rockstart 0.1.0

data/lib/generators/rockstart/devise/templates/spec/models/user_spec.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+require "rails_helper"
+
+RSpec.describe User, type: :model do
+  # email:string
+  it { is_expected.to have_db_column(:email) }
+  # encrypted_password:string
+  it { is_expected.to have_db_column(:encrypted_password) }
+  # name:string
+  it { is_expected.to have_db_column(:name) }
+  it { is_expected.not_to validate_presence_of(:name) }
+  # admin:boolean
+  it { is_expected.to have_db_column(:admin).with_options(default: false) }
+  # deleted_at:datetime
+  it { is_expected.to have_db_column(:deleted_at).of_type(:datetime) }
+
+  describe "#given" do
+    it "returns the given name from the name" do
+      user = User.new(name: "John Smith")
+      expect(user.given).to eq "John"
+    end
+
+    it "handles nil name valeus" do
+      user = User.new(name: nil)
+      expect(user.given).to be_nil
+    end
+  end
+
+  describe "#family" do
+    it "returns the family name from the name" do
+      user = User.new(name: "John Smith")
+      expect(user.family).to eq "Smith"
+    end
+
+    it "handles nil name valeus" do
+      user = User.new(name: nil)
+      expect(user.family).to be_nil
+    end
+  end
+
+  describe "#to_s" do
+    it "returns the persisted name of the user" do
+      user = User.new(name: "John Smith")
+      user.changes_applied
+      expect(user.to_s).to eq "John Smith"
+
+      user.name = "Jack Smith"
+      expect(user.to_s).to eq "John Smith"
+    end
+
+    it "falls back to a generic label when name is not present" do
+      user = build_stubbed(:user, name: nil)
+      allow(user).to receive(:id?).and_return(true)
+      allow(user).to receive(:id).and_return(1234)
+      expect(user.to_s).to eq "User #1234"
+    end
+
+    it "returns a generic label when user is not persisted" do
+      user = User.new(name: nil)
+      expect(user.to_s).to eq "Guest User"
+    end
+  end
+end

data/lib/generators/rockstart/devise/templates/spec/requests/users/passwords_spec.rb

@@ -0,0 +1,202 @@
+# frozen_string_literal: true
+
+require "rails_helper"
+
+RSpec.describe "Users::Passwords", type: :request do
+  describe "GET /users/password/new" do
+    context "as a guest" do
+      it "renders a successful response" do
+        get new_user_password_path
+        expect(response).to be_successful
+      end
+    end
+  end
+
+  describe "POST /users/password" do
+    context "with a known user email" do
+      let(:valid_params) do
+        {
+          user: {
+            email: create(:user).email
+          }
+        }
+      end
+
+      it "redirects the user to the login page" do
+        post user_password_path, params: valid_params
+        expect(response).to redirect_to(new_user_session_path)
+
+        follow_redirect!
+        expect(response.body).to have_selector(".alert-notice", text: t("devise.passwords.send_paranoid_instructions"))
+      end
+
+      it "sends a password reset email" do
+        expect do
+          post user_password_path, params: valid_params
+        end.to change(ActionMailer::Base.deliveries, :count).by(1)
+
+        delivery = ActionMailer::Base.deliveries.last
+        expect(delivery.to).to eq [valid_params.dig(:user, :email)]
+        expect(delivery.subject).to eq t("devise.mailer.reset_password_instructions.subject")
+
+        # Verify the reset password token is present
+        expected_url = edit_user_password_path(reset_password_token: "")
+        expect(delivery.body.raw_source).to have_selector("a[href*=\"#{expected_url}\"]")
+      end
+    end
+
+    context "with an unknown email address" do
+      let(:unknown_user_params) do
+        {
+          user: {
+            email: Faker::Internet.email
+          }
+        }
+      end
+
+      it "redirects the user to the login page" do
+        post user_password_path, params: unknown_user_params
+        expect(response).to redirect_to(url_for_authentication)
+
+        follow_redirect!
