refinerycms-authentication-devise 1.0.0

data/spec/features/refinery/authentication/devise/sessions_spec.rb

@@ -0,0 +1,103 @@
+require "spec_helper"
+
+describe "sign in", :type => :feature do
+  let(:login_path) { refinery.new_authentication_devise_user_session_path }
+  let(:login_retry_path) { refinery.authentication_devise_user_session_path }
+  let(:admin_path) { "/#{Refinery::Core.backend_route}" }
+  let!(:user) {
+    FactoryGirl.create(:authentication_devise_refinery_user, :username => "ugisozols",
+                                       :password => "123456",
+                                       :password_confirmation => "123456")
+  }
+
+  before do
+    visit refinery.login_path
+  end
+
+  it "shows login form" do
+    expect(page).to have_content("Hello! Please sign in.")
+    expect(page).to have_content("I forgot my password")
+    expect(page).to have_selector("a[href*='/refinery/users/password/new']")
+  end
+
+  context "when supplied data is valid" do
+    it "logs in user" do
+      fill_in "Username or email", :with => "ugisozols"
+      fill_in "Password", :with => "123456"
+      click_button "Sign in"
+      expect(page).to have_content("Signed in successfully.")
+      expect(current_path).to match(/\A#{admin_path}/)
+    end
+  end
+
+  context "when supplied data is not valid" do
+    it "shows flash error" do
+      fill_in "Username or email", :with => "Hmmm"
+      fill_in "Password", :with => "Hmmm"
+      click_button "Sign in"
+      expect(page).to have_content("Sorry, your login or password was incorrect.")
+      expect(current_path).to eq(login_retry_path)
+    end
+  end
+end
+
+describe 'user sign up', :type => :feature do
+  before do
+    Refinery::Authentication::Devise::User.delete_all
+  end
+
+  describe 'when there are no users' do
+    it 'allows user creation' do
+      # Verify that we can access the sign up page.
+      visit Refinery::Core.backend_path
+      expect(page).to have_content("There are no users yet, so we'll set you up first")
+
+      # Fill in user details.
+      fill_in 'user[username]', :with => 'rspec'
+      fill_in 'user[email]', :with => 'rspec@example.com'
+      fill_in 'user[password]', :with => 'spectacular'
+      fill_in 'user[password_confirmation]', :with => 'spectacular'
+
+      # Sign up and verify!
+      expect {
+        click_button "Sign up"
+      }.to change(Refinery::Authentication::Devise::User, :count).from(0).to(1)
+      expect(page).to have_content("Welcome to Refinery, rspec.")
+    end
+  end
+end
+
+describe 'redirects', :type => :feature do
+  let(:protected_path) { refinery.new_authentication_devise_admin_user_path }
+  let(:login_path) { refinery.login_path }
+
+  before do
+    FactoryGirl.create(:authentication_devise_refinery_user,
+      :username => "ugisozols",
+      :password => "123456",
+      :password_confirmation => "123456"
+    )
+  end
+
+  context "when visiting a protected path" do
+    before { visit protected_path }
+
+    it "redirects to the login" do
+      expect(current_path).to eq(login_path)
+    end
+
+    it "shows login form" do
+      expect(page).to have_content("Hello! Please sign in.")
+      expect(page).to have_content("I forgot my password")
+      expect(page).to have_selector("a[href*='/refinery/users/password/new']")
+    end
+
+    it "redirects to the protected path on login" do
+      fill_in "Username or email", :with => "ugisozols"
+      fill_in "Password", :with => "123456"
+      page.click_button "Sign in"
+      expect(current_path).to eq(protected_path)
+    end
+  end
+
+end

data/spec/lib/refinery/authentication/devise/configuration_spec.rb

@@ -0,0 +1,41 @@
+require 'spec_helper'
+
+module Refinery
+  module Authentication
+    module Devise
+      describe 'configuration' do
+
+        describe '.email_from_name' do
+          # reset any previously defined email from name
+          before do
+            Refinery::Authentication::Devise.email_from_name = nil
+          end
+
+          context 'when set in configuration' do
+            it 'returns name set by Refinery::Authentication::Devise.config' do
+              allow(Refinery::Authentication::Devise).to receive(:email_from_name).and_return('support')
+              expect(Refinery::Authentication::Devise.email_from_name).to eq('support')
+            end
+          end
+
+          context 'when set in locale file' do
+            before do
+              ::I18n.backend.store_translations :en, :refinery => {
+                :authentication => {
+                  :config => {
+                    :email_from_name => 'supporto'
+                  }
+                }
+              }
+            end
+
+            it 'returns name set in locale' do
+              expect(Refinery::Authentication::Devise.email_from_name).to eq('supporto')
+            end
+          end
+        end
+
+      end
+    end
+  end
+end

