thoughtbot-clearance 0.1.6 → 0.1.8

data/README.textile

@@ -29,7 +29,7 @@ Then:
 
 h2. Tests
 
-The tests use "Shoulda":http://thoughtbot.com/projects/shoulda and "Factory Girl":http://thoughtbot.com/projects/factory_girl. You should create a User Factory:
+The tests use "Shoulda":http://thoughtbot.com/projects/shoulda >= 2.0.4 and "Factory Girl":http://thoughtbot.com/projects/factory_girl. You should create a User Factory:
 
     Factory.sequence :email do |n|
       "user#{n}@example.com"
@@ -67,6 +67,12 @@ In test/functional/users_controller_test.rb:
       include Clearance::UsersControllerTest
     end
 
+In test/functional/passwords_controller_test.rb: 
+
+    class PasswordsControllerTest < ActionController::TestCase
+      include Clearance::PasswordsControllerTest
+    end
+
 h2. Schema
 
 Change your User model so it has these attributes:
@@ -90,6 +96,23 @@ In app/models/user.rb:
       include Clearance::Model
     end
 
+h2. Mailer
+
+In app/models/mailer.rb:
+
+    class Mailer < ActionMailer::Base
+
+		  default_url_options[:host] = HOST
+
+		  def change_password(user)
+		    from       "donotreply@example.com"
+		    recipients user.email
+		    subject    "[YOUR APP] Request to change your password"
+		    body       :user => user
+		  end
+
+		end
+
 h2. Controllers
 
 In app/controllers/application_controller.rb:
@@ -106,11 +129,11 @@ In app/controllers/sessions_controller.rb:
       include Clearance::SessionsController
 
       private
-      
+
       def url_after_create
         root_url # the default
       end
-      
+
       def url_after_destroy
         login_url # the default
       end
@@ -120,18 +143,24 @@ In app/controllers/users_controller.rb:
 
     class UsersController < ApplicationController
       include Clearance::UsersController
-    
+
       private
-      
+
       def url_after_create
         root_url # the default
       end
-      
+
       def url_after_update
         root_url # the default
       end
     end
 
+In app/controllers/passwords_controller.rb:
+
+    class PasswordsController < ApplicationController
+      include Clearance::PasswordsController
+    end
+
 h2. Routes
 
     map.with_options :controller => 'sessions'  do |m|
@@ -139,7 +168,7 @@ h2. Routes
       m.logout '/logout', :action => 'destroy'
     end
     map.resource :session
-    map.resources :users
+    map.resources :users, :has_one => :password
 
 h2. Views
 

data/clearance.gemspec

@@ -1,21 +1,23 @@
 Gem::Specification.new do |s|
   s.name = "clearance"
-  s.version = "0.1.6"
-  s.date = "2008-09-26"
+  s.version = "0.1.8"
+  s.date = "2008-10-09"
   s.summary = "Simple, complete Rails authentication."
   s.email = "dcroak@thoughtbot.com"
   s.homepage = "http://github.com/thoughtbot/clearance"
   s.description = "Simple, complete Rails authentication scheme."
   s.authors = ["thoughtbot, inc.", "Dan Croak", "Josh Nichols", "Mike Breen", "Mike Burns", "Jason Morrison"]
-  s.files = ["README.textile", 
-    "clearance.gemspec", 
-    "lib/clearance.rb", 
-    "lib/clearance/app/controllers/application_controller.rb", 
-    "lib/clearance/app/models/model.rb", 
-    "lib/clearance/app/controllers/sessions_controller.rb", 
-    "lib/clearance/test/functionals/sessions_controller_test.rb", 
-    "lib/clearance/test/test_helper.rb", 
-    "lib/clearance/test/units/user_test.rb", 
-    "lib/clearance/app/controllers/users_controller.rb", 
-    "lib/clearance/test/functionals/users_controller_test.rb"]
+  s.files = ["README.textile",
+    "clearance.gemspec",
+    "lib/clearance.rb",
+    "lib/clearance/app/controllers/application_controller.rb",
+    "lib/clearance/app/models/model.rb",
+    "lib/clearance/app/controllers/sessions_controller.rb",
+    "lib/clearance/test/functionals/sessions_controller_test.rb",
+    "lib/clearance/test/test_helper.rb",
+    "lib/clearance/test/units/user_test.rb",
+    "lib/clearance/app/controllers/users_controller.rb",
+    "lib/clearance/test/functionals/users_controller_test.rb",
+    "lib/clearance/app/controllers/passwords_controller.rb",
+    "lib/clearance/test/functionals/passwords_controller_test.rb"]
 end

