summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--billing/app/controllers/billing_base_controller.rb2
-rw-r--r--billing/app/controllers/subscriptions_controller.rb5
-rw-r--r--billing/app/views/subscriptions/show.html.haml3
-rw-r--r--billing/config/routes.rb4
-rw-r--r--billing/test/functional/customer_controller_test.rb23
-rw-r--r--billing/test/functional/payments_controller_test.rb5
-rw-r--r--billing/test/functional/subsciptions_controller_test.rb16
-rw-r--r--billing/test/integration/subscription_test.rb50
-rw-r--r--billing/test/support/customer_test_helper.rb11
-rw-r--r--config/application.rb2
-rw-r--r--config/environments/production.rb11
-rw-r--r--config/initializers/session_store.rb5
-rw-r--r--core/leap_web_core.gemspec2
-rw-r--r--test/test_helper.rb1
-rw-r--r--users/app/controllers/v1/users_controller.rb2
-rw-r--r--users/app/models/user.rb4
-rw-r--r--users/test/integration/browser/account_test.rb15
-rw-r--r--users/test/integration/browser/session_test.rb28
-rw-r--r--users/test/support/integration_test_helper.rb12
-rw-r--r--users/test/support/time_test_helper.rb30
-rw-r--r--users/test/unit/account_test.rb11
21 files changed, 187 insertions, 55 deletions
diff --git a/billing/app/controllers/billing_base_controller.rb b/billing/app/controllers/billing_base_controller.rb
index c250831..0453677 100644
--- a/billing/app/controllers/billing_base_controller.rb
+++ b/billing/app/controllers/billing_base_controller.rb
@@ -7,7 +7,7 @@ class BillingBaseController < ApplicationController
def assign_user
if params[:user_id]
@user = User.find(params[:user_id])
- elsif params[:action] == "confirm" or params[:action] == "destroy" # confirms and subscription deletes will come back with different ID set, so check for this first
+ elsif params[:action] == "confirm"# confirms will come back with different ID set, so check for this first
# This is only for cases where an admin cannot apply action for customer, but should be all confirms
@user = current_user
elsif params[:id]
diff --git a/billing/app/controllers/subscriptions_controller.rb b/billing/app/controllers/subscriptions_controller.rb
index 4047847..7689f35 100644
--- a/billing/app/controllers/subscriptions_controller.rb
+++ b/billing/app/controllers/subscriptions_controller.rb
@@ -3,7 +3,7 @@ class SubscriptionsController < BillingBaseController
before_filter :fetch_subscription, :only => [:show, :destroy]
before_filter :confirm_no_active_subscription, :only => [:new, :create]
# for now, admins cannot create or destroy subscriptions for others:
- before_filter :confirm_self, :only => [:destroy, :new, :create]
+ before_filter :confirm_self, :only => [:new, :create]
def new
# don't show link to subscribe if they are already subscribed?
@@ -31,7 +31,8 @@ class SubscriptionsController < BillingBaseController
def fetch_subscription
@subscription = Braintree::Subscription.find params[:id]
- @subscription_customer_id = @subscription.transactions.first.customer_details.id #all of subscriptions transactions should have same customer
+ @credit_card = Braintree::CreditCard.find @subscription.payment_method_token
+ @subscription_customer_id = @credit_card.customer_id
current_user_customer = Customer.find_by_user_id(current_user.id)
access_denied unless admin? or (current_user_customer and current_user_customer.braintree_customer_id == @subscription_customer_id)
diff --git a/billing/app/views/subscriptions/show.html.haml b/billing/app/views/subscriptions/show.html.haml
index ebb7e0d..39f4d1a 100644
--- a/billing/app/views/subscriptions/show.html.haml
+++ b/billing/app/views/subscriptions/show.html.haml
@@ -3,5 +3,4 @@
Current
Subscription
= render :partial => "subscription_details", :locals => {:subscription => @subscription}
-- if @user == current_user
- = link_to t(:cancel_subscription), subscription_path(@subscription.id), :confirm => t(:are_you_sure), :method => :delete, :class => 'btn btn-danger' if @subscription.status == 'Active' # permission check or should that just be on show?
+= link_to t(:cancel_subscription), user_subscription_path(@user, @subscription.id), :confirm => t(:are_you_sure), :method => :delete, :class => 'btn btn-danger' if @subscription.status == 'Active' # permission check or should that just be on show?
diff --git a/billing/config/routes.rb b/billing/config/routes.rb
index 8b7b5bf..e024f43 100644
--- a/billing/config/routes.rb
+++ b/billing/config/routes.rb
@@ -4,7 +4,7 @@ Rails.application.routes.draw do
match 'payments/confirm' => 'payments#confirm', :as => :confirm_payment
resources :users do
resources :payments, :only => [:index]
- resources :subscriptions, :only => [:index, :show]
+ resources :subscriptions, :only => [:index, :show, :destroy]
end
resources :customer, :only => [:new, :edit]
@@ -14,7 +14,7 @@ Rails.application.routes.draw do
match 'customer/show/:id' => 'customer#show', :as => :show_customer
match 'credit_card_info/confirm' => 'credit_card_info#confirm', :as => :confirm_credit_card_info
- resources :subscriptions, :only => [:new, :create, :update, :destroy] # index and show are within users path
+ resources :subscriptions, :only => [:new, :create, :update] # index, show & destroy are within users path
#match 'transactions/:product_id/new' => 'transactions#new', :as => :new_transaction
#match 'transactions/confirm/:product_id' => 'transactions#confirm', :as => :confirm_transaction
diff --git a/billing/test/functional/customer_controller_test.rb b/billing/test/functional/customer_controller_test.rb
index 878ed48..d943e23 100644
--- a/billing/test/functional/customer_controller_test.rb
+++ b/billing/test/functional/customer_controller_test.rb
@@ -2,6 +2,7 @@ require 'test_helper'
require 'fake_braintree'
class CustomerControllerTest < ActionController::TestCase
+ include CustomerTestHelper
test "new assigns redirect url" do
login
@@ -21,9 +22,7 @@ class CustomerControllerTest < ActionController::TestCase
end
test "edit uses params[:id]" do
- user = find_record :user
- customer = stub_record :customer_with_payment_info, user: user
- Customer.stubs(:find_by_user_id).with(user.id).returns(customer)
+ customer = stub_customer
login customer.user
get :edit, id: customer.user.id
@@ -34,7 +33,7 @@ class CustomerControllerTest < ActionController::TestCase
assert_equal confirm_customer_url, tr_data[:redirect_url]
end
- test "confirm user creation" do
+ test "confirm customer creation" do
login
Braintree::TransparentRedirect.expects(:confirm).returns(success_response)
# to_confirm = prepare_confirmation :create_customer_data,
@@ -52,10 +51,8 @@ class CustomerControllerTest < ActionController::TestCase
end
test "customer update" do
- user = find_record :user
- customer = stub_record :customer_with_payment_info, user: user
+ customer = stub_customer
customer.expects(:save)
- Customer.stubs(:find_by_user_id).with(user.id).returns(customer)
login customer.user
Braintree::TransparentRedirect.expects(:confirm).
returns(success_response(customer))
@@ -70,8 +67,8 @@ class CustomerControllerTest < ActionController::TestCase
assert_equal customer.braintree_customer, result.customer
end
- test "failed user creation" do
- skip "can't get user creation to fail"
+ test "failed customer creation" do
+ skip "can't get customer creation to fail"
login
FakeBraintree.decline_all_cards!
# what is prepare_confirmation ?? this method isn't found
@@ -86,7 +83,7 @@ class CustomerControllerTest < ActionController::TestCase
assert !result.success?
