RubyGems - nagybence-clearance - Versions diffs - 0.4.1 → 0.4.2 - Mend

nagybence-clearance 0.4.1 → 0.4.2

Files changed (19) hide show

data/Rakefile CHANGED

@@ -35,7 +35,7 @@ task :default => 'test:all'
 gem_spec = Gem::Specification.new do |gem_spec|
   gem_spec.name        = "clearance"
-  gem_spec.version     = "0.4.1"
+  gem_spec.version     = "0.4.2"
   gem_spec.summary     = "Rails authentication for developers who write tests."
   gem_spec.email       = "support@thoughtbot.com"
   gem_spec.homepage    = "http://github.com/thoughtbot/clearance"

data/generators/clearance/templates/app/views/clearance_mailer/change_password.html.erb CHANGED

@@ -2,9 +2,6 @@ Someone, hopefully you, has requested that we send you a link to change your pas
 Here's the link:
-<%= edit_user_password_url(@user,
-      :email    => @user.email,
-      :password => @user.encrypted_password,
-      :escape   => false) %>
+<%= edit_user_password_url(@user, :token => @user.token, :escape => false) %>
-If you didn't request this, don't worry: your password hasn't been changed. You can just ignore this email.
+If you didn't request this, ignore this email. Don't worry. Your password hasn't been changed.

data/generators/clearance/templates/app/views/clearance_mailer/confirmation.html.erb CHANGED

@@ -1 +1,2 @@
-<%= new_user_confirmation_url :user_id => @user, :salt => @user.salt %>
+<%= new_user_confirmation_url :user_id => @user, :token => @user.token, :encode => false %>

data/generators/clearance/templates/app/views/passwords/edit.html.erb CHANGED

@@ -7,9 +7,7 @@
 <%= error_messages_for :user %>
 <% form_for(:user,
-            :url => user_password_path(@user,
-                      :email    => @user.email,
-                      :password => @user.encrypted_password),
+            :url => user_password_path(@user, :token    => @user.token),
             :html => { :method => :put }) do |form| %>
   <div class="password_field">
     <%= form.label :password, "Choose password" %>
@@ -22,4 +20,4 @@
   <div class="submit_field">
     <%= form.submit "Save this password", :disable_with => "Please wait..." %>
   </div>
-<% end %>
+<% end %>

data/generators/clearance/templates/db/migrate/create_users_with_clearance_columns.rb CHANGED

@@ -1,18 +1,17 @@
 class CreateOrUpdateUsersWithClearanceColumns < ActiveRecord::Migration
   def self.up
     create_table(:users) do |t|
-      t.string :email
-      t.string :encrypted_password, :limit => 128
-      t.string :salt, :limit => 128
-      t.string :remember_token
-      t.datetime :remember_token_expires_at
-      t.boolean :email_confirmed, :default => false, :null => false
+      t.string   :email
+      t.string   :encrypted_password, :limit => 128
+      t.string   :salt,               :limit => 128
+      t.string   :token,              :limit => 128
+      t.datetime :token_expires_at
+      t.boolean  :email_confirmed, :default => false, :null => false
     end
-    add_index :users, [:email, :encrypted_password]
-    add_index :users, [:id, :salt]
+    add_index :users, [:id, :token]
     add_index :users, :email
-    add_index :users, :remember_token
+    add_index :users, :token
   end
   def self.down

data/generators/clearance/templates/db/migrate/update_users_with_clearance_columns.rb CHANGED

@@ -4,10 +4,10 @@ class CreateOrUpdateUsersWithClearanceColumns < ActiveRecord::Migration
       existing_columns = ActiveRecord::Base.connection.columns(:users).collect { |each| each.name }
       columns = [
         [:email,                     't.string :email'],
-        [:encrypted_password,        't.string :encrypted_password, :limit => 180'],
-        [:salt,                      't.string :salt, :limit => 180'],
-        [:remember_token,            't.string :remember_token'],
-        [:remember_token_expires_at, 't.datetime :remember_token_expires_at'],
+        [:encrypted_password,        't.string :encrypted_password, :limit => 128'],
+        [:salt,                      't.string :salt, :limit => 128'],
+        [:token,                     't.string :token, :limit => 128'],
+        [:token_expires_at,          't.datetime :token_expires_at'],
         [:email_confirmed,           't.boolean :email_confirmed, :default => false, :null => false']
       ].delete_if {|c| existing_columns.include?(c.first.to_s)}
 -%>
@@ -21,10 +21,9 @@ class CreateOrUpdateUsersWithClearanceColumns < ActiveRecord::Migration
     existing_indexes = ActiveRecord::Base.connection.indexes(:users)
     index_names = existing_indexes.collect { |each| each.name }
     new_indexes = [
-      [:index_users_on_email_and_encrypted_password, 'add_index :users, [:email, :encrypted_password]'],
-      [:index_users_on_id_and_salt,                  'add_index :users, [:id, :salt]'],
-      [:index_users_on_email,                        'add_index :users, :email'],
-      [:index_users_on_remember_token,               'add_index :users, :remember_token']
+      [:index_users_on_id_and_token, 'add_index :users, [:id, :token]'],
+      [:index_users_on_email,        'add_index :users, :email'],
+      [:index_users_on_token,        'add_index :users, :token']
     ].delete_if { |each| index_names.include?(each.first.to_s) }
 -%>
 <% new_indexes.each do |each| -%>