data/lib/clearance.rb

@@ -1,8 +1,11 @@
 require 'clearance/app/controllers/application_controller'
 require 'clearance/app/controllers/sessions_controller'
 require 'clearance/app/controllers/users_controller'
+require 'clearance/app/controllers/passwords_controller'
 require 'clearance/app/models/model'
 require 'clearance/test/test_helper'
 require 'clearance/test/functionals/sessions_controller_test'
 require 'clearance/test/functionals/users_controller_test'
+require 'clearance/test/functionals/passwords_controller_test'
 require 'clearance/test/units/user_test'
+require 'clearance/test/units/user_mailer_test'

data/lib/clearance/app/controllers/application_controller.rb

@@ -29,16 +29,16 @@ module Clearance
       end
 
       def user_from_session
-        User.find_by_id session[:user_id]
+        user_model.find_by_id session[:user_id]
       end
 
       def user_from_cookie
-        user = User.find_by_remember_token(cookies[:auth_token]) if cookies[:auth_token]
+        user = user_model.find_by_remember_token(cookies[:auth_token]) if cookies[:auth_token]
         user && user.remember_token? ? user : nil
       end
 
       def login(user)
-        create_session_for user
+        create_session_for(user)
         @current_user = user
       end
 
@@ -65,6 +65,10 @@ module Clearance
         flash[:error] = flash_message if flash_message
         redirect_to opts[:redirect]
       end
+      
+      def user_model
+        User
+      end
     end
   end
 end

data/lib/clearance/app/controllers/passwords_controller.rb

@@ -0,0 +1,57 @@
+module Clearance
+  module PasswordsController
+
+    def self.included(base)
+      base.class_eval do
+        before_filter :existing_user?, :only => [:edit, :update]
+        filter_parameter_logging :password, :password_confirmation
+        include InstanceMethods
+      private
+        include PrivateInstanceMethods
+      end
+    end
+
+    module InstanceMethods
+      def new
+      end
+
+      def create
+        user = User.find_by_email params[:password][:email]
+        if user.nil?
+          flash.now[:warning] = 'Unknown email'
+          render :action => :new
+        else
+          UserMailer.deliver_change_password user
+          redirect_to login_path
+        end
+      end
+
+      def edit
+        @user = User.find_by_email_and_crypted_password(params[:email],
+                                                        params[:password])
+      end
+
+      def update
+        @user = User.find_by_email_and_crypted_password(params[:email],
+                                                        params[:password])
+        if @user.update_attributes params[:user]
+          session[:user_id] = @user.id
+          redirect_to @user
+        else
+          render :action => :edit
+        end
+      end
+    end
+
+    module PrivateInstanceMethods
+      def existing_user?
+        user = User.find_by_email_and_crypted_password(params[:email],
+                                                       params[:password])
+        if user.nil?
+          render :nothing => true, :status => :not_found
+        end
+      end
+    end
+
+  end
+end

data/lib/clearance/app/controllers/sessions_controller.rb

@@ -21,7 +21,7 @@ module Clearance
       end
 
       def destroy
-        forget current_user
+        forget(current_user)
         reset_session
         flash[:notice] = 'You have been logged out.'
         redirect_to url_after_destroy
@@ -30,7 +30,7 @@ module Clearance
 
