-
1
class Admin::PasswordResetsController < ApplicationController
-
1
no_login_required
-
1
skip_before_filter :verify_authenticity_token
-
-
1
def create
-
5
user = User.find_by_email(params[:email])
-
5
if user
-
3
user.send_password_reset
-
redirect_to welcome_path, :notice => "Email sent with password reset instructions."
-
else
-
2
redirect_to new_admin_password_reset, :notice => "Email not registered, please try re-typing it or contacting your Admin."
-
end
-
end
-
-
1
def edit
-
1
@user = User.where(password_reset_token: params[:id])
-
end
-
-
1
def update
-
2
@user = User.where(password_reset_token: params[:id])
-
2
if @user.password_reset_sent_at < 2.hours.ago
-
redirect_to new_password_reset_path, :alert => "Password reset has expired."
-
elsif @user.update_attributes(params[:user])
-
redirect_to welcome_url, :notice => "Password has been reset!"
-
else
-
render :edit
-
end
-
end
-
end
-
#require_dependency 'trusty_cms'
-
1
require 'login_system'
-
-
1
class ApplicationController < ActionController::Base
-
1
include LoginSystem
-
# TODO: Add an ActionView::PathSet.new([paths]) for all extension view paths
-
1
prepend_view_path("#{TRUSTY_CMS_ROOT}/app/views")
-
-
1
protect_from_forgery
-
-
1
before_filter :set_current_user
-
1
before_filter :set_timezone
-
1
before_filter :set_user_locale
-
1
before_filter :set_javascripts_and_stylesheets
-
1
before_filter :force_utf8_params if RUBY_VERSION =~ /1\.9/
-
1
before_filter :set_standard_body_style, :only => [:new, :edit, :update, :create]
-
-
1
attr_accessor :trusty_config, :cache
-
1
attr_reader :pagination_parameters
-
1
helper_method :pagination_parameters
-
-
1
def initialize
-
17
super
-
17
@trusty_config = TrustyCms::Config
-
end
-
-
1
def template_name
-
case self.action_name
-
when 'index'
-
'index'
-
when 'new','create'
-
'new'
-
when 'show'
-
'show'
-
when 'edit', 'update'
-
'edit'
-
when 'remove', 'destroy'
-
'remove'
-
else
-
self.action_name
-
end
-
end
-
-
1
def rescue_action_in_public(exception)
-
case exception
-
when ActiveRecord::RecordNotFound, ActionController::UnknownController, ActionController::UnknownAction, ActionController::RoutingError
-
render :template => "site/not_found", :status => 404
-
else
-
super
-
end
-
end
-
-
1
private
-
-
1
def set_current_user
-
9
UserActionObserver.instance.current_user = current_user
-
end
-
-
1
def set_user_locale
-
9
I18n.locale = current_user && !current_user.locale.blank? ? current_user.locale : TrustyCms::Config['default_locale']
-
end
-
-
1
def set_timezone
-
9
Time.zone = TrustyCms::Config['local.timezone'] != nil && TrustyCms::Config['local.timezone'].empty? ? Time.zone_default : TrustyCms::Config['local.timezone']
-
end
-
-
1
def set_javascripts_and_stylesheets
-
9
@stylesheets ||= []
-
9
@stylesheets.concat %w(admin/main)
-
9
@javascripts ||= []
-
end
-
-
1
def set_standard_body_style
-
9
@body_classes ||= []
-
9
@body_classes.concat(%w(reversed))
-
end
-
-
# When using TrustyCms with Ruby 1.9, the strings that come in from forms are ASCII-8BIT encoded.
-
# That causes problems, especially when using special chars and with certain DBs, like DB2
-
# That's why we force the encoding of the params to UTF-8
-
# That's what's happening in Rails 3, too: https://github.com/rails/rails/commit/25215d7285db10e2c04d903f251b791342e4dd6a
-
#
-
# See http://stackoverflow.com/questions/8268778/rails-2-3-9-encoding-of-query-parameters
-
# See https://rails.lighthouseapp.com/projects/8994/tickets/4807
-
# See http://jasoncodes.com/posts/ruby19-rails2-encodings (thanks for the following code, Jason!)
-
1
def force_utf8_params
-
traverse = lambda do |object, block|
-
if object.kind_of?(Hash)
-
object.each_value { |o| traverse.call(o, block) }
-
elsif object.kind_of?(Array)
-
object.each { |o| traverse.call(o, block) }
-
else
-
block.call(object)
-
end
-
object
-
end
-
force_encoding = lambda do |o|
-
o.force_encoding(Encoding::UTF_8) if o.respond_to?(:force_encoding)
-
end
-
traverse.call(params, force_encoding)
-
end
-
-
end
-
1
module Admin::RegionsHelper
-
1
def render_region(region, options={}, &block)
-
lazy_initialize_region_set
-
default_partials = TrustyCms::AdminUI::RegionPartials.new(self)
-
if block_given?