+        expect(response.body).to have_selector(".alert-notice", text: t("devise.passwords.send_paranoid_instructions"))
+      end
+
+      it "does not send any emails" do
+        expect do
+          post user_password_path, params: unknown_user_params
+        end.not_to change(ActionMailer::Base.deliveries, :count)
+      end
+    end
+  end
+
+  describe "GET /users/password/edit" do
+    context "with a valid password reset token" do
+      let(:valid_reset_password_token) do
+        create(:user).send(:set_reset_password_token)
+      end
+
+      it "redirects back to the password reset page without the reset_password_token param" do
+        get edit_user_password_path, params: { reset_password_token: valid_reset_password_token }
+        expect(response).to redirect_to(edit_user_password_path)
+
+        follow_redirect!
+        expect(response.body).to have_selector("form input[name='user[reset_password_token]'][value='#{valid_reset_password_token}']", visible: false)
+      end
+    end
+
+    context "with an invalid password reset token" do
+      let(:invalid_reset_password_token) do
+        Faker::Lorem.words(number: 2).join
+      end
+
+      it "processes the invalid reset password token the same as a valid token" do
+        get edit_user_password_path, params: { reset_password_token: invalid_reset_password_token }
+        expect(response).to redirect_to(edit_user_password_path)
+
+        follow_redirect!
+        expect(response.body).to have_selector("form input[name='user[reset_password_token]'][value='#{invalid_reset_password_token}']", visible: false)
+      end
+    end
+
+    context "with no password request token" do
+      it "redirects the user with a warning" do
+        get edit_user_password_path
+        expect(response).to redirect_to(new_user_session_path)
+
+        follow_redirect!
+        expect(response.body).to have_selector(".alert-alert", text: t("devise.passwords.no_token"))
+      end
+    end
+  end
+
+  describe "PUT /users/password" do
+    context "with valid password change params" do
+      let(:user) { create(:user) }
+      let(:valid_reset_password_token) do
+        user.send(:set_reset_password_token)
+      end
+      let(:valid_password) do
+        Faker::Lorem.words(number: 3).join
+      end
+
+      let(:valid_password_change_params) do
+        {
+          user: {
+            reset_password_token: valid_reset_password_token,
+            password: valid_password,
+            password_confirmation: valid_password
+          }
+        }
+      end
+
+      it "redirects the user to the dashboard with a notice" do
+        put user_password_path, params: valid_password_change_params
+        expect(response).to redirect_to(root_url)
+
+        follow_redirect!
+        expect(response.body).to have_selector(".alert-notice", text: t("devise.passwords.updated"))
+      end
+
+      it "changes the users password" do
+        put user_password_path, params: valid_password_change_params
+
+        user.reload
+        expect(user.valid_password?(valid_password)).to be(true)
+      end
+    end
+
+    context "with non-matching passwords" do
+      let(:user) { create(:user) }
+      let(:valid_reset_password_token) do
+        user.send(:set_reset_password_token)
+      end
+      let(:valid_password) do
+        Faker::Lorem.words(number: 3).join
+      end
+
+      let(:valid_password_change_params) do
+        {
+          user: {
+            reset_password_token: valid_reset_password_token,
+            password: valid_password,
+            password_confirmation: valid_password.reverse
+          }
+        }
+      end
+
+      it "responds with success (displays a form with errors)" do
+        put user_password_path, params: valid_password_change_params
+
+        expect(response).to be_successful
+        expect(response.body).to have_selector(".field_with_errors")
+      end
+    end
+
+    context "with an invalid password reset token" do
+      let(:invalid_reset_password_token) do
+        Faker::Lorem.words(number: 2).join
+      end
+      let(:valid_password) do
+        Faker::Lorem.words(number: 3).join
+      end
+
+      let(:invalid_password_change_params) do
+        {
+          user: {
+            reset_password_token: invalid_reset_password_token,
+            password: valid_password,
+            password_confirmation: valid_password.reverse
+          }
+        }
+      end
+
+      it "responds with success (displays a form with errors)" do
+        put user_password_path, params: invalid_password_change_params
+
+        expect(response).to be_successful
+        expect(response.body).to have_content("Reset password token is invalid")
+      end
+    end
+  end
+end

data/lib/generators/rockstart/devise/templates/spec/requests/users/registrations_spec.rb

@@ -0,0 +1,445 @@
+# frozen_string_literal: true
+
+require "rails_helper"
+
+RSpec.describe "Users::Registrations", type: :request do
+  describe "GET /users/sign_up" do
+    context "as a guest" do
+      it "renders a successful response" do
+        get new_user_registration_path
+        expect(response).to be_successful
+      end
+    end
+
+    context "as an authenticated user" do
+      let(:authenticated_user) { create(:user) }
+
+      before do
+        sign_in(authenticated_user)
+      end
+
+      it "redirects to the dashboard with a warning" do
+        get new_user_registration_path
+        expect(response).to redirect_to(url_for_user_dashboard)
+
+        follow_redirect!
