diff options
34 files changed, 409 insertions, 53 deletions
@@ -13,6 +13,7 @@ end ## AUTHENTICATION gem "ruby-srp", "~> 0.2.1" gem "rails_warden" +gem "coupon_code" ## LOCALIZATION gem 'http_accept_language' @@ -85,6 +86,11 @@ group :production do gem 'SyslogLogger', '~> 2.0' end +group :development do + gem "better_errors", '1.1.0' + gem "binding_of_caller" +end + group :debug do gem 'debugger', :platforms => :mri_19 end diff --git a/Gemfile.lock b/Gemfile.lock index 3331a6c..894e062 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -56,6 +56,11 @@ GEM multi_json (~> 1.0) addressable (2.3.6) arel (3.0.3) + better_errors (1.1.0) + coderay (>= 1.0.0) + erubis (>= 2.6.6) + binding_of_caller (0.7.2) + debug_inspector (>= 0.0.1) bootstrap-sass (2.3.2.2) sass (~> 3.2) braintree (2.38.0) @@ -78,7 +83,7 @@ GEM mime-types (~> 1.15) multi_json (~> 1.0) rest-client (~> 1.6.1) - couchrest_model (2.0.0) + couchrest_model (2.0.1) activemodel (>= 3.0) couchrest (~> 1.1.3) mime-types (>= 1.15) @@ -87,6 +92,7 @@ GEM actionpack (~> 3.0) couchrest couchrest_model + coupon_code (0.0.1) cucumber (1.3.17) builder (>= 2.1.2) diff-lcs (>= 1.1.3) @@ -100,6 +106,7 @@ GEM nokogiri (~> 1.5) rails (>= 3, < 5) daemons (1.1.9) + debug_inspector (0.0.2) debugger (1.6.8) columnize (>= 0.3.1) debugger-linecache (~> 1.2.0) @@ -140,7 +147,7 @@ GEM jquery-rails (3.1.2) railties (>= 3.0, < 5.0) thor (>= 0.14, < 2.0) - json (1.8.1) + json (1.8.3) kaminari (0.13.0) actionpack (>= 3.0.0) activesupport (>= 3.0.0) @@ -158,7 +165,7 @@ GEM minitest-stub-const (0.2) mocha (0.13.3) metaclass (~> 0.0.1) - multi_json (1.10.1) + multi_json (1.11.2) multi_test (0.1.1) nokogiri (1.6.5) mini_portile (~> 0.6.0) @@ -210,9 +217,8 @@ GEM rdoc (3.12.2) json (~> 1.4) ref (2.0.0) - rest-client (1.6.8) + rest-client (1.6.9) mime-types (~> 1.16) - rdoc (>= 2.4.2) ruby-srp (0.2.1) sass (3.4.9) sass-rails (3.2.6) @@ -246,7 +252,7 @@ GEM treetop (1.4.15) polyglot polyglot (>= 0.3.1) - tzinfo (0.3.42) + tzinfo (0.3.44) uglifier (1.2.7) execjs (>= 0.3.0) multi_json (~> 1.3) @@ -266,6 +272,8 @@ PLATFORMS DEPENDENCIES SyslogLogger (~> 2.0) + better_errors (= 1.1.0) + binding_of_caller bootstrap-sass (= 2.3.2.2) capybara certificate_authority! @@ -275,6 +283,7 @@ DEPENDENCIES couchrest (~> 1.1.3) couchrest_model (~> 2.0.0) couchrest_session_store (= 0.3.0) + coupon_code cucumber-rails debugger factory_girl_rails @@ -305,6 +314,3 @@ DEPENDENCIES thin uglifier (~> 1.2.7) valid_email - -BUNDLED WITH - 1.10.6 diff --git a/app/assets/javascripts/srp b/app/assets/javascripts/srp -Subproject 8f33d32d40b1e21ae7fb9a92c78a275422af421 +Subproject 9e1a41733468d4a3f5102b04277b9cd7b52d0a4 diff --git a/app/assets/javascripts/users.js b/app/assets/javascripts/users.js index e0f1c9d..5217942 100644 --- a/app/assets/javascripts/users.js +++ b/app/assets/javascripts/users.js @@ -88,11 +88,34 @@ } }; + var account = { + + // Returns the user's identity + login: function() { + return document.getElementById("srp_username").value; + }, + + // Returns the password currently typed in + password: function() { + return document.getElementById("srp_password").value; + }, + + // The user's id + id: function() { + return document.getElementById("user_param").value; + }, + + // Returns the invite code currently typed in + loginParams: function () { + return { "invite_code": document.getElementById("srp_invite_code").value }; + } + } + // // PUBLIC FUNCTIONS // - srp.session = new srp.Session(); + srp.session = new srp.Session(account); srp.signedUp = function() { return srp.login(); diff --git a/app/models/account.rb b/app/models/account.rb index af470ed..a5cd833 100644 --- a/app/models/account.rb +++ b/app/models/account.rb @@ -1,7 +1,7 @@ # -# The Account model takes care of the livecycle