From da1cfabcd8be59f9384367438597bba113a4d3b0 Mon Sep 17 00:00:00 2001 From: Monalisa Chatterjee Date: Mon, 16 Apr 2018 14:12:28 -0700 Subject: [PATCH 1/9] Updated ruby --- Gemfile | 2 +- Gemfile.lock | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Gemfile b/Gemfile index fa992da0..ab080f52 100644 --- a/Gemfile +++ b/Gemfile @@ -1,6 +1,6 @@ source 'https://rubygems.org' -ruby '2.4.0' +ruby '2.5.1' git_source(:github) do |repo_name| repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?("/") diff --git a/Gemfile.lock b/Gemfile.lock index ac73d272..31a36551 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -40,7 +40,7 @@ GEM tzinfo (~> 1.1) ansi (1.5.0) arel (7.1.4) - autoprefixer-rails (8.2.0) + autoprefixer-rails (8.3.0) execjs babel-source (5.8.35) babel-transpiler (0.7.0) @@ -62,7 +62,7 @@ GEM execjs coffee-script-source (1.12.2) concurrent-ruby (1.0.5) - crass (1.0.3) + crass (1.0.4) erubi (1.7.1) erubis (2.7.0) execjs (2.7.0) @@ -117,7 +117,7 @@ GEM method_source (~> 0.9.0) pry-rails (0.3.6) pry (>= 0.10.4) - puma (3.11.3) + puma (3.11.4) rack (2.0.4) rack-test (0.6.3) rack (>= 1.0) @@ -175,14 +175,14 @@ GEM thor (0.20.0) thread_safe (0.3.6) tilt (2.0.8) - turbolinks (5.1.0) + turbolinks (5.1.1) turbolinks-source (~> 5.1) turbolinks-source (5.1.0) tzinfo (1.2.5) thread_safe (~> 0.1) - uglifier (4.1.8) + uglifier (4.1.9) execjs (>= 0.3.0, < 3) - web-console (3.5.1) + web-console (3.6.0) actionview (>= 5.0) activemodel (>= 5.0) bindex (>= 0.4.0) @@ -220,7 +220,7 @@ DEPENDENCIES web-console (>= 3.3.0) RUBY VERSION - ruby 2.4.0p0 + ruby 2.5.1p57 BUNDLED WITH - 1.15.4 + 1.16.1 From 688292866a4b36e4cad7cd6e9820ad9e4782cf4c Mon Sep 17 00:00:00 2001 From: Monalisa Chatterjee Date: Mon, 16 Apr 2018 14:57:07 -0700 Subject: [PATCH 2/9] test root, index, new --- test/controllers/works_controller_test.rb | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/test/controllers/works_controller_test.rb b/test/controllers/works_controller_test.rb index 0945ca47..82fcb799 100644 --- a/test/controllers/works_controller_test.rb +++ b/test/controllers/works_controller_test.rb @@ -4,16 +4,30 @@ describe "root" do it "succeeds with all media types" do # Precondition: there is at least one media of each category - + ["album", "book", "movie"].each do |category| + Work.by_category(category).length.must_be :>, 0, "No #{category.pluralize} in the test fixtures" + end + get root_path + must_respond_with :success end it "succeeds with one media type absent" do # Precondition: there is at least one media in two of the categories + ["album", "book", "movie"].each do |category| + Work.by_category(category).length.must_be :>, 0, "No #{category.pluralize} in the test fixtures" + end + + Work.by_category("book").destroy_all + + get root_path + must_respond_with :success end it "succeeds with no media" do - + Work.destroy_all + get root_path + must_respond_with :success end end From 809cbcf85d77b0de3d3ba592ce4739edc0bddd89 Mon Sep 17 00:00:00 2001 From: Monalisa Chatterjee Date: Mon, 16 Apr 2018 16:16:58 -0700 Subject: [PATCH 3/9] Add more tests --- test/controllers/works_controller_test.rb | 45 ++++++++++++++++++----- 1 file changed, 35 insertions(+), 10 deletions(-) diff --git a/test/controllers/works_controller_test.rb b/test/controllers/works_controller_test.rb index 82fcb799..02961e32 100644 --- a/test/controllers/works_controller_test.rb +++ b/test/controllers/works_controller_test.rb @@ -5,7 +5,7 @@ it "succeeds with all media types" do # Precondition: there is at least one media of each category ["album", "book", "movie"].each do |category| - Work.by_category(category).length.must_be :>, 0, "No #{category.pluralize} in the test fixtures" + Work.by_category(category).length.must_be :>, 0 end get root_path must_respond_with :success @@ -14,7 +14,7 @@ it "succeeds with one media type absent" do # Precondition: there is at least one media in two of the categories ["album", "book", "movie"].each do |category| - Work.by_category(category).length.must_be :>, 0, "No #{category.pluralize} in the test fixtures" + Work.by_category(category).length.must_be :>, 0 end Work.by_category("book").destroy_all @@ -36,23 +36,27 @@ describe "index" do it "succeeds when there are works" do - + Work.count.must_be :>, 0 + get works_path + must_respond_with :success end it "succeeds when there are no works" do - + Work.destroy_all + get works_path + must_respond_with :success end end describe "new" do it "succeeds" do - + get new_work_path + must_respond_with :success end end describe "create" do it "creates a work with valid data for a real category" do - end it "renders bad_request and does not update the DB for bogus data" do @@ -67,21 +71,31 @@ describe "show" do it "succeeds for an extant work ID" do - + get work_path(Work.first.id) + must_respond_with :success + get work_path(Work.last.id) + must_respond_with :success end it "renders 404 not_found for a bogus work ID" do - + work_id = Work.last.id + 1 + get work_path(work_id) + must_respond_with :not_found end end describe "edit" do it "succeeds for an extant work ID" do - + get edit_work_path(Work.first.id) + must_respond_with :success + get edit_work_path(Work.last.id) + must_respond_with :success end it "renders 404 not_found for a bogus work ID" do - + work_id = Work.last.id + 1 + get edit_work_path(work_id) + must_respond_with :not_found end end @@ -101,11 +115,22 @@ describe "destroy" do it "succeeds for an extant work ID" do + work_id = Work.first.id + delete work_path(work_id) + must_redirect_to root_path + + Work.find_by(id: work_id).must_be_nil end it "renders 404 not_found and does not update the DB for a bogus work ID" do + start_count = Work.count + + work_id = Work.last.id + 1 + delete work_path(work_id) + must_respond_with :not_found + Work.count.must_equal start_count end end From a25573cc77c8259baf9e79fe8d5265518cb435f3 Mon Sep 17 00:00:00 2001 From: Monalisa Chatterjee Date: Mon, 16 Apr 2018 21:08:49 -0700 Subject: [PATCH 4/9] Add tests for works except #upvote --- test/controllers/works_controller_test.rb | 71 +++++++++++++++++++++-- 1 file changed, 67 insertions(+), 4 deletions(-) diff --git a/test/controllers/works_controller_test.rb b/test/controllers/works_controller_test.rb index 02961e32..52b09248 100644 --- a/test/controllers/works_controller_test.rb +++ b/test/controllers/works_controller_test.rb @@ -57,16 +57,59 @@ describe "create" do it "creates a work with valid data for a real category" do + work_data = { + work: { + title: "test work" + } + } + CATEGORIES.each do |category| + work_data[:work][:category] = category + + start_count = Work.count + + post works_path, params: work_data + must_redirect_to work_path(Work.last) + + Work.count.must_equal start_count + 1 + end + end it "renders bad_request and does not update the DB for bogus data" do + work_data = { + work: { + title: "" + } + } + CATEGORIES.each do |category| + work_data[:work][:category] = category + start_count = Work.count + + post works_path, params: work_data + must_respond_with 400 + + Work.count.must_equal start_count + end end it "renders 400 bad_request for bogus categories" do + work_data = { + work: { + title: "test work" + } + } + INVALID_CATEGORIES.each do |category| + work_data[:work][:category] = category - end + start_count = Work.count + post works_path, params: work_data + must_respond_with 400 + + Work.count.must_equal start_count + end + end end describe "show" do @@ -80,7 +123,7 @@ it "renders 404 not_found for a bogus work ID" do work_id = Work.last.id + 1 get work_path(work_id) - must_respond_with :not_found + must_respond_with 404 end end @@ -101,15 +144,35 @@ describe "update" do it "succeeds for valid data and an extant work ID" do + updated_title = "Title" + + patch work_path(works(:poodr).id), params: { + work: { + title: updated_title + } + } + updated_work = Work.find(works(:poodr).id) + updated_work.title.must_equal updated_title + must_respond_with :redirect + must_redirect_to work_path(works(:poodr).id) end it "renders bad_request for bogus data" do + updated_title = " " + patch work_path(works(:poodr).id), params: { + work: { + title: updated_title + } + } + must_respond_with 404 end it "renders 