data/lib/clearance/app/controllers/application_controller.rb CHANGED

@@ -28,15 +28,15 @@ module Clearance
             def user_from_session
               if session[:user_id] && session[:salt]
                 user = User.find_by_id_and_salt(session[:user_id], session[:salt])
+                user && user.email_confirmed? ? user : nil
               end
-              user && user.email_confirmed? ? user : nil
             end
             def user_from_cookie
               if cookies[:remember_token]
                 user = User.find_by_remember_token(cookies[:remember_token])
+                user && user.remember? ? user : nil
               end
-              user && user.remember? ? user : nil
             end
             # Hook
@@ -72,7 +72,7 @@ module Clearance
             def deny_access(flash_message = nil, opts = {})
               store_location
               flash[:failure] = flash_message if flash_message
-              render :template => "/sessions/new", :status => :unauthorized
+              redirect_to new_session_url
             end
           end

data/lib/clearance/app/controllers/confirmations_controller.rb CHANGED

@@ -7,7 +7,7 @@ module Clearance
           controller.class_eval do
             before_filter :existing_user?, :only => :new
-            filter_parameter_logging :salt
+            filter_parameter_logging :token
             def new
               create
@@ -16,14 +16,14 @@ module Clearance
             def create
               @user.confirm_email!
               sign_user_in(@user)
-              flash[:success] = "Confirmed email and signed in."
+              flash[:notice] = "Confirmed email and signed in."
               redirect_to url_after_create
             end
             private
             def existing_user?
-              @user = User.find_by_id_and_salt(params[:user_id], params[:salt])
+              @user = User.find_by_id_and_token(params[:user_id], params[:token])
               if @user.nil?
                 render :nothing => true, :status => :not_found
               end

data/lib/clearance/app/controllers/passwords_controller.rb CHANGED

@@ -18,6 +18,7 @@ module Clearance
                 flash.now[:notice] = "Unknown email"
                 render :action => :new
               else
+                user.forgot_password!
                 ClearanceMailer.deliver_change_password user
                 flash[:notice] = "Details for changing your password have been sent"
                 redirect_to url_after_create
@@ -25,14 +26,10 @@ module Clearance
             end
             def edit
-              @user = User.find_by_email_and_encrypted_password(params[:email],
-                                                                params[:password])
             end
             def update
-              @user = User.find_by_email_and_encrypted_password(params[:email],
-                                                                params[:password])
-              if @user.update_attributes params[:user]
+              if @user.update_password(params[:user])
                 sign_user_in(@user)
                 redirect_to url_after_update
               else
@@ -43,9 +40,8 @@ module Clearance
             private
             def existing_user?
-              user = User.find_by_email_and_encrypted_password(params[:email],
-                                                               params[:password])
-              if user.nil?
+              @user = User.find_by_id_and_token(params[:user_id], params[:token])
+              if @user.nil?
                 render :nothing => true, :status => :not_found
               end
             end

data/lib/clearance/app/controllers/sessions_controller.rb CHANGED

@@ -42,8 +42,8 @@ module Clearance
             def remember(user)
               user.remember_me!
-              cookies[:remember_token] = { :value   => user.remember_token,
-                                           :expires => user.remember_token_expires_at }
+              cookies[:remember_token] = { :value   => user.token,
+                                           :expires => user.token_expires_at }
             end
             def forget(user)

