jump_in 0.0.1

data/spec/dummy/spec/integration/reset_password_spec.rb

@@ -0,0 +1,39 @@
+# require_relative '../spec_helper.rb'
+
+# describe "Resetting password" do
+#   let!(:user) { FactoryGirl.create(:user) }
+
+#   it 'allows user to send reset password link' do
+#     visit new_password_resets_path
+#     expect(page).to have_content('Reset Password Page')
+#     fill_in 'email', with: user.email
+#     click_button 'Reset password'
+#     expect(page).to have_content('Login Page')
+#   end
+
+#   it 'redirects to login path after password update' do
+#     user.update_attribute(:password_reset_token, JumpIn::Tokenizer.generate_token)
+#     visit edit_password_resets_path(token: user.password_reset_token)
+#     expect(page).to have_content("Edit for PasswordReset")
+#     fill_in "password", with: 'new_password'
+#     fill_in "password_confirmation", with: 'new_password'
+#     click_button "Set new password"
+#     expect(page).to have_content("Login Page")
+#   end
+
+#   it 'doest allow for password reset if token too old' do
+#     user.update_attribute(:password_reset_token, Base64.encode64("#{SecureRandom.hex(10)}.#{5.days.ago}"))
+#     visit edit_password_resets_path(token: user.password_reset_token)
+#     expect(page).to have_content("password-reset-token is too old")
+#   end
+
+#   it 'displays edit page when password does not match password_confirmation' do
+#     user.update_attribute(:password_reset_token, JumpIn::Tokenizer.generate_token)
+#     visit edit_password_resets_path(token: user.password_reset_token)
+#     expect(page).to have_content('Edit for PasswordReset')
+#     fill_in 'password', with: 'new_password'
+#     fill_in 'password_confirmation', with: 'another_password'
+#     click_button 'Set new password'
+#     expect(page).to have_content('Edit for PasswordReset')
+#   end
+# end