     module ProtectedInstanceMethods
       def login_via_password(email, password, remember_me)
-        user = User.authenticate(email, password)
+        user = user_model.authenticate(email, password)
         if login(user)
           create_session_for(user)
           remember(user) if remember_me == '1'

data/lib/clearance/app/controllers/users_controller.rb

@@ -16,11 +16,11 @@ module Clearance
 
     module InstanceMethods
       def new
-        @user = User.new(params[:user])
+        @user = user_model.new(params[:user])
       end
       
       def create
-        @user = User.new params[:user]
+        @user = user_model.new params[:user]
         if @user.save
           current_user = @user
           flash[:notice] = "User created and logged in."
@@ -32,6 +32,7 @@ module Clearance
     end
 
     module PrivateInstanceMethods
+
       def url_after_create
         root_url
       end

data/lib/clearance/test/functionals/passwords_controller_test.rb

@@ -0,0 +1,188 @@
+module Clearance
+  module PasswordsControllerTest
+
+    def self.included(base)
+      base.class_eval do
+
+        should_route :get, '/users/1/password/edit', :action => 'edit', :user_id => '1'
+
+        context 'with a user' do
+          setup { @user = Factory :user }
+
+          context 'A GET to #new' do
+            setup { get :new, :user_id => @user_id }
+
+            should_respond_with :success
+            should_render_template 'new'
+          end
+
+          context 'A POST to #create' do
+            context "with an existing user's email address" do
+              setup do
+                ActionMailer::Base.deliveries.clear
+
+                post :create, :password => { :email => @user.email }
+                @email = ActionMailer::Base.deliveries[0]
+              end
+
+              should 'send an email to the user to edit their password' do
+                assert @email.subject =~ /request to change your password/i
+              end
+
+              should_redirect_to "new_session_path"
+            end
+
+            context 'with a non-existing email address' do
+              setup do
+                email = 'user1@example.com'
+                assert ! User.exists?(['email = ?', email])
+                ActionMailer::Base.deliveries.clear
+
+                post :create, :password => { :email => email }
+              end
+
+              should 'not send a password reminder email' do
+                assert ActionMailer::Base.deliveries.empty?
+              end
+
+              should 'set a :warning flash' do
+                assert_not_nil flash.now[:warning]
+              end
+
+              should_render_template "new"
+            end
+          end
+
+          context 'A GET to #edit' do
+            context "with an existing user's id and password" do
+              setup do
+                get :edit, 
+                  :user_id => @user.id, 
+                  :password => @user.crypted_password, 
+                  :email => @user.email
+              end
+
+              should 'find the user with the given id and password' do
+                assert_equal @user, assigns(:user)
+              end
+
+              should_respond_with :success
+              should_render_template "edit"
+
+              should "have a form for the user's email, password, and password confirm" do
+                update_path = ERB::Util.h(user_password_path(@user,
+                      :password => @user.crypted_password,
+                      :email    => @user.email))
+
+                assert_select 'form[action=?]', update_path do
+                  assert_select 'input[name=_method][value=?]', 'put'
+                  assert_select 'input[name=?]', 'user[password]'
+                  assert_select 'input[name=?]', 'user[password_confirmation]'
+                end
+              end
+            end
+
+            context "with an existing user's id but not password" do
+              setup do
+                get(:edit,
+                    :user_id => @user.id,
+                    :password => '')
+              end
+
+              should_respond_with :not_found
+
+              should 'render an empty response' do
+                assert @response.body.blank?
+              end
+            end
+          end
+
+          context 'A PUT to #update' do
+            context "with an existing user's id but not password" do
+              setup do
+                put(:update,
+                    :user_id => @user.id,
+                    :password => '')
+              end
+
+              should "not update the user's password" do
+                assert_not_equal @encrypted_new_password, @user.crypted_password
+              end
+
+              should 'not log the user in' do
+                assert_nil session[:user_id]
+              end
+
+              should_respond_with :not_found
+
+              should 'render an empty response' do
+                assert @response.body.blank?
+              end
+            end
+
+            context 'with a matching password and password confirmation' do
+              setup do
+                new_password = 'new_password'
+                encryption_format = "--#{@user.salt}--#{new_password}--"
+                @encrypted_new_password = Digest::SHA1.hexdigest encryption_format
+                assert_not_equal @encrypted_new_password, @user.crypted_password
+
+                put(:update,
+                    :user_id  => @user,
+                    :email    => @user.email,
+                    :password => @user.crypted_password,
+                    :user => {
+                      :password              => new_password,
+                      :password_confirmation => new_password
+                    })
+                @user.reload
+              end
+
+              should "update the user's password" do
+                assert_equal @encrypted_new_password, @user.crypted_password
+              end
+
+              should 'log the user in' do
+                assert_equal session[:user_id], @user.id
+              end
+
+              should_redirect_to "user_path(@user)"
+            end
+
+            context 'with password but blank password confirmation' do
+              setup do
+                new_password = 'new_password'
+                encryption_format = "--#{@user.salt}--#{new_password}--"
+                @encrypted_new_password = Digest::SHA1.hexdigest encryption_format
+
+                put(:update,
+                    :user_id => @user.id,
+                    :password => @user.crypted_password,
+                    :user => {
+                      :password => new_password,
+                      :password_confirmation => ''
+                    })
+                @user.reload
+              end
+
+              should "not update the user's password" do
+                assert_not_equal @encrypted_new_password, @user.crypted_password
+              end
+
+              should 'not log the user in' do
+                assert_nil session[:user_id]
+              end
+
+              should_respond_with :not_found
+
+              should 'render an empty response' do
+                assert @response.body.blank?
+              end
+            end
+          end
+        end
+      end
+    end
+
+  end
+end

