rails_apps_pages 0.3.1 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 03fc6d91be1dca2c164be97d52039af7b3518e3d
-  data.tar.gz: c83034a7176c60ef6f8be7653a6525ddf7fcf229
+  metadata.gz: 1872fad570517fd4656e6480aff28e5dd1ac6e86
+  data.tar.gz: 3a871587aeecf17955ff91696dc5540b3a74d619
 SHA512:
-  metadata.gz: 6c78088130cdbfb04799dcaaf8996be589081403189d191a7e7eafbea5ebc1b9f52b1fad6c00ce5b13c25b45af6775def44410acaecc66db9513f7d87e438b5f
-  data.tar.gz: 69c9442c4e53fb139cc0c6dddfc9d8d3b44cdde56e11eeafaa5cc0218ca26713bae08d91b9c421c505a3daec573b810f50ef2fffefc42f59beb88f52eabfb869
+  metadata.gz: b2a7661ebccd5ca21501a7f03b01a6ac6809e08c55566d963335676e8b2171e3816fb4df9ad0524f0400ed09306d33111b16c69a197c18381b6cc7077511a5af
+  data.tar.gz: 90df045f3780de58e9fb170fd5cff6b951255fb4a83568c193768e0abc249c1ee267e5641d9cb27f729a271896b0512b8448e5d137cdbc8c7f908db4ee06bd69

data/CHANGELOG.textile

@@ -1,5 +1,10 @@
 h1. CHANGELOG
 
+h3. 0.4.0 May 6, 2014
+
+* generate tests when RSpec is installed
+* update Users controller to deny access to other users' profiles
+
 h3. 0.3.1 May 2, 2014
 
 * add a generator for an 'About' page

data/README.textile

@@ -61,6 +61,20 @@ root :to => "visitors#index"
 
 Why a "Visitors" controller? Why not a "Home" controller or "Welcome" controller? Those names are acceptable. But the home page often implements a user story for a persona named "visitor," so a "Visitors" controller is appropriate.
 
+h2. Generate an "About" Page
+
+To run the generator and create an "About" page:
+
+<pre>
+$ rails generate pages:about
+</pre>
+
+The generator will create:
+
+* app/views/pages/about.html.erb
+
+You'll need to install the "high_voltage gem":https://github.com/thoughtbot/high_voltage for the "About" page. The high_voltage gem makes it easy to add pages with static content (text that doesn't change), incorporating a site-wide application layout. The high_voltage gem provides the controller and routes needed to display any pages found in the *app/views/pages/* folder.
+
 h2. Generate User Pages Requiring Authentication
 
 If you have a User model and authentication with Devise, you might want to add pages to display a list of users or each user's profile, restricted to logged in users.

data/lib/generators/pages/about/about_generator.rb

@@ -11,6 +11,11 @@ module Pages
         copy_file 'about.html.erb', 'app/views/pages/about.html.erb'
       end
 
+      def add_tests
+        return unless File.exists?('spec/spec_helper.rb')
+        copy_file 'about_page_spec.rb', 'spec/features/visitors/about_page_spec.rb'
+      end
+
     end
   end
 end

data/lib/generators/pages/about/templates/about_page_spec.rb

@@ -0,0 +1,18 @@
+require 'spec_helper'
+
+# Feature: 'About' page
+#   As a visitor
+#   I want to visit an 'about' page
+#   So I can learn more about the website
+feature 'About page' do
+
+  # Scenario: Visit the 'about' page
+  #   Given I am a visitor
+  #   When I visit the 'about' page
+  #   Then I see "About the Website"
+  scenario 'Visit the about page' do
+    visit 'pages/about'
+    expect(page).to have_content 'About the Website'
+  end
+
+end

