panda-core 0.7.1 → 0.7.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 80a35426761da785e847321996703aad6eeecb6262b2a781a3d1379bb0d438fd
-  data.tar.gz: 6eac8f3b86fb4054c6c54083a22bea5d3c6471f4aca43f06e1ab78726c6aa870
+  metadata.gz: abf323ca5beed58dcb17cd7f39ed76028413524b20e40cd2de8d9c5d21b97fff
+  data.tar.gz: 992d91647d9cd2567b7d818beb2f7a2d173fb16edf8f78f222a576a1e6b9534f
 SHA512:
-  metadata.gz: ee2a264cbd6d014680f7773fd56749331de84f30b12c34a6eb87132a3f7c99e8f2fd97c32c6126bea35ecedb3301d9763d4826bbfe44f5f34fa5d2e92cb1ee86
-  data.tar.gz: 9df32b3390d72b00a4588bf1d0a88666fabdf9a519ed48712736316d66a6581467c1fb48fbacbd59244f7d319533110b9cec37807edc37984ce395f7b31cd5ba
+  metadata.gz: 42f8a466d633d31ee8e77650c0afcd9f768ef7990df74b185d3722e614a623f176944a610bee1ca4eee60f33edba812eda96b0b25f5e9466773c1f1920bd1213
+  data.tar.gz: a0f9ec858050df85d6a9cac0a04dc179673ad5438d8bd6c9deeb1ee0d52c5a1d0f5c2e0af9784cc717fcd59a987efd79f9ecc55d3d2456ba842d5056acff363b

data/lib/panda/core/testing/rails_helper.rb

@@ -29,10 +29,9 @@ Shoulda::Matchers.configure do |config|
 end
 
 # Load all support files from panda-core
-panda_core_support_path = Gem.loaded_specs["panda-core"]&.full_gem_path
-if panda_core_support_path
-  Dir[File.join(panda_core_support_path, "spec/support/**/*.rb")].sort.each { |f| require f }
-end
+# Files are now in lib/panda/core/testing/support/ to be included in the published gem
+support_path = File.expand_path("../support", __FILE__)
+Dir[File.join(support_path, "**/*.rb")].sort.each { |f| require f }
 
 RSpec.configure do |config|
   # Include panda-core route helpers by default

data/lib/panda/core/testing/support/authentication_helpers.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+module Panda
+  module Core
+    module AuthenticationHelpers
+      # Create test users with fixed IDs for consistent fixture references
+      def create_admin_user
+        Panda::Core::User.find_or_create_by!(id: "8f481fcb-d9c8-55d7-ba17-5ea5d9ed8b7a") do |user|
+          user.email = "admin@test.example.com"
+          user.firstname = "Admin"
+          user.lastname = "User"
+          user.admin = true
+        end
+      end
+
+      def create_regular_user
+        Panda::Core::User.find_or_create_by!(id: "9a8b7c6d-5e4f-3a2b-1c0d-9e8f7a6b5c4d") do |user|
+          user.email = "user@test.example.com"
+          user.firstname = "Regular"
+          user.lastname = "User"
+          user.admin = false
+        end
+      end
+
+      # For request specs - set session directly
+      def sign_in_as(user)
+        session[:user_id] = user.id
+        Panda::Core::Current.user = user
+      end
+
+      # For system specs - use test session endpoint if available
+      def login_as_admin
+        admin_user = create_admin_user
+        if defined?(Panda::CMS)
+          # CMS provides test session endpoint
+          post "/admin/test_sessions", params: {user_id: admin_user.id}
+        else
+          # Fall back to direct session setting
+          sign_in_as(admin_user)
+        end
+      end
+
+      def login_as_regular_user
+        regular_user = create_regular_user
+        if defined?(Panda::CMS)
+          post "/admin/test_sessions", params: {user_id: regular_user.id}
+        else
+          sign_in_as(regular_user)
+        end
+      end
+    end
+  end
+end
+
+RSpec.configure do |config|
+  # Include authentication helpers for all spec types (model, request, system, component, etc.)
+  config.include Panda::Core::AuthenticationHelpers
+end

