added clearance, including cucumber features. removed test/mocks.

Dan Croak
1 parent 67628f5f
Showing 17 changed files with 301 additions and 55 deletions Show diff stats
app/controllers/application_controller.rb
app/models/user.rb
config/initializers/action_mailer_configs.rb
config/initializers/mail.rb
config/initializers/mocks.rb
config/routes.rb
db/migrate/20090701195337_clearance_create_users.rb
features/password_reset.feature
features/sign_in.feature
features/sign_out.feature
features/sign_up.feature
features/step_definitions/clearance_steps.rb
features/step_definitions/factory_girl_steps.rb
features/support/paths.rb
test/factories/clearance.rb
test/mocks/development/.keep
test/mocks/test/.keep
 class ApplicationController < ActionController::Base
+  include Clearance::Authentication
  
   helper :all
  
@@ -0,0 +1,3 @@
+class User < ActiveRecord::Base
+  include Clearance::User
+end
@@ -1,6 +0,0 @@
-ActionMailer::Base.smtp_settings = {
-    :address => "smtp.thoughtbot.com",
-    :port    => 25,
-    :domain  => "thoughtbot.com"
-}
-
@@ -0,0 +1,8 @@
+ActionMailer::Base.smtp_settings = {
+    :address => "smtp.thoughtbot.com",
+    :port    => 25,
+    :domain  => "thoughtbot.com"
+}
+
+DO_NOT_REPLY = "donotreply@example.com"
+
@@ -1,10 +0,0 @@
-# Rails 2 doesn't like mocks
-
-# This callback will run before every request to a mock in development mode, 
-# or before the first server request in production. 
-
-Rails.configuration.to_prepare do
-  Dir[File.join(RAILS_ROOT, 'test', 'mocks', RAILS_ENV, '*.rb')].each do |f|
-    load f
-  end
-end
 ActionController::Routing::Routes.draw do |map|
  
-  # Sample resource route (maps HTTP verbs to controller actions automatically):
-  #   map.resources :products
-
-  # Sample resource route with options:
-  #   map.resources :products, :member => { :short => :get, :toggle => :post }, :collection => { :sold => :get }
-
-  # Sample resource route with sub-resources:
-  #   map.resources :products, :has_many => [ :comments, :sales ], :has_one => :seller
-
-  # Sample resource route within a namespace:
-  #   map.namespace :admin do |admin|
-  #     # Directs /admin/products/* to Admin::ProductsController (app/controllers/admin/products_controller.rb)
-  #     admin.resources :products
-  #   end
-
-  # You can have the root of your site routed with map.root -- just remember to delete public/index.html.
-  # map.root :controller => "welcome"
+  map.root :controller => "clearance/users", :action => "new"
  
   # See how all your routes lay out with "rake routes"
  
-  # map.home '', :controller => 'home', :action => 'dashboard'
-  # map.with_options :controller => 'sessions'  do |m|
-  #   m.login  '/login',  :action => 'new'
-  #   m.logout '/logout', :action => 'destroy'
-  # end
+  # For more information on routes, read:
+  # http://guides.rubyonrails.org/routing.html
  
 end
@@ -0,0 +1,20 @@
+class ClearanceCreateUsers < ActiveRecord::Migration
+  def self.up
+    create_table(:users) do |t|
+      t.string   :email
+      t.string   :encrypted_password, :limit => 128
+      t.string   :salt,               :limit => 128
+      t.string   :token,              :limit => 128
+      t.datetime :token_expires_at
+      t.boolean  :email_confirmed, :default => false, :null => false
+    end
+
+    add_index :users, [:id, :token]
+    add_index :users, :email
+    add_index :users, :token    
+  end
+  
+  def self.down
+    drop_table :users  
+  end
+end
@@ -0,0 +1,33 @@
+Feature: Password reset
+  In order to sign in even if user forgot their password
+  A user
+  Should be able to reset it
+
+    Scenario: User is not signed up
+      Given no user exists with an email of "email@person.com"
+      When I request password reset link to be sent to "email@person.com"
+      Then I should see "Unknown email"
+
+    Scenario: User is signed up and requests password reset
+      Given I signed up with "email@person.com/password"
+      When I request password reset link to be sent to "email@person.com"
+      Then I should see "instructions for changing your password"
+      And a password reset message should be sent to "email@person.com"
+
+    Scenario: User is signed up updated his password and types wrong confirmation
+      Given I signed up with "email@person.com/password"
+      When I follow the password reset link sent to "email@person.com"
+      And I update my password with "newpassword/wrongconfirmation"
+      Then I should see error messages
+      And I should be signed out
+
+    Scenario: User is signed up and updates his password
+      Given I signed up with "email@person.com/password"