-
block.call(default_partials)
-
(options[:locals] ||= {}).merge!(:defaults => default_partials)
-
end
-
output = @region_set[region].compact.map do |partial|
-
begin
-
render options.merge(:partial => partial)
-
rescue ::ActionView::MissingTemplate # couldn't find template
-
default_partials[partial]
-
rescue ::ActionView::TemplateError => e # error in template
-
raise e
-
end
-
end.join.html_safe
-
Rails.logger.error(output)
-
block_given? ? concat(output) : output
-
end
-
-
1
def lazy_initialize_region_set
-
unless @region_set
-
@controller_name ||= @_controller.controller_name
-
@template_name ||= @_controller.template_name
-
@region_set = admin.send(@controller_name).send(@template_name)
-
end
-
end
-
end
-
1
module ApplicationHelper
-
1
include Admin::RegionsHelper
-
-
1
def trusty_config
-
TrustyCms::Config
-
end
-
-
1
def default_page_title
-
title + ' - ' + subtitle
-
end
-
-
1
def title
-
trusty_config['admin.title'] || 'Trusty CMS'
-
end
-
-
1
def subtitle
-
trusty_config['admin.subtitle'] || 'Publishing for Small Teams'
-
end
-
-
1
def logged_in?
-
!current_user.nil?
-
end
-
-
1
def onsubmit_status(model)
-
model.new_record? ? t('creating_status', :model => t(model.class.name.downcase)) : "#{I18n.t('saving_changes')}…"
-
end
-
-
1
def save_model_button(model, options = {})
-
model_name = model.class.name.underscore
-
human_model_name = model_name.humanize.titlecase
-
options[:label] ||= model.new_record? ?
-
t('buttons.create', :name => t(model_name, :default => human_model_name), :default => 'Create ' + human_model_name) :
-
t('buttons.save_changes', :default => 'Save Changes')
-
options[:class] ||= "button"
-
options[:accesskey] ||= 'S'
-
submit_tag options.delete(:label), options
-
end
-
-
1
def save_model_and_continue_editing_button(model)
-
submit_tag t('buttons.save_and_continue'), :name => 'continue', :class => 'button', :accesskey => "s"
-
end
-
-
1
def current_item?(item)
-
if item.tab && item.tab.many? {|i| current_url?(i.relative_url) }
-
# Accept only stricter URL matches if more than one matches
-
current_page?(item.url)
-
else
-
current_url?(item.relative_url)
-
end
-
end
-
-
1
def current_tab?(tab)
-
@current_tab ||= tab if tab.any? {|item| current_url?(item.relative_url) }
-
@current_tab == tab
-
end
-
-
1
def current_url?(options)
-
url = case options
-
when Hash
-
url_for options
-
else
-
options.to_s
-
end
-
#TODO: look for other instances of request_uri
-
request.original_fullpath =~ Regexp.new('^' + Regexp.quote(clean(url)))
-
end
-
-
1
def clean(url)
-
uri = URI.parse(url)
-
uri.path.gsub(%r{/+}, '/').gsub(%r{/$}, '')
-
end
-
-
1
def nav_link_to(name, options)
-
if current_url?(options)
-
%{<strong>#{ link_to translate_with_default(name), options }</strong>}
-
else
-
link_to translate_with_default(name), options
-
end
-
end
-
-
1
def admin?
-
current_user and current_user.admin?
-
end
-
-
1
def designer?
-
current_user and (current_user.designer? or current_user.admin?)
-
end
-
-
1
def updated_stamp(model)
-
unless model.new_record?