of a user. +# The Account model takes care of the lifecycle of a user. # It composes a User record and it's identity records. -# It also allows for other engines to hook into the livecycle by +# It also allows for other engines to hook into the lifecycle by # monkeypatching the create, update and destroy methods. # There's an ActiveSupport load_hook at the end of this file to # make this more easy. @@ -20,6 +20,7 @@ class Account user = nil user = User.new(attrs) user.save + if !user.tmp? && user.persisted? identity = user.identity identity.user_id = user.id @@ -27,6 +28,12 @@ class Account identity.errors.each do |attr, msg| user.errors.add(attr, msg) end + + if APP_CONFIG[:invite_required] + user_invite_code = InviteCode.find_by_invite_code user.invite_code + user_invite_code.invite_count += 1 + user_invite_code.save + end end rescue StandardError => ex user.errors.add(:base, ex.to_s) if user diff --git a/app/models/invite_code.rb b/app/models/invite_code.rb new file mode 100644 index 0000000..13c3a39 --- /dev/null +++ b/app/models/invite_code.rb @@ -0,0 +1,23 @@ +require 'coupon_code' + +class InviteCode < CouchRest::Model::Base + use_database 'invite_codes' + property :invite_code, String, :read_only => true + property :invite_count, Integer, :default => 0, :accessible => true + property :max_uses, Integer, :default => 1 + + timestamps! + + design do + view :by_invite_code + view :by_invite_count + end + + def initialize(attributes = {}, options = {}) + super(attributes, options) + write_attribute('invite_code', CouponCode.generate) if new? + end + +end + + diff --git a/app/models/invite_code_validator.rb b/app/models/invite_code_validator.rb new file mode 100644 index 0000000..676e4fa --- /dev/null +++ b/app/models/invite_code_validator.rb @@ -0,0 +1,29 @@ +class InviteCodeValidator < ActiveModel::Validator + + def validate(user) + + user_invite_code = InviteCode.find_by_invite_code user.invite_code + + if not_existent?(user_invite_code) + add_error_to_user("This is not a valid code", user) + + elsif has_no_uses_left?(user_invite_code) + add_error_to_user("This code has already been used", user) + end + end + + private + def not_existent?(code) + code == nil + end + + def has_no_uses_left?(code) + code.invite_count >= code.max_uses + end + + def add_error_to_user(error, user) + user.errors[:invite_code] << error + end +end + + diff --git a/app/models/user.rb b/app/models/user.rb index d44df40..3daee0f 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -8,7 +8,7 @@ class User < CouchRest::Model::Base property :password_salt, String, :accessible => true property :contact_email, String, :accessible => true property :contact_email_key, String, :accessible => true - + property :invite_code, String, :accessible => true property :enabled, TrueClass, :default => true # these will be null by default but we shouldn't ever pull them directly, but only via the methods that will return the full ServiceLevel @@ -39,6 +39,10 @@ class User < CouchRest::Model::Base :email => true, :mx_with_fallback => true + + validates_with InviteCodeValidator, on: :create, if: -> {APP_CONFIG[:invite_required]} + + timestamps! design do diff --git a/app/views/users/new.html.haml b/app/views/users/new.html.haml index 41a9d55..bc0b1af 100644 --- a/app/views/users/new.html.haml +++ b/app/views/users/new.html.haml @@ -15,7 +15,13 @@ = render :partial => 'warnings' = simple_form_for(@user, form_options) do |f| = f.input :login, :label => t(:username), :required => false, :input_html => { :id => :srp_username } - = f.input :password, :required => false, :validate => true, :input_html => { :id => :srp_password } - = f.input :password_confirmation, :required => false, :validate => true, :input_html => { :id => :srp_password_confirmation } - = f.button :wrapped, cancel: home_path + = f.input :password, :label => t(:password), :required => false, :validate => true, :input_html => { :id => :srp_password } + = f.input :password_confirmation, :label => t(:password_confirmation), :required => false, :validate => true, :input_html => { :id => :srp_password_confirmation } + + - if APP_CONFIG[:invite_required] + = f.input :invite_code, :label => t(:invite_code), :input_html => { :id => :srp_invite_code } + - else + = f.input :invite_code, :as => "hidden", :input_html => { :value => " ", :id => :srp_invite_code } + = f.button :wrapped, cancel: home_path +-# diff --git a/config/defaults.yml b/config/defaults.yml index dfa2a9a..906b446 100644 --- a/config/defaults.yml +++ b/config/defaults.yml @@ -82,6 +82,7 @@ common: &common - support - billing allow_registration: true + invite_required: false config_file_paths: soledad-service: 'public/1/config/soledad-service.json' eip-service: 'public/1/config/eip-service.json' diff --git a/config/locales/en/users.en.yml b/config/locales/en/users.en.yml index e2a880c..bc8c19d 100644 --- a/config/locales/en/users.en.yml +++ b/config/locales/en/users.en.yml @@ -8,6 +8,8 @@ en: account_settings: "Account Settings" username: "Username" password: "Password" + password_confirmation: "Password confirmation" + invite_code: "Invite code" change_password: "Change Password" invalid_user_pass: "Not a valid username/password combination" invalid_ephemeral: "Invalid random key used. This looked like an attempt to hack the site to us. If it wasn't please contact support so we can look into the issue." diff --git a/engines/billing/test/functional/customers_controller_test.rb b/engines/billing/test/functional/customers_controller_test.rb index cc82fc1..4d84fb0 100644 --- a/engines/billing/test/functional/customers_controller_test.rb +++ b/engines/billing/test/functional/customers_controller_test.rb @@ -5,6 +5,7 @@ class CustomersControllerTest < ActionController::TestCase tests CustomerController setup do + InviteCodeValidator.any_instance.stubs(:validate) @user = FactoryGirl.create :user @other_user = FactoryGirl.create :user #FakeBraintree.clear! diff --git a/engines/support/app/controllers/tickets_controller.rb b/engines/support/app/controllers/tickets_controller.rb index c1abfa2..8cccc2f 100644 --- a/engines/support/app/controllers/tickets_controller.rb +++ b/engines/support/app/controllers/tickets_controller.rb @@ -4,6 +4,8 @@ class TicketsController < ApplicationController respond_to :html, :json #has_scope :open, :type => boolean + skip_before_filter :verify_authenticity_token, :only => [:create] + before_filter :require_login, :only => [:index] before_filter :fetch_ticket, except: [:new, :create, :index] before_filter :require_ticket_access, except: [:new, :create, :index] diff --git a/engines/support/test/integration/create_ticket_test.rb b/engines/support/test/integration/create_ticket_test.rb index 90e9a8a..00f9a6b 100644 --- a/engines/support/test/integration/create_ticket_test.rb +++ b/engines/support/test/integration/create_ticket_test.rb @@ -2,6 +2,11 @@ require 'test_helper' class CreateTicketTest < BrowserIntegrationTest + setup do + @testcode = InviteCode.new + @testcode.save! + end + test "can submit ticket anonymously" do visit '/' click_on 'Get Help' @@ -29,7 +34,7 @@ class CreateTicketTest < BrowserIntegrationTest end test "prefills fields" do - login FactoryGirl.create(:premium_user) + login FactoryGirl.create(:premium_user, :invite_code => @testcode.invite_code) visit '/' click_on "Support Tickets" click_on "New Ticket" @@ -48,7 +53,7 @@ class CreateTicketTest < BrowserIntegrationTest end test "cleared email field should remain clear" do - login FactoryGirl.create(:premium_user) + login