diff options
21 files changed, 187 insertions, 55 deletions
diff --git a/billing/app/controllers/billing_base_controller.rb b/billing/app/controllers/billing_base_controller.rb index c250831..0453677 100644 --- a/billing/app/controllers/billing_base_controller.rb +++ b/billing/app/controllers/billing_base_controller.rb @@ -7,7 +7,7 @@ class BillingBaseController < ApplicationController def assign_user if params[:user_id] @user = User.find(params[:user_id]) - elsif params[:action] == "confirm" or params[:action] == "destroy" # confirms and subscription deletes will come back with different ID set, so check for this first + elsif params[:action] == "confirm"# confirms will come back with different ID set, so check for this first # This is only for cases where an admin cannot apply action for customer, but should be all confirms @user = current_user elsif params[:id] diff --git a/billing/app/controllers/subscriptions_controller.rb b/billing/app/controllers/subscriptions_controller.rb index 4047847..7689f35 100644 --- a/billing/app/controllers/subscriptions_controller.rb +++ b/billing/app/controllers/subscriptions_controller.rb @@ -3,7 +3,7 @@ class SubscriptionsController < BillingBaseController before_filter :fetch_subscription, :only => [:show, :destroy] before_filter :confirm_no_active_subscription, :only => [:new, :create] # for now, admins cannot create or destroy subscriptions for others: - before_filter :confirm_self, :only => [:destroy, :new, :create] + before_filter :confirm_self, :only => [:new, :create] def new # don't show link to subscribe if they are already subscribed? @@ -31,7 +31,8 @@ class SubscriptionsController < BillingBaseController def fetch_subscription @subscription = Braintree::Subscription.find params[:id] - @subscription_customer_id = @subscription.transactions.first.customer_details.id #all of subscriptions transactions should have same customer + @credit_card = Braintree::CreditCard.find @subscription.payment_method_token + @subscription_customer_id = @credit_card.customer_id current_user_customer = Customer.find_by_user_id(current_user.id) access_denied unless admin? or (current_user_customer and current_user_customer.braintree_customer_id == @subscription_customer_id) diff --git a/billing/app/views/subscriptions/show.html.haml b/billing/app/views/subscriptions/show.html.haml index ebb7e0d..39f4d1a 100644 --- a/billing/app/views/subscriptions/show.html.haml +++ b/billing/app/views/subscriptions/show.html.haml @@ -3,5 +3,4 @@ Current Subscription = render :partial => "subscription_details", :locals => {:subscription => @subscription} -- if @user == current_user - = link_to t(:cancel_subscription), subscription_path(@subscription.id), :confirm => t(:are_you_sure), :method => :delete, :class => 'btn btn-danger' if @subscription.status == 'Active' # permission check or should that just be on show? += link_to t(:cancel_subscription), user_subscription_path(@user, @subscription.id), :confirm => t(:are_you_sure), :method => :delete, :class => 'btn btn-danger' if @subscription.status == 'Active' # permission check or should that just be on show? diff --git a/billing/config/routes.rb b/billing/config/routes.rb index 8b7b5bf..e024f43 100644 --- a/billing/config/routes.rb +++ b/billing/config/routes.rb @@ -4,7 +4,7 @@ Rails.application.routes.draw do match 'payments/confirm' => 'payments#confirm', :as => :confirm_payment resources :users do resources :payments, :only => [:index] - resources :subscriptions, :only => [:index, :show] + resources :subscriptions, :only => [:index, :show, :destroy] end resources :customer, :only => [:new, :edit] @@ -14,7 +14,7 @@ Rails.application.routes.draw do match 'customer/show/:id' => 'customer#show', :as => :show_customer match 'credit_card_info/confirm' => 'credit_card_info#confirm', :as => :confirm_credit_card_info - resources :subscriptions, :only => [:new, :create, :update, :destroy] # index and show are within users path + resources :subscriptions, :only => [:new, :create, :update] # index, show & destroy are within users path #match 'transactions/:product_id/new' => 'transactions#new', :as => :new_transaction #match 'transactions/confirm/:product_id' => 'transactions#confirm', :as => :confirm_transaction diff --git a/billing/test/functional/customer_controller_test.rb b/billing/test/functional/customer_controller_test.rb index 878ed48..d943e23 100644 --- a/billing/test/functional/customer_controller_test.rb +++ b/billing/test/functional/customer_controller_test.rb @@ -2,6 +2,7 @@ require 'test_helper' require 'fake_braintree' class CustomerControllerTest < ActionController::TestCase + include CustomerTestHelper test "new