data/lib/panda/core/testing/support/authentication_test_helpers.rb

@@ -0,0 +1,260 @@
+# frozen_string_literal: true
+
+# Comprehensive authentication test helpers for Panda Core and consuming gems
+# This module provides helpers for:
+# - Creating test users with fixed IDs
+# - OAuth mocking and configuration
+# - Test session management
+# - Request and system test authentication
+
+module Panda
+  module Core
+    module AuthenticationTestHelpers
+      # ============================================================================
+      # USER CREATION HELPERS
+      # ============================================================================
+
+      # Create an admin user with fixed ID for consistent fixture references
+      def create_admin_user(attributes = {})
+        ensure_columns_loaded
+        admin_id = "8f481fcb-d9c8-55d7-ba17-5ea5d9ed8b7a"
+        Panda::Core::User.find_or_create_by!(id: admin_id) do |user|
+          user.email = attributes[:email] || "admin@example.com"
+          user.firstname = attributes[:firstname] || "Admin" if user.respond_to?(:firstname=)
+          user.lastname = attributes[:lastname] || "User" if user.respond_to?(:lastname=)
+          user.name = attributes[:name] || "Admin User" if user.respond_to?(:name=) && !user.respond_to?(:firstname=)
+          user.image_url = attributes[:image_url] || default_image_url if user.respond_to?(:image_url=)
+          # Use is_admin for the actual column, but support both for compatibility
+          if user.respond_to?(:is_admin=)
+            user.is_admin = attributes.fetch(:admin, true)
+          elsif user.respond_to?(:admin=)
+            user.admin = attributes.fetch(:admin, true)
+          end
+          # Only set OAuth fields if they exist on the model
+          user.uid = attributes[:uid] || "admin_oauth_uid_123" if user.respond_to?(:uid=)
+          user.provider = attributes[:provider] || "google_oauth2" if user.respond_to?(:provider=)
+        end
+      end
+
+      # Create a regular user with fixed ID for consistent fixture references
+      def create_regular_user(attributes = {})
+        ensure_columns_loaded
+        regular_id = "9a8b7c6d-5e4f-3a2b-1c0d-9e8f7a6b5c4d"
+        Panda::Core::User.find_or_create_by!(id: regular_id) do |user|
+          user.email = attributes[:email] || "user@example.com"
+          user.firstname = attributes[:firstname] || "Regular" if user.respond_to?(:firstname=)
+          user.lastname = attributes[:lastname] || "User" if user.respond_to?(:lastname=)
+          user.name = attributes[:name] || "Regular User" if user.respond_to?(:name=) && !user.respond_to?(:firstname=)
+          user.image_url = attributes[:image_url] || default_image_url(dark: true) if user.respond_to?(:image_url=)
+          # Use is_admin for the actual column, but support both for compatibility
+          if user.respond_to?(:is_admin=)
+            user.is_admin = attributes.fetch(:admin, false)
+          elsif user.respond_to?(:admin=)
+            user.admin = attributes.fetch(:admin, false)
+          end
+          # Only set OAuth fields if they exist on the model
+          user.uid = attributes[:uid] || "user_oauth_uid_456" if user.respond_to?(:uid=)
+          user.provider = attributes[:provider] || "google_oauth2" if user.respond_to?(:provider=)
+        end
+      end
+
+      # Backwards compatibility with fixture access patterns
+      def admin_user
+        ensure_columns_loaded
+        @admin_user ||= Panda::Core::User.find_by(email: "admin@example.com") || create_admin_user
+      end
+
+      def regular_user
+        ensure_columns_loaded
+        @regular_user ||= Panda::Core::User.find_by(email: "user@example.com") || create_regular_user
+      end
+
+      # ============================================================================
+      # OMNIAUTH HELPERS
+      # ============================================================================
+
+      def clear_omniauth_config
+        OmniAuth.config.mock_auth.clear
+        Rails.application.env_config.delete("omniauth.auth") if defined?(Rails.application)
+      end
+
+      def mock_oauth_for_user(user, provider: :google_oauth2)
+        clear_omniauth_config
+        OmniAuth.config.test_mode = true
+        OmniAuth.config.mock_auth[provider] = OmniAuth::AuthHash.new({
+          provider: provider.to_s,
+          uid: (user.respond_to?(:uid) ? user.uid : nil) || user.id,
+          info: {
+            email: user.email,
+            name: user.name,
+            image: user.respond_to?(:image_url) ? user.image_url : nil
+          },
+          credentials: {
+            token: "mock_token_#{user.id}",
+            expires_at: Time.now + 1.week
+          }
+        })
+      end
+
+      # ============================================================================
+      # REQUEST SPEC HELPERS (Direct Session Manipulation)
+      # ============================================================================
+
+      # For request specs - set session directly (fast, no HTTP requests)
+      def sign_in_as(user)
+        # This works in request specs where we have direct access to the session
+        begin
+          if respond_to?(:session)
+            session[:user_id] = user.id
+          end
+        rescue NoMethodError
+          # Session method doesn't exist in this context (e.g., system specs)
+        end
+        Panda::Core::Current.user = user
+        user
+      end
+
