Restful_authentication: 3 unit tests break!


#1

Hi all

I have installed restful_authentication. However, I didn’t active the
email-verification option in the first way, so I tried to activate it
manually some time later. But now I have problems with my application
and I’m trying to solve them bit by bit.

First of all, my unit tests don’t work:

  1. Failure:
    test_should_initialize_activation_code_upon_creation(UserTest)
    [./test/unit/user_test.rb:18:in
    test_should_initialize_activation_code_upon_creation' /Library/Ruby/Gems/1.8/gems/activesupport-2.1.0/lib/active_support/testing/setup_and_teardown.rb:33:insend
    /Library/Ruby/Gems/1.8/gems/activesupport-2.1.0/lib/active_support/testing/setup_and_teardown.rb:33:in
    `run’]:
    expected to not be nil.

  2. Failure:
    test_should_unsuspend_user_to_active_state(UserTest)
    [./test/unit/user_test.rb:130:in
    test_should_unsuspend_user_to_active_state' /Library/Ruby/Gems/1.8/gems/activesupport-2.1.0/lib/active_support/testing/setup_and_teardown.rb:33:insend
    /Library/Ruby/Gems/1.8/gems/activesupport-2.1.0/lib/active_support/testing/setup_and_teardown.rb:33:in
    `run’]:
    is not true.

  3. Failure:
    test_suspended_user_should_not_authenticate(UserTest)
    [./test/unit/user_test.rb:123:in
    test_suspended_user_should_not_authenticate' /Library/Ruby/Gems/1.8/gems/activesupport-2.1.0/lib/active_support/testing/setup_and_teardown.rb:33:insend
    /Library/Ruby/Gems/1.8/gems/activesupport-2.1.0/lib/active_support/testing/setup_and_teardown.rb:33:in
    `run’]:
    <#<User id: 1, login: “quentin”, email: “removed_email_address@domain.invalid”,
    crypted_password: “00742970dc9e6319f8019fd54864d3ea740f04b1”, salt:
    “7e3041ebc2fc05a40c60028e2c4901a81035d3cd”, created_at: “2009-04-15
    15:13:00”, updated_at: “2009-04-20 15:13:01”, remember_token: nil,
    remember_token_expires_at: nil, first_name: “Quentin”, last_name:
    “Tarantino”, activation_code: nil, state: “suspended”, activated_at:
    nil, deleted_at: nil>> expected to be != to
    <#<User id: 1, login: “quentin”, email: “removed_email_address@domain.invalid”,
    crypted_password: “00742970dc9e6319f8019fd54864d3ea740f04b1”, salt:
    “7e3041ebc2fc05a40c60028e2c4901a81035d3cd”, created_at: “2009-04-15
    15:13:00”, updated_at: “2009-04-20 15:13:01”, remember_token: nil,
    remember_token_expires_at: nil, first_name: “Quentin”, last_name:
    “Tarantino”, activation_code: nil, state: “suspended”, activated_at:
    nil, deleted_at: nil>>.

43 tests, 83 assertions, 3 failures, 0 errors
rake aborted!
Command failed with status (1):
[/System/Library/Frameworks/Ruby.framework/…]

(See full trace by running task with --trace)

Sadly I have no idea how to fix them… what could be wrong? My user
model looks the following:

require ‘digest/sha1’
class User < ActiveRecord::Base

Virtual attribute for the unencrypted password

attr_accessor :password

validates_presence_of :login,
:email,
:first_name,
:last_name
validates_presence_of :password, :if =>
:password_required?
validates_presence_of :password_confirmation, :if =>
:password_required?
validates_length_of :password, :within => 4…40, :if =>
:password_required?
validates_confirmation_of :password, :if =>
:password_required?
validates_length_of :login, :within => 3…40
validates_length_of :email, :within => 3…100
validates_uniqueness_of :login, :email, :case_sensitive => false
before_save :encrypt_password

has_many :comments,
:dependent => :destroy

has_many :blogs,
:dependent => :destroy

prevents a user from submitting a crafted form that bypasses

activation

anything else you want your user to change should be added here.

attr_accessible :login,
:email,
:first_name,
:last_name,
:password,
:password_confirmation

acts_as_state_machine :initial => :pending
state :passive
state :pending, :enter => :make_activation_code
state :active, :enter => :do_activate
state :suspended
state :deleted, :enter => :do_delete

event :register do
transitions :from => :passive, :to => :pending, :guard => Proc.new
{|u| !(u.crypted_password.blank? && u.password.blank?) }
end

event :activate do
transitions :from => :pending, :to => :active
end

event :suspend do
transitions :from => [:passive, :pending, :active], :to =>
:suspended
end

event :delete do
transitions :from => [:passive, :pending, :active, :suspended], :to
=> :deleted
end

event :unsuspend do
transitions :from => :suspended, :to => :active, :guard => Proc.new
{|u| !u.activated_at.blank? }
transitions :from => :suspended, :to => :pending, :guard => Proc.new
{|u| !u.activation_code.blank? }
transitions :from => :suspended, :to => :passive
end

Authenticates a user by their login name and unencrypted password.