end
- test "failed user creation with stubbing" do
+ test "failed customer creation with stubbing" do
login
Braintree::TransparentRedirect.expects(:confirm).returns(failure_response)
post :confirm, bla: :blub
@@ -95,10 +92,8 @@ class CustomerControllerTest < ActionController::TestCase
assert_template :new
end
- test "failed user update with stubbing" do
- user = find_record :user
- customer = stub_record :customer_with_payment_info, user: user
- Customer.stubs(:find_by_user_id).with(user.id).returns(customer)
+ test "failed customer update with stubbing" do
+ customer = stub_customer
login customer.user
Braintree::TransparentRedirect.expects(:confirm).returns(failure_response)
post :confirm, bla: :blub
diff --git a/billing/test/functional/payments_controller_test.rb b/billing/test/functional/payments_controller_test.rb
index 055a990..655aa16 100644
--- a/billing/test/functional/payments_controller_test.rb
+++ b/billing/test/functional/payments_controller_test.rb
@@ -2,6 +2,7 @@ require 'test_helper'
require 'fake_braintree'
class PaymentsControllerTest < ActionController::TestCase
+ include CustomerTestHelper
test "payment when unauthorized" do
get :new
@@ -17,9 +18,7 @@ class PaymentsControllerTest < ActionController::TestCase
end
test "payment when authenticated as customer" do
- user = find_record :user
- customer = stub_record :customer_with_payment_info, user: user
- Customer.stubs(:find_by_user_id).with(user.id).returns(customer)
+ customer = stub_customer
login customer.user
get :new
assert_not_nil assigns(:tr_data)
diff --git a/billing/test/functional/subsciptions_controller_test.rb b/billing/test/functional/subsciptions_controller_test.rb
new file mode 100644
index 0000000..a6a1057
--- /dev/null
+++ b/billing/test/functional/subsciptions_controller_test.rb
@@ -0,0 +1,16 @@
+require 'test_helper'
+require 'fake_braintree'
+
+class SubscriptionsControllerTest < ActionController::TestCase
+ include CustomerTestHelper
+
+ test "destroy cancels subscription" do
+ customer = stub_customer
+ login customer.user
+ result = Braintree::Subscription.create plan_id: 'my_plan',
+ payment_method_token: customer.braintree_customer.credit_cards.first.token
+ subscription = result.subscription
+ delete :destroy, id: subscription.id, user_id: customer.user.id
+ assert_equal "Canceled", Braintree::Subscription.find(subscription.id).status
+ end
+end
diff --git a/billing/test/integration/subscription_test.rb b/billing/test/integration/subscription_test.rb
new file mode 100644
index 0000000..b893896
--- /dev/null
+++ b/billing/test/integration/subscription_test.rb
@@ -0,0 +1,50 @@
+require 'test_helper'
+require 'fake_braintree'
+require 'capybara/rails'
+
+class SubscriptionTest < ActionDispatch::IntegrationTest
+ include Warden::Test::Helpers
+ include Capybara::DSL
+ include CustomerTestHelper
+ include StubRecordHelper
+
+ setup do
+ Warden.test_mode!
+ @admin = stub_record :user, :admin => true
+ @customer = stub_customer
+ @braintree_customer = @customer.braintree_customer
+ response = Braintree::Subscription.create plan_id: '5',
+ payment_method_token: @braintree_customer.credit_cards.first.token
+ @subscription = response.subscription
+ Capybara.current_driver = Capybara.javascript_driver
+ end
+
+ teardown do
+ Warden.test_reset!
+ end
+
+ test "admin can see subscription for another" do
+ login_as @admin
+ @customer.stubs(:subscriptions).returns([@subscription])
+ visit user_subscriptions_path(@customer.user_id)
+ assert page.has_content?("Subscriptions")
+ assert page.has_content?("Status: Active")
+ page.save_screenshot('/tmp/subscriptions.png')
+ end
+
+ #test "admin cannot add subscription for another" do
+ #end
+
+ #test "authenticated user can cancel own subscription" do
+ #end
+
+ #test "user cannot add subscription if they have active one" do
+ #end
+
+ #test "user can view own subscriptions"
+ #end
+
+ #test "admin can view another user's subscriptions" do
+ #end
+
+end
diff --git a/billing/test/support/customer_test_helper.rb b/billing/test/support/customer_test_helper.rb
new file mode 100644
index 0000000..adac00a
--- /dev/null
+++ b/billing/test/support/customer_test_helper.rb
@@ -0,0 +1,11 @@
+module CustomerTestHelper
+
+ def stub_customer(user = nil)
+ user ||= find_record :user
+ customer = stub_record :customer_with_payment_info,
+ user: user,
+ user_id: user.id
+ Customer.stubs(:find_by_user_id).with(user.id).returns(customer)
+ return customer
+ end
+end
diff --git a/config/application.rb b/config/application.rb
index e8bb2f4..8587ffc 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -54,7 +54,7 @@ module LeapWeb
# Configure sensitive parameters which will be filtered from the log file.
config.filter_parameters += [:password]
- if APP_CONFIG[:logfile]
+ if APP_CONFIG[:logfile].present?
