locomotivecms 3.0.0.rc3 → 3.0.0.rc4

data/spec/dummy/config/initializers/devise.rb

@@ -1,12 +1,21 @@
-# Use this hook to configure devise mailer, warden hooks and so forth. The first
-# four configuration values can also be set straight in your models.
+# Use this hook to configure devise mailer, warden hooks and so forth.
+# Many of these configuration options can be set straight in your model.
 Devise.setup do |config|
+  # The secret key used by Devise. Devise uses this key to generate
+  # random tokens. Changing this key will render invalid all existing
+  # confirmation, reset password and unlock tokens in the database.
+  # Devise will use the `secret_key_base` on Rails 4+ applications as its `secret_key`
+  # by default. You can change it below and use your own secret key.
+  # config.secret_key = '16bd3131443ad5f07c5f164fe641a17daf1779a559bf24592bfa715c5862753eed97b512e28216e5abb50e93458f3977296e0c4a73cf152478cee6f5c2548b32'
+
   # ==> Mailer Configuration
-  # Configure the e-mail address which will be shown in DeviseMailer.
-  config.mailer_sender = 'sender@dummyapp.org'
+  # Configure the e-mail address which will be shown in Devise::Mailer,
+  # note that it will be overwritten if you use your own mailer class
+  # with default "from" parameter.
+  config.mailer_sender = 'please-change-me-at-config-initializers-devise@example.com'
 
   # Configure the class responsible to send e-mails.
-  # config.mailer = "Locomotive::DeviseMailer"
+  # config.mailer = 'Devise::Mailer'
 
   # ==> ORM configuration
   # Load and configure the ORM. Supports :active_record (default) and
@@ -14,8 +23,6 @@ Devise.setup do |config|
   # available as additional gems.
   require 'devise/orm/mongoid'
 
-  config.secret_key = '8d6ff8102c31815f8395a8c806c9e47d36ba6c607bf7054b4714b4131d8a372fef78adac89930170d77b6d9ec59347315ee1193cb535746249eebf3e5ad5b9b3'
-
   # ==> Configuration for any authentication mechanism
   # Configure which keys are used when authenticating a user. The default is
   # just :email. You can configure it to use [:username, :subdomain], so for
@@ -24,7 +31,7 @@ Devise.setup do |config|
   # session. If you need permissions, you should implement that in a before filter.
   # You can also supply a hash where the value is a boolean determining whether
   # or not authentication should be aborted when the value is not present.
-  # config.authentication_keys = [ :email ]
+  # config.authentication_keys = [:email]
 
   # Configure parameters from the request object used for authentication. Each entry
   # given should be a request method and it will automatically be passed to the
@@ -36,57 +43,111 @@ Devise.setup do |config|
   # Configure which authentication keys should be case-insensitive.
   # These keys will be downcased upon creating or modifying a user and when used
   # to authenticate or find a user. Default is :email.
-  config.case_insensitive_keys = [ :email ]
+  config.case_insensitive_keys = [:email]
+
+  # Configure which authentication keys should have whitespace stripped.
+  # These keys will have whitespace before and after removed upon creating or
+  # modifying a user and when used to authenticate or find a user. Default is :email.
+  config.strip_whitespace_keys = [:email]
 
   # Tell if authentication through request.params is enabled. True by default.
+  # It can be set to an array that will enable params authentication only for the
+  # given strategies, for example, `config.params_authenticatable = [:database]` will
+  # enable it only for database (email + password) authentication.
   # config.params_authenticatable = true
 
-  # Tell if authentication through HTTP Basic Auth is enabled. False by default.
+  # Tell if authentication through HTTP Auth is enabled. False by default.
+  # It can be set to an array that will enable http authentication only for the
+  # given strategies, for example, `config.http_authenticatable = [:database]` will
+  # enable it only for database authentication. The supported strategies are:
+  # :database      = Support basic authentication with authentication key + password
   # config.http_authenticatable = false
 