404 not_found for a bogus work ID" do - + work_id = Work.last.id + 1 + get work_path(work_id) + must_respond_with 404 end end @@ -128,7 +191,7 @@ work_id = Work.last.id + 1 delete work_path(work_id) - must_respond_with :not_found + must_respond_with 404 Work.count.must_equal start_count end From 532656c2249c8c3d4fda57de9881e23c887dfb0d Mon Sep 17 00:00:00 2001 From: Monalisa Chatterjee Date: Mon, 30 Apr 2018 00:23:56 -0700 Subject: [PATCH 5/9] wave 1 done except upvote --- test/controllers/sessions_controller_test.rb | 18 ++++++++++++ test/controllers/users_controller_test.rb | 30 ++++++++++++++++++++ test/controllers/works_controller_test.rb | 8 ++++-- 3 files changed, 54 insertions(+), 2 deletions(-) diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb index f641d15c..a9883331 100644 --- a/test/controllers/sessions_controller_test.rb +++ b/test/controllers/sessions_controller_test.rb @@ -1,5 +1,23 @@ require "test_helper" describe SessionsController do + let (:user) { users(:kari) } + it "login_form" do + get login_path + must_respond_with :success + end + it "can log in" do + post login_path, params: { + username: "kari" + } + + must_redirect_to root_path + end + + it "can log out" do + post logout_path + must_redirect_to root_path + + end end diff --git a/test/controllers/users_controller_test.rb b/test/controllers/users_controller_test.rb index d2c5cfbb..3c9385b1 100644 --- a/test/controllers/users_controller_test.rb +++ b/test/controllers/users_controller_test.rb @@ -1,5 +1,35 @@ require 'test_helper' describe UsersController do + describe "index" do + it "succeeds with many users" do + User.count.must_be :>, 0 + get users_path + must_respond_with :success + end + + it "succeeds with no users" do + Vote.destroy_all + User.destroy_all + + get users_path + must_respond_with :success + end + end + + describe "show" do + it "succeeds for an extant user" do + get user_path(User.first) + must_respond_with :success + get user_path(User.last) + must_respond_with :success + end + + it "renders 404 not_found for a bogus user" do + user_id = User.last.id + 1 + get user_path(user_id) + must_respond_with 404 + end + end end diff --git a/test/controllers/works_controller_test.rb b/test/controllers/works_controller_test.rb index 52b09248..70f40ceb 100644 --- a/test/controllers/works_controller_test.rb +++ b/test/controllers/works_controller_test.rb @@ -198,13 +198,17 @@ end describe "upvote" do + let(:work) { Work.first } + let(:user) { users(:kari) } - it "redirects to the work page if no user is logged in" do + it "redirects to the work page if no user is logged in" do + post upvote_path(work) + must_respond_with :redirect + must_redirect_to work_path(work.id) end it "redirects to the work page after the user has logged out" do - end it "succeeds for a logged-in user and a fresh user-vote pair" do From 57c60a3b379d12f5ad3183ee40a5d4da6f8b79aa Mon Sep 17 00:00:00 2001 From: Monalisa Chatterjee Date: Mon, 30 Apr 2018 11:02:30 -0700 Subject: [PATCH 6/9] wave 2 --- .gitignore | 1 + Gemfile | 5 ++ Gemfile.lock | 32 ++++++++ app/controllers/sessions_controller.rb | 81 +++++++++++++------ app/models/user.rb | 10 +++ app/views/layouts/application.html.erb | 4 +- config/initializers/omniauth.rb | 3 + config/routes.rb | 11 ++- ...137_add_uid_provider_and_email_to_users.rb | 7 ++ db/schema.rb | 5 +- 10 files changed, 130 insertions(+), 29 deletions(-) create mode 100644 config/initializers/omniauth.rb create mode 100644 db/migrate/20180430080137_add_uid_provider_and_email_to_users.rb diff --git a/.gitignore b/.gitignore index 48fb168f..d869f9f9 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,4 @@ # Ignore Byebug command history file. .byebug_history +.env diff --git a/Gemfile b/Gemfile index ab080f52..1d227423 100644 --- a/Gemfile +++ b/Gemfile @@ -65,7 +65,12 @@ group :development do # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring gem 'spring' gem 'spring-watcher-listen', '~> 2.0.0' + gem 'binding_of_caller' + gem 'dotenv-rails' end # Windows does not include zoneinfo files, so bundle the tzinfo-data gem gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby] + +gem "omniauth" +gem "omniauth-github" diff --git a/Gemfile.lock b/Gemfile.lock index 31a36551..4a198888 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -51,6 +51,8 @@ GEM erubi (>= 1.0.0) rack (>= 0.9.0) bindex (0.5.0) + binding_of_caller (0.8.0) + debug_inspector (>= 0.0.1) builder (3.2.3) byebug (10.0.2) coderay (1.1.2) @@ -63,9 +65,16 @@ GEM coffee-script-source (1.12.2) concurrent-ruby (1.0.5) crass (1.0.4) + debug_inspector (0.0.3) + dotenv (2.4.0) + dotenv-rails (2.4.0) + dotenv (= 2.4.0) + railties (>= 3.2, < 6.0) erubi (1.7.1) erubis (2.7.0) execjs (2.7.0) + faraday (0.12.2) + multipart-post (>= 1.2, < 3) ffi (1.9.23) foundation-rails (6.4.3.0) railties (>= 3.1.0) @@ -73,6 +82,7 @@ GEM sprockets-es6 (>= 0.9.0) globalid (0.4.1) activesupport (>= 4.2.0) + hashie (3.5.7) i18n (1.0.0) concurrent-ruby (~> 1.0) jbuilder (2.7.0) @@ -82,6 +92,7 @@ GEM rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) + jwt (1.5.6) listen (3.0.8) rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) @@ -108,9 +119,26 @@ GEM minitest (~> 5.0) rails (>= 4.1) multi_json (1.13.1) + multi_xml (0.6.0) + multipart-post (2.0.0) nio4r (2.3.0) nokogiri (1.8.2) mini_portile2 (~> 2.3.0) + oauth2 (1.4.0) + faraday (>= 0.8, < 0.13) + jwt (~> 1.0) + multi_json (~> 1.3) + multi_xml (~> 0.5) + rack (>= 1.2, < 3) + omniauth (1.8.1) + hashie (>= 3.4.6, < 3.6.0) + rack (>= 1.6.2, < 3) + omniauth-github (1.3.0) + omniauth (~> 1.5) + omniauth-oauth2 (>= 1.4.0, < 2.0) + omniauth-oauth2 (1.5.0) + oauth2 (~> 1.1) + omniauth (~> 1.2) pg (0.21.0) pry (0.11.3) coderay (~> 1.1.0) @@ -197,8 +225,10 @@ PLATFORMS DEPENDENCIES autoprefixer-rails better_errors + binding_of_caller byebug coffee-rails (~> 4.2) + dotenv-rails foundation-rails jbuilder (~> 2.5) jquery-rails @@ -207,6 +237,8 @@ DEPENDENCIES minitest-reporters minitest-skip minitest-spec-rails + omniauth + omniauth-github pg (~> 0.18) pry-rails puma (~> 3.0) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 5bce99e6..843e5933 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -1,34 +1,69 @@ class SessionsController < ApplicationController - def login_form - end + def create + auth_hash = request.env['omniauth.auth'] - def login - username = params[:username] - if username and user = User.find_by(username: username) - session[:user_id] = user.id - flash[:status] = :success - flash[:result_text] = "Successfully logged in as existing user #{user.username}" - else - user = User.new(username: username) - if user.save - session[:user_id] = user.id - flash[:status] = :success - flash[:result_text] = "Successfully created new user #{user.username} with ID #{user.id}" + if auth_hash['uid'] + user = User.find_by(uid: auth_hash[:uid], provider: 'github') + if user.nil? + # User doesn't match anything in the DB + # Attempt to create a new user + user = User.build_from_github(auth_hash) + user.save else - flash.now[:status] = :failure - flash.now[:result_text] = "Could not log in" - flash.now[:messages] = user.errors.messages - render "login_form", status: :bad_request - return + flash[:success] = "Logged in successfully" + redirect_to root_path end + + # If we get here, we have the user instance + session[:user_id] = user.id + else + flash[:error] = "Could not log in" + redirect_to root_path end - redirect_to root_path + # redirect_to root_path + end + + def index + @user = User.find(session[:user_id]) # < recalls the value set in a previous request end - def logout + def destroy session[:user_id] = nil - flash[:status] = :success - flash[:result_text] = "Successfully logged out" + flash[:success] = "Successfully logged out!" + redirect_to root_path end + + # def login_form + # end + + # def login + # username = params[:username] + # if username and user = User.find_by(username: username) + # session[:user_id] = user.id + # flash[:status] = :success + # flash[:result_text] = "Successfully logged in as existing user #{user.username}" + # else + # user = User.new(username: username) + # if user.save + # session[:user_id] = user.id + # flash[:status] = :success + # flash[:result_text] = "Successfully created new user #{user.username} with ID #{user.id}" + # else + # flash.now[:status] = :failure + # flash.now[:result_text] = "Could not log in" + # flash.now[:messages] = user.errors.messages + # render "login_form", status: :bad_request + # return + # end + # end + # redirect_to root_path + # end + # + # def logout + # session[:user_id] = nil + # flash[:status] = :success + # flash[:result_text] = "Successfully logged out" + # redirect_to root_path + # end end diff --git a/app/models/user.rb b/app/models/user.rb index 4cac8fe0..296a70f7 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -3,4 +3,14 @@ class User < ApplicationRecord has_many :ranked_works, through: :votes, source: :work validates :username, uniqueness: true, presence: true + + def self.build_from_github(auth_hash) + return User.new( + username: auth_hash[:info][:nickname], + email: auth_hash[:info][:email], + uid: auth_hash[:uid], + provider: auth_hash[:provider] + ) + end + end diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index 82ca0fdc..a496c4ab 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -27,9 +27,9 @@
<% if @login_user %> <%= link_to "Logged in as #{@login_user.username}", user_path(@login_user), class: "button" %> - <%= link_to "Log Out", logout_path, method: :post, class: "button" %> + <%= link_to "Log Out", logout_path, method: :delete, class: "button" %> <% else %> - <%= link_to "Log In", login_path, class: "button" %> + <%= link_to "Log In", "/auth/github", class: "button" %> <% end %>
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb new file mode 100644 index 00000000..fd441612 --- /dev/null +++ b/config/initializers/omniauth.rb @@ -0,0 +1,3 @@ +Rails.application.config.middleware.use OmniAuth::Builder do + provider :github, ENV["GITHUB_CLIENT_ID"], ENV["GITHUB_CLIENT_SECRET"], scope: "user:email" +end diff --git a/config/routes.rb b/config/routes.rb index a7e8af1d..932e5882 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,9 +1,14 @@ Rails.application.routes.draw do # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html root 'works#root' - get '/login', to: 'sessions#login_form', as: 'login' - post '/login', to: 'sessions#login' - post '/logout', to: 'sessions#logout', as: 'logout' + + get "/auth/:provider/callback", to: "sessions#create" + delete "/logout", to: "sessions#destroy", as: "logout" + + + # get '/login', to: 'sessions#login_form', as: 'login' + # post '/login', to: 'sessions#login' + # post '/logout', to: 'sessions#logout', as: 'logout' resources :works post '/works/:id/upvote', to: 'works#upvote', as: 'upvote' diff --git a/db/migrate/20180430080137_add_uid_provider_and_email_to_users.rb b/db/migrate/20180430080137_add_uid_provider_and_email_to_users.rb new file mode 100644 index 00000000..07450f56 --- /dev/null +++ b/db/migrate/20180430080137_add_uid_provider_and_email_to_users.rb @@ -0,0 +1,7 @@ +class AddUidProviderAndEmailToUsers < ActiveRecord::Migration[5.0] + def change + add_column :users, :uid, :string + add_column :users, :provider, :string + add_column :users, :email, :string + end +end diff --git a/db/schema.rb b/db/schema.rb index 6bc8ba5c..35a6fedc 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20170407164321) do +ActiveRecord::Schema.define(version: 20180430080137) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -19,6 +19,9 @@ t.string "username" t.datetime "created_at", null: false t.datetime "updated_at", null: false + t.string "uid" + t.string "provider" + t.string "email" end create_table "votes", force: :cascade do |t| From c9557a414aa43f1adc0a09abf07a19d6f127bb54 Mon Sep 17 00:00:00 2001 From: Monalisa Chatterjee Date: Mon, 30 Apr 2018 20:40:15 -0700 Subject: [PATCH 7/9] commented out session previous test --- test/controllers/sessions_controller_test.rb | 38 ++++++++++---------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb index a9883331..0a4f5f91 100644 --- a/test/controllers/sessions_controller_test.rb +++ b/test/controllers/sessions_controller_test.rb @@ -1,23 +1,23 @@ require "test_helper" describe SessionsController do - let (:user) { users(:kari) } - it "login_form" do - get login_path - must_respond_with :success - end - it "can log in" do - post login_path, params: { - username: "kari" - } - - must_redirect_to root_path - end - - it "can log out" do - post logout_path - must_redirect_to root_path - - end - + # let (:user) { users(:kari) } + # it "login_form" do + # get login_path + # must_respond_with :success + # end + # it "can log in" do + # post login_path, params: { + # username: "kari" + # } + # + # must_redirect_to root_path + # end + # + # it "can log out" do + # post logout_path + # must_redirect_to root_path + # + # end + # end From 3f7fc1412900adf5e4e24ad3b8e603534b0d5589 Mon Sep 17 00:00:00 2001 From: Monalisa Chatterjee Date: Mon, 30 Apr 2018 21:06:56 -0700 Subject: [PATCH 8/9] basic authorization --- app/controllers/application_controller.rb | 10 +++++++++- app/controllers/sessions_controller.rb | 2 ++ app/controllers/users_controller.rb | 2 ++ app/controllers/works_controller.rb | 1 + 4 files changed, 14 insertions(+), 1 deletion(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index c12c7c17..22bda3be 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -8,7 +8,15 @@ def render_404 raise ActionController::RoutingError.new('Not Found') end -private + def require_login + if @login_user.nil? + flash[:status] = :failure + flash[:result_text] = "You must be logged in to view this section" + redirect_to root_path + end + end + + private def find_user if session[:user_id] @login_user = User.find_by(id: session[:user_id]) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 843e5933..14419c4b 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -1,4 +1,6 @@ class SessionsController < ApplicationController + before_action :require_login, except: [:create] + def create auth_hash = request.env['omniauth.auth'] diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 73b42652..efdf82c8 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,4 +1,6 @@ class UsersController < ApplicationController + before_action :require_login + def index @users = User.all end diff --git a/app/controllers/works_controller.rb b/app/controllers/works_controller.rb index 2020bee4..f861b629 100644 --- a/app/controllers/works_controller.rb +++ b/app/controllers/works_controller.rb @@ -1,6 +1,7 @@ class WorksController < ApplicationController # We should always be able to tell what category # of work we're dealing with + before_action :require_login, except: [:root] before_action :category_from_work, except: [:root, :index, :new, :create] def root From 4b003f94dce366018a08d14541bed61b5de15565 Mon Sep 17 00:00:00 2001 From: Monalisa Chatterjee Date: Mon, 30 Apr 2018 22:31:19 -0700 Subject: [PATCH 9/9] Add mock auth and tests --- app/controllers/sessions_controller.rb | 7 +-- config/routes.rb | 2 +- test/controllers/sessions_controller_test.rb | 51 +++++++++++++++++++- test/controllers/users_controller_test.rb | 18 ++++++- test/controllers/works_controller_test.rb | 48 +++++++++++++++--- test/fixtures/users.yml | 6 +++ test/test_helper.rb | 31 ++++++++++++ 7 files changed, 150 insertions(+), 13 deletions(-) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 14419c4b..eecf4683 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -11,6 +11,7 @@ def create # Attempt to create a new user user = User.build_from_github(auth_hash) user.save + redirect_to root_path else flash[:success] = "Logged in successfully" redirect_to root_path @@ -25,9 +26,9 @@ def create # redirect_to root_path end - def index - @user = User.find(session[:user_id]) # < recalls the value set in a previous request - end + # def index + # @user = User.find(session[:user_id]) # < recalls the value set in a previous request + # end def destroy session[:user_id] = nil diff --git a/config/routes.rb b/config/routes.rb index 932e5882..4b21e1a4 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -2,7 +2,7 @@ # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html root 'works#root' - get "/auth/:provider/callback", to: "sessions#create" + get "/auth/:provider/callback", to: "sessions#create", as: 