+      # ============================================================================
+      # SYSTEM SPEC HELPERS (HTTP-based Authentication)
+      # ============================================================================
+
+      # For system specs - use test session endpoint (works across processes)
+      # This uses the TestSessionsController which is only available in test environment
+      #
+      # NOTE: Due to Cuprite's redirect handling, we visit the target path directly
+      # after setting up the session via the test endpoint. Flash messages won't be
+      # available in system tests due to cross-process timing. Use request specs
+      # to test flash messages (see authentication_request_spec.rb).
+      def login_with_test_endpoint(user, return_to: nil, expect_success: true)
+        return_path = return_to || determine_default_redirect_path
+
+        # Visit the test login endpoint (sets session via Redis)
+        # Note: Capybara/Cuprite may not follow the redirect properly, so we
+        # manually navigate to the expected destination
+        visit "/admin/test_login/#{user.id}?return_to=#{return_path}"
+
+        # Wait briefly for session to be set
+        sleep 0.2
+
+        # Manually visit the destination since Cuprite doesn't reliably follow redirects
+        if expect_success
+          visit return_path
+          # Wait for page to load
+          sleep 0.2
+
+          # Verify we're on the expected path
+          expect(page).to have_current_path(return_path, wait: 2)
+        end
+      end
+
+      # Convenience method: Login with Google OAuth provider (using test endpoint)
+      def login_with_google(user, expect_success: true)
+        login_with_test_endpoint(user, return_to: determine_default_redirect_path, expect_success: expect_success)
+      end
+
+      # Convenience method: Login with GitHub OAuth provider (using test endpoint)
+      def login_with_github(user, expect_success: true)
+        login_with_test_endpoint(user, return_to: determine_default_redirect_path, expect_success: expect_success)
+      end
+
+      # Convenience method: Login with Microsoft OAuth provider (using test endpoint)
+      def login_with_microsoft(user, expect_success: true)
+        login_with_test_endpoint(user, return_to: determine_default_redirect_path, expect_success: expect_success)
+      end
+
+      # High-level helper: Login as admin (creates user if needed)
+      def login_as_admin(attributes = {})
+        user = create_admin_user(attributes)
+        if respond_to?(:visit)
+          # System spec - use test endpoint
+          login_with_test_endpoint(user, expect_success: true)
+        else
+          # Request spec - use direct session
+          sign_in_as(user)
+        end
+        user
+      end
+
+      # High-level helper: Login as regular user (creates user if needed)
+      def login_as_user(attributes = {})
+        user = create_regular_user(attributes)
+        if respond_to?(:visit)
+          # System spec - regular users get redirected to login
+          login_with_test_endpoint(user, expect_success: false)
+        else
+          # Request spec - use direct session
+          sign_in_as(user)
+        end
+        user
+      end
+
+      # Manual OAuth login (slower, but tests actual OAuth flow)
+      # Use this when you need to test the OAuth callback handler itself
+      def manual_login_with_oauth(user, provider: :google_oauth2)
+        mock_oauth_for_user(user, provider: provider)
+
+        visit admin_login_path
+        expect(page).to have_css("#button-sign-in-#{provider}")
+        find("#button-sign-in-#{provider}").click
+
+        Rails.application.env_config["omniauth.auth"] = OmniAuth.config.mock_auth[provider]
+      end
+
+      # ============================================================================
+      # PRIVATE HELPER METHODS
+      # ============================================================================
+
+      private
+
+      def ensure_columns_loaded
+        return if @columns_loaded
+        Panda::Core::User.connection.schema_cache.clear!
+        Panda::Core::User.reset_column_information
+        @columns_loaded = true
+      end
+
+      def default_image_url(dark: false)
+        color = dark ? "%23999" : "%23ccc"
+        "data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='100' height='100'%3E%3Crect width='100' height='100' fill='#{color}'/%3E%3C/svg%3E"
+      end
+
+      def determine_default_redirect_path
+        # Check if we're in a CMS context
+        if defined?(Panda::CMS)
+          "/admin/cms"
+        else
+          "/admin"
+        end
+      end
+
+      def admin_login_path
+        if defined?(panda_core)
+          panda_core.admin_login_path
+        else
+          "/admin/login"
+        end
+      end
+
+      def admin_root_path
+        if defined?(panda_core)
+          panda_core.admin_root_path
+        else
+          "/admin"
+        end
+      end
+    end
+  end
+end
+
+# Configure RSpec to include these helpers in appropriate test types
+RSpec.configure do |config|
+  config.include Panda::Core::AuthenticationTestHelpers, type: :request
+  config.include Panda::Core::AuthenticationTestHelpers, type: :system
+  config.include Panda::Core::AuthenticationTestHelpers, type: :controller
+end
+
+# Configure OmniAuth for testing
+OmniAuth.config.test_mode = true
+OmniAuth.config.on_failure = proc { |env|
+  OmniAuth::FailureEndpoint.new(env).redirect_to_failure
+}

