Merge commit 'refs/merge-requests/42' of git://gitorious.org/noosfero/noosfero

Joenio Costa
2 parents 5d77e0b5 647ca1a5
Showing 21 changed files with 300 additions and 28 deletions Show diff stats
app/controllers/public/account_controller.rb
app/models/user.rb
app/views/account/login.rhtml
app/views/account/signup.rhtml
app/views/user/mailer/activation_code.rhtml
db/migrate/20110824192153_add_activated_at_to_users.rb
features/my_network_block.feature
features/signup.feature
features/step_definitions/noosfero_steps.rb
lib/user_activation_job.rb
test/fixtures/users.yml
test/functional/account_controller_test.rb
test/functional/profile_controller_test.rb
test/integration/editing_person_info_test.rb
test/integration/enterprise_registration_test.rb
test/integration/forgot_password_test.rb
test/integration/manage_documents_test.rb
test/integration/signup_test.rb
test/integration/user_registers_at_the_application_test.rb
test/unit/user_activation_job_test.rb
@@ -16,6 +16,17 @@ class AccountController &lt; ApplicationController
     end
   end
  
+  def activate
+    @user = User.find_by_activation_code(params[:activation_code]) if params[:activation_code]
+    if @user and @user.activate
+      @message = _("Your account has been activated, now you can log in!")
+      render :action => 'login', :userlogin => @user.login
+    else
+      session[:notice] = _("It looks like you're trying to activate an account. Perhaps have already activated this account?")
+      redirect_to :controller => :home
+    end
+  end
+
   # action to perform login to the application
   def login
     @user = User.new
@@ -60,7 +71,6 @@ class AccountController &lt; ApplicationController
       @person.environment = @user.environment
       if request.post? && params[self.icaptcha_field].blank?
         @user.signup!
-        self.current_user = @user
         owner_role = Role.find_by_name('owner')
         @user.person.affiliate(@user.person, [owner_role]) if owner_role
         invitation = Task.find_by_code(@invitation_code)
@@ -68,8 +78,7 @@ class AccountController &lt; ApplicationController
           invitation.update_attributes!({:friend => @user.person})
           invitation.finish
         end
-        session[:notice] = _("Thanks for signing up!")
-        go_to_initial_page if redirect?
+        @register_pending = true
       end
     rescue ActiveRecord::RecordInvalid
       @person.valid?
@@ -21,6 +21,8 @@ class User &lt; ActiveRecord::Base
     end
   end
  
+  before_create :make_activation_code
+
   before_create do |user|
     if user.environment.nil?
       user.environment = Environment.default
@@ -31,8 +33,11 @@ class User &lt; ActiveRecord::Base
     user.person ||= Person.new
     user.person.attributes = user.person_data.merge(:identifier => user.login, :user_id => user.id, :environment_id => user.environment_id)
     user.person.name ||= user.login
+    user.person.visible = false unless user.activated?
     user.person.save!
   end
+  after_create :deliver_activation_code
+  after_create :delay_activation_check
  
   attr_writer :person_data
   def person_data
@@ -55,6 +60,17 @@ class User &lt; ActiveRecord::Base
         :environment => user.environment.name,
         :url => url_for(:host => user.environment.default_hostname, :controller => 'home')
     end
+
+    def activation_code(user)
+      recipients user.email
+
+      from "#{user.environment.name} <#{user.environment.contact_email}>"
+      subject _("[%s] Activate your account") % [user.environment.name]
+      body :recipient => user.name,
+        :activation_code => user.activation_code,
+        :environment => user.environment.name,
+        :url => user.environment.top_url
+    end
   end
  
   def signup!
@@ -67,6 +83,8 @@ class User &lt; ActiveRecord::Base
   has_one :person, :dependent => :destroy
   belongs_to :environment
  
+  attr_protected :activated_at
+
   # Virtual attribute for the unencrypted password
   attr_accessor :password
  
@@ -87,10 +105,22 @@ class User &lt; ActiveRecord::Base
   # Authenticates a user by their login name and unencrypted password.  Returns the user or nil.
   def self.authenticate(login, password, environment = nil)
     environment ||= Environment.default
-    u = find_by_login_and_environment_id(login, environment.id) # need to get the salt
+    u = first :conditions => ['login = ? AND environment_id = ? AND activated_at IS NOT NULL', login, environment.id] # need to get the salt
     u && u.authenticated?(password) ? u : nil
   end
  