assigns redirect url" do login @@ -21,9 +22,7 @@ class CustomerControllerTest < ActionController::TestCase end test "edit uses params[:id]" do - user = find_record :user - customer = stub_record :customer_with_payment_info, user: user - Customer.stubs(:find_by_user_id).with(user.id).returns(customer) + customer = stub_customer login customer.user get :edit, id: customer.user.id @@ -34,7 +33,7 @@ class CustomerControllerTest < ActionController::TestCase assert_equal confirm_customer_url, tr_data[:redirect_url] end - test "confirm user creation" do + test "confirm customer creation" do login Braintree::TransparentRedirect.expects(:confirm).returns(success_response) # to_confirm = prepare_confirmation :create_customer_data, @@ -52,10 +51,8 @@ class CustomerControllerTest < ActionController::TestCase end test "customer update" do - user = find_record :user - customer = stub_record :customer_with_payment_info, user: user + customer = stub_customer customer.expects(:save) - Customer.stubs(:find_by_user_id).with(user.id).returns(customer) login customer.user Braintree::TransparentRedirect.expects(:confirm). returns(success_response(customer)) @@ -70,8 +67,8 @@ class CustomerControllerTest < ActionController::TestCase assert_equal customer.braintree_customer, result.customer end - test "failed user creation" do - skip "can't get user creation to fail" + test "failed customer creation" do + skip "can't get customer creation to fail" login FakeBraintree.decline_all_cards! # what is prepare_confirmation ?? this method isn't found @@ -86,7 +83,7 @@ class CustomerControllerTest < ActionController::TestCase assert !result.success? end - test "failed user creation with stubbing" do + test "failed customer creation with stubbing" do login Braintree::TransparentRedirect.expects(:confirm).returns(failure_response) post :confirm, bla: :blub @@ -95,10 +92,8 @@ class CustomerControllerTest < ActionController::TestCase assert_template :new end - test "failed user update with stubbing" do - user = find_record :user - customer = stub_record :customer_with_payment_info, user: user - Customer.stubs(:find_by_user_id).with(user.id).returns(customer) + test "failed customer update with stubbing" do + customer = stub_customer login customer.user Braintree::TransparentRedirect.expects(:confirm).returns(failure_response) post :confirm, bla: :blub diff --git a/billing/test/functional/payments_controller_test.rb b/billing/test/functional/payments_controller_test.rb index 055a990..655aa16 100644 --- a/billing/test/functional/payments_controller_test.rb +++ b/billing/test/functional/payments_controller_test.rb @@ -2,6 +2,7 @@ require 'test_helper' require 'fake_braintree' class PaymentsControllerTest < ActionController::TestCase + include CustomerTestHelper test "payment when unauthorized" do get :new @@ -17,9 +18,7 @@ class PaymentsControllerTest < ActionController::TestCase end test "payment when authenticated as customer" do - user = find_record :user - customer = stub_record :customer_with_payment_info, user: user - Customer.stubs(:find_by_user_id).with(user.id).returns(customer) + customer = stub_customer login customer.user get :new assert_not_nil assigns(:tr_data) diff --git a/billing/test/functional/subsciptions_controller_test.rb b/billing/test/functional/subsciptions_controller_test.rb new file mode 100644 index 0000000..a6a1057 --- /dev/null +++ b/billing/test/functional/subsciptions_controller_test.rb @@ -0,0 +1,16 @@ +require 'test_helper' +require 'fake_braintree' + +class SubscriptionsControllerTest < ActionController::TestCase + include CustomerTestHelper + + test "destroy cancels subscription" do + customer = stub_customer + login customer.user + result = Braintree::Subscription.create plan_id: 'my_plan', + payment_method_token: customer.braintree_customer.credit_cards.first.token + subscription = result.subscription + delete :destroy, id: subscription.id, user_id: customer.user.id + assert_equal "Canceled", Braintree::Subscription.find(subscription.id).status + end +end diff --git a/billing/test/integration/subscription_test.rb b/billing/test/integration/subscription_test.rb new file mode 100644 index 0000000..b893896 --- /dev/null +++ b/billing/test/integration/subscription_test.rb @@ -0,0 +1,50 @@ +require 'test_helper' +require 'fake_braintree' +require 'capybara/rails' + +class SubscriptionTest < ActionDispatch::IntegrationTest + include Warden::Test::Helpers + include Capybara::DSL + include CustomerTestHelper + include StubRecordHelper + + setup do + Warden.test_mode! + @admin = stub_record :user, :admin => true + @customer = stub_customer + @braintree_customer = @customer.braintree_customer + response = Braintree::Subscription.create plan_id: '5', + payment_method_token: @braintree_customer.credit_cards.first.token + @subscription = response.subscription + Capybara.current_driver = Capybara.javascript_driver + end + + teardown do + Warden.test_reset! + end + + test "admin can see subscription for another" do + login_as @admin + @customer.stubs(:subscriptions).returns([@subscription]) + visit user_subscriptions_path(@customer.user_id) + assert page.has_content?