+++ /dev/null
-./script/generate authenticated USERMODEL CONTROLLERNAME
\ No newline at end of file
+++ /dev/null
-require File.expand_path(File.dirname(__FILE__) + "/lib/insert_routes.rb")
-require 'digest/sha1'
-class AuthenticatedGenerator < Rails::Generator::NamedBase
- default_options :skip_migration => false,
- :skip_routes => false,
- :old_passwords => false,
- :include_activation => false
-
- attr_reader :controller_name,
- :controller_class_path,
- :controller_file_path,
- :controller_class_nesting,
- :controller_class_nesting_depth,
- :controller_class_name,
- :controller_singular_name,
- :controller_plural_name,
- :controller_routing_name, # new_session_path
- :controller_routing_path, # /session/new
- :controller_controller_name, # sessions
- :controller_file_name
- alias_method :controller_table_name, :controller_plural_name
- attr_reader :model_controller_name,
- :model_controller_class_path,
- :model_controller_file_path,
- :model_controller_class_nesting,
- :model_controller_class_nesting_depth,
- :model_controller_class_name,
- :model_controller_singular_name,
- :model_controller_plural_name,
- :model_controller_routing_name, # new_user_path
- :model_controller_routing_path, # /users/new
- :model_controller_controller_name # users
- alias_method :model_controller_file_name, :model_controller_singular_name
- alias_method :model_controller_table_name, :model_controller_plural_name
-
- def initialize(runtime_args, runtime_options = {})
- super
-
- @rspec = has_rspec?
-
- @controller_name = (args.shift || 'sessions').pluralize
- @model_controller_name = @name.pluralize
-
- # sessions controller
- base_name, @controller_class_path, @controller_file_path, @controller_class_nesting, @controller_class_nesting_depth = extract_modules(@controller_name)
- @controller_class_name_without_nesting, @controller_file_name, @controller_plural_name = inflect_names(base_name)
- @controller_singular_name = @controller_file_name.singularize
- if @controller_class_nesting.empty?
- @controller_class_name = @controller_class_name_without_nesting
- else
- @controller_class_name = "#{@controller_class_nesting}::#{@controller_class_name_without_nesting}"
- end
- @controller_routing_name = @controller_singular_name
- @controller_routing_path = @controller_file_path.singularize
- @controller_controller_name = @controller_plural_name
-
- # model controller
- base_name, @model_controller_class_path, @model_controller_file_path, @model_controller_class_nesting, @model_controller_class_nesting_depth = extract_modules(@model_controller_name)
- @model_controller_class_name_without_nesting, @model_controller_singular_name, @model_controller_plural_name = inflect_names(base_name)
-
- if @model_controller_class_nesting.empty?
- @model_controller_class_name = @model_controller_class_name_without_nesting
- else
- @model_controller_class_name = "#{@model_controller_class_nesting}::#{@model_controller_class_name_without_nesting}"
- end
- @model_controller_routing_name = @table_name
- @model_controller_routing_path = @model_controller_file_path
- @model_controller_controller_name = @model_controller_plural_name
-
- load_or_initialize_site_keys()
-
- if options[:dump_generator_attribute_names]
- dump_generator_attribute_names
- end
- end
-
- def manifest
- recorded_session = record do |m|
- # Check for class naming collisions.
- m.class_collisions controller_class_path, "#{controller_class_name}Controller", # Sessions Controller
- "#{controller_class_name}Helper"
- m.class_collisions model_controller_class_path, "#{model_controller_class_name}Controller", # Model Controller
- "#{model_controller_class_name}Helper"
- m.class_collisions class_path, "#{class_name}", "#{class_name}Mailer", "#{class_name}MailerTest", "#{class_name}Observer"
- m.class_collisions [], 'AuthenticatedSystem', 'AuthenticatedTestHelper'
-
- # Controller, helper, views, and test directories.
- m.directory File.join('app/models', class_path)
- m.directory File.join('app/controllers', controller_class_path)
- m.directory File.join('app/controllers', model_controller_class_path)
- m.directory File.join('app/helpers', controller_class_path)
- m.directory File.join('app/views', controller_class_path, controller_file_name)
- m.directory File.join('app/views', class_path, "#{file_name}_mailer") if options[:include_activation]
-
- m.directory File.join('app/controllers', model_controller_class_path)
- m.directory File.join('app/helpers', model_controller_class_path)
- m.directory File.join('app/views', model_controller_class_path, model_controller_file_name)
- m.directory File.join('config/initializers')
-
- if @rspec
- m.directory File.join('spec/controllers', controller_class_path)
- m.directory File.join('spec/controllers', model_controller_class_path)
- m.directory File.join('spec/models', class_path)
- m.directory File.join('spec/helpers', model_controller_class_path)
- m.directory File.join('spec/fixtures', class_path)
- m.directory 'features'
- m.directory File.join('features', 'step_definitions')
- else
- m.directory File.join('test/functional', controller_class_path)
- m.directory File.join('test/functional', model_controller_class_path)
- m.directory File.join('test/unit', class_path)
- m.directory File.join('test/fixtures', class_path)
- end
-
- m.template 'model.rb',
- File.join('app/models',
- class_path,
- "#{file_name}.rb")
-
- if options[:include_activation]
- %w( mailer observer ).each do |model_type|
- m.template "#{model_type}.rb", File.join('app/models',
- class_path,
- "#{file_name}_#{model_type}.rb")
- end
- end
-
- m.template 'controller.rb',
- File.join('app/controllers',
- controller_class_path,
- "#{controller_file_name}_controller.rb")
-
- m.template 'model_controller.rb',
- File.join('app/controllers',
- model_controller_class_path,
- "#{model_controller_file_name}_controller.rb")
-
- m.template 'authenticated_system.rb',
- File.join('lib', 'authenticated_system.rb')
-
- m.template 'authenticated_test_helper.rb',
- File.join('lib', 'authenticated_test_helper.rb')
-
- m.template 'site_keys.rb', site_keys_file
-
- if @rspec
- # RSpec Specs
- m.template 'spec/controllers/users_controller_spec.rb',
- File.join('spec/controllers',
- model_controller_class_path,
- "#{model_controller_file_name}_controller_spec.rb")
- m.template 'spec/controllers/sessions_controller_spec.rb',
- File.join('spec/controllers',
- controller_class_path,
- "#{controller_file_name}_controller_spec.rb")
- m.template 'spec/controllers/access_control_spec.rb',
- File.join('spec/controllers',
- controller_class_path,
- "access_control_spec.rb")
- m.template 'spec/controllers/authenticated_system_spec.rb',
- File.join('spec/controllers',
- controller_class_path,
- "authenticated_system_spec.rb")
- m.template 'spec/helpers/users_helper_spec.rb',
- File.join('spec/helpers',
- model_controller_class_path,
- "#{table_name}_helper_spec.rb")
- m.template 'spec/models/user_spec.rb',
- File.join('spec/models',
- class_path,
- "#{file_name}_spec.rb")
- m.template 'spec/fixtures/users.yml',
- File.join('spec/fixtures',
- class_path,
- "#{table_name}.yml")
-
- # Cucumber features
- m.template 'features/step_definitions/ra_navigation_steps.rb',
- File.join('features/step_definitions/ra_navigation_steps.rb')
- m.template 'features/step_definitions/ra_response_steps.rb',
- File.join('features/step_definitions/ra_response_steps.rb')
- m.template 'features/step_definitions/ra_resource_steps.rb',
- File.join('features/step_definitions/ra_resource_steps.rb')
- m.template 'features/step_definitions/user_steps.rb',
- File.join('features/step_definitions/', "#{file_name}_steps.rb")
- m.template 'features/accounts.feature',
- File.join('features', 'accounts.feature')
- m.template 'features/sessions.feature',
- File.join('features', 'sessions.feature')
- m.template 'features/step_definitions/rest_auth_features_helper.rb',
- File.join('features', 'step_definitions', 'rest_auth_features_helper.rb')
- m.template 'features/step_definitions/ra_env.rb',
- File.join('features', 'step_definitions', 'ra_env.rb')
-
- else
- m.template 'test/functional_test.rb',
- File.join('test/functional',
- controller_class_path,
- "#{controller_file_name}_controller_test.rb")
- m.template 'test/model_functional_test.rb',
- File.join('test/functional',
- model_controller_class_path,
- "#{model_controller_file_name}_controller_test.rb")
- m.template 'test/unit_test.rb',
- File.join('test/unit',
- class_path,
- "#{file_name}_test.rb")
- if options[:include_activation]
- m.template 'test/mailer_test.rb', File.join('test/unit', class_path, "#{file_name}_mailer_test.rb")
- end
- m.template 'spec/fixtures/users.yml',
- File.join('test/fixtures',
- class_path,
- "#{table_name}.yml")
- end
-
- m.template 'helper.rb',
- File.join('app/helpers',
- controller_class_path,
- "#{controller_file_name}_helper.rb")
-
- m.template 'model_helper.rb',
- File.join('app/helpers',
- model_controller_class_path,
- "#{model_controller_file_name}_helper.rb")
-
-
- # Controller templates
- m.template 'login.html.erb', File.join('app/views', controller_class_path, controller_file_name, "new.html.erb")
- m.template 'signup.html.erb', File.join('app/views', model_controller_class_path, model_controller_file_name, "new.html.erb")
- m.template '_model_partial.html.erb', File.join('app/views', model_controller_class_path, model_controller_file_name, "_#{file_name}_bar.html.erb")
-
- if options[:include_activation]
- # Mailer templates
- %w( activation signup_notification ).each do |action|
- m.template "#{action}.erb",
- File.join('app/views', "#{file_name}_mailer", "#{action}.erb")
- end
- end
-
- unless options[:skip_migration]
- m.migration_template 'migration.rb', 'db/migrate', :assigns => {
- :migration_name => "Create#{class_name.pluralize.gsub(/::/, '')}"
- }, :migration_file_name => "create_#{file_path.gsub(/\//, '_').pluralize}"
- end
- unless options[:skip_routes]
- # Note that this fails for nested classes -- you're on your own with setting up the routes.
- m.route_resource controller_singular_name
- m.route_resources model_controller_plural_name
- m.route_name('signup', '/signup', {:controller => model_controller_plural_name, :action => 'new'})
- m.route_name('register', '/register', {:controller => model_controller_plural_name, :action => 'create'})
- m.route_name('login', '/login', {:controller => controller_controller_name, :action => 'new'})
- m.route_name('logout', '/logout', {:controller => controller_controller_name, :action => 'destroy'})
- end
- end
-
- #
- # Post-install notes
- #
- action = File.basename($0) # grok the action from './script/generate' or whatever
- case action
- when "generate"
- puts "Ready to generate."
- puts ("-" * 70)
- puts "Once finished, don't forget to:"
- puts
- if options[:include_activation]
- puts "- Add an observer to config/environment.rb"
- puts " config.active_record.observers = :#{file_name}_observer"
- end
- if options[:aasm]
- puts "- Install the acts_as_state_machine gem:"
- puts " sudo gem sources -a http://gems.github.com (If you haven't already)"
- puts " sudo gem install rubyist-aasm"
- elsif options[:stateful]
- puts "- Install the acts_as_state_machine plugin:"
- puts " svn export http://elitists.textdriven.com/svn/plugins/acts_as_state_machine/trunk vendor/plugins/acts_as_state_machine"
- end
- puts "- Add routes to these resources. In config/routes.rb, insert routes like:"
- puts %( map.signup '/signup', :controller => '#{model_controller_file_name}', :action => 'new')
- puts %( map.login '/login', :controller => '#{controller_file_name}', :action => 'new')
- puts %( map.logout '/logout', :controller => '#{controller_file_name}', :action => 'destroy')
- if options[:include_activation]
- puts %( map.activate '/activate/:activation_code', :controller => '#{model_controller_file_name}', :action => 'activate', :activation_code => nil)
- end
- if options[:stateful]
- puts " and modify the map.resources :#{model_controller_file_name} line to include these actions:"
- puts " map.resources :#{model_controller_file_name}, :member => { :suspend => :put, :unsuspend => :put, :purge => :delete }"
- end
- puts
- puts ("-" * 70)
- puts
- if $rest_auth_site_key_from_generator.blank?
- puts "You've set a nil site key. This preserves existing users' passwords,"
- puts "but allows dictionary attacks in the unlikely event your database is"
- puts "compromised and your site code is not. See the README for more."
- elsif $rest_auth_keys_are_new
- puts "We've create a new site key in #{site_keys_file}. If you have existing"
- puts "user accounts their passwords will no longer work (see README). As always,"
- puts "keep this file safe but don't post it in public."
- else
- puts "We've reused the existing site key in #{site_keys_file}. As always,"
- puts "keep this file safe but don't post it in public."
- end
- puts
- puts ("-" * 70)
- when "destroy"
- puts
- puts ("-" * 70)
- puts
- puts "Thanks for using restful_authentication"
- puts
- puts "Don't forget to comment out the observer line in environment.rb"
- puts " (This was optional so it may not even be there)"
- puts " # config.active_record.observers = :#{file_name}_observer"
- puts
- puts ("-" * 70)
- puts
- else
- puts "Didn't understand the action '#{action}' -- you might have missed the 'after running me' instructions."
- end
-
- #
- # Do the thing
- #
- recorded_session
- end
-
- def has_rspec?
- spec_dir = File.join(RAILS_ROOT, 'spec')
- options[:rspec] ||= (File.exist?(spec_dir) && File.directory?(spec_dir)) unless (options[:rspec] == false)
- end
-
- #
- # !! These must match the corresponding routines in by_password.rb !!
- #
- def secure_digest(*args)
- Digest::SHA1.hexdigest(args.flatten.join('--'))
- end
- def make_token
- secure_digest(Time.now, (1..10).map{ rand.to_s })
- end
- def password_digest(password, salt)
- digest = $rest_auth_site_key_from_generator
- $rest_auth_digest_stretches_from_generator.times do
- digest = secure_digest(digest, salt, password, $rest_auth_site_key_from_generator)
- end
- digest
- end
-
- #
- # Try to be idempotent:
- # pull in the existing site key if any,
- # seed it with reasonable defaults otherwise
- #
- def load_or_initialize_site_keys
- case
- when defined? REST_AUTH_SITE_KEY
- if (options[:old_passwords]) && ((! REST_AUTH_SITE_KEY.blank?) || (REST_AUTH_DIGEST_STRETCHES != 1))
- raise "You have a site key, but --old-passwords will overwrite it. If this is really what you want, move the file #{site_keys_file} and re-run."
- end
- $rest_auth_site_key_from_generator = REST_AUTH_SITE_KEY
- $rest_auth_digest_stretches_from_generator = REST_AUTH_DIGEST_STRETCHES
- when options[:old_passwords]
- $rest_auth_site_key_from_generator = nil
- $rest_auth_digest_stretches_from_generator = 1
- $rest_auth_keys_are_new = true
- else
- $rest_auth_site_key_from_generator = make_token
- $rest_auth_digest_stretches_from_generator = 10
- $rest_auth_keys_are_new = true
- end
- end
- def site_keys_file
- File.join("config", "initializers", "site_keys.rb")
- end
-
-protected
- # Override with your own usage banner.
