twitter-auth-with-mongo-mapper 0.0.9

data/spec/controllers/sessions_controller_spec.rb

@@ -0,0 +1,221 @@
+require File.dirname(__FILE__) + '/../spec_helper'
+
+describe SessionsController do
+  integrate_views
+
+  describe 'routes' do
+    it 'should route /session/new to SessionsController#new' do
+      params_from(:get, '/session/new').should == {:controller => 'sessions', :action => 'new'}
+    end
+
+    it 'should route /login to SessionsController#new' do
+      params_from(:get, '/login').should == {:controller => 'sessions', :action => 'new'}
+    end
+
+    it 'should route /logout to SessionsController#destroy' do
+      params_from(:get, '/logout').should == {:controller => 'sessions', :action => 'destroy'}
+    end
+
+    it 'should route DELETE /session to SessionsController#destroy' do
+      params_from(:delete, '/session').should == {:controller => 'sessions', :action => 'destroy'}
+    end
+
+    it 'should route /oauth_callback to SessionsController#oauth_callback' do
+      params_from(:get, '/oauth_callback').should == {:controller => 'sessions', :action => 'oauth_callback'}
+    end
+
+    it 'should route POST /session to SessionsController#create' do
+      params_from(:post, '/session').should == {:controller => 'sessions', :action => 'create'}
+    end
+  end
+
+  describe 'with OAuth strategy' do
+    before do
+      stub_oauth!
+    end
+
+    describe '#new' do
+      it 'should retrieve a request token' do
+        get :new
+        assigns[:request_token].token.should == 'faketoken'
+        assigns[:request_token].secret.should == 'faketokensecret'
+      end
+
+      it 'should set session variables for the request token' do
+        get :new
+        session[:request_token].should == 'faketoken'
+        session[:request_token_secret].should == 'faketokensecret'
+      end
+
+      it 'should redirect to the oauth authorization url' do
+        get :new
+        response.should redirect_to('https://twitter.com/oauth/authorize?oauth_token=faketoken')
+      end
+
+      it 'should redirect to the oauth_callback if one is specified' do
+        TwitterAuth.stub!(:oauth_callback).and_return('http://localhost:3000/development')
+        TwitterAuth.stub!(:oauth_callback?).and_return(true)        
+
+        get :new
+        response.should redirect_to('https://twitter.com/oauth/authorize?oauth_token=faketoken&oauth_callback=' + CGI.escape(TwitterAuth.oauth_callback))
+      end
+    end
+
+    describe '#oauth_callback' do
+      describe 'with no session info' do
+        it 'should set the flash[:error]' do
+          get :oauth_callback, :oauth_token => 'faketoken'
+          flash[:error].should == 'No authentication information was found in the session. Please try again.'
+        end
+
+        it 'should redirect to "/" by default' do
+          get :oauth_callback, :oauth_token => 'faketoken'
+          response.should redirect_to('/')
+        end
+
+        it 'should call authentication_failed' do
+          controller.should_receive(:authentication_failed).any_number_of_times
+          get :oauth_callback, :oauth_token => 'faketoken'
+        end
+      end
+
+      describe 'with proper info' do
+        before do
+          @user = Factory.create(:twitter_oauth_user, :twitter_id => '123')
+          @time = Time.now
+          @remember_token = ActiveSupport::SecureRandom.hex(10)
+          
+          Time.stub!(:now).and_return(@time)
+          ActiveSupport::SecureRandom.stub!(:hex).and_return(@remember_token)
+
+          request.session[:request_token] = 'faketoken'
+          request.session[:request_token_secret] = 'faketokensecret'
+          get :oauth_callback, :oauth_token => 'faketoken'
+        end 
+
+        describe 'building the access token' do
+          it 'should rebuild the request token' do
+            correct_token =  OAuth::RequestToken.new(TwitterAuth.consumer,'faketoken','faketokensecret')
+            
+            %w(token secret).each do |att|
+              assigns[:request_token].send(att).should == correct_token.send(att)
+            end
+          end
+
+          it 'should exchange the request token for an access token' do
+            assigns[:access_token].should be_a(OAuth::AccessToken)
+            assigns[:access_token].token.should == 'fakeaccesstoken'
+            assigns[:access_token].secret.should == 'fakeaccesstokensecret'
+          end
+
+          it 'should wipe the request token after exchange' do
+            session[:request_token].should be_nil
+            session[:request_token_secret].should be_nil
+          end
+        end
+        
+        describe 'identifying the user' do
+          it "should find the user" do         
+            assigns[:user].should == @user
+          end
+
+          it "should assign the user id to the session" do
+            session[:user_id].should == @user.id
+          end
+
+          it "should call remember me" do
+            @user.reload
+            @user.remember_token.should == @remember_token
+          end
+
+          it "should set a cookie" do
+            cookies[:remember_token].should == @remember_token
+          end
+        end
+
+        describe "when OAuth doesn't work" do
+          before do
+            request.session[:request_token] = 'faketoken'
+            request.session[:request_token_secret] = 'faketokensecret'
+            @request_token =  OAuth::RequestToken.new(TwitterAuth.consumer, session[:request_token], session[:request_token_secret])
+            OAuth::RequestToken.stub!(:new).and_return(@request_token)
+          end
+
+          it 'should call authentication_failed when it gets a 401 from OAuth' do
+            @request_token.stub!(:get_access_token).and_raise(Net::HTTPServerException.new('401 "Unauthorized"', '401 "Unauthorized"'))
+            controller.should_receive(:authentication_failed).with('This authentication request is no longer valid. Please try again.')
+            # the should raise_error is hacky because of the expectation
+            # stubbing the proper behavior :-(
+            lambda{get :oauth_callback, :oauth_token => 'faketoken'}.should raise_error(ActionView::MissingTemplate)
+          end
+
+          it 'should call authentication_failed when it gets a different HTTPServerException' do
+            @request_token.stub!(:get_access_token).and_raise(Net::HTTPServerException.new('404 "Not Found"', '404 "Not Found"'))
+            controller.should_receive(:authentication_failed).with('There was a problem trying to authenticate you. Please try again.')
+            lambda{get :oauth_callback, :oauth_token => 'faketoken'}.should raise_error(ActionView::MissingTemplate)
+          end
+        end
+      end
+    end
+  end
+
+  describe 'with Basic strategy' do
+    before do
+      stub_basic!
+    end
+    
+    describe '#new' do
+      it 'should render the new action' do
+        get :new
+        response.should render_template('sessions/new')
+      end
+
+      it 'should render the login form' do
+        get :new
+        response.should have_tag('form[action=/session][id=login_form][method=post]')
+      end
+      
+      describe '#create' do
+        before do
+          @user = Factory.create(:twitter_basic_user, :twitter_id => '123')
+        end
+
+        it 'should call logout_keeping_session! to remove session info' do
+          controller.should_receive(:logout_keeping_session!)
+          post :create
+        end
+
+        it 'should try to authenticate the user' do
+          User.should_receive(:authenticate)
+          post :create
+        end
+
+        it 'should call authentication_failed on authenticate failure' do
+          User.should_receive(:authenticate).and_return(nil)
+          post :create, :login => 'wrong', :password => 'false'
+          response.should redirect_to('/login')
+        end
+
+        it 'should call authentication_succeeded on authentication success' do
+          User.should_receive(:authenticate).and_return(@user)    
+          post :create, :login => 'twitterman', :password => 'cool'
+          response.should redirect_to('/')
+          flash[:notice].should_not be_blank
+        end
+      end
+    end
+
+  end
+
+  describe '#destroy' do
+    it 'should call logout_keeping_session!' do
+      controller.should_receive(:logout_keeping_session!).once
+      get :destroy
+    end
+
+    it 'should redirect to the root' do
+      get :destroy
+      response.should redirect_to('/')
+    end
+  end
+end

data/spec/fixtures/config/twitter_auth.yml

@@ -0,0 +1,17 @@
+development:
+  strategy: oauth
+  base_url: "https://twitter.com"
+  oauth_consumer_key: devkey
+  oauth_consumer_secret: devsecret
+  oauth_callback: "http://localhost:3000"
+test:
+  strategy: oauth
+  base_url: "https://twitter.com"
+  oauth_consumer_key: testkey
+  oauth_consumer_secret: testsecret
+production:
+  strategy: oauth
+  base_url: "https://twitter.com"
+  oauth_consumer_key: prodkey
+  oauth_consumer_secret: prodsecret
+

data/spec/fixtures/factories.rb

@@ -0,0 +1,20 @@
+require 'factory_girl'
+
+Factory.define(:twitter_oauth_user, :class => User) do |u|
+  u.twitter_id { User.count + 1 }
+  u.login 'twitterman'
+  u.access_token 'fakeaccesstoken'
+  u.access_secret 'fakeaccesstokensecret'
+  
+  u.name 'Twitter Man'
+  u.description 'Saving the world for all Twitter kind.'
+end
+
+Factory.define(:twitter_basic_user, :class => User) do |u|
+  u.twitter_id { User.count + 1 }
+  u.login 'twitterman'
+  u.password 'test'
+
+  u.name 'Twitter Man'
+  u.description 'Saving the world for all Twitter kind.'
+end

data/spec/fixtures/fakeweb.rb

@@ -0,0 +1,18 @@
+# This is where we fake out all of the URLs that we
+# will be calling as a part of this spec suite.
+# You must have the 'fakeweb' gem in order to run
+# the tests for TwitterAuth.
+#
+# gem install 'mbleigh-fakeweb'
+
+require 'fake_web'
+
+FakeWeb.allow_net_connect = false
+
+FakeWeb.register_uri(:post, 'https://twitter.com:443/oauth/request_token', :string => 'oauth_token=faketoken&oauth_token_secret=faketokensecret')
+
+FakeWeb.register_uri(:post, 'https://twitter.com:443/oauth/access_token', :string => 'oauth_token=fakeaccesstoken&oauth_token_secret=fakeaccesstokensecret')
+
+FakeWeb.register_uri(:get, 'https://twitter.com:443/account/verify_credentials.json', :string => "{\"profile_image_url\":\"http:\\/\\/static.twitter.com\\/images\\/default_profile_normal.png\",\"description\":\"Saving the world for all Twitter kind.\",\"utc_offset\":null,\"favourites_count\":0,\"profile_sidebar_fill_color\":\"e0ff92\",\"screen_name\":\"twitterman\",\"statuses_count\":0,\"profile_background_tile\":false,\"profile_sidebar_border_color\":\"87bc44\",\"friends_count\":2,\"url\":null,\"name\":\"Twitter Man\",\"time_zone\":null,\"protected\":false,\"profile_background_image_url\":\"http:\\/\\/static.twitter.com\\/images\\/themes\\/theme1\\/bg.gif\",\"profile_background_color\":\"9ae4e8\",\"created_at\":\"Fri Feb 06 18:10:32 +0000 2009\",\"profile_text_color\":\"000000\",\"followers_count\":2,\"location\":null,\"id\":123,\"profile_link_color\":\"0000ff\"}")
+
+#FakeWeb.register_uri(:get, 'https://twitter.com:443/)

data/spec/fixtures/twitter.rb

@@ -0,0 +1,5 @@
+require 'net/http'
+
+TWITTER_JSON = {
+  :verify_credentials => "{\"profile_image_url\":\"http:\\/\\/static.twitter.com\\/images\\/default_profile_normal.png\",\"description\":\"Saving the world for all Twitter kind.\",\"utc_offset\":null,\"favourites_count\":0,\"profile_sidebar_fill_color\":\"e0ff92\",\"screen_name\":\"twitterman\",\"statuses_count\":0,\"profile_background_tile\":false,\"profile_sidebar_border_color\":\"87bc44\",\"friends_count\":2,\"url\":null,\"name\":\"Twitter Man\",\"time_zone\":null,\"protected\":false,\"profile_background_image_url\":\"http:\\/\\/static.twitter.com\\/images\\/themes\\/theme1\\/bg.gif\",\"profile_background_color\":\"9ae4e8\",\"created_at\":\"Fri Feb 06 18:10:32 +0000 2009\",\"profile_text_color\":\"000000\",\"followers_count\":2,\"location\":null,\"id\":20256865,\"profile_link_color\":\"0000ff\"}"
+}

