I am trying to implement some tests to validate the behavior for Authlogic password resets as explained in http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic/
I am using Authlogic, Shoulda, Webrat and Factory Girl and here's my test:
require 'test_helper'
class PasswordResetTest < ActionController::IntegrationTest
setup :activate_authlogic
context "A registered user" do
setup do
#reggie = Factory(:reggie)
end
should "not allow logged in users to change password" do
visit signin_path
fill_in 'Email', :with => #reggie.email
fill_in 'Password', :with => #reggie.password
click_button 'Sign In'
assert_equal controller.session['user_credentials'], #reggie.persistence_token
visit change_password_path
assert_equal account_path, path
assert_match /must be logged out/, flash[:notice]
visit signout_path
assert_equal controller.session['user_credentials'], nil
visit change_password_path
assert_equal change_password_path, path
end
should "allow logged out users to change password" do
visit signout_path
assert_equal controller.session['user_credentials'], nil
visit change_password_path
assert_template :new
fill_in 'email', :with => #reggie.email
click_button 'Reset my password'
assert_match /Please check your email/, flash[:notice]
assert !ActionMailer::Base.deliveries.empty?
sent = ActionMailer::Base.deliveries.first
assert_equal [#reggie.email], sent.to
assert_match /Password Reset Instructions/, sent.subject
assert_not_nil #reggie.perishable_token
#TODO
p "Perishable Token #{#reggie.perishable_token}"
assert_match assigns[:edit_password_reset_url], sent.body
end
end
end
In the last 2 lines of the test, I am trying to make sure the link sent out has the right perishable_token and it always comes up different between the printed Perishable Token and the token in the link sent out.
How should I test this behavior?
Thanks, Siva
Careful. Authlogic is magic. Certain operations cause the User object to mutate and when it does, the perishable_token well, perishes (gets regenerated).
I wonder if your visit signout_path is really logging you out. Typically, if your UserSession is RESTful you'd have to issue an HTTP DELETE to the resource to actually delete the session. Just visiting the path (with a GET) won't delete the session unless you have an explicit route for it (mapping e.g. '/logout' to :controller => 'user_sessions', :action => 'destroy')
Change the line in notifier.rb to this:
body :edit_password_resets_url => edit_password_resets_url(user.perishable_token)
Related
How to inclues password after login with social network with laravel socialite? (sorry for bad english)
Com criar/incluir senha fazendo login a partir de uma rede social com o laravel socialite?
code on my LoginController
public function handleProviderCallback($provider)
{
$user = Socialite::driver($provider)->stateless()->user();
$authUser = $this->findOrCreateUser($user, $provider);
Auth::login($authUser, true);
return redirect($this->redirectTo);
//return $user->token;
//dd($userSocial);
}
public function findOrCreateUser($user, $provider)
{
$authUser = User::where('provider_id', $user->id)->first();
if ($authUser){
return $authUser;
}
return User::create([
'name' => $user->name,
'email' => $user->email,
'provider' => strToUpper($provider),
'provider_id' => $user->id
]);
}
In the socialite flow, a user will never need a password
You can set password to nullable() in the users migration file.
In 'Account Settings' a user can set a password, leaving the current password empty
Once the password is set, a socialite user can login via both social media or direct
I did two different implementations :
Generate a random password, save it with user object and send you
user an email with the auto generated password.
Create a middleware to check if password is NULL or not set and
redirect user to a form to enter password.
The objective of using the socialite authentification is that the user won't need a password.
BUT if somehow the user want to have a password, like i had earlier in one of my projects, he can easily click on forget password and he will receive a link via email to reset new password
My registration page URL like: www.exmpl.com/index.php?route=account/register when I submit after filled all fields then it redirect me to login page but I want to redirect it to thank you page.How can I do this?
This function (in /catalog/controller/account/register.php) is responsible for redirection ($this->response->redirect($this->url->link('account/success'));, to be more precise). Just need to check which page is "thank you" page (I'm not sure right now).
if (($this->request->server['REQUEST_METHOD'] == 'POST') && $this->validate()) {
$customer_id = $this->model_account_customer->addCustomer($this->request->post);
// Clear any previous login attempts for unregistered accounts.