- def banner
- "Usage: #{$0} authenticated ModelName [ControllerName]"
- end
-
- def add_options!(opt)
- opt.separator ''
- opt.separator 'Options:'
- opt.on("--skip-migration",
- "Don't generate a migration file for this model") { |v| options[:skip_migration] = v }
- opt.on("--include-activation",
- "Generate signup 'activation code' confirmation via email") { |v| options[:include_activation] = true }
- opt.on("--stateful",
- "Use acts_as_state_machine. Assumes --include-activation") { |v| options[:include_activation] = options[:stateful] = true }
- opt.on("--aasm",
- "Use (gem) aasm. Assumes --include-activation") { |v| options[:include_activation] = options[:stateful] = options[:aasm] = true }
- opt.on("--rspec",
- "Force rspec mode (checks for RAILS_ROOT/spec by default)") { |v| options[:rspec] = true }
- opt.on("--no-rspec",
- "Force test (not RSpec mode") { |v| options[:rspec] = false }
- opt.on("--skip-routes",
- "Don't generate a resource line in config/routes.rb") { |v| options[:skip_routes] = v }
- opt.on("--old-passwords",
- "Use the older password encryption scheme (see README)") { |v| options[:old_passwords] = v }
- opt.on("--dump-generator-attrs",
- "(generator debug helper)") { |v| options[:dump_generator_attribute_names] = v }
- end
-
- def dump_generator_attribute_names
- generator_attribute_names = [
- :table_name,
- :file_name,
- :class_name,
- :controller_name,
- :controller_class_path,
- :controller_file_path,
- :controller_class_nesting,
- :controller_class_nesting_depth,
- :controller_class_name,
- :controller_singular_name,
- :controller_plural_name,
- :controller_routing_name, # new_session_path
- :controller_routing_path, # /session/new
- :controller_controller_name, # sessions
- :controller_file_name,
- :controller_table_name, :controller_plural_name,
- :model_controller_name,
- :model_controller_class_path,
- :model_controller_file_path,
- :model_controller_class_nesting,
- :model_controller_class_nesting_depth,
- :model_controller_class_name,
- :model_controller_singular_name,
- :model_controller_plural_name,
- :model_controller_routing_name, # new_user_path
- :model_controller_routing_path, # /users/new
- :model_controller_controller_name, # users
- :model_controller_file_name, :model_controller_singular_name,
- :model_controller_table_name, :model_controller_plural_name,
- ]
- generator_attribute_names.each do |attr|
- puts "%-40s %s" % ["#{attr}:", self.send(attr)] # instance_variable_get("@#{attr.to_s}"
- end
-
- end
-end
-
-# ./script/generate authenticated FoonParent::Foon SporkParent::Spork -p --force --rspec --dump-generator-attrs
-# table_name: foon_parent_foons
-# file_name: foon
-# class_name: FoonParent::Foon
-# controller_name: SporkParent::Sporks
-# controller_class_path: spork_parent
-# controller_file_path: spork_parent/sporks
-# controller_class_nesting: SporkParent
-# controller_class_nesting_depth: 1
-# controller_class_name: SporkParent::Sporks
-# controller_singular_name: spork
-# controller_plural_name: sporks
-# controller_routing_name: spork
-# controller_routing_path: spork_parent/spork
-# controller_controller_name: sporks
-# controller_file_name: sporks
-# controller_table_name: sporks
-# controller_plural_name: sporks
-# model_controller_name: FoonParent::Foons
-# model_controller_class_path: foon_parent
-# model_controller_file_path: foon_parent/foons
-# model_controller_class_nesting: FoonParent
-# model_controller_class_nesting_depth: 1
-# model_controller_class_name: FoonParent::Foons
-# model_controller_singular_name: foons
-# model_controller_plural_name: foons
-# model_controller_routing_name: foon_parent_foons
-# model_controller_routing_path: foon_parent/foons
-# model_controller_controller_name: foons
-# model_controller_file_name: foons
-# model_controller_singular_name: foons
-# model_controller_table_name: foons
-# model_controller_plural_name: foons
+++ /dev/null
-Rails::Generator::Commands::Create.class_eval do
- def route_resource(*resources)
- resource_list = resources.map { |r| r.to_sym.inspect }.join(', ')
- sentinel = 'ActionController::Routing::Routes.draw do |map|'
-
- logger.route "map.resource #{resource_list}"
- unless options[:pretend]
- gsub_file 'config/routes.rb', /(#{Regexp.escape(sentinel)})/mi do |match|
- "#{match}\n map.resource #{resource_list}\n"
- end
- end
- end
-
- def route_name(name, path, route_options = {})
- sentinel = 'ActionController::Routing::Routes.draw do |map|'
-
- logger.route "map.#{name} '#{path}', :controller => '#{route_options[:controller]}', :action => '#{route_options[:action]}'"
- unless options[:pretend]
- gsub_file 'config/routes.rb', /(#{Regexp.escape(sentinel)})/mi do |match|
- "#{match}\n map.#{name} '#{path}', :controller => '#{route_options[:controller]}', :action => '#{route_options[:action]}'"
- end
- end
- end
-end
-
-Rails::Generator::Commands::Destroy.class_eval do
- def route_resource(*resources)
- resource_list = resources.map { |r| r.to_sym.inspect }.join(', ')
- look_for = "\n map.resource #{resource_list}\n"
- logger.route "map.resource #{resource_list}"
- unless options[:pretend]
- gsub_file 'config/routes.rb', /(#{look_for})/mi, ''
- end
- end
-
- def route_name(name, path, route_options = {})
- look_for = "\n map.#{name} '#{path}', :controller => '#{route_options[:controller]}', :action => '#{route_options[:action]}'"
- logger.route "map.#{name} '#{path}', :controller => '#{route_options[:controller]}', :action => '#{route_options[:action]}'"
- unless options[:pretend]
- gsub_file 'config/routes.rb', /(#{look_for})/mi, ''
- end
- end
-end
-
-Rails::Generator::Commands::List.class_eval do
- def route_resource(*resources)
- resource_list = resources.map { |r| r.to_sym.inspect }.join(', ')
- logger.route "map.resource #{resource_list}"
- end
-
- def route_name(name, path, options = {})
- logger.route "map.#{name} '#{path}', :controller => '{options[:controller]}', :action => '#{options[:action]}'"
- end
-end
+++ /dev/null
-<%% if logged_in? -%>
- <div id="<%= file_name %>-bar-greeting">Logged in as <%%= link_to_current_<%= file_name %> :content_method => :login %></div>
- <div id="<%= file_name %>-bar-action" >(<%%= link_to "Log out", logout_path, { :title => "Log out" } %>)</div>
-<%% else -%>
- <div id="<%= file_name %>-bar-greeting"><%%= link_to_login_with_IP 'Not logged in', :style => 'border: none;' %></div>
- <div id="<%= file_name %>-bar-action" ><%%= link_to "Log in", login_path, { :title => "Log in" } %> /
- <%%= link_to "Sign up", signup_path, { :title => "Create an account" } %></div>
-<%% end -%>
+++ /dev/null
-<%%=h @<%= file_name %>.login %>, your account has been activated. Welcome aboard!
-
- <%%=h @url %>
+++ /dev/null
-module AuthenticatedSystem
- protected
- # Returns true or false if the <%= file_name %> is logged in.
- # Preloads @current_<%= file_name %> with the <%= file_name %> model if they're logged in.
- def logged_in?
- !!current_<%= file_name %>
- end
-
- # Accesses the current <%= file_name %> from the session.
- # Future calls avoid the database because nil is not equal to false.
- def current_<%= file_name %>
- @current_<%= file_name %> ||= (login_from_session || login_from_basic_auth || login_from_cookie) unless @current_<%= file_name %> == false
- end
-
- # Store the given <%= file_name %> id in the session.
- def current_<%= file_name %>=(new_<%= file_name %>)
- session[:<%= file_name %>_id] = new_<%= file_name %> ? new_<%= file_name %>.id : nil
- @current_<%= file_name %> = new_<%= file_name %> || false
- end
-
- # Check if the <%= file_name %> is authorized
- #
- # Override this method in your controllers if you want to restrict access
- # to only a few actions or if you want to check if the <%= file_name %>
- # has the correct rights.
- #
- # Example:
- #
- # # only allow nonbobs
- # def authorized?
- # current_<%= file_name %>.login != "bob"
- # end
- #
- def authorized?(action = action_name, resource = nil)
- logged_in?
- end
-
- # Filter method to enforce a login requirement.
- #
- # To require logins for all actions, use this in your controllers:
- #
- # before_filter :login_required
- #
- # To require logins for specific actions, use this in your controllers:
- #
- # before_filter :login_required, :only => [ :edit, :update ]
- #
- # To skip this in a subclassed controller:
- #
- # skip_before_filter :login_required
- #
- def login_required
- authorized? || access_denied
- end
-
- # Redirect as appropriate when an access request fails.
- #
- # The default action is to redirect to the login screen.
- #
- # Override this method in your controllers if you want to have special
- # behavior in case the <%= file_name %> is not authorized
- # to access the requested action. For example, a popup window might
- # simply close itself.
- def access_denied
- respond_to do |format|
- format.html do
- store_location
- redirect_to new_<%= controller_routing_name %>_path
- end
- # format.any doesn't work in rails version < http://dev.rubyonrails.org/changeset/8987
- # Add any other API formats here. (Some browsers, notably IE6, send Accept: */* and trigger
- # the 'format.any' block incorrectly. See http://bit.ly/ie6_borken or http://bit.ly/ie6_borken2
- # for a workaround.)
- format.any(:json, :xml) do
- request_http_basic_authentication 'Web Password'
- end
- end
- end
-
- # Store the URI of the current request in the session.
- #
- # We can return to this location by calling #redirect_back_or_default.
- def store_location
- session[:return_to] = request.request_uri
- end
-
- # Redirect to the URI stored by the most recent store_location call or
- # to the passed default. Set an appropriately modified
- # after_filter :store_location, :only => [:index, :new, :show, :edit]
- # for any controller you want to be bounce-backable.
- def redirect_back_or_default(default)
- redirect_to(session[:return_to] || default)
- session[:return_to] = nil
- end
-
- # Inclusion hook to make #current_<%= file_name %> and #logged_in?
- # available as ActionView helper methods.
- def self.included(base)
- base.send :helper_method, :current_<%= file_name %>, :logged_in?, :authorized? if base.respond_to? :helper_method
- end
-
- #
- # Login
- #
-
- # Called from #current_<%= file_name %>. First attempt to login by the <%= file_name %> id stored in the session.
- def login_from_session
- self.current_<%= file_name %> = <%= class_name %>.find_by_id(session[:<%= file_name %>_id]) if session[:<%= file_name %>_id]
- end
-
- # Called from #current_<%= file_name %>. Now, attempt to login by basic authentication information.
- def login_from_basic_auth
- authenticate_with_http_basic do |login, password|
- self.current_<%= file_name %> = <%= class_name %>.authenticate(login, password)
- end
- end
-
- #
- # Logout
- #
-
- # Called from #current_<%= file_name %>. Finaly, attempt to login by an expiring token in the cookie.
- # for the paranoid: we _should_ be storing <%= file_name %>_token = hash(cookie_token, request IP)
- def login_from_cookie
- <%= file_name %> = cookies[:auth_token] && <%= class_name %>.find_by_remember_token(cookies[:auth_token])
- if <%= file_name %> && <%= file_name %>.remember_token?
- self.current_<%= file_name %> = <%= file_name %>
- handle_remember_cookie! false # freshen cookie token (keeping date)
- self.current_<%= file_name %>
- end
- end
-
- # This is ususally what you want; resetting the session willy-nilly wreaks
- # havoc with forgery protection, and is only strictly necessary on login.
- # However, **all session state variables should be unset here**.
- def logout_keeping_session!
- # Kill server-side auth cookie
- @current_<%= file_name %>.forget_me if @current_<%= file_name %>.is_a? <%= class_name %>
- @current_<%= file_name %> = false # not logged in, and don't do it for me
- kill_remember_cookie! # Kill client-side auth cookie
- session[:<%= file_name %>_id] = nil # keeps the session but kill our variable
- # explicitly kill any other session variables you set
- end
-
- # The session should only be reset at the tail end of a form POST --
- # otherwise the request forgery protection fails. It's only really necessary
- # when you cross quarantine (logged-out to logged-in).
- def logout_killing_session!
- logout_keeping_session!
- reset_session
- end
-
- #
- # Remember_me Tokens
- #
- # Cookies shouldn't be allowed to persist past their freshness date,
- # and they should be changed at each login
-
- # Cookies shouldn't be allowed to persist past their freshness date,
- # and they should be changed at each login
-
- def valid_remember_cookie?
- return nil unless @current_<%= file_name %>
- (@current_<%= file_name %>.remember_token?) &&
- (cookies[:auth_token] == @current_<%= file_name %>.remember_token)
- end
-
- # Refresh the cookie auth token if it exists, create it otherwise
- def handle_remember_cookie!(new_cookie_flag)
- return unless @current_<%= file_name %>
- case
- when valid_remember_cookie? then @current_<%= file_name %>.refresh_token # keeping same expiry date
- when new_cookie_flag then @current_<%= file_name %>.remember_me
- else @current_<%= file_name %>.forget_me
- end
- send_remember_cookie!
- end
-
- def kill_remember_cookie!
- cookies.delete :auth_token
- end
-
- def send_remember_cookie!
- cookies[:auth_token] = {
- :value => @current_<%= file_name %>.remember_token,
- :expires => @current_<%= file_name %>.remember_token_expires_at }
- end
-
-end
+++ /dev/null
-module AuthenticatedTestHelper
- # Sets the current <%= file_name %> in the session from the <%= file_name %> fixtures.
- def login_as(<%= file_name %>)
- @request.session[:<%= file_name %>_id] = <%= file_name %> ? (<%= file_name %>.is_a?(<%= file_name.camelize %>) ? <%= file_name %>.id : <%= table_name %>(<%= file_name %>).id) : nil
- end
-
- def authorize_as(<%= file_name %>)
- @request.env["HTTP_AUTHORIZATION"] = <%= file_name %> ? ActionController::HttpAuthentication::Basic.encode_credentials(<%= table_name %>(<%= file_name %>).login, 'monkey') : nil
- end
-
-<% if options[:rspec] -%>
- # rspec
- def mock_<%= file_name %>
- <%= file_name %> = mock_model(<%= class_name %>, :id => 1,
- :login => 'user_name',
- :name => 'U. Surname',
- :to_xml => "<%= class_name %>-in-XML", :to_json => "<%= class_name %>-in-JSON",
- :errors => [])
- <%= file_name %>
- end
-<% end -%>
-end
+++ /dev/null
-# This controller handles the login/logout function of the site.
-class <%= controller_class_name %>Controller < ApplicationController
- # Be sure to include AuthenticationSystem in Application Controller instead
- include AuthenticatedSystem
-
- # render new.rhtml
- def new
- end
-
- def create
- logout_keeping_session!
- <%= file_name %> = <%= class_name %>.authenticate(params[:login], params[:password])
- if <%= file_name %>
- # Protects against session fixation attacks, causes request forgery
- # protection if user resubmits an earlier form using back
- # button. Uncomment if you understand the tradeoffs.
- # reset_session
- self.current_<%= file_name %> = <%= file_name %>
- new_cookie_flag = (params[:remember_me] == "1")
- handle_remember_cookie! new_cookie_flag
- redirect_back_or_default('/')
- flash[:notice] = "Logged in successfully"
- else
- note_failed_signin
- @login = params[:login]
- @remember_me = params[:remember_me]
- render :action => 'new'
- end
- end
-
- def destroy
- logout_killing_session!
- flash[:notice] = "You have been logged out."
- redirect_back_or_default('/')
- end
-
-protected
- # Track failed login attempts
- def note_failed_signin
- flash[:error] = "Couldn't log you in as '#{params[:login]}'"
- logger.warn "Failed login for '#{params[:login]}' from #{request.remote_ip} at #{Time.now.utc}"
- end
-end
+++ /dev/null
-Visitors should be in control of creating an account and of proving their
-essential humanity/accountability or whatever it is people think the
-id-validation does. We should be fairly skeptical about this process, as the
-identity+trust chain starts here.
-
-Story: Creating an account
- As an anonymous user
- I want to be able to create an account
- So that I can be one of the cool kids
-
- #
- # Account Creation: Get entry form
- #
- Scenario: Anonymous user can start creating an account
- Given an anonymous user
- When she goes to /signup
- Then she should be at the 'users/new' page
- And the page should look AWESOME
- And she should see a <form> containing a textfield: Login, textfield: Email, password: Password, password: 'Confirm Password', submit: 'Sign up'
-
- #
- # Account Creation
- #
- Scenario: Anonymous user can create an account
- Given an anonymous user
- And no user with login: 'Oona' exists
- When she registers an account as the preloaded 'Oona'
- Then she should be redirected to the home page
- When she follows that redirect!
- Then she should see a notice message 'Thanks for signing up!'
- And a user with login: 'oona' should exist
- And the user should have login: 'oona', and email: 'unactivated@example.com'
-
- And oona should be logged in
-
-
- #
- # Account Creation Failure: Account exists
- #
-
-
- Scenario: Anonymous user can not create an account replacing an activated account
- Given an anonymous user
- And an activated user named 'Reggie'
- And we try hard to remember the user's updated_at, and created_at
- When she registers an account with login: 'reggie', password: 'monkey', and email: 'reggie@example.com'
- Then she should be at the 'users/new' page
- And she should see an errorExplanation message 'Login has already been taken'
- And she should not see an errorExplanation message 'Email has already been taken'
- And a user with login: 'reggie' should exist
- And the user should have email: 'registered@example.com'
-
- And the user's created_at should stay the same under to_s
- And the user's updated_at should stay the same under to_s
- And she should not be logged in
-
- #
- # Account Creation Failure: Incomplete input
- #
- Scenario: Anonymous user can not create an account with incomplete or incorrect input
- Given an anonymous user
- And no user with login: 'Oona' exists
- When she registers an account with login: '', password: 'monkey', password_confirmation: 'monkey' and email: 'unactivated@example.com'
- Then she should be at the 'users/new' page
- And she should see an errorExplanation message 'Login can't be blank'
- And no user with login: 'oona' should exist
-
- Scenario: Anonymous user can not create an account with no password
- Given an anonymous user
- And no user with login: 'Oona' exists
- When she registers an account with login: 'oona', password: '', password_confirmation: 'monkey' and email: 'unactivated@example.com'
- Then she should be at the 'users/new' page
- And she should see an errorExplanation message 'Password can't be blank'
- And no user with login: 'oona' should exist
-
- Scenario: Anonymous user can not create an account with no password_confirmation
- Given an anonymous user
- And no user with login: 'Oona' exists
- When she registers an account with login: 'oona', password: 'monkey', password_confirmation: '' and email: 'unactivated@example.com'
- Then she should be at the 'users/new' page
- And she should see an errorExplanation message 'Password confirmation can't be blank'
- And no user with login: 'oona' should exist
-
- Scenario: Anonymous user can not create an account with mismatched password & password_confirmation
- Given an anonymous user
- And no user with login: 'Oona' exists
- When she registers an account with login: 'oona', password: 'monkey', password_confirmation: 'monkeY' and email: 'unactivated@example.com'
- Then she should be at the 'users/new' page
- And she should see an errorExplanation message 'Password doesn't match confirmation'
- And no user with login: 'oona' should exist
-
- Scenario: Anonymous user can not create an account with bad email
- Given an anonymous user
- And no user with login: 'Oona' exists
- When she registers an account with login: 'oona', password: 'monkey', password_confirmation: 'monkey' and email: ''
- Then she should be at the 'users/new' page
- And she should see an errorExplanation message 'Email can't be blank'
- And no user with login: 'oona' should exist
- When she registers an account with login: 'oona', password: 'monkey', password_confirmation: 'monkey' and email: 'unactivated@example.com'
- Then she should be redirected to the home page
- When she follows that redirect!
