update authentication system to Devise

spec/controllers/registrations_controller_spec.rb

@@ -0,0 +1,24 @@
+require 'spec_helper'
+
+describe RegistrationsController do
+
+  describe "new account" do
+    render_views
+
+    it "should create a new user if user parameters are complete" do
+      @request.env["devise.mapping"] = Devise.mappings[:user]
+      post :create, :user => {"login"=>"xxx", "email"=>"xxx@insomnia-consulting.org", "time_zone"=>"Eastern Time (US & Canada)", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}
+      response.code.should == "302"
+      response.should redirect_to(channels_path)
+    end
+
+    it "should have a valid api_key" do
+      @request.env["devise.mapping"] = Devise.mappings[:user]
+      post :create, :user => {"login"=>"xxx", "email"=>"xxx@insomnia-consulting.org", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}
+      assigns[:user].api_key.length.should eq(16)
+    end
+
+  end
+
+end
+

spec/controllers/user_sessions_controller_spec.rb

@@ -1,44 +0,0 @@
-# -*- coding: utf-8 -*-
-require 'spec_helper'
-
-describe UserSessionsController do
-  before :each do
-    @user = FactoryGirl.create(:user)
-    activate_authlogic
-    @user_session = UserSession.create(@user)
-    controller.stub(:current_user).and_return(@user)
-    controller.stub(:current_user_session).and_return(@user_session)
-  end
-  
-  describe "for logged in user" do
-    it "should logout the user" do
-      get 'destroy'
-      response.should redirect_to(root_path)
-    end
-  end
-end
-
-describe UserSessionsController do
-   before :each do
-     @user = FactoryGirl.create(:user)
-     activate_authlogic
-#     @user_session = UserSession.create(@user)
-#     controller.stub(:current_user).and_return(@user)
-#     controller.stub(:current_user_session).and_return(@user_session)
-   end
-   it "should allow a new user to login" do
-     get 'new'
-     response.should be_success
-    response.should render_template('new')
-   end  
-
-  it "should create user session" do
-    post 'create' , {:userlogin => "", :user_session=>{"remember_me"=>"false", "login"=>@user.login, "password"=>"foobar", "remember_id"=>"1"}, "commit" => "Sign In"}
-    user_session = UserSession.find
-    user_session.should_not be_nil
-    user_session.user.should == @user
-    response.should redirect_to ('/channels')
-    
-  end
-
-end

spec/controllers/users_controller_spec.rb

@@ -3,20 +3,8 @@ require 'spec_helper'
 describe UsersController do
   before :each do
     @user = FactoryGirl.create(:user)
-    # controller.stub(:current_user).and_return(@user)
-    # controller.stub(:current_user_session).and_return(true)
-    # @channel = FactoryGirl.create(:channel)
   end
 
-  # create a valid authlogic session
-  #def create_valid_session
-  #  activate_authlogic
-  #  UserSession.create(@user, true) #create an authlogic session
-  #end
-
-  # get the curent_user
-  #def current_user; @current_user ||= @user; end
-
   describe "api" do
     render_views
 
@@ -34,46 +22,42 @@ describe UsersController do
       get :profile, :glob => @user.login, :format => 'json', :key => @user.api_key
       JSON.parse(response.body)['email'].should eq(@user.email)
     end
-
   end
 
-  #describe "existing account" do
-    #render_views
-
-    #it "has a current_user" do
-    #  create_valid_session
-    #  current_user.should_not be_false
-    #end
-
-    #it "generates a new api_key" do
-    #  create_valid_session
-    #  old_key = @user.set_new_api_key!
-    #  post :new_api_key
-    #  response.should be_successful
-    #  assigns[:user].api_key.should != old_key
-    #end
-  #end
-
-  describe "new account" do
-    render_views
-
-    it "assigns new user" do
-      get :new
-      response.should be_successful
-      response.should have_selector("#user_submit")
-      assigns[:user].should_not be_nil
-    end
-    it "should create a new user if user parameters are complete" do
-      post :create, :user => {"login"=>"xxx", "email"=>"xxx@insomnia-consulting.org", "time_zone"=>"Eastern Time (US & Canada)", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}
-      response.code.should == "302"
-      response.should redirect_to(channels_path)
+  describe "login via api" do
+    it "should return a token" do
+      post :api_login, :login => @user.login, :password => @user.password
+      @user.reload
+      response.body.should eq(@user.authentication_token)
     end
 
