Merge tag '0.2.3'

21 files changed, 187 insertions, 55 deletions

diff --git a/billing/app/controllers/billing_base_controller.rb b/billing/app/controllers/billing_base_controller.rb
index c250831..0453677 100644
--- a/billing/app/controllers/billing_base_controller.rb
+++ b/billing/app/controllers/billing_base_controller.rb
@@ -7,7 +7,7 @@ class BillingBaseController < ApplicationController
   def assign_user
     if params[:user_id]
       @user = User.find(params[:user_id])
-    elsif params[:action] == "confirm" or params[:action] == "destroy" # confirms and subscription deletes will come back with different ID set, so check for this first
+    elsif params[:action] == "confirm"# confirms will come back with different ID set, so check for this first
       # This is only for cases where an admin cannot apply action for customer, but should be all confirms
       @user = current_user
     elsif params[:id]
diff --git a/billing/app/controllers/subscriptions_controller.rb b/billing/app/controllers/subscriptions_controller.rb
index 4047847..7689f35 100644
--- a/billing/app/controllers/subscriptions_controller.rb
+++ b/billing/app/controllers/subscriptions_controller.rb
@@ -3,7 +3,7 @@ class SubscriptionsController < BillingBaseController
   before_filter :fetch_subscription, :only => [:show, :destroy]
   before_filter :confirm_no_active_subscription, :only => [:new, :create]
   # for now, admins cannot create or destroy subscriptions for others:
-  before_filter :confirm_self, :only => [:destroy, :new, :create]
+  before_filter :confirm_self, :only => [:new, :create]
 
   def new
     # don't show link to subscribe if they are already subscribed?
@@ -31,7 +31,8 @@ class SubscriptionsController < BillingBaseController
 
   def fetch_subscription
     @subscription = Braintree::Subscription.find params[:id]
-    @subscription_customer_id = @subscription.transactions.first.customer_details.id #all of subscriptions transactions should have same customer
+    @credit_card = Braintree::CreditCard.find @subscription.payment_method_token
+    @subscription_customer_id = @credit_card.customer_id
     current_user_customer = Customer.find_by_user_id(current_user.id)
     access_denied unless admin? or (current_user_customer and current_user_customer.braintree_customer_id == @subscription_customer_id)
 
diff --git a/billing/app/views/subscriptions/show.html.haml b/billing/app/views/subscriptions/show.html.haml
index ebb7e0d..39f4d1a 100644
--- a/billing/app/views/subscriptions/show.html.haml
+++ b/billing/app/views/subscriptions/show.html.haml
@@ -3,5 +3,4 @@
     Current
   Subscription
 = render :partial => "subscription_details",  :locals => {:subscription => @subscription}
-- if @user == current_user
-  = link_to t(:cancel_subscription), subscription_path(@subscription.id),  :confirm => t(:are_you_sure), :method => :delete, :class => 'btn btn-danger' if @subscription.status == 'Active' # permission check or should that just be on show?
+= link_to t(:cancel_subscription), user_subscription_path(@user, @subscription.id),  :confirm => t(:are_you_sure), :method => :delete, :class => 'btn btn-danger' if @subscription.status == 'Active' # permission check or should that just be on show?
diff --git a/billing/config/routes.rb b/billing/config/routes.rb
index 8b7b5bf..e024f43 100644
--- a/billing/config/routes.rb
+++ b/billing/config/routes.rb
@@ -4,7 +4,7 @@ Rails.application.routes.draw do
   match 'payments/confirm' => 'payments#confirm', :as => :confirm_payment
   resources :users do
     resources :payments, :only => [:index]
-    resources :subscriptions, :only => [:index, :show]
+    resources :subscriptions, :only => [:index, :show, :destroy]
   end
 
   resources :customer, :only => [:new, :edit]
@@ -14,7 +14,7 @@ Rails.application.routes.draw do
   match 'customer/show/:id' => 'customer#show', :as => :show_customer
   match 'credit_card_info/confirm' => 'credit_card_info#confirm', :as => :confirm_credit_card_info
 