- Then she should see a notice message 'Thanks for signing up!'
- And a user with login: 'oona' should exist
- And the user should have login: 'oona', and email: 'unactivated@example.com'
-
- And oona should be logged in
-
-
-
+++ /dev/null
-Users want to know that nobody can masquerade as them. We want to extend trust
-only to visitors who present the appropriate credentials. Everyone wants this
-identity verification to be as secure and convenient as possible.
-
-Story: Logging in
- As an anonymous user with an account
- I want to log in to my account
- So that I can be myself
-
- #
- # Log in: get form
- #
- Scenario: Anonymous user can get a login form.
- Given an anonymous user
- When she goes to /login
- Then she should be at the new sessions page
- And the page should look AWESOME
- And she should see a <form> containing a textfield: Login, password: Password, and submit: 'Log in'
-
- #
- # Log in successfully, but don't remember me
- #
- Scenario: Anonymous user can log in
- Given an anonymous user
- And an activated user named 'reggie'
- When she creates a singular sessions with login: 'reggie', password: 'monkey', remember me: ''
- Then she should be redirected to the home page
- When she follows that redirect!
- Then she should see a notice message 'Logged in successfully'
- And reggie should be logged in
- And she should not have an auth_token cookie
-
- Scenario: Logged-in user who logs in should be the new one
- Given an activated user named 'reggie'
- And an activated user logged in as 'oona'
- When she creates a singular sessions with login: 'reggie', password: 'monkey', remember me: ''
- Then she should be redirected to the home page
- When she follows that redirect!
- Then she should see a notice message 'Logged in successfully'
- And reggie should be logged in
- And she should not have an auth_token cookie
-
- #
- # Log in successfully, remember me
- #
- Scenario: Anonymous user can log in and be remembered
- Given an anonymous user
- And an activated user named 'reggie'
- When she creates a singular sessions with login: 'reggie', password: 'monkey', remember me: '1'
- Then she should be redirected to the home page
- When she follows that redirect!
- Then she should see a notice message 'Logged in successfully'
- And reggie should be logged in
- And she should have an auth_token cookie
- # assumes fixtures were run sometime
- And her session store should have user_id: 4
-
- #
- # Log in unsuccessfully
- #
-
- Scenario: Logged-in user who fails logs in should be logged out
- Given an activated user named 'oona'
- When she creates a singular sessions with login: 'oona', password: '1234oona', remember me: '1'
- Then she should be redirected to the home page
- When she follows that redirect!
- Then she should see a notice message 'Logged in successfully'
- And oona should be logged in
- And she should have an auth_token cookie
- When she creates a singular sessions with login: 'reggie', password: 'i_haxxor_joo'
- Then she should be at the new sessions page
- Then she should see an error message 'Couldn't log you in as 'reggie''
- And she should not be logged in
- And she should not have an auth_token cookie
- And her session store should not have user_id
-
- Scenario: Log-in with bogus info should fail until it doesn't
- Given an activated user named 'reggie'
- When she creates a singular sessions with login: 'reggie', password: 'i_haxxor_joo'
- Then she should be at the new sessions page
- Then she should see an error message 'Couldn't log you in as 'reggie''
- And she should not be logged in
- And she should not have an auth_token cookie
- And her session store should not have user_id
- When she creates a singular sessions with login: 'reggie', password: ''
- Then she should be at the new sessions page
- Then she should see an error message 'Couldn't log you in as 'reggie''
- And she should not be logged in
- And she should not have an auth_token cookie
- And her session store should not have user_id
- When she creates a singular sessions with login: '', password: 'monkey'
- Then she should be at the new sessions page
- Then she should see an error message 'Couldn't log you in as '''
- And she should not be logged in
- And she should not have an auth_token cookie
- And her session store should not have user_id
- When she creates a singular sessions with login: 'leonard_shelby', password: 'monkey'
- Then she should be at the new sessions page
- Then she should see an error message 'Couldn't log you in as 'leonard_shelby''
- And she should not be logged in
- And she should not have an auth_token cookie
- And her session store should not have user_id
- When she creates a singular sessions with login: 'reggie', password: 'monkey', remember me: '1'
- Then she should be redirected to the home page
- When she follows that redirect!
- Then she should see a notice message 'Logged in successfully'
- And reggie should be logged in
- And she should have an auth_token cookie
- # assumes fixtures were run sometime
- And her session store should have user_id: 4
-
-
- #
- # Log out successfully (should always succeed)
- #
- Scenario: Anonymous (logged out) user can log out.
- Given an anonymous user
- When she goes to /logout
- Then she should be redirected to the home page
- When she follows that redirect!
- Then she should see a notice message 'You have been logged out'
- And she should not be logged in
- And she should not have an auth_token cookie
- And her session store should not have user_id
-
- Scenario: Logged in user can log out.
- Given an activated user logged in as 'reggie'
- When she goes to /logout
- Then she should be redirected to the home page
- When she follows that redirect!
- Then she should see a notice message 'You have been logged out'
- And she should not be logged in
- And she should not have an auth_token cookie
- And her session store should not have user_id
+++ /dev/null
-
-Before do
- Fixtures.reset_cache
- fixtures_folder = File.join(RAILS_ROOT, 'spec', 'fixtures')
- Fixtures.create_fixtures(fixtures_folder, "users")
-end
-
-# Make visible for testing
-ApplicationController.send(:public, :logged_in?, :current_user, :authorized?)
+++ /dev/null
-#
-# Where to go
-#
-
-#
-# GET
-# Go to a given page.
-When "$actor goes to $path" do |actor, path|
- case path
- when 'the home page' then get '/'
- else get path
- end
-end
-
-# POST -- Ex:
-# When she creates a book with ISBN: '0967539854' and comment: 'I love this book' and rating: '4'
-# When she creates a singular session with login: 'reggie' and password: 'i_haxxor_joo'
-# Since I'm not smart enough to do it right, explicitly specify singular resources
-When /^(\w+) creates an? ([\w ]+) with ([\w: \',]+)$/ do |actor, resource, attributes|
- attributes = attributes.to_hash_from_story
- if resource =~ %r{singular ([\w/]+)}
- resource = $1.downcase.singularize
- post "/#{resource}", attributes
- else
- post "/#{resource.downcase.pluralize}", { resource.downcase.singularize => attributes }
- end
-end
-
-# PUT
-When %r{$actor asks to update '$resource' with $attributes} do |_, resource, attributes|
- attributes = attributes.to_hash_from_story
- put "#{resource}", attributes
- dump_response
-end
-
-# DELETE -- Slap together the POST-form-as-fake-HTTP-DELETE submission
-When %r{$actor asks to delete '$resource'} do |_, resource|
- post "/#{resource.downcase.pluralize}", { :_method => :delete }
- dump_response
-end
-
-
-# Redirect --
-# Rather than coding in get/get_via_redirect's and past/p_v_r's,
-# let's just demand that in the story itself.
-When "$actor follows that redirect!" do |actor|
- follow_redirect!
-end
+++ /dev/null
-# The flexible code for resource testing came out of code from Ben Mabey
-# http://www.benmabey.com/2008/02/04/rspec-plain-text-stories-webrat-chunky-bacon/
-
-#
-# Construct resources
-#
-
-#
-# Build a resource as described, store it as an @instance variable. Ex:
-# "Given a user with login: 'mojojojo'"
-# produces a User instance stored in @user with 'mojojojo' as its login
-# attribute.
-#
-Given "a $resource instance with $attributes" do |resource, attributes|
- klass, instance, attributes = parse_resource_args resource, attributes
- instance = klass.new(attributes)
- instance.save!
- find_resource(resource, attributes).should_not be_nil
- keep_instance! resource, instance
-end
-
-#
-# Stuff attributes into a preexisting @resource
-# "And the user has thac0: 3"
-# takes the earlier-defined @user instance and sets its thac0 to '3'.
-#
-Given "the $resource has $attributes" do |resource, attributes|
- klass, instance, attributes = parse_resource_args resource, attributes
- attributes.each do |attr, val|
- instance.send("#{attr}=", val)
- end
- instance.save!
- find_resource(resource, attributes).should_not be_nil
- keep_instance! resource, instance
-end
-
-#
-# Destroy all for this resource
-#
-Given "no $resource with $attr: '$val' exists" do |resource, attr, val|
- klass, instance = parse_resource_args resource
- klass.destroy_all(attr.to_sym => val)
- instance = find_resource resource, attr.to_sym => val
- instance.should be_nil
- keep_instance! resource, instance
-end
-
-#
-# Then's for resources
-#
-
-# Resource like this DOES exist
-Then /^a (\w+) with ([\w: \']+) should exist$/ do |resource, attributes|
- instance = find_resource resource, attributes
- instance.should_not be_nil
- keep_instance! resource, instance
-end
-# Resource like this DOES NOT exist
-Then /^no (\w+) with ([\w: \']+) should exist$/ do |resource, attributes|
- instance = find_resource resource, attributes
- instance.should be_nil
-end
-
-# Resource has attributes with given values
-Then "the $resource should have $attributes" do |resource, attributes|
- klass, instance, attributes = parse_resource_args resource, attributes
- attributes.each do |attr, val|
- instance.send(attr).should == val
- end
-end
-
-# Resource attributes should / should not be nil
-Then "the $resource's $attr should be nil" do |resource, attr|
- klass, instance = parse_resource_args resource
- instance.send(attr).should be_nil
-end
-Then "the $resource's $attr should not be nil" do |resource, attr|
- klass, instance = parse_resource_args resource
- instance.send(attr).should_not be_nil
-end
-
-#
-# Bank each of the @resource's listed attributes for later.
-#
-Given "we try hard to remember the $resource's $attributes" do |resource, attributes|
- attributes = attributes.to_array_from_story
- attributes.each do |attr|
- memorize_resource_value resource, attr
- end
-end
-#
-# Bank each of the @resource's listed attributes for later.
-#
-Given "we don't remember anything about the past" do
- memorize_forget_all!
-end
-
-#
-# Compare @resource.attr to its earlier-memorized value.
-# Specify ' using method_name' (abs, to_s, &c) to coerce before comparing.
-# For important and mysterious reasons, timestamps want to_i or to_s.
-#
-Then /^the (\w+)\'s (\w+) should stay the same under (\w+)$/ do |resource, attr, func|
- klass, instance = parse_resource_args resource
- # Get the values
- old_value = recall_resource_value(resource, attr)
- new_value = instance.send(attr)
- # Transform each value, maybe, using value.func
- if func then new_value = new_value.send(func); old_value = old_value.send(func) end
- # Compare
- old_value.should eql(new_value)
-end
-
-#
-# Look for each for the given attributes in the page's text
-#
-Then "page should have the $resource's $attributes" do |resource, attributes|
- actual_resource = instantize(resource)
- attributes.split(/, and |, /).each do |attribute|
- response.should have_text(/#{actual_resource.send(attribute.strip.gsub(" ","_"))}/)
- end
-end
-
-#
-# Turn a resource name and a to_hash_from_story string like
-# "attr: 'value', attr2: 'value2', ... , and attrN: 'valueN'"
-# into
-# * klass -- the class matching that Resource
-# * instance -- the possibly-preexisting local instance value @resource
-# * attributes -- a hash matching the given attribute-list string
-#
-def parse_resource_args resource, attributes=nil
- instance = instantize resource
- klass = resource.classify.constantize
- attributes = attributes.to_hash_from_story if attributes
- [klass, instance, attributes]
-end
-
-#
-# Given a class name 'resource' and a hash of conditsion, find a model
-#
-def find_resource resource, conditions
- klass, instance = parse_resource_args resource
- conditions = conditions.to_hash_from_story unless (conditions.is_a? Hash)
- klass.find(:first, :conditions => conditions)
-end
-
-#
-# Simple, brittle, useful: store the given resource's attribute
-# so we can compare it later.
-#
-def memorize_resource_value resource, attr
- klass, instance = parse_resource_args resource
- value = instance.send(attr)
- @_memorized ||= {}
- @_memorized[resource] ||= {}
- @_memorized[resource][attr] = value
- value
-end
-def recall_resource_value resource, attr
- @_memorized[resource][attr]
-end
-def memorize_forget_all!
- @_memorized = {}
-end
-
-#
-# Keep the object around in a local instance variable @resource.
-#
-# So, for instance,
-# klass, instance = parse_resource_args 'user'
-# instance = klass.new({login => 'me', password => 'monkey', ...})
-# keep_instance! resource, instance
-# keeps the just-constructed User model in the @user instance variable.
-#
-def keep_instance! resource, object
- instance_variable_set("@#{resource}", object)
-end
+++ /dev/null
-#
-# What you should see when you get there
-#
-
-#
-# Destinations. Ex:
-# She should be at the new kids page
-# Tarkin should be at the destroy alderaan page
-# The visitor should be at the '/lolcats/download' form
-# The visitor should be redirected to '/hi/mom'
-#
-# It doesn't know anything about actual routes -- it just
-# feeds its output to render_template or redirect_to
-#
-Then "$actor should be at $path" do |_, path|
- response.should render_template(grok_path(path))
-end
-
-Then "$actor should be redirected to $path" do |_, path|
- response.should redirect_to(grok_path(path))
-end
-
-Then "the page should look AWESOME" do
- response.should have_tag('head>title')
- response.should have_tag('h1')
- # response.should be_valid_xhtml
-end
-
-#
-# Tags
-#
-
-Then "the page should contain '$text'" do |_, text|
- response.should have_text(/#{text}/)
-end
-
-# please note: this enforces the use of a <label> field
-Then "$actor should see a <$container> containing a $attributes" do |_, container, attributes|
- attributes = attributes.to_hash_from_story
- response.should have_tag(container) do
- attributes.each do |tag, label|
- case tag
- when "textfield" then with_tag "input[type='text']"; with_tag("label", label)
- when "password" then with_tag "input[type='password']"; with_tag("label", label)
- when "submit" then with_tag "input[type='submit'][value='#{label}']"
- else with_tag tag, label
- end
- end
- end
-end
-
-#
-# Session, cookie variables
-#
-Then "$actor $token cookie should include $attrlist" do |_, token, attrlist|
- attrlist = attrlist.to_array_from_story
- cookies.include?(token).should be_true
- attrlist.each do |val|
- cookies[token].include?(val).should be_true
- end
-end
-
-Then "$actor $token cookie should exist but not include $attrlist" do |_, token, attrlist|
- attrlist = attrlist.to_array_from_story
- cookies.include?(token).should be_true
- puts [cookies, attrlist, token].to_yaml
- attrlist.each do |val|
- cookies[token].include?(val).should_not be_true
- end
-end
-
-Then "$actor should have $an $token cookie" do |_, _, token|
- cookies[token].should_not be_blank
-end
-Then "$actor should not have $an $token cookie" do |_, _, token|
- cookies[token].should be_blank
-end
-
-Given "$actor has $an cookie jar with $attributes" do |_, _, attributes|
- attributes = attributes.to_hash_from_story
- attributes.each do |attr, val|
- cookies[attr] = val
- end
-end
-Given "$actor session store has no $attrlist" do |_, attrlist|
- attrlist = attrlist.to_array_from_story
- attrlist.each do |attr|
- # Note that the comparison passes through 'to_s'
- session[attr.to_sym] = nil
- end
-end
-
-Then "$actor session store should have $attributes" do |_, attributes|
- attributes = attributes.to_hash_from_story
- attributes.each do |attr, val|
- # Note that the comparison passes through 'to_s'
- session[attr.to_sym].to_s.should eql(val)
- end
-end
-
-Then "$actor session store should not have $attrlist" do |_, attrlist|
- attrlist = attrlist.to_array_from_story
- attrlist.each do |attr|
- session[attr.to_sym].blank?.should be_true
- end
-end
-
-#
-# Flash messages
-#
-
-Then /^she should +see an? (\w+) message '([\w !\']+)'$/ do |notice, message|
- response.should have_flash(notice, %r{#{message}})
-end
-
-Then "$actor should not see $an $notice message '$message'" do |_, _, notice, message|
- response.should_not have_flash(notice, %r{#{message}})
-end
-
-Then "$actor should see no messages" do |_|
- ['error', 'warning', 'notice'].each do |notice|
- response.should_not have_flash(notice)
- end
-end
-
-RE_POLITENESS = /(?:please|sorry|thank(?:s| you))/i
-Then %r{we should be polite about it} do
- response.should have_tag("div.error,div.notice", RE_POLITENESS)
-end
-Then %r{we should not even be polite about it} do
- response.should_not have_tag("div.error,div.notice", RE_POLITENESS)
-end
-
-#
-# Resource's attributes
-#
-# "Then page should have the $resource's $attributes" is in resource_steps
-
-# helpful debug step
-Then "we dump the response" do
- dump_response
-end
-
-
-def have_flash notice, *args
- have_tag("div.#{notice}", *args)
-end
-
-RE_PRETTY_RESOURCE = /the (index|show|new|create|edit|update|destroy) (\w+) (page|form)/i
-RE_THE_FOO_PAGE = /the '?([^']*)'? (page|form)/i
-RE_QUOTED_PATH = /^'([^']*)'$/i
-def grok_path path
- path.gsub(/\s+again$/,'') # strip trailing ' again'
- case
- when path == 'the home page' then dest = '/'
- when path =~ RE_PRETTY_RESOURCE then dest = template_for $1, $2
- when path =~ RE_THE_FOO_PAGE then dest = $1
- when path =~ RE_QUOTED_PATH then dest = $1
- else dest = path
- end
- dest
-end
-
-# turns 'new', 'road bikes' into 'road_bikes/new'
-# note that it's "action resource"
-def template_for(action, resource)
- "#{resource.gsub(" ","_")}/#{action}"
-end
-
+++ /dev/null
-# If you have a global stories helper, move this line there:
-include AuthenticatedTestHelper
-
-# Most of the below came out of code from Ben Mabey
-# http://www.benmabey.com/2008/02/04/rspec-plain-text-stories-webrat-chunky-bacon/
-
-# These allow exceptions to come through as opposed to being caught and having non-helpful responses returned.
