Merge pull request rubygems#350 from rubygems/update_clearance

Update clearance.

Gemfile

@@ -5,7 +5,7 @@ gem 'psych', :platforms => :ruby_19
 
 gem 'rails', '~> 3.0.10'
 
-gem 'clearance', '~> 0.9.1'
+gem 'clearance'
 gem 'fog'
 gem 'gchartrb', :require => 'google_chart'
 gem 'gravtastic'
@@ -32,6 +32,9 @@ end
 
 group :development, :test do
   gem 'silent-postgres'
+  gem 'guard'
+  gem 'guard-cucumber'
+  gem 'guard-bundler'
 end
 
 # These gems suck and do stupid things when in maintenance mode
@@ -41,6 +44,7 @@ group :development, :test, :staging, :production do
 end
 
 group :test do
+  gem 'capybara', '~> 1.1'
   gem 'cucumber-rails'
   gem 'database_cleaner'
   gem 'factory_girl_rails'

Gemfile.lock

@@ -40,8 +40,9 @@ GEM
       xpath (~> 0.1.4)
     childprocess (0.2.2)
       ffi (~> 1.0.6)
-    clearance (0.9.1)
-      rails (~> 3.0.0)
+    clearance (0.12.0)
+      diesel (~> 0.1.4)
+      rails (>= 3.0)
     coderay (0.9.8)
     crack (0.1.8)
     cucumber (1.0.6)
@@ -59,6 +60,8 @@ GEM
     delayed_job (2.1.4)
       activesupport (~> 3.0)
       daemons
+    diesel (0.1.5)
+      railties
     diff-lcs (1.1.3)
     erubis (2.6.6)
       abstract (>= 1.0.0)
@@ -83,6 +86,14 @@ GEM
     gherkin (2.4.18)
       json (>= 1.4.6)
     gravtastic (3.2.6)
+    guard (0.7.0)
+      thor (~> 0.14.6)
+    guard-bundler (0.1.3)
+      bundler (>= 1.0.0)
+      guard (>= 0.2.2)
+    guard-cucumber (0.6.3)
+      cucumber (>= 0.10)
+      guard (>= 0.4.0)
     high_voltage (1.0.1)
     hoptoad_notifier (2.4.11)
       activesupport
@@ -189,14 +200,18 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  clearance (~> 0.9.1)
+  capybara (~> 1.1)
+  clearance
   cucumber-rails
   database_cleaner
   delayed_job
   factory_girl_rails
   fog
   gchartrb
   gravtastic
+  guard
+  guard-bundler
+  guard-cucumber
   high_voltage
   hoptoad_notifier
   jruby-openssl

Guardfile

@@ -0,0 +1,14 @@
+# A sample Guardfile
+# More info at https://github.com/guard/guard#readme
+
+guard 'cucumber' do
+  watch(%r{^features/.+\.feature$})
+  watch(%r{^features/support/.+$})          { 'features' }
+  watch(%r{^features/step_definitions/(.+)_steps\.rb$}) { |m| Dir[File.join("**/#{m[1]}.feature")][0] || 'features' }
+end
+
+guard 'bundler' do
+  watch('Gemfile')
+  # Uncomment next line if Gemfile contain `gemspec' command
+  # watch(/^.+\.gemspec/)
+end

app/controllers/api/v1/api_keys_controller.rb

@@ -5,7 +5,7 @@ class Api::V1::ApiKeysController < Api::BaseController
   def show
     authenticate_or_request_with_http_basic do |username, password|
       @_current_user = User.authenticate(username, password)
-      if current_user && current_user.email_confirmed
+      if current_user
         respond_to do |format|
           format.any(:all) { render :text => current_user.api_key }
           format.json { render :json => {:rubygems_api_key => current_user.api_key} }

app/controllers/application_controller.rb

@@ -16,8 +16,6 @@ def authenticate_with_api_key
   def verify_authenticated_user
     if current_user.nil?
       render :text => t(:please_sign_up), :status => 401
-    elsif !current_user.email_confirmed
-      render :text => t(:please_confirm), :status => 403
     end
   end
 

app/controllers/sessions_controller.rb

@@ -8,19 +8,8 @@ def create
       flash_failure_after_create
       render :template => 'sessions/new', :status => :unauthorized
     else
-      if @user.email_confirmed? && !@user.email_reset
-        sign_in(@user)
-        flash_success_after_create
-        redirect_back_or(url_after_create)
-      else
-        if @user.email_reset
-          Mailer.email_reset(@user).deliver
-        else
-          ClearanceMailer.confirmation(@user).deliver
-        end
-        flash_notice_after_create
-        redirect_to(new_session_url)
-      end
+      sign_in(@user)
+      redirect_back_or(url_after_create)
     end
   end
 

