yousty-activeadmin 1.0.0.pre

data/features/step_definitions/table_steps.rb

@@ -0,0 +1,119 @@
+Then /^I should see (\d+) ([\w]*) in the table$/ do |count, resource_type|
+  all("table.index_table tr > td:first").count.should eq count.to_i
+end
+
+# TODO: simplify this, if possible?
+class HtmlTableToTextHelper
+  def initialize(html, table_css_selector = "table")
+    @html = html
+    @selector = table_css_selector
+  end
+
+  def to_array
+    rows = Nokogiri::HTML(@html).css("#{@selector} tr")
+    rows.map do |row|
+      row.css('th, td').map do |td|
+        cell_to_string(td)
+      end
+    end
+  end
+
+  private
+
+  def cell_to_string(td)
+    str = ""
+    input = td.css('input').last
+
+    if input
+      str << input_to_string(input)
+    end
+
+    str << td.content.strip.gsub("\n", ' ')
+  end
+
+  def input_to_string(input)
+    case input.attribute("type").value
+    when "checkbox"
+      if input.attribute("disabled")
+        "_"
+      else
+        if input.attribute("checked")
+          "[X]"
+        else
+          "[ ]"
+        end
+      end
+    when "text"
+      if input.attribute("value").present?
+        "[#{input.attribute("value")}]"
+      else
+        "[ ]"
+      end
+    when "submit"
+      input.attribute("value")
+    else
+      raise "I don't know what to do with #{input}"
+    end
+  end
+end
+
+module TableMatchHelper
+
+
+  # @param table [Array[Array]]
+  # @param expected_table [Array[Array[String]]]
+  # The expected_table values are String. They are converted to
+  # Regexp when they start and end with a '/'
+  # Example:
+  #
+  #   assert_table_match(
+  #     [["Name", "Date"], ["Philippe", "Feb 08"]],
+  #     [["Name", "Date"], ["Philippe", "/\w{3} \d{2}/"]]
+  #   )
+  def assert_tables_match(table, expected_table)
+    expected_table.each_index do |row_index|
+      expected_table[row_index].each_index do |column_index|
+        expected_cell = expected_table[row_index][column_index]
+        cell = table.try(:[], row_index).try(:[], column_index)
+        begin
+          assert_cells_match(cell, expected_cell)
+        rescue
+          puts "Cell at line #{row_index} and column #{column_index}: #{cell.inspect} does not match #{expected_cell.inspect}"
+          puts "Expecting:"
+          table.each { |row| puts row.inspect }
+          puts "to match:"
+          expected_table.each { |row| puts row.inspect }
+          raise $!
+        end
+      end
+    end
+  end
+
+  def assert_cells_match(cell, expected_cell)
+    if expected_cell =~ /^\/.*\/$/
+      cell.should match(Regexp.new(expected_cell[1..-2]))
+    else
+      (cell || "").strip.should == expected_cell
+    end
+  end
+
+end # module TableMatchHelper
+
+World(TableMatchHelper)
+
+
+# Usage:
+#
+#   I should see the "invoices" table:
+#     | Invoice #    | Date     | Total Amount |
+#     |    /\d+/     | 27/01/12 |       $30.00 |
+#     |    /\d+/     | 12/02/12 |       $25.00 |
+#
+Then /^I should see the "([^"]*)" table:$/ do |table_id, expected_table|
+  page.should have_css("table##{table_id}")
+
+  assert_tables_match(
+    HtmlTableToTextHelper.new(page.body, "table##{table_id}").to_array,
+    expected_table.raw
+  )
+end

data/features/step_definitions/user_steps.rb

@@ -0,0 +1,39 @@
+def ensure_user_created(email)
+  user = AdminUser.where(:email => email).first_or_create(:password => 'password', :password_confirmation => 'password')
+
+  unless user.persisted?
+    raise "Could not create user #{email}: #{user.errors.full_messages}"
+  end
+  user
+end
+
+Given /^(?:I am logged|log) out$/ do
+  click_link 'Logout' if page.all(:css, "a", :text => 'Logout').any?
+end
+
+Given /^I am logged in$/ do
+  step 'log out'
+  login_as ensure_user_created 'admin@example.com'
+end
+
+# only for @requires-reloading scenario
+Given /^I am logged in with capybara$/ do
+  ensure_user_created 'admin@example.com'
+  step 'log out'
+
+  visit new_admin_user_session_path
+  fill_in 'Email',    :with => 'admin@example.com'
+  fill_in 'Password', :with => 'password'
+  click_button 'Login'
+end
+
+Given /^an admin user "([^"]*)" exists$/ do |email|
+  ensure_user_created(email)
+end
+
+Given /^an admin user "([^"]*)" exists with( expired)? reset password token "(.*?)"$/ do |email, expired, token|
+  user = ensure_user_created(email)
+  user.reset_password_token   = token
+  user.reset_password_sent_at = 1.minute.ago unless expired
+  user.save
+end

data/features/step_definitions/web_steps.rb

@@ -0,0 +1,86 @@
+require 'uri'
+require File.expand_path(File.join(File.dirname(__FILE__), "..", "support", "paths"))
+require File.expand_path(File.join(File.dirname(__FILE__), "..", "support", "selectors"))
+
+module WithinHelpers
+  def with_scope(locator)
+    locator ? within(*selector_for(locator)) { yield } : yield
+  end
+end
+World(WithinHelpers)
+
+# Single-line step scoper
+When /^(.*) within (.*[^:])$/ do |step_name, parent|
+  with_scope(parent) { step step_name }
+end
+
+# Multi-line step scoper
+When /^(.*) within (.*[^:]):$/ do |step_name, parent, table_or_string|
+  with_scope(parent) { step "#{step_name}:", table_or_string }
+end
+
+Given /^(?:I )am on (.+)$/ do |page_name|
+  visit path_to(page_name)
+end
+
+When /^(?:I )go to (.+)$/ do |page_name|
+  visit path_to(page_name)
+end
+
+When /^(?:I )POST to "(.*?)" with params "(.*?)"$/ do |url, params|
+  post "#{url}#{params}"
+end
+
+When /^(?:I )press "([^"]*)"$/ do |button|
+  click_button(button)
+end
+
+When /^(?:I )follow "([^"]*)"$/ do |link|
+  click_link(link)
+end
+
+When /^(?:I )fill in "([^"]*)" with "([^"]*)"$/ do |field, value|
+  fill_in(field, :with => value)
+end
+
+When /^(?:I )select "([^"]*)" from "([^"]*)"$/ do |value, field|
+  select(value, :from => field)
+end
+
+When /^(?:I )(check|uncheck|choose) "([^"]*)"$/ do |action, field|
+  send action, field
+end
+
+When /^(?:I )attach the file "([^"]*)" to "([^"]*)"$/ do |path, field|
+  attach_file(field, File.expand_path(path))
+end
+
+Then /^(?:I )should( not)? see( the element)? "([^"]*)"$/ do |negate, is_css, text|
+  should = negate ? :should_not    : :should
+  have   = is_css ? have_css(text) : have_content(text)
+  page.send should, have
+end
+
+Then /^the "([^"]*)" field(?: within (.*))? should( not)? contain "([^"]*)"$/ do |field, parent, negate, value|
+  with_scope(parent) do
+    field = find_field(field)
+    field_value = (field.tag_name == 'textarea') ? field.text : field.value
+    negate ? field_value.should_not =~ /#{value}/ : field_value.should =~ /#{value}/
+  end
+end
+
+Then /^the "([^"]*)" checkbox(?: within (.*))? should( not)? be checked$/ do |label, parent, negate|
+  with_scope(parent) do
+    field_checked = find_field(label)['checked']
+    field_checked.should negate ? be_false : be_true
+  end
+end
+
+Then /^(?:|I )should be on (.+)$/ do |page_name|
+  current_path = URI.parse(current_url).path
+  current_path.should == path_to(page_name)
+end
+
+Then /^show me the page$/ do
+  save_and_open_page
+end

