token_authenticate_me 0.4.3 → 0.5.0

data/spec/acceptance/password_reset_api_spec.rb

@@ -1,111 +0,0 @@
-require 'spec_helper'
-
-describe 'Password Reset API' do
-  it 'resets the users password when called with the correct token' do
-    user = create_user
-
-    user.create_reset_token!
-    encrypted_pw = user.password_digest
-    reset_token = user.reset_password_token.to_s
-
-    put '/password_resets/' + reset_token + '/',
-        password: 'test', password_confirmation: 'test'
-
-    expect(last_response.status).to eq(204)
-    expect(User.find(user.id).password_digest).not_to eq(encrypted_pw)
-  end
-
-  it 'does not allow replay attacks' do
-    user = create_user
-
-    user.create_reset_token!
-    encrypted_pw = user.password_digest
-    reset_token = user.reset_password_token.to_s
-
-    put '/password_resets/' + reset_token + '/',
-        password: 'test', password_confirmation: 'test'
-
-    expect(last_response.status).to eq(204)
-    expect(User.find(user.id).password_digest).not_to eq(encrypted_pw)
-
-    put '/password_resets/' + reset_token + '/',
-        password: 'test', password_confirmation: 'test'
-    expect(last_response.status).to eq(404)
-  end
-
-  it 'fails to reset the users password when the confirmation does not match' do
-    user = create_user
-
-    user.create_reset_token!
-    encrypted_pw = user.password_digest
-    reset_token = user.reset_password_token.to_s
-
-    put '/password_resets/' + reset_token + '/',
-        password: 'test', password_confirmation: 'test_ops'
-
-    expect(last_response.status).to eq(422)
-    expect(User.find(user.id).password_digest).to eq(encrypted_pw)
-  end
-
-  it 'raises a routing error when called with an empty token' do
-    user = create_user
-
-    user.create_reset_token!
-    encrypted_pw = user.password_digest
-
-    expect do
-      put '/password_resets//',  password: 'test', password_confirmation: 'test'
-    end.to raise_error(ActionController::RoutingError)
-    expect(User.find(user.id).password_digest).to eq(encrypted_pw)
-  end
-
-  it 'returns a 404 when reset is requested with a bad token' do
-    user = create_user
-
-    user.create_reset_token!
-
-    put '/password_resets/' + SecureRandom.hex.to_s + '/',
-        password: 'test', password_confirmation: 'test'
-
-    expect(last_response.status).to eq(404)
-  end
-
-  it 'returns a 204 when a password reset is requested with a valid e-mail' do
-    user = create_user
-
-    post '/password_resets/',  email: user.email
-
-    expect(last_response.status).to eq(204)
-  end
-
-  it 'returns a 204 when a password reset is requested with a invalid e-mail' do
-    user = create_user # rubocop:disable Lint/UselessAssignment
-
-    post '/password_resets/',  email: 'foo@bar.com'
-
-    expect(last_response.status).to eq(204)
-  end
-
-  it 'sends a valid e-mail when a password reset is requested with a valid e-mail' do
-    user = create_user
-
-    post '/password_resets/',  email: user.email
-
-    mail = ActionMailer::Base.deliveries.last
-
-    expect(mail['to'].to_s).to eq(user.email)
-    expect(mail['subject'].to_s).to eq('Password Reset')
-  end
-
-  it 'sends a invalid e-mail when a password reset is requested with a invalid e-mail' do
-    user = create_user # rubocop:disable Lint/UselessAssignment
-    email = 'foo@bar.com'
-
-    post '/password_resets/',  email: email
-
-    mail = ActionMailer::Base.deliveries.last
-
-    expect(mail['to'].to_s).to eq(email)
-    expect(mail['subject'].to_s).to eq('Password Reset Error')
-  end
-end

