lperichon-devise_invitable 0.3.0

data/lib/devise_invitable/controllers/url_helpers.rb

@@ -0,0 +1,24 @@
+module DeviseInvitable
+  module Controllers
+    module UrlHelpers
+      [:path, :url].each do |path_or_url|
+        [nil, :new_, :edit_].each do |action|
+          class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1
+            def #{action}invitation_#{path_or_url}(resource, *args)
+              resource = case resource
+                when Symbol, String
+                  resource
+                when Class
+                  resource.name.underscore
+                else
+                  resource.class.name.underscore
+              end
+              
+              send("#{action}\#{resource}_invitation_#{path_or_url}", *args)
+            end
+          URL_HELPERS
+        end
+      end
+    end
+  end
+end

data/lib/devise_invitable/locales/en.yml

@@ -0,0 +1,5 @@
+en:
+  devise:
+    invitations:
+      send_instructions: 'An email with instructions about how to set the password has been sent.'
+      updated: 'Your password was set successfully. You are now signed in.'

data/lib/devise_invitable/mailer.rb

@@ -0,0 +1,8 @@
+module DeviseInvitable::Mailer
+
+  # Deliver an invitation when is requested
+  def invitation(record)
+    setup_mail(record, :invitation)
+  end
+  
+end

data/lib/devise_invitable/model.rb

@@ -0,0 +1,139 @@
+module Devise
+  module Models
+    # Invitable is responsible to send emails with invitations.
+    # When an invitation is sent to an email, an account is created for it.
+    # An invitation has a link to set the password, as reset password from recoverable.
+    #
+    # Configuration:
+    #
+    #   invite_for: the time you want the user will have to confirm the account after
+    #               is invited. When invite_for is zero, the invitation won't expire.
+    #               By default invite_for is 0.
+    #
+    # Examples:
+    #
+    #   User.find(1).invited?             # true/false
+    #   User.send_invitation(:email => 'someone@example.com') # send invitation
+    #   User.accept_invitation!(:invitation_token => '...')   # accept invitation with a token
+    #   User.find(1).accept_invitation!   # accept invitation
+    #   User.find(1).resend_invitation!   # reset invitation status and send invitation again
+    module Invitable
+      extend ActiveSupport::Concern
+
+      def self.included(base)
+        base.class_eval do
+          extend ClassMethods
+        end
+      end
+
+      # Accept an invitation by clearing invitation token and confirming it if model
+      # is confirmable
+      def accept_invitation!
+        if self.invited?
+          self.invitation_token = nil
+          save(:validate => false)
+        end
+      end
+
+      # Verifies whether a user has been invited or not
+      def invited?
+        !new_record? && !invitation_token.nil?
+      end
+
+      # Send invitation by email
+      def send_invitation
+        # don't know why token does not get generated unless I add these
+        generate_invitation_token
+        save(:validate => false)
+        
+        ::Devise::Mailer.invitation(self).deliver
+      end
+
+      # Reset invitation token and send invitation again
+      def resend_invitation!
+        if new_record? || invited?
+          self.skip_confirmation! if self.new_record? and self.respond_to? :skip_confirmation!
+          generate_invitation_token
+          save(:validate => false)
+          send_invitation
+        end
+      end
+
+      # Verify whether a invitation is active or not. If the user has been
+      # invited, we need to calculate if the invitation time has not expired
+      # for this user, in other words, if the invitation is still valid.
+      def valid_invitation?
+        invited? && invitation_period_valid?
+      end
+
+      protected
+
+        # Checks if the invitation for the user is within the limit time.
+        # We do this by calculating if the difference between today and the
+        # invitation sent date does not exceed the invite for time configured.
+        # Invite_for is a model configuration, must always be an integer value.
+        #
+        # Example:
+        #
+        #   # invite_for = 1.day and invitation_sent_at = today
+        #   invitation_period_valid?   # returns true
+        #
+        #   # invite_for = 5.days and invitation_sent_at = 4.days.ago
+        #   invitation_period_valid?   # returns true
+        #
+        #   # invite_for = 5.days and invitation_sent_at = 5.days.ago
+        #   invitation_period_valid?   # returns false
+        #
+        #   # invite_for = nil
+        #   invitation_period_valid?   # will always return true
+        #
+        def invitation_period_valid?
+          invitation_sent_at && (self.class.invite_for.to_i.zero? || invitation_sent_at.utc >= self.class.invite_for.ago)
+        end
+
+        # Generates a new random token for invitation, and stores the time
+        # this token is being generated
+        def generate_invitation_token
+          self.invitation_token = Devise.friendly_token
+          self.invitation_sent_at = Time.now.utc
+        end
+
+      module ClassMethods
+        # Attempt to find a user by it's email. If a record is not found, create a new
+        # user and send invitation to it. If user is found, returns the user with an
+        # email already exists error.
+        # Options must contain the user email
+        def send_invitation(attributes={})
+          invitable = find_or_initialize_by_email(attributes[:email])
+
+          if invitable.new_record?
+            invitable.errors.add(:email, :blank) if invitable.email.blank?
+            invitable.errors.add(:email, :invalid) unless invitable.email.match Devise.email_regexp
+          else
+            invitable.errors.add(:email, :taken) unless invitable.invited?
+          end
+
+          invitable.resend_invitation! if invitable.errors.empty?
+          invitable
+        end
+
+        # Attempt to find a user by it's invitation_token to set it's password.
+        # If a user is found, reset it's password and automatically try saving
+        # the record. If not user is found, returns a new user containing an
+        # error in invitation_token attribute.
+        # Attributes must contain invitation_token, password and confirmation
+        def accept_invitation!(attributes={})
+          invitable = find_or_initialize_with_error_by(:invitation_token, attributes[:invitation_token])
+          invitable.errors.add(:invitation_token, :invalid) if attributes[:invitation_token] && !invitable.new_record? && !invitable.valid_invitation?
+          if invitable.errors.empty?
+            invitable.attributes = attributes
+            invitable.accept_invitation! if invitable.valid?
+          end
+          invitable
+        end
+
+        Devise::Models.config(self, :invite_for)
+      end
+    end
+  end
+end