$this->model_account_customer->deleteLoginAttempts($this->request->post['email']);
$this->customer->login($this->request->post['email'], $this->request->post['password']);
unset($this->session->data['guest']);
// Add to activity log
$this->load->model('account/activity');
$activity_data = array(
'customer_id' => $customer_id,
'name' => $this->request->post['firstname'] . ' ' . $this->request->post['lastname']
);
$this->model_account_activity->addActivity('register', $activity_data);
$this->response->redirect($this->url->link('account/success'));
}
I have the following:
collection_action :new, :method => :post do
begin
user = User.find_by_email(params[:email])
if user
UserPermission.create(:user_id => user.id,
:permission => UserPermission::SUPPORT,
:creator => current_user)
end
rescue ActiveRecord::RecordNotFound
flash[:warn] = 'User not found'
end
redirect_to admin_support_users_path, notice: 'Support user added.'
end
form do |f|
f.inputs do
f.input :email
end
end
action_item only: [:index], :method => :post do
link_to 'Add Support User', new_admin_support_user_path
end
The above works in the sense that no error is thrown. The support users page loads and I'm able to click the Add Support User button. However, 'Support user added.' is immediately shown. The Add Support User button does not take me to a form to enter an email. How do I add/create/use a form that passes an email parameter to my collection_action?
I'm new to activeadmin and documentation is sparse, so any help is appreciated. Thanks.
Figured it out. I'll try to explain as I understand it. And my initial question may have been unclear. The reason I was getting the, 'Support user added.' message is because I was updating the wrong method. The method above should have been the :create controller method, not the :new controller method. :new uses HTTP GET, which is why it would go directly to the redirect. :create accepts an HTTP POST. So, instead, I have the following:
def create
begin
user = User.find_by_email(params[:email])
if user
UserPermission.create(:user_id => user.id,
:permission => UserPermission::SUPPORT,
:creator => current_user)
end
rescue ActiveRecord::RecordNotFound
flash[:warn] = 'User not found'
end
redirect_to admin_support_users_path, notice: 'Support user added.'
end
def new
render 'new.html.arb', :layout => 'active_admin'
end
And this correctly creates a nice looking active admin form, accepting an email parameter.
You just need to add another action--just like a normal resource needs separate actions for create and new. Your 'new' action can render a custom form either inline or in a separate partial, as shown here:
http://www.activeadmin.info/docs/5-forms.html
That said, I'm not sure I understand why you need a custom action. Is this in your User resource file in active admin? If so you can just use the default new user action and include the current user in the form as a hidden variable as the creator. If this is not in your User resource active admin file then you probably need one.
I have this code for an email settings form that the user will input the email address, password, etc.
$form['mail_settings']['user_pass'] = array(
'#type' => 'password_confirm',
'#description' => t('your password')
);
$form['mail_settings']['user_signature'] = array(
'#type' => 'textfield'
'#description' => t('custm signature')
);
What I wanted to achieve is to have the user be able to change his signature anytime without having to re-enter his password all over again.
What's happening right now is that every time I load this settings page there's a default value for the password and blank for the password confirmation.
So, if the user forgets to input his password again, the form displays an error. Or rather the it will create a validation error.
What should be done here?
Came up with a different solution. It turned out that my browser's password chain (saved passwords) is responsible for adding the default value in the password field.
The solution was just, if password field is empty: update password using the old one; else if not empty update password with the new one.
Im still trying to figure out rspec and right now I am using authlogic to handle my users and sessions. I did the usual authlogic stuff like adding the def current_user method to applciation controller, and as a helper method, but how do I access that in my rspec controller file?
Here is my user_sessions_controller_spec.rb:
require 'spec_helper'
require 'authlogic'
describe UserSessionsController do
context "user is already logged in" do
before(:each) do
include Authlogic::TestCase
activate_authlogic
UserSession.create Factory.build(:user)
end
it "should redirect the user to the home page" do
get 'new'
response.should redirect_to(home_path)
end
end
describe "#create" do
context "when the user is not logged in" do
before(:each) do
current_user = nil
end
it "correct authorization should create a new session" do
post 'create', {:login => "afactoryuser", :password => "apass", :password_confirmation => "apass"}
current_user.should_not be_nil
end
end
end
end
when i run rspec it just tells me:
correct authorization should create a new session
undefined local variable or method `current_user' for #<RSpec::Core::ExampleGroup::Nested_1::Nested_2::Nested_1:0x000001017d3410>
so im guessing it is in the rspec context...but how do i know it should be in user-sessions_controller? And am I even testing it correctly?
Insted of current_user in your RSpec, try controller.current_user
If you want to stub current_user method use: controller.stub!(:current_user).and_return(whatever) in before :each
block, but then you will always get whatever if you stub it.