config.logger = Logger.new(APP_CONFIG[:logfile])
end
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 32b4558..73e98e5 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -33,11 +33,12 @@ LeapWeb::Application.configure do
# See everything in the log (default is :info)
# config.log_level = :debug
- # Prepend all log lines with the following tags
- # config.log_tags = [ :subdomain, :uuid ]
-
- # Use a different logger for distributed setups
- # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
+ # Use syslog if no file has been specified
+ if APP_CONFIG[:logfile].blank?
+ # Prepend all log lines with the following tags
+ config.log_tags = [ :leap, :webapp ]
+ config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
+ end
# Use a different cache store in production
# config.cache_store = :mem_cache_store
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index b454120..8b63e5b 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -1,8 +1,9 @@
# Be sure to restart your server when you modify this file.
-LeapWeb::Application.config.session_store CouchRestSessionStore
+LeapWeb::Application.config.session_store CouchRest::Session::Store,
+ expire_after: 1800
-CouchRestSessionStore.configure do |conf|
+CouchRest::Session::Store.configure do |conf|
conf.environment = Rails.env
conf.connection_config_file = File.join(Rails.root, 'config', 'couchdb.yml')
conf.connection[:prefix] =
diff --git a/core/leap_web_core.gemspec b/core/leap_web_core.gemspec
index a29db87..f391f00 100644
--- a/core/leap_web_core.gemspec
+++ b/core/leap_web_core.gemspec
@@ -19,7 +19,7 @@ Gem::Specification.new do |s|
s.add_dependency "couchrest", "~> 1.1.3"
s.add_dependency "couchrest_model", "~> 2.0.0.beta2"
- s.add_dependency "couchrest_session_store", "~> 0.1.3"
+ s.add_dependency "couchrest_session_store", "~> 0.2.0"
s.add_dependency "json"
end
diff --git a/test/test_helper.rb b/test/test_helper.rb
index 26b99f4..b2f674d 100644
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -36,6 +36,7 @@ Capybara.default_wait_time = 5
class BrowserIntegrationTest < ActionDispatch::IntegrationTest
# Make the Capybara DSL available
include Capybara::DSL
+ include IntegrationTestHelper
teardown do
Capybara.reset_sessions! # Forget the (simulated) browser state
diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb
index 01a1a2f..03a5a62 100644
--- a/users/app/controllers/v1/users_controller.rb
+++ b/users/app/controllers/v1/users_controller.rb
@@ -31,7 +31,7 @@ module V1
protected
def account
- Account.new(@user)
+ @user.account
end
end
diff --git a/users/app/models/user.rb b/users/app/models/user.rb
index 310eecd..a14fcb5 100644
--- a/users/app/models/user.rb
+++ b/users/app/models/user.rb
@@ -82,6 +82,10 @@ class User < CouchRest::Model::Base
identity.keys[:pgp]
end
+ def account
+ Account.new(self)
+ end
+
def identity
@identity ||= Identity.for(self)
end
diff --git a/users/test/integration/browser/account_test.rb b/users/test/integration/browser/account_test.rb
index a5ec2c5..8c2c997 100644
--- a/users/test/integration/browser/account_test.rb
+++ b/users/test/integration/browser/account_test.rb
@@ -13,9 +13,7 @@ class AccountTest < BrowserIntegrationTest
assert page.has_content?("Sign Up")
assert_equal '/', current_path
assert user = User.find_by_login(username)
- assert id = user.identity
- id.destroy
- user.destroy
+ user.account.destroy
end
test "successful login" do
@@ -47,17 +45,6 @@ class AccountTest < BrowserIntegrationTest
assert page.has_content?("server failed")
end
- def submit_signup
- username = "test_#{SecureRandom.urlsafe_base64}".downcase
- password = SecureRandom.base64
- visit '/users/new'
- fill_in 'Username', with: username
- fill_in 'Password', with: password
- fill_in 'Password confirmation', with: password