data/lib/generators/pages/authorized/authorized_generator.rb

@@ -10,19 +10,10 @@ module Pages
       def create_page
         ### assumes we are using Devise for authentication
         ### assumes we are using Pundit for authorization
+        generate 'pages:users -f'
         copy_file 'users/_user.html.erb', 'app/views/users/_user.html.erb'
-        copy_file 'users/index.html.erb', 'app/views/users/index.html.erb'
-        copy_file 'users/show.html.erb', 'app/views/users/show.html.erb'
         copy_file 'users_controller.rb', 'app/controllers/users_controller.rb'
         copy_file 'user_policy.rb', 'app/policies/user_policy.rb'
-        route = '  resources :users'
-        inject_into_file 'config/routes.rb', route + "\n", :after => "devise_for :users\n"
-        copy_file 'registrations_controller.rb', 'app/controllers/registrations_controller.rb'
-        gsub_file 'config/routes.rb', /devise_for :users/, 'devise_for :users, :controllers => {:registrations => "registrations"}'
-        copy_file 'visitors/index.html.erb', 'app/views/visitors/index.html.erb'
-        copy_file 'visitors_controller.rb', 'app/controllers/visitors_controller.rb'
-        route = '  root :to => "visitors#index"'
-        inject_into_file 'config/routes.rb', route + "\n", :after => "routes.draw do\n"
       end
 
     end

data/lib/generators/pages/authorized/templates/users_controller.rb

@@ -11,7 +11,7 @@ class UsersController < ApplicationController
     @user = User.find(params[:id])
     unless current_user.admin?
       unless @user == current_user
-        redirect_to root_path, :alert => "Access denied."
+        redirect_to :back, :alert => "Access denied."
       end
     end
   end

data/lib/generators/pages/home/home_generator.rb

@@ -14,6 +14,11 @@ module Pages
         inject_into_file 'config/routes.rb', route + "\n", :after => "routes.draw do\n"
       end
 
+      def add_tests
+        return unless File.exists?('spec/spec_helper.rb')
+        copy_file 'home_page_spec.rb', 'spec/features/visitors/home_page_spec.rb'
+      end
+
     end
   end
 end

data/lib/generators/pages/home/templates/home_page_spec.rb

@@ -0,0 +1,18 @@
+require 'spec_helper'
+
+# Feature: Home page
+#   As a visitor
+#   I want to visit a home page
+#   So I can learn more about the website
+feature 'Home page' do
+
+  # Scenario: Visit the home page
+  #   Given I am a visitor
+  #   When I visit the home page
+  #   Then I see "Welcome"
+  scenario 'visit the home page' do
+    visit root_path
+    expect(page).to have_content 'Welcome'
+  end
+
+end

data/lib/generators/pages/users/templates/spec/factories/users.rb

@@ -0,0 +1,7 @@
+FactoryGirl.define do
+  factory :user do
+    name "Test User"
+    email "test@example.com"
+    password "please123"
+  end
+end

data/lib/generators/pages/users/templates/spec/features/users/log_in_spec.rb

@@ -0,0 +1,51 @@
+require 'spec_helper'
+
+# Feature: Log in
+#   As a user
+#   I want to log in
+#   So I can visit protected areas of the site
+feature 'Log in' do
+
+  # Scenario: User cannot log in if not registered
+  #   Given I do not exist as a user
+  #   When I log in with valid credentials
+  #   Then I see an invalid login message
+  scenario 'user cannot log in if not registered' do
+    login('test@example.com', 'please123')
+    expect(page).to have_content 'Invalid email or password.'
+  end
+
+  # Scenario: User can log in with valid credentials
+  #   Given I exist as a user
+  #   And I am not logged in
+  #   When I sign in with valid credentials
+  #   Then I see a successful login message
+  scenario 'user can log in with valid credentials' do
+    user = FactoryGirl.create(:user)
+    login(user.email, user.password)
+    expect(page).to have_content 'Signed in successfully.'
+  end
+
+  # Scenario: User cannot log in with wrong email
+  #   Given I exist as a user
+  #   And I am not logged in
+  #   When I log in with a wrong email
+  #   Then I see an invalid login message
+  scenario 'user cannot log in with wrong email' do
+    user = FactoryGirl.create(:user)
+    login('invalid@email.com', user.password)
+    expect(page).to have_content 'Invalid email or password.'
+  end
+
+  # Scenario: User cannot log in with wrong password
+  #   Given I exist as a user
+  #   And I am not logged in
+  #   When I log in with a wrong password
+  #   Then I see an invalid login message
+  scenario 'user cannot log in with wrong password' do
+    user = FactoryGirl.create(:user)
+    login(user.email, 'invalidpass')
+    expect(page).to have_content 'Invalid email or password.'
+  end
+
+end

data/lib/generators/pages/users/templates/spec/features/users/log_out_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+
+# Feature: Log out
+#   As a user
+#   I want to log out
+#   So I can protect my account from unauthorized access
+feature 'Log out' do
+
+  # Scenario: User logs out successfully
+  #   Given I am logged in
+  #   When I log out
+  #   Then I see a logged out message
+  scenario 'user logs out successfully' do
+    user = FactoryGirl.create(:user)
+    login(user.email, user.password)
+    expect(page).to have_content 'Signed in successfully.'
+    click_link 'Logout'
+    expect(page).to have_content 'Signed out successfully.'
+  end
+
+end
+
+

data/lib/generators/pages/users/templates/spec/features/users/user_delete_spec.rb

@@ -0,0 +1,28 @@
+require 'spec_helper'
+include Warden::Test::Helpers
+Warden.test_mode!
+
+# Feature: User delete
+#   As a user
+#   I want to delete my user profile
+#   So I can close my account
+feature 'User delete', js: true do
+
+  # Scenario: User can delete own account
+  #   Given I am logged in
+  #   When I delete my account
+  #   Then I should see an account deleted message
+  scenario 'user can delete own account', :slow do
+    user = FactoryGirl.create(:user)
+    login_as(user, :scope => :user)
+    visit edit_user_registration_path(user)
+    click_button 'Cancel my account'
+    page.driver.browser.switch_to.alert.accept
+    expect(page).to have_content 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
+  end
+
+end
+
+
+
+

data/lib/generators/pages/users/templates/spec/features/users/user_edit_spec.rb

@@ -0,0 +1,38 @@
+require 'spec_helper'
+include Warden::Test::Helpers
+Warden.test_mode!
+
+# Feature: User edit
+#   As a user
+#   I want to edit my user profile
+#   So I can change my email address
+feature 'User edit' do
+
+  # Scenario: User changes email address
+  #   Given I am logged in
+  #   When I change my email address
+  #   Then I see an account updated message
+  scenario 'user changes email address' do
+    user = FactoryGirl.create(:user)
+    login_as(user, :scope => :user)
+    visit edit_user_registration_path(user)
+    fill_in 'Email', :with => 'newemail@example.com'
+    fill_in 'Current password', :with => user.password
+    click_button 'Update'
+    expect(page).to have_content 'You updated your account successfully.'
+  end
+
+  # Scenario: User cannot edit another user's profile
+  #   Given I am logged in
+  #   When I try to edit another user's profile
+  #   Then I see my own 'edit profile' page
+  scenario "user cannot cannot edit another user's profile", :me do
+    me = FactoryGirl.create(:user)
+    other = FactoryGirl.create(:user, email: 'other@example.com')
+    login_as(me, :scope => :user)
+    visit edit_user_registration_path(other)
+    expect(page).to have_content 'Edit User'
+    expect(page).to have_field('Email', with: me.email)
+  end
+
+end

data/lib/generators/pages/users/templates/spec/features/users/user_index_spec.rb

@@ -0,0 +1,22 @@
+require 'spec_helper'
+include Warden::Test::Helpers
+Warden.test_mode!
+
+# Feature: User index page
+#   As a user
+#   I want to see a list of users
+#   So I can confirm the site has multiple users
+feature 'User index page' do
+
+  # Scenario: User listed on index page
+  #   Given I am logged in
+  #   When I visit the user index page
+  #   Then I see my own email address
+  scenario 'user sees own email address' do
+    user = FactoryGirl.create(:user)
+    login_as(user, scope: :user)
+    visit users_path
+    expect(page).to have_content user.email
+  end
+
+end