data/lib/clearance/test/functionals/sessions_controller_test.rb

@@ -6,7 +6,7 @@ module Clearance
         context "Given a user" do
           setup { @user = Factory :user }
 
-          should_filter :password
+          should_filter_params :password
 
           context "on GET to /sessions/new" do
             setup { get :new }

data/lib/clearance/test/functionals/users_controller_test.rb

@@ -50,7 +50,7 @@ module Clearance
 
           should_deny_access_on "get :new"
           should_deny_access_on "post :create, :user => {}" 
-          should_filter :password
+          should_filter_params :password
 
         end
       end

data/lib/clearance/test/test_helper.rb

@@ -35,18 +35,6 @@ module Clearance
         end
       end
       
-      def should_filter(*keys)
-        keys.each do |key|
-          should "filter #{key}" do
-            assert @controller.respond_to?(:filter_parameters),
-              "The key #{key} is not filtered"
-            filtered = @controller.send(:filter_parameters, {key.to_s => key.to_s})
-            assert_equal '[FILTERED]', filtered[key.to_s],
-              "The key #{key} is not filtered"
-          end
-        end
-      end
-      
       # should_have_form :action => 'admin_users_path',
       #   :method => :get, 
       #   :fields => { 'email' => :text }

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: thoughtbot-clearance
 version: !ruby/object:Gem::Version 
-  version: 0.1.6
+  version: 0.1.8
 platform: ruby
 authors: 
 - thoughtbot, inc.
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2008-09-26 00:00:00 -07:00
+date: 2008-10-09 00:00:00 -07:00
 default_executable: 
 dependencies: []
 
@@ -38,6 +38,8 @@ files:
 - lib/clearance/test/units/user_test.rb
 - lib/clearance/app/controllers/users_controller.rb
 - lib/clearance/test/functionals/users_controller_test.rb
+- lib/clearance/app/controllers/passwords_controller.rb
+- lib/clearance/test/functionals/passwords_controller_test.rb
 has_rdoc: false
 homepage: http://github.com/thoughtbot/clearance
 post_install_message: