TODO app/views/users/new.html.erb spec/requests/users_spec.rb @@ -5,16 +5,36 @@ class Users < Application @user = User.first(:login => id) raise NotFound unless @user @types = [ OpenID::OPENID_2_0_TYPE, OpenID::SREG_URI ] - headers['X-XRDS-Location'] = absolute_url(:user_xrds, {:id => @user.login}) + headers['X-XRDS-Location'] = absolute_url(:user, {:id => @user.login, :format => :xrds}) render :layout => false end - def signup - send_mail(SignupMailer, :notify_on_event, { - :from => 'root@example.com', - :to => "someoneelse@gmail.com", - :subject => "Welcome to the Flatirons OpenID Provider" - }) - redirect url(:login) + def new + render + end + + def create(login, email) + @user = User.create(:login => login, :email => email) + if @user.valid? + send_mail(SignupMailer, :notify_on_event, { + :from => 'root@example.com', + :to => @user.email, + :subject => "Welcome to the Flatirons OpenID Provider" + }) + redirect url(:login) + else + Merb.logger.info! @user.errors.inspect + render :new + end + end + + def update(id, user) + raise + end + + def destroy(id) + @user = User.first(:login => id) + @user.destroy + redirect(url(:new_user)) end end app/controllers/users.rb @@ -1,9 +1,7 @@ class SignupMailer < Merb::MailController def notify_on_event @host = 'http://example.org' - @user = session.user - # use params[] passed to this controller to get data - # read more at http://wiki.merbivore.com/pages/mailers + @user = User.first(:login => params[:login]) render_mail end end app/mailers/signup_mailer.rb @@ -3,7 +3,7 @@ Greetings, Someone claiming to be you requested an account on the OpenID provider at <%= @host %>. If you want to enable an account for this email address(<%= @user.email %>) then click -<a href="/lolerskates'>here</a> confirm +<a href="/users/signup/<%= @user.registration_token %>'>here</a> confirm <%= "#{@host}/#{@user.login}" %> as your OpenID url. __ app/mailers/views/signup_mailer/notify_on_event.text.erb @@ -1,20 +1,23 @@ -# This is a default user class used to activate merb-auth. Feel free to change from a User to -# Some other class, or to remove it altogether. If removed, merb-auth may not work by default. -# -# Don't forget that by default the salted_user mixin is used from merb-more -# You'll need to setup your db as per the salted_user mixin, and you'll need -# To use :password, and :password_confirmation when creating a user -# -# see merb/merb-auth/setup.rb to see how to disable the salted_user mixin -# -# You will need to setup your database and create a user. - class User include DataMapper::Resource property :id, Serial - property :login, String, :nullable => false, :unique => true, :unique_index => true - property :email, String, :nullable => false, :unique => true, :unique_index => true - - validates_format :email, :as => :email_address + property :login, String, :nullable => false, :unique => true, :unique_index => true + property :email, String, :nullable => false, :unique => true, :unique_index => true, :format => :email_address + property :registration_token, String, :nullable => true, :unique => true, :unique_index => true + + def password_required?; !new_record? end + + before :save, :set_defaults + def set_defaults + @registration_token = Digest::SHA1.hexdigest("#{email}#{Time.now.to_i}") + randpass = Digest::SHA1.hexdigest("#{email}#{Time.now.to_i}") + @password ||= randpass + @password_confirmation ||= randpass + true + end + + def registered? + registration_token.nil? + end end app/models/user.rb @@ -1,15 +1,8 @@ <%= error_messages_for session.authentication, :header => '<h2>Unable to login</h2>' %> -<form id="signup" action="<%= url(:perform_login) %>" method="POST" accept-charset="utf-8"> - <input type="hidden" name="_method" value="PUT" /> - <h1>Login</h1> - <label for='email'>Login - <input type='text' name="login" id='login' /> - </label> - - <label for='password'>Password - <input type="password" name="password" value="" id="password" /> - </label> - - <input type='submit' class='submit' value='Log in' /> -</form> +<%= form :action => url(:perform_login) do %> + <%= hidden_field :name => '_method', :value => 