-ActionController::Base.class_eval do
- def perform_action
- perform_action_without_rescue
- end
-end
-Dispatcher.class_eval do
- def self.failsafe_response(output, status, exception = nil)
- raise exception
- end
-end
-
-#
-# Sugar for turning a story's attribute list into list, array, etc.
-#
-module ToFooFromStory
- def ToFooFromStory.fix_key key
- key.downcase.gsub(/\s+/, '_')
- end
- def ToFooFromStory.fix_value value
- return '' if !value
- value.strip!
- case
- when value =~ /^'(.*)'$/ then value = $1
- when value =~ /^"(.*)"$/ then value = $1
- when value == 'nil!' then value = nil
- when value == 'non-nil!' then value = be_nil
- when value =~ /^#\{(.*)\}$/ then value = eval($1)
- end
- value
- end
- # Converts a key: value list found in the steps into a hash.
- # Example:
- # ISBN: '0967539854' and comment: 'I love this book' and Quality rating: '4'
- # # => {"quality_rating"=>"4", "isbn"=>"0967539854", "comment"=>"I love this book"}
- def to_hash_from_story
- hsh = self.split(/,? and |, /).inject({}) do |hash_so_far, key_value|
- key, value = key_value.split(":")
- if !value then warn "Couldn't understand story '#{self}': only understood up to the part '#{hash_so_far.to_yaml}'" end
- hash_so_far.merge(ToFooFromStory::fix_key(key) => ToFooFromStory::fix_value(value))
- end
- end
- # Coverts an attribute list found in the steps into an array
- # Example:
- # login, email, updated_at, and gravatar
- # # => ['login', 'email', 'updated_at', 'gravatar']
- def to_array_from_story
- self.split(/,? and |, /).map do |value|
- ToFooFromStory::fix_value(value)
- end
- end
-end
-class String
- include ToFooFromStory
-end
-
-def instantize(string)
- instance_variable_get("@#{string}")
-end
-
-#
-# Spew response onto screen -- painful but scrolling >> debugger
-#
-def dump_response
- # note that @request and @template won't to_yaml and that @session includes @cgi
- response_methods = response.instance_variables - ['@request', '@template', '@cgi']
- request_methods = response.request.instance_variables - ['@session_options_with_string_keys', '@cgi', '@session']
- response_methods.map!{|attr| attr.gsub(/^@/,'')}.sort!
- request_methods.map!{ |attr| attr.gsub(/^@/,'')}.sort!
- puts '', '*' * 75,
- response.instance_values.slice(*response_methods).to_yaml,
- "*" * 75, '',
- response.request.instance_values.slice(*request_methods).to_yaml,
- "*" * 75, ''
-end
+++ /dev/null
-RE_User = %r{(?:(?:the )? *(\w+) *)}
-RE_User_TYPE = %r{(?: *(\w+)? *)}
-
-#
-# Setting
-#
-
-Given "an anonymous user" do
- log_out!
-end
-
-Given "$an $user_type user with $attributes" do |_, user_type, attributes|
- create_user! user_type, attributes.to_hash_from_story
-end
-
-Given "$an $user_type user named '$login'" do |_, user_type, login|
- create_user! user_type, named_user(login)
-end
-
-Given "$an $user_type user logged in as '$login'" do |_, user_type, login|
- create_user! user_type, named_user(login)
- log_in_user!
-end
-
-Given "$actor is logged in" do |_, login|
- log_in_user! @user_params || named_user(login)
-end
-
-Given "there is no $user_type user named '$login'" do |_, login|
- @user = User.find_by_login(login)
- @user.destroy! if @user
- @user.should be_nil
-end
-
-#
-# Actions
-#
-When "$actor logs out" do
- log_out
-end
-
-When "$actor registers an account as the preloaded '$login'" do |_, login|
- user = named_user(login)
- user['password_confirmation'] = user['password']
- create_user user
-end
-
-When "$actor registers an account with $attributes" do |_, attributes|
- create_user attributes.to_hash_from_story
-end
-
-
-When "$actor logs in with $attributes" do |_, attributes|
- log_in_user attributes.to_hash_from_story
-end
-
-#
-# Result
-#
-Then "$actor should be invited to sign in" do |_|
- response.should render_template('/sessions/new')
-end
-
-Then "$actor should not be logged in" do |_|
- controller.logged_in?.should_not be_true
-end
-
-Then "$login should be logged in" do |login|
- controller.logged_in?.should be_true
- controller.current_user.should === @user
- controller.current_user.login.should == login
-end
-
-def named_user login
- user_params = {
- 'admin' => {'id' => 1, 'login' => 'addie', 'password' => '1234addie', 'email' => 'admin@example.com', },
- 'oona' => { 'login' => 'oona', 'password' => '1234oona', 'email' => 'unactivated@example.com'},
- 'reggie' => { 'login' => 'reggie', 'password' => 'monkey', 'email' => 'registered@example.com' },
- }
- user_params[login.downcase]
-end
-
-#
-# User account actions.
-#
-# The ! methods are 'just get the job done'. It's true, they do some testing of
-# their own -- thus un-DRY'ing tests that do and should live in the user account
-# stories -- but the repetition is ultimately important so that a faulty test setup
-# fails early.
-#
-
-def log_out
- get '/sessions/destroy'
-end
-
-def log_out!
- log_out
- response.should redirect_to('/')
- follow_redirect!
-end
-
-def create_user(user_params={})
- @user_params ||= user_params
- post "/users", :user => user_params
- @user = User.find_by_login(user_params['login'])
-end
-
-def create_user!(user_type, user_params)
- user_params['password_confirmation'] ||= user_params['password'] ||= user_params['password']
- create_user user_params
- response.should redirect_to('/')
- follow_redirect!
-
-end
-
-
-
-def log_in_user user_params=nil
- @user_params ||= user_params
- user_params ||= @user_params
- post "/session", user_params
- @user = User.find_by_login(user_params['login'])
- controller.current_user
-end
-
-def log_in_user! *args
- log_in_user *args
- response.should redirect_to('/')
- follow_redirect!
- response.should have_flash("notice", /Logged in successfully/)
-end
+++ /dev/null
-module <%= controller_class_name %>Helper
-end
\ No newline at end of file
+++ /dev/null
-<h1>Log In</h1>
-
-<%% form_tag <%= controller_routing_name %>_path do -%>
-<p><%%= label_tag 'login' %><br />
-<%%= text_field_tag 'login', @login %></p>
-
-<p><%%= label_tag 'password' %><br/>
-<%%= password_field_tag 'password', nil %></p>
-
-<!-- Uncomment this if you want this functionality
-<p><%%= label_tag 'remember_me', 'Remember me' %>
-<%%= check_box_tag 'remember_me', '1', @remember_me %></p>
--->
-
-<p><%%= submit_tag 'Log in' %></p>
-<%% end -%>
+++ /dev/null
-class <%= class_name %>Mailer < ActionMailer::Base
- def signup_notification(<%= file_name %>)
- setup_email(<%= file_name %>)
- @subject += 'Please activate your new account'
- <% if options[:include_activation] %>
- @body[:url] = "http://YOURSITE/activate/#{<%= file_name %>.activation_code}"
- <% else %>
- @body[:url] = "http://YOURSITE/login/" <% end %>
- end
-
- def activation(<%= file_name %>)
- setup_email(<%= file_name %>)
- @subject += 'Your account has been activated!'
- @body[:url] = "http://YOURSITE/"
- end
-
- protected
- def setup_email(<%= file_name %>)
- @recipients = "#{<%= file_name %>.email}"
- @from = "ADMINEMAIL"
- @subject = "[YOURSITE] "
- @sent_on = Time.now
- @body[:<%= file_name %>] = <%= file_name %>
- end
-end
+++ /dev/null
-class <%= migration_name %> < ActiveRecord::Migration
- def self.up
- create_table "<%= table_name %>", :force => true do |t|
- t.column :login, :string, :limit => 40
- t.column :name, :string, :limit => 100, :default => '', :null => true
- t.column :email, :string, :limit => 100
- t.column :crypted_password, :string, :limit => 40
- t.column :salt, :string, :limit => 40
- t.column :created_at, :datetime
- t.column :updated_at, :datetime
- t.column :remember_token, :string, :limit => 40
- t.column :remember_token_expires_at, :datetime
-<% if options[:include_activation] -%>
- t.column :activation_code, :string, :limit => 40
- t.column :activated_at, :datetime<% end %>
-<% if options[:stateful] -%>
- t.column :state, :string, :null => :no, :default => 'passive'
- t.column :deleted_at, :datetime<% end %>
- end
- add_index :<%= table_name %>, :login, :unique => true
- end
-
- def self.down
- drop_table "<%= table_name %>"
- end
-end
+++ /dev/null
-require 'digest/sha1'
-
-class <%= class_name %> < ActiveRecord::Base
- include Authentication
- include Authentication::ByPassword
- include Authentication::ByCookieToken
-<% if options[:aasm] -%>
- include Authorization::AasmRoles
-<% elsif options[:stateful] -%>
- include Authorization::StatefulRoles<% end %>
- validates_presence_of :login
- validates_length_of :login, :within => 3..40
- validates_uniqueness_of :login
- validates_format_of :login, :with => Authentication.login_regex, :message => Authentication.bad_login_message
-
- validates_format_of :name, :with => Authentication.name_regex, :message => Authentication.bad_name_message, :allow_nil => true
- validates_length_of :name, :maximum => 100
-
- validates_presence_of :email
- validates_length_of :email, :within => 6..100 #r@a.wk
- validates_uniqueness_of :email
- validates_format_of :email, :with => Authentication.email_regex, :message => Authentication.bad_email_message
-
- <% if options[:include_activation] && !options[:stateful] %>before_create :make_activation_code <% end %>
-
- # HACK HACK HACK -- how to do attr_accessible from here?
- # prevents a user from submitting a crafted form that bypasses activation
- # anything else you want your user to change should be added here.
- attr_accessible :login, :email, :name, :password, :password_confirmation
-
-<% if options[:include_activation] && !options[:stateful] %>
- # Activates the user in the database.
- def activate!
- @activated = true
- self.activated_at = Time.now.utc
- self.activation_code = nil
- save(false)
- end
-
- # Returns true if the user has just been activated.
- def recently_activated?
- @activated
- end
-
- def active?
- # the existence of an activation code means they have not activated yet
- activation_code.nil?
- end<% end %>
-
- # Authenticates a user by their login name and unencrypted password. Returns the user or nil.
- #
- # uff. this is really an authorization, not authentication routine.
- # We really need a Dispatch Chain here or something.
- # This will also let us return a human error message.
- #
- def self.authenticate(login, password)
- return nil if login.blank? || password.blank?
- u = <% if options[:stateful] %>find_in_state :first, :active, :conditions => {:login => login.downcase}<%
- elsif options[:include_activation] %>find :first, :conditions => ['login = ? and activated_at IS NOT NULL', login]<%
- else %>find_by_login(login.downcase)<% end %> # need to get the salt
- u && u.authenticated?(password) ? u : nil
- end
-
- def login=(value)
- write_attribute :login, (value ? value.downcase : nil)
- end
-
- def email=(value)
- write_attribute :email, (value ? value.downcase : nil)
- end
-
- protected
-
-<% if options[:include_activation] -%>
- def make_activation_code
- <% if options[:stateful] -%>
- self.deleted_at = nil
- <% end -%>
- self.activation_code = self.class.make_token
- end
-<% end %>
-
-end
+++ /dev/null
-class <%= model_controller_class_name %>Controller < ApplicationController
- # Be sure to include AuthenticationSystem in Application Controller instead
- include AuthenticatedSystem
- <% if options[:stateful] %>
- # Protect these actions behind an admin login
- # before_filter :admin_required, :only => [:suspend, :unsuspend, :destroy, :purge]
- before_filter :find_<%= file_name %>, :only => [:suspend, :unsuspend, :destroy, :purge]
- <% end %>
-
- # render new.rhtml
- def new
- @<%= file_name %> = <%= class_name %>.new
- end
-
- def create
- logout_keeping_session!
- @<%= file_name %> = <%= class_name %>.new(params[:<%= file_name %>])
-<% if options[:stateful] -%>
- @<%= file_name %>.register! if @<%= file_name %> && @<%= file_name %>.valid?
- success = @<%= file_name %> && @<%= file_name %>.valid?
-<% else -%>
- success = @<%= file_name %> && @<%= file_name %>.save
-<% end -%>
- if success && @<%= file_name %>.errors.empty?
- <% if !options[:include_activation] -%>
- # Protects against session fixation attacks, causes request forgery
- # protection if visitor resubmits an earlier form using back
- # button. Uncomment if you understand the tradeoffs.
- # reset session
- self.current_<%= file_name %> = @<%= file_name %> # !! now logged in
- <% end -%>redirect_back_or_default('/')
- flash[:notice] = "Thanks for signing up! We're sending you an email with your activation code."
- else
- flash[:error] = "We couldn't set up that account, sorry. Please try again, or contact an admin (link is above)."
- render :action => 'new'
- end
- end
-<% if options[:include_activation] %>
- def activate
- logout_keeping_session!
- <%= file_name %> = <%= class_name %>.find_by_activation_code(params[:activation_code]) unless params[:activation_code].blank?
- case
- when (!params[:activation_code].blank?) && <%= file_name %> && !<%= file_name %>.active?
- <%= file_name %>.activate!
- flash[:notice] = "Signup complete! Please sign in to continue."
- redirect_to '/login'
- when params[:activation_code].blank?
- flash[:error] = "The activation code was missing. Please follow the URL from your email."
- redirect_back_or_default('/')
- else
- flash[:error] = "We couldn't find a <%= file_name %> with that activation code -- check your email? Or maybe you've already activated -- try signing in."
- redirect_back_or_default('/')
- end
- end
-<% end %><% if options[:stateful] %>
- def suspend
- @<%= file_name %>.suspend!
- redirect_to <%= model_controller_routing_name %>_path
- end
-
- def unsuspend
- @<%= file_name %>.unsuspend!
- redirect_to <%= model_controller_routing_name %>_path
- end
-
- def destroy
- @<%= file_name %>.delete!
- redirect_to <%= model_controller_routing_name %>_path
- end
-
- def purge
- @<%= file_name %>.destroy
- redirect_to <%= model_controller_routing_name %>_path
- end
-
- # There's no page here to update or destroy a <%= file_name %>. If you add those, be
- # smart -- make sure you check that the visitor is authorized to do so, that they
- # supply their old password along with a new one to update it, etc.
-
-protected
- def find_<%= file_name %>
- @<%= file_name %> = <%= class_name %>.find(params[:id])
- end
-<% end -%>
-end
+++ /dev/null
-module <%= model_controller_class_name %>Helper
-
- #
- # Use this to wrap view elements that the user can't access.
- # !! Note: this is an *interface*, not *security* feature !!
- # You need to do all access control at the controller level.
- #
- # Example:
- # <%%= if_authorized?(:index, User) do link_to('List all users', users_path) end %> |
- # <%%= if_authorized?(:edit, @user) do link_to('Edit this user', edit_user_path) end %> |
- # <%%= if_authorized?(:destroy, @user) do link_to 'Destroy', @user, :confirm => 'Are you sure?', :method => :delete end %>
- #
- #
- def if_authorized?(action, resource, &block)
- if authorized?(action, resource)
- yield action, resource
- end
- end
-
- #
- # Link to user's page ('<%= table_name %>/1')
- #
- # By default, their login is used as link text and link title (tooltip)
- #
- # Takes options
- # * :content_text => 'Content text in place of <%= file_name %>.login', escaped with
- # the standard h() function.
