Commit 63f4f034

mo khan <mo@mokhan.ca>
2014-09-18 01:51:27
get controller specs passing.
master
1 parent ced3ca5
Changed files (4)
app
controllers
my
settings_controller.rb
application_controller.rb
models
user.rb
spec
controllers
api
v1
logins_controller_spec.rb
app/controllers/my/settings_controller.rb
@@ -7,7 +7,7 @@ module My
     def update
       @user = current_user
       @user.interest_ids = params[:user][:interest_ids] ||= []
-      if @user.update_without_password(user_params)
+      if @user.update(user_params)
         redirect_to my_settings_path, :notice => t(:profile_saved)
       else
         render :index
app/controllers/application_controller.rb
@@ -3,7 +3,7 @@ class ApplicationController < ActionController::Base
   # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception
   before_action :load_header
-  before_action :configure_permitted_parameters, if: :devise_controller?
+  #before_action :configure_permitted_parameters, if: :devise_controller?
   #before_action :extend_session_cookie
   helper_method :current_user, :user_signed_in?
   rescue_from ActiveRecord::RecordNotFound, with: :record_not_found
@@ -20,11 +20,11 @@ class ApplicationController < ActionController::Base
     current_user
   end
 
-  protected
+  #protected
 
-  def configure_permitted_parameters
-    devise_parameter_sanitizer.for(:user) { |u| u.permit(:name, :city, :email) }
-  end
+  #def configure_permitted_parameters
+    #devise_parameter_sanitizer.for(:user) { |u| u.permit(:name, :city, :email) }
+  #end
 
   private
app/models/user.rb
@@ -2,7 +2,7 @@ require 'bcrypt'
 
 class User < ActiveRecord::Base
   include BCrypt
-  #before_save :ensure_authentication_token
+  before_save :ensure_authentication_token
   after_create :send_welcome_email unless Rails.env.test?
 
   validates :name,  :presence => true
@@ -75,6 +75,12 @@ class User < ActiveRecord::Base
     creations.create(name: name, category_id: category.id)
   end
 
+  def valid_password?(password)
+    bcrypt = ::BCrypt::Password.new(encrypted_password)
+    password = ::BCrypt::Engine.hash_secret(password, bcrypt.salt)
+    secure_compare(password, encrypted_password)
+  end
+
   class << self
     def ordered
       User.order(:creations_count => :desc)
@@ -88,23 +94,28 @@ class User < ActiveRecord::Base
     def login(username, password)
       user = User.find_by(email: username)
       return false if user.nil?
-      bcrypt = ::BCrypt::Password.new(user.encrypted_password)
-      password = ::BCrypt::Engine.hash_secret(password, bcrypt.salt)
-      if secure_compare(password, user.encrypted_password)
-        UserSession.create!(user: user)
+      if user.valid_password?(password)
+        UserSession.create!(user: self)
       else
         false
       end
     end
 
-    # constant-time comparison algorithm to prevent timing attacks
-    def secure_compare(a, b)
-      return false if a.blank? || b.blank? || a.bytesize != b.bytesize
-      l = a.unpack "C#{a.bytesize}"
+  end
 
-      res = 0
-      b.each_byte { |byte| res |= byte ^ l.shift }
-      res == 0
-    end
+  private
+
+  # constant-time comparison algorithm to prevent timing attacks
+  def secure_compare(a, b)
+    return false if a.blank? || b.blank? || a.bytesize != b.bytesize
+    l = a.unpack "C#{a.bytesize}"
+
+    res = 0
+    b.each_byte { |byte| res |= byte ^ l.shift }
+    res == 0
+  end
+
+  def ensure_authentication_token
+    self.authentication_token = SecureRandom.hex(32) if self.authentication_token.blank?
   end
 end
spec/controllers/api/v1/logins_controller_spec.rb
@@ -5,7 +5,7 @@ describe Api::V1::LoginsController do
     let(:user) { create(:user) }
 
     it "should return the auth token" do
-      post :create, { :email => user.email, :password => user.password }
+      post :create, { :email => user.email, :password => 'password' }
       response.body.should == { auth_token: user.authentication_token }.to_json
     end
   end