data/spec/models/refinery/user_spec.rb

@@ -0,0 +1,285 @@
+require 'spec_helper'
+
+module Refinery
+  module Authentication
+    module Devise
+      describe User, :type => :model do
+
+        let(:user) { FactoryGirl.create(:authentication_devise_user) }
+        let(:refinery_user) {
+          FactoryGirl.create(:authentication_devise_refinery_user)
+        }
+
+        context "Roles" do
+          context "add_role" do
+            it "raises Exception when Role object is passed" do
+              expect {user.add_role(Refinery::Authentication::Devise::Role.new)}.to raise_exception
+            end
+
+            it "adds a Role to the User when role not yet assigned to User" do
+              expect(proc {
+                user.add_role(:new_role)
+              }).to change(user.roles, :count).by(1)
+              expect(user.roles.collect(&:title)).to include("NewRole")
+            end
+
+            it "does not add a Role to the User when this Role is already assigned to User" do
+              expect(proc {
+                refinery_user.add_role(:refinery)
+              }).not_to change(refinery_user.roles, :count)
+              expect(refinery_user.roles.collect(&:title)).to include("Refinery")
+            end
+          end
+
+          context "has_role" do
+            it "raises Exception when Role object is passed" do
+              expect{ user.has_role?(Refinery::Authentication::Devise::Role.new)}.to raise_exception
+            end
+
+            it "returns the true if user has Role" do
+              expect(refinery_user.has_role?(:refinery)).to be_truthy
+            end
+
+            it "returns false if user hasn't the Role" do
+              expect(refinery_user.has_role?(:refinery_fail)).to be_falsey
+            end
+          end
+
+          describe "role association" do
+            it "have a roles attribute" do
+              expect(user).to respond_to(:roles)
+            end
+          end
+        end
+
+        context "validations" do
+          # email and password validations are done by including devises validatable
+          # module so those validations are not tested here
+          let(:attributes) do
+            {
+              :username => "Refinery CMS",
+              :email => "refinery@cms.com",
+              :password => "123456",
+              :password_confirmation => "123456"
+            }
+          end
+
+          it "requires username" do
+            expect(User.new(attributes.merge(:username => ""))).not_to be_valid
+          end
+
+          it "rejects duplicate usernames" do
+            User.create!(attributes)
+            expect(User.new(attributes.merge(:email => "another@email.com"))).not_to be_valid
+          end
+
+          it "rejects duplicate usernames regardless of case" do
+            User.create!(attributes)
+            expect(User.new(attributes.merge(
+              :username => attributes[:username].upcase,
+              :email => "another@email.com")
+            )).not_to be_valid
+          end
+
+          it "rejects duplicate usernames regardless of whitespace" do
+            User.create!(attributes)
+            new_user = User.new(attributes.merge(:username => " Refinery   CMS "))
+            new_user.valid?
+            expect(new_user.username).to eq('refinery cms')
+            expect(new_user).not_to be_valid
+          end
+        end
+
+        describe ".find_for_database_authentication" do
+          it "finds user either by username or email" do
+            expect(User.find_for_database_authentication(:login => user.username)).to eq(user)
+            expect(User.find_for_database_authentication(:login => user.email)).to eq(user)
+          end
+        end
+
+        describe "#can_delete?" do
+          let(:user_not_persisted) { FactoryGirl.build(:authentication_devise_refinery_user) }
+          let(:super_user) do
+            FactoryGirl.create(:authentication_devise_refinery_user).tap do |user|
+              user.add_role(:superuser)
+            end
+          end
+
+          context "won't allow to delete" do
+            it "not persisted user record" do
+              expect(refinery_user.can_delete?(user_not_persisted)).to be_falsey
+            end
+
+            it "user with superuser role" do
+              expect(refinery_user.can_delete?(super_user)).to be_falsey
+            end
+
+            it "if user count with refinery role < 1" do
+              ::Refinery::Authentication::Devise::Role[:refinery].users.delete([ refinery_user, super_user ])
+              expect(super_user.can_delete?(refinery_user)).to be_falsey
+            end
+
+            it "user himself" do
+              expect(refinery_user.can_delete?(refinery_user)).to be_falsey
+            end
+          end
+
+          context "allow to delete" do
+            it "if user count with refinery role = 1" do
+              ::Refinery::Authentication::Devise::Role[:refinery].users.delete(refinery_user)
+              expect(super_user.can_delete?(refinery_user)).to be_truthy
+            end
+
+            it "if all conditions return true" do
+              expect(super_user.can_delete?(refinery_user)).to be_truthy
+            end
+          end
+        end
+
+        describe "#can_edit?" do
+          let(:user_not_persisted) { FactoryGirl.build(:authentication_devise_refinery_user) }
+          let(:super_user) do
+            FactoryGirl.create(:authentication_devise_refinery_user).tap do |user|
+              user.add_role(:superuser)
+            end
+          end
+          let(:user_persisted) { FactoryGirl.create(:authentication_devise_refinery_user)}
+
+          context "won't allow to edit" do
+            it "non-persisted user record" do
+              expect(refinery_user.can_edit?(user_not_persisted)).to be_falsey
+            end
+
