millsb-twitter-auth 0.1.16

data/spec/controllers/controller_extensions_spec.rb

@@ -0,0 +1,162 @@
+require File.dirname(__FILE__) + '/../spec_helper'
+
+ActionController::Routing::Routes.draw do |map|
+  map.connect ':controller/:action/:id'
+end
+
+class TwitterAuthTestController < ApplicationController
+  before_filter :login_required, :only => [:login_required_action]
+
+  def login_required_action
+    render :text => "You are logged in!"
+  end
+
+  def fail_auth
+    authentication_failed('Auth FAIL.')
+  end
+
+  def pass_auth
+    if params[:message]
+      authentication_succeeded(params[:message])
+    else
+      authentication_succeeded
+    end
+  end
+
+  def access_denied_action
+    access_denied
+  end
+
+  def redirect_back_action
+    redirect_back_or_default(params[:to] || '/')
+  end
+
+  def logout_keeping_session_action
+    logout_keeping_session!
+    redirect_back_or_default('/')
+  end
+
+  def current_user_action
+    @user = current_user
+    render :nothing => true
+  end
+end
+
+describe TwitterAuthTestController do
+  before do
+    controller.stub!(:cookies).and_return({})
+  end
+
+  %w(authentication_failed authentication_succeeded current_user authorized? login_required access_denied store_location redirect_back_or_default logout_keeping_session!).each do |m|
+    it "should respond to the extension method '#{m}'" do
+      controller.should respond_to(m)
+    end
+  end
+
+  describe "#authentication_failed" do
+    it 'should set the flash[:error] to the message passed in' do
+      get :fail_auth
+      flash[:error].should == 'Auth FAIL.'
+    end
+
+    it 'should redirect to the root' do
+      get :fail_auth
+      should redirect_to('/')
+    end
+  end
+
+  describe "#authentication_succeeded" do
+    it 'should set the flash[:notice] to a default success message' do
+      get :pass_auth
+      flash[:notice].should == 'You have logged in successfully.' 
+    end
+
+    it 'should be able ot receive a custom message' do
+      get :pass_auth, :message => 'Eat at Joes.'
+      flash[:notice].should == 'Eat at Joes.'
+    end
+  end
+
+  describe '#current_user' do
+    it 'should find the user based on the session user_id' do
+      user = Factory.create(:twitter_oauth_user)
+      request.session[:user_id] = user.id
+      get(:current_user_action)
+      assigns[:user].should == user
+    end
+
+    it 'should log the user in through a cookie' do
+      user = Factory(:twitter_oauth_user, :remember_token => 'abc', :remember_token_expires_at => (Time.now + 10.days))
+      controller.stub!(:cookies).and_return({:remember_token => 'abc'})
+      get :current_user_action
+      assigns[:user].should == user
+    end
+
+    it 'should return nil if there is no user matching that id' do
+      request.session[:user_id] = 2345
+      get :current_user_action
+      assigns[:user].should be_nil
+    end
+  end
+
+  describe "#authorized?" do
+    it 'should be true if there is a current_user' do
+      user = Factory.create(:twitter_oauth_user)
+      controller.stub!(:current_user).and_return(user)
+      controller.send(:authorized?).should be_true
+    end
+
+    it 'should be false if there is not current_user' do
+      controller.stub!(:current_user).and_return(nil)
+      controller.send(:authorized?).should be_false
+    end
+  end
+
+  describe '#access_denied' do
+    it 'should redirect to the login path' do
+      get :access_denied_action
+      should redirect_to(login_path)
+    end
+
+    it 'should store the location first' do
+      controller.should_receive(:store_location).once
+      get :access_denied_action
+    end
+  end
+
+  describe '#redirect_back_or_default' do
+    it 'should redirect if there is a session[:return_to]' do
+      request.session[:return_to] = '/'
+      get :redirect_back_action, :to => '/notroot'
+      should redirect_to('/')
+    end
+
+    it 'should redirect to the default provided otherwise' do
+      get :redirect_back_action, :to => '/someurl'
+      should redirect_to('/someurl')
+    end
+  end
+
+  describe 'logout_keeping_session!' do
+    before do
+      @user = Factory.create(:twitter_oauth_user)
+      request.session[:user_id] = @user.id
+    end
+
+    it 'should unset session[:user_id]' do
+      get :logout_keeping_session_action
+      request.session[:user_id].should be_nil
+    end
+
+    it 'should unset current_user' do
+      controller.send(:current_user).should == @user
+      get :logout_keeping_session_action
+      controller.send(:current_user).should be_nil
+    end
+
+    it 'should unset the cookie' do
+      controller.send(:cookies).should_receive(:delete).with(:remember_token)
+      get :logout_keeping_session_action
+    end
+  end
+end