data/lib/panda/core/testing/support/generator_spec_helper.rb

@@ -0,0 +1,97 @@
+require "rails/generators"
+
+module GeneratorSpecHelper
+  extend ActiveSupport::Concern
+
+  included do
+    before(:each) do
+      prepare_destination
+      @original_stdout = $stdout
+      $stdout = File.new(File::NULL, "w")
+    end
+
+    after(:each) do
+      FileUtils.rm_rf(destination_root)
+      $stdout = @original_stdout
+    end
+  end
+
+  def destination_root
+    @destination_root ||= File.expand_path("../../tmp/generators", __dir__)
+  end
+
+  def prepare_destination
+    FileUtils.rm_rf(destination_root)
+    FileUtils.mkdir_p(destination_root)
+  end
+
+  def run_generator(args = [])
+    args = Array(args)
+    # Use the generator namespace instead of class name
+    generator_name = described_class.namespace
+    Rails::Generators.invoke(generator_name, args, destination_root: destination_root)
+  end
+
+  def generator
+    @generator ||= described_class.new([], destination_root: destination_root)
+  end
+
+  def file_exists?(path)
+    File.exist?(File.join(destination_root, path))
+  end
+
+  def read_file(path)
+    File.read(File.join(destination_root, path))
+  end
+
+  private
+
+  def capture(stream)
+    stream = stream.to_s
+    captured_stream = StringIO.new
+
+    # Map stream names to their global variables to avoid eval
+    streams = {
+      "stdout" => $stdout,
+      "stderr" => $stderr,
+      "stdin" => $stdin
+    }
+
+    original_stream = streams[stream]
+    case stream
+    when "stdout"
+      $stdout = captured_stream
+    when "stderr"
+      $stderr = captured_stream
+    when "stdin"
+      $stdin = captured_stream
+    else
+      raise ArgumentError, "Unsupported stream: #{stream}"
+    end
+
+    yield
+    captured_stream.string
+  ensure
+    case stream
+    when "stdout"
+      $stdout = original_stream
+    when "stderr"
+      $stderr = original_stream
+    when "stdin"
+      $stdin = original_stream
+    end
+  end
+end
+
+RSpec.configure do |config|
+  config.include GeneratorSpecHelper, type: :generator
+
+  # Ensure generator tests have a clean environment
+  config.before(:each, type: :generator) do
+    prepare_destination
+  end
+
+  config.after(:each, type: :generator) do
+    FileUtils.rm_rf(destination_root) if defined?(destination_root)
+  end
+end