+            it "user is not a super user" do
+              expect(refinery_user.can_edit?(user_persisted)).to be_falsey
+            end
+          end
+
+          context "allows to edit" do
+            it "when I am a user super" do
+              expect(super_user.can_edit?(user_persisted)).to be_truthy
+            end
+
+            it "if all conditions return true" do
+              expect(super_user.can_edit?(refinery_user)).to be_truthy
+            end
+          end
+        end
+
+        describe "#plugins=" do
+          context "when user is not persisted" do
+            it "does not add plugins for this user" do
+              new_user = FactoryGirl.build(:authentication_devise_user)
+              new_user.plugins = ["test"]
+              expect(new_user.plugins).to be_empty
+            end
+          end
+
+          context "when user is persisted" do
+            it "only assigns plugins with names that are of string type" do
+              user.plugins = [1, :test, false, "refinery_one"]
+              expect(user.plugins.collect(&:name)).to eq(["refinery_one"])
+            end
+
+            it "won't raise exception if plugins position is not a number" do
+              Refinery::Authentication::Devise::UserPlugin.create! :name => "refinery_one", :user_id => user.id
+
+              expect { user.plugins = ["refinery_one", "refinery_two"] }.to_not raise_error
+            end
+
+            context "when no plugins assigned" do
+              it "assigns them to user" do
+                expect(user.plugins).to eq([])
+
+                plugin_list = ["refinery_one", "refinery_two", "refinery_three"]
+                user.plugins = plugin_list
+                expect(user.plugins.collect(&:name)).to eq(plugin_list)
+              end
+
+              it "assigns them to user with unique positions" do
+                expect(user.plugins).to eq([])
+
+                plugin_list = ["refinery_one", "refinery_two", "refinery_three"]
+                user.plugins = plugin_list
+                expect(user.plugins.pluck(:position)).to match_array([1,2,3])
+              end
+            end
+
+            context "when plugins are already assigned" do
+              it "only adds new ones and deletes ones that are not used" do
+                user.plugins = ["refinery_one", "refinery_two", "refinery_three"]
+                new_plugin_list = ["refinery_one", "refinery_two", "refinery_four"]
+
+                user.plugins = new_plugin_list
+                user.plugins.reload
+                expect(user.plugins.collect(&:name)).to eq(new_plugin_list)
+              end
+            end
+          end
+        end
+
+        describe "#authorised_plugins" do
+          it "returns array of user and always allowed plugins" do
+            ["refinery_one", "refinery_two", "refinery_three"].each_with_index do |name, index|
+              user.plugins.create!(:name => name, :position => index)
+            end
+            expect(user.authorised_plugins).to eq(user.plugins.collect(&:name) | ::Refinery::Plugins.always_allowed.names)
+          end
+        end
+
+        describe "plugins association" do
+          let(:plugin_list) { ["refinery_one", "refinery_two", "refinery_three"] }
+          before { user.plugins = plugin_list }
+
+          it "have a plugins attribute" do
+            expect(user).to respond_to(:plugins)
+          end
+
+          it "returns plugins in ASC order" do
+            expect(user.plugins[0].name).to eq(plugin_list[0])
+            expect(user.plugins[1].name).to eq(plugin_list[1])
+            expect(user.plugins[2].name).to eq(plugin_list[2])
+          end
+
+          it "deletes associated plugins" do
+            user.destroy
+            expect(UserPlugin.find_by_user_id(user.id)).to be_nil
+          end
+        end
+
+        describe "#create_first" do
+          let(:first_user) do
+            FactoryGirl.build(:authentication_devise_user).tap do |user|
+              user.create_first
+            end
+          end
+
+          it "adds refinery role" do
+            expect(first_user.roles.collect(&:title)).to include("Refinery")
+          end
+
+          it "adds superuser role" do
+            expect(first_user.roles.collect(&:title)).to include("Superuser")
+          end
+
+          it "adds registered plugins" do
+            expect(first_user.plugins.collect(&:name)).to eq(
+              %w(refinery_authentication_devise refinery_images refinery_files refinery_pages)
+            )
+          end
+
+          it "returns true on success" do
+            allow(first_user).to receive(:valid?).and_return(true)
+            expect(first_user.create_first).to eq(true)
+          end
+
+          it "returns false on failure" do
+            allow(first_user).to receive(:valid?).and_return(false)
+            expect(first_user.create_first).to eq(false)
+          end
+        end
+
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,27 @@
+require 'rubygems'
+
+# Configure Rails Environment
+ENV["RAILS_ENV"] ||= 'test'
+
+require File.expand_path("../dummy/config/environment", __FILE__)
+
+require 'rspec/rails'
+require 'capybara/rspec'
+
+RSpec.configure do |config|
+  config.mock_with :rspec
+  config.filter_run :focus => true
+  config.run_all_when_everything_filtered = true
+  config.backtrace_exclusion_patterns = %w(
+    rails actionpack railties capybara activesupport rack warden rspec actionview
+    activerecord dragonfly benchmark
+  ).map { |noisy| /#{noisy}/ }
+end
+
+# Requires supporting files with custom matchers and macros, etc,
+# in ./support/ and its subdirectories including factories.
+([Rails.root.to_s] | ::Refinery::Plugins.registered.pathnames).map{|p|
+  Dir[File.join(p, 'spec', 'support', '**', '*.rb').to_s]
+}.flatten.sort.each do |support_file|
+  require support_file
+end

