saucy 0.2.18 → 0.2.20

data/app/controllers/invitations_controller.rb

@@ -22,17 +22,17 @@ class InvitationsController < ApplicationController
   end
 
   def show
-    @invitation = Invitation.find(params[:id])
-    render
+    with_invitation { render }
   end
 
   def update
-    @invitation = Invitation.find(params[:id])
-    if @invitation.accept(params[:invitation])
-      sign_in @invitation.user
-      redirect_to root_url
-    else
-      render :action => 'show'
+    with_invitation do
+      if @invitation.accept(params[:invitation])
+        sign_in @invitation.user
+        redirect_to root_url
+      else
+        render :action => 'show'
+      end
     end
   end
 
@@ -41,4 +41,15 @@ class InvitationsController < ApplicationController
   def assign_projects
     @projects = current_account.projects_by_name
   end
+
+  def with_invitation
+    @invitation = Invitation.find_by_code!(params[:id])
+    if @invitation.used?
+      flash[:error] = t("invitations.show.used",
+                        :default => "That invitation has already been used.")
+      redirect_to root_url
+    else
+      yield
+    end
+  end
 end

data/app/models/invitation.rb

@@ -4,13 +4,14 @@ class Invitation < ActiveRecord::Base
   validates_presence_of :email
   has_and_belongs_to_many :projects
 
+  before_create :generate_code
   after_create :deliver_invitation
 
   attr_accessor :new_user_name, :new_user_password,
     :new_user_password_confirmation, :existing_user_password
   attr_writer :new_user_email, :existing_user_email
   attr_reader :user
-  attr_protected :account_id
+  attr_protected :account_id, :used
 
   validate :validate_accepting_user, :on => :update
 
@@ -20,12 +21,16 @@ class Invitation < ActiveRecord::Base
 
   def accept(attributes)
     self.attributes = attributes
+    self.used = true
     @user = existing_user || new_user
     if valid?
-      @user.save!
-      @user.memberships.create!(:account  => account,
-                                :admin    => admin,
-                                :projects => projects)
+      transaction do
+        save!
+        @user.save!
+        @user.memberships.create!(:account  => account,
+                                  :admin    => admin,
+                                  :projects => projects)
+      end
     end
   end
 
@@ -37,6 +42,10 @@ class Invitation < ActiveRecord::Base
     @existing_user_email ||= email
   end
 
+  def to_param
+    code
+  end
+
   private
 
   def deliver_invitation
@@ -84,4 +93,8 @@ class Invitation < ActiveRecord::Base
       errors.add(:existing_user_password, "is incorrect")
     end
   end
+
+  def generate_code
+    self.code = SecureRandom.hex(8)
+  end
 end

data/lib/generators/saucy/install/templates/create_saucy_tables.rb

@@ -29,6 +29,8 @@ class CreateSaucyTables < ActiveRecord::Migration
       table.string   :email
       table.integer  :account_id
       table.boolean  :admin
+      table.string   :code
+      table.boolean  :used
       table.datetime :created_at
       table.datetime :updated_at
     end

data/spec/controllers/invitations_controller_spec.rb

@@ -101,11 +101,11 @@ describe InvitationsController, "invalid create", :as => :account_admin do
 end
 
 describe InvitationsController, "show" do
-  let(:invitation) { Factory.stub(:invitation) }
+  let(:invitation) { Factory.stub(:invitation, :code => 'abc') }
   let(:account)    { invitation.account }
 
   before do
-    Invitation.stubs(:find => invitation)
+    Invitation.stubs(:find_by_code! => invitation)
     get :show, :id => invitation.to_param, :account_id => account.to_param
   end
 
@@ -115,19 +115,37 @@ describe InvitationsController, "show" do
   end
 
   it "assigns the invitation" do
-    Invitation.should have_received(:find).with(invitation.to_param)
+    Invitation.should have_received(:find_by_code!).with(invitation.to_param)
     should assign_to(:invitation).with(invitation)
   end
 end
 
+describe InvitationsController, "show for a used invitation" do
+  let(:invitation) { Factory.stub(:invitation, :code => 'abc', :used => true) }
+  let(:account)    { invitation.account }
+
+  before do
+    Invitation.stubs(:find_by_code! => invitation)
+    get :show, :id => invitation.to_param, :account_id => account.to_param
+  end
+
+  it "redirects to the root url" do
+    should redirect_to("/")
+  end
+
+  it "sets a flash message" do
+    should set_the_flash.to(/used/i)
+  end
+end
+
 describe InvitationsController, "valid update" do
-  let(:invitation) { Factory.stub(:invitation) }
+  let(:invitation) { Factory.stub(:invitation, :code => 'abc') }
   let(:account)    { invitation.account }
   let(:attributes) { 'attributes' }
   let(:user)       { Factory.stub(:user) }
 
   before do
-    Invitation.stubs(:find => invitation)
+    Invitation.stubs(:find_by_code! => invitation)
     invitation.stubs(:accept => true)
     invitation.stubs(:user   => user)
     put :update, :id         => invitation.to_param,
@@ -140,7 +158,7 @@ describe InvitationsController, "valid update" do
   end
 
   it "accepts the invitation" do
-    Invitation.should have_received(:find).with(invitation.to_param)
+    Invitation.should have_received(:find_by_code!).with(invitation.to_param)
     invitation.should have_received(:accept).with(attributes)
   end
 