data/spec/dummy/spec/modules/authentication_spec.rb

@@ -0,0 +1,157 @@
+require_relative '../spec_helper'
+
+class AuthenticationController < ActionController::Base
+  include JumpIn::Authentication
+end
+
+describe AuthenticationController, type: :controller do
+  let(:user) { FactoryGirl.create(:user) }
+
+  context "#jump_in" do
+    it "returns false if user logged_in" do
+      allow_to_receive_logged_in_and_return(true)
+      expect(subject.jump_in(user: user, password: user.password)).to eq(false)
+    end
+
+    it "calls detect_strategy with proper params" do
+      allow_to_receive_logged_in_and_return(false)
+      expect(subject).to receive(:detected_strategy).with(user: user, params: { password: user.password }).
+        exactly(1).times.and_return(JumpIn::Authentication::ByPassword.new(user: user, params: { password: user.password }))
+      subject.jump_in(user: user, password: user.password)
+    end
+
+    it "returns false if user not logged_in and wrong login data provided" do
+      allow_to_receive_logged_in_and_return(false)
+      expect(subject.jump_in(user: user, password:'something')).to eq(false)
+    end
+
+    context 'when user not logged_in and authentication successful' do
+      it "returns true" do
+        allow_to_receive_logged_in_and_return(false)
+        expect(subject.jump_in(user: user, password: user.password)).to eq(true)
+      end
+
+      it "calls 'login' with permanent=false for permanent false by default" do
+        allow_to_receive_logged_in_and_return(false)
+        expect(subject).to receive(:login).with(user:user, permanent:false, expires:nil).exactly(1).times.and_return(true)
+        subject.jump_in(user: user, password: user.password)
+      end
+
+      it "calls 'login' with permanent=false for permanent passed as false" do
+        allow_to_receive_logged_in_and_return(false)
+        expect(subject).to receive(:login).with(user:user, permanent:false, expires:nil).exactly(1).times.and_return(true)
+        subject.jump_in(user: user, password: user.password, permanent: false)
+      end
+
+      it "calls 'login' with permanent=true for permanent passed as true" do
+        allow_to_receive_logged_in_and_return(false)
+        expect(subject).to receive(:login).with(user:user, permanent:true, expires:nil).exactly(1).times.and_return(true)
+        subject.jump_in(user: user, password: user.password, permanent: true)
+      end
+    end
+  end
+
+  context "#login" do
+    it "sets session when permanent not passed (default)" do
+      subject.login(user: user)
+      expect_only_session_set_for(user)
+    end
+
+    it "sets session when permanent passed as false" do
+      subject.login(user: user, permanent: false)
+      expect_only_session_set_for(user)
+    end
+
+    it "sets cookies when permanent passed as true" do
+      subject.login(user: user, permanent: true)
+      expect_only_cookies_set_for(user)
+    end
+
+    context 'sets proper value for cookies[:expires]' do
+      before(:each) do
+        @cookies = OpenStruct.new(permanent: nil, signed: nil, jump_in_class: {}, jump_in_id: {})
+        allow(subject).to receive(:cookies).and_return(@cookies)
+        allow(@cookies).to receive(:permanent).and_return(@cookies)
+        allow(@cookies).to receive(:signed).and_return(@cookies)
+      end
+
+      it "sets 20 years if param not passed" do
+        subject.login(user: user, permanent: true)
+        expect(@cookies.signed[:jump_in_class][:expires]).to be_between(Time.now + 19.years, Time.now + 21.years)
+        expect(@cookies.signed[:jump_in_id][:expires]).to be_between(Time.now + 19.years, Time.now + 21.years)
+      end
+
+      it "sets correct value if param passed" do
+        subject.login(user: user, permanent: true, expires: 2.hours)
+        expect(@cookies.signed[:jump_in_class][:expires]).to eq(@cookies.signed[:jump_in_id][:expires])
+        expect(@cookies.signed[:jump_in_class][:expires]).to be_between(Time.now + 1.hours, Time.now + 3.hours)
+        expect(@cookies.signed[:jump_in_id][:expires]).to be_between(Time.now + 1.hours, Time.now + 3.hours)
+      end
+    end
+  end
+
+  context "#jump_out" do
+    it "clears session when session set" do
+      set_session(user)
+      expect_session_eq(klass: user.class.to_s, id: user.id)
+      subject.jump_out
+      expect_session_eq(klass: nil, id: nil)
+    end
+
+    it "clears cookies when cookies set" do
+      set_cookies(user, nil)
+      expect_cookies_eq(klass: user.class.to_s, id: user.id)
+      subject.jump_out
+      expect_cookies_eq(klass: nil, id: nil)
+    end
+
+    it "returns true if logged out from session" do
+      set_session(user)
+      expect(subject.jump_out).to eq(true)
+    end
+
+    it "returns true if logged out from cookies" do
+      set_cookies(user, nil)
+      expect(subject.jump_out).to eq(true)
+    end
+
+    it "returns true if logged out from empty session & cookies" do
+      expect(subject.jump_out).to eq(true)
+    end
+  end
+
+  context "#current_user" do
+    it "returns user based on session" do
+      set_session(user)
+      expect(subject.current_user).to eq(user)
+    end
+
+    it "returns user based on cookies" do
+      set_cookies(user, nil)
+      expect(subject.current_user).to eq(user)
+    end
+
+    it "returns nil when session and cookie empty" do
+      expect(subject.current_user).to eq(nil)
+    end
+  end
+
+  context "#logged_in?" do
+    it "returns true if current user is set in session" do
+      set_session(user)
+      expect(subject.logged_in?).to eq(true)
+    end
+
+    it "returns true if current user is set in cookies" do
+      set_cookies(user, nil)
+      expect(subject.logged_in?).to eq(true)
+    end
+  end
+
+  context "#helper_methods" do
+    it "includes current_user and logged_in?" do
+      expect(subject._helper_methods.include? :logged_in?).to eq(true)
+      expect(subject._helper_methods.include? :current_user).to eq(true)
+    end
+  end
+end