data/lib/clearance/app/models/user.rb CHANGED

@@ -17,7 +17,7 @@ module Clearance
             validates_uniqueness_of   :email, :case_sensitive => false
             validates_format_of       :email, :with => %r{.+@.+\..+}
-            before_save :initialize_salt, :encrypt_password, :downcase_email
+            before_save :initialize_salt, :encrypt_password, :initialize_token, :downcase_email
             def self.authenticate(email, password)
               user = find(:first, :conditions => ['LOWER(email) = ?', email.to_s.downcase])
@@ -29,11 +29,11 @@ module Clearance
             end
             def encrypt(string)
-              hash("--#{salt}--#{string}--")
+              generate_hash("--#{salt}--#{string}--")
             end
             def remember?
-              remember_token_expires_at && Time.now.utc < remember_token_expires_at
+              token_expires_at && Time.now.utc < token_expires_at
             end
             def remember_me!
@@ -41,29 +41,43 @@ module Clearance
             end
             def remember_me_until(time)
-              self.update_attribute :remember_token_expires_at, time
-              self.update_attribute :remember_token,
-                encrypt("--#{remember_token_expires_at}--#{password}--")
+              self.token_expires_at = time
+              self.token            = encrypt("--#{token_expires_at}--#{password}--")
+              save(false)
             end
             def forget_me!
-              self.update_attribute :remember_token_expires_at, nil
-              self.update_attribute :remember_token, nil
+              clear_token
+              save(false)
             end
             def confirm_email!
-              self.update_attribute :email_confirmed, true
+              self.email_confirmed  = true
+              self.token            = nil
+              save(false)
+            end
+            def forgot_password!
+              generate_token
+              save(false)
+            end
+            def update_password(attrs)
+              clear_token
+              returning update_attributes(attrs) do |r|
+                reload unless r
+              end
             end
             protected
-            def hash(string)
+            def generate_hash(string)
               Digest::SHA512.hexdigest(string)
             end
             def initialize_salt
               if new_record?
-                self.salt = hash("--#{Time.now.utc.to_s}--#{password}--")
+                self.salt = generate_hash("--#{Time.now.utc.to_s}--#{password}--")
               end
             end
@@ -71,6 +85,20 @@ module Clearance
               return if password.blank?
               self.encrypted_password = encrypt(password)
             end
+            def generate_token
+              self.token = encrypt("--#{Time.now.utc.to_s}--#{password}--")
+              self.token_expires_at = nil
+            end
+            def clear_token
+              self.token            = nil
+              self.token_expires_at = nil
+            end
+            def initialize_token
+              generate_token if new_record?
+            end
             def password_required?
               encrypted_password.blank? || !password.blank?

data/lib/clearance/test/functional/confirmations_controller_test.rb CHANGED

@@ -6,14 +6,14 @@ module Clearance
         def self.included(controller_test)
           controller_test.class_eval do
-            should_filter_params :salt
+            should_filter_params :token
             context "Given a user whose email has not been confirmed" do
               setup { @user = Factory(:registered_user) }
-              context "on GET to #new with correct id and salt" do
+              context "on GET to #new with correct id and token" do
                 setup do
-                  get :new, :user_id => @user.to_param, :salt => @user.salt
+                  get :new, :user_id => @user.to_param, :token => @user.token
                 end
                 should_set_the_flash_to /confirmed email/i
@@ -22,12 +22,12 @@ module Clearance
                 should_redirect_to_url_after_create
               end
-              context "on GET to #new with incorrect salt" do
+              context "on GET to #new with incorrect token" do
                 setup do
-                  salt = ""
-                  assert_not_equal salt, @user.salt
+                  token = ""
+                  assert_not_equal token, @user.token
-                  get :new, :user_id => @user.to_param, :salt => salt
+                  get :new, :user_id => @user.to_param, :token => token
                 end
                 should_respond_with :not_found