+  # Activates the user in the database.
+  def activate
+    self.activated_at = Time.now.utc
+    self.activation_code = nil
+    self.person.visible = true
+    self.person.save && self.save
+  end
+
+  def activated?
+    self.activation_code.nil? && !self.activated_at.nil?
+  end
+
   class UnsupportedEncryptionType < Exception; end
  
   def self.system_encryption_method
@@ -253,4 +283,16 @@ class User &lt; ActiveRecord::Base
     def password_required?
       crypted_password.blank? || !password.blank?
     end
+
+    def make_activation_code
+      self.activation_code = Digest::SHA1.hexdigest(Time.now.to_s.split(//).sort_by{rand}.join)
+    end
+
+    def deliver_activation_code
+      User::Mailer.deliver_activation_code(self) unless self.activation_code.blank?
+    end
+
+    def delay_activation_check
+      Delayed::Job.enqueue(UserActivationJob.new(self.id), 0, 72.hours.from_now)
+    end
 end
@@ -5,9 +5,11 @@
 <% @user ||= User.new %>
 <% is_thickbox ||= false %>
  
+<%= @message %>
+
 <% labelled_form_for :user, @user, :url => login_url do |f| %>
  
-     <%= f.text_field :login, :id => 'main_user_login', :onchange => 'this.value = convToValidLogin( this.value )' %>
+     <%= f.text_field :login, :id => 'main_user_login', :onchange => 'this.value = convToValidLogin( this.value )', :value => params[:userlogin] %>
  
      <%= f.password_field :password %>
  
 <h1><%= _('Signup') %></h1>
-<%= render :partial => 'signup_form' %>
+<% if @register_pending %>
+  <%= _('Thanks for signing up! Now check your e-mail to activate your account!') %>
+  <p style="text-align: center"><%= link_to(_('Go to the homepage'), '/') %></p>
+<% else %>
+  <%= render :partial => 'signup_form' %>
+<% end %>
@@ -0,0 +1,9 @@
+<%= _('Hi, %{recipient}!') % { :recipient => @recipient } %>
+
+<%= word_wrap(_('Welcome to %{environment}! To activate your account, follow the link: %{activation_url}') % { :environment => @environment, :activation_url => @url + url_for(:controller => :account, :action => :activate, :activation_code => @activation_code) }) %>
+
+<%= _("Greetings,") %>
+
+--
+<%= _('%s team.') % @environment %>
+<%= url_for @url %>
@@ -0,0 +1,16 @@
+class AddActivatedAtToUsers < ActiveRecord::Migration
+  def self.up
+    add_column :users, :activation_code, :string, :limit => 40
+    add_column :users, :activated_at, :datetime
+    if ActiveRecord::Base.connection.adapter_name == 'SQLite'
+      execute "update users set activated_at = datetime();"
+    else
+      execute "update users set activated_at = now();"
+    end
+  end
+
+  def self.down
+    remove_column :users, :activation_code
+    remove_column :users, :activated_at
+  end
+end
@@ -56,9 +56,10 @@ Feature: my_network_block
  
   Scenario: not display how many invisible friends I have
     Given the following users
-      | login      | name        | visible |
-      | mariasilva | Maria Silva | true    |
-      | josesilva  | Jose Silva  | false   |
+      | login      | name        |
+      | mariasilva | Maria Silva |
+      | josesilva  | Jose Silva  |
+    And "josesilva" is invisible
     And "joaosilva" is friend of "mariasilva"
     And I am logged in as "joaosilva"
     When I go to Joao Silva's homepage
@@ -14,6 +14,18 @@ Feature: signup
       | Password confirmation | secret                |
       | Name                  | José da Silva         |
     And I press "Sign up"
+    Then I should not be logged in
+		And I should receive an e-mail on josesilva@example.com
+    When I go to login page
+		And I fill in "Username" with "josesilva"
+		And I fill in "Password" with "secret"
+		And I press "Log in"
+    Then I should not be logged in
+    When José da Silva's account is activated
+    And I go to login page
+		And I fill in "Username" with "josesilva"
+		And I fill in "Password" with "secret"
+		And I press "Log in"
     Then I should be logged in as "josesilva"
  
   Scenario: be redirected if user goes to signup page and is logged
@@ -7,10 +7,14 @@ Given /^the following users?$/ do |table|
   table.hashes.each do |item|
     person_data = item.dup
     person_data.delete("login")
-    User.create!(:login => item[:login], :password => '123456', :password_confirmation => '123456', :email => item[:login] + "@example.com", :person_data => person_data)
+    User.create!(:login => item[:login], :password => '123456', :password_confirmation => '123456', :email => item[:login] + "@example.com", :person_data => person_data).activate
   end
 end
  
+Given /^"(.+)" is (invisible|visible)$/ do |user, visibility|
+  User.find_by_login(user).person.update_attributes(:visible => (visibility == 'visible'))
+end
+
 Given /^"(.+)" is (online|offline|busy) in chat$/ do |user, status|
   status = {'online' => 'chat', 'offline' => '', 'busy' => 'dnd'}[status]
   User.find_by_login(user).update_attributes(:chat_status => status, :chat_status_at => DateTime.now)
@@ -195,6 +199,7 @@ end
 Given /^I am logged in as admin$/ do
   visit('/account/logout')
   user = User.create!(:login => 'admin_user', :password => '123456', :password_confirmation => '123456', :email => 'admin_user@example.com')
+  user.activate
   e = Environment.default
   e.add_admin(user.person)
   visit('/account/login')
@@ -345,6 +350,10 @@ Then /^I should be logged in as &quot;(.+)&quot;$/ do |login|
   User.find(session[:user]).login.should == login
 end
  