+        expect(response.body).to have_selector(".alert-alert", text: t("devise.failure.already_authenticated"))
+      end
+    end
+  end
+
+  describe "POST /users", :cache_testing do
+    context "with valid create user params" do
+      let(:valid_password) { Faker::Internet.password }
+      let(:valid_registration_params) do
+        {
+          user: {
+            email: Faker::Internet.email,
+            password: valid_password,
+            password_confirmation: valid_password
+          }
+        }
+      end
+
+      it "redirects to the dashboard with a notice" do
+        post user_registration_path, params: valid_registration_params
+        expect(response).to redirect_to(url_for_user_dashboard)
+
+        follow_redirect!
+        expect(response.body).to have_selector(".alert-notice", text: t("devise.registrations.signed_up"))
+      end
+
+      it "does not allow authenticated users" do
+        sign_in create(:user)
+
+        post user_registration_path, params: valid_registration_params
+        expect(response).to redirect_to(url_for_user_dashboard)
+
+        follow_redirect!
+        expect(response.body).to have_selector(".alert-alert", text: t("devise.failure.already_authenticated"))
+      end
+    end
+
+    context "with mismatching passwords" do
+      let(:invalid_registration_params) do
+        {
+          user: {
+            email: Faker::Internet.email,
+            password: Faker::Internet.password,
+            password_confirmation: Faker::Lorem.words(number: 3).join
+          }
+        }
+      end
+
+      it "renders the form with an error" do
+        post user_registration_path, params: invalid_registration_params
+        expect(response).to be_successful
+
+        expect(response.body).to have_content("Password confirmation doesn't match Password")
+      end
+    end
+
+    context "with an email address matching an existing user" do
+      let(:existing_user) { create(:user) }
+      let(:valid_password) { Faker::Internet.password }
+      let(:existing_registration_params) do
+        {
+          user: {
+            email: existing_user.email,
+            password: valid_password,
+            password_confirmation: valid_password
+          }
+        }
+      end
+
+      it "renders the form with an error" do
+        post user_registration_path, params: existing_registration_params
+        expect(response).to be_successful
+
+        expect(response.body).to have_content("Email has already been taken")
+      end
+    end
+
+    it "rate limits requests based off ip address" do
+      valid_password = Faker::Internet.password
+
+      5.times do
+        post user_registration_path, params: {
+          user: {
+            email: Faker::Internet.email,
+            password: valid_password,
+            password_confirmation: valid_password
+          }
+        }
+      end
+
+      post user_registration_path, params: {
+        user: {
+          email: Faker::Internet.email,
+          password: valid_password,
+          password_confirmation: valid_password
+        }
+      }
+      expect(response).to have_http_status(:too_many_requests)
+    end
+  end
+
+  describe "GET /users/edit" do
+    context "as an authenticated user" do
+      let(:authenticated_user) { create(:user) }
+
+      before do
+        sign_in(authenticated_user)
+      end
+
+      it "renders the edit user form" do
+        get edit_user_registration_path
+        expect(response).to be_successful
+      end
+    end
+
+    context "as a guest" do
+      it "redirects to the new user session path" do
+        get edit_user_registration_path
+        expect(response).to redirect_to(new_user_session_path)
+
+        follow_redirect!