data/spec/acceptance/session_api_spec.rb

@@ -1,95 +0,0 @@
-require 'spec_helper'
-
-describe 'Session API' do
-  it 'creates a new session when authenticating with a username and password' do
-    password = 'text'
-    user = create_user(password: password)
-
-    post '/session/',
-         username: user.username, password: password
-
-    expect(last_response.status).to eq(201)
-    json = JSON.parse(last_response.body)
-
-    expect(json['session']).not_to be_nil
-    expect(json['session']['key']).not_to be_nil
-    expect(json['session']['expiration']).not_to be_nil
-    expect(user.id).to eq(json['session']['user']['id'])
-  end
-
-  it 'creates a new session when authenticating with a email and password' do
-    password = 'text'
-    user = create_user(password: password)
-
-    post '/session/',
-         username: user.email, password: password
-
-    expect(last_response.status).to eq(201)
-    json = JSON.parse(last_response.body)
-
-    expect(json['session']).not_to be_nil
-    expect(json['session']['key']).not_to be_nil
-    expect(json['session']['expiration']).not_to be_nil
-    expect(user.id).to eq(json['session']['user']['id'])
-  end
-
-  it 'fails to create a new session when authenticating with an invalid password' do
-    password = 'text'
-    user = create_user(password: password)
-
-    post '/session/',
-         username: user.email, password: 'not_test'
-
-    expect(last_response.status).to eq(401)
-  end
-
-  it 'fetches an existing session when authenticated' do
-    password = 'text'
-    user = create_user(password: password)
-
-    post '/session/',
-         username: user.email, password: password
-    expect(last_response.status).to eq(201)
-    json = JSON.parse(last_response.body)
-
-    header 'Authorization', 'Token token=' + json['session']['key']
-    get '/session/'
-    expect(last_response.status).to eq(200)
-
-    json = JSON.parse(last_response.body)
-
-    expect(json['session']).not_to be_nil
-    expect(json['session']['key']).not_to be_nil
-    expect(json['session']['expiration']).not_to be_nil
-    expect(user.id).to eq(json['session']['user']['id'])
-  end
-
-  it 'fetching an expired session fails' do
-    user = create_user
-    session = Session.create!(user_id: user.id)
-    session.update!(expiration: 5.minutes.ago)
-
-    header 'Authorization', 'Token token=' + session.key
-    get '/session/'
-    expect(last_response.status).to eq(401)
-  end
-
-  it 'destroying an existing session succeeds' do
-    user = create_user
-    session = Session.create!(user_id: user.id)
-
-    header 'Authorization', 'Token token=' + session.key
-    delete '/session/'
-    expect(last_response.status).to eq(204)
-  end
-
-  it 'destroying an expired session fails' do
-    user = create_user
-    session = Session.create!(user_id: user.id)
-    session.update!(expiration: 5.minutes.ago)
-
-    header 'Authorization', 'Token token=' + session.key
-    delete '/session/'
-    expect(last_response.status).to eq(401)
-  end
-end

data/spec/acceptance/users_api_spec.rb

@@ -1,70 +0,0 @@
-require 'spec_helper'
-
-describe 'Users API' do
-  it 'creates a new user when unauthenticated' do
-    username = 'test'
-    password = 'test'
-    email = 'test'
-
-    post '/users/',
-         user: {
-           username: username,
-           password: password,
-           password_confirmation: password,
-           email: email
-         }
-
-    expect(last_response.status).to eq(201)
-    json = JSON.parse(last_response.body)
-
-    expect(json['user']).not_to be_nil
-    expect(json['user']['username']).to eq(username)
-    expect(json['user']['email']).to eq(email)
-  end
-
-  it 'fails to create a new user when the password confirmation does not match' do
-    username = 'test'
-    password = 'test'
-    email = 'test'
-
-    post '/users/',
-         user: {
-           username: username,
-           password: password,
-           password_confirmation: 'invalid',
-           email: email
-         }
-
-    expect(last_response.status).to eq(422)
-  end
-
-  it 'succeeds to list users when authenticated' do
-    user = create_user
-    session = Session.create!(user_id: user.id)
-
-    header 'Authorization', 'Token token=' + session.key
-    get '/users/'
-
-    expect(last_response.status).to eq(200)
-  end
-
-  it 'fails to list users without being authenticated' do
-    get '/users/'
-
-    expect(last_response.status).to eq(401)
-  end
-
-  it 'does not serialze password digest' do
-    user = create_user
-    session = Session.create!(user_id: user.id)
-
-    header 'Authorization', 'Token token=' + session.key
-    get '/users/' + user.id.to_s + '/'
-
-    expect(last_response.status).to eq(200)
-    json = JSON.parse(last_response.body)
-
-    expect(json['user']).not_to be_nil
-    expect(json['user']['password_digest']).to be_nil
-  end
-end

data/spec/internal/app/controllers/password_resets_controller.rb

@@ -1,5 +0,0 @@
-require 'token_authenticate_me/controllers/password_resetable'
-
-class PasswordResetsController < ApplicationController
-  include TokenAuthenticateMe::Controllers::PasswordResetable
-end