data/lib/clearance/test/functional/passwords_controller_test.rb CHANGED

@@ -9,8 +9,11 @@ module Clearance
             should_route :get, '/users/1/password/edit',
               :action  => 'edit', :user_id => '1'
-            context "with a user" do
-              setup { @user = Factory(:registered_user) }
+            context "with a confirmed user" do
+              setup do
+                @user = Factory(:registered_user)
+                @user.confirm_email!
+              end
               context 'A GET to #new' do
                 setup { get :new, :user_id => @user.to_param }
@@ -23,15 +26,10 @@ module Clearance
                 context "with an existing user's email address" do
                   setup do
                     ActionMailer::Base.deliveries.clear
                     post :create, :password => { :email => @user.email }
                   end
-                  should "send the change your password email" do
-                    assert_sent_email do |email|
-                      email.subject =~ /change your password/i
-                    end
-                  end
+                  should_send_the_change_your_password_email
                   should "set a :notice flash" do
                     assert_match /details/i, flash[:notice]
@@ -48,11 +46,9 @@ module Clearance
                     post :create, :password => { :email => email }
                   end
-                  should "not send a password reminder email" do
-                    assert ActionMailer::Base.deliveries.empty?
-                  end
+                  should_not_send_the_change_your_password_email
                   should "set a :notice flash" do
                     assert_not_nil flash.now[:notice]
                   end
@@ -60,112 +56,120 @@ module Clearance
                   should_render_template "new"
                 end
               end
+              context 'who requested password recovery' do
+                setup { @user.forgot_password! }
+                context "A GET to #edit" do
+                  context "with an existing user's id and token" do
+                    setup do
+                      get :edit, :user_id => @user.to_param, :token => @user.token
+                    end
-              context "A GET to #edit" do
-                context "with an existing user's id and password" do
-                  setup do
-                    get :edit,
-                      :user_id  => @user.to_param,
-                      :password => @user.encrypted_password,
-                      :email    => @user.email
-                  end
-                  should "find the user with the given id and password" do
-                    assert_equal @user, assigns(:user)
-                  end
-                  should_respond_with :success
-                  should_render_template "edit"
-                  should "have a form for the user's email, password, and password confirm" do
-                    update_path = ERB::Util.h(user_password_path(@user,
-                          :password => @user.encrypted_password,
-                          :email    => @user.email))
-                    assert_select 'form[action=?]', update_path do
-                      assert_select 'input[name=_method][value=?]', 'put'
-                      assert_select 'input[name=?]', 'user[password]'
-                      assert_select 'input[name=?]', 'user[password_confirmation]'
+                    should "find the user with the given id and token" do
+                      assert_equal @user, assigns(:user)
                     end
-                  end
-                end
-                context "with an existing user's id but not password" do
-                  setup do
-                    get :edit, :user_id => @user.to_param, :password => ""
+                    should_respond_with :success
+                    should_render_template "edit"
+                    should_display_a_password_update_form
                   end
-                  should_respond_with :not_found
-                  should_render_nothing
-                end
-              end
-              context "A PUT to #update" do
-                context "with an existing user's id but not password" do
-                  setup do
-                    put :update, :user_id => @user.to_param, :password => ""
-                  end
+                  context "with an existing user's id but not token" do
+                    setup do
+                      get :edit, :user_id => @user.to_param, :token => ""
+                    end
-                  should "not update the user's password" do
-                    assert_not_equal @encrypted_new_password, @user.encrypted_password
+                    should_respond_with :not_found
+                    should_render_nothing
                   end
-                  should_not_be_signed_in
-                  should_respond_with :not_found
-                  should_render_nothing
                 end
-                context "with a matching password and password confirmation" do
-                  setup do
-                    new_password = "new_password"
-                    @encrypted_new_password = @user.encrypt(new_password)
-                    assert_not_equal @encrypted_new_password, @user.encrypted_password
-                    put(:update,
-                        :user_id  => @user,
-                        :email    => @user.email,
-                        :password => @user.encrypted_password,
-                        :user => {
-                          :password              => new_password,
-                          :password_confirmation => new_password
-                        })
-                    @user.reload
-                  end
+                context "A PUT to #update" do
+                  context "with a matching password and password confirmation" do
+                    setup do
+                      new_password = "new_password"
+                      @encrypted_new_password = @user.encrypt(new_password)
+                      assert_not_equal @encrypted_new_password, @user.encrypted_password
+                      put(:update,
+                          :user_id  => @user,
+                          :token    => @user.token,
+                          :user     => {
+                            :password              => new_password,
+                            :password_confirmation => new_password
+                          })
+                      @user.reload
+                    end
-                  should "update the user's password" do
-                    assert_equal @encrypted_new_password, @user.encrypted_password
-                  end
+                    should "update the user's password" do
+                      assert_equal @encrypted_new_password, @user.encrypted_password
+                    end
+                    should "clear the token" do
+                      assert_nil @user.token
+                    end
+                    should_be_signed_in_as { @user }
+                    should_redirect_to_url_after_update
+                  end
+                  context "with password but blank password confirmation" do
+                    setup do
+                      new_password = "new_password"
+                      @encrypted_new_password = @user.encrypt(new_password)
+                      put(:update,
+                          :user_id => @user.to_param,
+                          :token   => @user.token,
+                          :user    => {
+                            :password => new_password,
+                            :password_confirmation => ''
+                          })
+                      @user.reload
+                    end
-                  should_be_signed_in_as { @user }
-                  should_redirect_to_url_after_update
-                end
+                    should "not update the user's password" do
+                      assert_not_equal @encrypted_new_password, @user.encrypted_password
+                    end
+                    should "not clear the token" do
+                      assert_not_nil @user.token
+                    end
-                context "with password but blank password confirmation" do
-                  setup do
-                    new_password = "new_password"
-                    @encrypted_new_password = @user.encrypt(new_password)
-                    put(:update,
-                        :user_id => @user.to_param,
-                        :password => @user.encrypted_password,
-                        :user => {
-                          :password => new_password,
-                          :password_confirmation => ''
-                        })
-                    @user.reload
+                    should_not_be_signed_in
+                    should_respond_with :success
+                    should_render_template :edit
+                    should_display_a_password_update_form
                   end
+                  context "with an existing user's id but not token" do
+                    setup do
+                      new_password = "new_password"
+                      @encrypted_new_password = @user.encrypt(new_password)
+                      put(:update,
+                          :user_id => @user.to_param,
+                          :token   => "",
+                          :user    => {
+                            :password => new_password,
+                            :password => new_password
+                          })
+                    end
-                  should "not update the user's password" do
-                    assert_not_equal @encrypted_new_password, @user.encrypted_password
-                  end
+                    should "not update the user's password" do
+                      assert_not_equal @encrypted_new_password, @user.encrypted_password
+                    end
-                  should_not_be_signed_in
-                  should_respond_with :not_found
-                  should_render_nothing
+                    should_not_be_signed_in
+                    should_respond_with :not_found
+                    should_render_nothing
+                  end
                 end
               end
-            end
+           end
           end
         end

