rodauth 1.22.0 → 1.23.0

data/spec/change_password_notify_spec.rb

@@ -1,33 +0,0 @@
-require File.expand_path("spec_helper", File.dirname(__FILE__))
-
-describe 'Rodauth change_password_notify feature' do
-  it "should email when using change password" do
-    rodauth do
-      enable :login, :logout, :change_password_notify
-      change_password_requires_password? false
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>""}
-    end
-
-    login
-    page.current_path.must_equal '/'
-
-    visit '/change-password'
-    fill_in 'New Password', :with=>'0123456'
-    fill_in 'Confirm Password', :with=>'0123456'
-    click_button 'Change Password'
-    page.find('#notice_flash').text.must_equal "Your password has been changed"
-
-    page.current_path.must_equal '/'
-    msgs = Mail::TestMailer.deliveries
-    msgs.length.must_equal 1
-    msgs.first.to.first.must_equal 'foo@example.com'
-    msgs.first.body.to_s.must_equal <<EMAIL
-Someone (hopefully you) has changed the password for the account
-associated to this email address.
-EMAIL
-    msgs.clear
-  end
-end

data/spec/change_password_spec.rb

@@ -1,202 +0,0 @@
-require File.expand_path("spec_helper", File.dirname(__FILE__))
-
-describe 'Rodauth change_password feature' do
-  [false, true].each do |ph|
-    it "should support changing passwords for accounts #{'with account_password_hash_column' if ph}" do
-      require_password = true
-      rodauth do
-        enable :login, :logout, :change_password
-        account_password_hash_column :ph if ph
-        change_password_requires_password?{require_password}
-      end
-      roda do |r|
-        r.rodauth
-        r.root{view :content=>""}
-      end
-
-      login
-      page.current_path.must_equal '/'
-
-      visit '/change-password'
-      page.title.must_equal 'Change Password'
-
-      fill_in 'Password', :with=>'0123456789'
-      fill_in 'New Password', :with=>'0123456'
-      fill_in 'Confirm Password', :with=>'0123456789'
-      click_button 'Change Password'
-      page.html.must_include("passwords do not match")
-      page.find('#error_flash').text.must_equal "There was an error changing your password"
-      page.current_path.must_equal '/change-password'
-
-      fill_in 'Password', :with=>'0123456'
-      fill_in 'New Password', :with=>'0123456'
-      fill_in 'Confirm Password', :with=>'0123456'
-      click_button 'Change Password'
-      page.find('#error_flash').text.must_equal "There was an error changing your password"
-      page.body.must_include 'invalid password'
-      page.current_path.must_equal '/change-password'
-
-      fill_in 'Password', :with=>'0123456789'
-      fill_in 'New Password', :with=>'0123456789'
-      fill_in 'Confirm Password', :with=>'0123456789'
-      click_button 'Change Password'
-      page.find('#error_flash').text.must_equal "There was an error changing your password"
-      page.body.must_include 'invalid password, same as current password'
-      page.current_path.must_equal '/change-password'
-
-      fill_in 'Password', :with=>'0123456789'
-      fill_in 'New Password', :with=>'0123456'
-      fill_in 'Confirm Password', :with=>'0123456'
-      click_button 'Change Password'
-      page.find('#notice_flash').text.must_equal "Your password has been changed"
-      page.current_path.must_equal '/'
-
-      logout
-      login
-      page.html.must_include("invalid password")
-      page.current_path.must_equal '/login'
-
-      fill_in 'Password', :with=>'0123456'
-      click_button 'Login'
-      page.current_path.must_equal '/'
-
-      require_password = false
-      visit '/change-password'
-      fill_in 'New Password', :with=>'012345678'
-      fill_in 'Confirm Password', :with=>'012345678'
-      click_button 'Change Password'
-      page.find('#notice_flash').text.must_equal "Your password has been changed"
-      page.current_path.must_equal '/'
-
-      login(:pass=>'012345678')
-      page.current_path.must_equal '/'
-    end
-  end
-
-  it "should support changing passwords for accounts without confirmation" do
-    rodauth do
-      enable :login, :change_password
-      modifications_require_password? false
-      require_password_confirmation? false
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>""}
-    end
-
-    login
-    visit '/change-password'
-    fill_in 'New Password', :with=>'012345678'