data/spec/support/refinery/authentication/devise/controller_macros.rb

@@ -0,0 +1,48 @@
+module Refinery
+  module Authentication
+    module Devise
+      module ControllerMacros
+        def self.extended(base)
+          base.send :include, ::Devise::TestHelpers
+        end
+
+        def refinery_login_with_devise(*roles)
+          roles = handle_deprecated_roles!(roles).flatten
+          let(:logged_in_user) do
+            FactoryGirl.create(:authentication_devise_user).tap do |user|
+              roles.each do |role|
+                user.add_role(role)
+              end
+            end
+          end
+          before do
+            @request.env["devise.mapping"] = ::Devise.mappings[:authentication_devise_user]
+            sign_in logged_in_user
+          end
+        end
+
+        def factory_user(factory)
+          let(:logged_in_user) { FactoryGirl.create(factory) }
+          before do
+            @request.env["devise.mapping"] = ::Devise.mappings[:authentication_devise_user]
+            sign_in logged_in_user
+          end
+        end
+
+        private
+        def handle_deprecated_roles!(*roles)
+          mappings = {
+            :user => [],
+            :refinery_user => [:refinery],
+            :refinery_superuser => [:refinery, :superuser]
+          }
+          mappings[roles.flatten.first] || roles
+        end
+      end
+    end
+  end
+end
+
+RSpec.configure do |config|
+  config.extend Refinery::Authentication::Devise::ControllerMacros, type: :controller
+end

data/spec/support/refinery/authentication/devise/feature_macros.rb

@@ -0,0 +1,26 @@
+module Refinery
+  module Authentication
+    module Devise
+      module FeatureMacros
+
+        def refinery_login_with_devise(factory)
+          let!(:logged_in_user) { FactoryGirl.create(factory) }
+
+          before do
+            visit refinery.login_path
+
+            fill_in "Username or email", with: logged_in_user.username
+            fill_in "Password", with: "refinerycms"
+
+            click_button "Sign in"
+          end
+        end
+
+      end
+    end
+  end
+end
+
+RSpec.configure do |config|
+  config.extend Refinery::Authentication::Devise::FeatureMacros, type: :feature
+end

data/tasks/rspec.rake

@@ -0,0 +1,4 @@
+require 'rspec/core/rake_task'
+
+desc "Run specs"
+RSpec::Core::RakeTask.new