+      When I follow the password reset link sent to "email@person.com"
+      And I update my password with "newpassword/newpassword"
+      Then I should be signed in
+      When I sign out
+      Then I should be signed out
+      And I sign in as "email@person.com/newpassword"
+      Then I should be signed in
+
@@ -0,0 +1,42 @@
+Feature: Sign in
+  In order to get access to protected sections of the site
+  A user
+  Should be able to sign in
+
+    Scenario: User is not signed up
+      Given no user exists with an email of "email@person.com"
+      When I go to the sign in page
+      And I sign in as "email@person.com/password"
+      Then I should see "Bad email or password"
+      And I should be signed out
+
+    Scenario: User is not confirmed
+      Given I signed up with "email@person.com/password"
+      When I go to the sign in page
+      And I sign in as "email@person.com/password"
+      Then I should see "User has not confirmed email"
+      And I should be signed out
+
+   Scenario: User enters wrong password
+      Given I am signed up and confirmed as "email@person.com/password"
+      When I go to the sign in page
+      And I sign in as "email@person.com/wrongpassword"
+      Then I should see "Bad email or password"
+      And I should be signed out
+
+   Scenario: User signs in successfully
+      Given I am signed up and confirmed as "email@person.com/password"
+      When I go to the sign in page
+      And I sign in as "email@person.com/password"
+      Then I should see "Signed in"
+      And I should be signed in
+
+   Scenario: User signs in and checks "remember me"
+      Given I am signed up and confirmed as "email@person.com/password"
+      When I go to the sign in page
+      And I sign in with "remember me" as "email@person.com/password"
+      Then I should see "Signed in"
+      And I should be signed in
+      When I return next time
+      Then I should be signed in
+
@@ -0,0 +1,23 @@
+Feature: Sign out
+  To protect my account from unauthorized access
+  A signed in user
+  Should be able to sign out
+
+    Scenario: User signs out
+      Given I am signed up and confirmed as "email@person.com/password"
+      When I sign in as "email@person.com/password"
+      Then I should be signed in
+      And I sign out
+      Then I should see "Signed out"
+      And I should be signed out
+
+    Scenario: User who was remembered signs out
+      Given I am signed up and confirmed as "email@person.com/password"
+      When I sign in with "remember me" as "email@person.com/password"
+      Then I should be signed in
+      And I sign out
+      Then I should see "Signed out"
+      And I should be signed out
+      When I return next time
+      Then I should be signed out
+
@@ -0,0 +1,28 @@
+Feature: Sign up
+  In order to get access to protected sections of the site
+  A user
+  Should be able to sign up
+
+    Scenario: User signs up with invalid data
+      When I go to the sign up page
+      And I fill in "Email" with "invalidemail"
+      And I fill in "Password" with "password"
+      And I fill in "Confirm password" with ""
+      And I press "Sign Up"
+      Then I should see error messages
+
+    Scenario: User signs up with valid data
+      When I go to the sign up page
+      And I fill in "Email" with "email@person.com"
+      And I fill in "Password" with "password"
+      And I fill in "Confirm password" with "password"
+      And I press "Sign Up"
+      Then I should see "instructions for confirming"
+      And a confirmation message should be sent to "email@person.com"
+
+    Scenario: User confirms his account
+      Given I signed up with "email@person.com/password"
+      When I follow the confirmation link sent to "email@person.com"
+      Then I should see "Confirmed email and signed in"
+      And I should be signed in
+
@@ -0,0 +1,110 @@
+# General
+
+Then /^I should see error messages$/ do
+  assert_match /error(s)? prohibited/m, response.body
+end
+
+# Database
+
+Given /^no user exists with an email of "(.*)"$/ do |email|
+  assert_nil User.find_by_email(email)
+end
+
+Given /^I signed up with "(.*)\/(.*)"$/ do |email, password|
+  user = Factory :user,
+    :email                 => email,
+    :password              => password,
+    :password_confirmation => password
+end 
+
+Given /^I am signed up and confirmed as "(.*)\/(.*)"$/ do |email, password|
+  user = Factory :email_confirmed_user,
+    :email                 => email,
+    :password              => password,
+    :password_confirmation => password
+end
+
+# Session
+
+Then /^I should be signed in$/ do
+  assert controller.signed_in?