data/spec/controllers/sessions_controller_spec.rb

@@ -0,0 +1,221 @@
+require File.dirname(__FILE__) + '/../spec_helper'
+
+describe SessionsController do
+  integrate_views
+
+  describe 'routes' do
+    it 'should route /session/new to SessionsController#new' do
+      params_from(:get, '/session/new').should == {:controller => 'sessions', :action => 'new'}
+    end
+
+    it 'should route /login to SessionsController#new' do
+      params_from(:get, '/login').should == {:controller => 'sessions', :action => 'new'}
+    end
+
+    it 'should route /logout to SessionsController#destroy' do
+      params_from(:get, '/logout').should == {:controller => 'sessions', :action => 'destroy'}
+    end
+
+    it 'should route DELETE /session to SessionsController#destroy' do
+      params_from(:delete, '/session').should == {:controller => 'sessions', :action => 'destroy'}
+    end
+
+    it 'should route /oauth_callback to SessionsController#oauth_callback' do
+      params_from(:get, '/oauth_callback').should == {:controller => 'sessions', :action => 'oauth_callback'}
+    end
+
+    it 'should route POST /session to SessionsController#create' do
+      params_from(:post, '/session').should == {:controller => 'sessions', :action => 'create'}
+    end
+  end
+
+  describe 'with OAuth strategy' do
+    before do
+      stub_oauth!
+    end
+
+    describe '#new' do
+      it 'should retrieve a request token' do
+        get :new
+        assigns[:request_token].token.should == 'faketoken'
+        assigns[:request_token].secret.should == 'faketokensecret'
+      end
+
+      it 'should set session variables for the request token' do
+        get :new
+        session[:request_token].should == 'faketoken'
+        session[:request_token_secret].should == 'faketokensecret'
+      end
+
+      it 'should redirect to the oauth authorization url' do
+        get :new
+        response.should redirect_to('https://twitter.com/oauth/authorize?oauth_token=faketoken')
+      end
+
+      it 'should redirect to the oauth_callback if one is specified' do
+        TwitterAuth.stub!(:oauth_callback).and_return('http://localhost:3000/development')
+        TwitterAuth.stub!(:oauth_callback?).and_return(true)        
+
+        get :new
+        response.should redirect_to('https://twitter.com/oauth/authorize?oauth_token=faketoken&oauth_callback=' + CGI.escape(TwitterAuth.oauth_callback))
+      end
+    end
+
+    describe '#oauth_callback' do
+      describe 'with no session info' do
+        it 'should set the flash[:error]' do
+          get :oauth_callback, :oauth_token => 'faketoken'
+          flash[:error].should == 'No authentication information was found in the session. Please try again.'
+        end
+
+        it 'should redirect to "/" by default' do
+          get :oauth_callback, :oauth_token => 'faketoken'
+          response.should redirect_to('/')
+        end
+
+        it 'should call authentication_failed' do
+          controller.should_receive(:authentication_failed).any_number_of_times
+          get :oauth_callback, :oauth_token => 'faketoken'
+        end
+      end
+
+      describe 'with proper info' do
+        before do
+          @user = Factory.create(:twitter_oauth_user)
+          @time = Time.now
+          @remember_token = ActiveSupport::SecureRandom.hex(10)
+          
+          Time.stub!(:now).and_return(@time)
+          ActiveSupport::SecureRandom.stub!(:hex).and_return(@remember_token)
+
+          request.session[:request_token] = 'faketoken'
+          request.session[:request_token_secret] = 'faketokensecret'
+          get :oauth_callback, :oauth_token => 'faketoken'
+        end 
+
+        describe 'building the access token' do
+          it 'should rebuild the request token' do
+            correct_token =  OAuth::RequestToken.new(TwitterAuth.consumer,'faketoken','faketokensecret')
+            
+            %w(token secret).each do |att|
+              assigns[:request_token].send(att).should == correct_token.send(att)
+            end
+          end
+
+          it 'should exchange the request token for an access token' do
+            assigns[:access_token].should be_a(OAuth::AccessToken)
