Changeset 269
- Timestamp:
- 03/07/08 17:37:10 (6 months ago)
- Files:
-
- incubator/jumpstart/app/controllers/users_controller.rb (modified) (1 diff)
- incubator/jumpstart/app/models/user_mailer.rb (modified) (1 diff)
- incubator/jumpstart/app/models/user_observer.rb (modified) (1 diff)
- incubator/jumpstart/lib/authentable_entity.rb (modified) (4 diffs)
- incubator/jumpstart/test/functional/sessions_controller_test.rb (modified) (2 diffs)
- incubator/jumpstart/test/functional/users_controller_test.rb (modified) (1 diff)
- incubator/jumpstart/test/unit/user_mailer_test.rb (modified) (1 diff)
- incubator/jumpstart/test/unit/user_observer_test.rb (modified) (1 diff)
- incubator/jumpstart/test/unit/user_test.rb (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
incubator/jumpstart/app/controllers/users_controller.rb
r214 r269 21 21 end 22 22 23 def activate24 return unless params[:activation_code]25 user = User.find_by_activation_code(params[:activation_code])26 if user27 user.activate28 self.current_user = user29 flash[:notice] = "Signup complete!"30 redirect_to root_path31 else32 flash[:warning] = "We could not find an account with that code."33 end34 end35 36 23 def forgot_password 37 24 return if request.get? incubator/jumpstart/app/models/user_mailer.rb
r214 r269 1 1 class UserMailer < ActionMailer::Base 2 2 default_url_options[:host] = AppConfiguration.full_domain 3 4 def signup_notification(user)5 setup_email(user)6 @subject += 'Please activate your new account'7 8 @body[:url] = "http://YOURSITE/activate/#{user.activation_code}"9 10 end11 12 def activation(user)13 setup_email(user)14 @subject += 'Your account has been activated'15 end16 3 17 4 def reset_password(user) incubator/jumpstart/app/models/user_observer.rb
r214 r269 1 1 class UserObserver < ActiveRecord::Observer 2 def after_create(user)3 UserMailer.deliver_signup_notification(user)4 end5 6 2 def after_save(user) 7 UserMailer.deliver_activation(user) if user.recently_activated?8 3 UserMailer.deliver_reset_password(user) if user.recently_reset_password? 9 10 4 end 11 5 end incubator/jumpstart/lib/authentable_entity.rb
r268 r269 25 25 end 26 26 27 before_create :make_activation_code28 27 before_save :encrypt_password 29 30 28 31 29 # Prevents users from submitting crafted forms that bypasses activation. … … 41 39 # Returns the user or nil. 42 40 def authenticate(email, cleartext) 43 u = find (:first, :conditions => ['email = ? AND activated_at IS NOT NULL', email])41 u = find_by_email(email) 44 42 u && u.authenticated?(cleartext) ? u : nil 45 43 end … … 86 84 end 87 85 88 # Activates the user in the database.89 def activate90 @activated = true91 self.activated_at = Time.now.utc92 self.activation_code = nil93 save(false)94 end95 96 def active?97 # the existence of an activation code means they have not activated yet98 activation_code.nil?99 end100 101 # Returns true if the user has just been activated.102 def recently_activated?103 @activated104 end105 106 86 protected 107 87 def encrypt_password … … 114 94 end 115 95 116 def make_activation_code117 self.activation_code = generate_token118 end119 120 96 def generate_token 121 97 Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join ) incubator/jumpstart/test/functional/sessions_controller_test.rb
r214 r269 2 2 3 3 describe "Logging in (POST /session)", ActionController::TestCase do 4 tests SessionsController 4 5 5 describe "unactivated user", ActionController::TestCase do 6 tests SessionsController 6 it 'should create session' do 7 user = stub(:id => 1) 8 User.stubs(:authenticate).returns(user) 9 10 post :create, :email => 'email', :password => 'password' 11 session[:user_id].should.be user.id 12 end 7 13 8 before do 9 @user = create_user 10 end 14 it 'should fail login with incorrect credentials and does not redirect' do 15 User.stubs(:authenticate).returns(nil) 16 17 post :create, :email => 'email', :password => 'bad password' 18 session[:user_id].should.be.nil 19 end 20 21 it 'should remember