data/lib/generators/pages/users/templates/spec/features/users/user_show_spec.rb

@@ -0,0 +1,36 @@
+require 'spec_helper'
+include Warden::Test::Helpers
+Warden.test_mode!
+
+# Feature: User profile page
+#   As a user
+#   I want to visit my user profile page
+#   So I can see my personal account data
+feature 'User profile page' do
+
+  # Scenario: User sees own profile
+  #   Given I am logged in
+  #   When I visit the user profile page
+  #   Then I see my own email address
+  scenario 'user sees own profile' do
+    user = FactoryGirl.create(:user)
+    login_as(user, :scope => :user)
+    visit user_path(user)
+    expect(page).to have_content 'User'
+    expect(page).to have_content user.email
+  end
+
+  # Scenario: User cannot see another user's profile
+  #   Given I am logged in
+  #   When I visit another user's profile
+  #   Then I see an 'access denied' message
+  scenario "user cannot see another user's profile" do
+    me = FactoryGirl.create(:user)
+    other = FactoryGirl.create(:user, email: 'other@example.com')
+    login_as(me, :scope => :user)
+    Capybara.current_session.driver.header 'Referer', root_path
+    visit user_path(other)
+    expect(page).to have_content 'Access denied.'
+  end
+
+end

data/lib/generators/pages/users/templates/spec/features/visitors/sign_up_spec.rb

@@ -0,0 +1,63 @@
+require 'spec_helper'
+
+# Feature: Sign up
+#   As a visitor
+#   I want to sign up
+#   So I can visit protected areas of the site
+feature 'Sign Up' do
+
+  # Scenario: Visitor can sign up with valid email address and password
+  #   Given I am not logged in
+  #   When I sign up with a valid email address and password
+  #   Then I see a successful sign up message
+  scenario 'visitor can sign up with valid email address and password' do
+    sign_up_with('test@example.com', 'please123', 'please123')
+    expect(page).to have_content 'Welcome! You have signed up successfully.'
+  end
+
+  # Scenario: Visitor cannot sign up with invalid email address
+  #   Given I am not logged in
+  #   When I sign up with an invalid email address
+  #   Then I see an invalid email message
+  scenario 'visitor cannot sign up with invalid email address' do
+    sign_up_with('bogus', 'please123', 'please123')
+    expect(page).to have_content 'Email is invalid'
+  end
+
+  # Scenario: Visitor cannot sign up without password
+  #   Given I am not logged in
+  #   When I sign up without a password
+  #   Then I see a missing password message
+  scenario 'visitor cannot sign up without password' do
+    sign_up_with('test@example.com', '', '')
+    expect(page).to have_content "Password can't be blank"
+  end
+
+  # Scenario: Visitor cannot sign up with a short password
+  #   Given I am not logged in
+  #   When I sign up with a short password
+  #   Then I see a 'too short password' message
+  scenario 'visitor cannot sign up with a short password' do
+    sign_up_with('test@example.com', 'please', 'please')
+    expect(page).to have_content "Password is too short"
+  end
+
+  # Scenario: Visitor cannot sign up without password confirmation
+  #   Given I am not logged in
+  #   When I sign up without a password confirmation
+  #   Then I see a missing password confirmation message
+  scenario 'visitor cannot sign up without password confirmation' do
+    sign_up_with('test@example.com', 'please123', '')
+    expect(page).to have_content "Password confirmation doesn't match"
+  end
+
+  # Scenario: Visitor cannot sign up with mismatched password and confirmation
+  #   Given I am not logged in
+  #   When I sign up with a mismatched password confirmation
+  #   Then I should see a mismatched password message
+  scenario 'visitor cannot sign up with mismatched password and confirmation' do
+    sign_up_with('test@example.com', 'please123', 'mismatch')
+    expect(page).to have_content "Password confirmation doesn't match"
+  end
+
+end

data/lib/generators/pages/users/templates/spec/models/user_spec.rb

@@ -0,0 +1,15 @@
+require 'spec_helper'
+
+describe User do
+
+  before(:each) { @user = User.new(email: 'user@example.com') }
+
+  subject { @user }
+
+  it { should respond_to(:email) }
+
+  it "#email returns a string" do
+    expect(@user.email).to match 'user@example.com'
+  end
+
+end

data/lib/generators/pages/users/templates/spec/support/helpers/session_helpers.rb

