thoughtbot-clearance 0.3.7 → 0.3.8

data/lib/clearance/app/controllers/sessions_controller.rb

@@ -3,76 +3,69 @@ module Clearance
     module Controllers
       module SessionsController
 
-        def self.included(base)
-          base.class_eval do
+        def self.included(controller)
+          controller.class_eval do
             skip_before_filter :authenticate
             protect_from_forgery :except => :create
             filter_parameter_logging :password
         
-            include InstanceMethods
-        
-          private
-            include PrivateInstanceMethods
-          end
-        end
-    
-        module InstanceMethods
-          def create
-            @user = user_model.authenticate(params[:session][:email], params[:session][:password])
-            if @user.nil?
-              login_failure
-            else
-              if @user.confirmed?
-                remember_me = params[:session][:remember_me] if params[:session]
-                remember(@user) if remember_me == '1'
-                log_user_in(@user)
-                login_successful
+            def create
+              @user = User.authenticate(params[:session][:email], params[:session][:password])
+              if @user.nil?
+                login_failure
               else
-                mailer_model.deliver_confirmation(@user)
-                deny_access('Account not confirmed. Confirmation email sent.')
+                if @user.confirmed?
+                  remember_me = params[:session][:remember_me] if params[:session]
+                  remember(@user) if remember_me == '1'
+                  log_user_in(@user)
+                  login_successful
+                else
+                  ClearanceMailer.deliver_confirmation(@user)
+                  deny_access('Account not confirmed. Confirmation email sent.')
+                end
               end
             end
-          end
 
-          def destroy
-            forget(current_user)
-            reset_session
-            flash[:notice] = 'You have been logged out.'
-            redirect_to url_after_destroy
-          end
-        end
+            def destroy
+              forget(current_user)
+              reset_session
+              flash[:notice] = 'You have been logged out.'
+              redirect_to url_after_destroy
+            end
+        
+            private
+            
+            def login_successful
+              flash[:notice] = 'Logged in successfully'
+              redirect_back_or url_after_create
+            end
 
-        module PrivateInstanceMethods
-          def login_successful
-            flash[:notice] = 'Logged in successfully'
-            redirect_back_or url_after_create
-          end
+            def login_failure(message = "Bad email or password.")
+              flash.now[:notice] = message
+              render :action => :new
+            end
 
-          def login_failure(message = "Bad email or password.")
-            flash.now[:notice] = message
-            render :action => :new
-          end
-      
-          def remember(user)
-            user.remember_me!
-            cookies[:auth_token] = { :value   => user.remember_token, 
-                                     :expires => user.remember_token_expires_at }
-          end
+            def remember(user)
+              user.remember_me!
+              cookies[:auth_token] = { :value   => user.remember_token, 
+                                       :expires => user.remember_token_expires_at }
+            end
 
-          def forget(user)
-            user.forget_me! if user
-            cookies.delete :auth_token
-          end
+            def forget(user)
+              user.forget_me! if user
+              cookies.delete :auth_token
+            end
 
-          def url_after_create
-            root_url
-          end
+            def url_after_create
+              root_url
+            end
 
-          def url_after_destroy
-            new_session_url
+            def url_after_destroy
+              new_session_url
+            end
+            
           end
-        end
-        
+        end        
       end
     end
   end

data/lib/clearance/app/controllers/users_controller.rb

@@ -3,42 +3,34 @@ module Clearance
     module Controllers
       module UsersController
 
-        def self.included(base)
-          base.class_eval do
+        def self.included(controller)
+          controller.class_eval do
             before_filter :redirect_to_root, :only => [:new, :create], :if => :logged_in?
         
             filter_parameter_logging :password
         
-            include InstanceMethods
-        
-          private
-            include PrivateInstanceMethods
-          end
-        end
-
-        module InstanceMethods
-          def new
-            @user = user_model.new(params[:user])
-          end
-      
-          def create
-            @user = user_model.new params[:user]
-            if @user.save
-              ClearanceMailer.deliver_confirmation @user
-              flash[:notice] = "You will receive an email within the next few minutes. It contains instructions for you to confirm your account."
-              redirect_to url_after_create
-            else
-              render :action => "new"
+            def new
+              @user = User.new(params[:user])
             end
-          end
-        end
-
-        module PrivateInstanceMethods
 
-          def url_after_create
-            new_session_url
-          end
+            def create
+              @user = User.new params[:user]
+              if @user.save
+                ClearanceMailer.deliver_confirmation @user
+                flash[:notice] = "You will receive an email within the next few minutes. It contains instructions for you to confirm your account."
+                redirect_to url_after_create
+              else
+                render :action => "new"
+              end
+            end
         