@@ -150,11 +168,11 @@ describe InvitationsController, "valid update" do
 end
 
 describe InvitationsController, "invalid update" do
-  let(:invitation) { Factory.stub(:invitation) }
+  let(:invitation) { Factory.stub(:invitation, :code => 'abc') }
   let(:account) { invitation.account }
 
   before do
-    Invitation.stubs(:find => invitation)
+    Invitation.stubs(:find_by_code! => invitation)
     invitation.stubs(:accept => false)
     put :update, :id         => invitation.to_param,
                  :account_id => account.to_param,
@@ -174,3 +192,22 @@ describe InvitationsController, "invalid update" do
     should assign_to(:invitation).with(invitation)
   end
 end
+
+describe InvitationsController, "update for a used invitation" do
+  let(:invitation) { Factory.stub(:invitation, :code => 'abc', :used => true) }
+  let(:account)    { invitation.account }
+
+  before do
+    Invitation.stubs(:find_by_code! => invitation)
+    put :update, :id => invitation.to_param, :account_id => account.to_param
+  end
+
+  it "redirects to the root url" do
+    should redirect_to("/")
+  end
+
+  it "sets a flash message" do
+    should set_the_flash.to(/used/i)
+  end
+end
+

data/spec/models/invitation_spec.rb

@@ -7,6 +7,7 @@ describe Invitation do
   it { should have_and_belong_to_many(:projects) }
 
   it { should_not allow_mass_assignment_of(:account_id) }
+  it { should_not allow_mass_assignment_of(:used) }
 
   %w(new_user_name new_user_email new_user_password
      new_user_password_confirmation existing_user_password).each do |attribute|
@@ -19,9 +20,15 @@ end
 
 describe Invitation, "saved" do
   let(:mail)    { stub('invitation', :deliver => true) }
-  before        { InvitationMailer.stubs(:invitation => mail) }
   subject       { Factory(:invitation) }
   let(:email)   { subject.email }
+  let(:code)    { 'abchex123' }
+
+  before do
+    SecureRandom.stubs(:hex => code)
+    InvitationMailer.stubs(:invitation => mail)
+    subject
+  end
 
   it "sends an invitation email" do
     InvitationMailer.should have_received(:invitation).with(subject)
@@ -39,6 +46,15 @@ describe Invitation, "saved" do
   it "defauls existing user email to invited email" do
     subject.existing_user_email.should == subject.email
   end
+
+  it "generates a code" do
+    SecureRandom.should have_received(:hex).with(8)
+    subject.code.should == code
+  end
+
+  it "uses the code in the url" do
+    subject.to_param.should == code
+  end
 end
 
 describe Invitation, "valid accept for a new user" do
@@ -75,6 +91,10 @@ describe Invitation, "valid accept for a new user" do
       user.should be_member_of(project)
     end
   end
+
+  it "marks the invitation as used" do
+    subject.reload.should be_used
+  end
 end
 
 describe Invitation, "invalid accept for a new user" do
@@ -94,6 +114,10 @@ describe Invitation, "invalid accept for a new user" do
   it "adds error messages" do
     subject.errors[:new_user_password].should be_present
   end
+
+  it "doesn't mark the invitation as used" do
+    subject.reload.should_not be_used
+  end
 end
 
 describe Invitation, "valid accept for an existing user" do
@@ -115,6 +139,10 @@ describe Invitation, "valid accept for an existing user" do
   it "adds the user to the account" do
     account.users.should include(user)
   end
+
+  it "marks the invitation as used" do
+    subject.reload.should be_used
+  end
 end
 
 describe Invitation, "accepting with an invalid password" do
@@ -136,6 +164,108 @@ describe Invitation, "accepting with an invalid password" do
   end
 end
 