'PUT' %> + <%= text_field :name => "login", :id => 'login', :label => "Login" %> + <%= password_field :name => 'password', :id => 'password', :label => 'Password' %> + <%= submit "Log in" %> +<% end =%> app/views/exceptions/unauthenticated.html.erb @@ -10,4 +10,4 @@ <URI><%= absolute_url(:servers) %></URI> </Service> </XRD> -</xrds:XRDS> \ No newline at end of file +</xrds:XRDS> app/views/servers/_yadis.xrds.erb @@ -1,6 +1,6 @@ <html> <head> - <meta http-equiv="X-XRDS-Location" content="<%= absolute_url(:user_xrds, {:id => @user.login}) %>" /> + <meta http-equiv="X-XRDS-Location" content="<%= absolute_url(:user, {:id => @user.login, :format => :xrds}) %>" /> <link rel="openid.server" href="<%= absolute_url(:servers) %>" /> </head> <body> app/views/users/show.html.erb @@ -5,6 +5,7 @@ r.setup_requirements # Go to http://wiki.merbivore.com/pages/init-rb require 'pp' +require 'digest/sha1' use_orm :datamapper use_test :rspec config/init.rb @@ -29,7 +29,8 @@ Merb.logger.info("Compiling routes...") Merb::Router.prepare do # RESTful routes # resources :posts - + resources :users + # Adds the required routes for merb-auth using the password slice slice(:merb_auth_slice_password, :name_prefix => nil, :path_prefix => "") @@ -37,16 +38,7 @@ Merb::Router.prepare do match("/servers/xrds").to(:controller => 'servers', :action => :idp_page).name('xrds') match("/servers/acceptance").to(:controller => 'servers', :action => 'acceptance').name('acceptance') match("/servers/decision").to(:controller => 'servers', :action => 'decision').name('server_decision') - match("/users/signup").to(:controller => :users, :action => :signup).name('signup') - match("/users/:id").to(:controller => :users, :action => :show).name('user') - match("/users/:id/xrds").to(:controller => :users, :action => :show).name("user_xrds") - # This is the default route for /:controller/:action/:id - # This is fine for most cases. If you're heavily using resource-based - # routes, you may want to comment/remove this line to prevent - # clients from calling your create or destroy actions with a GET - # default_routes - # Change this for your home page to be available at / match('/').to(:controller => 'servers', :action => 'landing') end config/router.rb @@ -3,13 +3,27 @@ describe SignupMailer, "#notify_on_event email template" do clear_mail_deliveries end - describe "signup quentin up", :given => 'an authenticated user' do - it "includes welcome phrase in email text" do - response = request("/users/signup") + describe "arthur signing up for an account with valid info" do + it "welcomes arthur to our sight and provides a registration url" do + response = request("/users", :method => 'post', + :params => {:email => 'arthur@example.com', :login => 'arthur'}) response.should redirect_to('/login') - last_delivered_mail.text.should match(%r!http://example.org/quentin!) - last_delivered_mail.text.should match(%r!/lolerskates!) + last_delivered_mail.text.should match(%r!http://example.org/arthur!) + registration_url = "/users/signup/#{User.first(:login => 'arthur').registration_token}" + last_delivered_mail.text.should match(%r!#{registration_url}!) + end + end + describe "arthur signing up for an account with invalid info" do + it "welcomes arthur to our sight and provides a registration url" do + response = request("/users", :method => 'post', + :params => {:email => 'arthur.com', :login => 'arthur'}) + response.should be_successful + response.should have_selector("form[action='/users'][method='post']") + response.should have_selector("input#login[type='text'][name='login']") + response.should have_selector("input#email[type='text'][name='email']") + + last_delivered_mail.should be_nil end end end spec/mailers/signup_mailer_spec.rb @@ -1,10 +1,10 @@ describe User do - after(:each) { User.all.destroy! } describe "#create with valid params" do it "should be valid" do - user = User.first_or_create({ :login => 'atmos', :email => 'joe@atmoose.org'}, - {:password => 'foo', :password_confirmation => 'foo'}) + user = User.create(:login => 'arthur', :email => 'arthur@example.org') + user.save user.should be_valid + user.should_not