- # * :content_method => :<%= file_name %>_instance_method_to_call_for_content_text
- # * :title_method => :<%= file_name %>_instance_method_to_call_for_title_attribute
- # * as well as link_to()'s standard options
- #
- # Examples:
- # link_to_<%= file_name %> @<%= file_name %>
- # # => <a href="/<%= table_name %>/3" title="barmy">barmy</a>
- #
- # # if you've added a .name attribute:
- # content_tag :span, :class => :vcard do
- # (link_to_<%= file_name %> <%= file_name %>, :class => 'fn n', :title_method => :login, :content_method => :name) +
- # ': ' + (content_tag :span, <%= file_name %>.email, :class => 'email')
- # end
- # # => <span class="vcard"><a href="/<%= table_name %>/3" title="barmy" class="fn n">Cyril Fotheringay-Phipps</a>: <span class="email">barmy@blandings.com</span></span>
- #
- # link_to_<%= file_name %> @<%= file_name %>, :content_text => 'Your user page'
- # # => <a href="/<%= table_name %>/3" title="barmy" class="nickname">Your user page</a>
- #
- def link_to_<%= file_name %>(<%= file_name %>, options={})
- raise "Invalid <%= file_name %>" unless <%= file_name %>
- options.reverse_merge! :content_method => :login, :title_method => :login, :class => :nickname
- content_text = options.delete(:content_text)
- content_text ||= <%= file_name %>.send(options.delete(:content_method))
- options[:title] ||= <%= file_name %>.send(options.delete(:title_method))
- link_to h(content_text), <%= model_controller_routing_name.singularize %>_path(<%= file_name %>), options
- end
-
- #
- # Link to login page using remote ip address as link content
- #
- # The :title (and thus, tooltip) is set to the IP address
- #
- # Examples:
- # link_to_login_with_IP
- # # => <a href="/login" title="169.69.69.69">169.69.69.69</a>
- #
- # link_to_login_with_IP :content_text => 'not signed in'
- # # => <a href="/login" title="169.69.69.69">not signed in</a>
- #
- def link_to_login_with_IP content_text=nil, options={}
- ip_addr = request.remote_ip
- content_text ||= ip_addr
- options.reverse_merge! :title => ip_addr
- if tag = options.delete(:tag)
- content_tag tag, h(content_text), options
- else
- link_to h(content_text), login_path, options
- end
- end
-
- #
- # Link to the current user's page (using link_to_<%= file_name %>) or to the login page
- # (using link_to_login_with_IP).
- #
- def link_to_current_<%= file_name %>(options={})
- if current_<%= file_name %>
- link_to_<%= file_name %> current_<%= file_name %>, options
- else
- content_text = options.delete(:content_text) || 'not signed in'
- # kill ignored options from link_to_<%= file_name %>
- [:content_method, :title_method].each{|opt| options.delete(opt)}
- link_to_login_with_IP content_text, options
- end
- end
-
-end
+++ /dev/null
-require File.dirname(__FILE__) + '/../spec_helper'
-include ApplicationHelper
-include <%= model_controller_class_name %>Helper
-
-describe "<%= model_controller_class_name %>Helper.link_to_<%= file_name %>" do
- before do
- @<%= file_name %> = <%= class_name %>.new({
- :name => '<%= class_name %> Name',
- :login => '<%= file_name %>_name',
- })
- @<%= file_name %>.id = 1 # set non-attr_accessible specifically
- end
-
- it "should give an error on a nil <%= file_name %>" do
- lambda { link_to_<%= file_name %>(nil) }.should raise_error('Invalid <%= file_name %>')
- end
-
- it "should link to the given <%= file_name %>" do
- link_to_<%= file_name %>(@<%= file_name %>).should have_tag("a[href='/<%= table_name %>/1']")
- end
-
- it "should use given link text if :content_text is specified" do
- link_to_<%= file_name %>(@<%= file_name %>, :content_text => 'Hello there!').should have_tag("a", 'Hello there!')
- end
-
- it "should use the login as link text with no :content_method specified" do
- link_to_<%= file_name %>(@<%= file_name %>).should have_tag("a", '<%= file_name %>_name')
- end
-
- it "should use the name as link text with :content_method => :name" do
- link_to_<%= file_name %>(@<%= file_name %>, :content_method => :name).should have_tag("a", '<%= class_name %> Name')
- end
-
- it "should use the login as title with no :title_method specified" do
- link_to_<%= file_name %>(@<%= file_name %>).should have_tag("a[title='<%= file_name %>_name']")
- end
-
- it "should use the name as link title with :content_method => :name" do
- link_to_<%= file_name %>(@<%= file_name %>, :title_method => :name).should have_tag("a[title='<%= class_name %> Name']")
- end
-
- it "should have nickname as a class by default" do
- link_to_<%= file_name %>(@<%= file_name %>).should have_tag("a.nickname")
- end
-
- it "should take other classes and no longer have the nickname class" do
- result = link_to_<%= file_name %>(@<%= file_name %>, :class => 'foo bar')
- result.should have_tag("a.foo")
- result.should have_tag("a.bar")
- end
-end
-
-describe "<%= model_controller_class_name %>Helper.link_to_signin_with_IP" do
- before do
- end
-
- it "should link to the signin_path" do
- link_to_signin_with_IP().should have_tag("a[href='/signin']")
- end
-
- it "should use given link text if :content_text is specified" do
- link_to_signin_with_IP(:content_text => 'Hello there!').should have_tag("a", 'Hello there!')
- end
-
- it "should use the login as link text with no :content_method specified" do
- link_to_signin_with_IP().should have_tag("a", '0.0.0.0')
- end
-
- it "should use the ip address as title" do
- link_to_signin_with_IP().should have_tag("a[title='0.0.0.0']")
- end
-
- it "should by default be like school in summer and have no class" do
- link_to_signin_with_IP().should_not have_tag("a.nickname")
- end
-
- it "should have some class if you tell it to" do
- result = link_to_signin_with_IP(:class => 'foo bar')
- result.should have_tag("a.foo")
- result.should have_tag("a.bar")
- end
-end
-
-describe "<%= model_controller_class_name %>Helper.link_to_current_<%= file_name %>, When logged in" do
- fixtures :<%= table_name %>
- include AuthenticatedTestHelper
- before do
- login_as(:quentin)
- end
-
- it "should link to the given <%= file_name %>" do
- link_to_current_<%= file_name %>().should have_tag("a[href='/<%= table_name %>/1']")
- end
-
- it "should use given link text if :content_text is specified" do
- link_to_current_user(:content_text => 'Hello there!').should have_tag("a", 'Hello there!')
- end
-
- it "should use the login as link text with no :content_method specified" do
- link_to_current_user().should have_tag("a", 'quentin')
- end
-
- it "should use the name as link text with :content_method => :name" do
- link_to_current_user(:content_method => :name).should have_tag("a", 'Quentin')
- end
-
- it "should use the login as title with no :title_method specified" do
- link_to_current_user().should have_tag("a[title='quentin']")
- end
-
- it "should use the name as link title with :content_method => :name" do
- link_to_current_user(:title_method => :name).should have_tag("a[title='Quentin']")
- end
-
- it "should have nickname as a class" do
- link_to_current_user().should have_tag("a.nickname")
- end
-
- it "should take other classes and no longer have the nickname class" do
- result = link_to_current_user(:class => 'foo bar')
- result.should have_tag("a.foo")
- result.should have_tag("a.bar")
- end
-end
-
-
-
-describe "<%= model_controller_class_name %>Helper.link_to_current_user, When logged out" do
- include AuthenticatedTestHelper
- before do
- end
-
- it "should link to the signin_path" do
- link_to_current_user().should have_tag("a[href='/signin']")
- end
-
- it "should use given link text if :content_text is specified" do
- link_to_current_user(:content_text => 'Hello there!').should have_tag("a", 'Hello there!')
- end
-
- it "should use the IP address as link text with no :content_method specified" do
- link_to_current_user().should have_tag("a", '0.0.0.0')
- end
-
- it "should use the ip address as title" do
- link_to_current_user().should have_tag("a[title='0.0.0.0']")
- end
-
- it "should by default be like school in summer and have no class" do
- link_to_current_user().should_not have_tag("a.nickname")
- end
-
- it "should have some class if you tell it to" do
- result = link_to_current_user(:class => 'foo bar')
- result.should have_tag("a.foo")
- result.should have_tag("a.bar")
- end
-end
+++ /dev/null
-class <%= class_name %>Observer < ActiveRecord::Observer
- def after_create(<%= file_name %>)
- <%= class_name %>Mailer.deliver_signup_notification(<%= file_name %>)
- end
-
- def after_save(<%= file_name %>)
- <% if options[:include_activation] %>
- <%= class_name %>Mailer.deliver_activation(<%= file_name %>) if <%= file_name %>.recently_activated?
- <% end %>
- end
-end
+++ /dev/null
-<h1>Sign up as a new user</h1>
-<%% @<%= file_name %>.password = @<%= file_name %>.password_confirmation = nil %>
-
-<%%= error_messages_for :<%= file_name %> %>
-<%% form_for :<%= file_name %>, :url => <%= model_controller_routing_name %>_path do |f| -%>
-<p><%%= label_tag 'login' %><br/>
-<%%= f.text_field :login %></p>
-
-<p><%%= label_tag 'email' %><br/>
-<%%= f.text_field :email %></p>
-
-<p><%%= label_tag 'password' %><br/>
-<%%= f.password_field :password %></p>
-
-<p><%%= label_tag 'password_confirmation', 'Confirm Password' %><br/>
-<%%= f.password_field :password_confirmation %></p>
-
-<p><%%= submit_tag 'Sign up' %></p>
-<%% end -%>
+++ /dev/null
-Your account has been created.
-
- Username: <%%=h @<%= file_name %>.login %>
- Password: <%%=h @<%= file_name %>.password %>
-
-Visit this url to activate your account:
-
- <%%=h @url %>
+++ /dev/null
-
-# A Site key gives additional protection against a dictionary attack if your
-# DB is ever compromised. With no site key, we store
-# DB_password = hash(user_password, DB_user_salt)
-# If your database were to be compromised you'd be vulnerable to a dictionary
-# attack on all your stupid users' passwords. With a site key, we store
-# DB_password = hash(user_password, DB_user_salt, Code_site_key)
-# That means an attacker needs access to both your site's code *and* its
-# database to mount an "offline dictionary attack.":http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/web-authentication.html
-#
-# It's probably of minor importance, but recommended by best practices: 'defense
-# in depth'. Needless to say, if you upload this to github or the youtubes or
-# otherwise place it in public view you'll kinda defeat the point. Your users'
-# passwords are still secure, and the world won't end, but defense_in_depth -= 1.
-#
-# Please note: if you change this, all the passwords will be invalidated, so DO
-# keep it someplace secure. Use the random value given or type in the lyrics to
-# your favorite Jay-Z song or something; any moderately long, unpredictable text.
-REST_AUTH_SITE_KEY = '<%= $rest_auth_site_key_from_generator %>'
-
-# Repeated applications of the hash make brute force (even with a compromised
-# database and site key) harder, and scale with Moore's law.
-#
-# bq. "To squeeze the most security out of a limited-entropy password or
-# passphrase, we can use two techniques [salting and stretching]... that are
-# so simple and obvious that they should be used in every password system.
-# There is really no excuse not to use them." http://tinyurl.com/37lb73
-# Practical Security (Ferguson & Scheier) p350
-#
-# A modest 10 foldings (the default here) adds 3ms. This makes brute forcing 10
-# times harder, while reducing an app that otherwise serves 100 reqs/s to 78 signin
-# reqs/s, an app that does 10reqs/s to 9.7 reqs/s
-#
-# More:
-# * http://www.owasp.org/index.php/Hashing_Java
-# * "An Illustrated Guide to Cryptographic Hashes":http://www.unixwiz.net/techtips/iguide-crypto-hashes.html
-
-REST_AUTH_DIGEST_STRETCHES = <%= $rest_auth_digest_stretches_from_generator %>
+++ /dev/null
-require File.dirname(__FILE__) + '<%= ('/..'*controller_class_nesting_depth) + '/../spec_helper' %>'
- # Be sure to include AuthenticatedTestHelper in spec/spec_helper.rb instead
-# Then, you can remove it from this and the units test.
-include AuthenticatedTestHelper
-
-#
-# A test controller with and without access controls
-#
-class AccessControlTestController < ApplicationController
- before_filter :login_required, :only => :login_is_required
- def login_is_required
- respond_to do |format|
- @foo = { 'success' => params[:format]||'no fmt given'}
- format.html do render :text => "success" end
- format.xml do render :xml => @foo, :status => :ok end
- format.json do render :json => @foo, :status => :ok end
- end
- end
- def login_not_required
- respond_to do |format|
- @foo = { 'success' => params[:format]||'no fmt given'}
- format.html do render :text => "success" end
- format.xml do render :xml => @foo, :status => :ok end
- format.json do render :json => @foo, :status => :ok end
- end
- end
-end
-
-#
-# Access Control
-#
-
-ACCESS_CONTROL_FORMATS = [
- ['', "success"],
- ['xml', "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<hash>\n <success>xml</success>\n</hash>\n"],
- ['json', "{\"success\": \"json\"}"],]
-ACCESS_CONTROL_AM_I_LOGGED_IN = [
- [:i_am_logged_in, :quentin],
- [:i_am_not_logged_in, nil],]
-ACCESS_CONTROL_IS_LOGIN_REQD = [
- :login_not_required,
- :login_is_required,]
-
-describe AccessControlTestController do
- fixtures :<%= table_name %>
- before do
- # is there a better way to do this?
- ActionController::Routing::Routes.add_route '/login_is_required', :controller => 'access_control_test', :action => 'login_is_required'
- ActionController::Routing::Routes.add_route '/login_not_required', :controller => 'access_control_test', :action => 'login_not_required'
- end
-
- ACCESS_CONTROL_FORMATS.each do |format, success_text|
- ACCESS_CONTROL_AM_I_LOGGED_IN.each do |logged_in_status, <%= file_name %>_login|
- ACCESS_CONTROL_IS_LOGIN_REQD.each do |login_reqd_status|
- describe "requesting #{format.blank? ? 'html' : format}; #{logged_in_status.to_s.humanize} and #{login_reqd_status.to_s.humanize}" do
- before do
- logout_keeping_session!
- @<%= file_name %> = format.blank? ? login_as(<%= file_name %>_login) : authorize_as(<%= file_name %>_login)
- get login_reqd_status.to_s, :format => format
- end
-
- if ((login_reqd_status == :login_not_required) ||
- (login_reqd_status == :login_is_required && logged_in_status == :i_am_logged_in))
- it "succeeds" do
- response.should have_text(success_text)
- response.code.to_s.should == '200'
- end
-
- elsif (login_reqd_status == :login_is_required && logged_in_status == :i_am_not_logged_in)
- if ['html', ''].include? format
- it "redirects me to the log in page" do
- response.should redirect_to('/<%= controller_routing_path %>/new')
- end
- else
- it "returns 'Access denied' and a 406 (Access Denied) status code" do
- response.should have_text("HTTP Basic: Access denied.\n")
- response.code.to_s.should == '401'
- end
- end
-
- else
- warn "Oops no case for #{format} and #{logged_in_status.to_s.humanize} and #{login_reqd_status.to_s.humanize}"
- end
- end # describe
-
- end
- end
- end # cases
-
-end
+++ /dev/null
-require File.dirname(__FILE__) + '<%= ('/..'*controller_class_nesting_depth) + '/../spec_helper' %>'
-
-# Be sure to include AuthenticatedTestHelper in spec/spec_helper.rb instead
-# Then, you can remove it from this and the units test.
-include AuthenticatedTestHelper
-include AuthenticatedSystem
-def action_name() end
-
-describe <%= controller_class_name %>Controller do
- fixtures :<%= table_name %>
-
- before do
- # FIXME -- <%= controller_file_name %> controller not testing xml logins
- stub!(:authenticate_with_http_basic).and_return nil
- end
- describe "logout_killing_session!" do
- before do
- login_as :quentin
- stub!(:reset_session)
- end
- it 'resets the session' do should_receive(:reset_session); logout_killing_session! end
- it 'kills my auth_token cookie' do should_receive(:kill_remember_cookie!); logout_killing_session! end
- it 'nils the current <%= file_name %>' do logout_killing_session!; current_<%= file_name %>.should be_nil end
- it 'kills :<%= file_name %>_id session' do
- session.stub!(:[]=)
- session.should_receive(:[]=).with(:<%= file_name %>_id, nil).at_least(:once)
- logout_killing_session!
- end
- it 'forgets me' do
- current_<%= file_name %>.remember_me
- current_<%= file_name %>.remember_token.should_not be_nil; current_<%= file_name %>.remember_token_expires_at.should_not be_nil
- <%= class_name %>.find(1).remember_token.should_not be_nil; <%= class_name %>.find(1).remember_token_expires_at.should_not be_nil
- logout_killing_session!
- <%= class_name %>.find(1).remember_token.should be_nil; <%= class_name %>.find(1).remember_token_expires_at.should be_nil
- end
- end
-
- describe "logout_keeping_session!" do
- before do
- login_as :quentin
- stub!(:reset_session)
- end
- it 'does not reset the session' do should_not_receive(:reset_session); logout_keeping_session! end
- it 'kills my auth_token cookie' do should_receive(:kill_remember_cookie!); logout_keeping_session! end
- it 'nils the current <%= file_name %>' do logout_keeping_session!; current_<%= file_name %>.should be_nil end
- it 'kills :<%= file_name %>_id session' do
- session.stub!(:[]=)
- session.should_receive(:[]=).with(:<%= file_name %>_id, nil).at_least(:once)
- logout_keeping_session!
- end
- it 'forgets me' do
- current_<%= file_name %>.remember_me
- current_<%= file_name %>.remember_token.should_not be_nil; current_<%= file_name %>.remember_token_expires_at.should_not be_nil
- <%= class_name %>.find(1).remember_token.should_not be_nil; <%= class_name %>.find(1).remember_token_expires_at.should_not be_nil
- logout_keeping_session!