-
updated_by = (model.updated_by || model.created_by)
-
name = updated_by ? updated_by.name : nil
-
time = (model.updated_at || model.created_at)
-
if name or time
-
html = %{<p class="updated_line">#{t('timestamp.last_updated')} }
-
html << %{#{t('timestamp.by')} <strong>#{name}</strong> } if name
-
html << %{#{t('timestamp.at')} #{timestamp(time)}} if time
-
html << %{</p>}
-
html.html_safe
-
end
-
end
-
end
-
-
1
def timestamp(time)
-
# time.strftime("%I:%M %p on %B %e, %Y").sub("AM", 'am').sub("PM", 'pm')
-
I18n.localize(time, :format => :timestamp)
-
end
-
-
1
def meta_visible(symbol)
-
v = case symbol
-
when :meta_more
-
not meta_errors?
-
when :meta, :meta_less
-
meta_errors?
-
end
-
v ? {} : {:style => "display: none"}
-
end
-
-
1
def meta_errors?
-
false
-
end
-
-
1
def meta_label
-
meta_errors? ? 'Less' : 'More'
-
end
-
-
1
def image(name, options = {})
-
image_tag(append_image_extension("admin/#{name}"), options)
-
end
-
-
1
def image_submit(name, options = {})
-
image_submit_tag(append_image_extension("admin/#{name}"), options)
-
end
-
-
1
def admin
-
TrustyCms::AdminUI.instance
-
end
-
-
1
def filter_options_for_select(selected=nil)
-
options_for_select([[t('select.none'), '']] + TextFilter.descendants_names, selected)
-
end
-
-
1
def body_classes
-
@body_classes ||= []
-
end
-
-
1
def nav_tabs
-
admin.nav
-
end
-
-
1
def translate_with_default(name)
-
t(name.underscore.downcase, :default => name)
-
end
-
-
1
def available_locales_select
-
[[t('select.default'),'']] + TrustyCms::AvailableLocales.locales
-
end
-
-
1
def stylesheet_overrides
-
overrides = []
-
if File.exist?("#{Rails.root}/public/stylesheets/admin/overrides.css") || File.exist?("#{Rails.root}/public/stylesheets/sass/admin/overrides.sass")
-
overrides << 'admin/overrides'
-
end
-
overrides
-
end
-
-
1
def javascript_overrides
-
overrides = []
-
if File.exist?("#{Rails.root}/public/javascripts/admin/overrides.js")
-
overrides << 'admin/overrides'
-
end
-
overrides
-
end
-
-
# Returns a Gravatar URL associated with the email parameter.
-
# See: http://douglasfshearer.com/blog/gravatar-for-ruby-and-ruby-on-rails
-
1
def gravatar_url(email, options={})
-
# Default to highest rating. Rating can be one of G, PG, R X.
-
options[:rating] ||= "G"
-
-
# Default size of the image.
-
options[:size] ||= "32px"
-
-
# Default image url to be used when no gravatar is found
-
# or when an image exceeds the rating parameter.
-
local_avatar_url = "/images/admin/avatar_#{([options[:size].to_i] * 2).join('x')}.png"
-
default_avatar_url = "#{request.protocol}#{request.host_with_port}#{ActionController::Base.relative_url_root}#{local_avatar_url}"
-
options[:default] ||= default_avatar_url
-
-
unless email.blank?
-
# Build the Gravatar url.
-
url = '//gravatar.com/avatar/'
-
url << "#{Digest::MD5.new.update(email)}?"
-
url << "rating=#{options[:rating]}" if options[:rating]
-
url << "&size=#{options[:size]}" if options[:size]
-
url << "&default=#{options[:default]}" if options[:default]
-
# Test the Gravatar url
-
require 'open-uri'
