muck-users 0.1.0

data/test/functional/password_resets_controller_test.rb

@@ -0,0 +1,60 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class Muck::PasswordResetsControllerTest < ActionController::TestCase
+
+  tests Muck::PasswordResetsController
+
+  context "user sessions controller" do
+    setup do
+      @user = Factory(:user)
+    end
+    context "get new" do
+      setup do
+        get :new
+      end
+      should_respond_with :success
+      should_render_template :new
+    end
+    context "find user using email and send email message" do
+      setup do
+        post :create, :email => @user.email 
+      end
+      should "send password reset instructions" do
+        assert_sent_email do |email|
+          email.to.include?(@user.email)
+        end
+      end      
+      should_redirect_to("login") { login_path }
+    end
+    context "bad email - fail to reset password" do
+      setup do
+        post :create, :email => 'quentin@bad_email_example.com'
+      end
+      should_respond_with :success
+      should_render_template :new
+    end
+    context "get edit" do
+      setup do
+        get :edit, :id => @user.perishable_token
+      end
+      should_respond_with :success
+      should_render_template :edit
+    end
+    context "PUT update" do
+      setup do
+        put :update, :id => @user.perishable_token, :user => {:password => "foobar", :password_confirmation => "foobar" }
+      end
+      should_redirect_to("user account") { account_path }
+    end
+    context "PUT update - password mismatch" do
+      setup do
+        put :update, :id => @user.perishable_token, :user => {:password => "foobar", :password_confirmation => "foobarbaz"}
+      end
+      should "fail to update user password because passwords do not match" do
+        assert assigns(:user).errors.on(:password)
+      end
+      should_respond_with :success
+      should_render_template :edit
+    end
+  end
+end

data/test/functional/user_sessions_controller_test.rb

@@ -0,0 +1,62 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class Muck::UserSessionsControllerTest < ActionController::TestCase
+
+  tests Muck::UserSessionsController
+
+  should_filter_params :password
+  
+  context "user sessions controller" do
+    setup do
+      @login = 'quentin'
+      @good_password = 'test'
+      @user = Factory(:user, :login => @login, :password => @good_password, :password_confirmation => @good_password)
+    end
+    context "get new" do
+      setup do
+        get :new
+      end
+      should_respond_with :success
+      should_render_template :new
+    end
+    context "login and redirect" do
+      setup do
+        post :create, :user_session => { :login => @login, :password => @good_password }
+      end
+      should "create a user session" do
+        assert user_session = UserSession.find
+        assert_equal @user, user_session.user        
+      end
+      should_redirect_to("user account") { user_path(@user) }
+    end
+    context "fail login" do
+      setup do
+        post :create, :user_session => { :login => @login, :password => 'bad password' }
+      end
+      should "not create a user session" do
+        assert_nil UserSession.find
+      end
+      should_respond_with :success
+      should_render_template :new
+    end
+
+    context "authlogic enabled" do
+      setup do
+        @user = Factory(:user)
+        activate_authlogic
+      end
+      context "logout" do
+        setup do
+          login_as(@user)
+          delete :destroy
+        end
+        should "logout by destroying the user session" do
+          assert_nil UserSession.find
+        end
+        should_redirect_to("login") { login_path }
+      end
+    end
+    
+  end
+
+end

