persistent_cookie_authentication_generator 0.0.1

data/templates/user_edit.rhtml

@@ -0,0 +1,15 @@
+<h1>Edit</h1>
+
+<% if flash[:notice] %><div class="notice"><%= flash[:notice] %></div><% end %>
+
+<% form_for(:user, @user, :url => { :action => 'update' }) do |f| %>
+  	<table>
+    	<tr>
+      		<td>Email</td>
+      		<td><%= f.text_field(:email) %></td>
+    	</tr>
+	</table>
+
+  <p><%= submit_tag 'Update Changes' %></p>
+<% end %>
+

data/templates/user_environment.rb

@@ -0,0 +1,9 @@
+#Change these values to your liking
+COOKIE_NAME = "rails_app"
+APP_NAME = "RailsApp"
+ADMIN_EMAIL = "admin@railsapp.com"
+
+#don't change these
+PUBLIC_STATE = 0
+PROTECTED_STATE = 1
+PRIVATE_STATE = 2

data/templates/user_forgot_password.rhtml

@@ -0,0 +1,9 @@
+<h1>Forgotten Password</h1>
+
+<% if flash[:notice] %><div class="notice"><%= flash[:notice] %></div><% end %>
+
+<% form_for(:user, :url => { :action => 'send_new_password' }) do |f| %>
+  <p>Please key in your email so that we can send you a new password</p>
+  <p><%= f.text_field(:email) %></p>
+  <p><%= submit_tag 'Send' %></p>
+<% end %>                                                   

