a bunch of cleanups suggested by dkubb

atmos · Nov 1, 2008 · d5a2a77 · d5a2a77
1 parent 9615156
commit d5a2a77
Show file tree

Hide file tree

Showing 5 changed files with 77 additions and 40 deletions.
diff --git a/app/controllers/application.rb b/app/controllers/application.rb
@@ -1,7 +1,7 @@
 require 'pp'
 class Application < Merb::Controller
   # before :session_dump
-  before :ensure_authenticated
+  # before :ensure_authenticated
 
   # def session_dump
   #   pp session

diff --git a/app/controllers/authentication.rb b/app/controllers/authentication.rb
@@ -1,17 +1,33 @@
 class Authentication < Merb::Controller
-  before :ensure_authenticated, :exclude => [:signup]
+  before :ensure_authenticated, :only => [:login]
+  before :ensure_openid_url,    :only => [:register]
 
-  def index
-    redirect '/'
+  def login
+    redirect(url(:user, session.user.id))
   end
 
-  def signup
-    return redirect(url(:login)) if session['openid.url'].nil?
-
-    session.user = User.first_or_create({:identity_url => session['openid.url']},
-                                {:email => session['openid.email'], :name => session['openid.nickname']})
+  def register
+    attributes = {
+      :name         => session['openid.nickname'],
+      :email        => session['openid.email'],
+      :identity_url => session['openid.url'],
+    }
 
-    session.user.save
-    session.user.valid? ? redirect(url(:users)) : redirect(url(:login))
+    user = Merb::Authentication.user_class.first_or_create(
+      attributes.only(:identity_url),
+      attributes.only(:name, :email)
+    )
+
+    if user.update_attributes(attributes)
+      session.user = user
+      login
+    else
+      redirect(url(:login))
+    end
+  end
+  private
+
+  def ensure_openid_url
+    throw :halt, redirect(url(:login)) if session['openid.url'].nil?
   end
 end
diff --git a/app/views/exceptions/unauthenticated.html.erb b/app/views/exceptions/unauthenticated.html.erb
@@ -1,5 +1,5 @@
 <h3>Please Choose an OpenID Provider</h3>
-<form method="POST" action="/openid">
+<form method="POST" action="/openid/login">
   <input type="text" name="openid_url" >
   <!-- optional hidden value used in requesting unprotected OpenID login page scenario -->
   <input type="hidden" name="postLoginTargetURI" value="/users"><br /><br />

diff --git a/config/router.rb b/config/router.rb
@@ -34,8 +34,8 @@
   # Adds the required routes for merb-auth using the password slice
   slice(:merb_auth_slice_password, :name_prefix => nil, :path_prefix => "")
 
-  match("/openid").to(:controller => :authentication, :action => :index).name(:openid)
-  match("/signup").to(:controller => :authentication, :action => :signup).name(:signup)
+  match("/openid/login").to(:controller => :authentication, :action => :login).name(:openid)
+  match("/openid/register").to(:controller => :authentication, :action => :register).name(:signup)
 
   # This is the default route for /:controller/:action/:id
   # This is fine for most cases.  If you're heavily using resource-based

diff --git a/spec/requests/authentication_spec.rb b/spec/requests/authentication_spec.rb
@@ -8,30 +8,51 @@
     User.create(@user_params)
   end
 