data/spec/dummy/spec/modules/password_reset_spec.rb

@@ -0,0 +1,206 @@
+require_relative '../spec_helper'
+include ActiveSupport::Testing::TimeHelpers
+
+class PasswordResetController < ActionController::Base
+  include JumpIn::PasswordReset
+end
+
+describe PasswordResetController, type: :controller do
+  let(:user) { FactoryGirl.create(:user) }
+
+  context "#set_password_reset_for" do
+    context "token not uniq_or_empty" do
+      it "calls token_uniq_or_empty? with proper params" do
+        token = 'token'
+        expect(subject).to receive_token_uniq_or_empty_and_return(user, token, false)
+        subject.set_password_reset_for(user:user, token:token)
+      end
+
+      it "returns false if token not uniq_or_empty" do
+        token = 'token'
+        allow(subject).to receive_token_uniq_or_empty_and_return(user, token, false)
+        expect(subject.set_password_reset_for(user:user, token:token)).to eq(false)
+      end
+    end
+
+    context "token uniq_or_empty" do
+      it "calls set_token with given user & token if token uniq_or_empty" do
+        token = 'token'
+        expect(subject).to receive_token_uniq_or_empty_and_return(user, token, true)
+        expect_set_token_and_return(user, token, true)
+        subject.set_password_reset_for(user:user, token:token)
+      end
+
+      it "calls set_token with given user & token=nil if token uniq_or_empty & no token given" do
+        token = nil
+        expect(subject).to receive_token_uniq_or_empty_and_return(user, token, true)
+        expect_set_token_and_return(user, token, true)
+        subject.set_password_reset_for(user:user)
+      end
+    end
+  end
+
+  context "#set_token" do
+    it "set's given token as user.token" do
+      token = 'token'
+      subject.set_token(user:user, token:token)
+      expect(user.password_reset_token).to eq(token)
+    end
+
+    it "generates token for user if token=nil given" do
+      expect(user.password_reset_token).to eq(nil)
+      subject.set_token(user:user, token:nil)
+      expect(user.password_reset_token).to_not eq(nil)
+    end
+  end
+
+  context "#generate_unique_token_for" do
+    it 'generates token' do
+      token = subject.generate_unique_token_for(user:user)
+      expect(token).to_not eq(nil)
+    end
+
+    it 'calls methods #generate_token & #token_uniq?' do
+      token = 'token'
+      expect(subject).to receive(:generate_token).and_return(token)
+      expect(subject).to receive(:token_uniq?).with(user:user, token:token).and_return(true)
+      subject.generate_unique_token_for(user:user)
+    end
+  end
+
+  context "#generate_token" do
+    it 'generates token' do
+      token = subject.generate_token
+      expect(token).to_not eq(nil)
+    end
+  end
+
+  context "#token_uniq_or_empty?" do
+    it 'returns true if token is nil' do
+      expect(subject.token_uniq_or_empty?(user:user, token:nil)).to eq(true)
+    end
+
+    it 'returns true if token given & unique' do
+      token = 'token'
+      allow(subject).to receive(:token_uniq?).with(user:user, token:token).and_return(true)
+      expect(subject.token_uniq_or_empty?(user:user, token:token)).to eq(true)
+    end
+
+    it 'returns false if token give & not unique' do
+      token = 'token'
+      allow(subject).to receive(:token_uniq?).with(user:user, token:token).and_return(false)
+      expect(subject.token_uniq_or_empty?(user:user, token:token)).to eq(false)
+    end
+  end
+
+  context "#token_uniq?" do
+    it 'returns true if token unique for user.class' do
+      token = subject.generate_token
+      expect(subject.token_uniq?(user:user, token:token)).to eq(true)
+    end
+
+    it 'returns false if token not unique for user.class' do
+      token = subject.generate_token
+      user.update_attribute('password_reset_token', token)
+      expect(subject.token_uniq?(user:user, token:token)).to eq(false)
+    end
+  end
+
+  context "#password_reset_valid?" do
+    it "returns true for token valid with default expiration time(2.hours)" do