Returns the user or nil.
def self.authenticate(login, password)
u = find_by_login(login) # need to get the salt
u && u.authenticated?(password) ? u : nil
end

Encrypts some data with the salt.

def self.encrypt(password, salt)
Digest::SHA1.hexdigest("–#{salt}–#{password}–")
end

Encrypts the password with the user salt

def encrypt(password)
self.class.encrypt(password, salt)
end

def authenticated?(password)
crypted_password == encrypt(password)
end

def remember_token?
remember_token_expires_at && Time.now.utc <
remember_token_expires_at
end

These create and unset the fields required for remembering users

between browser closes
def remember_me
remember_me_for 2.weeks
end

def remember_me_for(time)
remember_me_until time.from_now.utc
end

def remember_me_until(time)
self.remember_token_expires_at = time
self.remember_token =
encrypt("#{email}–#{remember_token_expires_at}")
save(false)
end

def forget_me
self.remember_token_expires_at = nil
self.remember_token = nil
save(false)
end

Returns true if the user has just been activated.

def recently_activated?
@activated
end

def forgot_password
@forgotten_password = true
self.make_password_reset_code
end

def reset_password
# First update the password_reset_code before setting the
# reset_password flag to avoid duplicate email notifications.
update_attributes(:password_reset_code => nil)
@reset_password = true
end

def recently_forgot_password?
@forgotten_password
end

def recently_reset_password?
@reset_password
end

def display_name
“#{first_name} #{last_name}”
end

protected

before filter

def encrypt_password
return if password.blank?
self.salt = Digest::SHA1.hexdigest("–#{Time.now.to_s}–#{login}–")
if new_record?
self.crypted_password = encrypt(password)
end

def password_required?
crypted_password.blank? || !password.blank?
end

def make_activation_code
self.deleted_at = nil
self.activation_code = Digest::SHA1.hexdigest(
Time.now.to_s.split(//).sort_by {rand}.join )
end

def do_delete
self.deleted_at = Time.now.utc
end

def do_activate
@activated = true
self.activated_at = Time.now.utc
self.deleted_at = self.activation_code = nil
end

def make_password_reset_code
self.password_reset_code = Digest::SHA1.hexdigest(
Time.now.to_s.split(//).sort_by {rand}.join )
end
end

It’s basically the original model, but I added first_name and last_name.

I’d be very thankful for some debugging help…
Josh


#2

OK, the first error could be solved. I did not call register! when
creating the object.

protected
def create_user(options = {})
record = User.new({ :login => ‘quire’,
:email => ‘removed_email_address@domain.invalid’,
:first_name => ‘Quire’,
:last_name => ‘Quare’,
:password => ‘quire’,
:password_confirmation => ‘quire’,
:state => ‘pending’
}.merge(options))
record.register! if record.valid? # Here I just called record.save
before
record
end

Anyway, why do I have to call record.register! here? What’s the
difference to record.save? I guess it has something to do with
acts_as_state_machine?


#3

I guess it has something to do with acts_as_state_machine?

Yes. Don’t you read the source code of your plugins before using them?
That’s bold.


#4

Fernando P. wrote:

I guess it has something to do with acts_as_state_machine?

Yes. Don’t you read the source code of your plugins before using them?
That’s bold.

Thanks for your very helpful answer. :wink:


#5

Fernando P. wrote:

I guess it has something to do with acts_as_state_machine?

Yes. Don’t you read the source code of your plugins before using them?
That’s bold.

OK, I read some of the source code of the plugin. Sadly I’m no very
experienced Ruby programmer, so I have a question.

Where does a new record get saved to the DB when calling register!?

record = User.new({ :login => ‘quire’, :email => ‘removed_email_address@domain.invalid’, :password => ‘quire’, :password_confirmation => ‘quire’ })
=> #<User id: nil, first_name: nil, last_name: nil, login: “quire”,
email: “removed_email_address@domain.invalid”, remember_token: nil, crypted_password: nil,
password_reset_code: nil, salt: nil, activation_code: nil,
remember_token_expires_at: nil, activated_at: nil, deleted_at: nil,
state: “passive”, created_at: nil, updated_at: nil>

record.new_record?
=> true

record.register!
=> true

record.new_record?
=> false

I’m trying to get into this plugin, but it seems very tricky to me…


#6

On Apr 20, 2:55 pm, Joshua M. removed_email_address@domain.invalid
wrote:

record.new_record?

=> false

I’m trying to get into this plugin, but it seems very tricky to me…

Posted viahttp://www.ruby-forum.com/.

The record gets saved by aasm (acts_as_state_machine). By using this
plugin, your model has different “states” that is stored most likely
in a :state column. When you call register or register! on your model,
it is telling aasm to change the state of your model:

event :register do
transitions :from => :passive, :to => :pending, :guard => Proc.new
{|u| !(u.crypted_password.blank? && u.password.blank?) }
end

In this case, it’s changing your model from the :passive state to
the :pending state. What happens at this point is that
make_activation_code is called because of this line:

state :pending, :enter => :make_activation_code.

Your model is saved after you call register because aasm changes the
state of the model and then saves that model.

Hopefully this helps.

Jon