- click_on 'Sign Up'
- return username, password
- end
-
def inject_malicious_js
page.execute_script <<-EOJS
var calc = new srp.Calculate();
diff --git a/users/test/integration/browser/session_test.rb b/users/test/integration/browser/session_test.rb
new file mode 100644
index 0000000..bb4e8c9
--- /dev/null
+++ b/users/test/integration/browser/session_test.rb
@@ -0,0 +1,28 @@
+require 'test_helper'
+
+class SessionTest < BrowserIntegrationTest
+
+ setup do
+ Capybara.current_driver = Capybara.javascript_driver
+ @username, password = submit_signup
+ end
+
+ teardown do
+ user = User.find_by_login(@username)
+ id = user.identity
+ id.destroy
+ user.destroy
+ end
+
+ test "valid session" do
+ assert page.has_content?("Welcome #{@username}")
+ end
+
+ test "expired session" do
+ assert page.has_content?("Welcome #{@username}")
+ pretend_now_is(Time.now + 40.minutes) do
+ visit '/'
+ assert page.has_no_content?("Welcome #{@username}")
+ end
+ end
+end
diff --git a/users/test/support/integration_test_helper.rb b/users/test/support/integration_test_helper.rb
new file mode 100644
index 0000000..cfe72cf
--- /dev/null
+++ b/users/test/support/integration_test_helper.rb
@@ -0,0 +1,12 @@
+module IntegrationTestHelper
+ def submit_signup
+ username = "test_#{SecureRandom.urlsafe_base64}".downcase
+ password = SecureRandom.base64
+ visit '/users/new'
+ fill_in 'Username', with: username
+ fill_in 'Password', with: password
+ fill_in 'Password confirmation', with: password
+ click_on 'Sign Up'
+ return username, password
+ end
+end
diff --git a/users/test/support/time_test_helper.rb b/users/test/support/time_test_helper.rb
new file mode 100644
index 0000000..f673f12
--- /dev/null
+++ b/users/test/support/time_test_helper.rb
@@ -0,0 +1,30 @@
+# Extend the Time class so that we can offset the time that 'now'
+# returns. This should allow us to effectively time warp for functional
+# tests that require limits per hour, what not.
+class Time #:nodoc:
+ class <<self
+ attr_accessor :testing_offset
+
+ def now_with_testing_offset
+ now_without_testing_offset - testing_offset
+ end
+ alias_method_chain :now, :testing_offset
+ end
+end
+Time.testing_offset = 0
+
+module TimeTestHelper
+ # Time warp to the specified time for the duration of the passed block
+ def pretend_now_is(time)
+ begin
+ Time.testing_offset = Time.now - time
+ yield
+ ensure
+ Time.testing_offset = 0
+ end
+ end
+end
+
+class ActiveSupport::TestCase
+ include TimeTestHelper
+end
diff --git a/users/test/unit/account_test.rb b/users/test/unit/account_test.rb
index 39969c0..94a9980 100644
--- a/users/test/unit/account_test.rb
+++ b/users/test/unit/account_test.rb
@@ -9,15 +9,14 @@ class AccountTest < ActiveSupport::TestCase
assert id = user.identity
assert_equal user.email_address, id.address
assert_equal user.email_address, id.destination
- id.destroy
- user.destroy
+ user.account.destroy
end
test "create and remove a user account" do
assert_no_difference "Identity.count" do
assert_no_difference "User.count" do
user = Account.create(FactoryGirl.attributes_for(:user))
- Account.new(user).destroy
+ user.account.destroy
end
end
end
@@ -26,7 +25,7 @@ class AccountTest < ActiveSupport::TestCase
user = Account.create(FactoryGirl.attributes_for(:user))
old_id = user.identity
old_email = user.email_address
- Account.new(user).update(FactoryGirl.attributes_for(:user))
+ user.account.update(FactoryGirl.attributes_for(:user))
user.reload
old_id.reload
assert user.valid?
@@ -37,9 +36,7 @@ class AccountTest < ActiveSupport::TestCase
assert_equal user.email_address, id.destination
assert_equal user.email_address, old_id.destination
assert_equal old_email, old_id.address
- old_id.destroy
- id.destroy
- user.destroy
+ user.account.destroy
end
end