- <%= class_name %>.find(1).remember_token.should be_nil; <%= class_name %>.find(1).remember_token_expires_at.should be_nil
- end
- end
-
- describe 'When logged out' do
- it "should not be authorized?" do
- authorized?().should be_false
- end
- end
-
- #
- # Cookie Login
- #
- describe "Logging in by cookie" do
- def set_remember_token token, time
- @<%= file_name %>[:remember_token] = token;
- @<%= file_name %>[:remember_token_expires_at] = time
- @<%= file_name %>.save!
- end
- before do
- @<%= file_name %> = <%= class_name %>.find(:first);
- set_remember_token 'hello!', 5.minutes.from_now
- end
- it 'logs in with cookie' do
- stub!(:cookies).and_return({ :auth_token => 'hello!' })
- logged_in?.should be_true
- end
-
- it 'fails cookie login with bad cookie' do
- should_receive(:cookies).at_least(:once).and_return({ :auth_token => 'i_haxxor_joo' })
- logged_in?.should_not be_true
- end
-
- it 'fails cookie login with no cookie' do
- set_remember_token nil, nil
- should_receive(:cookies).at_least(:once).and_return({ })
- logged_in?.should_not be_true
- end
-
- it 'fails expired cookie login' do
- set_remember_token 'hello!', 5.minutes.ago
- stub!(:cookies).and_return({ :auth_token => 'hello!' })
- logged_in?.should_not be_true
- end
- end
-
-end
+++ /dev/null
-require File.dirname(__FILE__) + '<%= ('/..'*controller_class_nesting_depth) + '/../spec_helper' %>'
-
-# Be sure to include AuthenticatedTestHelper in spec/spec_helper.rb instead
-# Then, you can remove it from this and the units test.
-include AuthenticatedTestHelper
-
-describe <%= controller_class_name %>Controller do
- fixtures :<%= table_name %>
- before do
- @<%= file_name %> = mock_<%= file_name %>
- @login_params = { :login => 'quentin', :password => 'test' }
- <%= class_name %>.stub!(:authenticate).with(@login_params[:login], @login_params[:password]).and_return(@<%= file_name %>)
- end
- def do_create
- post :create, @login_params
- end
- describe "on successful login," do
- [ [:nil, nil, nil],
- [:expired, 'valid_token', 15.minutes.ago],
- [:different, 'i_haxxor_joo', 15.minutes.from_now],
- [:valid, 'valid_token', 15.minutes.from_now]
- ].each do |has_request_token, token_value, token_expiry|
- [ true, false ].each do |want_remember_me|
- describe "my request cookie token is #{has_request_token.to_s}," do
- describe "and ask #{want_remember_me ? 'to' : 'not to'} be remembered" do
- before do
- @ccookies = mock('cookies')
- controller.stub!(:cookies).and_return(@ccookies)
- @ccookies.stub!(:[]).with(:auth_token).and_return(token_value)
- @ccookies.stub!(:delete).with(:auth_token)
- @ccookies.stub!(:[]=)
- @<%= file_name %>.stub!(:remember_me)
- @<%= file_name %>.stub!(:refresh_token)
- @<%= file_name %>.stub!(:forget_me)
- @<%= file_name %>.stub!(:remember_token).and_return(token_value)
- @<%= file_name %>.stub!(:remember_token_expires_at).and_return(token_expiry)
- @<%= file_name %>.stub!(:remember_token?).and_return(has_request_token == :valid)
- if want_remember_me
- @login_params[:remember_me] = '1'
- else
- @login_params[:remember_me] = '0'
- end
- end
- it "kills existing login" do controller.should_receive(:logout_keeping_session!); do_create; end
- it "authorizes me" do do_create; controller.send(:authorized?).should be_true; end
- it "logs me in" do do_create; controller.send(:logged_in?).should be_true end
- it "greets me nicely" do do_create; response.flash[:notice].should =~ /success/i end
- it "sets/resets/expires cookie" do controller.should_receive(:handle_remember_cookie!).with(want_remember_me); do_create end
- it "sends a cookie" do controller.should_receive(:send_remember_cookie!); do_create end
- it 'redirects to the home page' do do_create; response.should redirect_to('/') end
- it "does not reset my session" do controller.should_not_receive(:reset_session).and_return nil; do_create end # change if you uncomment the reset_session path
- if (has_request_token == :valid)
- it 'does not make new token' do @<%= file_name %>.should_not_receive(:remember_me); do_create end
- it 'does refresh token' do @<%= file_name %>.should_receive(:refresh_token); do_create end
- it "sets an auth cookie" do do_create; end
- else
- if want_remember_me
- it 'makes a new token' do @<%= file_name %>.should_receive(:remember_me); do_create end
- it "does not refresh token" do @<%= file_name %>.should_not_receive(:refresh_token); do_create end
- it "sets an auth cookie" do do_create; end
- else
- it 'does not make new token' do @<%= file_name %>.should_not_receive(:remember_me); do_create end
- it 'does not refresh token' do @<%= file_name %>.should_not_receive(:refresh_token); do_create end
- it 'kills user token' do @<%= file_name %>.should_receive(:forget_me); do_create end
- end
- end
- end # inner describe
- end
- end
- end
- end
-
- describe "on failed login" do
- before do
- <%= class_name %>.should_receive(:authenticate).with(anything(), anything()).and_return(nil)
- login_as :quentin
- end
- it 'logs out keeping session' do controller.should_receive(:logout_keeping_session!); do_create end
- it 'flashes an error' do do_create; flash[:error].should =~ /Couldn't log you in as 'quentin'/ end
- it 'renders the log in page' do do_create; response.should render_template('new') end
- it "doesn't log me in" do do_create; controller.send(:logged_in?).should == false end
- it "doesn't send password back" do
- @login_params[:password] = 'FROBNOZZ'
- do_create
- response.should_not have_text(/FROBNOZZ/i)
- end
- end
-
- describe "on signout" do
- def do_destroy
- get :destroy
- end
- before do
- login_as :quentin
- end
- it 'logs me out' do controller.should_receive(:logout_killing_session!); do_destroy end
- it 'redirects me to the home page' do do_destroy; response.should be_redirect end
- end
-
-end
-
-describe <%= controller_class_name %>Controller do
- describe "route generation" do
- it "should route the new <%= controller_controller_name %> action correctly" do
- route_for(:controller => '<%= controller_controller_name %>', :action => 'new').should == "/login"
- end
- it "should route the create <%= controller_controller_name %> correctly" do
- route_for(:controller => '<%= controller_controller_name %>', :action => 'create').should == "/<%= controller_routing_path %>"
- end
- it "should route the destroy <%= controller_controller_name %> action correctly" do
- route_for(:controller => '<%= controller_controller_name %>', :action => 'destroy').should == "/logout"
- end
- end
-
- describe "route recognition" do
- it "should generate params from GET /login correctly" do
- params_from(:get, '/login').should == {:controller => '<%= controller_controller_name %>', :action => 'new'}
- end
- it "should generate params from POST /<%= controller_routing_path %> correctly" do
- params_from(:post, '/<%= controller_routing_path %>').should == {:controller => '<%= controller_controller_name %>', :action => 'create'}
- end
- it "should generate params from DELETE /<%= controller_routing_path %> correctly" do
- params_from(:delete, '/logout').should == {:controller => '<%= controller_controller_name %>', :action => 'destroy'}
- end
- end
-
- describe "named routing" do
- before(:each) do
- get :new
- end
- it "should route <%= controller_routing_name %>_path() correctly" do
- <%= controller_routing_name %>_path().should == "/<%= controller_routing_path %>"
- end
- it "should route new_<%= controller_routing_name %>_path() correctly" do
- new_<%= controller_routing_name %>_path().should == "/<%= controller_routing_path %>/new"
- end
- end
-
-end
+++ /dev/null
-require File.dirname(__FILE__) + '<%= ('/..'*model_controller_class_nesting_depth) + '/../spec_helper' %>'
-
-# Be sure to include AuthenticatedTestHelper in spec/spec_helper.rb instead
-# Then, you can remove it from this and the units test.
-include AuthenticatedTestHelper
-
-describe <%= model_controller_class_name %>Controller do
- fixtures :<%= table_name %>
-
- it 'allows signup' do
- lambda do
- create_<%= file_name %>
- response.should be_redirect
- end.should change(<%= class_name %>, :count).by(1)
- end
-
- <% if options[:stateful] %>
- it 'signs up user in pending state' do
- create_<%= file_name %>
- assigns(:<%= file_name %>).reload
- assigns(:<%= file_name %>).should be_pending
- end<% end %>
-
-<% if options[:include_activation] -%>
- it 'signs up user with activation code' do
- create_<%= file_name %>
- assigns(:<%= file_name %>).reload
- assigns(:<%= file_name %>).activation_code.should_not be_nil
- end<% end -%>
-
- it 'requires login on signup' do
- lambda do
- create_<%= file_name %>(:login => nil)
- assigns[:<%= file_name %>].errors.on(:login).should_not be_nil
- response.should be_success
- end.should_not change(<%= class_name %>, :count)
- end
-
- it 'requires password on signup' do
- lambda do
- create_<%= file_name %>(:password => nil)
- assigns[:<%= file_name %>].errors.on(:password).should_not be_nil
- response.should be_success
- end.should_not change(<%= class_name %>, :count)
- end
-
- it 'requires password confirmation on signup' do
- lambda do
- create_<%= file_name %>(:password_confirmation => nil)
- assigns[:<%= file_name %>].errors.on(:password_confirmation).should_not be_nil
- response.should be_success
- end.should_not change(<%= class_name %>, :count)
- end
-
- it 'requires email on signup' do
- lambda do
- create_<%= file_name %>(:email => nil)
- assigns[:<%= file_name %>].errors.on(:email).should_not be_nil
- response.should be_success
- end.should_not change(<%= class_name %>, :count)
- end
-
- <% if options[:include_activation] %>
- it 'activates user' do
- <%= class_name %>.authenticate('aaron', 'monkey').should be_nil
- get :activate, :activation_code => <%= table_name %>(:aaron).activation_code
- response.should redirect_to('/login')
- flash[:notice].should_not be_nil
- flash[:error ].should be_nil
- <%= class_name %>.authenticate('aaron', 'monkey').should == <%= table_name %>(:aaron)
- end
-
- it 'does not activate user without key' do
- get :activate
- flash[:notice].should be_nil
- flash[:error ].should_not be_nil
- end
-
- it 'does not activate user with blank key' do
- get :activate, :activation_code => ''
- flash[:notice].should be_nil
- flash[:error ].should_not be_nil
- end
-
- it 'does not activate user with bogus key' do
- get :activate, :activation_code => 'i_haxxor_joo'
- flash[:notice].should be_nil
- flash[:error ].should_not be_nil
- end<% end %>
-
- def create_<%= file_name %>(options = {})
- post :create, :<%= file_name %> => { :login => 'quire', :email => 'quire@example.com',
- :password => 'quire69', :password_confirmation => 'quire69' }.merge(options)
- end
-end
-
-describe <%= model_controller_class_name %>Controller do
- describe "route generation" do
- it "should route <%= model_controller_controller_name %>'s 'index' action correctly" do
- route_for(:controller => '<%= model_controller_controller_name %>', :action => 'index').should == "/<%= model_controller_routing_path %>"
- end
-
- it "should route <%= model_controller_controller_name %>'s 'new' action correctly" do
- route_for(:controller => '<%= model_controller_controller_name %>', :action => 'new').should == "/signup"
- end
-
- it "should route {:controller => '<%= model_controller_controller_name %>', :action => 'create'} correctly" do
- route_for(:controller => '<%= model_controller_controller_name %>', :action => 'create').should == "/register"
- end
-
- it "should route <%= model_controller_controller_name %>'s 'show' action correctly" do
- route_for(:controller => '<%= model_controller_controller_name %>', :action => 'show', :id => '1').should == "/<%= model_controller_routing_path %>/1"
- end
-
- it "should route <%= model_controller_controller_name %>'s 'edit' action correctly" do
- route_for(:controller => '<%= model_controller_controller_name %>', :action => 'edit', :id => '1').should == "/<%= model_controller_routing_path %>/1/edit"
- end
-
- it "should route <%= model_controller_controller_name %>'s 'update' action correctly" do
- route_for(:controller => '<%= model_controller_controller_name %>', :action => 'update', :id => '1').should == "/<%= model_controller_routing_path %>/1"
- end
-
- it "should route <%= model_controller_controller_name %>'s 'destroy' action correctly" do
- route_for(:controller => '<%= model_controller_controller_name %>', :action => 'destroy', :id => '1').should == "/<%= model_controller_routing_path %>/1"
- end
- end
-
- describe "route recognition" do
- it "should generate params for <%= model_controller_controller_name %>'s index action from GET /<%= model_controller_routing_path %>" do
- params_from(:get, '/<%= model_controller_routing_path %>').should == {:controller => '<%= model_controller_controller_name %>', :action => 'index'}
- params_from(:get, '/<%= model_controller_routing_path %>.xml').should == {:controller => '<%= model_controller_controller_name %>', :action => 'index', :format => 'xml'}
- params_from(:get, '/<%= model_controller_routing_path %>.json').should == {:controller => '<%= model_controller_controller_name %>', :action => 'index', :format => 'json'}
- end
-
- it "should generate params for <%= model_controller_controller_name %>'s new action from GET /<%= model_controller_routing_path %>" do
- params_from(:get, '/<%= model_controller_routing_path %>/new').should == {:controller => '<%= model_controller_controller_name %>', :action => 'new'}
- params_from(:get, '/<%= model_controller_routing_path %>/new.xml').should == {:controller => '<%= model_controller_controller_name %>', :action => 'new', :format => 'xml'}
- params_from(:get, '/<%= model_controller_routing_path %>/new.json').should == {:controller => '<%= model_controller_controller_name %>', :action => 'new', :format => 'json'}
- end
-
- it "should generate params for <%= model_controller_controller_name %>'s create action from POST /<%= model_controller_routing_path %>" do
- params_from(:post, '/<%= model_controller_routing_path %>').should == {:controller => '<%= model_controller_controller_name %>', :action => 'create'}
- params_from(:post, '/<%= model_controller_routing_path %>.xml').should == {:controller => '<%= model_controller_controller_name %>', :action => 'create', :format => 'xml'}
- params_from(:post, '/<%= model_controller_routing_path %>.json').should == {:controller => '<%= model_controller_controller_name %>', :action => 'create', :format => 'json'}
- end
-
- it "should generate params for <%= model_controller_controller_name %>'s show action from GET /<%= model_controller_routing_path %>/1" do
- params_from(:get , '/<%= model_controller_routing_path %>/1').should == {:controller => '<%= model_controller_controller_name %>', :action => 'show', :id => '1'}
- params_from(:get , '/<%= model_controller_routing_path %>/1.xml').should == {:controller => '<%= model_controller_controller_name %>', :action => 'show', :id => '1', :format => 'xml'}
- params_from(:get , '/<%= model_controller_routing_path %>/1.json').should == {:controller => '<%= model_controller_controller_name %>', :action => 'show', :id => '1', :format => 'json'}
- end
-
- it "should generate params for <%= model_controller_controller_name %>'s edit action from GET /<%= model_controller_routing_path %>/1/edit" do
- params_from(:get , '/<%= model_controller_routing_path %>/1/edit').should == {:controller => '<%= model_controller_controller_name %>', :action => 'edit', :id => '1'}
- end
-
- it "should generate params {:controller => '<%= model_controller_controller_name %>', :action => update', :id => '1'} from PUT /<%= model_controller_routing_path %>/1" do
- params_from(:put , '/<%= model_controller_routing_path %>/1').should == {:controller => '<%= model_controller_controller_name %>', :action => 'update', :id => '1'}
- params_from(:put , '/<%= model_controller_routing_path %>/1.xml').should == {:controller => '<%= model_controller_controller_name %>', :action => 'update', :id => '1', :format => 'xml'}
- params_from(:put , '/<%= model_controller_routing_path %>/1.json').should == {:controller => '<%= model_controller_controller_name %>', :action => 'update', :id => '1', :format => 'json'}
- end
-
- it "should generate params for <%= model_controller_controller_name %>'s destroy action from DELETE /<%= model_controller_routing_path %>/1" do
- params_from(:delete, '/<%= model_controller_routing_path %>/1').should == {:controller => '<%= model_controller_controller_name %>', :action => 'destroy', :id => '1'}
- params_from(:delete, '/<%= model_controller_routing_path %>/1.xml').should == {:controller => '<%= model_controller_controller_name %>', :action => 'destroy', :id => '1', :format => 'xml'}
- params_from(:delete, '/<%= model_controller_routing_path %>/1.json').should == {:controller => '<%= model_controller_controller_name %>', :action => 'destroy', :id => '1', :format => 'json'}
- end
- end
-
- describe "named routing" do
- before(:each) do
- get :new
- end
-
- it "should route <%= model_controller_routing_name %>_path() to /<%= model_controller_routing_path %>" do
- <%= model_controller_routing_name %>_path().should == "/<%= model_controller_routing_path %>"
- formatted_<%= model_controller_routing_name %>_path(:format => 'xml').should == "/<%= model_controller_routing_path %>.xml"
- formatted_<%= model_controller_routing_name %>_path(:format => 'json').should == "/<%= model_controller_routing_path %>.json"
- end
-
- it "should route new_<%= model_controller_routing_name.singularize %>_path() to /<%= model_controller_routing_path %>/new" do
- new_<%= model_controller_routing_name.singularize %>_path().should == "/<%= model_controller_routing_path %>/new"
- formatted_new_<%= model_controller_routing_name.singularize %>_path(:format => 'xml').should == "/<%= model_controller_routing_path %>/new.xml"
- formatted_new_<%= model_controller_routing_name.singularize %>_path(:format => 'json').should == "/<%= model_controller_routing_path %>/new.json"
- end
-
- it "should route <%= model_controller_routing_name.singularize %>_(:id => '1') to /<%= model_controller_routing_path %>/1" do
- <%= model_controller_routing_name.singularize %>_path(:id => '1').should == "/<%= model_controller_routing_path %>/1"
- formatted_<%= model_controller_routing_name.singularize %>_path(:id => '1', :format => 'xml').should == "/<%= model_controller_routing_path %>/1.xml"
- formatted_<%= model_controller_routing_name.singularize %>_path(:id => '1', :format => 'json').should == "/<%= model_controller_routing_path %>/1.json"
- end
-
- it "should route edit_<%= model_controller_routing_name.singularize %>_path(:id => '1') to /<%= model_controller_routing_path %>/1/edit" do
- edit_<%= model_controller_routing_name.singularize %>_path(:id => '1').should == "/<%= model_controller_routing_path %>/1/edit"
- end
- end
-
-end
+++ /dev/null
-<%
- ## this code must match that in templates/model.rb
- require 'digest/sha1'
- def make_fake_token
- @fake_token_counter ||= 0
- @fake_token_counter += 1
- Digest::SHA1.hexdigest(@fake_token_counter.to_s)
- end
- salts = (1..2).map{ make_fake_token }
- passwds = salts.map{ |salt| password_digest('monkey', salt) }
--%>
-
-quentin:
- id: 1
- login: quentin
- email: quentin@example.com
- salt: <%= salts[0] %> # SHA1('0')
- crypted_password: <%= passwds[0] %> # 'monkey'
- created_at: <%%= 5.days.ago.to_s :db %>
- remember_token_expires_at: <%%= 1.days.from_now.to_s %>
- remember_token: <%= make_fake_token %>
-<% if options[:include_activation] -%>
- activation_code:
- activated_at: <%%= 5.days.ago.to_s :db %>
-<% end -%>
-<% if options[:stateful] -%>
- state: active
-<% end -%>
-
-aaron:
- id: 2
- login: aaron
- email: aaron@example.com
- salt: <%= salts[1] %> # SHA1('1')
- crypted_password: <%= passwds[1] %> # 'monkey'
- created_at: <%%= 1.days.ago.to_s :db %>
- remember_token_expires_at:
- remember_token:
-<% if options[:include_activation] -%>
- activation_code: <%= make_fake_token %>
- activated_at:
-<% end -%>
-<% if options[:stateful] %>
- state: pending
-<% end -%>
-
-
-old_password_holder:
- id: 3
- login: old_password_holder
- email: salty_dog@example.com
- salt: 7e3041ebc2fc05a40c60028e2c4901a81035d3cd
- crypted_password: 00742970dc9e6319f8019fd54864d3ea740f04b1 # test
- created_at: <%%= 1.days.ago.to_s :db %>
-<% if options[:include_activation] %>
- activation_code:
- activated_at: <%%= 5.days.ago.to_s :db %>
-<% end %>
-<% if options[:stateful] %>
- state: active<% end %>
+++ /dev/null
-require File.dirname(__FILE__) + '<%= ('/..'*model_controller_class_nesting_depth) + '/../spec_helper' %>'
-include ApplicationHelper
-include <%= model_controller_class_name %>Helper
-include AuthenticatedTestHelper
-
-describe <%= model_controller_class_name %>Helper do
- before do
- @<%= file_name %> = mock_<%= file_name %>
- end
-
- describe "if_authorized" do
- it "yields if authorized" do
- should_receive(:authorized?).with('a','r').and_return(true)
- if_authorized?('a','r'){|action,resource| [action,resource,'hi'] }.should == ['a','r','hi']
- end
- it "does nothing if not authorized" do
- should_receive(:authorized?).with('a','r').and_return(false)
- if_authorized?('a','r'){ 'hi' }.should be_nil
- end
- end
-
- describe "link_to_<%= file_name %>" do
- it "should give an error on a nil <%= file_name %>" do
- lambda { link_to_<%= file_name %>(nil) }.should raise_error('Invalid <%= file_name %>')
- end
- it "should link to the given <%= file_name %>" do
- should_receive(:<%= model_controller_routing_name.singularize %>_path).at_least(:once).and_return('/<%= model_controller_file_path %>/1')
- link_to_<%= file_name %>(@<%= file_name %>).should have_tag("a[href='/<%= model_controller_file_path %>/1']")
- end
- it "should use given link text if :content_text is specified" do
- link_to_<%= file_name %>(@<%= file_name %>, :content_text => 'Hello there!').should have_tag("a", 'Hello there!')