-  # If http headers should be returned for AJAX requests. True by default.
+  # If 401 status code should be returned for AJAX requests. True by default.
   # config.http_authenticatable_on_xhr = true
 
-  # The realm used in Http Basic Authentication. "Application" by default.
-  # config.http_authentication_realm = "Application"
+  # The realm used in Http Basic Authentication. 'Application' by default.
+  # config.http_authentication_realm = 'Application'
+
+  # It will change confirmation, password recovery and other workflows
+  # to behave the same regardless if the e-mail provided was right or wrong.
+  # Does not affect registerable.
+  # config.paranoid = true
+
+  # By default Devise will store the user in session. You can skip storage for
+  # particular strategies by setting this option.
+  # Notice that if you are skipping storage for all authentication paths, you
+  # may want to disable generating routes to Devise's sessions controller by
+  # passing skip: :sessions to `devise_for` in your config/routes.rb
+  config.skip_session_storage = [:http_auth]
+
+  # By default, Devise cleans up the CSRF token on authentication to
+  # avoid CSRF token fixation attacks. This means that, when using AJAX
+  # requests for sign in and sign up, you need to get a new CSRF token
+  # from the server. You can disable this option at your own risk.
+  # config.clean_up_csrf_token_on_authentication = true
 
   # ==> Configuration for :database_authenticatable
   # For bcrypt, this is the cost for hashing the password and defaults to 10. If
   # using other encryptors, it sets how many times you want the password re-encrypted.
-  config.stretches = 10
+  #
+  # Limiting the stretches to just one in testing will increase the performance of
+  # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
+  # a value less than 10 in other environments. Note that, for bcrypt (the default
+  # encryptor), the cost increases exponentially with the number of stretches (e.g.
+  # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation).
+  config.stretches = Rails.env.test? ? 1 : 10
 
   # Setup a pepper to generate the encrypted password.
-  # config.pepper = "de368d6a1517489510a2ae145328ff1c238f03b02da8f57032936a353835e2ca20561decfb5f7bfafad095fa73cee55b101ed11a0d0f913429d3d9bd114d810e"
+  # config.pepper = '7fece71d4a1dcafb548cb7df4ca7d3c6a2156642dea872bd872e3d4aaee59791b5b4a6f56343290c741cf005552fe99ce4e111b2f1304e991d733861acfd62c7'
 
   # ==> Configuration for :confirmable
-  # The time you want to give your user to confirm his account. During this time
-  # he will be able to access your application without confirming. Default is 0.days
-  # When allow_unconfirmed_access_for is zero, the user won't be able to sign in without confirming.
-  # You can use this to let your user access some features of your application
-  # without confirming the account, but blocking it after a certain period
-  # (ie 2 days).
+  # A period that the user is allowed to access the website even without
+  # confirming their account. For instance, if set to 2.days, the user will be
+  # able to access the website for two days without confirming their account,
+  # access will be blocked just in the third day. Default is 0.days, meaning
+  # the user cannot access the website without confirming their account.
   # config.allow_unconfirmed_access_for = 2.days
 
+  # A period that the user is allowed to confirm their account before their
+  # token becomes invalid. For example, if set to 3.days, the user can confirm
+  # their account within 3 days after the mail was sent, but on the fourth day
+  # their account can't be confirmed with the token any more.
+  # Default is nil, meaning there is no restriction on how long a user can take
+  # before confirming their account.
+  # config.confirm_within = 3.days
+
+  # If true, requires any email changes to be confirmed (exactly the same way as
+  # initial account confirmation) to be applied. Requires additional unconfirmed_email
+  # db field (see migrations). Until confirmed, new email is stored in
+  # unconfirmed_email column, and copied to email column on successful confirmation.
+  config.reconfirmable = true
+
   # Defines which key will be used when confirming an account
-  # config.confirmation_keys = [ :email ]
+  # config.confirmation_keys = [:email]
 
   # ==> Configuration for :rememberable
   # The time the user will be remembered without asking for credentials again.
-  config.remember_for = 2.weeks
+  # config.remember_for = 2.weeks
+
+  # Invalidates all the remember me tokens when the user signs out.
+  config.expire_all_remember_me_on_sign_out = true
 
