nagybence-clearance 0.4.1
Sign up to get free protection for your applications and to get access to all the features.
- data/LICENSE +21 -0
- data/README.textile +205 -0
- data/Rakefile +53 -0
- data/TODO.textile +8 -0
- data/generators/clearance/USAGE +1 -0
- data/generators/clearance/clearance_generator.rb +92 -0
- data/generators/clearance/lib/insert_commands.rb +103 -0
- data/generators/clearance/lib/rake_commands.rb +22 -0
- data/generators/clearance/templates/README +54 -0
- data/generators/clearance/templates/app/controllers/application.rb +5 -0
- data/generators/clearance/templates/app/controllers/confirmations_controller.rb +3 -0
- data/generators/clearance/templates/app/controllers/passwords_controller.rb +3 -0
- data/generators/clearance/templates/app/controllers/sessions_controller.rb +3 -0
- data/generators/clearance/templates/app/controllers/users_controller.rb +3 -0
- data/generators/clearance/templates/app/models/clearance_mailer.rb +5 -0
- data/generators/clearance/templates/app/models/user.rb +3 -0
- data/generators/clearance/templates/app/views/clearance_mailer/change_password.html.erb +10 -0
- data/generators/clearance/templates/app/views/clearance_mailer/confirmation.html.erb +1 -0
- data/generators/clearance/templates/app/views/passwords/edit.html.erb +25 -0
- data/generators/clearance/templates/app/views/passwords/new.html.erb +15 -0
- data/generators/clearance/templates/app/views/sessions/new.html.erb +28 -0
- data/generators/clearance/templates/app/views/users/_form.html.erb +13 -0
- data/generators/clearance/templates/app/views/users/edit.html.erb +6 -0
- data/generators/clearance/templates/app/views/users/new.html.erb +6 -0
- data/generators/clearance/templates/db/migrate/create_users_with_clearance_columns.rb +21 -0
- data/generators/clearance/templates/db/migrate/update_users_with_clearance_columns.rb +42 -0
- data/generators/clearance/templates/test/factories/clearance.rb +16 -0
- data/generators/clearance/templates/test/functional/confirmations_controller_test.rb +5 -0
- data/generators/clearance/templates/test/functional/passwords_controller_test.rb +5 -0
- data/generators/clearance/templates/test/functional/sessions_controller_test.rb +5 -0
- data/generators/clearance/templates/test/functional/users_controller_test.rb +5 -0
- data/generators/clearance/templates/test/unit/clearance_mailer_test.rb +6 -0
- data/generators/clearance/templates/test/unit/user_test.rb +5 -0
- data/lib/clearance/app/controllers/application_controller.rb +84 -0
- data/lib/clearance/app/controllers/confirmations_controller.rb +42 -0
- data/lib/clearance/app/controllers/passwords_controller.rb +67 -0
- data/lib/clearance/app/controllers/sessions_controller.rb +68 -0
- data/lib/clearance/app/controllers/users_controller.rb +40 -0
- data/lib/clearance/app/models/clearance_mailer.rb +29 -0
- data/lib/clearance/app/models/user.rb +89 -0
- data/lib/clearance/test/functional/confirmations_controller_test.rb +44 -0
- data/lib/clearance/test/functional/passwords_controller_test.rb +175 -0
- data/lib/clearance/test/functional/sessions_controller_test.rb +194 -0
- data/lib/clearance/test/functional/users_controller_test.rb +72 -0
- data/lib/clearance/test/test_helper.rb +28 -0
- data/lib/clearance/test/unit/clearance_mailer_test.rb +65 -0
- data/lib/clearance/test/unit/user_test.rb +167 -0
- data/lib/clearance.rb +14 -0
- data/rails/init.rb +1 -0
- data/shoulda_macros/clearance.rb +173 -0
- metadata +132 -0
@@ -0,0 +1,175 @@
|
|
1
|
+