- end
- it "should use the login as link text with no :content_method specified" do
- link_to_<%= file_name %>(@<%= file_name %>).should have_tag("a", 'user_name')
- end
- it "should use the name as link text with :content_method => :name" do
- link_to_<%= file_name %>(@<%= file_name %>, :content_method => :name).should have_tag("a", 'U. Surname')
- end
- it "should use the login as title with no :title_method specified" do
- link_to_<%= file_name %>(@<%= file_name %>).should have_tag("a[title='user_name']")
- end
- it "should use the name as link title with :content_method => :name" do
- link_to_<%= file_name %>(@<%= file_name %>, :title_method => :name).should have_tag("a[title='U. Surname']")
- end
- it "should have nickname as a class by default" do
- link_to_<%= file_name %>(@<%= file_name %>).should have_tag("a.nickname")
- end
- it "should take other classes and no longer have the nickname class" do
- result = link_to_<%= file_name %>(@<%= file_name %>, :class => 'foo bar')
- result.should have_tag("a.foo")
- result.should have_tag("a.bar")
- end
- end
-
- describe "link_to_login_with_IP" do
- it "should link to the login_path" do
- link_to_login_with_IP().should have_tag("a[href='/login']")
- end
- it "should use given link text if :content_text is specified" do
- link_to_login_with_IP('Hello there!').should have_tag("a", 'Hello there!')
- end
- it "should use the login as link text with no :content_method specified" do
- link_to_login_with_IP().should have_tag("a", '0.0.0.0')
- end
- it "should use the ip address as title" do
- link_to_login_with_IP().should have_tag("a[title='0.0.0.0']")
- end
- it "should by default be like school in summer and have no class" do
- link_to_login_with_IP().should_not have_tag("a.nickname")
- end
- it "should have some class if you tell it to" do
- result = link_to_login_with_IP(nil, :class => 'foo bar')
- result.should have_tag("a.foo")
- result.should have_tag("a.bar")
- end
- it "should have some class if you tell it to" do
- result = link_to_login_with_IP(nil, :tag => 'abbr')
- result.should have_tag("abbr[title='0.0.0.0']")
- end
- end
-
- describe "link_to_current_<%= file_name %>, When logged in" do
- before do
- stub!(:current_<%= file_name %>).and_return(@<%= file_name %>)
- end
- it "should link to the given <%= file_name %>" do
- should_receive(:<%= model_controller_routing_name.singularize %>_path).at_least(:once).and_return('/<%= model_controller_file_path %>/1')
- link_to_current_<%= file_name %>().should have_tag("a[href='/<%= model_controller_file_path %>/1']")
- end
- it "should use given link text if :content_text is specified" do
- link_to_current_<%= file_name %>(:content_text => 'Hello there!').should have_tag("a", 'Hello there!')
- end
- it "should use the login as link text with no :content_method specified" do
- link_to_current_<%= file_name %>().should have_tag("a", 'user_name')
- end
- it "should use the name as link text with :content_method => :name" do
- link_to_current_<%= file_name %>(:content_method => :name).should have_tag("a", 'U. Surname')
- end
- it "should use the login as title with no :title_method specified" do
- link_to_current_<%= file_name %>().should have_tag("a[title='user_name']")
- end
- it "should use the name as link title with :content_method => :name" do
- link_to_current_<%= file_name %>(:title_method => :name).should have_tag("a[title='U. Surname']")
- end
- it "should have nickname as a class" do
- link_to_current_<%= file_name %>().should have_tag("a.nickname")
- end
- it "should take other classes and no longer have the nickname class" do
- result = link_to_current_<%= file_name %>(:class => 'foo bar')
- result.should have_tag("a.foo")
- result.should have_tag("a.bar")
- end
- end
-
- describe "link_to_current_<%= file_name %>, When logged out" do
- before do
- stub!(:current_<%= file_name %>).and_return(nil)
- end
- it "should link to the login_path" do
- link_to_current_<%= file_name %>().should have_tag("a[href='/login']")
- end
- it "should use given link text if :content_text is specified" do
- link_to_current_<%= file_name %>(:content_text => 'Hello there!').should have_tag("a", 'Hello there!')
- end
- it "should use 'not signed in' as link text with no :content_method specified" do
- link_to_current_<%= file_name %>().should have_tag("a", 'not signed in')
- end
- it "should use the ip address as title" do
- link_to_current_<%= file_name %>().should have_tag("a[title='0.0.0.0']")
- end
- it "should by default be like school in summer and have no class" do
- link_to_current_<%= file_name %>().should_not have_tag("a.nickname")
- end
- it "should have some class if you tell it to" do
- result = link_to_current_<%= file_name %>(:class => 'foo bar')
- result.should have_tag("a.foo")
- result.should have_tag("a.bar")
- end
- end
-
-end
+++ /dev/null
-# -*- coding: utf-8 -*-
-require File.dirname(__FILE__) + '<%= ('/..'*model_controller_class_nesting_depth) + '/../spec_helper' %>'
-
-# Be sure to include AuthenticatedTestHelper in spec/spec_helper.rb instead.
-# Then, you can remove it from this and the functional test.
-include AuthenticatedTestHelper
-
-describe <%= class_name %> do
- fixtures :<%= table_name %>
-
- describe 'being created' do
- before do
- @<%= file_name %> = nil
- @creating_<%= file_name %> = lambda do
- @<%= file_name %> = create_<%= file_name %>
- violated "#{@<%= file_name %>.errors.full_messages.to_sentence}" if @<%= file_name %>.new_record?
- end
- end
-
- it 'increments <%= class_name %>#count' do
- @creating_<%= file_name %>.should change(<%= class_name %>, :count).by(1)
- end
-<% if options[:include_activation] %>
- it 'initializes #activation_code' do
- @creating_<%= file_name %>.call
- @<%= file_name %>.reload
- @<%= file_name %>.activation_code.should_not be_nil
- end
-<% end %><% if options[:stateful] %>
- it 'starts in pending state' do
- @creating_<%= file_name %>.call
- @<%= file_name %>.reload
- @<%= file_name %>.should be_pending
- end
-<% end %> end
-
- #
- # Validations
- #
-
- it 'requires login' do
- lambda do
- u = create_<%= file_name %>(:login => nil)
- u.errors.on(:login).should_not be_nil
- end.should_not change(<%= class_name %>, :count)
- end
-
- describe 'allows legitimate logins:' do
- ['123', '1234567890_234567890_234567890_234567890',
- 'hello.-_there@funnychar.com'].each do |login_str|
- it "'#{login_str}'" do
- lambda do
- u = create_<%= file_name %>(:login => login_str)
- u.errors.on(:login).should be_nil
- end.should change(<%= class_name %>, :count).by(1)
- end
- end
- end
- describe 'disallows illegitimate logins:' do
- ['12', '1234567890_234567890_234567890_234567890_', "tab\t", "newline\n",
- "Iñtërnâtiônàlizætiøn hasn't happened to ruby 1.8 yet",
- 'semicolon;', 'quote"', 'tick\'', 'backtick`', 'percent%', 'plus+', 'space '].each do |login_str|
- it "'#{login_str}'" do
- lambda do
- u = create_<%= file_name %>(:login => login_str)
- u.errors.on(:login).should_not be_nil
- end.should_not change(<%= class_name %>, :count)
- end
- end
- end
-
- it 'requires password' do
- lambda do
- u = create_<%= file_name %>(:password => nil)
- u.errors.on(:password).should_not be_nil
- end.should_not change(<%= class_name %>, :count)
- end
-
- it 'requires password confirmation' do
- lambda do
- u = create_<%= file_name %>(:password_confirmation => nil)
- u.errors.on(:password_confirmation).should_not be_nil
- end.should_not change(<%= class_name %>, :count)
- end
-
- it 'requires email' do
- lambda do
- u = create_<%= file_name %>(:email => nil)
- u.errors.on(:email).should_not be_nil
- end.should_not change(<%= class_name %>, :count)
- end
-
- describe 'allows legitimate emails:' do
- ['foo@bar.com', 'foo@newskool-tld.museum', 'foo@twoletter-tld.de', 'foo@nonexistant-tld.qq',
- 'r@a.wk', '1234567890-234567890-234567890-234567890-234567890-234567890-234567890-234567890-234567890@gmail.com',
- 'hello.-_there@funnychar.com', 'uucp%addr@gmail.com', 'hello+routing-str@gmail.com',
- 'domain@can.haz.many.sub.doma.in', 'student.name@university.edu'
- ].each do |email_str|
- it "'#{email_str}'" do
- lambda do
- u = create_<%= file_name %>(:email => email_str)
- u.errors.on(:email).should be_nil
- end.should change(<%= class_name %>, :count).by(1)
- end
- end
- end
- describe 'disallows illegitimate emails' do
- ['!!@nobadchars.com', 'foo@no-rep-dots..com', 'foo@badtld.xxx', 'foo@toolongtld.abcdefg',
- 'Iñtërnâtiônàlizætiøn@hasnt.happened.to.email', 'need.domain.and.tld@de', "tab\t", "newline\n",
- 'r@.wk', '1234567890-234567890-234567890-234567890-234567890-234567890-234567890-234567890-234567890@gmail2.com',
- # these are technically allowed but not seen in practice:
- 'uucp!addr@gmail.com', 'semicolon;@gmail.com', 'quote"@gmail.com', 'tick\'@gmail.com', 'backtick`@gmail.com', 'space @gmail.com', 'bracket<@gmail.com', 'bracket>@gmail.com'
- ].each do |email_str|
- it "'#{email_str}'" do
- lambda do
- u = create_<%= file_name %>(:email => email_str)
- u.errors.on(:email).should_not be_nil
- end.should_not change(<%= class_name %>, :count)
- end
- end
- end
-
- describe 'allows legitimate names:' do
- ['Andre The Giant (7\'4", 520 lb.) -- has a posse',
- '', '1234567890_234567890_234567890_234567890_234567890_234567890_234567890_234567890_234567890_234567890',
- ].each do |name_str|
- it "'#{name_str}'" do
- lambda do
- u = create_<%= file_name %>(:name => name_str)
- u.errors.on(:name).should be_nil
- end.should change(<%= class_name %>, :count).by(1)
- end
- end
- end
- describe "disallows illegitimate names" do
- ["tab\t", "newline\n",
- '1234567890_234567890_234567890_234567890_234567890_234567890_234567890_234567890_234567890_234567890_',
- ].each do |name_str|
- it "'#{name_str}'" do
- lambda do
- u = create_<%= file_name %>(:name => name_str)
- u.errors.on(:name).should_not be_nil
- end.should_not change(<%= class_name %>, :count)
- end
- end
- end
-
- it 'resets password' do
- <%= table_name %>(:quentin).update_attributes(:password => 'new password', :password_confirmation => 'new password')
- <%= class_name %>.authenticate('quentin', 'new password').should == <%= table_name %>(:quentin)
- end
-
- it 'does not rehash password' do
- <%= table_name %>(:quentin).update_attributes(:login => 'quentin2')
- <%= class_name %>.authenticate('quentin2', 'monkey').should == <%= table_name %>(:quentin)
- end
-
- #
- # Authentication
- #
-
- it 'authenticates <%= file_name %>' do
- <%= class_name %>.authenticate('quentin', 'monkey').should == <%= table_name %>(:quentin)
- end
-
- it "doesn't authenticate <%= file_name %> with bad password" do
- <%= class_name %>.authenticate('quentin', 'invalid_password').should be_nil
- end
-
- if REST_AUTH_SITE_KEY.blank?