   # If true, extends the user's remember period when remembered via cookie.
   # config.extend_remember_period = false
 
   # Options to be passed to the created cookie. For instance, you can set
-  # :secure => true in order to force SSL only cookies.
-  # config.cookie_options = {}
+  # secure: true in order to force SSL only cookies.
+  # config.rememberable_options = {}
 
   # ==> Configuration for :validatable
-  # Range for password length. Default is 8..128.
-  config.password_length = 6..128
+  # Range for password length.
+  config.password_length = 6..72
 
-  # Regex to use to validate the email address
-  # config.email_regexp = /\A([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})\z/i
+  # Email regex used to validate email formats. It simply asserts that
+  # one (and only one) @ exists in the given string. This is mainly
+  # to give user feedback and not to assert the e-mail validity.
+  # config.email_regexp = /\A[^@]+@[^@]+\z/
 
   # ==> Configuration for :timeoutable
   # The time you want to timeout the user session without activity. After this
@@ -100,7 +161,7 @@ Devise.setup do |config|
   # config.lock_strategy = :failed_attempts
 
   # Defines which key will be used when locking and unlocking an account
-  # config.unlock_keys = [ :email ]
+  # config.unlock_keys = [:email]
 
   # Defines which strategy will be used to unlock an account.
   # :email = Sends an unlock link to the user email
@@ -116,48 +177,45 @@ Devise.setup do |config|
   # Time interval to unlock the account if :time is enabled as unlock_strategy.
   # config.unlock_in = 1.hour
 
+  # Warn on the last attempt before the account is locked.
+  # config.last_attempt_warning = true
+
   # ==> Configuration for :recoverable
   #
   # Defines which key will be used when recovering the password for an account
-  # config.reset_password_keys = [ :email ]
+  # config.reset_password_keys = [:email]
 
   # Time interval you can reset your password with a reset password key.
   # Don't put a too small interval or your users won't have the time to
   # change their passwords.
-  config.reset_password_within = 2.hours
+  config.reset_password_within = 6.hours
+
+  # When set to false, does not sign a user in automatically after their password is
+  # reset. Defaults to true, so a user is signed in automatically after a reset.
+  # config.sign_in_after_reset_password = true
 
   # ==> Configuration for :encryptable
   # Allow you to use another encryption algorithm besides bcrypt (default). You can use
   # :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1,
   # :authlogic_sha512 (then you should set stretches above to 20 for default behavior)
   # and :restful_authentication_sha1 (then you should set stretches to 10, and copy
-  # REST_AUTH_SITE_KEY to pepper)
-  # config.encryptor = :sha1
-
-  # ==> Configuration for :token_authenticatable
-  # Defines name of the authentication token params key
-  # config.token_authentication_key = :auth_token
-
-  # If true, authentication through token does not store user in session and needs
-  # to be supplied on each request. Useful if you are using the token as API token.
-  # config.stateless_token = false
-  # Hint: Devise 2
-  # Devise.stateless_token was removed. If you want to have stateless tokens,
-  # simply do config.skip_session_storage << :auth_token in your initializer;
+  # REST_AUTH_SITE_KEY to pepper).
+  #
+  # Require the `devise-encryptable` gem when using anything other than bcrypt
+  # config.encryptor = :sha512
 
   # ==> Scopes configuration
   # Turn scoped views on. Before rendering "sessions/new", it will first check for
   # "users/sessions/new". It's turned off by default because it's slower if you
   # are using only default views.
-  config.scoped_views = true
+  # config.scoped_views = false
 
   # Configure the default scope given to Warden. By default it's the first
   # devise role declared in your routes (usually :user).
-  # config.default_scope = :account
+  # config.default_scope = :user
 
-  # Configure sign_out behavior.
-  # Sign_out action can be scoped (i.e. /users/sign_out affects only :user scope).
-  # The default is true, which means any logout action will sign out all active scopes.
+  # Set this configuration to false if you want /users/sign_out to sign out
+  # only the current scope. By default, Devise signs out all scopes.
   # config.sign_out_all_scopes = true
 
