lib/clearance/lib/extensions/errors.rb lib/clearance/lib/extensions/rescue.rb @@ -26,7 +26,7 @@ In config/environments/test.rb: config.gem 'thoughtbot-factory_girl', :lib => 'factory_girl', :source => "http://gems.github.com", - :version => '>= 1.1.5' + :version => '>= 1.2.0' Then: README.textile @@ -13,7 +13,7 @@ namespace :test do end Cucumber::Rake::Task.new(:features) do |t| - t.cucumber_opts = "--format progress" + t.cucumber_opts = "--format pretty" t.feature_pattern = 'test/rails_root/features/*.feature' end end Rakefile @@ -1,4 +1,4 @@ -Fature: Password Reset +Feature: Password Reset In order to sign in even if he forgot his password A user Should be able to reset it @@ -30,3 +30,10 @@ Fature: Password Reset And I sign in as "email@person.com/newpassword" Then I should be signed in + Scenario: User requests password reset without token + Given a user exists with an email of "user@one.com" + When I try to change the password of "user@one.com" without token + Then I should be forbidden + + + generators/clearance_features/templates/features/password_reset.feature @@ -4,7 +4,13 @@ Then /^I should see error messages$/ do Then %{I should see "error(s)? prohibited"} end -# DB +# Database + +Factory.factories.each do |name, factory| + Given /^an? #{name} exists with an? (.*) of "([^"]*)"$/ do |attr, value| + Factory(name, attr.gsub(' ', '_') => value) + end +end Given /^there is no user with "(.*)"$/ do |email| assert_nil User.find_by_email(email) @@ -68,6 +74,16 @@ When /^I follow the password reset link sent to "(.*)"$/ do |email| visit edit_user_password_path(:user_id => user, :token => user.token) end +When /^I try to change the password of "(.*)" without token$/ do |email| + user = User.find_by_email(email) + visit edit_user_password_path(:user_id => user) +end + +Then /^I should be forbidden$/ do + assert_response :forbidden +end + + # Actions When /^I sign in( with "remember me")? as "(.*)\/(.*)"$/ do |remember, email, password| generators/clearance_features/templates/features/step_definitions/clearance_steps.rb @@ -10,7 +10,6 @@ module NavigationHelpers new_session_path when /the password reset request page/i new_password_path - # Add more page name => path mappings here generators/clearance_features/templates/features/support/paths.rb @@ -1,5 +1,5 @@ -class Forbidden < Exception; end - +require 'clearance/lib/extensions/errors' +require 'clearance/lib/extensions/rescue' require 'clearance/app/controllers/application_controller' require 'clearance/app/controllers/confirmations_controller' require 'clearance/app/controllers/passwords_controller' lib/clearance.rb @@ -7,8 +7,6 @@ module Clearance controller.send(:include, InstanceMethods) controller.class_eval do - rescue_from Forbidden, :with => :forbid - helper_method :current_user helper_method :signed_in? @@ -78,10 +76,6 @@ module Clearance flash[:failure] = flash_message if flash_message render :template => "/sessions/new", :status => :unauthorized end - - def forbid - render :nothing => true, :status => :forbidden - end end end lib/clearance/app/controllers/application_controller.rb @@ -35,15 +35,21 @@ module Clearance def forbid_confirmed_user user = User.find_by_id(params[:user_id]) - raise Forbidden if user && user.email_confirmed? + if user && user.email_confirmed? + raise ActionController::Forbidden, "confirmed user" + end end def forbid_missing_token - raise Forbidden if params[:token].blank? + if params[:token].blank? + raise ActionController::Forbidden, "missing token" + end end def forbid_non_existant_user - raise Forbidden unless User.find_by_id_and_token(params[:user_id], params[:token]) + unless User.find_by_id_and_token(params[:user_id], params[:token]) + raise ActionController::Forbidden, "non-existant user" + end end def url_after_create lib/clearance/app/controllers/confirmations_controller.rb @@ -52,11 +52,15 @@ module Clearance private def forbid_missing_token - raise Forbidden if params[:token].blank? + if params[:token].blank? + raise ActionController::Forbidden, "missing token" + end end def forbid_non_existant_user - raise Forbidden unless User.find_by_id_and_token(params[:user_id], params[:token]) + unless User.find_by_id_and_token(params[:user_id], params[:token]) + raise ActionController::Forbidden, "non-existant user" + end end def url_after_create lib/clearance/app/controllers/passwords_controller.rb @@ -27,42 +27,39 @@ module Clearance should_redirect_to_url_after_create end - context "on GET to #new with incorrect token" do + context "with an incorrect token" do setup do - bad_token = "bad token" - assert_not_equal bad_token, @user.token - get :new, :user_id => @user.to_param, :token => bad_token + @bad_token = "bad token" + assert_not_equal @bad_token, @user.token end - should_forbid + should_forbid "on GET to #new with incorrect token" do + get :new, :user_id => @user.to_param, :token => @bad_token + end end - context "on GET to #new with blank token" do - setup { get :new, :user_id => @user.to_param, :token => "" } - should_forbid + should_forbid "on GET to #new with blank token" do + get :new, :user_id => @user.to_param, :token => "" end - context "on GET to #new with no token" do - setup { get :new, :user_id => @user.to_param } - should_forbid + should_forbid "on GET to #new with no token" do + get :new, :user_id => @user.to_param end end context "a user with email