FactoryGirl.create(:premium_user, :invite_code => @testcode.invite_code) visit '/' click_on "Support Tickets" click_on "New Ticket" diff --git a/engines/support/test/unit/account_extension_test.rb b/engines/support/test/unit/account_extension_test.rb index aba162c..0ecb1aa 100644 --- a/engines/support/test/unit/account_extension_test.rb +++ b/engines/support/test/unit/account_extension_test.rb @@ -2,6 +2,10 @@ require 'test_helper' class AccountExtensionTest < ActiveSupport::TestCase + setup do + InviteCodeValidator.any_instance.stubs(:validate) + end + test "destroying an account triggers ticket destruction" do t = FactoryGirl.create :ticket_with_creator u = t.created_by_user diff --git a/engines/support/test/unit/ticket_test.rb b/engines/support/test/unit/ticket_test.rb index c64e8f4..7b5281f 100644 --- a/engines/support/test/unit/ticket_test.rb +++ b/engines/support/test/unit/ticket_test.rb @@ -2,6 +2,10 @@ require 'test_helper' class TicketTest < ActiveSupport::TestCase + setup do + InviteCodeValidator.any_instance.stubs(:validate) + end + test "ticket with default attribs is valid" do t = FactoryGirl.build :ticket assert t.valid? diff --git a/features/step_definitions/auth_steps.rb b/features/step_definitions/auth_steps.rb index e75455a..52c92ee 100644 --- a/features/step_definitions/auth_steps.rb +++ b/features/step_definitions/auth_steps.rb @@ -1,5 +1,7 @@ Given /^I authenticated$/ do - @user = FactoryGirl.create(:user) + @testcode = InviteCode.new + @testcode.save! + @user = FactoryGirl.create(:user, :invite_code => @testcode.invite_code) @my_auth_token = Token.create user_id: @user.id end diff --git a/lib/en_US.yml b/lib/en_US.yml index b5ba63b..a94e2fc 100644 --- a/lib/en_US.yml +++ b/lib/en_US.yml @@ -119,6 +119,8 @@ en_US: account_settings: Account Settings username: Username password: Password + password_confirmation: Password confirmation + invite_code: Invite code change_password: Change Password invalid_user_pass: Not a valid username/password combination invalid_ephemeral: Invalid random key used. This looked like an attempt to hack the diff --git a/lib/tasks/invite_code.rake b/lib/tasks/invite_code.rake new file mode 100644 index 0000000..d6e2b49 --- /dev/null +++ b/lib/tasks/invite_code.rake @@ -0,0 +1,21 @@ + + +desc "Generate a batch of invite codes" +task :generate_invites, [:n, :u] => :environment do |task, args| + + codes = args.n + codes = codes.to_i + + if args.u != nil + max_uses = args.u + end + + codes.times do |x| + x = InviteCode.new + x.max_uses = max_uses + x.save + puts x.invite_code + end + +end + diff --git a/test/factories.rb b/test/factories.rb index 0734688..b6e1475 100644 --- a/test/factories.rb +++ b/test/factories.rb @@ -11,6 +11,7 @@ FactoryGirl.define do login { Faker::Internet.user_name + '_' + SecureRandom.hex(4) } password_verifier "1234ABCD" password_salt "4321AB" + invite_code "testcode" factory :user_with_settings do email_forward { Faker::Internet.email } diff --git a/test/functional/identities_controller_test.rb b/test/functional/identities_controller_test.rb index fcdeaa2..e491c52 100644 --- a/test/functional/identities_controller_test.rb +++ b/test/functional/identities_controller_test.rb @@ -2,6 +2,10 @@ require 'test_helper' class IdentitiesControllerTest < ActionController::TestCase + setup do + InviteCodeValidator.any_instance.stubs(:validate) + end + test "admin can list active and blocked ids" do login :is_admin? => true get :index diff --git a/test/functional/v1/messages_controller_test.rb b/test/functional/v1/messages_controller_test.rb index 6f7ea5d..720d862 100644 --- a/test/functional/v1/messages_controller_test.rb +++ b/test/functional/v1/messages_controller_test.rb @@ -3,6 +3,7 @@ require 'test_helper' class V1::MessagesControllerTest < ActionController::TestCase setup do + InviteCodeValidator.any_instance.stubs(:validate) @user = FactoryGirl.build(:user) @user.save @message = Message.new(:text => 'a test message') diff --git a/test/integration/api/cert_test.rb b/test/integration/api/cert_test.rb index 118fb9f..772901d 100644 --- a/test/integration/api/cert_test.rb +++ b/test/integration/api/cert_test.rb @@ -2,6 +2,7 @@ require 'test_helper' class CertTest < ApiIntegrationTest + test "retrieve eip cert" do login get '/1/cert', {}, RACK_ENV diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb index 2f50ef3..681d509 100644 --- a/test/integration/api/smtp_cert_test.rb +++ b/test/integration/api/smtp_cert_test.rb @@ -3,8 +3,13 @@ require 'openssl' class SmtpCertTest < ApiIntegrationTest + setup do + @testcode = InviteCode.new + @testcode.save! + end + test "retrieve smtp cert" do - @user = FactoryGirl.create :user, effective_service_level_code: 2 + @user = FactoryGirl.create :user, effective_service_level_code: 2, :invite_code => @testcode.invite_code login post '/1/smtp_cert', {}, RACK_ENV assert_text_response @@ -15,7 +20,7 @@ class SmtpCertTest < ApiIntegrationTest end test "cert and key" do - @user = FactoryGirl.create :user, effective_service_level_code: 2 + @user = FactoryGirl.create :user, effective_service_level_code: 2, :invite_code => @testcode.invite_code login post '/1/smtp_cert', {}, RACK_ENV assert_text_response @@ -27,7 +32,7 @@ class SmtpCertTest < ApiIntegrationTest end test "fingerprint is stored with identity" do - @user = FactoryGirl.create :user, effective_service_level_code: 2 + @user = FactoryGirl.create :user, effective_service_level_code: 2, :invite_code => @testcode.invite_code login post '/1/smtp_cert', {}, RACK_ENV assert_text_response @@ -41,6 +46,7 @@ class SmtpCertTest < ApiIntegrationTest end test "fetching smtp certs requires email account" do + login post '/1/smtp_cert', {}, RACK_ENV assert_access_denied diff --git a/test/integration/api/srp_test.rb b/test/integration/api/srp_test.rb index fbef47e..463abcd 100644 --- a/test/integration/api/srp_test.rb +++ b/test/integration/api/srp_test.rb @@ -1,5 +1,10 @@ class SrpTest < RackTest + setup do + @testcode = InviteCode.new + @testcode.save! + end + teardown do if @user cleanup_user @@ -32,10 +37,10 @@ class SrpTest < RackTest attr_reader :server_auth - def register_user(login = "integration_test", password = 'srp, verify me!') + def register_user(login = "integration_test", password = 'srp, verify me!', invite_code = @testcode.invite_code) cleanup_user(login) post 'http://api.lvh.me:3000/1/users.json', - user_params(login: login, password: password) + user_params(login: login, password: password, invite_code: invite_code) assert(@user = User.find_by_login(login), 'user should have been created: %s' % last_response_errors) @login = login @password = password diff --git a/test/integration/browser/account_test.rb b/test/integration/browser/account_test.rb index aea5406..cbe7ba9 100644 --- a/test/integration/browser/account_test.rb +++ b/test/integration/browser/account_test.rb @@ -6,7 +6,7 @@ class AccountTest < BrowserIntegrationTest Identity.destroy_all_disabled end - test "signup successfully" do + test "signup successfully when invited" do username, password = submit_signup assert page.has_content?("Welcome #{username}") click_on 'Log Out' @@ -16,6 +16,22 @@ class AccountTest < BrowserIntegrationTest user.account.destroy end + test "signup successfully without invitation" do + with_config invite_required: false do + + username ||= "test_#{SecureRandom.urlsafe_base64}".downcase + password ||= SecureRandom.base64 + + visit '/users/new' + fill_in 'Username', with: username + fill_in 'Password', with: password + fill_in 'Password confirmation', with: password + click_on 'Sign Up' + + assert page.has_content?