data/templates/user_integration_test.rb

@@ -0,0 +1,303 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class UserControllerTest < ActionController::IntegrationTest
+  
+  fixtures :users, :identities, :login_cookies
+
+
+  def logs_in_as(person = nil)
+    if person != nil
+      @person = User.find(:first, :conditions => [ "login = ?", person ])
+      post "user/user_login", "user" => { :login => @person.login, :password => "atest" }
+      is_redirected_to "user/show"
+      assert_equal @person.identity.id, session["identity"]
+      assert_equal PRIVATE_STATE, session["state"]
+     end
+  end
+
+
+
+  def is_redirected_to(template = nil)
+    if template != nil 
+      session['return-to'] = nil
+      assert_response :redirect
+      follow_redirect!
+      assert_response :success
+      assert_template(template)
+    end
+  end
+
+
+
+  def test_login_page
+    get "user/login"
+    assert_response :success
+    assert_template "user/login"
+  end
+
+
+
+  def test_valid_login
+    cookies[COOKIE_NAME] = nil
+    get "user/login"
+    post "user/user_login", "user" => { "login" => "bob", "password" => "atest" }
+    is_redirected_to "user/show"
+    assert_equal 1, session["identity"]
+    assert_equal PRIVATE_STATE, session["state"]
+    
+    assert_match /bob%40([\d\w]+)%40([\d\w]+)/, cookies[COOKIE_NAME]
+  end
+
+
+
+  def test_valid_login_other_user
+    cookies[COOKIE_NAME] = "existingbob@1234567890@abcdefghij"
+    get "user/login"
+    post "user/user_login", "user" => { "login" => "bob", "password" => "atest" }
+    is_redirected_to "user/show"
+    assert_equal 1, session["identity"]
+    assert_equal PRIVATE_STATE, session["state"]
+    
+    assert_match /bob%40([\d\w]+)%40([\d\w]+)/, cookies[COOKIE_NAME]
+  end
+
+
+
+  def test_valid_login_same_user
+    cookies[COOKIE_NAME] = "bob@seriesbob@tokenbob"
+    post "user/user_login", "user" => { "login" => "bob", "password" => "atest" }
+    is_redirected_to "user/show"
+    assert_equal 1, session["identity"]
+    assert_equal PRIVATE_STATE, session["state"]
+    
+    assert_match /bob%40seriesbob%40[\w\d]+/, cookies[COOKIE_NAME]
+  end
+
+
+
+  def test_invalid_login
+    post "user/user_login", "user" => { "login" => "bob", "password" => "not_correct" }
+    is_redirected_to "user/login"
+    assert_equal 0, session["identity"]
+    assert_equal 0, session["state"]
+  end
+  
+
+
+  def test_login_logoff
+    post "user/user_login", "user" => { "login" => "bob", "password" => "atest" }
+    is_redirected_to "user/show"
+    assert_equal 1, session["identity"]
+    assert_equal PRIVATE_STATE, session["state"]
+
+    get "user/logout"
+    is_redirected_to "user/login"
+    assert_equal 0, session["identity"]
+    assert_equal 0, session["state"]
+  end
+
+
+
+  def test_valid_signup
+    get "user/signup"
+    assert_response :success
+    assert_template "user/signup"
+
+    ActionMailer::Base.deliveries = Array.new
+    session['return-to'] = "/bogus/location"
+
+    post "user/user_signup", "user" => { "login" => "newbob", "password" => "newpassword", "password_confirmation" => "newpassword", "email" => "newbob@test.com" }
+    is_redirected_to "user/login"
+    
+    assert_equal 1, ActionMailer::Base.deliveries.size
+    mail = ActionMailer::Base.deliveries[0]
+    assert_equal "newbob@test.com", mail.to_addrs[0].to_s
+    assert_match /login:\s+\w+\n/, mail.encoded
+    assert_match /password:\s+\w+\n/, mail.encoded
+    key = /key=([\w\d]+)/.match(mail.encoded)[1]
+
+    user = User.find_by_email("newbob@test.com")
+    assert_not_nil user
+    assert_equal 0, user.verified
+
+    # Then a bogus key.
+    get "user/welcome", "user"=> { "id" => "#{user.id}" }, "key" => "boguskey"
+    user = User.find_by_email("newbob@test.com")
+    assert_equal 0, user.verified
+
+    # Now the real one.
+    get "user/welcome", "user"=> { "id" => "#{user.id}" }, "key" => "#{key}"
+    user = User.find_by_email("newbob@test.com")
+    assert_equal 1, user.verified
+    is_redirected_to "user/login"
+  end
+  
+
+
+  def test_signup_bad_input
+    #login too long
+    do_test_signup "newbobnewbobnewbobnewbobnewbobnewbobnewbobnewbobnewbobnewbobnewbobnewbobnewbobnewbobnewbob", "newpassword", "newpassword", "bob@wahlao.com"
+    
+    #login too short
+    do_test_signup "1", "newpassword", "newpassword", "bob@wahlao.com"
+
+    #login not unique
+    do_test_signup "bob", "newpassword", "newpassword", "bob@wahlao.com"
+
+    #login blank
+    do_test_signup "", "newpassword", "newpassword", "bob@wahlao.com"
+
+    #email blank
+    do_test_signup "newbob", "newpassword", "newpassword", ""
+
+    #email not unique
+    do_test_signup "newbob", "newpassword", "newpassword", "bob@test.com"
+
+    #password blank
+    do_test_signup "newbob", "", "", "bob@paypal.com"
+
+    #password not the same as confirmation