-  resources :subscriptions, :only => [:new, :create, :update, :destroy] # index and show are within users path
+  resources :subscriptions, :only => [:new, :create, :update] # index, show & destroy are within users path
 
   #match 'transactions/:product_id/new' => 'transactions#new', :as => :new_transaction
   #match 'transactions/confirm/:product_id' => 'transactions#confirm', :as => :confirm_transaction
diff --git a/billing/test/functional/customer_controller_test.rb b/billing/test/functional/customer_controller_test.rb
index 878ed48..d943e23 100644
--- a/billing/test/functional/customer_controller_test.rb
+++ b/billing/test/functional/customer_controller_test.rb
@@ -2,6 +2,7 @@ require 'test_helper'
 require 'fake_braintree'
 
 class CustomerControllerTest < ActionController::TestCase
+  include CustomerTestHelper
 
   test "new assigns redirect url" do
     login
@@ -21,9 +22,7 @@ class CustomerControllerTest < ActionController::TestCase
   end
 
   test "edit uses params[:id]" do
-    user = find_record :user
-    customer = stub_record :customer_with_payment_info, user: user
-    Customer.stubs(:find_by_user_id).with(user.id).returns(customer)
+    customer = stub_customer
     login customer.user
     get :edit, id: customer.user.id
 
@@ -34,7 +33,7 @@ class CustomerControllerTest < ActionController::TestCase
     assert_equal confirm_customer_url, tr_data[:redirect_url]
   end
 
-  test "confirm user creation" do
+  test "confirm customer creation" do
     login
     Braintree::TransparentRedirect.expects(:confirm).returns(success_response)
     # to_confirm = prepare_confirmation :create_customer_data,
@@ -52,10 +51,8 @@ class CustomerControllerTest < ActionController::TestCase
   end
 
   test "customer update" do
-    user = find_record :user
-    customer = stub_record :customer_with_payment_info, user: user
+    customer = stub_customer
     customer.expects(:save)
-    Customer.stubs(:find_by_user_id).with(user.id).returns(customer)
     login customer.user
     Braintree::TransparentRedirect.expects(:confirm).
       returns(success_response(customer))
@@ -70,8 +67,8 @@ class CustomerControllerTest < ActionController::TestCase
     assert_equal customer.braintree_customer, result.customer
   end
 
-  test "failed user creation" do
-    skip "can't get user creation to fail"
+  test "failed customer creation" do
+    skip "can't get customer creation to fail"
     login
     FakeBraintree.decline_all_cards!
     # what is prepare_confirmation ?? this method isn't found
@@ -86,7 +83,7 @@ class CustomerControllerTest < ActionController::TestCase
     assert !result.success?
   end
 
-  test "failed user creation with stubbing" do
+  test "failed customer creation with stubbing" do
     login
     Braintree::TransparentRedirect.expects(:confirm).returns(failure_response)
     post :confirm, bla: :blub
@@ -95,10 +92,8 @@ class CustomerControllerTest < ActionController::TestCase
     assert_template :new
   end
 
-  test "failed user update with stubbing" do
-    user = find_record :user
-    customer = stub_record :customer_with_payment_info, user: user
-    Customer.stubs(:find_by_user_id).with(user.id).returns(customer)
+  test "failed customer update with stubbing" do
+    customer = stub_customer
     login customer.user
     Braintree::TransparentRedirect.expects(:confirm).returns(failure_response)
     post :confirm, bla: :blub
diff --git a/billing/test/functional/payments_controller_test.rb b/billing/test/functional/payments_controller_test.rb
index 055a990..655aa16 100644
--- a/billing/test/functional/payments_controller_test.rb
+++ b/billing/test/functional/payments_controller_test.rb
@@ -2,6 +2,7 @@ require 'test_helper'
 require 'fake_braintree'
 
 class PaymentsControllerTest < ActionController::TestCase
+  include CustomerTestHelper
 
   test "payment when unauthorized" do
     get :new
@@ -17,9 +18,7 @@ class PaymentsControllerTest < ActionController::TestCase
   end
 