data/spec/models/twitter_auth/basic_user_spec.rb

@@ -0,0 +1,138 @@
+require File.dirname(__FILE__) + '/../../spec_helper'
+
+describe TwitterAuth::BasicUser do
+  before do
+    stub_basic!
+  end
+
+  describe '#password=' do
+    before do
+      @user = Factory.build(:twitter_basic_user, :twitter_id => '123')
+    end
+
+    it 'should change the value of crypted_password' do
+      lambda{@user.password = 'newpass'}.should change(@user, :crypted_password)
+    end
+
+    it 'should change the value of salt' do
+      lambda{@user.password = 'newpass'}.should change(@user, :salt)
+    end
+
+    it 'should not store the plaintext password' do
+      @user.password = 'newpass'
+      @user.crypted_password.should_not == 'newpass'
+    end
+  end
+
+  describe '#password' do
+    before do
+      @user = Factory.build(:twitter_basic_user, :password => 'monkey')
+    end
+
+    it 'should return the password' do
+      @user.password.should == 'monkey'
+    end    
+
+    it 'should not be a database attribute' do
+      @user['password'].should_not == 'monkey'
+    end
+  end
+  
+  describe '.verify_credentials' do
+    before do
+      @user = Factory.create(:twitter_basic_user)
+    end
+
+    it 'should return a JSON hash of the user when successful' do
+      hash = User.verify_credentials('twitterman','test')
+      hash.should be_a(Hash)
+      hash['screen_name'].should == 'twitterman'
+      hash['name'].should == 'Twitter Man'
+    end
+
+    it 'should return false when a 401 unauthorized happens' do
+      FakeWeb.register_uri(:get, 'https://twitter.com:443/account/verify_credentials.json', :string => '401 "Unauthorized"', :status => ['401',' Unauthorized'])
+      User.verify_credentials('twitterman','wrong').should be_false
+    end
+  end
+
+  describe '.authenticate' do
+    before do
+      @user = Factory.create(:twitter_basic_user, :twitter_id => '123')
+    end
+
+    it 'should make a call to verify_credentials' do
+      User.should_receive(:verify_credentials).with('twitterman','test')
+      User.authenticate('twitterman','test')
+    end
+
+    it 'should return nil if verify_credentials returns false' do
+      User.stub!(:verify_credentials).and_return(false)
+      User.authenticate('twitterman','test').should be_nil
+    end
+
+    it 'should return the user if verify_credentials succeeds' do
+      User.stub!(:verify_credentials).and_return(JSON.parse("{\"profile_image_url\":\"http:\\/\\/static.twitter.com\\/images\\/default_profile_normal.png\",\"description\":\"Saving the world for all Twitter kind.\",\"utc_offset\":null,\"favourites_count\":0,\"profile_sidebar_fill_color\":\"e0ff92\",\"screen_name\":\"twitterman\",\"statuses_count\":0,\"profile_background_tile\":false,\"profile_sidebar_border_color\":\"87bc44\",\"friends_count\":2,\"url\":null,\"name\":\"Twitter Man\",\"time_zone\":null,\"protected\":false,\"profile_background_image_url\":\"http:\\/\\/static.twitter.com\\/images\\/themes\\/theme1\\/bg.gif\",\"profile_background_color\":\"9ae4e8\",\"created_at\":\"Fri Feb 06 18:10:32 +0000 2009\",\"profile_text_color\":\"000000\",\"followers_count\":2,\"location\":null,\"id\":123,\"profile_link_color\":\"0000ff\"}"))
+      User.authenticate('twitterman','test').should == @user
+    end
+  end
+
+  describe '.find_or_create_by_twitter_hash_and_password' do
+    before do
+      @user = Factory.create(:twitter_basic_user, :twitter_id => '123')
+    end
+
+    it 'should return the existing user if there is one' do
+      User.identify_or_create_from_twitter_hash_and_password({'id' => '123', 'screen_name' => 'twitterman'},'test').should == @user
+    end
+
+    it 'should update the attributes from the hash' do
+      User.identify_or_create_from_twitter_hash_and_password({'id' => 123, 'screen_name' => 'twitterman', 'name' => 'New Name'}, 'test').name.should == 'New Name'
+    end
+
+    it 'should update the password from the argument' do
+      User.identify_or_create_from_twitter_hash_and_password({'id' => '123', 'screen_name' => 'twitterman', 'name' => 'New Name'}, 'test2').password.should == 'test2'
+    end
+
+    it 'should create a user if one does not exist' do
+      lambda{User.identify_or_create_from_twitter_hash_and_password({'id' => 124, 'screen_name' => 'dude', 'name' => "Lebowski"}, 'test')}.should change(User, :count).by(1)
+    end
+
+    it 'should assign the attributes from the hash to a created user' do
+      user = User.identify_or_create_from_twitter_hash_and_password({'id' => 124, 'screen_name' => 'dude', 'name' => "Lebowski"}, 'test')
+      user.twitter_id.should == '124'
+      user.login.should == 'dude'
+      user.name.should == 'Lebowski'
+      user.password.should == 'test'
+    end
+  end
+
+  describe '#twitter' do
+    before do
+      @user = Factory.create(:twitter_basic_user, :twitter_id => '123')
+    end
+
+    it 'should be an instance of TwitterAuth::Dispatcher::Basic' do
+      @user.twitter.class.should == TwitterAuth::Dispatcher::Basic
+    end
+
+    it 'should have the correct user set' do
+      @user.twitter.user.should == @user
+    end
+  end
+
+  describe 'changing usernames' do
+    before do
+      @user = Factory.create(:twitter_basic_user, :twitter_id => '123')
+    end
+
+    it 'should not create a new record when a screen_name has changed' do
+      lambda{User.identify_or_create_from_twitter_hash_and_password({'id' => '123', 'screen_name' => 'dude'},'awesome')}.should_not change(User,:count)
+    end
+
+    it 'should update the record with the new screen name' do
+      User.identify_or_create_from_twitter_hash_and_password({'id' => '123', 'screen_name' => 'dude'},'awesome').should == @user.reload
+      @user.login.should == 'dude'
+    end
+  end
+end