me when asked' do 22 user = stub(:id => 1, :remember_me => true, :remember_token => 'foo', :remember_token_expires_at => 2.weeks.from_now) 23 User.stubs(:authenticate).returns(user) 11 24 12 it "should not create session" do 13 post :create, :email => @user.email, :password => @user.password 14 session[:user_id].should.be.nil 15 end 25 post :create, :email => 'email', :password => 'password', :remember_me => '1' 26 response.cookies["auth_token"].should.not.be.nil 27 end 28 29 it 'should not remember me unless asked' do 30 user = stub(:id => 1) 31 User.stubs(:authenticate).returns(user) 32 33 post :create, :email => 'email', :password => 'password', :remember_me => '0' 34 response.cookies["auth_token"].should.be.nil 35 end 36 37 it 'should login with remember me cookie' do 38 user = stub(:id => 1, :remember_token? => true, :remember_me => true, :remember_token => 'foo', :remember_token_expires_at => 2.weeks.from_now) 39 User.expects(:find_by_remember_token).returns(user) 16 40 41 request.cookies["auth_token"] = auth_token('foo') 42 get :new 43 controller.send(:logged_in?).should.be true 17 44 end 18 19 describe "activated user", ActionController::TestCase do20 tests SessionsController21 45 22 before do 23 @user = create_user 24 @user.activate 25 end 26 27 it 'should create session' do 28 post :create, :email => @user.email, :password => @user.password 29 session[:user_id].should.not.be.nil 30 end 31 32 it 'should fail login with incorrect credentials and does not redirect' do 33 post :create, :email => @user.email, :password => 'bad password' 34 session[:user_id].should.be.nil 35 status.should.be :success 36 end 46 it 'should not login with expired remember me cookie' do 47 user = stub(:id => 1, :remember_token? => false) 48 User.expects(:find_by_remember_token).returns(user) 37 49 38 it 'should remember me when asked' do 39 post :create, :email => @user.email, :password => @user.password, :remember_me => "1" 40 response.cookies["auth_token"].should.not.be.nil 41 end 42 43 it 'should not remember me unless asked' do 44 post :create, :email => @user.email, :password => @user.password, :remember_me => "0" 45 response.cookies["auth_token"].should.be.nil 46 end 50 request.cookies["auth_token"] = auth_token('foo') 51 get :new 52 controller.send(:logged_in?).should.not.be true 53 end 47 54 48 it 'should login with remember me cookie' do 49 @user.remember_me 50 request.cookies["auth_token"] = cookie_for(@user) 51 get :new 52 controller.send(:logged_in?).should == true 53 end 54 55 it 'should not login with expired remember me cookie' do 56 @user.remember_me 57 @user.update_attribute :remember_token_expires_at, 5.minutes.ago 58 request.cookies["auth_token"] = cookie_for(@user) 59 get :new 60 controller.send(:logged_in?).should.not == true 61 end 62 63 it 'should not login with invalid remember me' do 64 @user.remember_me 65 request.cookies["auth_token"] = auth_token('invalid_auth_token') 66 get :new 67 controller.send(:logged_in?).should.not == true 68 end 55 it 'should not login with invalid remember me' do 56 User.expects(:find_by_remember_token).returns(nil) 69 57 70 def auth_token(token)71 CGI::Cookie.new('name' => 'auth_token', 'value' => token)72 end73 74 def cookie_for(user) 75 auth_token user.remember_token76 end58 request.cookies["auth_token"] = auth_token('invalid_auth_token') 59 get :new 60 controller.send(:logged_in?).should.be false 61 end 62 63 def auth_token(token) 64 CGI::Cookie.new('name' => 'auth_token', 'value' => token) 77 65 end 78 66 end … … 81 69 tests SessionsController 82 70 83 before do84 @user = create_user85 login_as @user86 end87 88 71 it 'remove user from session' do 72 user = stub(:id => 1, :forget_me => true) 73 User.stubs(:find).returns(user) 74 request.session[:user_id] = user.id 75 89 76 get :destroy 90 77 session[:user_id].should.be.nil 91 status.should.be :redirect92 78 end 93 79 94 80 it 'should delete remember me token' do 81 user = stub(:id => 1, :remember_token? => true, :remember_me => true, :forget_me => true, :remember_token => 'foo', :remember_token_expires_at => 2.weeks.from_now) 82 User.expects(:find_by_remember_token).returns(user) 83 request.cookies["auth_token"] = auth_token('foo') 84 95 85 get :destroy 96 86 response.cookies["auth_token"].should == [] 97 87 end 88 89 def auth_token(token) 90 CGI::Cookie.new('name' => 'auth_token', 'value' => token) 91 end 98 92 end incubator/jumpstart/test/functional/users_controller_test.rb
