rails_mvp_authentication 0.1.0

data/lib/generators/rails_mvp_authentication/templates/test/controllers/confirmations_controller_test.rb.tt

@@ -0,0 +1,143 @@
+require "test_helper"
+
+class ConfirmationsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @reconfirmed_user = User.create!(email: "reconfirmed_user@example.com", password: "password", password_confirmation: "password", confirmed_at: 1.week.ago, unconfirmed_email: "unconfirmed_email@example.com")
+    @confirmed_user = User.create!(email: "confirmed_user@example.com", password: "password", password_confirmation: "password", confirmed_at: 1.week.ago)
+    @unconfirmed_user = User.create!(email: "unconfirmed_user@example.com", password: "password", password_confirmation: "password")
+  end
+
+  test "should confirm unconfirmed user" do
+    freeze_time do
+      confirmation_token = @unconfirmed_user.generate_confirmation_token
+
+      get edit_confirmation_path(confirmation_token)
+
+      assert @unconfirmed_user.reload.confirmed?
+      assert_equal Time.now, @unconfirmed_user.confirmed_at
+      assert_redirected_to root_path
+      assert_not_nil flash[:notice]
+    end
+  end
+
+  test "should reconfirm confirmed user" do
+    unconfirmed_email = @reconfirmed_user.unconfirmed_email
+
+    freeze_time do
+      confirmation_token = @reconfirmed_user.generate_confirmation_token
+
+      get edit_confirmation_path(confirmation_token)
+
+      assert @reconfirmed_user.reload.confirmed?
+      assert_equal Time.current, @reconfirmed_user.reload.confirmed_at
+      assert_equal unconfirmed_email, @reconfirmed_user.reload.email
+      assert_nil @reconfirmed_user.reload.unconfirmed_email
+      assert_redirected_to root_path
+      assert_not_nil flash[:notice]
+    end
+  end
+
+  test "should not update email address if already taken" do
+    original_email = @reconfirmed_user.email
+    @reconfirmed_user.update(unconfirmed_email: @confirmed_user.email)
+
+    freeze_time do
+      confirmation_token = @reconfirmed_user.generate_confirmation_token
+
+      get edit_confirmation_path(confirmation_token)
+
+      assert_equal original_email, @reconfirmed_user.reload.email
+      assert_redirected_to new_confirmation_path
+      assert_not_nil flash[:alert]
+    end
+  end
+
+  test "should redirect if confirmation link expired" do
+    confirmation_token = @unconfirmed_user.generate_confirmation_token
+
+    travel_to 601.seconds.from_now do
+      get edit_confirmation_path(confirmation_token)
+
+      assert_nil @unconfirmed_user.reload.confirmed_at
+      assert_not @unconfirmed_user.reload.confirmed?
+      assert_redirected_to new_confirmation_path
+      assert_not_nil flash[:alert]
+    end
+  end
+
+  test "should redirect if confirmation link is incorrect" do
+    get edit_confirmation_path("not_a_real_token")
+    assert_redirected_to new_confirmation_path
+    assert_not_nil flash[:alert]
+  end
+
+  test "should resend confirmation email if user is unconfirmed" do
+    assert_emails 1 do
+      post confirmations_path, params: {user: {email: @unconfirmed_user.email}}
+    end
+
+    assert_redirected_to root_path
+    assert_not_nil flash[:notice]
+  end
+
+  test "should prevent user from confirming if they are already confirmed" do
+    assert_no_emails do
+      post confirmations_path, params: {user: {email: @confirmed_user.email}}
+    end
+    assert_redirected_to new_confirmation_path
+    assert_not_nil flash[:alert]
+  end
+
+  test "should get new if not authenticated" do
+    get new_confirmation_path
+    assert_response :ok
+  end
+
+  test "should prevent authenticated user from confirming" do
+    freeze_time do
+      confirmation_token = @confirmed_user.generate_confirmation_token
+
+      login @confirmed_user
+
+      get edit_confirmation_path(confirmation_token)
+
+      assert_not_equal Time.current, @confirmed_user.reload.confirmed_at
+      assert_redirected_to new_confirmation_path
+      assert_not_nil flash[:alert]
+    end
+  end
+
+  test "should not prevent authenticated user confirming their unconfirmed_email" do
+    unconfirmed_email = @reconfirmed_user.unconfirmed_email
+
+    freeze_time do
+      login @reconfirmed_user
+
+      confirmation_token = @reconfirmed_user.generate_confirmation_token
+
+      get edit_confirmation_path(confirmation_token)
+
+      assert_equal Time.current, @reconfirmed_user.reload.confirmed_at
+      assert @reconfirmed_user.reload.confirmed?
+      assert_equal unconfirmed_email, @reconfirmed_user.reload.email
+      assert_nil @reconfirmed_user.reload.unconfirmed_email
+      assert_redirected_to root_path
+      assert_not_nil flash[:notice]
+    end
+  end
+
+  test "should prevent authenticated user from submitting the confirmation form" do
+    login @confirmed_user
+
+    get new_confirmation_path
+    assert_redirected_to root_path
+    assert_not_nil flash[:alert]
+
+    assert_no_emails do
+      post confirmations_path, params: {user: {email: @confirmed_user.email}}
+    end
+
+    assert_redirected_to root_path
+    assert_not_nil flash[:alert]
+  end
+end