data/test/functional/users_controller_test.rb

@@ -0,0 +1,255 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class Muck::UsersControllerTest < ActionController::TestCase
+
+  tests Muck::UsersController
+  
+  context "configuration tests" do
+    teardown do
+      GlobalConfig.automatically_activate = false
+      GlobalConfig.automatically_login_after_account_create = false
+    end
+    
+    context "automatically activate account and log user in. " do
+      setup do
+        GlobalConfig.automatically_activate = true
+        GlobalConfig.automatically_login_after_account_create = true
+      end
+      context "on POST to :create" do
+        setup do
+          post_create_user
+        end
+        should_redirect_to("sign up complete path") { signup_complete_path(assigns(:user)) }
+        should "activate user" do
+          assert assigns(:user).active? == true, "user was not activated"
+        end
+      end
+      context "on POST to :create with bad login (space in login name)" do
+        setup do
+          post_create_user(:login => 'test guy')
+        end
+        should_respond_with :success
+        should_render_template :new
+        should "assign an error to the login field" do
+          assert assigns(:user).errors.on(:login), "no errors were assign on login field"
+        end
+      end
+    end
+  
+    context "automatically activate account do not log user in" do
+      setup do
+        GlobalConfig.automatically_activate = true
+        GlobalConfig.automatically_login_after_account_create = false
+      end
+      context "on POST to :create" do  
+        setup do
+          post_create_user 
+        end                             
+        should_redirect_to("signup complete login required path") { signup_complete_login_required_path(assigns(:user)) } 
+      end    
+      context "on POST to :create with bad login (space in login name)" do
+        setup do
+          post_create_user(:login => 'test guy')
+        end
+        should_respond_with :success
+        should_render_template :new
+        should "assign an error to the login field" do
+          assert assigns(:user).errors.on(:login), "no errors were assign on login field"
+        end
+      end   
+    end
+  
+    context "do not auto activate. do not login after create" do
+      setup do
+        GlobalConfig.automatically_activate = false
+        GlobalConfig.automatically_login_after_account_create = false
+      end
+      context "on POST to :create -- Allow signup. " do
+        setup do
+          post_create_user
+        end                                
+        should_redirect_to("activation required information page") { signup_complete_activation_required_path(assigns(:user)) }
+      end
+      context "on POST to :create -- require login on signup. " do
+        setup do
+          post_create_user :login => ''
+        end
+        should_respond_with :success
+        should_render_template :new
+        should "assign an error to the login field" do
+          assert assigns(:user).errors.on(:login) 
+        end                                       
+      end
+      context "on POST to :create with bad login (space in login name)" do
+        setup do
+          post_create_user(:login => 'test guy')
+        end
+        should_respond_with :success
+        should_render_template :new
+        should "assign an error to the login field" do
+          assert assigns(:user).errors.on(:login) 
+        end
+      end
+      context "on POST to :create -- require password on signup. " do
+        setup do 
+          post_create_user(:password => nil)
+        end
+        should_respond_with :success
+        should_render_template :new
+        should "assign an error to the password field" do
+          assert assigns(:user).errors.on(:password) 
+        end                                       
+      end
+      context "on POST to :create -- require password confirmation on signup. " do
+        setup { post_create_user(:password_confirmation => nil) }
+        should_respond_with :success
+        should_render_template :new
+          
+        should "assign an error to the password confirmation field" do
+          assert assigns(:user).errors.on(:password_confirmation) 
+        end                                       
+      end
+      context "on POST to :create -- require email on signup. " do
+        setup { post_create_user(:email => nil) }
+        should_respond_with :success
+        should_render_template :new
+        should "assign an error to the email field" do
+          assert assigns(:user).errors.on(:email) 
+        end                                       
+      end
+    end
+  end
+  
+  context "logged in" do
+    setup do
+      activate_authlogic
+      @user = Factory(:user)
+      login_as @user
+    end
+    
+    context "on GET to :welcome" do
+      setup do
+        @user = Factory(:user)
+        get :welcome, :id => @user.to_param
+      end
+      should_respond_with :success
+      should_render_template :welcome
+    end
+    
+    context "on GET to new (signup) while logged in" do
+      setup do
+        get :new
+      end
+      should_redirect_to("the logged in user's main user page") { user_url(@user) }
+    end
+  
+    context "on GET to show" do
+      setup do
+        get :show
+      end
+      should_respond_with :success
+      should_render_template :show
+    end
+    
+    context "on GET to edit" do
+      setup do
+        get :edit, :id => @user.to_param
+      end
+      should_respond_with :success
+      should_render_template :edit
+    end
+    
+    context "on GET to edit logged in but wrong user" do
+      setup do
+        @other_user = Factory(:user)
+        get :edit, :id => @other_user.to_param
+      end
+      should_respond_with :success
+      should "set the user to the logged in user" do
+        assert_equal assigns(:user), @user
+      end
+    end
+    
+    context "on PUT to :update" do
+      setup do
+        @user = Factory(:user)
+        put_update_user(@user)
+      end
+      should_redirect_to("user path") { user_path(assigns(:user)) }
+    end
+    
+  end
+  
+  context "not logged in" do
+    setup do
+      assure_logout
+    end
+    context "on GET to :welcome" do
+      setup do
+        @user = Factory(:user)
+        get :welcome, :id => @user.to_param
+      end
+      should_redirect_to("login") { login_path }
+    end
+    context "on GET to :activation_instructions" do
+      setup do
+        @user = Factory(:user)
+        get :activation_instructions, :id => @user.to_param
+      end
+      should_respond_with :success
+      should_render_template :activation_instructions
+    end
+    context "on GET to new (signup)" do
+      setup do
+        get :new
+      end
+      should_respond_with :success
+      should_render_template :new
+    end
+    context "on GET to show" do
+      setup do
+        @user = Factory(:user)
+        get :show
+      end
+      should_redirect_to("login") { login_path }
+    end
+    context "on GET to edit" do
+      setup do
+        @user = Factory(:user)
+        get :edit, :id => @user.to_param
+      end
+      should_redirect_to("login") { login_path }
+    end
+    context "on PUT to :update" do
+      setup do
+        @user = Factory(:user)
+        put_update_user(@user)
+      end
+      should_redirect_to("login") { login_path }
+    end
+  end
+
+  def put_update_user(user, options = {})
+    put :update,
+      :id => user.id, 
+      :user => { :login => 'testguy', 
+        :email => rand(1000).to_s + 'testguy@example.com', 
+        :password => 'testpasswrod', 
+        :password_confirmation => 'testpasswrod', 
+        :first_name => 'Ed',
+        :last_name => 'Decker',
+        :terms_of_service => true }.merge(options)
+  end
+
+  def post_create_user(options = {})
+    post :create, 
+      :user => { :login => 'testguy', 
+        :email => rand(1000).to_s + 'testguy@example.com', 
+        :password => 'testpasswrod', 
+        :password_confirmation => 'testpasswrod', 
+        :first_name => 'Ed',
+        :last_name => 'Decker',
+        :terms_of_service => true }.merge(options)
+  end
+
+end

