require 'spec_helper'

describe Clearance::SessionsController do
  describe "on GET to /sessions/new" do
    before { get :new }

    it { should respond_with(:success) }
    it { should render_template(:new) }
    it { should_not set_the_flash }
  end

  describe "on POST to #create with good credentials" do
    before do
      @user = Factory(:user)
      @user.update_attribute(:remember_token, "old-token")
      post :create, :session => {
                      :email    => @user.email,
                      :password => @user.password }
    end

    it { should redirect_to_url_after_create }

    it "sets the user in the clearance session" do
      controller.current_user.should == @user
    end

    it "should not change the remember token" do
      @user.reload.remember_token.should == "old-token"
    end
  end

  describe "on POST to #create with good credentials and a session return url" do
    before do
      @user = Factory(:user)
      @return_url = '/url_in_the_session'
      @request.session[:return_to] = @return_url
      post :create, :session => {
                      :email    => @user.email,
                      :password => @user.password }
    end

    it "redirects to the return URL" do
      should redirect_to(@return_url)
    end
  end

  describe "on POST to #create with good credentials and a request return url" do
    before do
      @user = Factory(:user)
      @return_url = '/url_in_the_request'
      post :create, :session => {
                      :email     => @user.email,
                      :password  => @user.password },
                      :return_to => @return_url
    end

    it "redirects to the return URL" do
      should redirect_to(@return_url)
    end
  end

  describe "on POST to #create with good credentials and a session return url and request return url" do
    before do
      @user = Factory(:user)
      @return_url = '/url_in_the_session'
      @request.session[:return_to] = @return_url
      post :create, :session => {
                      :email     => @user.email,
                      :password  => @user.password },
                      :return_to => '/url_in_the_request'
    end

    it "redirects to the return url" do
      should redirect_to(@return_url)
    end
  end

  describe "on DELETE to #destroy given a signed out user" do
    before do
      sign_out
      delete :destroy
    end
    it { should redirect_to_url_after_destroy }
  end

  describe "on DELETE to #destroy with a cookie" do
    before do
      @user = Factory(:user)
      @user.update_attribute(:remember_token, "old-token")
      @request.cookies["remember_token"] = "old-token"
      delete :destroy
    end

    it { should redirect_to_url_after_destroy }

    it "should reset the remember token" do
      @user.reload.remember_token.should_not == "old-token"
    end

    it "should unset the current user" do
      @controller.current_user.should be_nil
    end
  end
end