+        expect(response.body).to have_selector(".alert-alert", text: t("devise.failure.unauthenticated"))
+      end
+    end
+  end
+
+  describe "PUT /users", :cache_testing do
+    context "with update user email params" do
+      let(:original_email) { Faker::Internet.email }
+      let(:updated_email) { Faker::Internet.email }
+      let(:update_user_email_params) do
+        {
+          user: {
+            email: updated_email,
+            name: Faker::Name.name
+          }
+        }
+      end
+
+      context "as an authenticated user" do
+        let(:authenticated_user) { create(:user, email: original_email) }
+
+        before do
+          sign_in(authenticated_user)
+        end
+
+        it "redirects to the dashboard with a notice" do
+          put user_registration_path, params: update_user_email_params
+          expect(response).to redirect_to(url_for_user_dashboard)
+
+          follow_redirect!
+          expect(response.body).to have_selector(".alert-notice", text: t("devise.registrations.updated"))
+        end
+
+        it "updates the email of the user " do
+          put user_registration_path, params: update_user_email_params
+
+          authenticated_user.reload
+          expect(authenticated_user.email).to eq updated_email
+        end
+
+        it "sends an email changed notification to the previous email" do
+          expect do
+            put user_registration_path, params: update_user_email_params
+          end.to change(ActionMailer::Base.deliveries, :count).by(1)
+
+          delivery = ActionMailer::Base.deliveries.last
+          expect(delivery.to).to eq [original_email]
+          expect(delivery.subject).to eq t("devise.mailer.email_changed.subject")
+        end
+
+        it "rate limits requests based off ip address" do
+          5.times do
+            put user_registration_path, params: update_user_email_params
+          end
+
+          put user_registration_path, params: update_user_email_params
+          expect(response).to have_http_status(:too_many_requests)
+        end
+      end
+
+      context "as a guest" do
+        it "redirects to the new user session path" do
+          put user_registration_path, params: update_user_email_params
+          expect(response).to redirect_to(new_user_session_path)
+
+          follow_redirect!
+          expect(response.body).to have_selector(".alert-alert", text: t("devise.failure.unauthenticated"))
+        end
+      end
+    end
+
+    context "with update password params" do
+      let(:current_password) { Faker::Internet.password }
+      let(:updated_password) { Faker::Internet.password }
+      let(:update_user_password_params) do
+        {
+          user: {
+            current_password: current_password,
+            password: updated_password,
+            password_confirmation: updated_password
+          }
+        }
+      end
+
+      context "as an authenticated user" do
+        let(:authenticated_user) { create(:user, password: current_password) }
+
+        before do
+          sign_in(authenticated_user)
+        end
+
+        it "redirects to the dashboard with a notice" do
+          put user_registration_path, params: update_user_password_params
+          expect(response).to redirect_to(url_for_user_dashboard)
+
+          follow_redirect!
+          expect(response.body).to have_selector(".alert-notice", text: t("devise.registrations.updated"))
+        end
+
+        it "updates the password of the user" do
+          put user_registration_path, params: update_user_password_params
+
+          authenticated_user.reload
+          expect(authenticated_user.valid_password?(updated_password)).to be(true)
+        end
+
+        it "sends a password changed notification to the previous email" do
+          expect do
+            put user_registration_path, params: update_user_password_params
+          end.to change(ActionMailer::Base.deliveries, :count).by(1)
+
+          delivery = ActionMailer::Base.deliveries.last
+          expect(delivery.to).to eq [authenticated_user.email]
+          expect(delivery.subject).to eq t("devise.mailer.password_change.subject")
+        end
+      end
+    end
+
+    context "with incorrect current password password params" do
+      let(:updated_password) { Faker::Internet.password }
+      let(:invalid_current_password_params) do
+        {
+          user: {
+            current_password: Faker::Internet.password,
+            password: updated_password,
+            password_confirmation: updated_password
+          }
+        }
+      end
+
+      context "as an authenticated user" do
+        let(:authenticated_user) { create(:user) }
+
+        before do
+          sign_in(authenticated_user)
+        end
+
+        it "renders the form with an error" do
+          put user_registration_path, params: invalid_current_password_params
+          expect(response).to be_successful
+