confirmed" do setup { @user = Factory(:email_confirmed_user) } - context "on GET to #new with correct id" do - setup { get :new, :user_id => @user.to_param } - should_forbid + should_forbid "on GET to #new with correct id" do + get :new, :user_id => @user.to_param end end context "no users" do setup { assert_equal 0, User.count } - context "on GET to #new with nonexistent id and token" do - setup { get :new, :user_id => '123', :token => '123' } - should_forbid + should_forbid "on GET to #new with nonexistent id and token" do + get :new, :user_id => '123', :token => '123' end end lib/clearance/test/functional/confirmations_controller_test.rb @@ -90,14 +90,12 @@ module Clearance should_display_a_password_update_form end - context "on GET to #edit with correct id but blank token" do - setup { get :edit, :user_id => @user.to_param, :token => "" } - should_forbid + should_forbid "on GET to #edit with correct id but blank token" do + get :edit, :user_id => @user.to_param, :token => "" end - context "on GET to #edit with correct id but no token" do - setup { get :edit, :user_id => @user.to_param } - should_forbid + should_forbid "on GET to #edit with correct id but no token" do + get :edit, :user_id => @user.to_param end context "on PUT to #update with matching password and password confirmation" do @@ -158,30 +156,20 @@ module Clearance should_display_a_password_update_form end - context "on PUT to #update with id but no token" do - setup { put :update, :user_id => @user.to_param, :token => "" } - - should "not update password" do - assert_not_equal @encrypted_new_password, @user.encrypted_password - end - - should_forbid + should_forbid "on PUT to #update with id but no token" do + put :update, :user_id => @user.to_param, :token => "" end end - context "given two users" do + context "given two users and user one signs in" do setup do @user_one = Factory(:user) @user_two = Factory(:user) + sign_in_as @user_one end - context "when user one signs in" do - setup { sign_in_as @user_one } - - context "and tries to change user two's password" do - setup { get :edit, :user_id => @user_two.to_param } - should_forbid - end + should_forbid "when user one tries to change user two's password on GET with no token" do + get :edit, :user_id => @user_two.to_param end end end lib/clearance/test/functional/passwords_controller_test.rb @@ -55,9 +55,12 @@ module Clearance # HTTP FLUENCY - def should_forbid - should_respond_with :forbidden - should_render_nothing + def should_forbid(description, &block) + should "forbid #{description}" do + assert_raises ActionController::Forbidden do + instance_eval(&block) + end + end end # CONTEXTS shoulda_macros/clearance.rb @@ -23,11 +23,11 @@ config.action_mailer.delivery_method = :test HOST = "localhost" - config.gem 'thoughtbot-shoulda', - :lib => 'shoulda', - :source => "http://gems.github.com", - :version => '>= 2.9.1' - config.gem 'thoughtbot-factory_girl', - :lib => 'factory_girl', - :source => "http://gems.github.com", - :version => '>= 1.1.5' +config.gem 'thoughtbot-shoulda', + :lib => 'shoulda', + :source => "http://gems.github.com", + :version => '>= 2.9.1' +config.gem 'thoughtbot-factory_girl', + :lib => 'factory_girl', + :source => "http://gems.github.com", + :version => '>= 1.2.0' test/rails_root/config/environments/test.rb test/rails_root/vendor/gems/thoughtbot-factory_girl-1.1.5/.specification test/rails_root/vendor/gems/thoughtbot-factory_girl-1.1.5/CONTRIBUTION_GUIDELINES.rdoc test/rails_root/vendor/gems/thoughtbot-factory_girl-1.1.5/Changelog test/rails_root/vendor/gems/thoughtbot-factory_girl-1.1.5/LICENSE test/rails_root/vendor/gems/thoughtbot-factory_girl-1.1.5/README.textile test/rails_root/vendor/gems/thoughtbot-factory_girl-1.1.5/Rakefile test/rails_root/vendor/gems/thoughtbot-factory_girl-1.1.5/lib/factory_girl.rb test/rails_root/vendor/gems/thoughtbot-factory_girl-1.1.5/lib/factory_girl/aliases.rb test/rails_root/vendor/gems/thoughtbot-factory_girl-1.1.5/lib/factory_girl/attribute.rb test/rails_root/vendor/gems/thoughtbot-factory_girl-1.1.5/lib/factory_girl/attribute_proxy.rb test/rails_root/vendor/gems/thoughtbot-factory_girl-1.1.5/lib/factory_girl/factory.rb test/rails_root/vendor/gems/thoughtbot-factory_girl-1.1.5/lib/factory_girl/sequence.rb test/rails_root/vendor/gems/thoughtbot-factory_girl-1.1.5/test/aliases_test.rb test/rails_root/vendor/gems/thoughtbot-factory_girl-1.1.5/test/attribute_proxy_test.rb test/rails_root/vendor/gems/thoughtbot-factory_girl-1.1.5/test/attribute_test.rb test/rails_root/vendor/gems/thoughtbot-factory_girl-1.1.5/test/factory_test.rb test/rails_root/vendor/gems/thoughtbot-factory_girl-1.1.5/test/integration_test.rb test/rails_root/vendor/gems/thoughtbot-factory_girl-1.1.5/test/models.rb test/rails_root/vendor/gems/thoughtbot-factory_girl-1.1.5/test/sequence_test.rb test/rails_root/vendor/gems/thoughtbot-factory_girl-1.1.5/test/test_helper.rb 32cad8ef8c2c8949de120cf8b4dc65616d7c5d67 Dan Croak dcroak@thoughtbot.com http://github.com/thoughtbot/clearance/commit/7cf5b77d31b4dd0714421db7d1d605702eea1677 7cf5b77d31b4dd0714421db7d1d605702eea1677 2009-02-20T13:48:04-08:00 2009-02-20T13:48:04-08:00 raising actual ActionController::Forbidden error, test for the raise in functional tests. test for the response code in acceptance test. abc8596123097650b66732bec926295d7f4b242e Dan Croak dcroak@thoughtbot.com