@@ -0,0 +1,18 @@
+module Features
+  module SessionHelpers
+    def sign_up_with(email, password, confirmation)
+      visit new_user_registration_path
+      fill_in 'Email', with: email
+      fill_in 'Password', with: password
+      fill_in 'Password confirmation', :with => confirmation
+      click_button 'Sign up'
+    end
+
+    def login(email, password)
+      visit new_user_session_path
+      fill_in 'Email', with: email
+      fill_in 'Password', with: password
+      click_button 'Log in'
+    end
+  end
+end

data/lib/generators/pages/users/templates/spec/support/helpers.rb

@@ -0,0 +1,3 @@
+RSpec.configure do |config|
+  config.include Features::SessionHelpers, type: :feature
+end

data/lib/generators/pages/users/templates/users_controller.rb

@@ -7,6 +7,9 @@ class UsersController < ApplicationController
 
   def show
     @user = User.find(params[:id])
+    unless @user == current_user
+      redirect_to :back, :alert => "Access denied."
+    end
   end
 
 end

data/lib/generators/pages/users/users_generator.rb

@@ -17,10 +17,23 @@ module Pages
         inject_into_file 'config/routes.rb', route + "\n", :after => "devise_for :users\n"
         copy_file 'registrations_controller.rb', 'app/controllers/registrations_controller.rb'
         gsub_file 'config/routes.rb', /devise_for :users/, 'devise_for :users, :controllers => {:registrations => "registrations"}'
+        generate 'pages:home -f'
         copy_file 'visitors/index.html.erb', 'app/views/visitors/index.html.erb'
-        copy_file 'visitors_controller.rb', 'app/controllers/visitors_controller.rb'
-        route = '  root :to => "visitors#index"'
-        inject_into_file 'config/routes.rb', route + "\n", :after => "routes.draw do\n"
+      end
+
+      def add_tests
+        return unless File.exists?('spec/spec_helper.rb')
+        copy_file 'spec/factories/users.rb', 'spec/factories/users.rb'
+        copy_file 'spec/features/users/log_in_spec.rb', 'spec/features/users/log_in_spec.rb'
+        copy_file 'spec/features/users/log_out_spec.rb', 'spec/features/users/log_out_spec.rb'
+        copy_file 'spec/features/users/user_delete_spec.rb', 'spec/features/users/user_delete_spec.rb'
+        copy_file 'spec/features/users/user_edit_spec.rb', 'spec/features/users/user_edit_spec.rb'
+        copy_file 'spec/features/users/user_index_spec.rb', 'spec/features/users/user_index_spec.rb'
+        copy_file 'spec/features/users/user_show_spec.rb', 'spec/features/users/user_show_spec.rb'
+        copy_file 'spec/features/visitors/sign_up_spec.rb', 'spec/features/visitors/sign_up_spec.rb'
+        copy_file 'spec/models/user_spec.rb', 'spec/models/user_spec.rb'
+        copy_file 'spec/support/helpers/session_helpers.rb', 'spec/support/helpers/session_helpers.rb'
+        copy_file 'spec/support/helpers.rb', 'spec/support/helpers.rb'
       end
 
