Installed authentication-zero

test/application_system_test_case.rb

@@ -1,5 +1,15 @@
 require "test_helper"
 
 class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
-  driven_by :selenium, using: :headless_chrome, screen_size: [ 1400, 1400 ]
+  driven_by :selenium, using: :headless_chrome, screen_size: [1400, 1400]
+
+  def sign_in_as(user)
+    visit sign_in_url
+    fill_in :email, with: user.email
+    fill_in :password, with: "Secret1*3*5*"
+    click_on "Sign in"
+
+    assert_current_path root_url
+    user
+  end
 end

test/controllers/identity/email_verifications_controller_test.rb

@@ -0,0 +1,34 @@
+require "test_helper"
+
+class Identity::EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @user = sign_in_as(users(:lazaro_nixon))
+    @user.update! verified: false
+  end
+
+  test "should send a verification email" do
+    assert_enqueued_email_with UserMailer, :email_verification, params: { user: @user } do
+      post identity_email_verification_url
+    end
+
+    assert_redirected_to root_url
+  end
+
+  test "should verify email" do
+    sid = @user.generate_token_for(:email_verification)
+
+    get identity_email_verification_url(sid: sid, email: @user.email)
+    assert_redirected_to root_url
+  end
+
+  test "should not verify email with expired token" do
+    sid = @user.generate_token_for(:email_verification)
+
+    travel 3.days
+
+    get identity_email_verification_url(sid: sid, email: @user.email)
+
+    assert_redirected_to edit_identity_email_url
+    assert_equal "That email verification link is invalid", flash[:alert]
+  end
+end

test/controllers/identity/emails_controller_test.rb

@@ -0,0 +1,25 @@
+require "test_helper"
+
+class Identity::EmailsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @user = sign_in_as(users(:lazaro_nixon))
+  end
+
+  test "should get edit" do
+    get edit_identity_email_url
+    assert_response :success
+  end
+
+  test "should update email" do
+    patch identity_email_url, params: { email: "new_email@hey.com", password_challenge: "Secret1*3*5*" }
+    assert_redirected_to root_url
+  end
+
+
+  test "should not update email with wrong password challenge" do
+    patch identity_email_url, params: { email: "new_email@hey.com", password_challenge: "SecretWrong1*3" }
+
+    assert_response :unprocessable_entity
+    assert_select "li", /Password challenge is invalid/
+  end
+end

test/controllers/identity/password_resets_controller_test.rb

@@ -0,0 +1,65 @@
+require "test_helper"
+
+class Identity::PasswordResetsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @user = users(:lazaro_nixon)
+  end
+
+  test "should get new" do
+    get new_identity_password_reset_url
+    assert_response :success
+  end
+
+  test "should get edit" do
+    sid = @user.generate_token_for(:password_reset)
+
+    get edit_identity_password_reset_url(sid: sid)
+    assert_response :success
+  end
+
+  test "should send a password reset email" do
+    assert_enqueued_email_with UserMailer, :password_reset, params: { user: @user } do
+      post identity_password_reset_url, params: { email: @user.email }
+    end
+
+    assert_redirected_to sign_in_url
+  end
+
+  test "should not send a password reset email to a nonexistent email" do
+    assert_no_enqueued_emails do
+      post identity_password_reset_url, params: { email: "invalid_email@hey.com" }
+    end
+
+    assert_redirected_to new_identity_password_reset_url
+    assert_equal "You can't reset your password until you verify your email", flash[:alert]
+  end
+
+  test "should not send a password reset email to a unverified email" do
+    @user.update! verified: false
+
+    assert_no_enqueued_emails do
+      post identity_password_reset_url, params: { email: @user.email }
+    end
+
+    assert_redirected_to new_identity_password_reset_url
+    assert_equal "You can't reset your password until you verify your email", flash[:alert]
+  end
+
+  test "should update password" do
+    sid = @user.generate_token_for(:password_reset)
+
+    patch identity_password_reset_url, params: { sid: sid, password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }
+    assert_redirected_to sign_in_url
+  end
+
+  test "should not update password with expired token" do
+    sid = @user.generate_token_for(:password_reset)
+
+    travel 30.minutes
+
+    patch identity_password_reset_url, params: { sid: sid, password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }
+
+    assert_redirected_to new_identity_password_reset_url
+    assert_equal "That password reset link is invalid", flash[:alert]
+  end
+end