data/spec/internal/app/controllers/sessions_controller.rb

@@ -1,5 +0,0 @@
-require 'token_authenticate_me/controllers/sessionable'
-
-class SessionsController < ApplicationController
-  include TokenAuthenticateMe::Controllers::Sessionable
-end

data/spec/internal/app/controllers/users_controller.rb

@@ -1,7 +0,0 @@
-class UsersController < ApplicationController
-  include TokenAuthenticateMe::Controllers::TokenAuthenticateable
-  include ApiMe # Provides default api resource
-
-  # Allow anyone to create a new user
-  skip_before_action :authenticate, only: [:create]
-end

data/spec/internal/app/models/session.rb

@@ -1,11 +0,0 @@
-require 'token_authenticate_me/models/sessionable'
-
-class Session < ActiveRecord::Base
-  include TokenAuthenticateMe::Models::Sessionable
-
-  belongs_to :user
-
-  def as_json(options = {})
-    { session: super({ include: :user }.merge(options)) }
-  end
-end

data/spec/internal/app/models/user.rb

@@ -1,11 +0,0 @@
-require 'token_authenticate_me/models/authenticatable'
-
-class User < ActiveRecord::Base
-  include TokenAuthenticateMe::Models::Authenticatable
-
-  has_many :sessions
-
-  def as_json(options = nil)
-    { user: super(options) }
-  end
-end

data/spec/internal/app/policies/user_policy.rb

@@ -1,29 +0,0 @@
-class UserPolicy
-  def initialize(*)
-  end
-
-  def permitted_attributes
-    [:username, :email, :password, :password_confirmation]
-  end
-
-  def create?
-    true
-  end
-
-  def show?
-    true
-  end
-
-  class Scope
-    attr_reader :user, :scope
-
-    def initialize(user, scope)
-      @user = user
-      @scope = scope
-    end
-
-    def resolve
-      scope
-    end
-  end
-end

data/spec/internal/app/serializers/user_serializer.rb

@@ -1,3 +0,0 @@
-class UserSerializer < ActiveModel::Serializer
-  attributes :id, :username, :email, :password, :created_at, :updated_at
-end

data/spec/internal/config/database.yml

@@ -1,3 +0,0 @@
-test:
-  adapter:  sqlite3
-  database: db/combustion_test.sqlite

data/spec/internal/config/routes.rb

@@ -1,13 +0,0 @@
-Rails.application.routes.draw do
-  resource :session, only: [:create, :show, :destroy]
-
-  resources :users
-
-  resources(
-    :password_resets,
-    only: [:create, :update],
-    constraints: {
-      id: TokenAuthenticateMe::UUID_REGEX
-    }
-  )
-end

data/spec/internal/db/fixtures/users.rb

@@ -1,11 +0,0 @@
-module Fixtures
-  module Users
-    def create_user(username: 'test', email: 'test@email.com', password: 'password')
-      User.create!(
-      username: username,
-      email: email,
-      password: password
-    )
-    end
-  end
-end

data/spec/internal/db/schema.rb

@@ -1,19 +0,0 @@
-ActiveRecord::Schema.define do
-  create_table :users, force: true do |t|
-    t.string :username,  null: false
-    t.string :email, null: false
-    t.string :password_digest, null: false
-    t.string :reset_password_token
-    t.datetime :reset_password_token_exp
-
-    t.timestamps
-  end
-
-  create_table :sessions, force: true do |t|
-    t.string :key,        null: false
-    t.datetime :expiration
-    t.integer :user_id
-
-    t.timestamps
-  end
-end

data/spec/spec_helper.rb

@@ -1,38 +0,0 @@
-require 'rubygems'
-require 'bundler/setup'
-require 'combustion'
-
-Bundler.require :default, :development
-
-Combustion.initialize! :active_record, :action_controller, :action_mailer, :action_view
-
-require 'rspec/rails'
-require 'rack/test'
-
-# Load fixture helpers for testing
-Dir[File.join(File.dirname(__FILE__), 'internal', 'db', 'fixtures', '**', '*.rb')].each do |file|
-  require file
-end
-
-module ApiHelper
-  include Rack::Test::Methods
-
-  def app
-    Rails.application
-  end
-end
-
-RSpec.configure do |config|
-  config.use_transactional_fixtures = true
-  config.mock_with :rspec
-
-  config.before do
-    ActionMailer::Base.delivery_method = :test
-    ActionMailer::Base.default_options = {
-      from: 'no-reply@test.com'
-    }
-  end
-
-  config.include ApiHelper
-  config.include Fixtures::Users
-end