   # ==> Navigation configuration
@@ -168,25 +226,37 @@ Devise.setup do |config|
   # If you have any extra navigational formats, like :iphone or :mobile, you
   # should add them to the navigational formats lists.
   #
-  # The :"*/*" and "*/*" formats below is required to match Internet
-  # Explorer requests.
-  # config.navigational_formats = [:"*/*", "*/*", :html]
+  # The "*/*" below is required to match Internet Explorer requests.
+  # config.navigational_formats = ['*/*', :html]
 
-  # The default HTTP method used to sign out a resource. Default is :get.
-  # config.sign_out_via = :get
+  # The default HTTP method used to sign out a resource. Default is :delete.
+  config.sign_out_via = :delete
 
   # ==> OmniAuth
   # Add a new OmniAuth provider. Check the wiki for more information on setting
   # up on your models and hooks.
-  # config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'
+  # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
 
   # ==> Warden configuration
   # If you want to use other strategies, that are not supported by Devise, or
   # change the failure app, you can configure them inside the config.warden block.
   #
   # config.warden do |manager|
-  #   manager.failure_app   = AnotherApp
   #   manager.intercept_401 = false
-  #   manager.default_strategies(:scope => :user).unshift :some_external_strategy
+  #   manager.default_strategies(scope: :user).unshift :some_external_strategy
   # end
+
+  # ==> Mountable engine configurations
+  # When using Devise inside an engine, let's call it `MyEngine`, and this engine
+  # is mountable, there are some extra configurations to be taken into account.
+  # The following options are available, assuming the engine is mounted as:
+  #
+  #     mount MyEngine, at: '/my_engine'
+  #
+  # The router that invoked `devise_for`, in the example above, would be:
+  # config.router_name = :my_engine
+  #
+  # When using OmniAuth, Devise cannot automatically set OmniAuth path,
+  # so you need to do it manually. For the users scope, it would be:
+  # config.omniauth_path_prefix = '/my_engine/users/auth'
 end

data/spec/dummy/config/mongoid.yml

@@ -1,48 +1,116 @@
 development:
-  # Configure available database sessions. (required)
-  sessions:
-    # Defines the default session. (required)
+  # Configure available database clients. (required)
+  clients:
+    # Defines the default client. (required)
     default:
       # Defines the name of the default database that Mongoid can connect to.
       # (required).
       # database: locomotive_engine_wagon_dev
       database: locomotive_engine_dev
-      # Provides the hosts the default session can connect to. Must be an array
+      # Provides the hosts the default client can connect to. Must be an array
       # of host:port pairs. (required)
       hosts:
         - localhost:27017
-      # uri: 'mongodb://localhost:27017/locomotive_engine_coal_dev'
       options:
-        # Change whether the session persists in safe mode by default.
-        # (default: false)
-        # safe: false
-
-        # Change the default consistency model to :eventual or :strong.
-        # :eventual will send reads to secondaries, :strong sends everything
-        # to master. (default: :eventual)
-        # consistency: :strong
-  # Configure Mongoid specific options. (optional)
-  options:
-    # Configuration for whether or not to allow access to fields that do
-    # not have a field definition on the model. (default: true)
-    # allow_dynamic_fields: true
+        # Change the default write concern. (default = { w: 1 })
+        # write:
+        #   w: 1
+
+        # Change the default read preference. Valid options for mode are: :secondary,
+        # :secondary_preferred, :primary, :primary_preferred, :nearest
+        # (default: primary)
+        # read:
+        #   mode: :secondary_preferred
+
+        # The name of the user for authentication.
+        # user: 'user'
+
+        # The password of the user for authentication.
+        # password: 'password'
+
+        # The user's database roles.
+        # roles:
+        #   - 'dbOwner'
+
+        # Change the default authentication mechanism. Valid options are: :scram,
+        # :mongodb_cr, :mongodb_x509, and :plain. (default on 3.0 is :scram, default
+        # on 2.4 and 2.6 is :plain)
+        # auth_mech: :scram
+
+        # The database or source to authenticate the user against. (default: admin)
+        # auth_source: admin
+
+        # Force a the driver cluster to behave in a certain manner instead of auto-
+        # discovering. Can be one of: :direct, :replica_set, :sharded. Set to :direct
+        # when connecting to hidden members of a replica set.
+        # connect: :direct
+
+        # Changes the default time in seconds the server monitors refresh their status
+        # via ismaster commands. (default: 10)
+        # heartbeat_frequency: 10
+
+        # The time in seconds for selecting servers for a near read preference. (default: 5)
+        # local_threshold: 5
+
+        # The timeout in seconds for selecting a server for an operation. (default: 30)
+        # server_selection_timeout: 30
+
+        # The maximum number of connections in the connection pool. (default: 5)
+        # max_pool_size: 5
+
+        # The minimum number of connections in the connection pool. (default: 1)
+        # min_pool_size: 1
+
+        # The time to wait, in seconds, in the connection pool for a connection
+        # to be checked in before timing out. (default: 5)
+        # wait_queue_timeout: 5
+
+        # The time to wait to establish a connection before timing out, in seconds.
+        # (default: 5)
+        # connect_timeout: 5
+
+        # The timeout to wait to execute operations on a socket before raising an error.
+        # (default: 5)
+        # socket_timeout: 5
+
+        # The name of the replica set to connect to. Servers provided as seeds that do
+        # not belong to this replica set will be ignored.
+        # replica_set: name
+
+        # Whether to connect to the servers via ssl. (default: false)
+        # ssl: true
+
+        # The certificate file used to identify the connection against MongoDB.
+        # ssl_cert: /path/to/my.cert
 