data/lib/generators/rails_mvp_authentication/templates/test/controllers/passwords_controller_test.rb.tt

@@ -0,0 +1,119 @@
+require "test_helper"
+
+class PasswordsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @confirmed_user = User.create!(email: "confirmed_user@example.com", password: "password", password_confirmation: "password", confirmed_at: 1.week.ago)
+  end
+
+  test "should get edit" do
+    password_reset_token = @confirmed_user.generate_password_reset_token
+
+    get edit_password_path(password_reset_token)
+    assert_response :ok
+  end
+
+  test "should redirect from edit if password link expired" do
+    password_reset_token = @confirmed_user.generate_password_reset_token
+
+    travel_to 601.seconds.from_now
+    get edit_password_path(password_reset_token)
+
+    assert_redirected_to new_password_path
+    assert_not_nil flash[:alert]
+  end
+
+  test "should redirect from edit if password link is incorrect" do
+    get edit_password_path("not_a_real_token")
+
+    assert_redirected_to new_password_path
+    assert_not_nil flash[:alert]
+  end
+
+  test "should redirect from edit if user is not confirmed" do
+    @confirmed_user.update!(confirmed_at: nil)
+    password_reset_token = @confirmed_user.generate_password_reset_token
+
+    get edit_password_path(password_reset_token)
+
+    assert_redirected_to new_confirmation_path
+    assert_not_nil flash[:alert]
+  end
+
+  test "should redirect from edit if user is authenticated" do
+    password_reset_token = @confirmed_user.generate_password_reset_token
+
+    login @confirmed_user
+
+    get edit_password_path(password_reset_token)
+    assert_redirected_to root_path
+  end
+
+  test "should get new" do
+    get new_password_path
+    assert_response :ok
+  end
+
+  test "should redirect from new if user is authenticated" do
+    login @confirmed_user
+
+    get new_password_path
+    assert_redirected_to root_path
+  end
+
+  test "should send password reset mailer" do
+    assert_emails 1 do
+      post passwords_path, params: {
+        user: {
+          email: @confirmed_user.email.upcase
+        }
+      }
+    end
+
+    assert_redirected_to root_path
+    assert_not_nil flash[:notice]
+  end
+
+  test "should update password" do
+    password_reset_token = @confirmed_user.generate_password_reset_token
+
+    put password_path(password_reset_token), params: {
+      user: {
+        password: "password",
+        password_confirmation: "password"
+      }
+    }
+
+    assert_redirected_to login_path
+    assert_not_nil flash[:notice]
+  end
+
+  test "should handle errors" do
+    password_reset_token = @confirmed_user.generate_password_reset_token
+
+    put password_path(password_reset_token), params: {
+      user: {
+        password: "password",
+        password_confirmation: "password_that_does_not_match"
+      }
+    }
+
+    assert_not_nil flash[:alert]
+  end
+
+  test "should not update password if authenticated" do
+    password_reset_token = @confirmed_user.generate_password_reset_token
+
+    login @confirmed_user
+
+    put password_path(password_reset_token), params: {
+      user: {
+        password: "password",
+        password_confirmation: "password"
+
+      }
+    }
+
+    get new_password_path
+    assert_redirected_to root_path
+  end
+end

data/lib/generators/rails_mvp_authentication/templates/test/controllers/sessions_controller_test.rb.tt