data/lib/clearance/test/functional/sessions_controller_test.rb CHANGED

@@ -15,19 +15,7 @@ module Clearance
               should_render_template :new
               should_not_set_the_flash
-              should 'display a "sign in" form' do
-                assert_select "form[action=#{session_path}][method=post]",
-                  true, "There must be a form to sign in" do
-                    assert_select "input[type=text][name=?]",
-                      "session[email]", true, "There must be an email field"
-                    assert_select "input[type=password][name=?]",
-                      "session[password]", true, "There must be a password field"
-                    assert_select "input[type=checkbox][name=?]",
-                      "session[remember_me]", true, "There must be a 'remember me' check box"
-                    assert_select "input[type=submit]", true,
-                      "There must be a submit button"
-                end
-              end
+              should_display_a_sign_in_form
             end
             context "Given a registered user" do
@@ -46,7 +34,10 @@ module Clearance
             end
             context "Given an email confirmed user" do
-              setup { @user = Factory(:email_confirmed_user) }
+              setup do
+                @user = Factory(:registered_user)
+                @user.confirm_email!
+              end
               context "a POST to #create with good credentials" do
                 setup do
@@ -88,9 +79,9 @@ module Clearance
                   assert ! cookies['remember_token'].empty?
                 end
-                should 'set the remember me token in users table' do
-                  assert_not_nil @user.reload.remember_token
-                  assert_not_nil @user.reload.remember_token_expires_at
+                should 'set the token in users table' do
+                  assert_not_nil @user.reload.token
+                  assert_not_nil @user.reload.token_expires_at
                 end
               end
@@ -111,8 +102,8 @@ module Clearance
                 end
                 should 'not set the remember me token in users table' do
-                  assert_nil @user.reload.remember_token
-                  assert_nil @user.reload.remember_token_expires_at
+                  assert_nil @user.reload.token
+                  assert_nil @user.reload.token_expires_at
                 end
               end
@@ -133,7 +124,7 @@ module Clearance
                     post :create, :session => {
                                     :email => @user.email,
                                     :password => @user.password },
-                                   :return_to => '/url_in_the_request'
+                                    :return_to => '/url_in_the_request'
                   end
                   should_redirect_to "'/url_in_the_request'"
@@ -145,7 +136,7 @@ module Clearance
                     post :create, :session => {
                                     :email    => @user.email,
                                     :password => @user.password },
-                                  :return_to => '/url_in_the_request'
+                                    :return_to => '/url_in_the_request'
                   end
                   should_redirect_to "'/url_in_the_session'"
@@ -170,7 +161,7 @@ module Clearance
               context 'a DELETE to #destroy with a cookie' do
                 setup do
-                  cookies['remember_token'] = CGI::Cookie.new 'token', 'value'
+                  cookies['remember_token'] = CGI::Cookie.new('token', 'value')
                   delete :destroy
                 end
@@ -179,8 +170,8 @@ module Clearance
                 end
                 should 'delete the remember me token in users table' do
-                  assert_nil @user.reload.remember_token
-                  assert_nil @user.reload.remember_token_expires_at
+                  assert_nil @user.reload.token
+                  assert_nil @user.reload.token_expires_at
                 end
               end
             end