+          expect(response.body).to have_content("Current password is invalid")
+        end
+      end
+    end
+
+    context "with incorrect password confirmation params" do
+      let(:current_password) { Faker::Internet.password }
+      let(:invalid_password_confirmation_params) do
+        {
+          user: {
+            current_password: current_password,
+            password: Faker::Internet.password,
+            password_confirmation: Faker::Internet.password
+          }
+        }
+      end
+
+      context "as an authenticated user" do
+        let(:authenticated_user) { create(:user, password: current_password) }
+
+        before do
+          sign_in(authenticated_user)
+        end
+
+        it "renders the form with an error" do
+          put user_registration_path, params: invalid_password_confirmation_params
+          expect(response).to be_successful
+
+          expect(response.body).to have_content("Password confirmation doesn't match Password")
+        end
+      end
+    end
+
+    context "with no password confirmation param" do
+      let(:current_password) { Faker::Internet.password }
+      let(:no_password_confirmation_params) do
+        {
+          user: {
+            current_password: current_password,
+            password: Faker::Internet.password
+          }
+        }
+      end
+
+      context "as an authenticated user" do
+        let(:authenticated_user) { create(:user, password: current_password) }
+
+        before do
+          sign_in(authenticated_user)
+        end
+
+        it "renders the form with an error" do
+          put user_registration_path, params: no_password_confirmation_params
+          expect(response).to be_successful
+
+          expect(response.body).to have_content("Password confirmation doesn't match Password")
+        end
+      end
+    end
+
+    context "with update user details params" do
+      let(:existing_email) { Faker::Internet.email }
+      let(:updated_name) { Faker::Name.name }
+      let(:update_user_details_params) do
+        {
+          user: {
+            email: existing_email,
+            name: updated_name
+          }
+        }
+      end
+
+      context "as an authenticated user" do
+        let(:authenticated_user) { create(:user, email: existing_email) }
+
+        before do
+          sign_in(authenticated_user)
+        end
+
+        it "redirects to the dashboard with a notice" do
+          put user_registration_path, params: update_user_details_params
+          expect(response).to redirect_to(url_for_user_dashboard)
+
+          follow_redirect!
+          expect(response.body).to have_selector(".alert-notice", text: t("devise.registrations.updated"))
+        end
+
+        it "updates the personal details of the user " do
+          put user_registration_path, params: update_user_details_params
+
+          authenticated_user.reload
+          expect(authenticated_user.email).to eq existing_email
+          expect(authenticated_user.name).to eq updated_name
+        end
+
+        it "does not send any emails" do
+          expect do
+            put user_registration_path, params: update_user_details_params
+          end.not_to change(ActionMailer::Base.deliveries, :count)
+        end
+      end
+    end
+  end
+
+  describe "DELETE /users" do
+    context "with an authenticated user" do
+      let(:authenticated_user) { create(:user) }
+
+      before do
+        sign_in(authenticated_user)
+      end
+
+      it "redirects to the registration page with a notice" do
+        delete user_registration_path
+        expect(response).to redirect_to(new_user_registration_path)
+
+        follow_redirect!
+        expect(response.body).to have_selector(".alert-notice", text: t("devise.registrations.destroyed"))
+      end
+
+      it "soft deletes the User" do
+        expect do
+          delete user_registration_path
+        end.not_to change(User, :count)
+
+        authenticated_user.reload
+        expect(authenticated_user).to be_deleted_at
+        expect(authenticated_user).not_to be_active_for_authentication
+      end
+    end
+  end
+
+  context "with an authenticated admin" do
+    let(:authenticated_admin) { create(:user, :admin) }
+
+    before do
+      sign_in(authenticated_admin)
+    end
+
+    it "redirects to the dashboard page with an error" do
+      delete user_registration_path
+      expect(response).to redirect_to(url_for_user_dashboard)
+
+      follow_redirect!
+      expect(response.body).to have_selector(".alert-error", text: t("pundit.user_policy.destroy?", default: t("pundit.default")))
+    end
+
+    it "does not soft delete the user" do
+      expect do
+        delete user_registration_path
+      end.not_to change(User, :count)
+
+      authenticated_admin.reload
+      expect(authenticated_admin).to be_active_for_authentication
+      expect(authenticated_admin).not_to be_deleted_at
+    end
+  end
+end