data/test/shoulda_macros/controller.rb

@@ -0,0 +1,43 @@
+ActiveSupport::TestCase.class_eval do
+
+  def self.should_require_login(*args)
+    args = Hash[*args]
+    login_url = args.delete :login_url
+    args.each do |action, verb|
+      should "Require login for '#{action}' action" do
+        send(verb, action)
+        assert_redirected_to(login_url)
+      end
+    end
+  end
+
+  def self.should_require_role(role, redirect_url, *actions)
+    actions.each do |action|
+      should "require role for '#{action}' action" do
+        get(action)
+        ensure_flash(/permission/i)
+        assert_response :redirect
+      end
+    end
+  end
+  
+  #from: http://blog.internautdesign.com/2008/9/11/more-on-custom-shoulda-macros-scoping-of-instance-variables
+  def self.should_not_allow action, object, url= "/login", msg=nil
+    msg ||= "a #{object.class.to_s.downcase}" 
+    should "not be able to #{action} #{msg}" do
+      object = eval(object, self.send(:binding), __FILE__, __LINE__)
+      get action, :id => object.id
+      assert_redirected_to url
+    end
+  end
+
+  def self.should_allow action, object, msg=nil
+    msg ||= "a #{object.class.to_s.downcase}" 
+    should "be able to #{action} #{msg}" do
+      object = eval(object, self.send(:binding), __FILE__, __LINE__)
+      get action, :id => object.id
+      assert_response :success
+    end
+  end
+
+end

data/test/shoulda_macros/forms.rb

@@ -0,0 +1,28 @@
+class ActiveSupport::TestCase
+  def self.should_have_form(opts)
+    model = self.name.gsub(/ControllerTest$/, '').singularize.downcase
+    model = model[model.rindex('::')+2..model.size] if model.include?('::')
+    http_method, hidden_http_method = form_http_method opts[:method]
+    should "have a #{model} form" do
+      assert_select "form[action=?][method=#{http_method}]", eval(opts[:action]) do
+        if hidden_http_method
+          assert_select "input[type=hidden][name=_method][value=#{hidden_http_method}]"
+        end
+        opts[:fields].each do |attribute, type|
+          attribute = attribute.is_a?(Symbol) ? "#{model}[#{attribute.to_s}]" : attribute
+          assert_select "input[type=#{type.to_s}][name=?]", attribute
+        end
+        assert_select "input[type=submit]"
+      end
+    end
+  end
+
+  def self.form_http_method(http_method)
+    http_method = http_method.nil? ? 'post' : http_method.to_s
+    if http_method == "post" || http_method == "get"
+      return http_method, nil
+    else
+      return "post", http_method
+    end
+  end  
+end