data/lib/clearance/test/functional/users_controller_test.rb CHANGED

@@ -16,19 +16,7 @@ module Clearance
                 should_render_template :new
                 should_not_set_the_flash
-                should "display a form to register" do
-                 assert_select "form[action=#{users_path}][method=post]",
-                  true, "There must be a form to register" do
-                    assert_select "input[type=text][name=?]",
-                      "user[email]", true, "There must be an email field"
-                    assert_select "input[type=password][name=?]",
-                      "user[password]", true, "There must be a password field"
-                    assert_select "input[type=password][name=?]",
-                      "user[password_confirmation]", true, "There must be a password confirmation field"
-                    assert_select "input[type=submit]", true,
-                      "There must be a submit button"
-                 end
-                end
+                should_display_a_registration_form
               end
               context "Given email parameter when getting new User view" do

data/lib/clearance/test/unit/clearance_mailer_test.rb CHANGED

@@ -18,7 +18,7 @@ module Clearance
               should "contain a link to edit the user's password" do
                 host = ActionMailer::Base.default_url_options[:host]
-                regexp = %r{http://#{host}/users/#{@user.id}/password/edit\?email=#{@user.email.gsub("@", "%40")}&amp;password=#{@user.encrypted_password}}
+                regexp = %r{http://#{host}/users/#{@user.id}/password/edit\?token=#{@user.token}}
                 assert_match regexp, @email.body
               end
@@ -51,7 +51,7 @@ module Clearance
               should "contain a link to confirm the user's account" do
                 host = ActionMailer::Base.default_url_options[:host]
-                regexp = %r{http://#{host}/users/#{@user.id}/confirmation/new\?salt=#{@user.salt}}
+                regexp = %r{http://#{host}/users/#{@user.id}/confirmation/new\?token=#{@user.token}}
                 assert_match regexp, @email.body
               end
             end

data/lib/clearance/test/unit/user_test.rb CHANGED

@@ -8,7 +8,7 @@ module Clearance
             should_protect_attributes :email_confirmed,
               :salt, :encrypted_password,
-              :remember_token, :remember_token_expires_at
+              :token, :token_expires_at
             # registering
@@ -25,6 +25,11 @@ module Clearance
                 assert_not_nil Factory(:registered_user).salt
               end
+              should "initialize token witout expiry date" do
+                assert_not_nil Factory(:registered_user).token
+                assert_nil Factory(:registered_user).token_expires_at
+              end
               context "encrypt password" do
                 setup do
                   @salt = "salt"
@@ -72,6 +77,10 @@ module Clearance
                 should "have confirmed their email" do
                   assert @user.email_confirmed?
                 end
+                should "reset token" do
+                  assert_nil @user.token
+                end
               end
             end
@@ -101,39 +110,44 @@ module Clearance
             # remember me
-            context "When registering with remember_me!" do
+            context "When authenticating with remember_me!" do
               setup do
-                @user = Factory(:registered_user)
-                assert_nil @user.remember_token
-                assert_nil @user.remember_token_expires_at
+                @user = Factory(:email_confirmed_user)
+                @token = @user.token
+                assert_nil @user.token_expires_at
                 @user.remember_me!
               end
               should "set the remember token and expiration date" do
-                assert_not_nil @user.remember_token
-                assert_not_nil @user.remember_token_expires_at
+                assert_not_equal @token, @user.token
+                assert_not_nil @user.token_expires_at
               end
               should "remember user when token expires in the future" do
-                @user.update_attribute :remember_token_expires_at,
+                @user.update_attribute :token_expires_at,
                   2.weeks.from_now.utc
                 assert @user.remember?
               end
               should "not remember user when token has already expired" do
-                @user.update_attribute :remember_token_expires_at,
+                @user.update_attribute :token_expires_at,
                   2.weeks.ago.utc
                 assert ! @user.remember?
               end
+              should "not remember user when token expiry date is not set" do
+                @user.update_attribute :token_expires_at, nil
+                assert ! @user.remember?
+              end
               # logging out
               context "forget_me!" do
                 setup { @user.forget_me! }
                 should "unset the remember token and expiration date" do
-                  assert_nil @user.remember_token
-                  assert_nil @user.remember_token_expires_at
+                  assert_nil @user.token
+                  assert_nil @user.token_expires_at
                 end
                 should "not remember user" do
@@ -157,6 +171,54 @@ module Clearance
                 should_change "@user.encrypted_password"
               end
             end
+            # recovering forgotten password
+            context "An email confirmed user" do
+              setup do
+                @user = Factory(:registered_user)
+                @user.confirm_email!
+              end
+              context "who forgets password" do
+                setup do
+                  assert_nil @user.token
+                  @user.forgot_password!
+                end
+                should "generate token" do
+                  assert_not_nil @user.token
+                end
+                context "and then updates password" do
+                  context 'with a valid new password and confirmation' do
+                    setup do
+                      @user.update_password(
+                        :password              => "new_password",
+                        :password_confirmation => "new_password"
+                      )
+                    end
+                    should_change "@user.encrypted_password"
+                    should "clear token" do
+                      assert_nil @user.token
+                    end
+                  end
+                  context 'with a password without a confirmation' do
+                    setup do
+                      @user.update_password(
+                        :password              => "new_password",
+                        :password_confirmation => ""
+                      )
+                    end
+                    should "not clear token" do
+                      assert_not_nil @user.token
+                    end
+                  end
+                end
+              end
+            end
           end
         end