+Then /^I should not be logged in$/ do
+  session[:user].nil?
+end
+
 Given /^the profile "(.+)" has no blocks$/ do |profile|
   profile = Profile[profile]
   profile.boxes.map do |box|
@@ -416,3 +425,12 @@ end
 Given /^skip comments captcha$/ do
   Comment.any_instance.stubs(:skip_captcha?).returns(true)
 end
+
+When /^([^\']*)'s account is activated$/ do |person|
+  Person.find_by_name(person).user.activate
+end
+
+Then /^I should receive an e-mail on (.*)$/ do |address|
+  last_mail = ActionMailer::Base.deliveries.last
+  last_mail['to'].to_s.should == address
+end
@@ -0,0 +1,6 @@
+class UserActivationJob < Struct.new(:user_id)
+  def perform
+    user = User.find(user_id)
+    user.destroy unless user.activated?
+  end
+end
@@ -6,7 +6,7 @@ johndoe:
   crypted_password: 00742970dc9e6319f8019fd54864d3ea740f04b1 # test
   #crypted_password: "ce2/iFrNtQ8=\n" # johndoe, use only if you're using 2-way encryption
   created_at: <%= 5.days.ago.to_s :db %>
-  # activated_at: <%= 5.days.ago.to_s :db %> # only if you're activating new signups
+  activated_at: <%= 5.days.ago.to_s :db %> # only if you're activating new signups
   environment_id: 1
 joerandomhacker:
   id: 2
@@ -14,7 +14,7 @@ joerandomhacker:
   email: joerandomhacker@localhost.localdomain
   salt: 7e3041ebc2fc05a40c60028e2c4901a81035d3cd
   crypted_password: 00742970dc9e6319f8019fd54864d3ea740f04b1 # test
-  # activation_code: aaronscode # only if you're activating new signups
+  activated_at: <%= 5.days.ago.to_s :db %> # only if you're activating new signups
   created_at: <%= 1.days.ago.to_s :db %>
   environment_id: 1
 ze:
@@ -23,7 +23,7 @@ ze:
   email: ze@localhost.localdomain
   salt: 7e3041ebc2fc05a40c60028e2c4901a81035d3cd
   crypted_password: 00742970dc9e6319f8019fd54864d3ea740f04b1 # test
-  # activation_code: aaronscode # only if you're activating new signups
+  activated_at: <%= 5.days.ago.to_s :db %> # only if you're activating new signups
   created_at: <%= 1.days.ago.to_s :db %>
   environment_id: 1
 other_ze:
@@ -32,6 +32,6 @@ other_ze:
   email: ze@localhost.localdomain
   salt: 7e3041ebc2fc05a40c60028e2c4901a81035d3cd
   crypted_password: 00742970dc9e6319f8019fd54864d3ea740f04b1 # test
-  # activation_code: aaronscode # only if you're activating new signups
+  activated_at: <%= 5.days.ago.to_s :db %> # only if you're activating new signups
   created_at: <%= 1.days.ago.to_s :db %>
   environment_id: 2
@@ -70,7 +70,8 @@ class AccountControllerTest &lt; Test::Unit::TestCase
   def test_should_allow_signup
     assert_difference User, :count do
       new_user
-      assert_response :redirect
+      assert_response :success
+      assert_not_nil assigns(:register_pending)
     end
   end
  
@@ -79,6 +80,7 @@ class AccountControllerTest &lt; Test::Unit::TestCase
       new_user(:login => nil)
       assert assigns(:user).errors.on(:login)
       assert_response :success
+      assert_nil assigns(:register_pending)
     end
   end
  
@@ -87,6 +89,7 @@ class AccountControllerTest &lt; Test::Unit::TestCase
       new_user(:password => nil)
       assert assigns(:user).errors.on(:password)
       assert_response :success
+      assert_nil assigns(:register_pending)
     end
   end
  
@@ -95,6 +98,7 @@ class AccountControllerTest &lt; Test::Unit::TestCase
       new_user(:password_confirmation => nil)
       assert assigns(:user).errors.on(:password_confirmation)
       assert_response :success
+      assert_nil assigns(:register_pending)
     end
   end
  
@@ -103,6 +107,7 @@ class AccountControllerTest &lt; Test::Unit::TestCase
       new_user(:email => nil)
       assert assigns(:user).errors.on(:email)
       assert_response :success
+      assert_nil assigns(:register_pending)
     end
   end
  
