_token cookie
|
102
|
+
And her session store should not have <%= file_name %>_id
|
103
|
+
When she creates a singular <%= controller_file_name %> with login: 'reggie', password: 'monkey', remember me: '1'
|
104
|
+
Then she should be redirected to the home page
|
105
|
+
When she follows that redirect!
|
106
|
+
Then she should see a notice message 'Logged in successfully'
|
107
|
+
And reggie should be logged in
|
108
|
+
And she should have an auth_token cookie
|
109
|
+
# assumes fixtures were run sometime
|
110
|
+
And her session store should have <%= file_name %>_id: 4
|
111
|
+
|
112
|
+
|
113
|
+
#
|
114
|
+
# Log out successfully (should always succeed)
|
115
|
+
#
|
116
|
+
Scenario: Anonymous (logged out) <%= file_name %> can log out.
|
117
|
+
Given an anonymous <%= file_name %>
|
118
|
+
When she goes to /logout
|
119
|
+
Then she should be redirected to the home page
|
120
|
+
When she follows that redirect!
|
121
|
+
Then she should see a notice message 'You have been logged out'
|
122
|
+
And she should not be logged in
|
123
|
+
And she should not have an auth_token cookie
|
124
|
+
And her session store should not have <%= file_name %>_id
|
125
|
+
|
126
|
+
Scenario: Logged in <%= file_name %> can log out.
|
127
|
+
Given an activated <%= file_name %> logged in as 'reggie'
|
128
|
+
When she goes to /logout
|
129
|
+
Then she should be redirected to the home page
|
130
|
+
When she follows that redirect!
|
131
|
+
Then she should see a notice message 'You have been logged out'
|
132
|
+
And she should not be logged in
|
133
|
+
And she should not have an auth_token cookie
|
134
|
+
And her session store should not have <%= file_name %>_id
|