module Clearance
|
2
|
+
module Test
|
3
|
+
module Functional
|
4
|
+
module PasswordsControllerTest
|
5
|
+
|
6
|
+
def self.included(controller_test)
|
7
|
+
controller_test.class_eval do
|
8
|
+
|
9
|
+
should_route :get, '/users/1/password/edit',
|
10
|
+
:action => 'edit', :user_id => '1'
|
11
|
+
|
12
|
+
context "with a user" do
|
13
|
+
setup { @user = Factory(:registered_user) }
|
14
|
+
|
15
|
+
context 'A GET to #new' do
|
16
|
+
setup { get :new, :user_id => @user.to_param }
|
17
|
+
|
18
|
+
should_respond_with :success
|
19
|
+
should_render_template "new"
|
20
|
+
end
|
21
|
+
|
22
|
+
context "A POST to #create" do
|
23
|
+
context "with an existing user's email address" do
|
24
|
+
setup do
|
25
|
+
ActionMailer::Base.deliveries.clear
|
26
|
+
|
27
|
+
post :create, :password => { :email => @user.email }
|
28
|
+
end
|
29
|
+
|
30
|
+
should "send the change your password email" do
|
31
|
+
assert_sent_email do |email|
|
32
|
+
email.subject =~ /change your password/i
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
should "set a :notice flash" do
|
37
|
+
assert_match /details/i, flash[:notice]
|
38
|
+
end
|
39
|
+
|
40
|
+
should_redirect_to_url_after_create
|
41
|
+
end
|
42
|
+
|
43
|
+
context "with a non-existent email address" do
|
44
|
+
setup do
|
45
|
+
email = "user1@example.com"
|
46
|
+
assert ! User.exists?(['email = ?', email])
|
47
|
+
ActionMailer::Base.deliveries.clear
|
48
|
+
|
49
|
+
post :create, :password => { :email => email }
|
50
|
+
end
|
51
|
+
|
52
|
+
should "not send a password reminder email" do
|
53
|
+
assert ActionMailer::Base.deliveries.empty?
|
54
|
+
end
|
55
|
+
|
56
|
+
should "set a :notice flash" do
|
57
|
+
assert_not_nil flash.now[:notice]
|
58
|
+
end
|
59
|
+
|
60
|
+
should_render_template "new"
|
61
|
+
end
|
62
|
+
end
|
63
|
+
|
64
|
+
context "A GET to #edit" do
|
65
|
+
context "with an existing user's id and password" do
|
66
|
+
setup do
|
67
|
+
get :edit,
|
68
|
+
:user_id => @user.to_param,
|
69
|
+
:password => @user.encrypted_password,
|
70
|
+
:email => @user.email
|
71
|
+
end
|
72
|
+
|
73
|
+
should "find the user with the given id and password" do
|
74
|
+
assert_equal @user, assigns(:user)
|
75
|
+
end
|
76
|
+
|
77
|
+
should_respond_with :success
|
78
|
+
should_render_template "edit"
|
79
|
+
|
80
|
+
should "have a form for the user's email, password, and password confirm" do
|
81
|
+
update_path = ERB::Util.h(user_password_path(@user,
|
82
|
+
:password => @user.encrypted_password,
|
83
|
+
:email => @user.email))
|
84
|
+
|
85
|
+
assert_select 'form[action=?]', update_path do
|
86
|
+
assert_select 'input[name=_method][value=?]', 'put'
|
87
|
+
assert_select 'input[name=?]', 'user[password]'
|
88
|
+
assert_select 'input[name=?]', 'user[password_confirmation]'
|
89
|
+
end
|
90
|
+
end
|
91
|
+
end
|
92
|
+
|
93
|
+
context "with an existing user's id but not password" do
|
94
|
+
setup do
|
95
|
+
get :edit, :user_id => @user.to_param, :password => ""
|
96
|
+
end
|
97
|
+
|
98
|
+
should_respond_with :not_found
|
99
|
+
should_render_nothing
|
100
|
+
end
|
101
|
+
end
|
102
|
+
|
103
|
+
context "A PUT to #update" do
|
104
|
+
context "with an existing user's id but not password" do
|
105
|
+
setup do
|
106
|
+
put :update, :user_id => @user.to_param, :password => ""
|
107
|
+
end
|
108
|
+
|
109
|
+
should "not update the user's password" do
|
110
|
+
assert_not_equal @encrypted_new_password, @user.encrypted_password
|
111
|
+
end
|
112
|
+
|
113
|