data/spec/models/twitter_auth/generic_user_spec.rb

@@ -0,0 +1,146 @@
+require File.dirname(__FILE__) + '/../../spec_helper'
+
+describe TwitterAuth::GenericUser do
+  should_validate_presence_of :login, :twitter_id
+  should_validate_format_of :login, 'some_guy', 'awesome', 'cool_man'
+  should_not_validate_format_of :login, 'with-dashes', 'with.periods', 'with spaces'
+  should_validate_length_of :login, :in => 1..15
+  
+  it 'should validate uniqueness of login' do
+    Factory.create(:twitter_oauth_user)
+    Factory.build(:twitter_oauth_user).should have_at_least(1).errors_on(:login)
+  end
+
+  it 'should validate uniqueness of remember_token' do
+    Factory.create(:twitter_oauth_user, :remember_token => 'abc')
+    Factory.build(:twitter_oauth_user, :remember_token => 'abc').should have_at_least(1).errors_on(:remember_token)
+  end
+
+  it 'should allow capital letters in the username' do
+    Factory.build(:twitter_oauth_user, :login => 'TwitterMan').should have(:no).errors_on(:login)
+  end
+
+  it 'should not allow the same login with different capitalization' do
+    Factory.create(:twitter_oauth_user, :login => 'twitterman')
+    Factory.build(:twitter_oauth_user, :login => 'TwitterMan').should have_at_least(1).errors_on(:login)
+  end
+
+  describe '.new_from_twitter_hash' do
+    it 'should raise an argument error if the hash does not have a screen_name attribute' do
+      lambda{User.new_from_twitter_hash({'id' => '123'})}.should raise_error(ArgumentError, 'Invalid hash: must include screen_name.')
+    end
+
+    it 'should raise an argument error if the hash does not have an id attribute' do
+      lambda{User.new_from_twitter_hash({'screen_name' => 'abc123'})}.should raise_error(ArgumentError, 'Invalid hash: must include id.')
+    end
+
+    it 'should return a user' do
+      User.new_from_twitter_hash({'id' => '123', 'screen_name' => 'twitterman'}).should be_a(User)
+    end
+
+    it 'should assign login to the screen_name' do
+      User.new_from_twitter_hash({'id' => '123', 'screen_name' => 'twitterman'}).login.should == 'twitterman'
+    end
+
+    it 'should assign twitter attributes that are provided' do
+      u = User.new_from_twitter_hash({'id' => '4566', 'screen_name' => 'twitterman', 'name' => 'Twitter Man', 'description' => 'Saving the world for all Tweet kind.'})
+      u.name.should == 'Twitter Man'
+      u.description.should == 'Saving the world for all Tweet kind.'
+    end
+  end
+
+  describe '#update_twitter_attributes' do
+    it 'should assign values to the user' do
+      user = Factory.create(:twitter_oauth_user, :name => "Dude", :description => "Awesome, man.")
+      user.update_twitter_attributes({'name' => 'Twitter Man', 'description' => 'Works.'})
+      user.reload
+      user.name.should == 'Twitter Man'
+      user.description.should == 'Works.'
+    end
+
+    it 'should not throw an error with extraneous info' do
+      user = Factory.create(:twitter_oauth_user, :name => "Dude", :description => "Awesome, man.")