   test "payment when authenticated as customer" do
-    user = find_record :user
-    customer = stub_record :customer_with_payment_info, user: user
-    Customer.stubs(:find_by_user_id).with(user.id).returns(customer)
+    customer = stub_customer
     login customer.user
     get :new
     assert_not_nil assigns(:tr_data)
diff --git a/billing/test/functional/subsciptions_controller_test.rb b/billing/test/functional/subsciptions_controller_test.rb
new file mode 100644
index 0000000..a6a1057
--- /dev/null
+++ b/billing/test/functional/subsciptions_controller_test.rb
@@ -0,0 +1,16 @@
+require 'test_helper'
+require 'fake_braintree'
+
+class SubscriptionsControllerTest < ActionController::TestCase
+  include CustomerTestHelper
+
+  test "destroy cancels subscription" do
+    customer = stub_customer
+    login customer.user
+    result = Braintree::Subscription.create plan_id: 'my_plan',
+      payment_method_token: customer.braintree_customer.credit_cards.first.token
+    subscription = result.subscription
+    delete :destroy, id: subscription.id, user_id: customer.user.id
+    assert_equal "Canceled", Braintree::Subscription.find(subscription.id).status
+  end
+end
diff --git a/billing/test/integration/subscription_test.rb b/billing/test/integration/subscription_test.rb
new file mode 100644
index 0000000..b893896
--- /dev/null
+++ b/billing/test/integration/subscription_test.rb
@@ -0,0 +1,50 @@
+require 'test_helper'
+require 'fake_braintree'
+require 'capybara/rails'
+
+class SubscriptionTest < ActionDispatch::IntegrationTest
+  include Warden::Test::Helpers
+  include Capybara::DSL
+  include CustomerTestHelper
+  include StubRecordHelper
+
+  setup do
+    Warden.test_mode!
+    @admin = stub_record :user, :admin => true
+    @customer = stub_customer
+    @braintree_customer = @customer.braintree_customer
+    response = Braintree::Subscription.create plan_id: '5',
+      payment_method_token: @braintree_customer.credit_cards.first.token
+    @subscription = response.subscription
+    Capybara.current_driver = Capybara.javascript_driver
+  end
+
+  teardown do
+    Warden.test_reset!
+  end
+
+  test "admin can see subscription for another" do
+    login_as @admin
+    @customer.stubs(:subscriptions).returns([@subscription])
+    visit user_subscriptions_path(@customer.user_id)
+    assert page.has_content?("Subscriptions")
+    assert page.has_content?("Status: Active")
+    page.save_screenshot('/tmp/subscriptions.png')
+  end
+
+  #test "admin cannot add subscription for another" do
+  #end
+
+  #test "authenticated user can cancel own subscription" do
+  #end
+
+  #test "user cannot add subscription if they have active one" do
+  #end
+
+  #test "user can view own subscriptions"
+  #end
+
+  #test "admin can view another user's subscriptions" do
+  #end
+
+end
diff --git a/billing/test/support/customer_test_helper.rb b/billing/test/support/customer_test_helper.rb
new file mode 100644
index 0000000..adac00a
--- /dev/null
+++ b/billing/test/support/customer_test_helper.rb
@@ -0,0 +1,11 @@
+module CustomerTestHelper
+
+  def stub_customer(user = nil)
+    user ||= find_record :user
+    customer = stub_record :customer_with_payment_info,
+      user: user,
+      user_id: user.id
+    Customer.stubs(:find_by_user_id).with(user.id).returns(customer)
+    return customer
+  end
+end
diff --git a/config/application.rb b/config/application.rb
index e8bb2f4..8587ffc 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -54,7 +54,7 @@ module LeapWeb
     # Configure sensitive parameters which will be filtered from the log file.
     config.filter_parameters += [:password]
 
-    if APP_CONFIG[:logfile]
+    if APP_CONFIG[:logfile].present?
       config.logger = Logger.new(APP_CONFIG[:logfile])
     end
 
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 32b4558..73e98e5 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -33,11 +33,12 @@ LeapWeb::Application.configure do
   # See everything in the log (default is :info)
   # config.log_level = :debug
 
-  # Prepend all log lines with the following tags
-  # config.log_tags = [ :subdomain, :uuid ]
-
-  # Use a different logger for distributed setups
-  # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
+  # Use syslog if no file has been specified
+  if APP_CONFIG[:logfile].blank?
+    # Prepend all log lines with the following tags
+    config.log_tags = [ :leap, :webapp ]
+    config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
+  end
 
   # Use a different cache store in production
   # config.cache_store = :mem_cache_store
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index b454120..8b63e5b 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -1,8 +1,9 @@
 # Be sure to restart your server when you modify this file.
 