("Welcome #{username}") + end + end + test "signup with username ending in dot json" do username = Faker::Internet.user_name + '.json' submit_signup username @@ -47,6 +63,7 @@ class AccountTest < BrowserIntegrationTest test "account destruction" do username, password = submit_signup + click_on I18n.t('account_settings') click_on I18n.t('destroy_my_account') assert page.has_content?(I18n.t('account_destroyed')) @@ -81,21 +98,6 @@ class AccountTest < BrowserIntegrationTest end end - test "change password" do - with_config user_actions: ['change_password'] do - login - click_on "Account Settings" - within('#update_login_and_password') do - fill_in 'Password', with: "other password" - fill_in 'Password confirmation', with: "other password" - click_on 'Save' - end - click_on 'Log Out' - attempt_login(@user.login, "other password") - assert page.has_content?("Welcome #{@user.login}") - end - end - test "change pgp key" do with_config user_actions: ['change_pgp_key'] do pgp_key = FactoryGirl.build :pgp_key @@ -117,6 +119,8 @@ class AccountTest < BrowserIntegrationTest # trying to seed an invalid A for srp login test "detects attempt to circumvent SRP" do + InviteCodeValidator.any_instance.stubs(:validate) + user = FactoryGirl.create :user visit '/login' fill_in 'Username', with: user.login diff --git a/test/support/api_integration_test.rb b/test/support/api_integration_test.rb index bd10f11..4077920 100644 --- a/test/support/api_integration_test.rb +++ b/test/support/api_integration_test.rb @@ -3,8 +3,13 @@ class ApiIntegrationTest < ActionDispatch::IntegrationTest DUMMY_TOKEN = Token.new RACK_ENV = {'HTTP_AUTHORIZATION' => %Q(Token token="#{DUMMY_TOKEN.to_s}")} + setup do + @testcode = InviteCode.new + @testcode.save! + end + def login(user = nil) - @user ||= user ||= FactoryGirl.create(:user) + @user ||= user ||= FactoryGirl.create(:user, :invite_code => @testcode.invite_code) # DUMMY_TOKEN will be frozen. So let's use a dup @token ||= DUMMY_TOKEN.dup # make sure @token is up to date if it already exists diff --git a/test/support/browser_integration_test.rb b/test/support/browser_integration_test.rb index 1e2aa51..35887cc 100644 --- a/test/support/browser_integration_test.rb +++ b/test/support/browser_integration_test.rb @@ -37,6 +37,8 @@ class BrowserIntegrationTest < ActionDispatch::IntegrationTest setup do Capybara.current_driver = Capybara.javascript_driver page.driver.add_headers 'ACCEPT-LANGUAGE' => 'en-EN' + @testcode = InviteCode.new + @testcode.save! end teardown do @@ -45,19 +47,38 @@ class BrowserIntegrationTest < ActionDispatch::IntegrationTest end def submit_signup(username = nil, password = nil) - username ||= "test_#{SecureRandom.urlsafe_base64}".downcase - password ||= SecureRandom.base64 - visit '/users/new' - fill_in 'Username', with: username - fill_in 'Password', with: password - fill_in 'Password confirmation', with: password - click_on 'Sign Up' - return username, password + + with_config invite_required: true do + + username ||= "test_#{SecureRandom.urlsafe_base64}".downcase + password ||= SecureRandom.base64 + visit '/users/new' + fill_in 'Username', with: username + fill_in 'Password', with: password + fill_in 'Invite code', with: @testcode.invite_code + fill_in 'Password confirmation', with: password + click_on 'Sign Up' + return username, password + end + + with_config invite_required: false do + + username ||= "test_#{SecureRandom.urlsafe_base64}".downcase + password ||= SecureRandom.base64 + visit '/users/new' + fill_in 'Username', with: username + fill_in 'Password', with: password + fill_in 'Password confirmation', with: password + click_on 'Sign Up' + return username, password + end + end # currently this