-
begin; open "http:#{url}", :proxy => true
-
rescue; local_avatar_url
-
else; url
-
end
-
else
-
local_avatar_url
-
end
-
end
-
-
# returns the usual set of pagination links.
-
# options are passed through to will_paginate
-
# and a 'show all' depagination link is added if relevant.
-
1
def pagination_for(list, options={})
-
if list.respond_to? :total_pages
-
options = {
-
:max_per_page => @trusty_config['pagination.max_per_page'] || 500,
-
:depaginate => true
-
}.merge(options.symbolize_keys)
-
depaginate = options.delete(:depaginate) # supply :depaginate => false to omit the 'show all' link
-
depagination_limit = options.delete(:max_per_page) # supply :max_per_page => false to include the 'show all' link no matter how large the collection
-
html = will_paginate(list, will_paginate_options.merge(options))
-
if depaginate && list.total_pages > 1 && (!depagination_limit.blank? || list.total_entries <= depagination_limit.to_i)
-
html << content_tag(:div, link_to(t('show_all'), :pp => 'all'), :class => 'depaginate')
-
elsif depaginate && list.total_entries > depagination_limit.to_i
-
html = content_tag(:div, link_to("paginate", :p => 1), :class => 'pagination')
-
end
-
html
-
end
-
end
-
-
1
private
-
-
1
def append_image_extension(name)
-
unless name =~ /\.(.*?)$/
-
name + '.png'
-
else
-
name
-
end
-
end
-
-
end
-
1
class Layout < ActiveRecord::Base
-
1
attr_protected :created_at, :updated_at
-
-
# Default Order
-
1
default_scope {order("name")}
-
-
# Associations
-
1
has_many :pages
-
1
belongs_to :created_by, :class_name => 'User'
-
1
belongs_to :updated_by, :class_name => 'User'
-
-
# Validations
-
1
validates_presence_of :name
-
1
validates_uniqueness_of :name
-
1
validates_length_of :name, :maximum => 100
-
end
-
1
class Status
-
1
attr_accessor :id, :name
-
-
1
def initialize(options = {})
-
5
options = options.symbolize_keys
-
5
@id, @name = options[:id], options[:name]
-
end
-
-
1
def symbol
-
8
@name.to_s.downcase.intern
-
end
-
-
1
def self.[](value)
-
10
@@statuses.find { |status| status.symbol == value.to_s.downcase.intern }
-
end
-
-
1
def self.find(id)
-
@@statuses.find { |status| status.id.to_s == id.to_s }
-
end
-
-
1
def self.find_all
-
@@statuses.dup
-
end
-
-
1
def self.selectable
-
find_all - [self['Scheduled']]
-
end
-
-
1
def self.selectable_values
-
self.selectable.map(&:name)
-
end
-
-
1
@@statuses = [
-
Status.new(:id => 1, :name => 'Draft' ),
-
Status.new(:id => 50, :name => 'Reviewed' ),
-
Status.new(:id => 90, :name => 'Scheduled'),
-
Status.new(:id => 100, :name => 'Published'),
-
Status.new(:id => 101, :name => 'Hidden' )
-
]
-
-
end
-
1
require 'digest/sha1'
-
-
1
class User < ActiveRecord::Base
-
1
has_many :pages, :foreign_key => :created_by_id
-
1
attr_protected 'why_is_this_needed'
-
-
# Default Order
-
47
default_scope {order("name")}
-
-
# Associations
-
1
belongs_to :created_by, :class_name => 'User'
-
1
belongs_to :updated_by, :class_name => 'User'
-
-
# Validations
-
1
validates_uniqueness_of :login
-
-
1
validates_confirmation_of :password, :if => :confirm_password?
-
-
1
validates_presence_of :name, :login
-
1
validates_presence_of :password, :password_confirmation, :if => :new_record?
-
-
-
1
validates_length_of :name, :maximum => 100, :allow_nil => true
-
1
validates_length_of :login, :within => 3..40, :allow_nil => true
-
1
validates_length_of :password, :within => 5..40, :allow_nil => true, :if => :validate_length_of_password?
-
1
validates_length_of :email, :maximum => 255, :allow_nil => true
-
-
1
attr_writer :confirm_password
-
-
1
def has_role?(role)
-
respond_to?("#{role}?") && send("#{role}?")
-
end
-
-
1
def sha1(phrase)
-
11
Digest::SHA1.hexdigest("--#{salt}--#{phrase}--")
-
end
-
-
1
def self.authenticate(login_or_email, password)
-
user = where(["login = ? OR email = ?", login_or_email, login_or_email]).first
-
user if user && user.authenticated?(password)
-
end
-
-
1
def authenticated?(password)
-
self.password == sha1(password)
-
end
-
-
1
def after_initialize
-
@confirm_password = true
-
end
-
-
1
def confirm_password?
-
11
@confirm_password
-
end
-
-
1
def remember_me
-
update_attribute(:session_token, sha1(Time.now + TrustyCms::Config['session_timeout'].to_i)) unless self.session_token?