data/features/sti_resource.feature

@@ -0,0 +1,73 @@
+Feature: STI Resource
+
+  Ensure that standard CRUD works with STI models
+
+  Background:
+    Given I am logged in
+    And a configuration of:
+    """
+      ActiveAdmin.register Publisher do
+        controller do
+          def permitted_params
+            params.permit publisher: [:first_name, :last_name, :username, :age]
+          end if Rails::VERSION::MAJOR == 4
+        end
+      end
+      ActiveAdmin.register User do
+        controller do
+          def permitted_params
+            params.permit user: [:first_name, :last_name, :username, :age]
+          end if Rails::VERSION::MAJOR == 4
+        end
+      end
+    """
+
+  Scenario: Create, update and delete a child STI resource
+    Given I am on the index page for publishers
+    When I follow "New Publisher"
+    And I fill in "First name" with "Terry"
+    And I fill in "Last name" with "Fox"
+    And I fill in "Username" with "terry_fox"
+    And I press "Create Publisher"
+    Then I should see "Publisher was successfully created"
+    And I should see "Terry"
+
+    When I follow "Edit Publisher"
+    And I fill in "First name" with "Joe"
+    And I press "Update Publisher"
+    Then I should see "Publisher was successfully updated"
+    And I should see "Joe"
+
+    When I follow "Delete Publisher"
+    Then I should see "Publisher was successfully destroyed"
+
+  Scenario: Create, update and delete a parent STI resource
+    Given I am on the index page for users
+    When I follow "New User"
+    And I fill in "First name" with "Terry"
+    And I fill in "Last name" with "Fox"
+    And I fill in "Username" with "terry_fox"
+    And I press "Create User"
+    Then I should see "User was successfully created"
+    And I should see "Terry"
+
+    When I follow "Edit User"
+    And I fill in "First name" with "Joe"
+    And I press "Update User"
+    Then I should see "User was successfully updated"
+    And I should see "Joe"
+
+    When I follow "Delete User"
+    Then I should see "User was successfully destroyed"
+
+  Scenario: Update and delete a child STI when the parent is registered
+    Given a publisher named "Terry Fox" exists
+    And I am on the index page for users
+    When I follow "Edit"
+    And I fill in "First name" with "Joe"
+    And I press "Update Publisher"
+    Then I should see "Publisher was successfully updated"
+    And I should see "Joe"
+
+    When I follow "Delete User"
+    Then I should see "Publisher was successfully destroyed"

data/features/support/env.rb

@@ -0,0 +1,112 @@
+# IMPORTANT: This file is generated by cucumber-rails - edit at your own peril.
+# It is recommended to regenerate this file in the future when you upgrade to a
+# newer version of cucumber-rails. Consider adding your own code to a new file
+# instead of editing this one. Cucumber will automatically load all features/**/*.rb
+# files.
+
+ENV["RAILS_ENV"] ||= "cucumber"
+
+require File.expand_path('../../../spec/spec_helper_without_rails', __FILE__)
+
+ENV['RAILS_ROOT'] = File.expand_path("../../../spec/rails/rails-#{ENV["RAILS"]}", __FILE__)
+
+# Create the test app if it doesn't exists
+unless File.exists?(ENV['RAILS_ROOT'])
+  system 'rake setup'
+end
+
+# Ensure the Active Admin load path is happy
+require 'rails'
+require 'active_admin'
+ActiveAdmin.application.load_paths = [ENV['RAILS_ROOT'] + "/app/admin"]
+
+require ENV['RAILS_ROOT'] + '/config/environment'
+
+# Setup autoloading of ActiveAdmin and the load path
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+autoload :ActiveAdmin, 'active_admin'
+
+require 'cucumber/rails'
+
+require 'capybara/rails'
+require 'capybara/cucumber'
+require 'capybara/session'
+# Capybara defaults to XPath selectors rather than Webrat's default of CSS3. In
+# order to ease the transition to Capybara we set the default here. If you'd
+# prefer to use XPath just remove this line and adjust any selectors in your
+# steps to use the XPath syntax.
+Capybara.default_selector = :css
+
+# If you set this to false, any error raised from within your app will bubble
+# up to your step definition and out to cucumber unless you catch it somewhere
+# on the way. You can make Rails rescue errors and render error pages on a
+# per-scenario basis by tagging a scenario or feature with the @allow-rescue tag.
+#
+# If you set this to true, Rails will rescue all errors and render error
+# pages, more or less in the same way your application would behave in the
+# default production environment. It's not recommended to do this for all
+# of your scenarios, as this makes it hard to discover errors in your application.
+ActionController::Base.allow_rescue = false
+
+# If you set this to true, each scenario will run in a database transaction.
+# You can still turn off transactions on a per-scenario basis, simply tagging
+# a feature or scenario with the @no-txn tag. If you are using Capybara,
+# tagging with @culerity or @javascript will also turn transactions off.
+#
+# If you set this to false, transactions will be off for all scenarios,
+# regardless of whether you use @no-txn or not.
+#
+# Beware that turning transactions off will leave data in your database
+# after each scenario, which can lead to hard-to-debug failures in
+# subsequent scenarios. If you do this, we recommend you create a Before
+# block that will explicitly put your database in a known state.
+Cucumber::Rails::World.use_transactional_fixtures = false
+# How to clean your database when transactions are turned off. See
+# http://github.com/bmabey/database_cleaner for more info.
+if defined?(ActiveRecord::Base)
+  begin
+    require 'database_cleaner'
+    require 'database_cleaner/cucumber'
+    DatabaseCleaner.strategy = :truncation
+  rescue LoadError => ignore_if_database_cleaner_not_present
+  end
+end
+
+# Warden helpers to speed up login
+# See https://github.com/plataformatec/devise/wiki/How-To:-Test-with-Capybara
+include Warden::Test::Helpers
+
+After do
+  Warden.test_reset!
+
+  # Reset back to the default auth adapter
+  ActiveAdmin.application.namespace(:admin).
+    authorization_adapter = ActiveAdmin::AuthorizationAdapter
+end
+
+Before do
+
+  begin
+    # We are caching classes, but need to manually clear references to
+    # the controllers. If they aren't clear, the router stores references
+    ActiveSupport::Dependencies.clear
+
+    # Reload Active Admin
+    ActiveAdmin.unload!
+    ActiveAdmin.load!
+  rescue
+    p $!
+    raise $!
+  end
+end
+
+# improve the performance of the specs suite by not logging anything
+# see http://blog.plataformatec.com.br/2011/12/three-tips-to-improve-the-performance-of-your-test-suite/
+Rails.logger.level = 4
+
+# Improves performance by forcing the garbage collector to run less often.
+unless ENV['DEFER_GC'] == '0' || ENV['DEFER_GC'] == 'false'
+  require File.expand_path('../../../spec/support/deferred_garbage_collection', __FILE__)
+  Before { DeferredGarbageCollection.start }
+  After  { DeferredGarbageCollection.reconsider }
+end