@@ -111,6 +116,7 @@ class AccountControllerTest &lt; Test::Unit::TestCase
       Environment.default.update_attributes(:terms_of_use => 'some terms ...')
       new_user
       assert_response :success
+      assert_nil assigns(:register_pending)
     end
   end
  
@@ -118,7 +124,8 @@ class AccountControllerTest &lt; Test::Unit::TestCase
     assert_difference User, :count do
       Environment.default.update_attributes(:terms_of_use => 'some terms ...')      
       new_user(:terms_accepted => '1')
-      assert_response :redirect
+      assert_response :success
+      assert_not_nil assigns(:register_pending)
     end
   end
  
@@ -643,7 +650,7 @@ class AccountControllerTest &lt; Test::Unit::TestCase
     Person.any_instance.stubs(:required_fields).returns(['organization'])
     assert_difference User, :count do
       post :signup, :user => { :login => 'testuser', :password => '123456', :password_confirmation => '123456', :email => 'testuser@example.com' }, :profile_data => { :organization => 'example.com' }
-      assert_redirected_to :controller => 'profile_editor', :profile => 'testuser'
+      assert_response :success
     end
     assert_equal 'example.com', Person['testuser'].organization
   end
@@ -689,6 +696,36 @@ class AccountControllerTest &lt; Test::Unit::TestCase
     assert_equal User.find_by_login('ze').data_hash.merge({ 'foo' => 'bar', 'test' => 5 }), ActiveSupport::JSON.decode(@response.body)
   end
  
+  should 'activate user when activation code is present and correct' do
+    user = User.create! :login => 'testuser', :password => 'test123', :password_confirmation => 'test123', :email => 'test@test.org'
+    get :activate, :activation_code => user.activation_code
+    assert_not_nil assigns(:message)
+    assert_response :success
+    post :login, :user => {:login => 'testuser', :password => 'test123'}
+    assert_not_nil session[:user]
+    assert_redirected_to :controller => 'profile_editor', :profile => 'testuser'
+  end
+
+  should 'not activate user when activation code is missing' do
+    @request.env["HTTP_REFERER"] = '/bli'
+    user = User.create! :login => 'testuser', :password => 'test123', :password_confirmation => 'test123', :email => 'test@test.org'
+    get :activate
+    assert_nil assigns(:message)
+    post :login, :user => {:login => 'testuser', :password => 'test123'}
+    assert_nil session[:user]
+    assert_redirected_to '/bli'
+  end
+
+  should 'not activate user when activation code is incorrect' do
+    @request.env["HTTP_REFERER"] = '/bli'
+    user = User.create! :login => 'testuser', :password => 'test123', :password_confirmation => 'test123', :email => 'test@test.org'
+    get :activate, :activation_code => 'wrongcode'
+    assert_nil assigns(:message)
+    post :login, :user => {:login => 'testuser', :password => 'test123'}
+    assert_nil session[:user]
+    assert_redirected_to '/bli'
+  end
+
   protected
     def new_user(options = {}, extra_options ={})
       data = {:profile_data => person_data}
@@ -189,8 +189,10 @@ class ProfileControllerTest &lt; Test::Unit::TestCase
   end
  
   should 'display add friend button' do
+    @profile.user.activate
     login_as(@profile.identifier)
     friend = create_user_full('friendtestuser').person
+    friend.user.activate
     friend.boxes.first.blocks << block = ProfileInfoBlock.create!
     get :profile_info, :profile => friend.identifier, :block_id => block.id
     assert_match /Add friend/, @response.body
@@ -318,6 +320,7 @@ class ProfileControllerTest &lt; Test::Unit::TestCase
  
   should 'display contact button only if friends' do
     friend = create_user_full('friend_user').person
+    friend.user.activate
     friend.boxes.first.blocks << block = ProfileInfoBlock.create!
     @profile.add_friend(friend)
     env = Environment.default
@@ -338,6 +341,7 @@ class ProfileControllerTest &lt; Test::Unit::TestCase
  
   should 'display contact button only if friends and its enable in environment' do
     friend = create_user_full('friend_user').person
+    friend.user.activate
     friend.boxes.first.blocks << block = ProfileInfoBlock.create!
     env = Environment.default
     env.disable('disable_contact_person')
@@ -8,6 +8,8 @@ class EditingPersonInfoTest &lt; ActionController::IntegrationTest
  
     profile = create_user('user_ze', :password => 'test', :password_confirmation => 'test').person
  
+    profile.user.activate
+
     login(profile.identifier, 'test')
  
     get "/myprofile/#{profile.identifier}"
@@ -50,6 +50,7 @@ class EnterpriseRegistrationTest &lt; ActionController::IntegrationTest
  
     # steps done by the validator
     validator = create_user_with_permission('validator', 'validate_enterprise', org)
+    validator.user.activate
     login 'validator', 'validator'
  
     get "/myprofile/myorg/enterprise_validation"
@@ -12,7 +12,7 @@ class ForgotPasswordTest &lt; ActionController::IntegrationTest
     Profile.destroy_all
     ChangePassword.destroy_all
  