be_registered end end -end \ No newline at end of file +end spec/models/user_spec.rb @@ -4,7 +4,7 @@ describe "Identity Discovery" do it "renders the user's identity page(/users/quentin)" do response = request("/users/quentin", {'HTTP_ACCEPT' => 'application/xrds+xml'}) response.should be_successful - response.headers["X-XRDS-Location"].should == "http://example.org/users/quentin/xrds" + response.headers["X-XRDS-Location"].should == "http://example.org/users/quentin.xrds" response.should have_xpath("//xrd/service[uri='http://example.org/servers']") response.should have_xpath("//xrd/service[type='http://specs.openid.net/auth/2.0/signon']") response.should have_xpath("//xrd/service[type='http://openid.net/sreg/1.0']") @@ -21,14 +21,23 @@ describe "Identity Discovery" do response = request("/users/quentin") response.should be_successful response.should have_selector("head link[rel='openid.server'][href='http://example.org/servers']") - response.should have_selector("head meta[http-equiv='X-XRDS-Location'][content='http://example.org/users/quentin/xrds']") + response.should have_selector("head meta[http-equiv='X-XRDS-Location'][content='http://example.org/users/quentin.xrds']") response.should have_selector("body p:contains('OpenID identity page for quentin')") - response.headers["X-XRDS-Location"].should == "http://example.org/users/quentin/xrds" + response.headers["X-XRDS-Location"].should == "http://example.org/users/quentin.xrds" end end - it "should handle routing for /users/quentin/xrds properly" do - request_to("/users/quentin/xrds", :get, {:http_accept => 'application/xrds+xml'}). + it "renders the user's identity page(/users/quentin.xrds)" do + response = request("/users/quentin.xrds", {'HTTP_ACCEPT' => 'application/xrds+xml'}) + response.should be_successful + response.headers["X-XRDS-Location"].should == "http://example.org/users/quentin.xrds" + response.should have_xpath("//xrd/service[uri='http://example.org/servers']") + response.should have_xpath("//xrd/service[type='http://specs.openid.net/auth/2.0/signon']") + response.should have_xpath("//xrd/service[type='http://openid.net/sreg/1.0']") + end + + it "should handle routing for /users/quentin.xrds properly" do + request_to("/users/quentin.xrds", :get, {:http_accept => 'application/xrds+xml'}). should route_to(Users, :show).with(:id => 'quentin') end end spec/requests/openid/identity_discovery_spec.rb @@ -50,7 +50,7 @@ module FlatironsLoginForm def matches?(target) target.status.should == 401 login_param = Merb::Plugins.config[:"merb-auth"][:login_param] - target.should have_selector("div.content form[action='/login'][method='POST']") + target.should have_selector("div.content form[action='/login'][method='post']") target.should have_selector("div.content form input[type='hidden'][name='_method'][value='PUT']") target.should have_selector("div.content form input##{login_param}[name='#{login_param}'][type='text']") target.should have_selector("div.content form input#password[name='password'][type='password']") @@ -74,13 +74,15 @@ Spec::Runner.configure do |config| config.include(FlatironsLoginForm) config.include(Flatirons::MailControllerTestHelper) config.mock_with(:rr) - + config.before(:each) do + User.all.destroy! + end def setup_user @user = User.create(:login => 'quentin', :email => 'quentin@example.com', :password => 'foo', :password_confirmation => 'foo') end def login_user - response = request "/login", :method => "PUT", :params => { :login => 'quentin', :password => 'foo' } + response = request url(:perform_login), :method => "PUT", :params => { :login => 'quentin', :password => 'foo' } response.should redirect_to("/") end spec/spec_helper.rb 8655610be55338bd60bcc36122ae2df9eac40bd1 Corey Donohoe atmos@atmos.org http://github.com/atmos/flatirons/commit/ebb47153db88268513564f2d80e0f79cf863de48 ebb47153db88268513564f2d80e0f79cf863de48 2008-12-01T20:31:40-08:00 2008-12-01T20:31:40-08:00 more work, shuffling things, users are resources instead of a serious of route matches, start adding restful stuff to handle user registration 37b63c702708e65ff420cab632b366caef989761 Corey Donohoe atmos@atmos.org