+end
+
+Then /^I should be signed out$/ do
+  assert ! controller.signed_in?
+end
+
+When /^session is cleared$/ do
+  request.reset_session
+  controller.instance_variable_set(:@_current_user, nil)
+end
+
+# Emails
+
+Then /^a confirmation message should be sent to "(.*)"$/ do |email|
+  user = User.find_by_email(email)
+  sent = ActionMailer::Base.deliveries.first
+  assert_equal [user.email], sent.to
+  assert_match /confirm/i, sent.subject
+  assert !user.token.blank?
+  assert_match /#{user.token}/, sent.body
+end
+
+When /^I follow the confirmation link sent to "(.*)"$/ do |email|
+  user = User.find_by_email(email)
+  visit new_user_confirmation_path(:user_id => user, :token => user.token)
+end
+
+Then /^a password reset message should be sent to "(.*)"$/ do |email|
+  user = User.find_by_email(email)
+  sent = ActionMailer::Base.deliveries.first
+  assert_equal [user.email], sent.to
+  assert_match /password/i, sent.subject
+  assert !user.token.blank?
+  assert_match /#{user.token}/, sent.body
+end
+
+When /^I follow the password reset link sent to "(.*)"$/ do |email|
+  user = User.find_by_email(email)
+  visit edit_user_password_path(:user_id => user, :token => user.token)
+end
+
+When /^I try to change the password of "(.*)" without token$/ do |email|
+  user = User.find_by_email(email)
+  visit edit_user_password_path(:user_id => user)
+end
+
+Then /^I should be forbidden$/ do
+  assert_response :forbidden
+end
+
+# Actions
+
+When /^I sign in( with "remember me")? as "(.*)\/(.*)"$/ do |remember, email, password|
+  When %{I go to the sign in page}
+  And %{I fill in "Email" with "#{email}"}
+  And %{I fill in "Password" with "#{password}"}
+  And %{I check "Remember me"} if remember
+  And %{I press "Sign In"}
+end
+
+When /^I sign out$/ do
+  visit '/session', :delete
+end
+
+When /^I request password reset link to be sent to "(.*)"$/ do |email|
+  When %{I go to the password reset request page}
+  And %{I fill in "Email address" with "#{email}"}
+  And %{I press "Reset password"}
+end
+
+When /^I update my password with "(.*)\/(.*)"$/ do |password, confirmation|
+  And %{I fill in "Choose password" with "#{password}"}
+  And %{I fill in "Confirm password" with "#{confirmation}"}
+  And %{I press "Save this password"}
+end
+
+When /^I return next time$/ do
+  When %{session is cleared}
+  And %{I go to the homepage}
+end
@@ -0,0 +1,5 @@
+Factory.factories.each do |name, factory|
+  Given /^an? #{name} exists with an? (.*) of "([^"]*)"$/ do |attr, value|
+    Factory(name, attr.gsub(' ', '_') => value)
+  end
+end
 module NavigationHelpers
-  # Maps a name to a path. Used by the
-  #
-  #   When /^I go to (.+)$/ do |page_name|
-  #
-  # step definition in webrat_steps.rb
-  #
   def path_to(page_name)
     case page_name
-    
-    when /the homepage/
-      '/'
-    
-    # Add more mappings here.