-
end
-
-
1
def forget_me
-
update_attribute(:session_token, nil)
-
end
-
-
1
def send_password_reset
-
3
generate_token(:password_reset_token)
-
update_attribute(:password_reset_sent_at, Time.zone.now)
-
PasswordMailer.password_reset(self).deliver_now
-
end
-
-
1
def generate_token(column)
-
10
self[column] = SecureRandom.urlsafe_base64 if User.exists?(column => self[column])
-
end
-
-
1
private
-
-
1
def validate_length_of_password?
-
11
new_record? or not password.to_s.empty?
-
end
-
-
1
before_create :encrypt_password
-
1
def encrypt_password
-
11
self.salt = Digest::SHA1.hexdigest("--#{Time.now}--#{login}--sweet harmonious biscuits--")
-
11
self.password = sha1(password)
-
end
-
-
1
before_update :encrypt_password_unless_empty_or_unchanged
-
1
def encrypt_password_unless_empty_or_unchanged
-
user = self.class.find(self.id)
-
case password
-
when ''
-
self.password = user.password
-
when user.password
-
else
-
encrypt_password
-
end
-
end
-
-
end
-
1
class UserActionObserver < ActiveRecord::Observer
-
1
observe User, Page, Layout
-
-
1
def current_user=(user)
-
9
self.class.current_user = user
-
end
-
1
def self.current_user=(user)
-
9
Thread.current[:current_user] = user
-
end
-
-
1
def current_user
-
9
self.class.current_user
-
end
-
1
def self.current_user
-
9
Thread.current[:current_user]
-
end
-
-
1
def before_create(model)
-
9
model.created_by = self.current_user
-
end
-
-
1
def before_update(model)
-
model.updated_by = self.current_user
-
end
-
end
-
1
module LoginSystem
-
1
def self.included(base)
-
1
base.extend ClassMethods
-
1
base.class_eval do
-
1
prepend_before_filter :authenticate
-
1
prepend_before_filter :authorize
-
1
helper_method :current_user
-
end
-
end
-
-
1
protected
-
-
1
def current_user
-
18
@current_user ||= (login_from_session || login_from_cookie || login_from_http)
-
end
-
-
1
def current_user=(value=nil)
-
if value && value.is_a?(User)
-
@current_user = value
-
session['user_id'] = value.id
-
else
-
@current_user = nil
-
session['user_id'] = nil
-
end
-
@current_user
-
end
-
-
1
def authenticate
-
#puts _process_action_callbacks.map(&:filter)
-
if current_user
-
session['user_id'] = current_user.id
-
true
-
else
-
session[:return_to] = request.original_url
-
respond_to do |format|
-
format.html { redirect_to login_url }
-
format.any(:xml,:json) { request_http_basic_authentication }
-
end
-
false
-
end
-
end
-
-
1
def authorize
-
#puts _process_action_callbacks.map(&:filter)
-
action = action_name.to_s.intern
-
if user_has_access_to_action?(action)
-
true
-
else
-
permissions = self.class.controller_permissions[action]
-
flash[:error] = permissions[:denied_message] || 'Access denied.'
-
respond_to do |format|
-
format.html { redirect_to(permissions[:denied_url] || { :action => :index }) }
-
format.any(:xml, :json) { head :forbidden }
-
end
-
false
-
end
-
end
-
-
1
def user_has_access_to_action?(action)
-
self.class.user_has_access_to_action?(current_user, action, self)
-
end
-
-
1
def login_from_session
-
36
User.find(session['user_id']) rescue nil
-
end
-
-
1
def login_from_cookie
-
18
if !cookies[:session_token].blank? && user = User.find_by_session_token(cookies[:session_token]) # don't find by empty value
-
user.remember_me
-
set_session_cookie(user)
-
user
-
end
-
end
-
-
1
def login_from_http
-
18
if [Mime::XML, Mime::JSON].include?(request.format)
-
authenticate_with_http_basic do |user_name, password|
-
User.authenticate(user_name, password)
-
end
-
end
-
end
-
-
1
def set_session_cookie(user = current_user)
-
cookies[:session_token] = { :value => user.session_token , :expires => (Time.now + ((TrustyCms::Config['session_timeout'].to_i)/86400).days).utc }
-
end
-
-
1
module ClassMethods
-
1
def no_login_required
-
1
skip_before_filter :authenticate
-
1
skip_before_filter :authorize
-
# puts _process_action_callbacks.map(&:filter)
-
end
-
-
1
def login_required?