data/lib/devise_invitable/rails.rb

@@ -0,0 +1,15 @@
+module DeviseInvitable
+  class Engine < ::Rails::Engine
+    
+    initializer "devise_invitable.add_url_helpers" do |app|
+      ActionController::Base.send :include, DeviseInvitable::Controllers::UrlHelpers
+      ActionView::Base.send :include, DeviseInvitable::Controllers::UrlHelpers
+    end
+    
+    config.after_initialize do
+      I18n.load_path.unshift File.expand_path(File.join(File.dirname(__FILE__), 'locales', 'en.yml'))
+      Devise::Mailer.send :include, DeviseInvitable::Mailer
+    end
+    
+  end
+end

data/lib/devise_invitable/routes.rb

@@ -0,0 +1,11 @@
+module ActionDispatch::Routing
+  class Mapper
+    protected
+      def devise_invitation(mapping, controllers)
+        scope mapping.full_path[1..-1], :name_prefix => mapping.name do
+          resource :invitation, :only => [:new, :create, :update, :edit], :as => mapping.path_names[:invitation], :controller => controllers[:invitations]
+          # get :"accept_#{mapping.name}_invitation", :controller => 'invitations', :action => 'edit' # , :name_prefix => nil, :path_prefix => "#{mapping.name}/invitation"
+        end
+      end
+  end
+end

data/lib/devise_invitable/schema.rb

@@ -0,0 +1,11 @@
+module DeviseInvitable
+  module Schema
+    # Creates invitation_token and invitation_sent_at.
+    def invitable
+      apply_devise_schema :invitation_token,   String, :limit => 20
+      apply_devise_schema :invitation_sent_at, DateTime
+    end
+  end
+end
+
+Devise::Schema.send :include, DeviseInvitable::Schema