'auth_callback' delete "/logout", to: "sessions#destroy", as: "logout" diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb index 0a4f5f91..2c96e576 100644 --- a/test/controllers/sessions_controller_test.rb +++ b/test/controllers/sessions_controller_test.rb @@ -1,6 +1,54 @@ require "test_helper" describe SessionsController do + let (:user) { users(:kari) } + + describe "create" do + it "logs in an existing user" do + start_count = User.count + login(user) + + must_redirect_to root_path + + session[:user_id].must_equal user.id + User.count.must_equal start_count + end + + it "logs in new user" do + start_count = User.count + user = User.new(provider: "github", uid: "1234", username: "test", email: "test@example.com") + + login(user) + + must_redirect_to root_path + + User.count.must_equal start_count + 1 + session[:user_id].must_equal User.last.id + end + + it "does not login for bogus data" do + start_count = User.count + user = User.new(provider: "github", uid: "1234", username: nil, email: "test@example.com") + + login(user) + + must_redirect_to root_path + + User.count.must_equal start_count + session[:user_id].must_be_nil + end + + end + + describe "destroy" do + it "can logout" do + login(user) + delete logout_path + session[:user_id].must_be_nil + must_redirect_to root_path + end + end + # let (:user) { users(:kari) } # it "login_form" do # get login_path @@ -19,5 +67,6 @@ # must_redirect_to root_path # # end - # + + end diff --git a/test/controllers/users_controller_test.rb b/test/controllers/users_controller_test.rb index 3c9385b1..2425a488 100644 --- a/test/controllers/users_controller_test.rb +++ b/test/controllers/users_controller_test.rb @@ -1,25 +1,38 @@ require 'test_helper' describe UsersController do + let (:user) { users(:kari) } + describe "index" do it "succeeds with many users" do + login(user) User.count.must_be :>, 0 get users_path must_respond_with :success end - it "succeeds with no users" do + # it "succeeds with no users" do + # Vote.destroy_all + # User.destroy_all + # + # get users_path + # must_respond_with :success + # end + + it "redirects with no users" do Vote.destroy_all User.destroy_all get users_path - must_respond_with :success + must_respond_with :redirect + must_redirect_to root_path end end describe "show" do it "succeeds for an extant user" do + login(user) get user_path(User.first) must_respond_with :success get user_path(User.last) @@ -27,6 +40,7 @@ end it "renders 404 not_found for a bogus user" do + login(user) user_id = User.last.id + 1 get user_path(user_id) must_respond_with 404 diff --git a/test/controllers/works_controller_test.rb b/test/controllers/works_controller_test.rb index 70f40ceb..3d5e09aa 100644 --- a/test/controllers/works_controller_test.rb +++ b/test/controllers/works_controller_test.rb @@ -1,6 +1,8 @@ require 'test_helper' describe WorksController do + let (:user) { users(:kari) } + describe "root" do it "succeeds with all media types" do # Precondition: there is at least one media of each category @@ -36,12 +38,14 @@ describe "index" do it "succeeds when there are works" do + login(user) Work.count.must_be :>, 0 get works_path must_respond_with :success end it "succeeds when there are no works" do + login(user) Work.destroy_all get works_path must_respond_with :success @@ -50,6 +54,7 @@ describe "new" do it "succeeds" do + login(user) get new_work_path must_respond_with :success end @@ -57,6 +62,7 @@ describe "create" do it "creates a work with valid data for a real category" do + login(user) work_data = { work: { title: "test work" @@ -76,6 +82,7 @@ end it "renders bad_request and does not update the DB for bogus data" do + login(user) work_data = { work: { title: "" @@ -94,6 +101,7 @@ end it "renders 400 bad_request for bogus categories" do + login(user) work_data = { work: { title: "test work" @@ -114,6 +122,7 @@ describe "show" do it "succeeds for an extant work ID" do + login(user) get work_path(Work.first.id) must_respond_with :success get work_path(Work.last.id) @@ -121,6 +130,7 @@ end it "renders 404 not_found for a bogus work ID" do + login(user) work_id = Work.last.id + 1 get work_path(work_id) must_respond_with 404 @@ -129,6 +139,7 @@ describe "edit" do it "succeeds for an extant work ID" do + login(user) get edit_work_path(Work.first.id) must_respond_with :success get edit_work_path(Work.last.id) @@ -136,6 +147,7 @@ end it "renders 404 not_found for a bogus work ID" do + login(user) work_id = Work.last.id + 1 get edit_work_path(work_id) must_respond_with :not_found @@ -144,6 +156,7 @@ describe "update" do it "succeeds for valid data and an extant work ID" do + login(user) updated_title = "Title" patch work_path(works(:poodr).id), params: { @@ -159,6 +172,7 @@ end it "renders bad_request for bogus data" do + login(user) updated_title = " " patch work_path(works(:poodr).id), params: { @@ -170,6 +184,7 @@ end it "renders 404 not_found for a bogus work ID" do + login(user) work_id = Work.last.id + 1 get work_path(work_id) must_respond_with 404 @@ -178,6 +193,7 @@ describe "destroy" do it "succeeds for an extant work ID" do + login(user) work_id = Work.first.id delete work_path(work_id) @@ -187,6 +203,7 @@ end it "renders 404 not_found and does not update the DB for a bogus work ID" do + login(user) start_count = Work.count work_id = Work.last.id + 1 @@ -199,24 +216,43 @@ describe "upvote" do let(:work) { Work.first } - let(:user) { users(:kari) } + # it "redirects to the work page if no user is logged in" do + # post upvote_path(work) + # must_respond_with :redirect + # must_redirect_to work_path(work.id) + # end - it "redirects to the work page if no user is logged in" do + it "redirects to the main page if no user is logged in" do post upvote_path(work) must_respond_with :redirect - must_redirect_to work_path(work.id) + must_redirect_to root_path end - it "redirects to the work page after the user has logged out" do + it "redirects to the main page after the user has logged out" do + login(user) + delete logout_path + post upvote_path(work) + must_respond_with :redirect + must_redirect_to root_path end it "succeeds for a logged-in user and a fresh user-vote pair" do - + login(user) + work = works(:another_album) + post upvote_path(work) + flash[:status].must_equal :success + must_respond_with :redirect + must_redirect_to work_path end it "redirects to the work page if the user has already voted for that work" do - + login(user) + work = works(:album) + post upvote_path(work) + flash[:status].must_equal :failure + must_respond_with :redirect + must_redirect_to work_path end end end diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml index e2968d78..1e6d8c83 100644 --- a/test/fixtures/users.yml +++ b/test/fixtures/users.yml @@ -2,6 +2,12 @@ dan: username: dan + uid: 123 + provider: github + email: dan@example.com kari: username: kari + uid: 456 + provider: github + email: kari@example.com diff --git a/test/test_helper.rb b/test/test_helper.rb index 5b4fb667..0afa8f57 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -23,4 +23,35 @@ class ActiveSupport::TestCase # Setup all fixtures in test/fixtures/*.yml for all tests in alphabetical order. fixtures :all # Add more helper methods to be used by all tests here... + def setup + # Once you have enabled test mode, all requests + # to OmniAuth will be short circuited to use the mock authentication hash. + # A request to /auth/provider will redirect immediately to /auth/provider/callback. + OmniAuth.config.test_mode = true + end + + # Test helper method to generate a mock auth hash + # from an instance of the User model + # The structure should match what we get from GitHub + def mock_auth_hash(user) + return { + provider: user.provider, + uid: user.uid, + info: { + email: user.email, + nickname: user.username + } + } + end + + def login(user) + # Tell OmniAuth to use this user's info when it sees + # an auth callback from github + OmniAuth.config.mock_auth[:github] = OmniAuth::AuthHash.new(mock_auth_hash(user)) + + # Send a login request for that user + # Note that we're using the named path for the callback, as defined + # in the `as:` clause in `config/routes.rb` + get auth_callback_path(:github) + end end