-
filter_chain.any? {|f| f.method == :authenticate || f.method == :authorize }
-
end
-
-
1
def login_required
-
unless login_required?
-
prepend_before_filter :authenticate, :authorize
-
end
-
end
-
-
1
def only_allow_access_to(*args)
-
options = {}
-
options = args.pop.dup if args.last.kind_of?(Hash)
-
options.symbolize_keys!
-
actions = args.map { |a| a.to_s.intern }
-
actions.each do |action|
-
controller_permissions[action] = options
-
end
-
end
-
-
1
def controller_permissions
-
@controller_permissions ||= Hash.new { |h,k| h[k.to_s.intern] = Hash.new }
-
end
-
-
1
def user_has_access_to_action?(user, action, instance=new)
-
permissions = controller_permissions[action.to_s.intern]
-
case
-
when allowed_roles = permissions[:when]
-
allowed_roles = [allowed_roles].flatten
-
allowed_roles.any? { |role| user.has_role?(role) }
-
when condition_method = permissions[:if]
-
instance.send(condition_method)
-
else
-
true
-
end
-
end
-
end
-
end
-
1
require 'spec_helper'
-
-
1
describe Admin::PasswordResetsController, :type => :controller do
-
-
1
describe "Get new" do
-
1
it "renders the new template" do
-
1
get :new
-
1
expect(response).to render_template('new')
-
end
-
end
-
-
1
describe "POST create " do
-
1
context "with a valid user and email " do
-
5
let(:user) { create(:user) }
-
-
1
it "finds the user" do
-
1
expect(User).to receive(:find_by).with(email: user.email).and_return(user)
-
1
post :create, email: user.email
-
end
-
-
1
it "generates a new password reset token " do
-
2
expect { post :create, email: user.email ; user.reload }.to change{ user.password_reset_token }
-
end
-
-
1
it "sends a password reset email" do
-
2
expect { post :create, email: user.email }.to change(ActionMailer::Base.deliveries, :size)
-
end
-
-
1
it "sets the flash sucess message" do
-
1
post :create, email: user.email
-
expect(flash[:success]).to match(/check your email/)
-
end
-
-
end
-
-
1
context 'with no user found' do
-
1
it "renders the new page" do
-
1
post :create, email: 'none@found.com'
-
expect(response).to render_template('new')
-
end
-
-
1
it "sets the flash message" do
-
1
post :create , email: 'none@found.com'
-
expect(flash[:notice]).to match(/not found/)
-
end
-
-
end
-
end
-
-
1
describe "Get edit" do
-
1
context "with a password_reset_token" do
-
3
let(:user) { create(:user)}
-
3
before { user.generate_token(:password_reset_token) }
-
-
1
it "renders the edit template" do
-
get :edit, id: user.password_reset_token
-
expect(response).to render_template('edit')
-
end
-
-
1
it "assigns a @user" do
-
get :edit, id: user.password_reset_token
-
expect(assigns(:user)).to eq(user)
-
end
-
end
-
end
-
-
1
context "with no password_reset_token found" do
-
1
it "renders the 404 page" do
-
1
get :edit, id: 'not found'
-
1
expect( response.status ).to eq(404)
-
-
expect(response).to render_template(file: "#{Rails.root}/public/404.html")
-
end
-
-
end
-
-
1
describe "PATCH update" do
-
1
context "with no token found" do
-
1
it "renders the edit page" do
-
1
patch :update, id: 'notfound', user: { password: 'newpassord1', password_confirmation: 'newpassword1' }
-
expect(response).to render_template('edit')
-
end
-
-
1
it "sets the flash message" do
-
1
patch :update, id: 'notfound', user: { password: 'newpassord1', password_confirmation: 'newpassword1' }
-
expect(flash[:notice]).to match(/not found/)
-
end
-
end
-
-
1
context "with a valid token" do
-
6
let(:user) { create(:user) }
-
6
before { user.generate_token(:password_reset_token)}
-
-
1
it "updates the user's password" do
-
digest = user.password_digest
-
patch :update, id: user.password_reset_token, user: { password: 'newpassword1', password_confirmation: 'newpassword1'}