data/shoulda_macros/clearance.rb CHANGED

@@ -143,6 +143,78 @@ module Clearance
       end
     end
+    # EMAILS
+    def should_send_the_change_your_password_email
+      should "generate a token for the change your password email" do
+        assert_not_nil @user.reload.token
+      end
+      should "send the change your password email" do
+        assert_sent_email do |email|
+          email.subject =~ /change your password/i
+        end
+      end
+    end
+    def should_not_send_the_change_your_password_email
+      should "generate a token for the change your password email" do
+        assert_nil @user.reload.token
+      end
+      should "not send a password reminder email" do
+        assert ActionMailer::Base.deliveries.empty?
+      end
+    end
+    # FORMS
+    def should_display_a_password_update_form
+      should "have a form for the user's token, password, and password confirm" do
+        update_path = ERB::Util.h(
+          user_password_path(@user, :token => @user.token)
+        )
+        assert_select 'form[action=?]', update_path do
+          assert_select 'input[name=_method][value=?]', 'put'
+          assert_select 'input[name=?]', 'user[password]'
+          assert_select 'input[name=?]', 'user[password_confirmation]'
+        end
+      end
+    end
+    def should_display_a_registration_form
+      should "display a form to register" do
+        assert_select "form[action=#{users_path}][method=post]",
+        true, "There must be a form to register" do
+          assert_select "input[type=text][name=?]",
+            "user[email]", true, "There must be an email field"
+          assert_select "input[type=password][name=?]",
+            "user[password]", true, "There must be a password field"
+          assert_select "input[type=password][name=?]",
+            "user[password_confirmation]", true, "There must be a password confirmation field"
+          assert_select "input[type=submit]", true,
+            "There must be a submit button"
+        end
+      end
+    end
+    def should_display_a_sign_in_form
+      should 'display a "sign in" form' do
+        assert_select "form[action=#{session_path}][method=post]",
+          true, "There must be a form to sign in" do
+            assert_select "input[type=text][name=?]",
+              "session[email]", true, "There must be an email field"
+            assert_select "input[type=password][name=?]",
+              "session[password]", true, "There must be a password field"
+            assert_select "input[type=checkbox][name=?]",
+              "session[remember_me]", true, "There must be a 'remember me' check box"
+            assert_select "input[type=submit]", true,
+              "There must be a submit button"
+        end
+      end
+    end
   end
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nagybence-clearance
 version: !ruby/object:Gem::Version
-  version: 0.4.1
+  version: 0.4.2
 platform: ruby
 authors:
 - thoughtbot, inc.
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2009-01-26 21:00:00 -08:00
+date: 2009-01-27 21:00:00 -08:00
 default_executable:
 dependencies: []
@@ -28,26 +28,30 @@ extensions: []
 extra_rdoc_files: []
 files:
+- LICENSE
 - Rakefile
 - README.textile
-- LICENSE
 - TODO.textile
 - generators/clearance
+- generators/clearance/clearance_generator.rb
+- generators/clearance/lib
+- generators/clearance/lib/insert_commands.rb
+- generators/clearance/lib/rake_commands.rb
 - generators/clearance/templates
-- generators/clearance/templates/README
-- generators/clearance/templates/test
-- generators/clearance/templates/test/factories
-- generators/clearance/templates/test/factories/clearance.rb
-- generators/clearance/templates/test/functional
-- generators/clearance/templates/test/functional/confirmations_controller_test.rb
-- generators/clearance/templates/test/functional/passwords_controller_test.rb
-- generators/clearance/templates/test/functional/sessions_controller_test.rb
-- generators/clearance/templates/test/functional/users_controller_test.rb
-- generators/clearance/templates/test/unit
-- generators/clearance/templates/test/unit/clearance_mailer_test.rb
-- generators/clearance/templates/test/unit/user_test.rb
 - generators/clearance/templates/app
+- generators/clearance/templates/app/controllers
+- generators/clearance/templates/app/controllers/application.rb
+- generators/clearance/templates/app/controllers/confirmations_controller.rb