-    click_button 'Change Password'
-    page.find('#notice_flash').text.must_equal "Your password has been changed"
-  end
-
-  it "should support invalid_previous_password_message" do
-    rodauth do
-      enable :login, :logout, :change_password
-      invalid_previous_password_message "Previous password not correct"
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>""}
-    end
-
-    login
-    page.current_path.must_equal '/'
-
-    visit '/change-password'
-    page.title.must_equal 'Change Password'
-
-    fill_in 'Password', :with=>'0123456'
-    fill_in 'New Password', :with=>'0123456'
-    fill_in 'Confirm Password', :with=>'0123456'
-    click_button 'Change Password'
-    page.find('#error_flash').text.must_equal "There was an error changing your password"
-    page.body.must_include 'Previous password not correct'
-    page.current_path.must_equal '/change-password'
-  end
-
-  it "should support setting requirements for passwords" do
-    rodauth do
-      enable :login, :create_account, :change_password
-      create_account_autologin? false
-      password_meets_requirements? do |password|
-        password =~ /banana/
-      end
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>""}
-    end
-
-    visit '/create-account'
-    fill_in 'Login', :with=>'foo2@example.com'
-    fill_in 'Confirm Login', :with=>'foo2@example.com'
-    fill_in 'Password', :with=>'apple'
-    fill_in 'Confirm Password', :with=>'apple'
-    click_button 'Create Account'
-    page.html.must_include("invalid password, does not meet requirements")
-    page.find('#error_flash').text.must_equal "There was an error creating your account"
-    page.current_path.must_equal '/create-account'
-
-    fill_in 'Password', :with=>'banana'
-    fill_in 'Confirm Password', :with=>'banana'
-    click_button 'Create Account'
-
-    login(:login=>'foo2@example.com', :pass=>'banana')
-
-    visit '/change-password'
-    fill_in 'Password', :with=>'banana'
-    fill_in 'New Password', :with=>'apple'
-    fill_in 'Confirm Password', :with=>'apple'
-    click_button 'Change Password'
-    page.html.must_include("invalid password, does not meet requirements")
-    page.find('#error_flash').text.must_equal "There was an error changing your password"
-    page.current_path.must_equal '/change-password'
-
-    fill_in 'Password', :with=>'banana'
-    fill_in 'New Password', :with=>'my_banana_3'
-    fill_in 'Confirm Password', :with=>'my_banana_3'
-    click_button 'Change Password'
-    page.current_path.must_equal '/'
-  end
-
-  it "should support changing passwords for accounts via jwt" do
-    require_password = true
-    rodauth do
-      enable :login, :logout, :change_password
-      change_password_requires_password?{require_password}
-    end
-    roda(:jwt) do |r|
-      r.rodauth
-    end
-
-    json_login
-
-    res = json_request('/change-password', :password=>'0123456789', "new-password"=>'0123456', "password-confirm"=>'0123456789')
-    res.must_equal [422, {'error'=>"There was an error changing your password", "field-error"=>["new-password", "passwords do not match"]}]
-
-    res = json_request('/change-password', :password=>'0123456', "new-password"=>'0123456', "password-confirm"=>'0123456')
-    res.must_equal [401, {'error'=>"There was an error changing your password", "field-error"=>["password", "invalid password"]}]
-
-    res = json_request('/change-password', :password=>'0123456789', "new-password"=>'0123456789', "password-confirm"=>'0123456789')
-    res.must_equal [422, {'error'=>"There was an error changing your password", "field-error"=>["new-password", "invalid password, same as current password"]}]
-
-    res = json_request('/change-password', :password=>'0123456789', "new-password"=>'0123456', "password-confirm"=>'0123456')
-    res.must_equal [200, {'success'=>"Your password has been changed"}]
-
-    json_logout
-    res = json_login(:no_check=>true)
-    res.must_equal [401, {'error'=>"There was an error logging in", "field-error"=>["password", "invalid password"]}]
-
-    json_login(:pass=>'0123456')
-
-    require_password = false
-
-    res = json_request('/change-password', "new-password"=>'012345678', "password-confirm"=>'012345678')
-    res.must_equal [200, {'success'=>"Your password has been changed"}]
-
-    json_logout
-    json_login(:pass=>'012345678')
-  end
-end