+
should_not_be_signed_in
|
114
|
+
should_respond_with :not_found
|
115
|
+
should_render_nothing
|
116
|
+
end
|
117
|
+
|
118
|
+
context "with a matching password and password confirmation" do
|
119
|
+
setup do
|
120
|
+
new_password = "new_password"
|
121
|
+
@encrypted_new_password = @user.encrypt(new_password)
|
122
|
+
assert_not_equal @encrypted_new_password, @user.encrypted_password
|
123
|
+
|
124
|
+
put(:update,
|
125
|
+
:user_id => @user,
|
126
|
+
:email => @user.email,
|
127
|
+
:password => @user.encrypted_password,
|
128
|
+
:user => {
|
129
|
+
:password => new_password,
|
130
|
+
:password_confirmation => new_password
|
131
|
+
})
|
132
|
+
@user.reload
|
133
|
+
end
|
134
|
+
|
135
|
+
should "update the user's password" do
|
136
|
+
assert_equal @encrypted_new_password, @user.encrypted_password
|
137
|
+
end
|
138
|
+
|
139
|
+
should_be_signed_in_as { @user }
|
140
|
+
should_redirect_to_url_after_update
|
141
|
+
end
|
142
|
+
|
143
|
+
context "with password but blank password confirmation" do
|
144
|
+
setup do
|
145
|
+
new_password = "new_password"
|
146
|
+
@encrypted_new_password = @user.encrypt(new_password)
|
147
|
+
|
148
|
+
put(:update,
|
149
|
+
:user_id => @user.to_param,
|
150
|
+
:password => @user.encrypted_password,
|
151
|
+
:user => {
|
152
|
+
:password => new_password,
|
153
|
+
:password_confirmation => ''
|
154
|
+
})
|
155
|
+
@user.reload
|
156
|
+
end
|
157
|
+
|
158
|
+
should "not update the user's password" do
|
159
|
+
assert_not_equal @encrypted_new_password, @user.encrypted_password
|
160
|
+
end
|
161
|
+
|
162
|
+
should_not_be_signed_in
|
163
|
+
should_respond_with :not_found
|
164
|
+
should_render_nothing
|
165
|
+
end
|
166
|
+
end
|
167
|
+
end
|
168
|
+
|
169
|
+
end
|
170
|
+
end
|
171
|
+
|
172
|
+
end
|
173
|
+
end
|
174
|
+
end
|
175
|
+
end
|
@@ -0,0 +1,194 @@
|
|
1
|
+
module Clearance
|
2
|
+
module Test
|
3
|
+
module Functional
|
4
|
+
module SessionsControllerTest
|
5
|
+
|
6
|
+
def self.included(controller_test)
|
7
|
+
controller_test.class_eval do
|
8
|
+
|
9
|
+
should_filter_params :password
|
10
|
+
|
11
|
+
context "on GET to /sessions/new" do
|
12
|
+
setup { get :new }
|
13
|
+
|
14
|
+
should_respond_with :success
|
15
|
+
should_render_template :new
|
16
|
+
should_not_set_the_flash
|
17
|
+
|
18
|
+
should 'display a "sign in" form' do
|
19
|
+
assert_select "form[action=#{session_path}][method=post]",
|
20
|
+
true, "There must be a form to sign in" do
|
21
|
+
assert_select "input[type=text][name=?]",
|
22
|
+
"session[email]", true, "There must be an email field"
|
23
|
+
assert_select "input[type=password][name=?]",
|
24
|
+
"session[password]", true, "There must be a password field"
|
25
|
+
assert_select "input[type=checkbox][name=?]",
|
26
|
+
"session[remember_me]", true, "There must be a 'remember me' check box"
|
27
|
+
assert_select "input[type=submit]", true,
|
28
|
+
"There must be a submit button"
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
context "Given a registered user" do
|
34
|
+
setup { @user = Factory(:registered_user) }
|
35
|
+
|
36
|
+
context "a POST to #create with good credentials" do
|
37
|
+
setup do
|
38
|
+
ActionMailer::Base.deliveries.clear
|
39
|
+
post :create, :session => {
|
40
|
+
:email => @user.email,
|
41
|
+
:password => @user.password }
|
42
|
+
end
|
43
|
+
|
44
|
+
should_deny_access(:flash => /confirm/i)
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
context "Given an email confirmed user" do