@@ -0,0 +1,105 @@
+require "test_helper"
+
+class SessionsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @unconfirmed_user = User.create!(email: "unconfirmed_user@example.com", password: "password", password_confirmation: "password")
+    @confirmed_user = User.create!(email: "confirmed_user@example.com", password: "password", password_confirmation: "password", confirmed_at: Time.current)
+  end
+
+  test "should get login if anonymous" do
+    get login_path
+    assert_response :ok
+  end
+
+  test "should redirect from login if authenticated" do
+    login @confirmed_user
+
+    get login_path
+    assert_redirected_to root_path
+  end
+
+  test "should login and create active session if confirmed" do
+    assert_difference("@confirmed_user.active_sessions.count") do
+      post login_path, params: {
+        user: {
+          email: @confirmed_user.email,
+          password: @confirmed_user.password
+        }
+      }
+    end
+    assert_redirected_to root_path
+    assert_equal @confirmed_user, current_user
+  end
+
+  test "should remember user when logging in" do
+    assert_nil cookies[:remember_token]
+
+    post login_path, params: {
+      user: {
+        email: @confirmed_user.email,
+        password: @confirmed_user.password,
+        remember_me: 1
+      }
+    }
+
+    assert_not_nil current_user
+    assert_not_nil cookies[:remember_token]
+  end
+
+  test "should forget user when logging out" do
+    login @confirmed_user, remember_user: true
+
+    delete logout_path
+
+    # FIXME: Expected "" to be nil.
+    # When I run byebug in SessionsController#destroy cookies[:remember_token] does == nil.
+    # I think this might be a bug in Rails?
+    # assert_nil cookies[:remember_token]
+    assert cookies[:remember_token].blank?
+    assert_nil current_user
+    assert_redirected_to root_path
+    assert_not_nil flash[:notice]
+  end
+
+  test "should not login if unconfirmed" do
+    post login_path, params: {
+      user: {
+        email: @unconfirmed_user.email,
+        password: @unconfirmed_user.password
+      }
+    }
+    assert_equal "Incorrect email or password.", flash[:alert]
+    assert_nil current_user
+    assert_redirected_to new_confirmation_path
+  end
+
+  test "should handle invalid login" do
+    post login_path, params: {
+      user: {
+        email: @confirmed_user.email,
+        password: "foo"
+      }
+    }
+    assert_not_nil flash[:alert]
+    assert_nil current_user
+  end
+
+  test "should logout and delete current active session if authenticated" do
+    login @confirmed_user
+
+    assert_difference("@confirmed_user.active_sessions.count", -1) do
+      delete logout_path
+    end
+
+    assert_nil current_user
+    assert_redirected_to root_path
+    assert_not_nil flash[:notice]
+  end
+
+  test "should not logout if anonymous" do
+    login @confirmed_user
+
+    delete logout_path
+    assert_redirected_to root_path
+  end
+end

data/lib/generators/rails_mvp_authentication/templates/test/controllers/users_controller_test.rb.tt