-    # Enable the identity map, needed for eager loading. (default: false)
-    # identity_map_enabled: true
+        # The private keyfile used to identify the connection against MongoDB.
+        # Note that even if the key is stored in the same file as the certificate,
+        # both need to be explicitly specified.
+        # ssl_key: /path/to/my.key
 
+        # A passphrase for the private key.
+        # ssl_key_pass_phrase: password
+
+        # Whether or not to do peer certification validation. (default: false)
+        # ssl_verify: true
+
+        # The file containing a set of concatenated certification authority certifications
+        # used to validate certs passed from the other end of the connection.
+        # ssl_ca_cert: /path/to/ca.cert
+
+
+  # Configure Mongoid specific options. (optional)
+  options:
     # Includes the root model name in json serialization. (default: false)
     # include_root_in_json: false
 
-    # Include the _type field in serializaion. (default: false)
+    # Include the _type field in serialization. (default: false)
     # include_type_for_serialization: false
 
     # Preload all models in development, needed when models use
     # inheritance. (default: false)
     # preload_models: false
 
-    # Protect id and type from mass assignment. (default: true)
-    # protect_sensitive_fields: true
-
     # Raise an error when performing a #find and the document is not found.
     # (default: true)
     # raise_not_found_error: true
@@ -51,67 +119,16 @@ development:
     # existing method. (default: false)
     # scope_overwrite_exception: false
 
-    # Skip the database version check, used when connecting to a db without
-    # admin access. (default: false)
-    # skip_version_check: false
-
-    # User Active Support's time zone in conversions. (default: true)
+    # Use Active Support's time zone in conversions. (default: true)
     # use_activesupport_time_zone: true
 