app/models/rubyforger.rb

@@ -14,8 +14,7 @@ def transferable?(password)
   def self.transfer(email, password)
     if rubyforger = Rubyforger.find_by_email(email)
       if user = rubyforger.transferable?(password)
-        user.update_password(password, password)
-        user.confirm_email!
+        user.update_password(password)
         rubyforger.destroy
         user
       end

app/models/user.rb

@@ -3,8 +3,7 @@ class User < ActiveRecord::Base
   include Gravtastic
   is_gravtastic :default => "retro"
 
-  attr_accessible :bio, :email, :handle, :location, :password,
-                  :password_confirmation, :website
+  attr_accessible :bio, :email, :handle, :location, :password, :website
 
   has_many :rubygems, :through    => :ownerships,
                       :conditions => { 'ownerships.approved' => true }
@@ -18,14 +17,13 @@ class User < ActiveRecord::Base
 
   before_validation :regenerate_token, :if => :email_changed?, :on => :update
   before_create :generate_api_key
-  after_update :deliver_email_reset, :if => :email_reset
 
   validates_uniqueness_of :handle, :allow_nil => true
   validates_format_of :handle, :with => /\A[A-Za-z][A-Za-z_\-0-9]*\z/, :allow_nil => true
   validates_length_of :handle, :within => 3..15, :allow_nil => true
 
   def self.authenticate(who, password)
-    if user = Rubyforger.transfer(who, password) || find_by_email(who) || find_by_handle(who)
+    if user = Rubyforger.transfer(who, password) || find_by_email(who.downcase) || find_by_handle(who)
       user if user.authenticated?(password)
     end
   end
@@ -74,24 +72,13 @@ def to_yaml(*args)
   end
 
   def regenerate_token
-    self.email_reset = true
     generate_confirmation_token
   end
 
-  def deliver_email_reset
-    Mailer.email_reset(self).deliver
-  end
-
   def generate_api_key
     self.api_key = ActiveSupport::SecureRandom.hex(16)
   end
 
-  def confirm_email!
-    self.email_confirmed    = true
-    self.confirmation_token = self.email_reset = nil
-    save(:validate => false)
-  end
-
   def total_downloads_count
     rubygems.to_a.sum(&:downloads)
   end

app/views/clearance_mailer/confirmation.html.erb

@@ -1,14 +1,6 @@
 Welcome to RubyGems.org, the Ruby community's gem hosting service!
 
-To confirm your account, please follow this link:
-
-<%= new_user_confirmation_url(
-      :user_id => @user,
-      :token   => @user.confirmation_token,
-      :encode  => false) %>
-
 If you're having trouble getting set up, let us know at:
-
 http://help.rubygems.org
 
 Happy gem push'ing!

app/views/mailer/email_reset.erb

@@ -1,3 +0,0 @@
-You changed your email address on Gemcutter. Please visit this url to re-activate your account:
-
-<%= new_user_confirmation_url :user_id => @user, :token => @user.confirmation_token, :encode => false %>

app/views/passwords/edit.html.erb

@@ -8,10 +8,6 @@
     <%= form.label :password %>
     <%= form.password_field :password, :size => 25 %>
   </div>
-  <div class="password_field">
-    <%= form.label :password_confirmation %>
-    <%= form.password_field :password_confirmation, :size => 25 %>
-  </div>
   <div class="form_bottom">
     <%= form.submit t('.submit'), :disable_with => t('form_disable_with') %>
   </div>

app/views/passwords/new.html.erb

@@ -5,7 +5,7 @@
 <%= form_for :password, :url => passwords_path do |form| %>
   <div class="text_field">
     <%= form.label :email, t('activerecord.attributes.user.email') %>
-    <%= form.text_field :email, :size => '25' %>
+    <%= form.email_field :email, :size => '25' %>
   </div>
   <div class="submit_field">
     <%= form.submit t('.submit'), :disable_with => t('form_disable_with') %>

app/views/profiles/edit.html.erb

@@ -16,7 +16,7 @@
 
   <div class="text_field">
     <%= form.label :email %>
-    <%= form.text_field :email, :size => 25 %>
+    <%= form.email_field :email, :size => 25 %>
   </div>
 