|
49
|
+
setup { @user = Factory(:email_confirmed_user) }
|
50
|
+
|
51
|
+
context "a POST to #create with good credentials" do
|
52
|
+
setup do
|
53
|
+
post :create, :session => {
|
54
|
+
:email => @user.email,
|
55
|
+
:password => @user.password }
|
56
|
+
end
|
57
|
+
|
58
|
+
should_set_the_flash_to /success/i
|
59
|
+
should_redirect_to_url_after_create
|
60
|
+
should_be_signed_in_as { @user }
|
61
|
+
end
|
62
|
+
|
63
|
+
context "a POST to #create with bad credentials" do
|
64
|
+
setup do
|
65
|
+
post :create, :session => {
|
66
|
+
:email => @user.email,
|
67
|
+
:password => "bad value" }
|
68
|
+
end
|
69
|
+
|
70
|
+
should_set_the_flash_to /bad/i
|
71
|
+
should_render_template :new
|
72
|
+
should_not_be_signed_in
|
73
|
+
end
|
74
|
+
|
75
|
+
context "a POST to #create with good credentials and remember me" do
|
76
|
+
setup do
|
77
|
+
post :create, :session => {
|
78
|
+
:email => @user.email,
|
79
|
+
:password => @user.password,
|
80
|
+
:remember_me => '1' }
|
81
|
+
end
|
82
|
+
|
83
|
+
should_set_the_flash_to /success/i
|
84
|
+
should_redirect_to_url_after_create
|
85
|
+
should_be_signed_in_as { @user }
|
86
|
+
|
87
|
+
should 'set the cookie' do
|
88
|
+
assert ! cookies['remember_token'].empty?
|
89
|
+
end
|
90
|
+
|
91
|
+
should 'set the remember me token in users table' do
|
92
|
+
assert_not_nil @user.reload.remember_token
|
93
|
+
assert_not_nil @user.reload.remember_token_expires_at
|
94
|
+
end
|
95
|
+
end
|
96
|
+
|
97
|
+
context "a POST to #create with bad credentials and remember me" do
|
98
|
+
setup do
|
99
|
+
post :create, :session => {
|
100
|
+
:email => @user.email,
|
101
|
+
:password => "bad value",
|
102
|
+
:remember_me => '1' }
|
103
|
+
end
|
104
|
+
|
105
|
+
should_set_the_flash_to /bad/i
|
106
|
+
should_render_template :new
|
107
|
+
should_return_from_session :user_id, "nil"
|
108
|
+
|
109
|
+
should 'not create the cookie' do
|
110
|
+
assert_nil cookies['remember_token']
|
111
|
+
end
|
112
|
+
|
113
|
+
should 'not set the remember me token in users table' do
|
114
|
+
assert_nil @user.reload.remember_token
|
115
|
+
assert_nil @user.reload.remember_token_expires_at
|
116
|
+
end
|
117
|
+
end
|
118
|
+
|
119
|
+
context "a POST to #create with good credentials and A URL to return back" do
|
120
|
+
context "in the session" do
|
121
|
+
setup do
|
122
|
+
@request.session[:return_to] = '/url_in_the_session'
|
123
|
+
post :create, :session => {
|
124
|
+
:email => @user.email,
|
125
|
+
:password => @user.password }
|
126
|
+
end
|
127
|
+
|
128
|
+
should_redirect_to "'/url_in_the_session'"
|
129
|
+
end
|
130
|
+
|
131
|
+
context "in the request" do
|
132
|
+
setup do
|
133
|
+
post :create, :session => {
|
134
|
+
:email => @user.email,
|
135
|
+
:password => @user.password },
|
136
|
+
:return_to => '/url_in_the_request'
|
137
|
+
end
|
138
|
+
|
139
|
+
should_redirect_to "'/url_in_the_request'"
|
140
|
+
end
|
141
|
+
|
142
|
+
context "in the request and in the session" do
|
143
|
+
setup do
|
144
|
+
@request.session[:return_to] = '/url_in_the_session'
|
145
|
+
post :create, :session => {
|
146
|
+
:email => @user.email,
|
147
|
+
:password => @user.password },
|
148
|
+
:return_to => '/url_in_the_request'
|
149
|
+
end
|
150
|
+
|
151
|
+
should_redirect_to "'/url_in_the_session'"
|
152
|
+
end
|
153
|
+
end
|
154
|
+
end
|
155
|
+
|
156
|
+
public_context do
|
157
|
+
context "logging out again" do
|
158
|
+
setup { delete :destroy }
|
159
|
+