-    create_user('forgotten', :password => 'test', :password_confirmation => 'test', :email => 'forgotten@localhost.localdomain')
+    create_user('forgotten', :password => 'test', :password_confirmation => 'test', :email => 'forgotten@localhost.localdomain').activate
  
     get '/account/forgot_password'
  
@@ -6,6 +6,7 @@ class ManageDocumentsTest &lt; ActionController::IntegrationTest
  
   def test_creation_of_a_new_article
     user = create_user('myuser')
+    user.activate
  
     login('myuser', 'myuser')
     assert_tag :tag => 'a', :attributes => { :href => "#{user.environment.top_url}/myprofile\/{login}"  }
@@ -34,6 +35,7 @@ class ManageDocumentsTest &lt; ActionController::IntegrationTest
  
   def test_update_of_an_existing_article
     profile = create_user('myuser').person
+    profile.user.activate
     article = create_article(profile, :name => 'my-article')
     article.save!
  
@@ -67,6 +69,7 @@ class ManageDocumentsTest &lt; ActionController::IntegrationTest
  
   def test_removing_an_article
     profile = create_user('myuser').person
+    profile.user.activate
     article = create_article(profile, :name => 'my-article')
     article.save!
  
@@ -11,6 +11,7 @@ class SignupTest &lt; ActionController::IntegrationTest
     Environment.default.update_attributes(:terms_of_use => 'You agree to not be annoying.')
  
     count = User.count
+    mail_count = ActionMailer::Base.deliveries.count
  
     get '/account/signup'
     assert_response :success
@@ -20,13 +21,13 @@ class SignupTest &lt; ActionController::IntegrationTest
     assert_response :success
     assert_template 'signup'
     assert_equal count, User.count
+    assert_equal mail_count, ActionMailer::Base.deliveries.count
  
     post '/account/signup', :user => { :login => 'shouldaccepterms', :password => 'test', :password_confirmation => 'test', :email => 'shouldaccepterms@example.com', :terms_accepted => '1' }, :profile_data => person_data
-    assert_response :redirect
-
-    follow_redirect!
     assert_response :success
+
     assert_equal count + 1, User.count
+    assert_equal mail_count + 1, ActionMailer::Base.deliveries.count
  
   end
  
@@ -13,13 +13,9 @@ class UserRegistersAtTheApplicationTest &lt; ActionController::IntegrationTest
     assert_response :success
  
     post '/account/signup', :user => { :login => 'mylogin', :password => 'mypassword', :password_confirmation => 'mypassword', :email => 'mylogin@example.com' }
-    assert_response :redirect
-    assert_redirected_to '/myprofile/mylogin'
+    assert_response :success
  
-    # user is logged in right after the registration
-    follow_redirect!
-    assert_no_tag :tag => 'a', :attributes => { :href => '/account/login_popup' }
-    assert_tag :tag => 'a', :attributes => { :href => '/account/logout'  }
+    assert_tag :tag => 'a', :attributes => { :href => /^\/account\/login/ }
   end
  
   def test_trying_an_existing_login_name
@@ -0,0 +1,39 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class NotifyActivityToProfilesJobTest < ActiveSupport::TestCase
+
+  should 'create job on user creation' do
+    assert_difference Delayed::Job, :count, 1 do
+      user = new_user :login => 'test1'
+      assert_equal user.id, YAML.load(Delayed::Job.last.handler).user_id
+    end
+    process_delayed_job_queue
+  end
+
+  should 'destroy user if not activated' do
+    user = new_user :login => 'test2'
+    job = UserActivationJob.new(user.id)
+    assert_difference User, :count, -1 do
+      job.perform
+      process_delayed_job_queue
+    end
+  end
+
+  should 'not destroy user if activated' do
+    user = new_user :login => 'test3'
+    user.activate
+    job = UserActivationJob.new(user.id)
+    assert_no_difference User, :count do
+      job.perform
+      process_delayed_job_queue
+    end
+  end
+
+  protected
+    def new_user(options = {})
+      user = User.new({ :login => 'quire', :email => 'quire@example.com', :password => 'quire', :password_confirmation => 'quire' }.merge(options))
+      user.save
+      user
+    end
+
+end
@@ -346,7 +346,7 @@ class UserTest &lt; Test::Unit::TestCase
     Person.any_instance.stubs(:profile_custom_icon).returns('/custom_icon')
     expected_hash = {
       'coldplayfriend' => {
-        'avatar' => '/custom_icon', 'name' => 'coldplayfriend', 'jid' => 'coldplayfriend@colivre.net/coldplayfriend', 'status' => 'chat'
+        'avatar' => '/custom_icon', 'name' => 'coldplayfriend', 'jid' => 'coldplayfriend@' + Environment.default.default_hostname + '/coldplayfriend', 'status' => 'chat'
       }
     }
     assert_equal expected_hash, person.user.data_hash['friends_list']
@@ -409,6 +409,75 @@ class UserTest &lt; Test::Unit::TestCase
     assert_equal 'testuser', user.name
   end
  