data/test/shoulda_macros/models.rb

@@ -0,0 +1,34 @@
+ActiveSupport::TestCase.class_eval do
+
+  def self.should_whitelist(*attributes)
+    bad_scripts = [
+      %|';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>|,
+      %|'';!--"<XSS>=&{()}|,
+      %|<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>|,
+      %|<IMG SRC="javascript:alert('XSS');">|,
+      %|<IMG SRC=javascript:alert('XSS')>|,
+      %|<IMG SRC=JaVaScRiPt:alert('XSS')>|,
+      %|<IMG SRC=JaVaScRiPt:alert('XSS')>|,
+      %|<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>|,
+      %|<IMG """><SCRIPT>alert("XSS")</SCRIPT>">|,
+      %|<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>|,
+      %|<A HREF="h
+      tt	p://6&#9;6.000146.0x7.147/">XSS</A>|,
+      %|<script>alert('message');</script>| ]
+      
+    klass = model_class
+    attributes.each do |attribute|
+      attribute = attribute.to_sym
+      should "white list #{attribute}" do
+        assert object = klass.find(:first), "Can't find first #{klass}"
+        bad_scripts.each do |bad_value|
+          object.send("#{attribute}=", bad_value)
+          object.save
+          clean_value = object.send("#{attribute}")
+          assert !clean_value.include?(bad_value), "#{attribute} is not white listed. #{bad_value} made it through"
+        end
+      end
+    end
+  end
+
+end

data/test/shoulda_macros/pagination.rb

@@ -0,0 +1,48 @@
+class ActiveSupport::TestCase
+  # Example:
+  #  context "a GET to index logged in as admin" do
+  #    setup do
+  #      login_as_admin 
+  #      get :index
+  #    end
+  #    should_paginate_collection :users
+  #    should_display_pagination
+  #  end
+  def self.should_paginate_collection(collection_name)
+    should "paginate #{collection_name}" do
+      assert collection = assigns(collection_name), 
+        "Controller isn't assigning to @#{collection_name.to_s}."
+      assert_kind_of WillPaginate::Collection, collection, 
+        "@#{collection_name.to_s} isn't a WillPaginate collection."
+    end
+  end
+  
+  def self.should_display_pagination
+    should "display pagination" do
+      assert_select "div.pagination", { :minimum => 1 }, 
+        "View isn't displaying pagination. Add <%= will_paginate @collection %>."
+    end
+  end
+  
+  # Example:
+  #  context "a GET to index not logged in as admin" do
+  #    setup { get :index }
+  #    should_not_paginate_collection :users
+  #    should_not_display_pagination
+  #  end
+  def self.should_not_paginate_collection(collection_name)
+    should "not paginate #{collection_name}" do
+      assert collection = assigns(collection_name), 
+        "Controller isn't assigning to @#{collection_name.to_s}."
+      assert_not_equal WillPaginate::Collection, collection.class, 
+        "@#{collection_name.to_s} is a WillPaginate collection."
+    end
+  end
+  
+  def self.should_not_display_pagination
+    should "not display pagination" do
+      assert_select "div.pagination", { :count => 0 }, 
+        "View is displaying pagination. Check your logic."
+    end
+  end
+end

data/test/shoulda_macros/plugins.rb

@@ -0,0 +1,30 @@
+class ActiveSupport::TestCase
+
+  def self.should_act_as_taggable_on_steroids
+    klass = self.name.gsub(/Test$/, '').constantize
+
+    should "include ActsAsTaggableOnSteroids methods" do
+      assert klass.extended_by.include?(ActiveRecord::Acts::Taggable::ClassMethods)
+      assert klass.extended_by.include?(ActiveRecord::Acts::Taggable::SingletonMethods)
+      assert klass.include?(ActiveRecord::Acts::Taggable::InstanceMethods)
+    end
+
+    should_have_many :taggings, :tags
+  end
+
+
+  def self.should_act_as_list
+    klass = self.name.gsub(/Test$/, '').constantize
+
+    context "To support acts_as_list" do
+      should_have_db_column('position', :type => :integer)
+    end
+
+    should "include ActsAsList methods" do
+      assert klass.include?(ActiveRecord::Acts::List::InstanceMethods)
+    end
+
+    should_have_instance_methods :acts_as_list_class, :position_column, :scope_condition
+  end
+
+end