-
user.reload
-
expect(user.password_digest).to_not eq(digest)
-
end
-
-
1
it "clears the password_reset_token" do
-
patch :update, id: user.password_reset_token, user: { password: 'newpassword1', password_confirmation: 'newpassword1'}
-
user.reload
-
expect(user.password_reset_token).to be_blank
-
end
-
-
1
it "sets the session[:user_id] user id" do
-
patch :update, id: user.password_reset_token, user: { password: 'newpassword1', password_confirmation: 'newpassword1'}
-
expect(session[:user_id]).to eq(user.id)
-
end
-
-
1
it "sets the flash[:sucess] message" do
-
patch :update, id: user.password_reset_token, user: { password: 'newpassword1', password_confirmation: 'newpassword1'}
-
expect(flash[:success]).to match(/password updated/i)
-
end
-
-
1
it "redirects to the todo_lists page" do
-
patch :update, id: user.password_reset_token, user: { password: 'newpassword1', password_confirmation: 'newpassword1'}
-
expect(response).to redirect_to(welcome_path)
-
end
-
-
end
-
-
end
-
-
end
-
1
FactoryGirl.define do
-
-
1
factory :layout do
-
1
name 'Main Layout'
-
1
content <<-CONTENT
-
<html>
-
<head>
-
<title><r:title /></title>
-
</head>
-
<body>
-
<r:content />
-
</body>
-
</html>
-
CONTENT
-
end
-
-
end
-
1
FactoryGirl.define do
-
1
factory :page do
-
1
title 'Page'
-
1
breadcrumb { title }
-
1
slug { title.slugify }
-
-
1
trait :with_parts do
-
1
page_parts { [FactoryGirl.create(:page_part, name: 'body')] }
-
end
-
-
1
trait :with_children do
-
1
children { [FactoryGirl.create(:page, :with_parts)] }
-
end
-
-
1
factory :page_with_layout do
-
1
layout
-
end
-
-
1
factory :page_with_page_parts do
-
1
page_parts
-
end
-
-
1
factory :file_not_found_page, class: FileNotFoundPage do
-
end
-
-
1
factory :parent do
-
-
end
-
-
1
factory :published_page do
-
1
status_id Status[:published].id
-
-
1
factory :article do
-
1
title { generate(:article_title)}
-
1
slug { generate(:article_slug)}
-
end
-
-
1
factory :page_with_body_page_part do
-
1
after(:create) { |page| page.parts.create(name: 'body', content: "#{page.title} body.") }
-
end
-
-
1
factory :page_with_body_and_sidebar_parts do
-
1
after(:create) { |page| page.parts.create(name: 'body', content: "#{page.title} body.") }
-
1
after(:create) { |page| page.parts.create(name: 'sidebar', content: "#{page.title} sidebar.") }
-
end
-
end
-
-
1
factory :home do |home|
-
1
title 'Home'
-
1
slug '/'
-
1
status_id Status[:published].id
-
1
parent_id nil
-
end
-
-
end
-
-
1
sequence :article_slug do |n|
-
"article#{('-' + n.to_s) unless n == 1 }"
-
end
-
1
sequence :article_title do |n|
-
"Article#{(' ' + n.to_s) unless n == 1 }"
-
end
-
end
-
1
FactoryGirl.define do
-
-
1
factory :page_part do
-
1
name 'unnamed'
-
1
content { name }
-
end
-
-
end
-
1
FactoryGirl.define do
-
1
factory :user do
-
1
name 'User'
-
1
email 'email@test.com'
-
1
login 'user'
-
1
password 'password'
-
12
password_confirmation { password }
-
-
1
factory :admin do
-
1
name 'Admin'
-
1
login 'admin'
-
1
email 'admin@example.com'
-
1
admin true
-
end
-
-
1
factory :existing do
-
1
name 'Existing'
-
1
login 'existing'
-
1
email 'existing@example.com'
-
end
-
-
1
factory :designer do
-
1
name 'Designer'
-
1
login 'designer'
-
1
email ''
-
1
designer true
-
end
-
-
1
factory :non_admin do
-
1
name 'Non Admin'
-
1
login 'non_admin'
-
1
admin false
-
end
-
end
-
end
-
# Commonly occurring user actions in tests.
-
-
# This takes a username and by default assumes the password is 'password'.
-
1
def log_in_as(login, plaintext_password = 'password')
-
visit '/'
-
fill_in 'username_or_email', with: login
-
fill_in 'password', with: plaintext_password
-
click_on 'Login'
-
end
-