data/features/support/paths.rb

@@ -0,0 +1,71 @@
+module NavigationHelpers
+  # Maps a name to a path. Used by the
+  #
+  #   When /^I go to (.+)$/ do |page_name|
+  #
+  # step definition in web_steps.rb
+  #
+  def path_to(page_name)
+    params = page_name.scan(/with params "(.*?)"/).flatten[0] || ''
+    page_name.sub! /\ with params.*/, ''
+
+    url = case page_name
+
+    when /the home\s?page/
+      '/'
+    when /the dashboard/
+      "/admin"
+    when /the new post page/
+      "/admin/posts/new"
+    when /the login page/
+      "/admin/login"
+    when /the first post show page/
+      "/admin/posts/1"
+    when /the first post edit page/
+      "/admin/posts/1/edit"
+    when /the admin password reset form with reset password token "([^"]*)"/
+      "/admin/password/edit?reset_password_token=#{$1}"
+
+    # the index page for posts in the root namespace
+    # the index page for posts in the user_admin namespace
+    when /^the index page for (.*) in the (.*) namespace$/
+      if $2 != 'root'
+        send "#{$2}_#{$1}_path"
+      else
+        send "#{$1}_path"
+      end
+
+    # same as above, except defaults to admin namespace
+    when /^the index page for (.*)$/
+      send "admin_#{$1}_path"
+
+    when /^the last author's posts$/
+      admin_user_posts_path(User.last)
+
+    when /^the last author's last post page$/
+      admin_user_post_path(User.last, Post.where(:author_id => User.last.id).last)
+
+    when /^the last post's edit page$/
+      edit_admin_post_path(Post.last)
+
+    # Add more mappings here.
+    # Here is an example that pulls values out of the Regexp:
+    #
+    #   when /^(.*)'s profile page$/i
+    #     user_profile_path(User.find_by_login($1))
+
+    else
+      begin
+        page_name =~ /the (.*) page/
+        path_components = $1.split(/\s+/)
+        self.send path_components.push('path').join('_')
+      rescue Object => e
+        raise "Can't find mapping from \"#{page_name}\" to a path.\n" +
+          "Now, go and add a mapping in #{__FILE__}"
+      end
+    end
+    url + params
+  end
+end
+
+World(NavigationHelpers)

data/features/support/selectors.rb

@@ -0,0 +1,45 @@
+module HtmlSelectorsHelpers
+  # Maps a name to a selector. Used primarily by the
+  #
+  #   When /^(.+) within (.+)$/ do |step, scope|
+  #
+  # step definitions in web_steps.rb
+  #
+  def selector_for(locator)
+    case locator
+
+    when "the page"
+      "html > body"
+
+    # Add more mappings here.
+    # Here is an example that pulls values out of the Regexp:
+    #
+    #  when /^the (notice|error|info) flash$/
+    #    ".flash.#{$1}"
+
+    # You can also return an array to use a different selector
+    # type, like:
+    #
+    #  when /the header/
+    #    [:xpath, "//header"]
+
+    when "index grid"
+      [:css, "table.index_grid"]
+
+    when /^the "([^"]*)" sidebar$/
+      [:css, "##{$1.gsub(" ", '').underscore}_sidebar_section"]
+
+    # This allows you to provide a quoted selector as the scope
+    # for "within" steps as was previously the default for the
+    # web steps:
+    when /^"(.+)"$/
+      $1
+
+    else
+      raise "Can't find mapping from \"#{locator}\" to a selector.\n" +
+        "Now, go and add a mapping in #{__FILE__}"
+    end
+  end
+end
+
+World(HtmlSelectorsHelpers)