+            assigns[:access_token].token.should == 'fakeaccesstoken'
+            assigns[:access_token].secret.should == 'fakeaccesstokensecret'
+          end
+
+          it 'should wipe the request token after exchange' do
+            session[:request_token].should be_nil
+            session[:request_token_secret].should be_nil
+          end
+        end
+        
+        describe 'identifying the user' do
+          it "should find the user" do         
+            assigns[:user].should == @user
+          end
+
+          it "should assign the user id to the session" do
+            session[:user_id].should == @user.id
+          end
+
+          it "should call remember me" do
+            @user.reload
+            @user.remember_token.should == @remember_token
+          end
+
+          it "should set a cookie" do
+            cookies[:remember_token].should == @remember_token
+          end
+        end
+
+        describe "when OAuth doesn't work" do
+          before do
+            request.session[:request_token] = 'faketoken'
+            request.session[:request_token_secret] = 'faketokensecret'
+            @request_token =  OAuth::RequestToken.new(TwitterAuth.consumer, session[:request_token], session[:request_token_secret])
+            OAuth::RequestToken.stub!(:new).and_return(@request_token)
+          end
+
+          it 'should call authentication_failed when it gets a 401 from OAuth' do
+            @request_token.stub!(:get_access_token).and_raise(Net::HTTPServerException.new('401 "Unauthorized"', '401 "Unauthorized"'))
+            controller.should_receive(:authentication_failed).with('This authentication request is no longer valid. Please try again.')
+            # the should raise_error is hacky because of the expectation
+            # stubbing the proper behavior :-(
+            lambda{get :oauth_callback, :oauth_token => 'faketoken'}.should raise_error(ActionView::MissingTemplate)
+          end
+
+          it 'should call authentication_failed when it gets a different HTTPServerException' do
+            @request_token.stub!(:get_access_token).and_raise(Net::HTTPServerException.new('404 "Not Found"', '404 "Not Found"'))
+            controller.should_receive(:authentication_failed).with('There was a problem trying to authenticate you. Please try again.')
+            lambda{get :oauth_callback, :oauth_token => 'faketoken'}.should raise_error(ActionView::MissingTemplate)
+          end
+        end
+      end
+    end
+  end
+
+  describe 'with Basic strategy' do
+    before do
+      stub_basic!
+    end
+    
+    describe '#new' do
+      it 'should render the new action' do
+        get :new
+        response.should render_template('sessions/new')
+      end
+
+      it 'should render the login form' do
+        get :new
+        response.should have_tag('form[action=/session][id=login_form][method=post]')
+      end
+      
+      describe '#create' do
+        before do
+          @user = Factory.create(:twitter_basic_user)
+        end
+
+        it 'should call logout_keeping_session! to remove session info' do
+          controller.should_receive(:logout_keeping_session!)
+          post :create
+        end
+
+        it 'should try to authenticate the user' do
+          User.should_receive(:authenticate)
+          post :create
+        end
+
+        it 'should call authentication_failed on authenticate failure' do
+          User.should_receive(:authenticate).and_return(nil)
+          post :create, :login => 'wrong', :password => 'false'
+          response.should redirect_to('/login')
+        end
+
+        it 'should call authentication_succeeded on authentication success' do
+          User.should_receive(:authenticate).and_return(@user)    
+          post :create, :login => 'twitterman', :password => 'cool'
+          response.should redirect_to('/')
+          flash[:notice].should_not be_blank
+        end
+      end
+    end
+
+  end
+
+  describe '#destroy' do
+    it 'should call logout_keeping_session!' do
+      controller.should_receive(:logout_keeping_session!).once
+      get :destroy
+    end
+
+    it 'should redirect to the root' do
+      get :destroy
+      response.should redirect_to('/')
+    end
+  end
+end