-LeapWeb::Application.config.session_store CouchRestSessionStore
+LeapWeb::Application.config.session_store CouchRest::Session::Store,
+  expire_after: 1800
 
-CouchRestSessionStore.configure do |conf|
+CouchRest::Session::Store.configure do |conf|
   conf.environment = Rails.env
   conf.connection_config_file = File.join(Rails.root, 'config', 'couchdb.yml')
   conf.connection[:prefix] =
diff --git a/core/leap_web_core.gemspec b/core/leap_web_core.gemspec
index a29db87..f391f00 100644
--- a/core/leap_web_core.gemspec
+++ b/core/leap_web_core.gemspec
@@ -19,7 +19,7 @@ Gem::Specification.new do |s|
 
   s.add_dependency "couchrest", "~> 1.1.3"
   s.add_dependency "couchrest_model", "~> 2.0.0.beta2"
-  s.add_dependency "couchrest_session_store", "~> 0.1.3"
+  s.add_dependency "couchrest_session_store", "~> 0.2.0"
 
   s.add_dependency "json"
 end
diff --git a/test/test_helper.rb b/test/test_helper.rb
index 26b99f4..b2f674d 100644
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -36,6 +36,7 @@ Capybara.default_wait_time = 5
 class BrowserIntegrationTest < ActionDispatch::IntegrationTest
   # Make the Capybara DSL available
   include Capybara::DSL
+  include IntegrationTestHelper
 
   teardown do
     Capybara.reset_sessions!    # Forget the (simulated) browser state
diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb
index 01a1a2f..03a5a62 100644
--- a/users/app/controllers/v1/users_controller.rb
+++ b/users/app/controllers/v1/users_controller.rb
@@ -31,7 +31,7 @@ module V1
     protected
 
     def account
-      Account.new(@user)
+      @user.account
     end
 
   end
diff --git a/users/app/models/user.rb b/users/app/models/user.rb
index 310eecd..a14fcb5 100644
--- a/users/app/models/user.rb
+++ b/users/app/models/user.rb
@@ -82,6 +82,10 @@ class User < CouchRest::Model::Base
     identity.keys[:pgp]
   end
 
+  def account
+    Account.new(self)
+  end
+
   def identity
     @identity ||= Identity.for(self)
   end
diff --git a/users/test/integration/browser/account_test.rb b/users/test/integration/browser/account_test.rb
index a5ec2c5..8c2c997 100644
--- a/users/test/integration/browser/account_test.rb
+++ b/users/test/integration/browser/account_test.rb
@@ -13,9 +13,7 @@ class AccountTest < BrowserIntegrationTest
     assert page.has_content?("Sign Up")
     assert_equal '/', current_path
     assert user = User.find_by_login(username)
-    assert id = user.identity
-    id.destroy
-    user.destroy
+    user.account.destroy
   end
 
   test "successful login" do
@@ -47,17 +45,6 @@ class AccountTest < BrowserIntegrationTest
     assert page.has_content?("server failed")
   end
 