@@ -0,0 +1,150 @@
+require "test_helper"
+
+class UsersControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @confirmed_user = User.create!(email: "confirmed_user@example.com", password: "password", password_confirmation: "password", confirmed_at: Time.current)
+  end
+
+  test "should load sign up page for anonymous users" do
+    get sign_up_path
+    assert_response :ok
+  end
+
+  test "should redirect authenticated users from signing up" do
+    login @confirmed_user
+
+    get sign_up_path
+    assert_redirected_to root_path
+
+    assert_no_difference("User.count") do
+      post sign_up_path, params: {
+        user: {
+          email: "some_unique_email@example.com",
+          password: "password",
+          password_confirmation: "password"
+        }
+      }
+    end
+  end
+
+  test "should create user and send confirmation instructions" do
+    assert_difference("User.count", 1) do
+      assert_emails 1 do
+        post sign_up_path, params: {
+          user: {
+            email: "some_unique_email@example.com",
+            password: "password",
+            password_confirmation: "password"
+          }
+        }
+      end
+    end
+
+    assert_redirected_to root_path
+    assert_not_nil flash[:notice]
+  end
+
+  test "should handle errors when signing up" do
+    assert_no_difference("User.count") do
+      assert_no_emails do
+        post sign_up_path, params: {
+          user: {
+            email: "some_unique_email@example.com",
+            password: "password",
+            password_confirmation: "wrong_password"
+          }
+        }
+      end
+    end
+  end
+
+  test "should get edit if authorized" do
+    login(@confirmed_user)
+
+    get account_path
+    assert_response :ok
+  end
+
+  test "should redirect unauthorized user from editing account" do
+    get account_path
+    assert_redirected_to login_path
+    assert_not_nil flash[:alert]
+  end
+
+  test "should edit email" do
+    unconfirmed_email = "unconfirmed_user@example.com"
+    current_email = @confirmed_user.email
+
+    login(@confirmed_user)
+
+    assert_emails 1 do
+      put account_path, params: {
+        user: {
+          unconfirmed_email: unconfirmed_email,
+          current_password: "password"
+        }
+      }
+    end
+
+    assert_not_nil flash[:notice]
+    assert_equal current_email, @confirmed_user.reload.email
+  end
+
+  test "should not edit email if current_password is incorrect" do
+    unconfirmed_email = "unconfirmed_user@example.com"
+    current_email = @confirmed_user.email
+
+    login(@confirmed_user)
+
+    assert_no_emails do
+      put account_path, params: {
+        user: {
+          unconfirmed_email: unconfirmed_email,
+          current_password: "wrong_password"
+        }
+      }
+    end
+
+    assert_not_nil flash[:notice]
+    assert_equal current_email, @confirmed_user.reload.email
+  end
+
+  test "should update password" do
+    login(@confirmed_user)
+
+    put account_path, params: {
+      user: {
+        current_password: "password",
+        password: "new_password",
+        password_confirmation: "new_password"
+      }
+    }
+
+    assert_redirected_to root_path
+    assert_not_nil flash[:notice]
+  end
+
+  test "should not update password if current_password is incorrect" do
+    login(@confirmed_user)
+
+    put account_path, params: {
+      user: {
+        current_password: "wrong_password",
+        password: "new_password",
+        password_confirmation: "new_password"
+      }
+    }
+
+    assert_response :unprocessable_entity
+  end
+
+  test "should delete user" do
+    login(@confirmed_user)
+
+    delete account_path(@confirmed_user)
+
+    assert_nil current_user
+    assert_redirected_to root_path
+    assert_not_nil flash[:notice]
+  end
+end

data/lib/generators/rails_mvp_authentication/templates/test/integration/friendly_redirects_test.rb.tt

@@ -0,0 +1,23 @@
+require "test_helper"
+
+class FriendlyRedirectsTest < ActionDispatch::IntegrationTest
+  setup do
+    @confirmed_user = User.create!(email: "confirmed_user@example.com", password: "password", password_confirmation: "password", confirmed_at: Time.current)
+  end
+
+  test "redirect to requested url after sign in" do
+    get account_path
+
+    assert_redirected_to login_path
+    login(@confirmed_user)
+
+    assert_redirected_to account_path
+  end
+
+  test "redirects to root path after sign in" do
+    get login_path
+    login(@confirmed_user)
+
+    assert_redirected_to root_path
+  end
+end

data/lib/generators/rails_mvp_authentication/templates/test/integration/user_interface_test.rb.tt