data/spec/close_account_spec.rb

@@ -1,162 +0,0 @@
-require File.expand_path("spec_helper", File.dirname(__FILE__))
-
-describe 'Rodauth close_account feature' do
-  it "should support closing accounts when passwords are not required" do
-    rodauth do
-      enable :login, :close_account
-      close_account_requires_password? false
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view(:content=>"")}
-    end
-
-    login
-    page.current_path.must_equal '/'
-
-    visit '/close-account'
-    click_button 'Close Account'
-    page.current_path.must_equal '/'
-
-    DB[:accounts].select_map(:status_id).must_equal [3]
-  end
-
-  it "should update account information when closing accounts" do
-    statuses = nil
-    rodauth do
-      enable :login, :close_account
-      close_account_requires_password? false
-      after_close_account{statuses = [account[:status_id], account_ds.get(:status_id)]}
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view(:content=>"")}
-    end
-
-    login
-    visit '/close-account'
-    click_button 'Close Account'
-    statuses[0].must_equal 3
-    statuses[1].must_equal 3
-  end
-
-  it "should delete accounts when skip_status_checks? is true" do
-    rodauth do
-      enable :login, :close_account
-      close_account_requires_password? false
-      skip_status_checks? true
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view(:content=>"")}
-    end
-
-    login
-    page.current_path.must_equal '/'
-
-    visit '/close-account'
-    click_button 'Close Account'
-    page.current_path.must_equal '/'
-
-    DB[:accounts].count.must_equal 0
-  end
-
-  it "should support closing accounts when passwords are required" do
-    rodauth do
-      enable :login, :close_account
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view(:content=>"")}
-    end
-
-    login
-    page.current_path.must_equal '/'
-
-    visit '/close-account'
-    fill_in 'Password', :with=>'012345678'
-    click_button 'Close Account'
-    page.find('#error_flash').text.must_equal "There was an error closing your account"
-    page.html.must_include("invalid password")
-    DB[:accounts].select_map(:status_id).must_equal [2]
-
-    fill_in 'Password', :with=>'0123456789'
-    click_button 'Close Account'
-    page.find('#notice_flash').text.must_equal "Your account has been closed"
-    page.current_path.must_equal '/'
-
-    DB[:accounts].select_map(:status_id).must_equal [3]
-  end
-
-  it "should support closing accounts with overrides" do
-    rodauth do
-      enable :login, :close_account
-      close_account do
-        account_ds.update(:email => 'foo@bar.com', :status_id=>3)
-      end
-      close_account_route 'close'
-      close_account_redirect '/login'
-    end
-    roda do |r|
-      r.rodauth
-      r.root{""}
-    end
-
-    login
-    page.current_path.must_equal '/'
-
-    visit '/close'
-    page.title.must_equal 'Close Account'
-    fill_in 'Password', :with=>'0123456789'
-    click_button 'Close Account'
-    page.find('#notice_flash').text.must_equal "Your account has been closed"
-    page.current_path.must_equal '/login'
-
-    DB[:accounts].select_map(:status_id).must_equal [3]
-    DB[:accounts].select_map(:email).must_equal ['foo@bar.com']
-  end
-
-  it "should close accounts when account_password_hash_column is set" do
-    rodauth do
-      enable :create_account, :close_account
-      close_account_requires_password? false
-      account_password_hash_column :ph
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view(:content=>"")}
-    end
-
-    visit '/create-account'
-    fill_in 'Login', :with=>'foo2@example.com'
-    fill_in 'Confirm Login', :with=>'foo2@example.com'
-    fill_in 'Password', :with=>'apple2'
-    fill_in 'Confirm Password', :with=>'apple2'
-    click_button 'Create Account'
-
-    visit '/close-account'
-    click_button 'Close Account'
-    page.current_path.must_equal '/'
-
-    DB[:accounts].reverse(:id).get(:status_id).must_equal 3
-  end
-
-  it "should support closing accounts via jwt" do
-    rodauth do
-      enable :login, :close_account
-    end
-    roda(:jwt) do |r|
-      r.rodauth
-    end
-
-    json_login
-
-    res = json_request('/close-account', :password=>'0123456')
-    res.must_equal [401, {'error'=>"There was an error closing your account", "field-error"=>["password", "invalid password"]}]
-    DB[:accounts].select_map(:status_id).must_equal [2]
-
-    res = json_request('/close-account', :password=>'0123456789')
-    res.must_equal [200, {'success'=>"Your account has been closed"}]
-    DB[:accounts].select_map(:status_id).must_equal [3]
-  end
-end