+describe Invitation, "saved" do
+  let(:mail)    { stub('invitation', :deliver => true) }
+  subject       { Factory(:invitation) }
+  let(:email)   { subject.email }
+  let(:code)    { 'abchex123' }
+
+  before do
+    SecureRandom.stubs(:hex => code)
+    InvitationMailer.stubs(:invitation => mail)
+    subject
+  end
+
+  it "sends an invitation email" do
+    InvitationMailer.should have_received(:invitation).with(subject)
+    mail.should have_received(:deliver)
+  end
+
+  it "delegates account name" do
+    subject.account_name.should == subject.account.name
+  end
+
+  it "defauls new user email to invited email" do
+    subject.new_user_email.should == subject.email
+  end
+
+  it "defauls existing user email to invited email" do
+    subject.existing_user_email.should == subject.email
+  end
+
+  it "generates a code" do
+    SecureRandom.should have_received(:hex).with(8)
+    subject.code.should == code
+  end
+
+  it "uses the code in the url" do
+    subject.to_param.should == code
+  end
+end
+
+describe Invitation, "valid accept for a new user" do
+  let(:account)  { Factory(:account) }
+  let(:projects) { [Factory(:project, :account => account)] }
+  let(:password) { 'secret' }
+  let(:name)     { 'Rocket' }
+  subject { Factory(:invitation, :account => account, :projects => projects) }
+
+  let!(:result) do
+    subject.accept(:new_user_password              => password,
+                   :new_user_password_confirmation => password,
+                   :new_user_name                  => name)
+  end
+
+  let(:user) { subject.user }
+
+  it "returns true" do
+    result.should be_true
+  end
+
+  it "creates a saved, confirmed user" do
+    user.should_not be_nil
+    user.should be_persisted
+    user.name.should == name
+  end
+
+  it "adds the user to the account" do
+    account.users.should include(user)
+  end
+
+  it "adds the user to each of the invitation's projects" do
+    projects.each do |project|
+      user.should be_member_of(project)
+    end
+  end
+
+  it "marks the invitation as used" do
+    subject.reload.should be_used
+  end
+end
+
+describe Invitation, "invalid accept for a new user" do
+  subject { Factory(:invitation) }
+  let!(:result) { subject.accept({}) }
+  let(:user) { subject.user }
+  let(:account) { subject.account }
+
+  it "returns false" do
+    result.should be_false
+  end
+
+  it "doesn't create a user" do
+    user.should be_new_record
+  end
+
+  it "adds error messages" do
+    subject.errors[:new_user_password].should be_present
+  end
+
+  it "doesn't mark the invitation as used" do
+    subject.reload.should_not be_used
+  end
+end
+
 describe Invitation, "accepting with an unknown email" do
   subject       { Factory(:invitation, :email => 'unknown') }
   let(:account) { subject.account }

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: saucy
 version: !ruby/object:Gem::Version 
-  hash: 51
+  hash: 63
   prerelease: false
   segments: 
   - 0
   - 2
-  - 18
-  version: 0.2.18
+  - 20
+  version: 0.2.20
 platform: ruby
 authors: 
 - thoughtbot, inc.
@@ -17,13 +17,14 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-02-09 00:00:00 -05:00
+date: 2011-02-11 00:00:00 -05:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
-  name: formtastic
+  type: :runtime
   prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
+  name: formtastic
+  version_requirements: &id001 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -33,12 +34,12 @@ dependencies:
         - 1
         - 2
         version: "1.2"
-  type: :runtime
-  version_requirements: *id001
+  requirement: *id001
 - !ruby/object:Gem::Dependency 
-  name: railties
+  type: :runtime
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
+  name: railties
+  version_requirements: &id002 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -49,12 +50,12 @@ dependencies:
         - 0
         - 3
         version: 3.0.3
-  type: :runtime
-  version_requirements: *id002
+  requirement: *id002
 - !ruby/object:Gem::Dependency 
-  name: braintree
+  type: :runtime
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement 
+  name: braintree
+  version_requirements: &id003 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -65,12 +66,12 @@ dependencies:
         - 6
         - 2
         version: 2.6.2
-  type: :runtime
-  version_requirements: *id003
+  requirement: *id003
 - !ruby/object:Gem::Dependency 
-  name: sham_rack
+  type: :runtime
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement 
+  name: sham_rack
+  version_requirements: &id004 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - "="
@@ -81,12 +82,12 @@ dependencies:
         - 3
         - 3
         version: 1.3.3
-  type: :runtime
-  version_requirements: *id004
+  requirement: *id004
 - !ruby/object:Gem::Dependency 
-  name: sinatra
+  type: :runtime
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement 
+  name: sinatra
+  version_requirements: &id005 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - "="
@@ -97,12 +98,12 @@ dependencies:
         - 1
         - 2
         version: 1.1.2
-  type: :runtime
-  version_requirements: *id005
+  requirement: *id005
 - !ruby/object:Gem::Dependency 
-  name: aruba
+  type: :development
   prerelease: false
-  requirement: &id006 !ruby/object:Gem::Requirement 
+  name: aruba
+  version_requirements: &id006 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - "="
@@ -113,8 +114,7 @@ dependencies:
         - 2
         - 6
         version: 0.2.6
-  type: :development
-  version_requirements: *id006
+  requirement: *id006
 description: Clearance-based Rails engine for Software as a Service (Saas) that provides account and project management
 email: support@thoughtbot.com
 executables: []