+  should 'have activation code' do
+    user = create_user('testuser')
+    assert_respond_to user, :activation_code
+  end
+
+  should 'have activated at' do
+    user = create_user('testuser')
+    assert_respond_to user, :activated_at
+  end
+
+  should 'make activation code before creation' do
+    assert_not_nil new_user.activation_code
+  end
+
+  should 'deliver e-mail with activation code after creation' do
+    assert_difference(ActionMailer::Base.deliveries, :size, 1) do
+      new_user :email => 'pending@activation.com'
+    end
+    assert_equal 'pending@activation.com', ActionMailer::Base.deliveries.last['to'].to_s
+  end
+
+  should 'not mass assign activated at' do
+    user = User.new :activated_at => 5.days.ago
+    assert_nil user.activated_at
+    user.attributes = { :activated_at => 5.days.ago }
+    assert_nil user.activated_at
+    user.activated_at = 5.days.ago
+    assert_not_nil user.activated_at
+  end
+
+  should 'authenticate an activated user' do
+    user = new_user :login => 'testuser', :password => 'test123', :password_confirmation => 'test123'
+    user.activate
+    assert_equal user, User.authenticate('testuser', 'test123')
+  end
+
+  should 'not authenticate a not activated user' do
+    user = new_user :login => 'testuser', :password => 'test123', :password_confirmation => 'test123'
+    assert_nil User.authenticate('testuser', 'test123')
+  end
+
+  should 'have activation code but no activated at when created' do
+    user = new_user
+    assert_not_nil user.activation_code
+    assert_nil user.activated_at
+    assert !user.person.visible
+  end
+
+  should 'activate an user' do
+    user = new_user
+    assert user.activate
+    assert_nil user.activation_code
+    assert_not_nil user.activated_at
+    assert user.person.visible
+  end
+
+  should 'return if the user is activated' do
+    user = new_user
+    assert !user.activated?
+    user.activate
+    assert user.activated?
+  end
+
+  should 'delay activation check' do
+    assert_difference Delayed::Job, :count, 1 do
+      user = new_user
+    end
+  end
+
   protected
     def new_user(options = {})
       user = User.new({ :login => 'quire', :email => 'quire@example.com', :password => 'quire', :password_confirmation => 'quire' }.merge(options))
...	...	@@ -16,6 +16,17 @@ class AccountController < ApplicationController
16	16	end
17	17	end
18	18
	19	+ def activate
	20	+ @user = User.find_by_activation_code(params[:activation_code]) if params[:activation_code]
	21	+ if @user and @user.activate
	22	+ @message = _("Your account has been activated, now you can log in!")
	23	+ render :action => 'login', :userlogin => @user.login
	24	+ else
	25	+ session[:notice] = _("It looks like you're trying to activate an account. Perhaps have already activated this account?")
	26	+ redirect_to :controller => :home
	27	+ end
	28	+ end
	29	+
19	30	# action to perform login to the application
20	31	def login
21	32	@user = User.new
...	...	@@ -60,7 +71,6 @@ class AccountController < ApplicationController
60	71	@person.environment = @user.environment
61	72	if request.post? && params[self.icaptcha_field].blank?
62	73	@user.signup!
63		- self.current_user = @user
64	74	owner_role = Role.find_by_name('owner')
65	75	@user.person.affiliate(@user.person, [owner_role]) if owner_role
66	76	invitation = Task.find_by_code(@invitation_code)
...	...	@@ -68,8 +78,7 @@ class AccountController < ApplicationController
68	78	invitation.update_attributes!({:friend => @user.person})
69	79	invitation.finish
70	80	end
71		- session[:notice] = _("Thanks for signing up!")
72		- go_to_initial_page if redirect?
	81	+ @register_pending = true
73	82	end
74	83	rescue ActiveRecord::RecordInvalid
75	84	@person.valid?
...	...
...	...	@@ -21,6 +21,8 @@ class User < ActiveRecord::Base
21	21	end
22	22	end
23	23
	24	+ before_create :make_activation_code
	25	+
24	26	before_create do \|user\|
25	27	if user.environment.nil?
26	28	user.environment = Environment.default
...	...	@@ -31,8 +33,11 @@ class User < ActiveRecord::Base
31	33	user.person \|\|= Person.new
32	34	user.person.attributes = user.person_data.merge(:identifier => user.login, :user_id => user.id, :environment_id => user.environment_id)