only works for tests with poltergeist. # ApiIntegrationTest has a working implementation for RackTest def login(user = nil) + InviteCodeValidator.any_instance.stubs(:validate) @user ||= user ||= FactoryGirl.create(:user) token = Token.create user_id: user.id page.driver.add_header "Authorization", %Q(Token token="#{token}") diff --git a/test/unit/account_test.rb b/test/unit/account_test.rb index b2bfe27..6b814b6 100644 --- a/test/unit/account_test.rb +++ b/test/unit/account_test.rb @@ -2,12 +2,17 @@ require 'test_helper' class AccountTest < ActiveSupport::TestCase + setup do + @testcode = InviteCode.new + @testcode.save! + end + teardown do Identity.destroy_all_disabled end - test "create a new account" do - user = Account.create(FactoryGirl.attributes_for(:user)) + test "create a new account when invited" do + user = Account.create(FactoryGirl.attributes_for(:user, :invite_code => @testcode.invite_code)) assert user.valid?, "unexpected errors: #{user.errors.inspect}" assert user.persisted? assert id = user.identity @@ -16,18 +21,28 @@ class AccountTest < ActiveSupport::TestCase user.account.destroy end + test "create a new account" do + with_config invite_required: false do + user = Account.create(FactoryGirl.attributes_for(:user)) + assert user.valid?, "unexpected errors: #{user.errors.inspect}" + assert user.persisted? + user.account.destroy + end + end + + test "create and remove a user account" do # We keep an identity that will block the handle from being reused. assert_difference "Identity.count" do assert_no_difference "User.count" do - user = Account.create(FactoryGirl.attributes_for(:user)) + user = Account.create(FactoryGirl.attributes_for(:user, :invite_code => @testcode.invite_code)) user.account.destroy end end end test "change username and create alias" do - user = Account.create(FactoryGirl.attributes_for(:user)) + user = Account.create(FactoryGirl.attributes_for(:user, :invite_code => @testcode.invite_code)) old_id = user.identity old_email = user.email_address user.account.update(FactoryGirl.attributes_for(:user)) @@ -44,4 +59,25 @@ class AccountTest < ActiveSupport::TestCase user.account.destroy end + test "Invite code count goes up by 1 when the invite code is entered" do + with_config invite_required: true do + user = Account.create(FactoryGirl.attributes_for(:user, :invite_code => @testcode.invite_code)) + user_code = InviteCode.find_by_invite_code user.invite_code + user_code.save + user.save + assert user.persisted? + assert_equal 1, user_code.invite_count + end + + end + + test "Invite code stays zero when invite code is not used" do + #user = Account.create(FactoryGirl.attributes_for(:user, :invite_code => @testcode.invite_code)) + invalid_user = FactoryGirl.build(:user, :invite_code => @testcode.invite_code) + invalid_user.save + user_code = InviteCode.find_by_invite_code invalid_user.invite_code + user_code.save + + assert_equal 0, user_code.invite_count + end end diff --git a/test/unit/invite_code_test.rb b/test/unit/invite_code_test.rb new file mode 100644 index 0000000..fd93f2f --- /dev/null +++ b/test/unit/invite_code_test.rb @@ -0,0 +1,25 @@ +require 'test_helper' + +class InviteCodeTest < ActiveSupport::TestCase + + test "it is created with an invite code" do + code = InviteCode.new + assert_not_nil code.invite_code + end + + test "the invite code can be read from couch db correctly" do + code1 = InviteCode.new + code1.save + code2 = InviteCode.find_by_invite_code code1.invite_code + assert_equal code1.invite_code, code2.invite_code + end + + test "the invite code count gets set to 0 upon creation" do + code1 = InviteCode.new + code1.save + assert_equal code1.invite_count, 0 + end + + +end + diff --git a/test/unit/invite_code_validator_test.rb