data/spec/fixtures/config/twitter_auth.yml

@@ -0,0 +1,17 @@
+development:
+  strategy: oauth
+  base_url: "https://twitter.com"
+  oauth_consumer_key: devkey
+  oauth_consumer_secret: devsecret
+  oauth_callback: "http://localhost:3000"
+test:
+  strategy: oauth
+  base_url: "https://twitter.com"
+  oauth_consumer_key: testkey
+  oauth_consumer_secret: testsecret
+production:
+  strategy: oauth
+  base_url: "https://twitter.com"
+  oauth_consumer_key: prodkey
+  oauth_consumer_secret: prodsecret
+

data/spec/fixtures/factories.rb

@@ -0,0 +1,18 @@
+require 'factory_girl'
+
+Factory.define(:twitter_oauth_user, :class => User) do |u|
+  u.login 'twitterman'
+  u.access_token 'fakeaccesstoken'
+  u.access_secret 'fakeaccesstokensecret'
+  
+  u.name 'Twitter Man'
+  u.description 'Saving the world for all Twitter kind.'
+end
+
+Factory.define(:twitter_basic_user, :class => User) do |u|
+  u.login 'twitterman'
+  u.password 'test'
+
+  u.name 'Twitter Man'
+  u.description 'Saving the world for all Twitter kind.'
+end

data/spec/fixtures/fakeweb.rb

@@ -0,0 +1,18 @@
+# This is where we fake out all of the URLs that we
+# will be calling as a part of this spec suite.
+# You must have the 'fakeweb' gem in order to run
+# the tests for TwitterAuth.
+#
+# gem install 'mbleigh-fakeweb'
+
+require 'fake_web'
+
+FakeWeb.allow_net_connect = false
+
+FakeWeb.register_uri(:post, 'https://twitter.com:443/oauth/request_token', :string => 'oauth_token=faketoken&oauth_token_secret=faketokensecret')
+
+FakeWeb.register_uri(:post, 'https://twitter.com:443/oauth/access_token', :string => 'oauth_token=fakeaccesstoken&oauth_token_secret=fakeaccesstokensecret')
+
+FakeWeb.register_uri(:get, 'https://twitter.com:443/account/verify_credentials.json', :string => "{\"profile_image_url\":\"http:\\/\\/static.twitter.com\\/images\\/default_profile_normal.png\",\"description\":\"Saving the world for all Twitter kind.\",\"utc_offset\":null,\"favourites_count\":0,\"profile_sidebar_fill_color\":\"e0ff92\",\"screen_name\":\"twitterman\",\"statuses_count\":0,\"profile_background_tile\":false,\"profile_sidebar_border_color\":\"87bc44\",\"friends_count\":2,\"url\":null,\"name\":\"Twitter Man\",\"time_zone\":null,\"protected\":false,\"profile_background_image_url\":\"http:\\/\\/static.twitter.com\\/images\\/themes\\/theme1\\/bg.gif\",\"profile_background_color\":\"9ae4e8\",\"created_at\":\"Fri Feb 06 18:10:32 +0000 2009\",\"profile_text_color\":\"000000\",\"followers_count\":2,\"location\":null,\"id\":20256865,\"profile_link_color\":\"0000ff\"}")
+
+#FakeWeb.register_uri(:get, 'https://twitter.com:443/)

data/spec/fixtures/twitter.rb

@@ -0,0 +1,5 @@
+require 'net/http'
+
+TWITTER_JSON = {
+  :verify_credentials => "{\"profile_image_url\":\"http:\\/\\/static.twitter.com\\/images\\/default_profile_normal.png\",\"description\":\"Saving the world for all Twitter kind.\",\"utc_offset\":null,\"favourites_count\":0,\"profile_sidebar_fill_color\":\"e0ff92\",\"screen_name\":\"twitterman\",\"statuses_count\":0,\"profile_background_tile\":false,\"profile_sidebar_border_color\":\"87bc44\",\"friends_count\":2,\"url\":null,\"name\":\"Twitter Man\",\"time_zone\":null,\"protected\":false,\"profile_background_image_url\":\"http:\\/\\/static.twitter.com\\/images\\/themes\\/theme1\\/bg.gif\",\"profile_background_color\":\"9ae4e8\",\"created_at\":\"Fri Feb 06 18:10:32 +0000 2009\",\"profile_text_color\":\"000000\",\"followers_count\":2,\"location\":null,\"id\":20256865,\"profile_link_color\":\"0000ff\"}"
+}