33	35	user.person.name \|\|= user.login
	36	+ user.person.visible = false unless user.activated?
34	37	user.person.save!
35	38	end
	39	+ after_create :deliver_activation_code
	40	+ after_create :delay_activation_check
36	41
37	42	attr_writer :person_data
38	43	def person_data
...	...	@@ -55,6 +60,17 @@ class User < ActiveRecord::Base
55	60	:environment => user.environment.name,
56	61	:url => url_for(:host => user.environment.default_hostname, :controller => 'home')
57	62	end
	63	+
	64	+ def activation_code(user)
	65	+ recipients user.email
	66	+
	67	+ from "#{user.environment.name} <#{user.environment.contact_email}>"
	68	+ subject _("[%s] Activate your account") % [user.environment.name]
	69	+ body :recipient => user.name,
	70	+ :activation_code => user.activation_code,
	71	+ :environment => user.environment.name,
	72	+ :url => user.environment.top_url
	73	+ end
58	74	end
59	75
60	76	def signup!
...	...	@@ -67,6 +83,8 @@ class User < ActiveRecord::Base
67	83	has_one :person, :dependent => :destroy
68	84	belongs_to :environment
69	85
	86	+ attr_protected :activated_at
	87	+
70	88	# Virtual attribute for the unencrypted password
71	89	attr_accessor :password
72	90
...	...	@@ -87,10 +105,22 @@ class User < ActiveRecord::Base
87	105	# Authenticates a user by their login name and unencrypted password. Returns the user or nil.
88	106	def self.authenticate(login, password, environment = nil)
89	107	environment \|\|= Environment.default
90		- u = find_by_login_and_environment_id(login, environment.id) # need to get the salt
	108	+ u = first :conditions => ['login = ? AND environment_id = ? AND activated_at IS NOT NULL', login, environment.id] # need to get the salt
91	109	u && u.authenticated?(password) ? u : nil
92	110	end
93	111
	112	+ # Activates the user in the database.
	113	+ def activate
	114	+ self.activated_at = Time.now.utc
	115	+ self.activation_code = nil
	116	+ self.person.visible = true
	117	+ self.person.save && self.save
	118	+ end
	119	+
	120	+ def activated?
	121	+ self.activation_code.nil? && !self.activated_at.nil?
	122	+ end
	123	+
94	124	class UnsupportedEncryptionType < Exception; end
95	125
96	126	def self.system_encryption_method
...	...	@@ -253,4 +283,16 @@ class User < ActiveRecord::Base
253	283	def password_required?
254	284	crypted_password.blank? \|\| !password.blank?
255	285	end
	286	+
	287	+ def make_activation_code
	288	+ self.activation_code = Digest::SHA1.hexdigest(Time.now.to_s.split(//).sort_by{rand}.join)
	289	+ end
	290	+
	291	+ def deliver_activation_code
	292	+ User::Mailer.deliver_activation_code(self) unless self.activation_code.blank?
	293	+ end
	294	+
	295	+ def delay_activation_check
	296	+ Delayed::Job.enqueue(UserActivationJob.new(self.id), 0, 72.hours.from_now)
	297	+ end
256	298	end
...	...
...	...	@@ -5,9 +5,11 @@
5	5	<% @user \|\|= User.new %>
6	6	<% is_thickbox \|\|= false %>
7	7
	8	+<%= @message %>
	9	+
8	10	<% labelled_form_for :user, @user, :url => login_url do \|f\| %>
9	11
10		- <%= f.text_field :login, :id => 'main_user_login', :onchange => 'this.value = convToValidLogin( this.value )' %>
	12	+ <%= f.text_field :login, :id => 'main_user_login', :onchange => 'this.value = convToValidLogin( this.value )', :value => params[:userlogin] %>
11	13
12	14	<%= f.password_field :password %>
13	15
...	...
1	1	<h1><%= _('Signup') %></h1>
2		-<%= render :partial => 'signup_form' %>
	2	+<% if @register_pending %>
	3	+ <%= _('Thanks for signing up! Now check your e-mail to activate your account!') %>
	4	+ <p style="text-align: center"><%= link_to(_('Go to the homepage'), '/') %></p>
	5	+<% else %>
	6	+ <%= render :partial => 'signup_form' %>
	7	+<% end %>
...	...
...	...	@@ -0,0 +1,9 @@
	1	+<%= _('Hi, %{recipient}!') % { :recipient => @recipient } %>
	2	+
	3	+<%= word_wrap(_('Welcome to %{environment}! To activate your account, follow the link: %{activation_url}') % { :environment => @environment, :activation_url => @url + url_for(:controller => :account, :action => :activate, :activation_code => @activation_code) }) %>
	4	+
	5	+<%= _("Greetings,") %>
	6	+
	7	+--
	8	+<%= _('%s team.') % @environment %>
	9	+<%= url_for @url %>
...	...
...	...	@@ -0,0 +1,16 @@
	1	+class AddActivatedAtToUsers < ActiveRecord::Migration
