forked from technoweenie/restful-authentication
/
sessions_controller_spec.rb
139 lines (130 loc) · 7.17 KB
/
sessions_controller_spec.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
require File.dirname(__FILE__) + '/../spec_helper'
# Be sure to include AuthenticatedTestHelper in spec/spec_helper.rb instead
# Then, you can remove it from this and the units test.
include AuthenticatedTestHelper
describe <%= controller_class_name %>Controller do
fixtures :<%= table_name %>
before do
@<%= file_name %> = mock_<%= file_name %>
@login_params = { :login => 'quentin', :password => 'test' }
<%= class_name %>.stub!(:authenticate).with(@login_params[:login], @login_params[:password]).and_return(@<%= file_name %>)
end
def do_create
post :create, @login_params
end
describe "on successful login," do
[ [:nil, nil, nil],
[:expired, 'valid_token', 15.minutes.ago],
[:different, 'i_haxxor_joo', 15.minutes.from_now],
[:valid, 'valid_token', 15.minutes.from_now]
].each do |has_request_token, token_value, token_expiry|
[ true, false ].each do |want_remember_me|
describe "my request cookie token is #{has_request_token.to_s}," do
describe "and ask #{want_remember_me ? 'to' : 'not to'} be remembered" do
before do
@ccookies = mock('cookies')
controller.stub!(:cookies).and_return(@ccookies)
@ccookies.stub!(:[]).with(:auth_token).and_return(token_value)
@ccookies.stub!(:delete).with(:auth_token)
@ccookies.stub!(:[]=)
@<%= file_name %>.stub!(:remember_me)
@<%= file_name %>.stub!(:refresh_token)
@<%= file_name %>.stub!(:forget_me)
@<%= file_name %>.stub!(:remember_token).and_return(token_value)
@<%= file_name %>.stub!(:remember_token_expires_at).and_return(token_expiry)
@<%= file_name %>.stub!(:remember_token?).and_return(has_request_token == :valid)
if want_remember_me
@login_params[:remember_me] = '1'
else
@login_params[:remember_me] = '0'
end
end
it "kills existing login" do controller.should_receive(:logout_keeping_session!); do_create; end
it "authorizes me" do do_create; controller.authorized?().should be_true; end
it "logs me in" do do_create; controller.logged_in?().should be_true end
it "greets me nicely" do do_create; response.flash[:notice].should =~ /success/i end
it "sets/resets/expires cookie" do controller.should_receive(:handle_remember_cookie!).with(want_remember_me); do_create end
it "sends a cookie" do controller.should_receive(:send_remember_cookie!); do_create end
it 'redirects to the home page' do do_create; response.should redirect_to('/') end
it "does not reset my session" do controller.should_not_receive(:reset_session).and_return nil; do_create end # change if you uncomment the reset_session path
if (has_request_token == :valid)
it 'does not make new token' do @<%= file_name %>.should_not_receive(:remember_me); do_create end
it 'does refresh token' do @<%= file_name %>.should_receive(:refresh_token); do_create end
it "sets an auth cookie" do do_create; end
else
if want_remember_me
it 'makes a new token' do @<%= file_name %>.should_receive(:remember_me); do_create end
it "does not refresh token" do @<%= file_name %>.should_not_receive(:refresh_token); do_create end
it "sets an auth cookie" do do_create; end
else
it 'does not make new token' do @<%= file_name %>.should_not_receive(:remember_me); do_create end
it 'does not refresh token' do @<%= file_name %>.should_not_receive(:refresh_token); do_create end
it 'kills user token' do @<%= file_name %>.should_receive(:forget_me); do_create end
end
end
end # inner describe
end
end
end
end
describe "on failed login" do
before do
<%= class_name %>.should_receive(:authenticate).with(anything(), anything()).and_return(nil)
login_as :quentin
end
it 'logs out keeping session' do controller.should_receive(:logout_keeping_session!); do_create end
it 'flashes an error' do do_create; flash[:error].should =~ /Couldn't log you in as 'quentin'/ end
it 'renders the log in page' do do_create; response.should render_template('new') end
it "doesn't log me in" do do_create; controller.logged_in?().should == false end
it "doesn't send password back" do
@login_params[:password] = 'FROBNOZZ'
do_create
response.should_not have_text(/FROBNOZZ/i)
end
end
describe "on signout" do
def do_destroy
get :destroy
end
before do
login_as :quentin
end
it 'logs me out' do controller.should_receive(:logout_killing_session!); do_destroy end
it 'redirects me to the home page' do do_destroy; response.should be_redirect end
end
end
describe <%= controller_class_name %>Controller do
describe "route generation" do
it "should route {:controller => '<%= controller_file_path %>', :action => 'new'} to /login" do
route_for(:controller => '<%= controller_file_path %>', :action => 'new').should == "/login"
end
it "should route {:controller => '<%= controller_file_path %>', :action => 'create'} to /<%= controller_file_path %>" do
route_for(:controller => '<%= controller_file_path %>', :action => 'create').should == "/<%= controller_file_path %>"
end
it "should route {:controller => '<%= controller_file_path %>', :action => 'destroy'} to /logout" do
route_for(:controller => '<%= controller_file_path %>', :action => 'destroy').should == "/logout"
end
end
describe "route recognition" do
it "should generate params {:controller => '<%= controller_file_path %>', :action => 'new'} from GET /login" do
params_from(:get, '/login').should == {:controller => '<%= controller_file_path %>', :action => 'new'}
end
it "should generate params {:controller => '<%= controller_file_path %>', :action => 'create'} from POST /<%= controller_file_path %>" do
params_from(:post, '/<%= controller_file_path %>').should == {:controller => '<%= controller_file_path %>', :action => 'create'}
end
it "should generate params {:controller => '<%= controller_file_path %>', :action => 'destroy'} from DELETE /<%= controller_file_path %>" do
params_from(:delete, '/logout').should == {:controller => '<%= controller_file_path %>', :action => 'destroy'}
end
end
describe "named routing" do
before(:each) do
get :new
end
it "should route <%= table_name %>_path() to /<%= controller_file_path %>" do
<%= controller_file_name %>_path().should == "/<%= controller_file_path %>"
end
it "should route new_<%= table_name.singularize %>_path() to /<%= controller_file_path %>/new" do
new_<%= controller_table_name.singularize %>_path().should == "/<%= controller_file_path %>/new"
end
end
end