test/controllers/passwords_controller_test.rb

@@ -0,0 +1,24 @@
+require "test_helper"
+
+class PasswordsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @user = sign_in_as(users(:lazaro_nixon))
+  end
+
+  test "should get edit" do
+    get edit_password_url
+    assert_response :success
+  end
+
+  test "should update password" do
+    patch password_url, params: { password_challenge: "Secret1*3*5*", password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }
+    assert_redirected_to root_url
+  end
+
+  test "should not update password with wrong password challenge" do
+    patch password_url, params: { password_challenge: "SecretWrong1*3", password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }
+
+    assert_response :unprocessable_entity
+    assert_select "li", /Password challenge is invalid/
+  end
+end

test/controllers/registrations_controller_test.rb

@@ -0,0 +1,16 @@
+require "test_helper"
+
+class RegistrationsControllerTest < ActionDispatch::IntegrationTest
+  test "should get new" do
+    get sign_up_url
+    assert_response :success
+  end
+
+  test "should sign up" do
+    assert_difference("User.count") do
+      post sign_up_url, params: { email: "lazaronixon@hey.com", password: "Secret1*3*5*", password_confirmation: "Secret1*3*5*" }
+    end
+
+    assert_redirected_to root_url
+  end
+end

test/controllers/sessions_controller_test.rb

@@ -0,0 +1,46 @@
+require "test_helper"
+
+class SessionsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @user = users(:lazaro_nixon)
+  end
+
+  test "should get index" do
+    sign_in_as @user
+
+    get sessions_url
+    assert_response :success
+  end
+
+  test "should get new" do
+    get sign_in_url
+    assert_response :success
+  end
+
+  test "should sign in" do
+    post sign_in_url, params: { email: @user.email, password: "Secret1*3*5*" }
+    assert_redirected_to root_url
+
+    get root_url
+    assert_response :success
+  end
+
+  test "should not sign in with wrong credentials" do
+    post sign_in_url, params: { email: @user.email, password: "SecretWrong1*3" }
+    assert_redirected_to sign_in_url(email_hint: @user.email)
+    assert_equal "That email or password is incorrect", flash[:alert]
+
+    get root_url
+    assert_redirected_to sign_in_url
+  end
+
+  test "should sign out" do
+    sign_in_as @user
+
+    delete session_url(@user.sessions.last)
+    assert_redirected_to sessions_url
+
+    follow_redirect!
+    assert_redirected_to sign_in_url
+  end
+end

test/fixtures/users.yml

@@ -0,0 +1,6 @@
+# Read about fixtures at https://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
+
+lazaro_nixon:
+  email: lazaronixon@hotmail.com
+  password_digest: <%= BCrypt::Password.create("Secret1*3*5*") %>
+  verified: true

test/mailers/user_mailer_test.rb

@@ -0,0 +1,19 @@
+require "test_helper"
+
+class UserMailerTest < ActionMailer::TestCase
+  setup do
+    @user = users(:lazaro_nixon)
+  end
+
+  test "password_reset" do
+    mail = UserMailer.with(user: @user).password_reset
+    assert_equal "Reset your password", mail.subject
+    assert_equal [@user.email], mail.to
+  end
+
+  test "email_verification" do
+    mail = UserMailer.with(user: @user).email_verification
+    assert_equal "Verify your email", mail.subject
+    assert_equal [@user.email], mail.to
+  end
+end

test/system/identity/emails_test.rb

@@ -0,0 +1,26 @@
+require "application_system_test_case"
+
+class Identity::EmailsTest < ApplicationSystemTestCase
+  setup do
+    @user = sign_in_as(users(:lazaro_nixon))
+  end
+
+  test "updating the email" do
+    click_on "Change email address"
+
+    fill_in "New email", with: "new_email@hey.com"
+    fill_in "Password challenge", with: "Secret1*3*5*"
+    click_on "Save changes"
+
+    assert_text "Your email has been changed"
+  end
+
+  test "sending a verification email" do
+    @user.update! verified: false
+
+    click_on "Change email address"
+    click_on "Re-send verification email"
+
+    assert_text "We sent a verification email to your email address"
+  end
+end