	2	+ def self.up
	3	+ add_column :users, :activation_code, :string, :limit => 40
	4	+ add_column :users, :activated_at, :datetime
	5	+ if ActiveRecord::Base.connection.adapter_name == 'SQLite'
	6	+ execute "update users set activated_at = datetime();"
	7	+ else
	8	+ execute "update users set activated_at = now();"
	9	+ end
	10	+ end
	11	+
	12	+ def self.down
	13	+ remove_column :users, :activation_code
	14	+ remove_column :users, :activated_at
	15	+ end
	16	+end
...	...
...	...	@@ -56,9 +56,10 @@ Feature: my_network_block
56	56
57	57	Scenario: not display how many invisible friends I have
58	58	Given the following users
59		- \| login \| name \| visible \|
60		- \| mariasilva \| Maria Silva \| true \|
61		- \| josesilva \| Jose Silva \| false \|
	59	+ \| login \| name \|
	60	+ \| mariasilva \| Maria Silva \|
	61	+ \| josesilva \| Jose Silva \|
	62	+ And "josesilva" is invisible
62	63	And "joaosilva" is friend of "mariasilva"
63	64	And I am logged in as "joaosilva"
64	65	When I go to Joao Silva's homepage
...	...
...	...	@@ -14,6 +14,18 @@ Feature: signup
14	14	\| Password confirmation \| secret \|
15	15	\| Name \| José da Silva \|
16	16	And I press "Sign up"
	17	+ Then I should not be logged in
	18	+ And I should receive an e-mail on josesilva@example.com
	19	+ When I go to login page
	20	+ And I fill in "Username" with "josesilva"
	21	+ And I fill in "Password" with "secret"
	22	+ And I press "Log in"
	23	+ Then I should not be logged in
	24	+ When José da Silva's account is activated
	25	+ And I go to login page
	26	+ And I fill in "Username" with "josesilva"
	27	+ And I fill in "Password" with "secret"
	28	+ And I press "Log in"
17	29	Then I should be logged in as "josesilva"
18	30
19	31	Scenario: be redirected if user goes to signup page and is logged
...	...
...	...	@@ -7,10 +7,14 @@ Given /^the following users?$/ do \|table\|
7	7	table.hashes.each do \|item\|
8	8	person_data = item.dup
9	9	person_data.delete("login")
10		- User.create!(:login => item[:login], :password => '123456', :password_confirmation => '123456', :email => item[:login] + "@example.com", :person_data => person_data)
	10	+ User.create!(:login => item[:login], :password => '123456', :password_confirmation => '123456', :email => item[:login] + "@example.com", :person_data => person_data).activate
11	11	end
12	12	end
13	13
	14	+Given /^"(.+)" is (invisible\|visible)$/ do \|user, visibility\|
	15	+ User.find_by_login(user).person.update_attributes(:visible => (visibility == 'visible'))
	16	+end
	17	+
14	18	Given /^"(.+)" is (online\|offline\|busy) in chat$/ do \|user, status\|
15	19	status = {'online' => 'chat', 'offline' => '', 'busy' => 'dnd'}[status]
16	20	User.find_by_login(user).update_attributes(:chat_status => status, :chat_status_at => DateTime.now)
...	...	@@ -195,6 +199,7 @@ end
195	199	Given /^I am logged in as admin$/ do
196	200	visit('/account/logout')
197	201	user = User.create!(:login => 'admin_user', :password => '123456', :password_confirmation => '123456', :email => 'admin_user@example.com')
	202	+ user.activate
198	203	e = Environment.default
199	204	e.add_admin(user.person)
200	205	visit('/account/login')
...	...	@@ -345,6 +350,10 @@ Then /^I should be logged in as "(.+)"$/ do \|login\|
345	350	User.find(session[:user]).login.should == login
346	351	end
347	352
	353	+Then /^I should not be logged in$/ do
	354	+ session[:user].nil?
	355	+end
	356	+
348	357	Given /^the profile "(.+)" has no blocks$/ do \|profile\|
349	358	profile = Profile[profile]
350	359	profile.boxes.map do \|box\|
...	...	@@ -416,3 +425,12 @@ end
416	425	Given /^skip comments captcha$/ do
417	426	Comment.any_instance.stubs(:skip_captcha?).returns(true)
418	427	end
	428	+
	429	+When /^([^\']*)'s account is activated$/ do \|person\|
	430	+ Person.find_by_name(person).user.activate
	431	+end
	432	+
	433	+Then /^I should receive an e-mail on (.*)$/ do \|address\|
	434	+ last_mail = ActionMailer::Base.deliveries.last
	435	+ last_mail['to'].to_s.should == address
	436	+end
...	...
...	...	@@ -0,0 +1,6 @@
	1	+class UserActivationJob < Struct.new(:user_id)
	2	+ def perform
	3	+ user = User.find(user_id)
	4	+ user.destroy unless user.activated?
	5	+ end
	6	+end
...	...