     end

data/lib/rails_apps_pages/version.rb

@@ -1,3 +1,3 @@
 module RailsAppsPages
-  VERSION = "0.3.1"
+  VERSION = "0.4.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rails_apps_pages
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.4.0
 platform: ruby
 authors:
 - Daniel Kehoe
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-05-03 00:00:00.000000000 Z
+date: 2014-05-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -58,25 +58,32 @@ files:
 - lib/generators/clean/routes_generator.rb
 - lib/generators/pages/about/about_generator.rb
 - lib/generators/pages/about/templates/about.html.erb
+- lib/generators/pages/about/templates/about_page_spec.rb
 - lib/generators/pages/authorized/authorized_generator.rb
-- lib/generators/pages/authorized/templates/registrations_controller.rb
 - lib/generators/pages/authorized/templates/user_policy.rb
 - lib/generators/pages/authorized/templates/users/_user.html.erb
-- lib/generators/pages/authorized/templates/users/index.html.erb
-- lib/generators/pages/authorized/templates/users/show.html.erb
 - lib/generators/pages/authorized/templates/users_controller.rb
-- lib/generators/pages/authorized/templates/visitors/index.html.erb
-- lib/generators/pages/authorized/templates/visitors_controller.rb
 - lib/generators/pages/home/home_generator.rb
+- lib/generators/pages/home/templates/home_page_spec.rb
 - lib/generators/pages/home/templates/index.html.erb
 - lib/generators/pages/home/templates/visitors_controller.rb
 - lib/generators/pages/users/templates/registrations_controller.rb
+- lib/generators/pages/users/templates/spec/factories/users.rb
+- lib/generators/pages/users/templates/spec/features/users/log_in_spec.rb
+- lib/generators/pages/users/templates/spec/features/users/log_out_spec.rb
+- lib/generators/pages/users/templates/spec/features/users/user_delete_spec.rb
+- lib/generators/pages/users/templates/spec/features/users/user_edit_spec.rb
+- lib/generators/pages/users/templates/spec/features/users/user_index_spec.rb
+- lib/generators/pages/users/templates/spec/features/users/user_show_spec.rb
+- lib/generators/pages/users/templates/spec/features/visitors/sign_up_spec.rb
+- lib/generators/pages/users/templates/spec/models/user_spec.rb
+- lib/generators/pages/users/templates/spec/support/helpers.rb
+- lib/generators/pages/users/templates/spec/support/helpers/session_helpers.rb
 - lib/generators/pages/users/templates/users/_user.html.erb
 - lib/generators/pages/users/templates/users/index.html.erb
 - lib/generators/pages/users/templates/users/show.html.erb
 - lib/generators/pages/users/templates/users_controller.rb
 - lib/generators/pages/users/templates/visitors/index.html.erb
-- lib/generators/pages/users/templates/visitors_controller.rb
 - lib/generators/pages/users/users_generator.rb
 - lib/rails_apps_pages.rb
 - lib/rails_apps_pages/version.rb

data/lib/generators/pages/authorized/templates/registrations_controller.rb

@@ -1,9 +0,0 @@
-class RegistrationsController < Devise::RegistrationsController
-  before_filter :update_sanitized_params, if: :devise_controller?
-
-  def update_sanitized_params
-    devise_parameter_sanitizer.for(:sign_up) {|u| u.permit(:name, :email, :password, :password_confirmation)}
-    devise_parameter_sanitizer.for(:account_update) {|u| u.permit(:name, :email, :password, :password_confirmation, :current_password)}
-  end
-
-end

data/lib/generators/pages/authorized/templates/users/index.html.erb

@@ -1,16 +0,0 @@
-<div class="container">
-  <div class="row">
-    <h3>Users</h3>
-    <div class="column">
-      <table class="table">
-        <tbody>
-          <% @users.each do |user| %>
-            <tr>
-              <%= render user %>
-            </tr>
-          <% end %>
-        </tbody>
-      </table>
-    </div>
-  </div>
-</div>

data/lib/generators/pages/authorized/templates/users/show.html.erb

@@ -1,2 +0,0 @@
-<h3>User</h3>
-<p>Email: <%= @user.email if @user.email %></p>

data/lib/generators/pages/authorized/templates/visitors/index.html.erb

@@ -1,2 +0,0 @@
-<h3>Welcome</h3>
-<p><%= link_to 'Users:', users_path %> <%= User.count %> registered</p>

data/lib/generators/pages/authorized/templates/visitors_controller.rb

@@ -1,2 +0,0 @@
-class VisitorsController < ApplicationController
-end

data/lib/generators/pages/users/templates/visitors_controller.rb

@@ -1,2 +0,0 @@
-class VisitorsController < ApplicationController
-end