data/lib/panda/core/testing/support/html_helpers.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module HtmlHelpers
+  def normalize_html(html)
+    html.gsub(/\s+/, " ").strip
+  end
+end
+
+RSpec.configure do |config|
+  config.include HtmlHelpers
+end

data/lib/panda/core/testing/support/omniauth_setup.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+# Configure authentication providers for tests
+RSpec.configure do |config|
+  config.before(:each, type: :controller) do
+    # Set up test authentication providers
+    Panda::Core.configure do |core_config|
+      core_config.authentication_providers = {
+        google_oauth2: {
+          client_id: "test_client_id",
+          client_secret: "test_client_secret",
+          options: {}
+        }
+      }
+    end
+  end
+end

data/lib/panda/core/testing/support/service_stubs.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require "tempfile"
+require "base64"
+
+# Stub services that make external HTTP requests to prevent them in tests
+RSpec.configure do |config|
+  config.before(:each) do
+    # Stub URI.open to prevent external HTTP requests when downloading avatars
+    # This affects AttachAvatarService which downloads avatars from OAuth providers
+    # Tests that specifically need real HTTP requests can override this stub
+    allow(URI).to receive(:open).and_wrap_original do |original_method, *args, **kwargs, &block|
+      url = args[0]
+
+      # Only stub avatar downloads from OAuth providers and test URLs
+      if /googleusercontent\.com|githubusercontent\.com|graph\.microsoft\.com|example\.com/.match?(url.to_s)
+        # Use the actual test fixture file instead of creating a fake file
+        # This ensures compatibility with Active Storage
+        fixture_path = Panda::Core::Engine.root.join("spec", "fixtures", "files", "test_image.jpg")
+        downloaded_file = File.open(fixture_path, "rb")
+
+        # Add methods that AttachAvatarService expects
+        downloaded_file.define_singleton_method(:content_type) { "image/jpeg" }
+        downloaded_file.define_singleton_method(:size) { File.size(fixture_path) }
+
+        # Call the block with our file if a block is given
+        if block_given?
+          result = block.call(downloaded_file)
+          downloaded_file.close unless downloaded_file.closed?
+          result
+        else
+          downloaded_file
+        end
+      else
+        # For other URLs, use the original method
+        original_method.call(*args, **kwargs, &block)
+      end
+    end
+  end
+end

data/lib/panda/core/testing/support/setup.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+def pause
+  $stderr.write "Press enter to continue"
+  $stdin.gets
+end
+
+def debugit
+  # Cuprite-specific debugging method
+  page.driver.debug
+end

data/lib/panda/core/version.rb

@@ -2,6 +2,6 @@
 
 module Panda
   module Core
-    VERSION = "0.7.1"
+    VERSION = "0.7.2"
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: panda-core
 version: !ruby/object:Gem::Version
-  version: 0.7.1
+  version: 0.7.2
 platform: ruby
 authors:
 - Otaina Limited
@@ -471,6 +471,13 @@ files:
 - lib/panda/core/sluggable.rb
 - lib/panda/core/subscribers/authentication_subscriber.rb
 - lib/panda/core/testing/rails_helper.rb
+- lib/panda/core/testing/support/authentication_helpers.rb
+- lib/panda/core/testing/support/authentication_test_helpers.rb
+- lib/panda/core/testing/support/generator_spec_helper.rb
+- lib/panda/core/testing/support/html_helpers.rb
+- lib/panda/core/testing/support/omniauth_setup.rb
+- lib/panda/core/testing/support/service_stubs.rb
+- lib/panda/core/testing/support/setup.rb
 - lib/panda/core/version.rb
 - lib/tasks/assets.rake
 - lib/tasks/panda/core/migrations.rake