- # old-school passwords
- it "authenticates a user against a hard-coded old-style password" do
- <%= class_name %>.authenticate('old_password_holder', 'test').should == <%= table_name %>(:old_password_holder)
- end
- else
- it "doesn't authenticate a user against a hard-coded old-style password" do
- <%= class_name %>.authenticate('old_password_holder', 'test').should be_nil
- end
-
- # New installs should bump this up and set REST_AUTH_DIGEST_STRETCHES to give a 10ms encrypt time or so
- desired_encryption_expensiveness_ms = 0.1
- it "takes longer than #{desired_encryption_expensiveness_ms}ms to encrypt a password" do
- test_reps = 100
- start_time = Time.now; test_reps.times{ <%= class_name %>.authenticate('quentin', 'monkey'+rand.to_s) }; end_time = Time.now
- auth_time_ms = 1000 * (end_time - start_time)/test_reps
- auth_time_ms.should > desired_encryption_expensiveness_ms
- end
- end
-
- #
- # Authentication
- #
-
- it 'sets remember token' do
- <%= table_name %>(:quentin).remember_me
- <%= table_name %>(:quentin).remember_token.should_not be_nil
- <%= table_name %>(:quentin).remember_token_expires_at.should_not be_nil
- end
-
- it 'unsets remember token' do
- <%= table_name %>(:quentin).remember_me
- <%= table_name %>(:quentin).remember_token.should_not be_nil
- <%= table_name %>(:quentin).forget_me
- <%= table_name %>(:quentin).remember_token.should be_nil
- end
-
- it 'remembers me for one week' do
- before = 1.week.from_now.utc
- <%= table_name %>(:quentin).remember_me_for 1.week
- after = 1.week.from_now.utc
- <%= table_name %>(:quentin).remember_token.should_not be_nil
- <%= table_name %>(:quentin).remember_token_expires_at.should_not be_nil
- <%= table_name %>(:quentin).remember_token_expires_at.between?(before, after).should be_true
- end
-
- it 'remembers me until one week' do
- time = 1.week.from_now.utc
- <%= table_name %>(:quentin).remember_me_until time
- <%= table_name %>(:quentin).remember_token.should_not be_nil
- <%= table_name %>(:quentin).remember_token_expires_at.should_not be_nil
- <%= table_name %>(:quentin).remember_token_expires_at.should == time
- end
-
- it 'remembers me default two weeks' do
- before = 2.weeks.from_now.utc
- <%= table_name %>(:quentin).remember_me
- after = 2.weeks.from_now.utc
- <%= table_name %>(:quentin).remember_token.should_not be_nil
- <%= table_name %>(:quentin).remember_token_expires_at.should_not be_nil
- <%= table_name %>(:quentin).remember_token_expires_at.between?(before, after).should be_true
- end
-<% if options[:stateful] %>
- it 'registers passive <%= file_name %>' do
- <%= file_name %> = create_<%= file_name %>(:password => nil, :password_confirmation => nil)
- <%= file_name %>.should be_passive
- <%= file_name %>.update_attributes(:password => 'new password', :password_confirmation => 'new password')
- <%= file_name %>.register!
- <%= file_name %>.should be_pending
- end
-
- it 'suspends <%= file_name %>' do
- <%= table_name %>(:quentin).suspend!
- <%= table_name %>(:quentin).should be_suspended
- end
-
- it 'does not authenticate suspended <%= file_name %>' do
- <%= table_name %>(:quentin).suspend!
- <%= class_name %>.authenticate('quentin', 'monkey').should_not == <%= table_name %>(:quentin)
- end
-
- it 'deletes <%= file_name %>' do
- <%= table_name %>(:quentin).deleted_at.should be_nil
- <%= table_name %>(:quentin).delete!
- <%= table_name %>(:quentin).deleted_at.should_not be_nil
- <%= table_name %>(:quentin).should be_deleted
- end
-
- describe "being unsuspended" do
- fixtures :<%= table_name %>
-
- before do
- @<%= file_name %> = <%= table_name %>(:quentin)
- @<%= file_name %>.suspend!
- end
-
- it 'reverts to active state' do
- @<%= file_name %>.unsuspend!
- @<%= file_name %>.should be_active
- end
-
- it 'reverts to passive state if activation_code and activated_at are nil' do
- <%= class_name %>.update_all :activation_code => nil, :activated_at => nil
- @<%= file_name %>.reload.unsuspend!
- @<%= file_name %>.should be_passive
- end
-
- it 'reverts to pending state if activation_code is set and activated_at is nil' do
- <%= class_name %>.update_all :activation_code => 'foo-bar', :activated_at => nil
- @<%= file_name %>.reload.unsuspend!
- @<%= file_name %>.should be_pending
- end
- end
-<% end %>
-protected
- def create_<%= file_name %>(options = {})
- record = <%= class_name %>.new({ :login => 'quire', :email => 'quire@example.com', :password => 'quire69', :password_confirmation => 'quire69' }.merge(options))
- record.<% if options[:stateful] %>register! if record.valid?<% else %>save<% end %>
- record
- end
-end
+++ /dev/null
-require File.dirname(__FILE__) + '/../test_helper'
-require '<%= controller_file_name %>_controller'
-
-# Re-raise errors caught by the controller.
-class <%= controller_class_name %>Controller; def rescue_action(e) raise e end; end
-
-class <%= controller_class_name %>ControllerTest < ActionController::TestCase
- # Be sure to include AuthenticatedTestHelper in test/test_helper.rb instead
- # Then, you can remove it from this and the units test.
- include AuthenticatedTestHelper
-
- fixtures :<%= table_name %>
-
- def test_should_login_and_redirect
- post :create, :login => 'quentin', :password => 'monkey'
- assert session[:<%= file_name %>_id]
- assert_response :redirect
- end
-
- def test_should_fail_login_and_not_redirect
- post :create, :login => 'quentin', :password => 'bad password'
- assert_nil session[:<%= file_name %>_id]
- assert_response :success
- end
-
- def test_should_logout
- login_as :quentin
- get :destroy
- assert_nil session[:<%= file_name %>_id]
- assert_response :redirect
- end
-
- def test_should_remember_me
- @request.cookies["auth_token"] = nil
- post :create, :login => 'quentin', :password => 'monkey', :remember_me => "1"
- assert_not_nil @response.cookies["auth_token"]
- end
-
- def test_should_not_remember_me
- @request.cookies["auth_token"] = nil
- post :create, :login => 'quentin', :password => 'monkey', :remember_me => "0"
- puts @response.cookies["auth_token"]
- assert @response.cookies["auth_token"].blank?
- end
-
- def test_should_delete_token_on_logout
- login_as :quentin
- get :destroy
- assert @response.cookies["auth_token"].blank?
- end
-
- def test_should_login_with_cookie
- <%= table_name %>(:quentin).remember_me
- @request.cookies["auth_token"] = cookie_for(:quentin)
- get :new
- assert @controller.send(:logged_in?)
- end
-
- def test_should_fail_expired_cookie_login
- <%= table_name %>(:quentin).remember_me
- <%= table_name %>(:quentin).update_attribute :remember_token_expires_at, 5.minutes.ago
- @request.cookies["auth_token"] = cookie_for(:quentin)
- get :new
- assert !@controller.send(:logged_in?)
- end
-
- def test_should_fail_cookie_login
- <%= table_name %>(:quentin).remember_me
- @request.cookies["auth_token"] = auth_token('invalid_auth_token')
- get :new
- assert !@controller.send(:logged_in?)
- end
-
- protected
- def auth_token(token)
- CGI::Cookie.new('name' => 'auth_token', 'value' => token)
- end
-
- def cookie_for(<%= file_name %>)
- auth_token <%= table_name %>(<%= file_name %>).remember_token
- end
-end
+++ /dev/null
-require File.dirname(__FILE__) + '/../test_helper'
-require '<%= file_name %>_mailer'
-
-class <%= class_name %>MailerTest < Test::Unit::TestCase
- FIXTURES_PATH = File.dirname(__FILE__) + '/../fixtures'
- CHARSET = "utf-8"
-
- include ActionMailer::Quoting
-
- def setup
- ActionMailer::Base.delivery_method = :test
- ActionMailer::Base.perform_deliveries = true
- ActionMailer::Base.deliveries = []
-
- @expected = TMail::Mail.new
- @expected.set_content_type "text", "plain", { "charset" => CHARSET }
- end
-
- def test_dummy_test
- #do nothing
- end
-
- private
- def read_fixture(action)
- IO.readlines("#{FIXTURES_PATH}/<%= file_name %>_mailer/#{action}")
- end
-
- def encode(subject)
- quoted_printable(subject, CHARSET)
- end
-end
+++ /dev/null
-require File.dirname(__FILE__) + '/../test_helper'
-require '<%= model_controller_file_name %>_controller'
-
-# Re-raise errors caught by the controller.
-class <%= model_controller_class_name %>Controller; def rescue_action(e) raise e end; end
-
-class <%= model_controller_class_name %>ControllerTest < ActionController::TestCase
- # Be sure to include AuthenticatedTestHelper in test/test_helper.rb instead
- # Then, you can remove it from this and the units test.
- include AuthenticatedTestHelper
-
- fixtures :<%= table_name %>
-
- def test_should_allow_signup
- assert_difference '<%= class_name %>.count' do
- create_<%= file_name %>
- assert_response :redirect
- end
- end
-
- def test_should_require_login_on_signup
- assert_no_difference '<%= class_name %>.count' do
- create_<%= file_name %>(:login => nil)
- assert assigns(:<%= file_name %>).errors.on(:login)
- assert_response :success
- end
- end
-
- def test_should_require_password_on_signup
- assert_no_difference '<%= class_name %>.count' do
- create_<%= file_name %>(:password => nil)
- assert assigns(:<%= file_name %>).errors.on(:password)
- assert_response :success
- end
- end
-
- def test_should_require_password_confirmation_on_signup
- assert_no_difference '<%= class_name %>.count' do
- create_<%= file_name %>(:password_confirmation => nil)
- assert assigns(:<%= file_name %>).errors.on(:password_confirmation)
- assert_response :success
- end
- end
-
- def test_should_require_email_on_signup
- assert_no_difference '<%= class_name %>.count' do
- create_<%= file_name %>(:email => nil)
- assert assigns(:<%= file_name %>).errors.on(:email)
- assert_response :success
- end
- end
- <% if options[:stateful] %>
- def test_should_sign_up_user_in_pending_state
- create_<%= file_name %>
- assigns(:<%= file_name %>).reload
- assert assigns(:<%= file_name %>).pending?
- end<% end %>
-
- <% if options[:include_activation] %>
- def test_should_sign_up_user_with_activation_code
- create_<%= file_name %>
- assigns(:<%= file_name %>).reload
- assert_not_nil assigns(:<%= file_name %>).activation_code
- end
-
- def test_should_activate_user
- assert_nil <%= class_name %>.authenticate('aaron', 'test')
- get :activate, :activation_code => <%= table_name %>(:aaron).activation_code
- assert_redirected_to '/<%= controller_routing_path %>/new'
- assert_not_nil flash[:notice]
- assert_equal <%= table_name %>(:aaron), <%= class_name %>.authenticate('aaron', 'monkey')
- end
-
- def test_should_not_activate_user_without_key
- get :activate
- assert_nil flash[:notice]
- rescue ActionController::RoutingError
- # in the event your routes deny this, we'll just bow out gracefully.
- end
-
- def test_should_not_activate_user_with_blank_key
- get :activate, :activation_code => ''
- assert_nil flash[:notice]
- rescue ActionController::RoutingError
- # well played, sir
- end<% end %>
-
- protected
- def create_<%= file_name %>(options = {})
- post :create, :<%= file_name %> => { :login => 'quire', :email => 'quire@example.com',
- :password => 'quire69', :password_confirmation => 'quire69' }.merge(options)
- end
-end
+++ /dev/null
-require File.dirname(__FILE__) + '/../test_helper'
-
-class <%= class_name %>Test < ActiveSupport::TestCase
- # Be sure to include AuthenticatedTestHelper in test/test_helper.rb instead.
- # Then, you can remove it from this and the functional test.
- include AuthenticatedTestHelper
- fixtures :<%= table_name %>
-
- def test_should_create_<%= file_name %>
- assert_difference '<%= class_name %>.count' do
- <%= file_name %> = create_<%= file_name %>
- assert !<%= file_name %>.new_record?, "#{<%= file_name %>.errors.full_messages.to_sentence}"
- end
- end
-<% if options[:include_activation] %>
- def test_should_initialize_activation_code_upon_creation
- <%= file_name %> = create_<%= file_name %>
- <%= file_name %>.reload
- assert_not_nil <%= file_name %>.activation_code
- end
-<% end %><% if options[:stateful] %>
- def test_should_create_and_start_in_pending_state
- <%= file_name %> = create_<%= file_name %>
- <%= file_name %>.reload
- assert <%= file_name %>.pending?
- end
-
-<% end %>
- def test_should_require_login
- assert_no_difference '<%= class_name %>.count' do
- u = create_<%= file_name %>(:login => nil)
- assert u.errors.on(:login)
- end
- end
-
- def test_should_require_password
- assert_no_difference '<%= class_name %>.count' do
- u = create_<%= file_name %>(:password => nil)
- assert u.errors.on(:password)
- end
- end
-
- def test_should_require_password_confirmation
- assert_no_difference '<%= class_name %>.count' do
- u = create_<%= file_name %>(:password_confirmation => nil)
- assert u.errors.on(:password_confirmation)
- end
- end
-
- def test_should_require_email
- assert_no_difference '<%= class_name %>.count' do
- u = create_<%= file_name %>(:email => nil)
- assert u.errors.on(:email)
- end
- end
-
- def test_should_reset_password
- <%= table_name %>(:quentin).update_attributes(:password => 'new password', :password_confirmation => 'new password')
- assert_equal <%= table_name %>(:quentin), <%= class_name %>.authenticate('quentin', 'new password')
- end
-
- def test_should_not_rehash_password
- <%= table_name %>(:quentin).update_attributes(:login => 'quentin2')
- assert_equal <%= table_name %>(:quentin), <%= class_name %>.authenticate('quentin2', 'monkey')
- end
-
- def test_should_authenticate_<%= file_name %>
- assert_equal <%= table_name %>(:quentin), <%= class_name %>.authenticate('quentin', 'monkey')
- end
-
- def test_should_set_remember_token
- <%= table_name %>(:quentin).remember_me
- assert_not_nil <%= table_name %>(:quentin).remember_token
- assert_not_nil <%= table_name %>(:quentin).remember_token_expires_at
- end
-
- def test_should_unset_remember_token
- <%= table_name %>(:quentin).remember_me
- assert_not_nil <%= table_name %>(:quentin).remember_token
- <%= table_name %>(:quentin).forget_me
- assert_nil <%= table_name %>(:quentin).remember_token
- end
-
- def test_should_remember_me_for_one_week
- before = 1.week.from_now.utc
- <%= table_name %>(:quentin).remember_me_for 1.week
- after = 1.week.from_now.utc
- assert_not_nil <%= table_name %>(:quentin).remember_token
- assert_not_nil <%= table_name %>(:quentin).remember_token_expires_at
- assert <%= table_name %>(:quentin).remember_token_expires_at.between?(before, after)
- end
-
- def test_should_remember_me_until_one_week
- time = 1.week.from_now.utc
- <%= table_name %>(:quentin).remember_me_until time
- assert_not_nil <%= table_name %>(:quentin).remember_token
- assert_not_nil <%= table_name %>(:quentin).remember_token_expires_at
- assert_equal <%= table_name %>(:quentin).remember_token_expires_at, time
- end
-
- def test_should_remember_me_default_two_weeks
- before = 2.weeks.from_now.utc
- <%= table_name %>(:quentin).remember_me
- after = 2.weeks.from_now.utc
- assert_not_nil <%= table_name %>(:quentin).remember_token
- assert_not_nil <%= table_name %>(:quentin).remember_token_expires_at
- assert <%= table_name %>(:quentin).remember_token_expires_at.between?(before, after)
- end
-<% if options[:stateful] %>
- def test_should_register_passive_<%= file_name %>
- <%= file_name %> = create_<%= file_name %>(:password => nil, :password_confirmation => nil)
- assert <%= file_name %>.passive?
- <%= file_name %>.update_attributes(:password => 'new password', :password_confirmation => 'new password')
- <%= file_name %>.register!
- assert <%= file_name %>.pending?
- end
-
- def test_should_suspend_<%= file_name %>
- <%= table_name %>(:quentin).suspend!
- assert <%= table_name %>(:quentin).suspended?
- end
-
- def test_suspended_<%= file_name %>_should_not_authenticate
- <%= table_name %>(:quentin).suspend!
- assert_not_equal <%= table_name %>(:quentin), <%= class_name %>.authenticate('quentin', 'test')
- end
-
- def test_should_unsuspend_<%= file_name %>_to_active_state
- <%= table_name %>(:quentin).suspend!
- assert <%= table_name %>(:quentin).suspended?
- <%= table_name %>(:quentin).unsuspend!
- assert <%= table_name %>(:quentin).active?
- end
-
- def test_should_unsuspend_<%= file_name %>_with_nil_activation_code_and_activated_at_to_passive_state
- <%= table_name %>(:quentin).suspend!
- <%= class_name %>.update_all :activation_code => nil, :activated_at => nil
- assert <%= table_name %>(:quentin).suspended?
- <%= table_name %>(:quentin).reload.unsuspend!
- assert <%= table_name %>(:quentin).passive?
- end
-
- def test_should_unsuspend_<%= file_name %>_with_activation_code_and_nil_activated_at_to_pending_state
- <%= table_name %>(:quentin).suspend!
- <%= class_name %>.update_all :activation_code => 'foo-bar', :activated_at => nil
- assert <%= table_name %>(:quentin).suspended?
- <%= table_name %>(:quentin).reload.unsuspend!
- assert <%= table_name %>(:quentin).pending?
- end
-
- def test_should_delete_<%= file_name %>
- assert_nil <%= table_name %>(:quentin).deleted_at
- <%= table_name %>(:quentin).delete!
- assert_not_nil <%= table_name %>(:quentin).deleted_at
- assert <%= table_name %>(:quentin).deleted?
- end
-<% end %>
-protected
- def create_<%= file_name %>(options = {})
- record = <%= class_name %>.new({ :login => 'quire', :email => 'quire@example.com', :password => 'quire69', :password_confirmation => 'quire69' }.merge(options))
- record.<% if options[:stateful] %>register! if record.valid?<% else %>save<% end %>
- record
- end
-end
projects / sonarqube.git / commitdiff