data/spec/models/twitter_auth/basic_user_spec.rb

@@ -0,0 +1,122 @@
+require File.dirname(__FILE__) + '/../../spec_helper'
+
+describe TwitterAuth::BasicUser do
+  before do
+    stub_basic!
+  end
+
+  describe '#password=' do
+    before do
+      @user = Factory.build(:twitter_basic_user)
+    end
+
+    it 'should change the value of crypted_password' do
+      lambda{@user.password = 'newpass'}.should change(@user, :crypted_password)
+    end
+
+    it 'should change the value of salt' do
+      lambda{@user.password = 'newpass'}.should change(@user, :salt)
+    end
+
+    it 'should not store the plaintext password' do
+      @user.password = 'newpass'
+      @user.crypted_password.should_not == 'newpass'
+    end
+  end
+
+  describe '#password' do
+    before do
+      @user = Factory.build(:twitter_basic_user, :password => 'monkey')
+    end
+
+    it 'should return the password' do
+      @user.password.should == 'monkey'
+    end    
+
+    it 'should not be a database attribute' do
+      @user['password'].should_not == 'monkey'
+    end
+  end
+  
+  describe '.verify_credentials' do
+    before do
+      @user = Factory.create(:twitter_basic_user)
+    end
+
+    it 'should return a JSON hash of the user when successful' do
+      hash = User.verify_credentials('twitterman','test')
+      hash.should be_a(Hash)
+      hash['screen_name'].should == 'twitterman'
+      hash['name'].should == 'Twitter Man'
+    end
+
+    it 'should return false when a 401 unauthorized happens' do
+      FakeWeb.register_uri(:get, 'https://twitter.com:443/account/verify_credentials.json', :string => '401 "Unauthorized"', :status => ['401',' Unauthorized'])
+      User.verify_credentials('twitterman','wrong').should be_false
+    end
+  end
+
+  describe '.authenticate' do
+    before do
+      @user = Factory.create(:twitter_basic_user)
+    end
+
+    it 'should make a call to verify_credentials' do
+      User.should_receive(:verify_credentials).with('twitterman','test')
+      User.authenticate('twitterman','test')
+    end
+
+    it 'should return nil if verify_credentials returns false' do
+      User.stub!(:verify_credentials).and_return(false)
+      User.authenticate('twitterman','test').should be_nil
+    end
+
+    it 'should return the user if verify_credentials succeeds' do
+      User.stub!(:verify_credentials).and_return(JSON.parse("{\"profile_image_url\":\"http:\\/\\/static.twitter.com\\/images\\/default_profile_normal.png\",\"description\":\"Saving the world for all Twitter kind.\",\"utc_offset\":null,\"favourites_count\":0,\"profile_sidebar_fill_color\":\"e0ff92\",\"screen_name\":\"twitterman\",\"statuses_count\":0,\"profile_background_tile\":false,\"profile_sidebar_border_color\":\"87bc44\",\"friends_count\":2,\"url\":null,\"name\":\"Twitter Man\",\"time_zone\":null,\"protected\":false,\"profile_background_image_url\":\"http:\\/\\/static.twitter.com\\/images\\/themes\\/theme1\\/bg.gif\",\"profile_background_color\":\"9ae4e8\",\"created_at\":\"Fri Feb 06 18:10:32 +0000 2009\",\"profile_text_color\":\"000000\",\"followers_count\":2,\"location\":null,\"id\":20256865,\"profile_link_color\":\"0000ff\"}"))
+      User.authenticate('twitterman','test').should == @user
+    end
+  end
+
+  describe '.find_or_create_by_twitter_hash_and_password' do
+    before do
+      @user = Factory.create(:twitter_basic_user)
+    end
+
+    it 'should return the existing user if there is one' do
+      User.identify_or_create_from_twitter_hash_and_password({'screen_name' => 'twitterman'},'test').should == @user
+    end
+
+    it 'should update the attributes from the hash' do
+      User.identify_or_create_from_twitter_hash_and_password({'screen_name' => 'twitterman', 'name' => 'New Name'}, 'test').name.should == 'New Name'
+    end
+
+    it 'should update the password from the argument' do
+      User.identify_or_create_from_twitter_hash_and_password({'screen_name' => 'twitterman', 'name' => 'New Name'}, 'test2').password.should == 'test2'
+    end
+
+    it 'should create a user if one does not exist' do
+      lambda{User.identify_or_create_from_twitter_hash_and_password({'screen_name' => 'dude', 'name' => "Lebowski"}, 'test')}.should change(User, :count).by(1)
+    end
+
+    it 'should assign the attributes from the hash to a created user' do
+      user = User.identify_or_create_from_twitter_hash_and_password({'screen_name' => 'dude', 'name' => "Lebowski"}, 'test')
+      user.login.should == 'dude'
+      user.name.should == 'Lebowski'
+      user.password.should == 'test'
+    end
+  end
+
+  describe '#twitter' do
+    before do
+      @user = Factory.create(:twitter_basic_user)
+    end
+
+    it 'should be an instance of TwitterAuth::Dispatcher::Basic' do
+      @user.twitter.class.should == TwitterAuth::Dispatcher::Basic
+    end
+
+    it 'should have the correct user set' do
+      @user.twitter.user.should == @user
+    end
+  end
+end