data/spec/confirm_password_spec.rb

@@ -1,70 +0,0 @@
-require File.expand_path("spec_helper", File.dirname(__FILE__))
-
-describe 'Rodauth confirm password feature' do
-  it "should support confirming passwords" do
-    rodauth do
-      enable :login, :change_login, :confirm_password, :password_grace_period
-      before_change_login_route do
-        unless password_recently_entered?
-          session[:confirm_password_redirect] = request.path_info
-          redirect '/confirm-password'
-        end
-      end
-    end
-    roda do |r|
-      r.rodauth
-      r.get("reset"){session[:last_password_entry] = Time.now.to_i - 400; "a"}
-      view :content=>""
-    end
-
-    login
-
-    visit '/change-login'
-    page.title.must_equal 'Change Login'
-
-    visit '/reset'
-    page.body.must_equal 'a'
-
-    visit '/change-login'
-    page.title.must_equal 'Confirm Password'
-    fill_in 'Password', :with=>'012345678'
-    click_button 'Confirm Password'
-    page.find('#error_flash').text.must_equal "There was an error confirming your password"
-    page.html.must_include("invalid password")
-
-    fill_in 'Password', :with=>'0123456789'
-    click_button 'Confirm Password'
-    page.find('#notice_flash').text.must_equal "Your password has been confirmed"
-
-    fill_in 'Login', :with=>'foo3@example.com'
-    fill_in 'Confirm Login', :with=>'foo3@example.com'
-    click_button 'Change Login'
-    page.find('#notice_flash').text.must_equal "Your login has been changed"
-  end
-
-  it "should support confirming passwords via jwt" do
-    rodauth do
-      enable :login, :change_password, :confirm_password, :password_grace_period
-    end
-    roda(:jwt) do |r|
-      r.rodauth
-      r.post("reset"){rodauth.send(:set_session_value, :last_password_entry, Time.now.to_i - 400); [1]}
-    end
-
-    json_login
-
-    res = json_request('/change-password', "new-password"=>'0123456', "password-confirm"=>'0123456')
-    res.must_equal [200, {'success'=>"Your password has been changed"}]
-
-    json_request('/reset').must_equal [200, [1]]
-
-    res = json_request('/change-password', "new-password"=>'01234567', "password-confirm"=>'01234567')
-    res.must_equal [401, {"field-error"=>["password", "invalid password"], "error"=>"There was an error changing your password"}]
-
-    res = json_request('/confirm-password', "password"=>'0123456')
-    res.must_equal [200, {'success'=>"Your password has been confirmed"}]
-
-    res = json_request('/change-password', "new-password"=>'01234567', "password-confirm"=>'01234567')
-    res.must_equal [200, {'success'=>"Your password has been changed"}]
-  end
-end