+- generators/clearance/templates/app/controllers/passwords_controller.rb
+- generators/clearance/templates/app/controllers/sessions_controller.rb
+- generators/clearance/templates/app/controllers/users_controller.rb
+- generators/clearance/templates/app/models
+- generators/clearance/templates/app/models/clearance_mailer.rb
+- generators/clearance/templates/app/models/user.rb
 - generators/clearance/templates/app/views
+- generators/clearance/templates/app/views/clearance_mailer
+- generators/clearance/templates/app/views/clearance_mailer/change_password.html.erb
+- generators/clearance/templates/app/views/clearance_mailer/confirmation.html.erb
 - generators/clearance/templates/app/views/passwords
 - generators/clearance/templates/app/views/passwords/edit.html.erb
 - generators/clearance/templates/app/views/passwords/new.html.erb
@@ -57,48 +61,44 @@ files:
 - generators/clearance/templates/app/views/users/_form.html.erb
 - generators/clearance/templates/app/views/users/edit.html.erb
 - generators/clearance/templates/app/views/users/new.html.erb
-- generators/clearance/templates/app/views/clearance_mailer
-- generators/clearance/templates/app/views/clearance_mailer/change_password.html.erb
-- generators/clearance/templates/app/views/clearance_mailer/confirmation.html.erb
-- generators/clearance/templates/app/models
-- generators/clearance/templates/app/models/user.rb
-- generators/clearance/templates/app/models/clearance_mailer.rb
-- generators/clearance/templates/app/controllers
-- generators/clearance/templates/app/controllers/application.rb
-- generators/clearance/templates/app/controllers/passwords_controller.rb
-- generators/clearance/templates/app/controllers/users_controller.rb
-- generators/clearance/templates/app/controllers/sessions_controller.rb
-- generators/clearance/templates/app/controllers/confirmations_controller.rb
 - generators/clearance/templates/db
 - generators/clearance/templates/db/migrate
 - generators/clearance/templates/db/migrate/create_users_with_clearance_columns.rb
 - generators/clearance/templates/db/migrate/update_users_with_clearance_columns.rb
-- generators/clearance/lib
-- generators/clearance/lib/insert_commands.rb
-- generators/clearance/lib/rake_commands.rb
+- generators/clearance/templates/README
+- generators/clearance/templates/test
+- generators/clearance/templates/test/factories
+- generators/clearance/templates/test/factories/clearance.rb
+- generators/clearance/templates/test/functional
+- generators/clearance/templates/test/functional/confirmations_controller_test.rb
+- generators/clearance/templates/test/functional/passwords_controller_test.rb
+- generators/clearance/templates/test/functional/sessions_controller_test.rb
+- generators/clearance/templates/test/functional/users_controller_test.rb
+- generators/clearance/templates/test/unit
+- generators/clearance/templates/test/unit/clearance_mailer_test.rb
+- generators/clearance/templates/test/unit/user_test.rb
 - generators/clearance/USAGE
-- generators/clearance/clearance_generator.rb
 - lib/clearance
+- lib/clearance/app
+- lib/clearance/app/controllers
+- lib/clearance/app/controllers/application_controller.rb
+- lib/clearance/app/controllers/confirmations_controller.rb
+- lib/clearance/app/controllers/passwords_controller.rb
+- lib/clearance/app/controllers/sessions_controller.rb
+- lib/clearance/app/controllers/users_controller.rb
+- lib/clearance/app/models
+- lib/clearance/app/models/clearance_mailer.rb
+- lib/clearance/app/models/user.rb
 - lib/clearance/test
-- lib/clearance/test/test_helper.rb
 - lib/clearance/test/functional
 - lib/clearance/test/functional/confirmations_controller_test.rb
 - lib/clearance/test/functional/passwords_controller_test.rb
 - lib/clearance/test/functional/sessions_controller_test.rb
 - lib/clearance/test/functional/users_controller_test.rb
+- lib/clearance/test/test_helper.rb
 - lib/clearance/test/unit
 - lib/clearance/test/unit/clearance_mailer_test.rb
 - lib/clearance/test/unit/user_test.rb
-- lib/clearance/app
-- lib/clearance/app/models
-- lib/clearance/app/models/user.rb
-- lib/clearance/app/models/clearance_mailer.rb
-- lib/clearance/app/controllers
-- lib/clearance/app/controllers/application_controller.rb
-- lib/clearance/app/controllers/passwords_controller.rb
-- lib/clearance/app/controllers/users_controller.rb
-- lib/clearance/app/controllers/sessions_controller.rb
-- lib/clearance/app/controllers/confirmations_controller.rb
 - lib/clearance.rb
 - shoulda_macros/clearance.rb
 - rails/init.rb