+    do_test_signup "newbob", "newpassword", "oldpassword", "bob@wahlao.com"
+
+    #password too long
+    do_test_signup "newbob", "passpasspasspasspasspasspasspasspasspasspasspasspasspasspasspasspasspasspasspasspasspasspass", "passpasspasspasspasspasspasspasspasspasspasspasspasspasspasspasspasspasspasspasspasspasspass", "bob@wahlao.com"
+
+    #password too short
+    do_test_signup "newbob", "p", "p", "bob@wahlao.com"
+
+  end  
+    
+      
+      
+  def do_test_signup(login, password, password_cfm, email)
+    identity_prevCount = Identity.count  
+    post "user/user_signup", "school" => "", "user" => { "login" => login, "password" => password, "password_confirmation" => password_cfm, "email" => email }
+    is_redirected_to "user/signup"
+    assert_equal identity_prevCount, Identity.count
+    assert_equal 0, ActionMailer::Base.deliveries.size
+  end
+
+
+  
+  def test_valid_change_password
+    ActionMailer::Base.deliveries = Array.new
+    logs_in_as "bob"
+    get "user/change_password"
+    assert_response :success
+    assert_template "user/change_password"
+
+    post "user/update_password", "current_password" => "atest", "user" => { "password" => "changed_password", "password_confirmation" => "changed_password" }
+    is_redirected_to "user/show"
+    assert_equal 1, ActionMailer::Base.deliveries.size
+    mail = ActionMailer::Base.deliveries[0]
+    assert_equal "bob@test.com", mail.to_addrs[0].to_s
+    assert_match /login:\s+\w+\n/, mail.encoded
+    assert_match /password:\s+\w+\n/, mail.encoded
+
+    post "user/user_login", "user" => { "login" => "bob", "password" => "changed_password" }
+    is_redirected_to "user/show"
+    assert_equal 1, session["identity"]
+    assert_equal PRIVATE_STATE, session["state"]
+      
+    post "user/update_password", "current_password" => "changed_password", "user" => { "password" => "atest", "password_confirmation" => "atest" }
+    get "user/logout"
+  end
+
+
+
+  def do_change_password(old_password, new_password, new_password_cfm)
+    ActionMailer::Base.deliveries = Array.new
+    logs_in_as "bob"
+
+    post "user/update_password", "current_password" => old_password, "user" => { "password" => new_password, "password_confirmation" => new_password_cfm }
+    is_redirected_to "user/change_password"
+    assert_equal 0, ActionMailer::Base.deliveries.size
+  end
+
+
+
+  def test_change_password
+    do_change_password("hahaha", "newpassword", "newpassword")
+    do_change_password("atest", "passwordpasswordpasswordpasswordpassowrdpasswordpasswordpasswordpasswordpassword", "passwordpasswordpasswordpasswordpassowrdpasswordpasswordpasswordpasswordpassword")
+    do_change_password("atest", "hahaha", "hehehe")
+  end
+
+
+
+  def test_valid_forgot_password
+    ActionMailer::Base.deliveries = Array.new
+    logs_in_as "bob"
+    get "user/forgot_password"
+    assert_response :success
+    assert_template "user/forgot_password"
+
+    post "user/send_new_password", "user" => { "email" => "bob@test.com" }
+    assert_equal 1, ActionMailer::Base.deliveries.size
+    mail = ActionMailer::Base.deliveries[0]
+    assert_equal "bob@test.com", mail.to_addrs[0].to_s
+    assert_match /login\sid:\w+/, mail.encoded
+    assert_match /password:[\w\d]+/, mail.encoded
+    is_redirected_to "user/login"
+  end
+
+
+
+  def test_invalid_forgot_password
+    ActionMailer::Base.deliveries = Array.new
+    logs_in_as "bob"
+    get "user/forgot_password"
+    assert_response :success
+    assert_template "user/forgot_password"
+
+    post "user/send_new_password", "user" => { "email" => "bob@bad.com" }
+    assert_equal 0, ActionMailer::Base.deliveries.size
+    is_redirected_to "user/login"
+  end
+
+
+
+  def test_valid_edit
+    logs_in_as "bob"
+    get "user/edit"
+    assert_response :success
+    assert_template "user/edit"
+    assert_equal "bob@test.com", assigns(:user).email
+
+    post "user/update", "user" => { "email" => "bob@excitingbob.com" }
+    is_redirected_to "user/show"
+    assert_response :success
+    assert_template "user/show"
+    assert_equal "bob@excitingbob.com", assigns(:user).email
+  end
+ 
+
+  def test_invalid_edit
+    logs_in_as "bob"
+    get "user/edit"
+    assert_response :success
+    assert_template "user/edit"
+    assert_equal "bob@test.com", assigns(:user).email
+
+    #blank email
+    post "user/update", "user" => { "email" => "" }
+    is_redirected_to "user/edit"
+    assert_equal "bob@test.com", assigns(:user).email
+
+    #non unique email
+    post "user/update", "user" => { "email" => "longbob@test.com" }
+    is_redirected_to "user/edit"
+    assert_equal "bob@test.com", assigns(:user).email
+  end
+  
+
+
+  def test_show
+    logs_in_as "bob"
+    get "user/show"
+    assert_response :success
+    assert_template "user/show"
+    assert_equal "bob", assigns(:user).login
+    assert_equal "bob@test.com", assigns(:user).email
+  end
+  
+end