("Subscriptions") + assert page.has_content?("Status: Active") + page.save_screenshot('/tmp/subscriptions.png') + end + + #test "admin cannot add subscription for another" do + #end + + #test "authenticated user can cancel own subscription" do + #end + + #test "user cannot add subscription if they have active one" do + #end + + #test "user can view own subscriptions" + #end + + #test "admin can view another user's subscriptions" do + #end + +end diff --git a/billing/test/support/customer_test_helper.rb b/billing/test/support/customer_test_helper.rb new file mode 100644 index 0000000..adac00a --- /dev/null +++ b/billing/test/support/customer_test_helper.rb @@ -0,0 +1,11 @@ +module CustomerTestHelper + + def stub_customer(user = nil) + user ||= find_record :user + customer = stub_record :customer_with_payment_info, + user: user, + user_id: user.id + Customer.stubs(:find_by_user_id).with(user.id).returns(customer) + return customer + end +end diff --git a/config/application.rb b/config/application.rb index e8bb2f4..8587ffc 100644 --- a/config/application.rb +++ b/config/application.rb @@ -54,7 +54,7 @@ module LeapWeb # Configure sensitive parameters which will be filtered from the log file. config.filter_parameters += [:password] - if APP_CONFIG[:logfile] + if APP_CONFIG[:logfile].present? config.logger = Logger.new(APP_CONFIG[:logfile]) end diff --git a/config/environments/production.rb b/config/environments/production.rb index 32b4558..73e98e5 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -33,11 +33,12 @@ LeapWeb::Application.configure do # See everything in the log (default is :info) # config.log_level = :debug - # Prepend all log lines with the following tags - # config.log_tags = [ :subdomain, :uuid ] - - # Use a different logger for distributed setups - # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new) + # Use syslog if no file has been specified + if APP_CONFIG[:logfile].blank? + # Prepend all log lines with the following tags + config.log_tags = [ :leap, :webapp ] + config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new) + end # Use a different cache store in production # config.cache_store = :mem_cache_store diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index b454120..8b63e5b 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -1,8 +1,9 @@ # Be sure to restart your server when you modify this file. -LeapWeb::Application.config.session_store CouchRestSessionStore +LeapWeb::Application.config.session_store CouchRest::Session::Store, + expire_after: 1800 -CouchRestSessionStore.configure do |conf| +CouchRest::Session::Store.configure do |conf| conf.environment = Rails.env conf.connection_config_file = File.join(Rails.root, 'config', 'couchdb.yml') conf.connection[:prefix] = diff --git a/core/leap_web_core.gemspec b/core/leap_web_core.gemspec index a29db87..f391f00 100644 --- a/core/leap_web_core.gemspec +++ b/core/leap_web_core.gemspec @@ -19,7 +19,7 @@ Gem::Specification.new do |s| s.add_dependency "couchrest", "~> 1.1.3" s.add_dependency "couchrest_model", "~> 2.0.0.beta2" - s.add_dependency "couchrest_session_store", "~> 0.1.3" + s.add_dependency "couchrest_session_store", "~> 0.2.0" s.add_dependency "json" end diff --git a/test/test_helper.rb b/test/test_helper.rb index 26b99f4..b2f674d 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -36,6 +36,7 @@ Capybara.default_wait_time = 5 class BrowserIntegrationTest < ActionDispatch::IntegrationTest # Make the Capybara DSL available include Capybara::DSL + include IntegrationTestHelper teardown do Capybara.reset_sessions! # Forget the (simulated) browser state diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb index 01a1a2f..03a5a62 100644 --- a/users/app/controllers/v1/users_controller.rb +++ b/users/app/controllers/v1/users_controller.rb @@ -31,7 +31,7 @@ module V1 protected def account - Account.new(@user) + @user.account end end diff --git a/users/app/models/user.rb b/users/app/models/user.rb index 310eecd..a14fcb5 100644 --- a/users/app/models/user.rb +++ b/users/app/models/user.rb @@ -82,6 +82,10 @@ class User < CouchRest::Model::Base identity.keys[:pgp] end + def account + Account.new(self) + end + def identity @identity ||= Identity.for(self) end diff --git a/users/test/integration/browser/account_test.rb b/users/test/integration/browser/account_test.rb index a5ec2c5..8c2c997 100644 --- a/users/test/integration/browser/account_test.rb +++ b/users/test/integration/browser/account_test.rb @@ -13,9 +13,7 @@ class AccountTest < BrowserIntegrationTest assert page.has_content?