-  describe "#index" do
-    before(:each) do
-      @response = request(url(:openid), :method => 'GET')
-      # params = { 
-      #   "openid.sreg.nickname"=>"atmos", "openid.claimed_id"=>"http://atmos.aol.com/", 
-      #   "openid.mode"=>"id_res", "openid.ns.sreg"=>"http://openid.net/extensions/sreg/1.1", 
-      #   "openid.return_to"=>"http://localhost:4000/openid", 
-      #   "openid.sig"=>"QMAWNSbl(*^hj8jBnohvBNpmlun8=", 
-      #   "openid.ns"=>"http://specs.openid.net/auth/2.0", 
-      #   "openid.op_endpoint"=>"http://www.myopenid.com/server", 
-      #   "action"=>:index, 
-      #   "openid.response_nonce"=>"2008-10-30T02:22:12ZYF4XhB", 
-      #   "controller"=>"open_i_d_auth", 
-      #   "openid.sreg.email"=>"atmos@atmos.org", 
-      #   "openid.identity"=>"http://atmos.myopenid.com/", 
-      #   "openid.assoc_handle"=>"{HMAC-SHA1}{490a92nf5}{f/9pww==}", 
-      #   "openid.signed"=>"assoc_handle,claimed_id,identity,mode,ns,ns.sreg,op_endpoint,response_nonce,return_to,signed,sreg.email,sreg.nickname"
-      # }
+  describe "#login" do
+    # params = { 
+    #   "openid.sreg.nickname"=>"atmos", "openid.claimed_id"=>"http://atmos.aol.com/", 
+    #   "openid.mode"=>"id_res", "openid.ns.sreg"=>"http://openid.net/extensions/sreg/1.1", 
+    #   "openid.return_to"=>"http://localhost:4000/openid", 
+    #   "openid.sig"=>"QMAWNSbl(*^hj8jBnohvBNpmlun8=", 
+    #   "openid.ns"=>"http://specs.openid.net/auth/2.0", 
+    #   "openid.op_endpoint"=>"http://www.myopenid.com/server", 
+    #   "action"=>:index, 
+    #   "openid.response_nonce"=>"2008-10-30T02:22:12ZYF4XhB", 
+    #   "controller"=>"open_i_d_auth", 
+    #   "openid.sreg.email"=>"atmos@atmos.org", 
+    #   "openid.identity"=>"http://atmos.myopenid.com/", 
+    #   "openid.assoc_handle"=>"{HMAC-SHA1}{490a92nf5}{f/9pww==}", 
+    #   "openid.signed"=>"assoc_handle,claimed_id,identity,mode,ns,ns.sreg,op_endpoint,response_nonce,return_to,signed,sreg.email,sreg.nickname"
+    # }
+
+    describe "a session without a valid user" do
+      before(:each) do
+        @response = request(url(:openid), :method => 'GET')
+      end
+      it "should return http redirect" do
+        @response.status.should == 302
+      end
+      it "should redirect somewhere" do
+        @response.should have_xpath("//a[@href='/login']")
+      end
     end
-    it "should return unauthenticated" do
-      @response.status.should == 401
+
+    describe "a session with a valid user" do
+      before(:each) do
+        @response = @response = dispatch_to(Authentication, :login) do |controller|
+          stub(controller.session).[](:user) { User.first.id }
+        end
+      end
+      it "should return http redirect" do
+        @response.status.should == 302
+      end
+      it "should redirect somewhere" do
+        @response.should have_xpath("//a[@href='/users/#{@response.session.user.id}']")
+      end
     end
+
   end
-  describe "#signup" do
+  describe "#register" do
     describe "a user with no session data" do
       before(:each) do
         @response = request(url(:signup), :method => 'GET')
@@ -45,8 +66,8 @@
     end
     describe "valid user data returned" do
       before(:each) do
-        @response = dispatch_to(Authentication, :signup) do |controller|
-          mock(controller.session).[](:user).times(3) { User.first.id }
+        @response = dispatch_to(Authentication, :register) do |controller|
+          stub(controller.session).[](:user) { User.first.id }
           mock(controller.session).[]('openid.url').twice { 'http://ceel0.myopenidizzle.com' }
           mock(controller.session).[]('openid.email') { 'gangsters@ceelo.com' }
           mock(controller.session).[]('openid.nickname') { 'ceelo' }
@@ -56,14 +77,14 @@
         @response.status.should == 302
       end
       it "should redirect to the user listing" do
-        @response.body.should have_xpath("//a[@href='/users']")
+        @response.body.should have_xpath("//a[@href='/users/#{@response.session.user.id}']")
       end
     end
 
     describe "invalid user data returned" do
       before(:each) do
-        @response = dispatch_to(Authentication, :signup) do |controller|
-          mock(controller.session).[](:user).times(3) { User.first.id }
+        @response = dispatch_to(Authentication, :register) do |controller|
+          # mock(controller.session).[](:user).times(3) { User.first.id }
           mock(controller.session).[]('openid.url').twice { 'http://ceel0.myopenidizzle.com' }
           mock(controller.session).[]('openid.email') { 'gangsters@ceelo.com' }
           mock(controller.session).[]('openid.nickname') { 'atmos' }