should_redirect_to_url_after_destroy
|
160
|
+
end
|
161
|
+
end
|
162
|
+
|
163
|
+
signed_in_user_context do
|
164
|
+
context "a DELETE to #destroy without a cookie" do
|
165
|
+
setup { delete :destroy }
|
166
|
+
|
167
|
+
should_set_the_flash_to(/signed out/i)
|
168
|
+
should_redirect_to_url_after_destroy
|
169
|
+
end
|
170
|
+
|
171
|
+
context 'a DELETE to #destroy with a cookie' do
|
172
|
+
setup do
|
173
|
+
cookies['remember_token'] = CGI::Cookie.new 'token', 'value'
|
174
|
+
delete :destroy
|
175
|
+
end
|
176
|
+
|
177
|
+
should 'delete the cookie' do
|
178
|
+
assert cookies['remember_token'].empty?
|
179
|
+
end
|
180
|
+
|
181
|
+
should 'delete the remember me token in users table' do
|
182
|
+
assert_nil @user.reload.remember_token
|
183
|
+
assert_nil @user.reload.remember_token_expires_at
|
184
|
+
end
|
185
|
+
end
|
186
|
+
end
|
187
|
+
|
188
|
+
end
|
189
|
+
end
|
190
|
+
|
191
|
+
end
|
192
|
+
end
|
193
|
+
end
|
194
|
+
end
|
@@ -0,0 +1,72 @@
|
|
1
|
+
module Clearance
|
2
|
+
module Test
|
3
|
+
module Functional
|
4
|
+
module UsersControllerTest
|
5
|
+
|
6
|
+
def self.included(controller_test)
|
7
|
+
controller_test.class_eval do
|
8
|
+
|
9
|
+
should_filter_params :password
|
10
|
+
|
11
|
+
public_context do
|
12
|
+
context "When getting new User view" do
|
13
|
+
setup { get :new }
|
14
|
+
|
15
|
+
should_respond_with :success
|
16
|
+
should_render_template :new
|
17
|
+
should_not_set_the_flash
|
18
|
+
|
19
|
+
should "display a form to register" do
|
20
|
+
assert_select "form[action=#{users_path}][method=post]",
|
21
|
+
true, "There must be a form to register" do
|
22
|
+
assert_select "input[type=text][name=?]",
|
23
|
+
"user[email]", true, "There must be an email field"
|
24
|
+
assert_select "input[type=password][name=?]",
|
25
|
+
"user[password]", true, "There must be a password field"
|
26
|
+
assert_select "input[type=password][name=?]",
|
27
|
+
"user[password_confirmation]", true, "There must be a password confirmation field"
|
28
|
+
assert_select "input[type=submit]", true,
|
29
|
+
"There must be a submit button"
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
context "Given email parameter when getting new User view" do
|
35
|
+
setup do
|
36
|
+
@email = "a@example.com"
|
37
|
+
get :new, :user => { :email => @email }
|
38
|
+
end
|
39
|
+
|
40
|
+
should "set assigned user's email" do
|
41
|
+
assert_equal @email, assigns(:user).email
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
context "Given valid attributes when creating a new user" do
|
46
|
+
setup do
|
47
|
+
user_attributes = Factory.attributes_for(:registered_user)
|
48
|
+
post :create, :user => user_attributes
|
49
|
+
end
|
50
|
+
|
51
|
+
should_create_user_successfully
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
signed_in_user_context do
|
56
|
+
context "GET to new" do
|
57
|
+
setup { get :new }
|
58
|
+
should_redirect_to "root_url"
|
59
|
+
end
|
60
|
+
|
61
|
+
context "POST to create" do
|
62
|
+
setup { post :create, :user => {} }
|
63
|
+
should_redirect_to "root_url"
|
64
|
+
end
|
65
|
+
end
|
66
|
+
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
72
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
module Clearance
|
2
|
+
module Test
|
3
|
+
module TestHelper
|
4
|
+
|
5
|
+
def self.included(test_helper)
|
6
|
+
test_helper.class_eval do
|
7
|
+
|
8
|
+
def sign_in_as(user = nil)
|
9
|
+
unless user
|
10
|
+
user = Factory(:registered_user)
|
11
|
+
user.confirm_email!