+            private
+            
+            def url_after_create
+              new_session_url
+            end
+            
+          end
         end
 
       end

data/lib/clearance/app/models/clearance_mailer.rb

@@ -3,29 +3,25 @@ module Clearance
     module Models
       module ClearanceMailer
     
-        def self.included(base)
-          base.class_eval do
+        def self.included(mailer)
+          mailer.class_eval do
         
-            include InstanceMethods
+            def change_password(user)
+              from       DO_NOT_REPLY
+              recipients user.email
+              subject    "Change your password"
+              body       :user => user
+            end
+
+            def confirmation(user)
+              recipients user.email
+              from       DO_NOT_REPLY
+              subject   "Account confirmation"
+              body      :user => user
+            end
         
           end
         end
-    
-        module InstanceMethods
-          def change_password(user)
-            from       DO_NOT_REPLY
-            recipients user.email
-            subject    "[#{PROJECT_NAME.humanize}] Change your password"
-            body       :user => user
-          end
-        
-          def confirmation(user)
-            recipients user.email
-            from       DO_NOT_REPLY
-            subject   "[#{PROJECT_NAME.humanize}] Account confirmation"
-            body      :user => user
-          end
-        end
         
       end
     end

data/lib/clearance/app/models/user.rb

@@ -1,12 +1,12 @@
-require 'digest/sha1'
+require 'digest/sha2'
 
 module Clearance
   module App
     module Models
       module User
     
-        def self.included(base)
-          base.class_eval do
+        def self.included(model)
+          model.class_eval do
         
             attr_accessible :email, :password, :password_confirmation
             attr_accessor :password, :password_confirmation
@@ -14,72 +14,69 @@ module Clearance
             validates_presence_of     :email
             validates_presence_of     :password, :if => :password_required?
             validates_confirmation_of :password, :if => :password_required?
-            validates_uniqueness_of   :email
+            validates_uniqueness_of   :email, :case_sensitive => false
             validates_format_of       :email, :with => %r{.+@.+\..+}
 
             before_save :initialize_salt, :encrypt_password
         
-            extend ClassMethods
-            include InstanceMethods
-        
-          protected
+            def self.authenticate(email, password)
+              user = find(:first, :conditions => ['LOWER(email) = ?', email.to_s.downcase])
+              user && user.authenticated?(password) ? user : nil
+            end
+            
+            def email=(value)
+              value = value.to_s.downcase if value
+              write_attribute(:email, value.to_s)
+            end
 
-            include ProtectedInstanceMethods
-        
-          end
-        end
-    
-        module ClassMethods
-          def authenticate(email, password)
-            user = find_by_email email
-            user && user.authenticated?(password) ? user : nil
-          end
-        end
-    
-        module InstanceMethods
-          def authenticated?(password)
-            crypted_password == encrypt(password)
-          end
+            def authenticated?(password)
+              crypted_password == encrypt(password)
+            end
 
-          def encrypt(password)
-            Digest::SHA1.hexdigest "--#{salt}--#{password}--"
-          end
+            def encrypt(password)
+              Digest::SHA512.hexdigest "--#{salt}--#{password}--"
+            end
 
-          def remember_token?
-            remember_token_expires_at && Time.now.utc < remember_token_expires_at
-          end
+            def remember_token?
+              remember_token_expires_at && Time.now.utc < remember_token_expires_at
+            end
 
-          def remember_me!
-            remember_me_until 2.weeks.from_now.utc
-          end
+            def remember_me!
+              remember_me_until 2.weeks.from_now.utc
+            end
 
-          def remember_me_until(time)
-            self.update_attribute :remember_token_expires_at, time
-            self.update_attribute :remember_token, encrypt("#{email}--#{remember_token_expires_at}")
-          end
+            def remember_me_until(time)
+              self.update_attribute :remember_token_expires_at, time
+              self.update_attribute :remember_token, 
+                encrypt("#{email}--#{remember_token_expires_at}")
+            end
 
-          def forget_me!
-            self.update_attribute :remember_token_expires_at, nil
-            self.update_attribute :remember_token, nil
-          end
+            def forget_me!
+              self.update_attribute :remember_token_expires_at, nil
+              self.update_attribute :remember_token, nil
+            end
+
+            def confirm!
+              self.update_attribute :confirmed, true
+            end
         