b/test/unit/invite_code_validator_test.rb new file mode 100644 index 0000000..62eeae6 --- /dev/null +++ b/test/unit/invite_code_validator_test.rb @@ -0,0 +1,86 @@ +require 'test_helper' + +class InviteCodeValidatorTest < ActiveSupport::TestCase + test "user should not be created with invalid invite code" do + with_config invite_required: true do + invalid_user = FactoryGirl.build(:user) + + assert !invalid_user.valid? + end + end + + test "user should be created with valid invite code" do + valid_user = FactoryGirl.build(:user) + valid_code = InviteCode.create + valid_user.invite_code = valid_code.invite_code + + assert valid_user.valid? + end + + test "trying to create a user with invalid invite code should add error" do + with_config invite_required: true do + invalid_user = FactoryGirl.build(:user, :invite_code => "a non-existent code") + + invalid_user.valid? + + errors = {invite_code: ["This is not a valid code"]} + assert_equal errors, invalid_user.errors.messages + end + end + + + test "Invite count >= invite max uses is not accepted for new account signup" do + validator = InviteCodeValidator.new nil + + user_code = InviteCode.new + user_code.invite_count = 1 + user_code.save + + user = FactoryGirl.build :user + user.invite_code = user_code.invite_code + + validator.validate(user) + + assert_equal ["This code has already been used"], user.errors[:invite_code] + + end + + test "Invite count < invite max uses is accepted for new account signup" do + validator = InviteCodeValidator.new nil + + user_code = InviteCode.create + user_code.save + + user = FactoryGirl.build :user + user.invite_code = user_code.invite_code + + validator.validate(user) + + assert_equal [], user.errors[:invite_code] + end + + test "Invite count 0 is accepted for new account signup" do + validator = InviteCodeValidator.new nil + + user_code = InviteCode.create + + user = FactoryGirl.build :user + user.invite_code = user_code.invite_code + + validator.validate(user) + + assert_equal [], user.errors[:invite_code] + end + + test "There is an error message if the invite code does not exist" do + validator = InviteCodeValidator.new nil + + user = FactoryGirl.build :user + user.invite_code = "wrongcode" + + validator.validate(user) + + assert_equal ["This is not a valid code"], user.errors[:invite_code] + end + +end
\ No newline at end of file diff --git a/test/unit/tmp_user_test.rb b/test/unit/tmp_user_test.rb index 55b117f..9494377 100644 --- a/test/unit/tmp_user_test.rb +++ b/test/unit/tmp_user_test.rb @@ -2,6 +2,10 @@ require 'test_helper' class TmpUserTest < ActiveSupport::TestCase + setup do + InviteCodeValidator.any_instance.stubs(:validate) + end + test "test_user saved to tmp_users" do begin assert User.ancestors.include?(TemporaryUser) diff --git a/test/unit/token_test.rb b/test/unit/token_test.rb index 5468650..51c8d8e 100644 --- a/test/unit/token_test.rb +++ b/test/unit/token_test.rb @@ -4,6 +4,7 @@ class TokenTest < ActiveSupport::TestCase include StubRecordHelper setup do + InviteCodeValidator.any_instance.stubs(:validate) @user = find_record :user end diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb index b3c831b..9501d34 100644 --- a/test/unit/user_test.rb +++ b/test/unit/user_test.rb @@ -4,9 +4,15 @@ class UserTest < ActiveSupport::TestCase include SRP::Util setup do + InviteCodeValidator.any_instance.stubs(:validate) @user = FactoryGirl.build(:user) end + test "don't find a user with login nil" do + @user.save + assert_nil User.find_by_login(nil) + end + test "design docs in database are authorative" do assert !User.design_doc.auto_update, "Automatic update of design docs should be disabled" @@ -65,6 +71,8 @@ class UserTest < ActiveSupport::TestCase assert_equal key, @user.public_key end + + # ## Regression tests # |