+      lambda{user.update_twitter_attributes({'name' => 'Twitter Man', 'description' => 'Works.', 'whoopsy' => 'noworks.'})}.should_not raise_error
+    end
+  end
+
+  describe '#remember_me' do
+    before do
+      @user = Factory(:twitter_oauth_user)
+    end
+
+    it 'should check for the remember_token column' do
+      @user.should_receive(:respond_to?).with(:remember_token).and_return(false)
+      @user.remember_me
+    end
+
+    it 'should return nil if there is no remember_token column' do
+      @user.should_receive(:respond_to?).with(:remember_token).and_return(false)
+      @user.remember_me.should be_false
+    end
+    
+    describe ' with proper columns' do
+      it 'should generate a secure random token' do
+        ActiveSupport::SecureRandom.should_receive(:hex).with(10).and_return('abcdef')
+        @user.remember_me
+        @user.remember_token.should == 'abcdef'
+      end
+
+      it 'should set the expiration to the current time plus the remember_for period' do
+        TwitterAuth.stub!(:remember_for).and_return(10)
+        time = Time.now
+        Time.stub!(:now).and_return(time)
+
+        @user.remember_me
+
+        @user.remember_token_expires_at.should == Time.now + 10.days
+      end
+
+      it 'should return a hash with a :value and :expires key' do
+        result = @user.remember_me
+        result.should be_a(Hash)
+        result.key?(:value).should be_true
+        result.key?(:expires).should be_true
+      end
+
+      it 'should return a hash with appropriate values' do
+        TwitterAuth.stub!(:remember_for).and_return(10)
+        time = Time.now
+        Time.stub!(:now).and_return(time)
+        ActiveSupport::SecureRandom.stub!(:hex).and_return('abcdef')
+
+        @user.remember_me.should == {:value => 'abcdef', :expires => (Time.now + 10.days)}
+      end
+    end
+  end
+
+  describe '#forget_me' do
+    it 'should reset remember_token and remember_token_expires_at' do
+      @user = Factory(:twitter_oauth_user, :remember_token => "abcdef", :remember_token_expires_at => Time.now + 10.days)
+      @user.forget_me
+      @user.reload
+      @user.remember_token.should be_nil
+      @user.remember_token_expires_at.should be_nil
+    end
+  end
+
+  describe '.from_remember_token' do
+    before do
+      @user = Factory(:twitter_oauth_user, :remember_token => 'abcdef', :remember_token_expires_at => (Time.now + 10.days))
+    end
+
+    it 'should find the user with the specified remember_token' do
+      User.from_remember_token('abcdef').should == @user
+    end
+
+    it 'should not find a user with an expired token' do
+      user2 = Factory(:twitter_oauth_user, :login => 'walker', :remember_token => 'ghijkl', :remember_token_expires_at => (Time.now - 10.days))
+      User.from_remember_token('ghijkl').should be_nil
+    end
+
+    it 'should not find a user with a nil token and an expiration' do
+      user = Factory(:twitter_oauth_user, :login => 'stranger', :remember_token => nil, :remember_token_expires_at => (Time.now + 10.days))
+      User.from_remember_token(nil).should be_nil
+    end
+  end
+end