r231 r269 29 29 end 30 30 31 describe "Entering activation code (GET /activate)", ActionController::TestCase do32 tests UsersController33 34 it "should use the 'activate' template" do35 get :activate36 template.should.be('activate')37 end38 end39 40 describe "Activating a user from link (GET /activate?activation_code=:activation_code)", ActionController::TestCase do41 tests UsersController42 43 before do44 @user = create_user45 end46 47 it "should require a known activation code" do48 get :activate, :activation_code => 'unknown code'49 template.should.be('activate')50 end51 52 it "should activate the user" do53 get :activate, :activation_code => @user.activation_code54 @user.reload.should.be.active55 end56 57 it "should redirect back to the site root" do58 get :activate, :activation_code => @user.activation_code59 should.redirect_to root_path60 end61 end62 63 describe "Activating a user (POST /activate)", ActionController::TestCase do64 tests UsersController65 66 before do67 @user = create_user68 end69 70 it "should require a known activation code" do71 post :activate, :activation_code => 'unknown code'72 template.should.be('activate')73 end74 75 it "should activate the user" do76 post :activate, :activation_code => @user.activation_code77 @user.reload.should.be.active78 end79 80 it "should redirect back to the site root" do81 post :activate, :activation_code => @user.activation_code82 should.redirect_to root_path83 end84 end85 86 31 describe "Forgetting a password (GET /forgot_password)", ActionController::TestCase do 87 32 tests UsersController incubator/jumpstart/test/unit/user_mailer_test.rb
r214 r269 3 3 describe "UserMailer", ActionMailer::TestCase do 4 4 5 describe "Signup notification email" do6 include ActionController::UrlWriter7 8 before do9 @user = create_user10 @emails = ActionMailer::Base.deliveries11 @emails.clear12 UserMailer.deliver_signup_notification(@user)13 end14 15 it "should be sent to user's email" do16 @emails[0].to[0].should == @user.email17 end18 19 it "should be sent from 'accounts@YOURSITE.com'" do20 @emails[0].from[0].should == 'accounts@YOURSITE.com'21 end22 23 it "should have a subject indicating activation needed" do24 @emails[0].subject.should.include 'Please activate your new account'25 end26 27 it "should have user's email in the message" do28 @emails[0].body.should.include @user.email29 end30 31 it "should have user's password in the message" do32 @emails[0].body.should.include @user.password33 end34 35 it "should have user's activation code in the message" do36 @emails[0].body.should.include @user.activation_code37 end38 39 # it "should include the link to activation" do40 # @emails[0].body.should.include activation_url41 # end42 end43 44 describe "Activation email" do45 include ActionController::UrlWriter46 47 before do48 @emails = ActionMailer::Base.deliveries49 @emails.clear50 @user = new_user51 UserMailer.deliver_activation(@user)52 end53 54 it "should be sent to user's email" do55 @emails[0].to[0].should == @user.email56 end57 58 it "should be sent from 'accounts@YOURSITE.com'" do59 @emails[0].from[0].should == 'accounts@YOURSITE.com'60 end61 62 it "should have a subject indicating account activation" do63 @emails[0].subject.should.include 'Your account has been activated'64 end65 66 it "should have user's login in the message" do67 @emails[0].body.should.include @user.login68 end69 70 # it "should include the link to site" do71 # @emails[0].body.should.include root_url72 # end73 end74 75 5 describe "Reset password email" do 