-    # Here is a more fancy example:
-    #
-    #   when /^(.*)'s profile page$/i
-    #     user_profile_path(User.find_by_login($1))
+
+    when /the homepage/i
+      root_path
+    when /the sign up page/i
+      new_user_path
+    when /the sign in page/i
+      new_session_path
+    when /the password reset request page/i
+      new_password_path
+
+    # Add more page name => path mappings here
  
     else
-      raise "Can't find mapping from \"#{page_name}\" to a path.\n" +
-        "Now, go and add a mapping in #{__FILE__}"
+      raise "Can't find mapping from \"#{page_name}\" to a path."
     end
   end
 end
@@ -0,0 +1,13 @@
+Factory.sequence :email do |n|
+  "user#{n}@example.com"
+end
+
+Factory.define :user do |user|
+  user.email                 { Factory.next :email }
+  user.password              { "password" }
+  user.password_confirmation { "password" }
+end
+
+Factory.define :email_confirmed_user, :parent => :user do |user|
+  user.email_confirmed { true }
+end
1	1	class ApplicationController < ActionController::Base
	2	+ include Clearance::Authentication
2	3
3	4	helper :all
4	5
...	...
...	...	@@ -0,0 +1,3 @@
	1	+class User < ActiveRecord::Base
	2	+ include Clearance::User
	3	+end
...	...
...	...	@@ -1,6 +0,0 @@
1		-ActionMailer::Base.smtp_settings = {
2		- :address => "smtp.thoughtbot.com",
3		- :port => 25,
4		- :domain => "thoughtbot.com"
5		-}
6		-
...	...	@@ -0,0 +1,8 @@
	1	+ActionMailer::Base.smtp_settings = {
	2	+ :address => "smtp.thoughtbot.com",
	3	+ :port => 25,
	4	+ :domain => "thoughtbot.com"
	5	+}
	6	+
	7	+DO_NOT_REPLY = "donotreply@example.com"
	8	+
...	...
...	...	@@ -1,10 +0,0 @@
1		-# Rails 2 doesn't like mocks
2		-
3		-# This callback will run before every request to a mock in development mode,
4		-# or before the first server request in production.
5		-
6		-Rails.configuration.to_prepare do
7		- Dir[File.join(RAILS_ROOT, 'test', 'mocks', RAILS_ENV, '*.rb')].each do \|f\|
8		- load f
9		- end
10		-end
1	1	ActionController::Routing::Routes.draw do \|map\|
2	2
3		- # Sample resource route (maps HTTP verbs to controller actions automatically):
4		- # map.resources :products
5		-
6		- # Sample resource route with options:
7		- # map.resources :products, :member => { :short => :get, :toggle => :post }, :collection => { :sold => :get }
8		-
9		- # Sample resource route with sub-resources:
10		- # map.resources :products, :has_many => [ :comments, :sales ], :has_one => :seller
11		-
12		- # Sample resource route within a namespace:
13		- # map.namespace :admin do \|admin\|
14		- # # Directs /admin/products/* to Admin::ProductsController (app/controllers/admin/products_controller.rb)
15		- # admin.resources :products
16		- # end
17		-
18		- # You can have the root of your site routed with map.root -- just remember to delete public/index.html.
19		- # map.root :controller => "welcome"
	3	+ map.root :controller => "clearance/users", :action => "new"
20	4
21	5	# See how all your routes lay out with "rake routes"
22	6
23		- # map.home '', :controller => 'home', :action => 'dashboard'
24		- # map.with_options :controller => 'sessions' do \|m\|
25		- # m.login '/login', :action => 'new'
26		- # m.logout '/logout', :action => 'destroy'
27		- # end
	7	+ # For more information on routes, read:
	8	+ # http://guides.rubyonrails.org/routing.html
28	9
29	10	end
...	...
...	...	@@ -0,0 +1,20 @@
	1	+class ClearanceCreateUsers < ActiveRecord::Migration
	2	+ def self.up
	3	+ create_table(:users) do \|t\|
	4	+ t.string :email
	5	+ t.string :encrypted_password, :limit => 128
	6	+ t.string :salt, :limit => 128
	7	+ t.string :token, :limit => 128
	8	+ t.datetime :token_expires_at
	9	+ t.boolean :email_confirmed, :default => false, :null => false
	10	+ end
	11	+
	12	+ add_index :users, [:id, :token]
	13	+ add_index :users, :email
	14	+ add_index :users, :token
	15	+ end
	16	+
	17	+ def self.down
	18	+ drop_table :users
	19	+ end
	20	+end
...	...