data/templates/user_login.rhtml

@@ -0,0 +1,23 @@
+<h1>Log In</h1>
+
+<% if flash[:notice] %><div class="notice"><%= flash[:notice] %></div><% end %>
+
+<% form_for(:user, :url => { :action => 'user_login' }) do |f| %>
+  <table>
+    <tr>
+      <td>Login ID</td>
+      <td><%= f.text_field(:login, :size => 30) %></td>
+    </tr>
+    <tr>
+      <td>Password</td>
+      <td><%= f.password_field(:password, :size => 30) %></td>
+    </tr>
+  </table>
+  <p><%= submit_tag 'Log in' %></p>
+<% end %>
+
+<p>
+  <%= link_to 'Sign Up', :action => 'signup' %> | 
+  <%= link_to 'Forgot password', :action => 'forgot_password' %>
+</p>
+                                                                                

data/templates/user_notify.rb

@@ -0,0 +1,55 @@
+class UserNotify < ActionMailer::Base
+  
+  def setup_email(user)
+    @recipients = "#{user.email}"
+    @from       = ADMIN_EMAIL
+    @subject    = "[#{APP_NAME}] "
+    @sent_on    = Time.now
+    @headers['Content-Type'] = "text/plain; charset=utf-8; format=flowed"
+  end
+
+
+
+  def signup(user, password, url)
+    setup_email(user)
+
+    # Email header info
+    @subject += "Welcome to #{APP_NAME}!"
+
+    # Email body substitutions
+    @body["login"] = user.login
+    @body["password"] = password
+    @body["url"] = url
+    @body["app_name"] = APP_NAME
+  end
+
+
+
+  def forgot_password(user, randomPassword)
+    setup_email(user)
+
+    # Email header info
+    @subject += "Forgotten password notification"
+
+    # Email body substitutions
+    @body["login"] = user.login
+    @body["randomPassword"] = randomPassword
+    @body["app_name"] = APP_NAME
+  end
+
+
+
+  def change_password(user, password)
+    setup_email(user)
+
+    # Email header info
+    @subject += "Changed password notification"
+
+    # Email body substitutions
+    @body["login"] = user.login
+    @body["password"] = password
+    @body["url"] = APP_NAME
+    @body["app_name"] = APP_NAME
+  end 
+  
+end

data/templates/user_notify_change_password.rhtml

@@ -0,0 +1,10 @@
+Dear <%= @login %>,
+
+At your request, <%= @app_name %> has changed your password. If it was not at your request, then you should be aware that someone has access to your account and requested this change.
+
+Your new login credentials are:
+
+  login:    <%= @login %>
+  password: <%= @password %>
+ 
+<%= @url %>

data/templates/user_notify_forgot_password.rhtml

@@ -0,0 +1,8 @@
+Dear <%= @login %>,
+
+At your request, <%= @app_name %> has resetted your password. If it was not at your request, then you should be aware that someone has entered your email address as theirs in the forgotten password section of <%= @app_name %>.
+
+Your new password:<%= @randomPassword %>
+And your login id:<%= @login %>
+
+It's advisable for you to change your password as soon as you login. It's as simple as navigating to 'Preferences' and clicking on 'Change Password'.

data/templates/user_notify_signup.rhtml

@@ -0,0 +1,10 @@
+Welcome to <%= @app_name %>, <%= @login %>.
+
+Your login credentials are:
+
+  login:    <%= @login %>
+  password: <%= @password %>
+
+Please click on the following link to confirm your registration:
+
+<%= @url %>