   <div class="submit_field">

app/views/sessions/new.html.erb

@@ -8,7 +8,7 @@
 <%= form_for :session, :url => session_path do |form| %>
   <div class="text_field">
     <%= form.label :who, t('activerecord.attributes.session.who') %>
-    <%= form.text_field :who, :size => 25 %>
+    <%= form.email_field :who, :size => 25 %>
   </div>
   <div class="password_field">
     <%= form.label :password, t('activerecord.attributes.session.password') %>

app/views/users/_form.html.erb

@@ -1,7 +1,7 @@
 <%= form.error_messages %>
 <div class="text_field">
   <%= form.label :email %>
-  <%= form.text_field :email, :size => 25 %>
+  <%= form.email_field :email, :size => 25 %>
 </div>
 <div class="text_field">
   <%= form.label :handle %>
@@ -11,7 +11,3 @@
   <%= form.label :password %>
   <%= form.password_field :password, :size => 25 %>
 </div>
-<div class="password_field">
-  <%= form.label :password_confirmation %>
-  <%= form.password_field :password_confirmation, :size => 25 %>
-</div>

config/locales/en.yml

@@ -191,7 +191,6 @@ en:
         avatar: Avatar
         email: Email address
         handle: Handle
-        password_confirmation: Confirm password
         password: Password
       linkset:
         bugs: Bug Tracker URL

config/routes.rb

@@ -108,15 +108,11 @@
   # Clearance Overrides
 
   resource :session, :only => [:new, :create]
-  scope :path => 'users/:user_id' do
-    resource :confirmation, :only => [:new, :create], :as => :user_confirmation
-  end
 
   resources :passwords, :only => [:new, :create]
 
   resources :users do
     resource :password, :only => [:create, :edit, :update]
-    resource :confirmation, :only => [:new, :create]
   end
 
   ################################################################################

features/api_key_reset.feature

@@ -4,12 +4,12 @@ Feature: API key reset
   Should be able to reset it
 
   Scenario: User sees existing key on their profile page
-    Given I have signed in with "email@person.com/password"
+    Given I have signed in with "email@person.com"
     And I am on my edit profile page
     Then I should see my "API key"
 
   Scenario: User resets API key
-    Given I have signed in with "email@person.com/password"
+    Given I have signed in with "email@person.com"
     And I am on my edit profile page
     When I press "Reset my API key"
     Then I should see my new "API key"

features/clearance/visitor_resets_password.feature

@@ -0,0 +1,53 @@
+Feature: Password reset
+
+  In order to sign in even if I forgot my password
+  As a user
+  I want to reset my password
+
+  Scenario: User is not signed up
+    Given no user exists with an email of "email@example.com"
+    When I request password reset link to be sent to "email@example.com"
+    Then I should see "Unknown email"
+
+  Scenario: User is signed up and requests password reset
+    Given I signed up with "email@example.com"
+    When I request password reset link to be sent to "email@example.com"
+    Then I should see "instructions for changing your password"
+    And a password reset message should be sent to "email@example.com"
+
+  Scenario: User tries to reset his password with a blank password
+    Given I signed up with "email@example.com"
+    And I go to the password reset request page
+    Then I should see an email field
+    And I fill in "Email address" with "email@example.com"
+    And I press "Reset password"
+    When I follow the password reset link sent to "email@example.com"
+    And I update my password with ""
+    Then I should see "Password can't be blank."
+    And I should be signed out
+
+  Scenario: User is signed up and updates his password
+    Given I signed up with "email@example.com"
+    And I go to the password reset request page
+    And I fill in "Email address" with "email@example.com"
+    And I press "Reset password"
+    When I follow the password reset link sent to "email@example.com"
+    And I update my password with "newpassword"
+    Then I should be signed in
+    When I sign out
+    Then I should be signed out
+    When I go to the sign in page
+    And I fill in "Email" with "email@example.com"
+    And I fill in "Password" with "newpassword"
+    And I press "Sign in"
+    Then I should be signed in
+
+  Scenario: User who was created before Clearance was installed creates password for first time
+    Given a user "email@example.com" exists without a salt, remember token, or password
+    When I go to the password reset request page
+    And I fill in "Email address" with "email@example.com"
+    And I press "Reset password"
+    When I follow the password reset link sent to "email@example.com"
+    And I update my password with "newpassword"
+    Then I should be signed in
+