data/test/integration/invitable_test.rb

@@ -0,0 +1,122 @@
+require 'test/test_helper'
+require 'test/integration_tests_helper'
+
+class InvitationTest < ActionController::IntegrationTest
+
+  def send_invitation(&block)
+    visit new_user_invitation_path
+
+    assert_response :success
+    assert_template 'invitations/new'
+    assert warden.authenticated?(:user)
+
+    fill_in 'email', :with => 'user@test.com'
+    yield if block_given?
+    click_button 'Send an invitation'
+  end
+
+  def set_password(options={}, &block)
+    unless options[:visit] == false
+      visit accept_user_invitation_path(:invitation_token => options[:invitation_token])
+    end
+    assert_response :success
+    assert_template 'invitations/edit'
+
+    fill_in 'Password', :with => '987654321'
+    fill_in 'Password confirmation', :with => '987654321'
+    yield if block_given?
+    click_button 'Set my password'
+  end
+
+  test 'not authenticated user should not be able to send an invitation' do
+    get new_user_invitation_path
+    assert_not warden.authenticated?(:user)
+
+    assert_redirected_to new_user_session_path(:unauthenticated => true)
+  end
+
+  test 'authenticated user should be able to send an invitation' do
+    sign_in_as_user
+
+    send_invitation
+    assert_template 'home/index'
+    assert_equal 'An email with instructions about how to set the password has been sent.', flash[:notice]
+  end
+
+  test 'authenticated user with invalid email should receive an error message' do
+    user = create_user
+    sign_in_as_user
+    send_invitation do
+      fill_in 'email', :with => user.email
+    end
+
+    assert_response :success
+    assert_template 'invitations/new'
+    assert_have_selector "input[type=text][value='#{user.email}']"
+    assert_contain 'Email has already been taken'
+  end
+
+  test 'authenticated user should not be able to visit edit invitation page' do
+    sign_in_as_user
+
+    get accept_user_invitation_path
+
+    assert_response :redirect
+    assert_redirected_to root_path
+    assert warden.authenticated?(:user)
+  end
+
+  test 'not authenticated user with invalid invitation token should not be able to set his password' do
+    user = create_user
+    set_password :invitation_token => 'invalid_token'
+
+    assert_response :success
+    assert_template 'invitations/edit'
+    assert_have_selector '#errorExplanation'
+    assert_contain 'Invitation token is invalid'
+    assert_not user.reload.valid_password?('987654321')
+  end
+
+  test 'not authenticated user with valid invitation token but invalid password should not be able to set his password' do
+    user = create_user(false)
+    set_password :invitation_token => user.invitation_token do
+      fill_in 'Password confirmation', :with => 'other_password'
+    end
+
+    assert_response :success
+    assert_template 'invitations/edit'
+    assert_have_selector '#errorExplanation'
+    assert_contain 'Password doesn\'t match confirmation'
+    assert_not user.reload.valid_password?('987654321')
+  end
+
+  test 'not authenticated user with valid data should be able to change his password' do
+    user = create_user(false)
+    set_password :invitation_token => user.invitation_token
+
+    assert_template 'home/index'
+    assert_equal 'Your password was set successfully. You are now signed in.', flash[:notice]
+    assert user.reload.valid_password?('987654321')
+  end
+
+  test 'after entering invalid data user should still be able to set his password' do
+    user = create_user(false)
+    set_password :invitation_token => user.invitation_token do
+      fill_in 'Password confirmation', :with => 'other_password'
+    end
+    assert_response :success
+    assert_have_selector '#errorExplanation'
+    assert_not user.reload.valid_password?('987654321')
+
+    set_password :invitation_token => user.invitation_token
+    assert_equal 'Your password was set successfully. You are now signed in.', flash[:notice]
+    assert user.reload.valid_password?('987654321')
+  end
+
+  test 'sign in user automatically after setting it\'s password' do
+    user = create_user(false)
+    set_password :invitation_token => user.invitation_token
+
+    assert warden.authenticated?(:user)
+  end
+end

data/test/integration_tests_helper.rb

@@ -0,0 +1,39 @@
+class ActionController::IntegrationTest
+
+  def warden
+    request.env['warden']
+  end
+  
+  def sign_in_as_user
+    Warden::Proxy.any_instance.stubs(:user).at_least_once.returns(User.new)
+  end
+
+  def create_user(accept_invitation = true)
+    user = User.new :email => 'newuser@test.com'
+    user.skip_confirmation!
+    user.invitation_token = 'token'
+    user.invitation_sent_at = Time.now.utc
+    user.save(false)
+    user.accept_invitation! if accept_invitation
+    user
+  end
+
+  # Fix assert_redirect_to in integration sessions because they don't take into
+  # account Middleware redirects.
+  #
+  def assert_redirected_to(url)
+    assert [301, 302].include?(@integration_session.status),
+           "Expected status to be 301 or 302, got #{@integration_session.status}"
+
+    url = prepend_host(url)
+    location = prepend_host(@integration_session.headers["Location"])
+    assert_equal url, location
+  end
+
+  protected
+
+    def prepend_host(url)
+      url = "http://#{request.host}#{url}" if url[0] == ?/
+      url
+    end
+end

data/test/mailers/invitation_test.rb

@@ -0,0 +1,62 @@
+require 'test/test_helper'
+
+class InvitationMailTest < ActionMailer::TestCase
+
+  def setup
+    setup_mailer
+    Devise.mailer_sender = 'test@example.com'
+  end
+
+  def user
+    @user ||= begin
+      user = create_user_with_invitation('token')
+      user.send_invitation
+      user
+    end
+  end
+
+  def mail
+    @mail ||= begin
+      user
+      ActionMailer::Base.deliveries.last
+    end
+  end
+
+  test 'email sent after reseting the user password' do
+    assert_not_nil mail
+  end
+
+  test 'content type should be set to html' do
+    assert_equal 'text/html', mail.content_type
+  end
+
+  test 'send invitation to the user email' do
+    assert_equal [user.email], mail.to
+  end
+
+  test 'setup sender from configuration' do
+    assert_equal ['test@example.com'], mail.from
+  end
+
+  test 'setup subject from I18n' do
+    store_translations :en, :devise => { :mailer => { :invitation => 'Invitation' } } do
+      assert_equal 'Invitation', mail.subject
+    end
+  end
+
+  test 'subject namespaced by model' do
+    store_translations :en, :devise => { :mailer => { :user => { :invitation => 'User Invitation' } } } do
+      assert_equal 'User Invitation', mail.subject
+    end
+  end
+
+  test 'body should have user info' do
+    assert_match /#{user.email}/, mail.body
+  end
+
+  test 'body should have link to confirm the account' do
+    host = ActionMailer::Base.default_url_options[:host]
+    invitation_url_regexp = %r{<a href=\"http://#{host}/users/invitation/accept\?invitation_token=#{user.invitation_token}">}
+    assert_match invitation_url_regexp, mail.body
+  end
+end