data/test/test_helper.rb

@@ -0,0 +1,36 @@
+$:.reject! { |e| e.include? 'TextMate' }
+ENV["RAILS_ENV"] = "test"
+#require File.expand_path(File.dirname(__FILE__) + "/../../../../config/environment")
+require 'test_help'
+require 'factory_girl'
+require 'ruby-debug'
+require 'mocha'
+require 'authlogic/test_case'
+require 'redgreen' rescue LoadError
+require File.expand_path(File.dirname(__FILE__) + '/factories')
+require File.join(File.dirname(__FILE__), 'shoulda_macros', 'controller')
+class ActiveSupport::TestCase 
+  self.use_transactional_fixtures = true
+  self.use_instantiated_fixtures  = false
+  
+  include Authlogic::TestCase
+  
+  def login_as(user)
+    success = UserSession.create(user)
+    if !success
+      errors = user.errors.full_messages.to_sentence
+      message = 'User has not been activated' if !user.active?
+      raise "could not login as #{user.to_param}.  Please make sure the user is valid. #{message} #{errors}"
+    end
+    UserSession.find
+  end
+  
+  def assure_logout
+    user_session = UserSession.find
+    user_session.destroy if user_session
+  end
+  
+  def ensure_flash(val)
+    assert_contains flash.values, val, ", Flash: #{flash.inspect}"
+  end
+end

data/test/unit/muck_user_mailer_test.rb

@@ -0,0 +1,64 @@
+require File.dirname(__FILE__) + '/../test_helper'
+require 'muck_user_mailer'
+
+class MuckUserMailerTest < ActiveSupport::TestCase
+
+  context "deliver emails" do
+
+    def setup
+      ActionMailer::Base.delivery_method = :test
+      ActionMailer::Base.perform_deliveries = true
+      ActionMailer::Base.deliveries = []
+      @expected = TMail::Mail.new
+      @expected.set_content_type "text", "plain", { "charset" => 'utf-8' }
+    end
+
+    should "send activation confirmation email" do
+      user = Factory(:user)
+      response = MuckUserMailer.deliver_activation_confirmation(user)
+      assert !ActionMailer::Base.deliveries.empty?, "No email was sent"
+      assert_match "#{user.login}", response.body, "User login was not found in the email"
+      email = ActionMailer::Base.deliveries.last
+      assert_equal email.to, [user.email]
+      assert_equal email.from, [GlobalConfig.from_email]
+    end
+
+    should "send activation instructions email" do
+      user = Factory(:user)
+      response = MuckUserMailer.deliver_activation_instructions(user)
+      assert !ActionMailer::Base.deliveries.empty?, "No email was sent"
+      assert_match "#{user.login}", response.body, "User login was not found in the email"
+      email = ActionMailer::Base.deliveries.last
+      assert_equal email.to, [user.email]
+      assert_equal email.from, [GlobalConfig.from_email]
+    end
+
+    should "send password reset account not active instructions email" do
+      user = Factory(:user)
+      response = MuckUserMailer.deliver_password_not_active_instructions(user)
+      assert !ActionMailer::Base.deliveries.empty?, "No email was sent"
+      email = ActionMailer::Base.deliveries.last
+      assert_equal email.to, [user.email]
+      assert_equal email.from, [GlobalConfig.from_email]
+    end
+    
+    should "send password reset instructions email" do
+      user = Factory(:user)
+      response = MuckUserMailer.deliver_password_reset_instructions(user)
+      assert !ActionMailer::Base.deliveries.empty?, "No email was sent"
+      email = ActionMailer::Base.deliveries.last
+      assert_equal email.to, [user.email]
+      assert_equal email.from, [GlobalConfig.from_email]
+    end
+    
+    should "send welcome email" do
+      user = Factory(:user)
+      response = MuckUserMailer.deliver_welcome_notification(user)
+      assert !ActionMailer::Base.deliveries.empty?, "No email was sent"
+      email = ActionMailer::Base.deliveries.last
+      assert_equal email.to, [user.email]
+      assert_equal email.from, [GlobalConfig.from_email]
+    end
+    
+  end  
+end

data/test/unit/permission_test.rb

@@ -0,0 +1,19 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class PermissionTest < ActiveSupport::TestCase
+
+  should_belong_to :user
+  should_belong_to :role
+  
+  context "Create new permission" do
+    should "should create a new permission" do
+      assert_difference 'Permission.count' do
+        user = Factory(:user)
+        role = Factory(:role)
+        permission = Permission.create(:user => user, :role => role)
+        permission.save
+      end
+    end
+  end
+  
+end