|
12
|
+
end
|
13
|
+
@request.session[:user_id] = user.id
|
14
|
+
@request.session[:salt] = user.salt
|
15
|
+
return user
|
16
|
+
end
|
17
|
+
|
18
|
+
def sign_out
|
19
|
+
@request.session[:user_id] = nil
|
20
|
+
@request.session[:salt] = nil
|
21
|
+
end
|
22
|
+
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,65 @@
|
|
1
|
+
module Clearance
|
2
|
+
module Test
|
3
|
+
module Unit
|
4
|
+
module ClearanceMailerTest
|
5
|
+
|
6
|
+
def self.included(mailer_test)
|
7
|
+
mailer_test.class_eval do
|
8
|
+
|
9
|
+
context "A change password email" do
|
10
|
+
setup do
|
11
|
+
@user = Factory(:registered_user)
|
12
|
+
@email = ClearanceMailer.create_change_password @user
|
13
|
+
end
|
14
|
+
|
15
|
+
should "set its from address to DO_NOT_REPLY" do
|
16
|
+
assert_equal DO_NOT_REPLY, @email.from[0]
|
17
|
+
end
|
18
|
+
|
19
|
+
should "contain a link to edit the user's password" do
|
20
|
+
host = ActionMailer::Base.default_url_options[:host]
|
21
|
+
regexp = %r{http://#{host}/users/#{@user.id}/password/edit\?email=#{@user.email.gsub("@", "%40")}&password=#{@user.encrypted_password}}
|
22
|
+
assert_match regexp, @email.body
|
23
|
+
end
|
24
|
+
|
25
|
+
should "be sent to the user" do
|
26
|
+
assert_equal [@user.email], @email.to
|
27
|
+
end
|
28
|
+
|
29
|
+
should "set its subject" do
|
30
|
+
assert_match /Change your password/, @email.subject
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
context "A confirmation email" do
|
35
|
+
setup do
|
36
|
+
@user = Factory(:registered_user)
|
37
|
+
@email = ClearanceMailer.create_confirmation @user
|
38
|
+
end
|
39
|
+
|
40
|
+
should "set its recipient to the given user" do
|
41
|
+
assert_equal @user.email, @email.to[0]
|
42
|
+
end
|
43
|
+
|
44
|
+
should "set its subject" do
|
45
|
+
assert_match /Account confirmation/, @email.subject
|
46
|
+
end
|
47
|
+
|
48
|
+
should "set its from address to DO_NOT_REPLY" do
|
49
|
+
assert_equal DO_NOT_REPLY, @email.from[0]
|
50
|
+
end
|
51
|
+
|
52
|
+
should "contain a link to confirm the user's account" do
|
53
|
+
host = ActionMailer::Base.default_url_options[:host]
|
54
|
+
regexp = %r{http://#{host}/users/#{@user.id}/confirmation/new\?salt=#{@user.salt}}
|
55
|
+
assert_match regexp, @email.body
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
59
|
+
end
|
60
|
+
end
|
61
|
+
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
end
|