("Sign Up") assert_equal '/', current_path assert user = User.find_by_login(username) - assert id = user.identity - id.destroy - user.destroy + user.account.destroy end test "successful login" do @@ -47,17 +45,6 @@ class AccountTest < BrowserIntegrationTest assert page.has_content?("server failed") end - def submit_signup - username = "test_#{SecureRandom.urlsafe_base64}".downcase - password = SecureRandom.base64 - visit '/users/new' - fill_in 'Username', with: username - fill_in 'Password', with: password - fill_in 'Password confirmation', with: password - click_on 'Sign Up' - return username, password - end - def inject_malicious_js page.execute_script <<-EOJS var calc = new srp.Calculate(); diff --git a/users/test/integration/browser/session_test.rb b/users/test/integration/browser/session_test.rb new file mode 100644 index 0000000..bb4e8c9 --- /dev/null +++ b/users/test/integration/browser/session_test.rb @@ -0,0 +1,28 @@ +require 'test_helper' + +class SessionTest < BrowserIntegrationTest + + setup do + Capybara.current_driver = Capybara.javascript_driver + @username, password = submit_signup + end + + teardown do + user = User.find_by_login(@username) + id = user.identity + id.destroy + user.destroy + end + + test "valid session" do + assert page.has_content?("Welcome #{@username}") + end + + test "expired session" do + assert page.has_content?("Welcome #{@username}") + pretend_now_is(Time.now + 40.minutes) do + visit '/' + assert page.has_no_content?("Welcome #{@username}") + end + end +end diff --git a/users/test/support/integration_test_helper.rb b/users/test/support/integration_test_helper.rb new file mode 100644 index 0000000..cfe72cf --- /dev/null +++ b/users/test/support/integration_test_helper.rb @@ -0,0 +1,12 @@ +module IntegrationTestHelper + def submit_signup + username = "test_#{SecureRandom.urlsafe_base64}".downcase + password = SecureRandom.base64 + visit '/users/new' + fill_in 'Username', with: username + fill_in 'Password', with: password + fill_in 'Password confirmation', with: password + click_on 'Sign Up' + return username, password + end +end diff --git a/users/test/support/time_test_helper.rb b/users/test/support/time_test_helper.rb new file mode 100644 index 0000000..f673f12 --- /dev/null +++ b/users/test/support/time_test_helper.rb @@ -0,0 +1,30 @@ +# Extend the Time class so that we can offset the time that 'now' +# returns. This should allow us to effectively time warp for functional +# tests that require limits per hour, what not. +class Time #:nodoc: + class <<self + attr_accessor :testing_offset + + def now_with_testing_offset + now_without_testing_offset - testing_offset + end + alias_method_chain :now, :testing_offset + end +end +Time.testing_offset = 0 + +module TimeTestHelper + # Time warp to the specified time for the duration of the passed block + def pretend_now_is(time) + begin + Time.testing_offset = Time.now - time + yield + ensure + Time.testing_offset = 0 + end + end +end + +class ActiveSupport::TestCase + include TimeTestHelper +end diff --git a/users/test/unit/account_test.rb b/users/test/unit/account_test.rb index 39969c0..94a9980 100644 --- a/users/test/unit/account_test.rb +++ b/users/test/unit/account_test.rb @@ -9,15 +9,14 @@ class AccountTest < ActiveSupport::TestCase assert id = user.identity assert_equal user.email_address, id.address assert_equal user.email_address, id.destination - id.destroy - user.destroy + user.account.destroy end test "create and remove a user account" do assert_no_difference "Identity.count" do assert_no_difference "User.count" do user = Account.create(FactoryGirl.attributes_for(:user)) - Account.new(user).destroy + user.account.destroy end end end @@ -26,7 +25,7 @@ class AccountTest < ActiveSupport::TestCase user = Account.create(FactoryGirl.attributes_for(:user)) old_id = user.identity old_email = user.email_address - Account.new(user).update(FactoryGirl.attributes_for(:user)) + user.account.update(FactoryGirl.attributes_for(:user)) user.reload old_id.reload assert user.valid? @@ -37,9 +36,7 @@ class AccountTest < ActiveSupport::TestCase assert_equal user.email_address, id.destination assert_equal user.email_address, old_id.destination assert_equal old_email, old_id.address - old_id.destroy - id.destroy - user.destroy + user.account.destroy end end |