-    it "should have a valid api_key" do
-      post :create, :user => {"login"=>"xxx", "email"=>"xxx@insomnia-consulting.org", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}
-      assigns[:user].api_key.length.should eq(16)
+    it "returns JSON" do
+      post :api_login, :login => @user.login, :password => @user.password, :format => 'json'
+      @user.reload
+      JSON.parse(response.body)['login'].should eq(@user.login)
+      JSON.parse(response.body)['authentication_token'].should eq(@user.authentication_token)
     end
 
+    it "returns XML" do
+      post :api_login, :login => @user.login, :password => @user.password, :format => 'xml'
+      @user.reload
+      Nokogiri::XML(response.body).css('login').text.should eq(@user.login)
+      Nokogiri::XML(response.body).css('authentication-token').text.should eq(@user.authentication_token)
+    end
+  end
+
+  describe "authentication via api" do
+    it "should not allow authentication via incorrect token" do
+      # attempt to get private profile info
+      get :profile, :glob => @user.login, :format => 'json', :login => @user.login, :token => 'bad token'
+      JSON.parse(response.body)['email'].should eq(nil)
+    end
+
+    it "should allow authentication via correct token" do
+      # attempt to get private profile info
+      get :profile, :glob => @user.login, :format => 'json', :login => @user.login, :token => @user.authentication_token
+      JSON.parse(response.body)['email'].should eq(@user.email)
+    end
   end
 
 end

spec/factories/user.rb

@@ -2,12 +2,13 @@ FactoryGirl.define do
   factory :user do
     sequence(:login) {|n| "name#{n}" }
     sequence(:email) {|n| "email#{n}@example.com" }
-    password "foobar"
+    password "foobar88"
     password_confirmation {|u| u.password}
     bio ""
     website ""
     time_zone "London"
     api_key 'ED1HVHNEH2BZD0AB'
+    authentication_token '123456token'
   end
 end
 

spec/spec_helper.rb

@@ -2,9 +2,6 @@
 ENV["RAILS_ENV"] ||= 'test'
 require File.expand_path("../../config/environment", __FILE__)
 require 'rspec/rails'
-require 'authlogic/test_case'
-
-include Authlogic::TestCase
 
 # Requires supporting ruby files with custom matchers and macros, etc,
 # in spec/support/ and its subdirectories.
@@ -23,6 +20,9 @@ RSpec.configure do |config|
   # Use color in STDOUT
   config.color_enabled = true
 
+  # add devise test helpers
+  config.include Devise::TestHelpers, type: :controller
+
   # Remove this line if you're not using ActiveRecord or ActiveRecord fixtures
   config.fixture_path = "#{::Rails.root}/spec/fixtures"
 
@@ -48,14 +48,14 @@ def ppp(obj)
 end
 
 def without_timestamping_of(*klasses)
-    if block_given?
-      klasses.delete_if { |klass| !klass.record_timestamps }
-      klasses.each { |klass| klass.record_timestamps = false }
-      begin
-        yield
-      ensure
-        klasses.each { |klass| klass.record_timestamps = true  }
-      end
+  if block_given?
+    klasses.delete_if { |klass| !klass.record_timestamps }
+    klasses.each { |klass| klass.record_timestamps = false }
+    begin
+      yield
+    ensure
+      klasses.each { |klass| klass.record_timestamps = true  }
     end
   end
+end