test/system/identity/password_resets_test.rb

@@ -0,0 +1,28 @@
+require "application_system_test_case"
+
+class Identity::PasswordResetsTest < ApplicationSystemTestCase
+  setup do
+    @user = users(:lazaro_nixon)
+    @sid = @user.generate_token_for(:password_reset)
+  end
+
+  test "sending a password reset email" do
+    visit sign_in_url
+    click_on "Forgot your password?"
+
+    fill_in "Email", with: @user.email
+    click_on "Send password reset email"
+
+    assert_text "Check your email for reset instructions"
+  end
+
+  test "updating password" do
+    visit edit_identity_password_reset_url(sid: @sid)
+
+    fill_in "New password", with: "Secret6*4*2*"
+    fill_in "Confirm new password", with: "Secret6*4*2*"
+    click_on "Save changes"
+
+    assert_text "Your password was reset successfully. Please sign in"
+  end
+end

test/system/passwords_test.rb

@@ -0,0 +1,18 @@
+require "application_system_test_case"
+
+class PasswordsTest < ApplicationSystemTestCase
+  setup do
+    @user = sign_in_as(users(:lazaro_nixon))
+  end
+
+  test "updating the password" do
+    click_on "Change password"
+
+    fill_in "Password challenge", with: "Secret1*3*5*"
+    fill_in "New password", with: "Secret6*4*2*"
+    fill_in "Confirm new password", with: "Secret6*4*2*"
+    click_on "Save changes"
+
+    assert_text "Your password has been changed"
+  end
+end

test/system/registrations_test.rb

@@ -0,0 +1,14 @@
+require "application_system_test_case"
+
+class RegistrationsTest < ApplicationSystemTestCase
+  test "signing up" do
+    visit sign_up_url
+
+    fill_in "Email", with: "lazaronixon@hey.com"
+    fill_in "Password", with: "Secret6*4*2*"
+    fill_in "Password confirmation", with: "Secret6*4*2*"
+    click_on "Sign up"
+
+    assert_text "Welcome! You have signed up successfully"
+  end
+end

test/system/sessions_test.rb

@@ -0,0 +1,30 @@
+require "application_system_test_case"
+
+class SessionsTest < ApplicationSystemTestCase
+  setup do
+    @user = users(:lazaro_nixon)
+  end
+
+  test "visiting the index" do
+    sign_in_as @user
+
+    click_on "Devices & Sessions"
+    assert_selector "h1", text: "Sessions"
+  end
+
+  test "signing in" do
+    visit sign_in_url
+    fill_in "Email", with: @user.email
+    fill_in "Password", with: "Secret1*3*5*"
+    click_on "Sign in"
+
+    assert_text "Signed in successfully"
+  end
+
+  test "signing out" do
+    sign_in_as @user
+
+    click_on "Log out"
+    assert_text "That session has been logged out"
+  end
+end

test/test_helper.rb

@@ -2,14 +2,15 @@ ENV["RAILS_ENV"] ||= "test"
 require_relative "../config/environment"
 require "rails/test_help"
 
-module ActiveSupport
-  class TestCase
-    # Run tests in parallel with specified workers
-    parallelize(workers: :number_of_processors)
+class ActiveSupport::TestCase
+  # Run tests in parallel with specified workers
+  parallelize(workers: :number_of_processors)
 
-    # Setup all fixtures in test/fixtures/*.yml for all tests in alphabetical order.
-    fixtures :all
+  # Setup all fixtures in test/fixtures/*.yml for all tests in alphabetical order.
+  fixtures :all
 
-    # Add more helper methods to be used by all tests here...
+  # Add more helper methods to be used by all tests here...
+  def sign_in_as(user)
+    post(sign_in_url, params: { email: user.email, password: "Secret1*3*5*" }); user
   end
 end