@@ -0,0 +1,35 @@
+require "test_helper"
+
+class UserInterfaceTest < ActionDispatch::IntegrationTest
+  setup do
+    @confirmed_user = User.create!(email: "confirmed_user@example.com", password: "password", password_confirmation: "password", confirmed_at: Time.current)
+  end
+
+  test "should render active sessions on account page" do
+    login @confirmed_user
+    @confirmed_user.active_sessions.last.update!(user_agent: "Mozilla", ip_address: "123.457.789")
+
+    get account_path
+
+    assert_match "Mozilla", @response.body
+    assert_match "123.457.789", @response.body
+  end
+
+  test "should render buttons to delete specific active sessions" do
+    login @confirmed_user
+
+    get account_path
+
+    assert_select "input[type='submit']" do
+      assert_select "[value=?]", "Log out of all other sessions"
+    end
+    assert_match destroy_all_active_sessions_path, @response.body
+
+    assert_select "table" do
+      assert_select "input[type='submit']" do
+        assert_select "[value=?]", "Sign Out"
+      end
+    end
+    assert_match active_session_path(@confirmed_user.active_sessions.last), @response.body
+  end
+end

data/lib/generators/rails_mvp_authentication/templates/test/mailers/previews/user_mailer_preview.rb.tt

@@ -0,0 +1,17 @@
+# Preview all emails at http://localhost:3000/rails/mailers/user_mailer
+class UserMailerPreview < ActionMailer::Preview
+  # Preview this email at http://localhost:3000/rails/mailers/user_mailer/confirmation
+  def confirmation
+    @unconfirmed_user = User.find_by(email: "unconfirmed_user@example.com") || User.create!(email: "unconfirmed_user@example.com", password: "password", password_confirmation: "password")
+    @unconfirmed_user.update!(confirmed_at: nil)
+    confirmation_token = @unconfirmed_user.generate_confirmation_token
+    UserMailer.confirmation(@unconfirmed_user, confirmation_token)
+  end
+
+  # Preview this email at http://localhost:3000/rails/mailers/user_mailer/password_reset
+  def password_reset
+    @password_reset_user = User.find_by(email: "password_reset_user@example.com") || User.create!(email: "password_reset_user@example.com", password: "password", password_confirmation: "password", confirmed_at: Time.current)
+    password_reset_token = @password_reset_user.generate_password_reset_token
+    UserMailer.password_reset(@password_reset_user, password_reset_token)
+  end
+end

data/lib/generators/rails_mvp_authentication/templates/test/mailers/user_mailer_test.rb.tt

@@ -0,0 +1,25 @@
+require "test_helper"
+
+class UserMailerTest < ActionMailer::TestCase
+  setup do
+    @user = User.create!(email: "some_unique_email@example.com", password: "password", password_confirmation: "password")
+  end
+
+  test "confirmation" do
+    confirmation_token = @user.generate_confirmation_token
+    mail = UserMailer.confirmation(@user, confirmation_token)
+    assert_equal "Confirmation Instructions", mail.subject
+    assert_equal [@user.email], mail.to
+    assert_equal [User::MAILER_FROM_EMAIL], mail.from
+    assert_match confirmation_token, mail.body.encoded
+  end
+
+  test "password_reset" do
+    password_reset_token = @user.generate_password_reset_token
+    mail = UserMailer.password_reset(@user, password_reset_token)
+    assert_equal "Password Reset Instructions", mail.subject
+    assert_equal [@user.email], mail.to
+    assert_equal [User::MAILER_FROM_EMAIL], mail.from
+    assert_match password_reset_token, mail.body.encoded
+  end
+end

data/lib/generators/rails_mvp_authentication/templates/test/models/active_session_test.rb.tt

@@ -0,0 +1,18 @@
+require "test_helper"
+
+class ActiveSessionTest < ActiveSupport::TestCase
+  setup do
+    @user = User.new(email: "unique_email@example.com", password: "password", password_confirmation: "password")
+    @active_session = @user.active_sessions.build
+  end
+
+  test "should be valid" do
+    assert @active_session.valid?
+  end
+
+  test "should have a user" do
+    @active_session.user = nil
+
+    assert_not @active_session.valid?
+  end
+end