+      token = JumpIn::Tokenizer.generate_token
+      expect(subject.password_reset_valid?(password_reset_token: token)).to eq(true)
+    end
+
+    it "returns false for token too old with default expiration time(2.hours)" do
+      token = ''
+      travel_to(3.hours.ago) do
+        token = JumpIn::Tokenizer.generate_token
+      end
+      expect(subject.password_reset_valid?(password_reset_token: token)).to eq(false)
+    end
+
+    it "returns true for token valid with custom expiration time(2.days)" do
+      token = ''
+      travel_to(1.day.ago) do
+        token = JumpIn::Tokenizer.generate_token
+      end
+      expect(subject.password_reset_valid?(password_reset_token: token, expiration_time: 2.days)).to eq(true)
+    end
+
+    it "returns false for token too old with custom expiration time(2.days)" do
+      token = ''
+      travel_to(3.days.ago) do
+        token = JumpIn::Tokenizer.generate_token
+      end
+      expect(subject.password_reset_valid?(password_reset_token: token, expiration_time: 2.days)).to eq(false)
+    end
+
+  end
+
+  context "#update_password_for" do
+    let(:new_password) { 'new_secret_password'}
+    let!(:old_password_digest) { user.password_digest }
+
+    it "updates password if token belongs to user and is not too old" do
+      user.update_attribute(:password_reset_token, JumpIn::Tokenizer.generate_token)
+      token = user.password_reset_token
+      allow_to_receive_token_correct_and_return(user, token, true)
+
+      expect(
+        subject.update_password_for(user: user, password: new_password, password_confirmation: new_password, password_reset_token: token)
+      ).to eq(true)
+      expect(user.password_digest).to_not eq(old_password_digest)
+    end
+
+    it "updates password if token belongs to user and is old" do
+      travel_to(3.days.ago) do
+        user.update_attribute(:password_reset_token, JumpIn::Tokenizer.generate_token)
+      end
+      token = user.password_reset_token
+      allow_to_receive_token_correct_and_return(user, token, true)
+
+      expect(
+        subject.update_password_for(user: user, password: new_password, password_confirmation: new_password, password_reset_token: token)
+      ).to eq(true)
+      expect(user.password_digest).to_not eq(old_password_digest)
+    end
+
+    it "does not update password and returns false if token does not belong to user" do
+      user.update_attribute(:password_reset_token, JumpIn::Tokenizer.generate_token)
+      token = JumpIn::Tokenizer.generate_token
+      allow_to_receive_token_correct_and_return(user, token, false)
+
+      expect(
+        subject.update_password_for(user: user, password: new_password, password_confirmation: new_password, password_reset_token: token)
+      ).to eq(false)
+      expect(user.password_digest).to eq(old_password_digest)
+    end
+
+    it "does not update password and returns false if new password invalid" do
+      user.update_attribute(:password_reset_token, JumpIn::Tokenizer.generate_token)
+      token = user.password_reset_token
+      allow_to_receive_token_correct_and_return(user, token, true)
+
+      expect(
+        subject.update_password_for(user: user, password: new_password, password_confirmation: 'password', password_reset_token: token)
+      ).to eq(false)
+      user.reload
+      expect(user.password_digest).to eq(old_password_digest)
+    end
+  end
+
+  context "#token_correct?" do
+    it "returns true if given token eq user.token" do
+      user.update_attribute(:password_reset_token, JumpIn::Tokenizer.generate_token)
+      token = user.password_reset_token
+      expect(subject.token_correct?(user_token:user.password_reset_token, received_token:token)).to eq(true)
+    end
+
+    it "returns false if given token doesn't eq user.token" do
+      user.update_attribute(:password_reset_token, JumpIn::Tokenizer.generate_token)
+      token = JumpIn::Tokenizer.generate_token
+      expect(subject.token_correct?(user_token:user.password_reset_token, received_token:token)).to eq(false)
+    end
+  end
+end