-          def confirm!
-            self.update_attribute :confirmed, true
-          end
-        end
-    
-        module ProtectedInstanceMethods
-          def initialize_salt
-            self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{email}--") if new_record?
-          end
+            protected
 
-          def encrypt_password
-            return if password.blank?
-            self.crypted_password = encrypt(password)
-          end
+            def initialize_salt
+              if new_record?
+                self.salt = Digest::SHA512.hexdigest("--#{Time.now.to_s}--#{email}--")
+              end
+            end
 
-          def password_required?
-            crypted_password.blank? || !password.blank?
+            def encrypt_password
+              return if password.blank?
+              self.crypted_password = encrypt(password)
+            end
+
+            def password_required?
+              crypted_password.blank? || !password.blank?
+            end
+        
           end
         end
   

data/lib/clearance/test/functional/confirmations_controller_test.rb

@@ -9,7 +9,7 @@ module Clearance
             context 'A GET to #new' do
               context "with the User with the given id's salt" do
                 setup do
-                  @user = Factory :user
+                  @user = Factory :clearance_user
                   get :new, :user_id => @user.to_param, :salt => @user.salt
                 end
 
@@ -17,39 +17,8 @@ module Clearance
                   assert_equal @user, assigns(:user)
                 end
 
-                should_respond_with :success
-                should_render_template :new
-              end
-
-              context "without the User with the given id's salt" do
-                setup do
-                  user = Factory :user
-                  salt = ''
-                  assert_not_equal salt, user.salt
-
-                  get :new, :user_id => user.to_param, :salt => ''
-                end
-
-                should_respond_with :not_found
-
-                should 'render nothing' do
-                  assert @response.body.blank?
-                end
-              end
-            end
-
-            context 'A POST to #create' do
-              context "with the User with the given id's salt" do
-                setup do
-                  @user = Factory :user
-                  assert ! @user.confirmed?
-
-                  post :create, :user_id => @user, :salt => @user.salt
-                  @user.reload
-                end
-
                 should 'confirm the User record with the given id' do
-                  assert @user.confirmed?
+                  assert assigns(:user).confirmed?
                 end
 
                 should 'log the User in' do
@@ -61,11 +30,11 @@ module Clearance
 
               context "without the User with the given id's salt" do
                 setup do
-                  user = Factory :user
+                  user = Factory :clearance_user
                   salt = ''
                   assert_not_equal salt, user.salt
 
-                  post :create, :user_id => user.id, :salt => salt
+                  get :new, :user_id => user.to_param, :salt => ''
                 end
 
                 should_respond_with :not_found

data/lib/clearance/test/functional/passwords_controller_test.rb

@@ -9,7 +9,7 @@ module Clearance
             should_route :get, '/users/1/password/edit', :action => 'edit', :user_id => '1'
 
             context 'with a user' do
-              setup { @user = Factory :user }
+              setup { @user = Factory :clearance_user }
 
               context 'A GET to #new' do
                 setup { get :new, :user_id => @user.to_param }
@@ -30,6 +30,10 @@ module Clearance
                   should 'send an email to the user to edit their password' do
                     assert @email.subject =~ /change your password/i
                   end
+                  
+                  should 'set a :notice flash with the user email address' do
+                    assert_match /#{@user.email}/, flash[:notice]
+                  end
 
                   should_redirect_to "@controller.send(:url_after_create)"
                 end
@@ -59,9 +63,9 @@ module Clearance
                 context "with an existing user's id and password" do
                   setup do
                     get :edit, 
-                      :user_id => @user.to_param, 
+                      :user_id  => @user.to_param, 
                       :password => @user.crypted_password, 
-                      :email => @user.email
+                      :email    => @user.email
                   end
 
                   should 'find the user with the given id and password' do
@@ -122,7 +126,7 @@ module Clearance
                   setup do
                     new_password = 'new_password'
                     encryption_format = "--#{@user.salt}--#{new_password}--"
-                    @encrypted_new_password = Digest::SHA1.hexdigest encryption_format
+                    @encrypted_new_password = Digest::SHA512.hexdigest encryption_format
                     assert_not_equal @encrypted_new_password, @user.crypted_password
 
                     put(:update,
@@ -151,7 +155,7 @@ module Clearance
                   setup do
                     new_password = 'new_password'
                     encryption_format = "--#{@user.salt}--#{new_password}--"
-                    @encrypted_new_password = Digest::SHA1.hexdigest encryption_format
+                    @encrypted_new_password = Digest::SHA512.hexdigest encryption_format
 
                     put(:update,
                         :user_id => @user.to_param,