data/features/symbol_leak.feature

@@ -0,0 +1,35 @@
+Feature: User input shouldn't be symbolized
+
+  Background:
+    Given a configuration of:
+    """
+      ActiveAdmin.register Post
+    """
+    Given I am logged in
+    And 1 post exists
+
+  Scenario: The dashboard doesn't leak
+    Given I am on the dashboard with params "?really_long_malicious_key0"
+    Then "really_long_malicious_key0" shouldn't be a symbol
+
+  Scenario: The index page doesn't leak
+    Given I am on the index page for posts with params "?really_long_malicious_key1"
+    Then "really_long_malicious_key1" shouldn't be a symbol
+
+  @allow-rescue
+  Scenario: The filter query hash doesn't leak
+    Given I am on the index page for posts with params "?q[really_long_malicious_key2]"
+    Then "really_long_malicious_key2" shouldn't be a symbol
+
+  Scenario: The show page doesn't leak
+    Given I go to the first post show page with params "?really_long_malicious_key3"
+    Then "really_long_malicious_key3" shouldn't be a symbol
+
+  Scenario: The edit page doesn't leak
+    Given I go to the first post edit page with params "?really_long_malicious_key4"
+    Then "really_long_malicious_key4" shouldn't be a symbol
+
+  @allow-rescue
+  Scenario: Batch Actions don't leak
+    Given I POST to "admin/posts/batch_action" with params "?batch_action=really_long_malicious_key5"
+    Then "really_long_malicious_key5" shouldn't be a symbol

data/features/users/logging_in.feature

@@ -0,0 +1,34 @@
+Feature: User Logging In
+
+  Logging in to the system as an admin user
+
+  Background:
+    Given a configuration of:
+    """
+      ActiveAdmin.register Post
+    """
+    And I am logged out
+    And an admin user "admin@example.com" exists
+    When I go to the dashboard
+
+  Scenario: Logging in Successfully
+    When I fill in "Email" with "admin@example.com"
+    And I fill in "Password" with "password"
+    And I press "Login"
+    Then I should be on the the dashboard
+    And I should see the element "a[href='/admin/logout'       ]:contains('Logout')"
+    And I should see the element "a[href='/admin/admin_users/1']:contains('admin@example.com')"
+
+  Scenario: Attempting to log in with an incorrect email address
+    When I fill in "Email" with "not-an-admin@example.com"
+    And I fill in "Password" with "not-my-password"
+    And I press "Login"
+    Then I should see "Login"
+    And I should see "Invalid email or password."
+
+  Scenario: Attempting to log in with an incorrect password
+    When I fill in "Email" with "admin@example.com"
+    And I fill in "Password" with "not-my-password"
+    And I press "Login"
+    Then I should see "Login"
+    And I should see "Invalid email or password."

data/features/users/logging_out.feature

@@ -0,0 +1,13 @@
+Feature: User Logging out
+
+  Logging out of the system as an admin user
+
+  Scenario: Logging out successfully
+    Given a configuration of:
+    """
+      ActiveAdmin.register Post
+    """
+    And I am logged in
+    When I go to the dashboard
+    And I follow "Logout"
+    Then I should see "Login"

data/features/users/resetting_password.feature

@@ -0,0 +1,34 @@
+Feature: User Resetting Password
+
+  Resetting my password as an admin user
+
+  Background:
+    Given a configuration of:
+    """
+      ActiveAdmin.register Post
+    """
+    And I am logged out
+    And an admin user "admin@example.com" exists
+
+  Scenario: Resetting password successfully
+    When I go to the dashboard
+    And I follow "Forgot your password?"
+    When I fill in "Email" with "admin@example.com"
+    And I press "Reset My Password"
+    Then I should see "You will receive an email with instructions about how to reset your password in a few minutes."
+
+  Scenario: Changing password after resetting
+    Given an admin user "admin@example.com" exists with reset password token "123reset"
+    When I go to the admin password reset form with reset password token "123reset"
+    And I fill in "Password" with "password"
+    And I fill in "Password confirmation" with "password"
+    And I press "Change my password"
+    Then I should see "success"
+
+  Scenario: Changing password after resetting with errors
+    Given an admin user "admin@example.com" exists with expired reset password token "123reset"
+    When I go to the admin password reset form with reset password token "123reset"
+    And I fill in "Password" with "password"
+    And I fill in "Password confirmation" with "wrong"
+    And I press "Change my password"
+    Then I should see "expired"