-  def submit_signup
-    username = "test_#{SecureRandom.urlsafe_base64}".downcase
-    password = SecureRandom.base64
-    visit '/users/new'
-    fill_in 'Username', with: username
-    fill_in 'Password', with: password
-    fill_in 'Password confirmation', with: password
-    click_on 'Sign Up'
-    return username, password
-  end
-
   def inject_malicious_js
     page.execute_script <<-EOJS
       var calc = new srp.Calculate();
diff --git a/users/test/integration/browser/session_test.rb b/users/test/integration/browser/session_test.rb
new file mode 100644
index 0000000..bb4e8c9
--- /dev/null
+++ b/users/test/integration/browser/session_test.rb
@@ -0,0 +1,28 @@
+require 'test_helper'
+
+class SessionTest < BrowserIntegrationTest
+
+  setup do
+    Capybara.current_driver = Capybara.javascript_driver
+    @username, password = submit_signup
+  end
+
+  teardown do
+    user = User.find_by_login(@username)
+    id = user.identity
+    id.destroy
+    user.destroy
+  end
+
+  test "valid session" do
+    assert page.has_content?("Welcome #{@username}")
+  end
+
+  test "expired session" do
+    assert page.has_content?("Welcome #{@username}")
+    pretend_now_is(Time.now + 40.minutes) do
+      visit '/'
+      assert page.has_no_content?("Welcome #{@username}")
+    end
+  end
+end
diff --git a/users/test/support/integration_test_helper.rb b/users/test/support/integration_test_helper.rb
new file mode 100644
index 0000000..cfe72cf
--- /dev/null
+++ b/users/test/support/integration_test_helper.rb
@@ -0,0 +1,12 @@
+module IntegrationTestHelper
+  def submit_signup
+    username = "test_#{SecureRandom.urlsafe_base64}".downcase
+    password = SecureRandom.base64
+    visit '/users/new'
+    fill_in 'Username', with: username
+    fill_in 'Password', with: password
+    fill_in 'Password confirmation', with: password
+    click_on 'Sign Up'
+    return username, password
+  end
+end
diff --git a/users/test/support/time_test_helper.rb b/users/test/support/time_test_helper.rb
new file mode 100644
index 0000000..f673f12
--- /dev/null
+++ b/users/test/support/time_test_helper.rb
@@ -0,0 +1,30 @@
+# Extend the Time class so that we can offset the time that 'now'
+# returns.  This should allow us to effectively time warp for functional
+# tests that require limits per hour, what not.
+class Time #:nodoc:
+  class <<self
+    attr_accessor :testing_offset
+
+    def now_with_testing_offset
+      now_without_testing_offset - testing_offset
+    end
+    alias_method_chain :now, :testing_offset
+  end
+end
+Time.testing_offset = 0
+
+module TimeTestHelper
+  # Time warp to the specified time for the duration of the passed block
+  def pretend_now_is(time)
+    begin
+      Time.testing_offset = Time.now - time
+      yield
+    ensure
+      Time.testing_offset = 0
+    end
+  end
+end
+
+class ActiveSupport::TestCase
+  include TimeTestHelper
+end
diff --git a/users/test/unit/account_test.rb b/users/test/unit/account_test.rb
index 39969c0..94a9980 100644
--- a/users/test/unit/account_test.rb
+++ b/users/test/unit/account_test.rb
@@ -9,15 +9,14 @@ class AccountTest < ActiveSupport::TestCase
     assert id = user.identity
     assert_equal user.email_address, id.address
     assert_equal user.email_address, id.destination
-    id.destroy
-    user.destroy
+    user.account.destroy
   end
 
   test "create and remove a user account" do
     assert_no_difference "Identity.count" do
       assert_no_difference "User.count" do
         user = Account.create(FactoryGirl.attributes_for(:user))
-        Account.new(user).destroy
+        user.account.destroy
       end
     end
   end
@@ -26,7 +25,7 @@ class AccountTest < ActiveSupport::TestCase
     user = Account.create(FactoryGirl.attributes_for(:user))
     old_id = user.identity
     old_email = user.email_address
-    Account.new(user).update(FactoryGirl.attributes_for(:user))
+    user.account.update(FactoryGirl.attributes_for(:user))
     user.reload
     old_id.reload
     assert user.valid?
@@ -37,9 +36,7 @@ class AccountTest < ActiveSupport::TestCase
     assert_equal user.email_address, id.destination
     assert_equal user.email_address, old_id.destination
     assert_equal old_email, old_id.address
-    old_id.destroy
-    id.destroy
-    user.destroy
+    user.account.destroy
   end
 
 end