data/spec/dummy/spec/modules/tokenizer_spec.rb

@@ -0,0 +1,19 @@
+require_relative '../spec_helper'
+
+describe JumpIn::Tokenizer do
+
+  context ".generate_token" do
+    it 'generates token' do
+      token = JumpIn::Tokenizer.generate_token
+      expect(token).to_not eq(nil)
+    end
+  end
+
+  context ".decode_time" do
+    it "decodes time correctly" do
+      time = Time.now.xmlschema
+      token = Base64.encode64 [SecureRandom.hex(12), time].join(JumpIn::Tokenizer::DELIMITER)
+      expect(JumpIn::Tokenizer.decode_time(token)).to eq(time)
+    end
+  end
+end

data/spec/dummy/spec/rails_helper.rb

@@ -0,0 +1,23 @@
+ENV['RAILS_ENV'] ||= 'test'
+require File.expand_path('../../config/environment', __FILE__)
+# Prevent database truncation if the environment is production
+abort("The Rails environment is running in production mode!") if Rails.env.production?
+require 'rspec/rails'
+require 'factory_girl_rails'
+require 'capybara/rails'
+require 'capybara/rspec'
+ENGINE_RAILS_ROOT=File.join(File.dirname(__FILE__), '../')
+#
+# Dir[Rails.root.join('spec/support/**/*.rb')].each { |f| require f }
+
+ActiveRecord::Migration.maintain_test_schema!
+
+RSpec.configure do |config|
+  # Remove this line if you're not using ActiveRecord or ActiveRecord fixtures
+  config.fixture_path = "#{::Rails.root}/spec/fixtures"
+  config.include FactoryGirl::Syntax::Methods
+
+  config.use_transactional_fixtures = true
+
+  config.infer_spec_type_from_file_location!
+end

data/spec/dummy/spec/spec_helper.rb

@@ -0,0 +1,15 @@
+require_relative 'rails_helper.rb'
+require_relative 'support/common_methods.rb'
+
+RSpec.configure do |config|
+  config.include Capybara::DSL
+
+  config.expect_with :rspec do |expectations|
+    expectations.include_chain_clauses_in_custom_matcher_descriptions = true
+  end
+
+  config.mock_with :rspec do |mocks|
+    mocks.verify_partial_doubles = true
+  end
+
+end

data/spec/dummy/spec/support/common_methods.rb

@@ -0,0 +1,64 @@
+# module Authentication
+
+def set_session(object)
+  session[:jump_in_class] = object.class.to_s
+  session[:jump_in_id] = object.id
+end
+
+def set_cookies(object, expires)
+  cookies.permanent.signed[:jump_in_class] = { :value => object.class.to_s, :expires => expires }
+  cookies.permanent.signed[:jump_in_id] = { :value => object.id, :expires => expires }
+end
+
+def expect_session_eq(klass:, id:)
+  expect(session[:jump_in_class]).to eq(klass)
+  expect(session[:jump_in_id]).to eq(id)
+end
+
+def expect_cookies_eq(klass:, id:)
+  expect(cookies.signed[:jump_in_class]).to eq(klass)
+  expect(cookies.signed[:jump_in_id]).to eq(id)
+end
+
+def expect_only_session_set_for(user)
+  expect_session_eq(klass: user.class.to_s, id: user.id)
+  expect_cookies_eq(klass: nil, id: nil)
+end
+
+def expect_only_cookies_set_for(user)
+  expect_cookies_eq(klass: user.class.to_s, id: user.id)
+  expect_session_eq(klass: nil, id: nil)
+end
+
+def allow_to_receive_logged_in_and_return(boolean)
+  allow(subject).to receive(:logged_in?).and_return(boolean)
+end
+
+# module PasswordReset
+
+def receive_token_uniq_or_empty_and_return(user, token, boolean)
+  receive(:token_uniq_or_empty?).
+    with(user: user, token: token).exactly(1).times.
+    and_return(boolean)
+end
+
+def expect_set_token_and_return(user, token, boolean)
+  expect(subject).to receive(:set_token).
+    with(user: user, token: token).exactly(1).times.
+    and_return(true)
+end
+
+def allow_to_receive_token_correct_and_return(user, token, boolean)
+  allow(subject).to receive(:token_correct?).
+    with(user_token: user.password_reset_token, received_token: token).
+    and_return(boolean)
+end
+
+# dummy App
+
+def log_in(email, password)
+  fill_in "session_email", with: email
+  fill_in "session_password", with: password
+  click_button "Log in"
+end
+