     # Ensure all times are UTC in the app side. (default: false)
     # use_utc: false
-
-profile:
-  sessions:
-    default:
-      database: locomotive_engine_profile
-      hosts:
-        - localhost:27017
-      options:
-        # consistency: :strong
-        # identity_map_enabled: true
-
 test:
-  sessions:
+  clients:
     default:
       database: locomotive_engine_test
       hosts:
         - localhost:27017
       options:
-        # consistency: :strong
-        # identity_map_enabled: true
-
-production:
-  sessions:
-    default:
-      database: locomotive_engine_prod
-      hosts:
-        - localhost:27017
-      options:
-        # consistency: :strong
-        # identity_map_enabled: true
-
-
-# defaults: &defaults
-#   host: localhost
-#   port: 27017
-#   # slaves:
-#   #   - host: slave1.local
-#   #     port: 27018
-#   #   - host: slave2.local
-#   #     port: 27019
-
-# development:
-#   <<: *defaults
-#   database: locomotive_engine_dev
-#   identity_map_enabled: true
-
-# test:
-#   <<: *defaults
-#   database: locomotive_engine_test
-#   identity_map_enabled: true
-
-# production:
-#   <<: *defaults
-#   identity_map_enabled: true
-#   database: locomotive_engine_production
+        max_pool_size: 1

data/spec/models/locomotive/content_entry_spec.rb

@@ -163,13 +163,13 @@ describe Locomotive::ContentEntry do
     context 'set of entries' do
 
       before(:each) do
-        @content_type.save
+        @content_type.save!
         3.times { build_content_entry(file: FixturedAsset.open('5k.png')).save! }
       end
 
       subject { @content_type.ordered_entries.to_csv(host: 'example.com').split("\n") }
 
-      it { expect(subject.size).to eq(4) }
+      it { puts @content_type.ordered_entries.first.content_type.inspect; expect(subject.size).to eq(4) }
       it { expect(subject.first).to eq("Title,Description,Visible ?,File,Published at,Created at") }
       it { expect(subject.last).to match(/^Locomotive,Lorem ipsum....,false,http:\/\/example.com\/sites\/[0-9a-f]+\/content_entry[0-9a-f]+\/[0-9a-f]+\/files\/5k.png,\"\",\"July 05, 2013 00:00\"$/) }
 
@@ -388,12 +388,12 @@ describe Locomotive::ContentEntry do
 
   end
 
-  it_should_behave_like 'model scoped by a site' do
+  # it_should_behave_like 'model scoped by a site' do
 
-    let(:model)         { build_content_entry }
-    let(:attribute)     { :content_version }
+  #   let(:model)         { build_content_entry }
+  #   let(:attribute)     { :content_version }
 
-  end
+  # end
 
   def localize_content_type(content_type)
     content_type.entries_custom_fields.first.localized = true

data/spec/requests/locomotive/steam/cache_spec.rb

@@ -39,7 +39,7 @@ describe Locomotive::Steam::Middlewares::Cache do
 
     subject { middleware.send(:cache_key, steam_env) }
 
-    it { expect(subject).to eq '58fd247394540204e358e21e0dec4b72' }
+    it { expect(subject).to eq 'd099597c3f59bb17f8a18443611ec654' }
 
   end
 

data/spec/requests/site_spec.rb

@@ -11,8 +11,33 @@ describe Locomotive::Middlewares::Site do
 
   describe 'no site' do
 
+    let(:app) { ->(env) { raise ::Locomotive::Steam::NoSiteException.new } }
+
     it { is_expected.to eq(nil) }
 
+    describe 'not the default host' do
+
+      before { allow(Locomotive::Account).to receive(:count).and_return(1) }
+
+      let(:warden)    { instance_double('WargenStrategy', authenticate: nil) }
+      let(:rack_env)  { env_for(url).tap { |e| e['warden'] = warden } }
+
+      subject { middleware.call(rack_env) }
+
+      it { expect(subject.first).to eq 404 }
+      it { expect(subject.last.body).to match(/Sign In/) }
+
+      context 'default host' do
+
+        before { allow(Locomotive.config).to receive(:host).and_return('example.com') }
+
+        it { expect(subject.first).to eq 301 }
+        it { expect(subject[1]['Location']).to eq '/locomotive/sign_in' }
+
+      end
+
+    end
+
   end
 
   describe 'no account' do

data/spec/support/mongoid.rb

@@ -0,0 +1,2 @@
+Mongoid.logger.level = Logger::INFO
+Mongo::Logger.logger.level = Logger::INFO