...	...	@@ -0,0 +1,33 @@
	1	+Feature: Password reset
	2	+ In order to sign in even if user forgot their password
	3	+ A user
	4	+ Should be able to reset it
	5	+
	6	+ Scenario: User is not signed up
	7	+ Given no user exists with an email of "email@person.com"
	8	+ When I request password reset link to be sent to "email@person.com"
	9	+ Then I should see "Unknown email"
	10	+
	11	+ Scenario: User is signed up and requests password reset
	12	+ Given I signed up with "email@person.com/password"
	13	+ When I request password reset link to be sent to "email@person.com"
	14	+ Then I should see "instructions for changing your password"
	15	+ And a password reset message should be sent to "email@person.com"
	16	+
	17	+ Scenario: User is signed up updated his password and types wrong confirmation
	18	+ Given I signed up with "email@person.com/password"
	19	+ When I follow the password reset link sent to "email@person.com"
	20	+ And I update my password with "newpassword/wrongconfirmation"
	21	+ Then I should see error messages
	22	+ And I should be signed out
	23	+
	24	+ Scenario: User is signed up and updates his password
	25	+ Given I signed up with "email@person.com/password"
	26	+ When I follow the password reset link sent to "email@person.com"
	27	+ And I update my password with "newpassword/newpassword"
	28	+ Then I should be signed in
	29	+ When I sign out
	30	+ Then I should be signed out
	31	+ And I sign in as "email@person.com/newpassword"
	32	+ Then I should be signed in
	33	+
...	...
...	...	@@ -0,0 +1,42 @@
	1	+Feature: Sign in
	2	+ In order to get access to protected sections of the site
	3	+ A user
	4	+ Should be able to sign in
	5	+
	6	+ Scenario: User is not signed up
	7	+ Given no user exists with an email of "email@person.com"
	8	+ When I go to the sign in page
	9	+ And I sign in as "email@person.com/password"
	10	+ Then I should see "Bad email or password"
	11	+ And I should be signed out
	12	+
	13	+ Scenario: User is not confirmed
	14	+ Given I signed up with "email@person.com/password"
	15	+ When I go to the sign in page
	16	+ And I sign in as "email@person.com/password"
	17	+ Then I should see "User has not confirmed email"
	18	+ And I should be signed out
	19	+
	20	+ Scenario: User enters wrong password
	21	+ Given I am signed up and confirmed as "email@person.com/password"
	22	+ When I go to the sign in page
	23	+ And I sign in as "email@person.com/wrongpassword"
	24	+ Then I should see "Bad email or password"
	25	+ And I should be signed out
	26	+
	27	+ Scenario: User signs in successfully
	28	+ Given I am signed up and confirmed as "email@person.com/password"
	29	+ When I go to the sign in page
	30	+ And I sign in as "email@person.com/password"
	31	+ Then I should see "Signed in"
	32	+ And I should be signed in
	33	+
	34	+ Scenario: User signs in and checks "remember me"
	35	+ Given I am signed up and confirmed as "email@person.com/password"
	36	+ When I go to the sign in page
	37	+ And I sign in with "remember me" as "email@person.com/password"
	38	+ Then I should see "Signed in"
	39	+ And I should be signed in
	40	+ When I return next time
	41	+ Then I should be signed in
	42	+
...	...
...	...	@@ -0,0 +1,23 @@
	1	+Feature: Sign out
	2	+ To protect my account from unauthorized access
	3	+ A signed in user
	4	+ Should be able to sign out
	5	+
	6	+ Scenario: User signs out
	7	+ Given I am signed up and confirmed as "email@person.com/password"
	8	+ When I sign in as "email@person.com/password"
	9	+ Then I should be signed in
	10	+ And I sign out
	11	+ Then I should see "Signed out"
	12	+ And I should be signed out
	13	+
	14	+ Scenario: User who was remembered signs out
	15	+ Given I am signed up and confirmed as "email@person.com/password"
	16	+ When I sign in with "remember me" as "email@person.com/password"
	17	+ Then I should be signed in
	18	+ And I sign out
	19	+ Then I should see "Signed out"
	20	+ And I should be signed out
	21	+ When I return next time
	22	+ Then I should be signed out
	23	+
...	...