76 6 include ActionController::UrlWriter 77 7 78 8 before do 79 @emails = ActionMailer::Base.deliveries 80 @emails.clear 81 @user = new_user 82 UserMailer.deliver_reset_password(@user) 9 @user = User.new(:email => 'email', :password => 'password') 10 @email = UserMailer.create_reset_password(@user) 83 11 end 84 12 85 13 it "should be sent to user's email" do 86 @email s[0].to[0].should == @user.email14 @email.to[0].should == @user.email 87 15 end 88 16 89 17 it "should be sent from 'accounts@YOURSITE.com'" do 90 @email s[0].from[0].should == 'accounts@YOURSITE.com'18 @email.from[0].should == 'accounts@YOURSITE.com' 91 19 end 92 20 93 21 it "should have a subject indicating password reset" do 94 @email s[0].subject.should.include 'Your password has been reset'22 @email.subject.should.include 'Your password has been reset' 95 23 end 96 24 97 25 it "should have user's email in the message" do 98 @email s[0].body.should.include @user.email26 @email.body.should.include @user.email 99 27 end 100 28 101 29 it "should have user's password in the message" do 102 @email s[0].body.should.include @user.password30 @email.body.should.include @user.password 103 31 end 104 32 105 33 # it "should include the link to login" do 106 # @email s[0].body.should.include login_url34 # @email.body.should.include login_url 107 35 # end 108 36 end incubator/jumpstart/test/unit/user_observer_test.rb
r214 r269 2 2 3 3 describe "UserObserver", ActiveSupport::TestCase do 4 describe "user creation" do5 before do6 @observer = UserObserver.instance7 @user = new_user8 UserMailer.stubs(:deliver_signup_notification)9 end10 11 it "should send activation email when the user is created" do12 UserMailer.expects(:deliver_signup_notification).times(1)13 @observer.after_create(@user)14 end15 end16 17 4 describe "resetting passwword" do 18 5 before do incubator/jumpstart/test/unit/user_test.rb
r268 r269 38 38 end 39 39 40 describe "creation" do41 it "should use token for activation code" do42 User.any_instance.stubs(:generate_token).returns("abcdefg")43 User.new.send(:make_activation_code).should == "abcdefg"44 end45 46 it "should generate activation code after create" do47 user = create_user48 user.activation_code.should.not.be.nil49 end50 51 it "should identify the user as not active when they have an activation code" do52 user = User.new53 user.activation_code = "foo"54 user.should.not.be.active55 end56 57 it "should identify the user as active when they dont have an activation code" do58 User.new(:activation_code => nil).should.be.active59 end60 61 end62 63 40 describe "authentication" do 64 beforedo41 it "should authenticate activated user with email and password" do 65 42 @user = create_user 66 end67 68 it "should not authenticate unactivated users" do69 User.authenticate(@user.email, @user.password).should.nil70 end71 72 it "should authenticate activated user with email and password" do73 @user.activate74 43 User.authenticate(@user.email, @user.password).should == @user 75 44 end … … 79 48 before do 80 49 @user = create_user 81 @user.activate82 50 end 83 51 … … 96 64 User.authenticate(new_email, @user.password).should == @user 97 65 end 98 end99 100 describe "activation" do101 102 it "should remove the activation code" do103 user = User.new(:activation_code => "foo")104 user.stubs(:save).returns(true)105 user.activate106 user.activation_code.should.be.nil107 end108 109 it "should set the activated at timestamp" do110 user = User.new(:activation_code => "foo")111 user.stubs(:save).returns(true)112 user.activate113 user.activated_at.should.not.be.nil114 end115 116 it "should identify the user as recently activated" do117 user = User.new(:activation_code => "foo")118 user.stubs(:save).returns(true)119 user.activate120 user.should.be.recently_activated121 end122 123 it "should identify the user as active" do124 user = User.new(:activation_code => "foo")125 user.stubs(:save).returns(true)126 user.activate127 user.should.be.active128 end129 130 66 end 131 67
