From b1a09c6f7874e4c65280d144d10690122ae4b979 Mon Sep 17 00:00:00 2001 From: Carol Nichols Date: Wed, 18 May 2011 16:23:01 -0400 Subject: [PATCH 1/2] bad carol, bad merge. plucky query has to use .count, not .length, and commit 762b8a1 had already fixed this then I unfixed it. --- test/unit/user_test.rb | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb index 4e0d9bd0..c3d6742a 100644 --- a/test/unit/user_test.rb +++ b/test/unit/user_test.rb @@ -8,23 +8,21 @@ describe "#at_replies" do it "returns all at_replies for this user" do - skip "carol broke this test somehow-- undefined method `length' for Plucky::Query" u = User.create(:username => "steve") update = Update.create(:text => "@steve oh hai!") Update.create(:text => "just some other update") - assert_equal 1, u.at_replies({}).length + assert_equal 1, u.at_replies({}).count assert_equal update.id, u.at_replies({}).first.id end it "returns all at_replies for a username containing ." do - skip "carol broke this test somehow-- undefined method `length' for Plucky::Query" u = Factory.create(:user, :username => "hello.there") u1 = Factory.create(:user, :username => "helloothere") update = Update.create(:text => "@hello.there how _you_ doin'?") - assert_equal 1, u.at_replies({}).length - assert_equal 0, u1.at_replies({}).length + assert_equal 1, u.at_replies({}).count + assert_equal 0, u1.at_replies({}).count end end From ee0a59426396b976668167d5fbb31ba2b1f98a6e Mon Sep 17 00:00:00 2001 From: Carol Nichols Date: Wed, 18 May 2011 23:09:33 -0400 Subject: [PATCH 2/2] Closes issue #344. Disallows creation of accounts with usernames but without passwords. - When creating an account via the login/signup form: -- Checks valid? -- Checks for password length -- Then saves Password can't be added to the validations because it's not required for accounts created using facebook or twitter, but the fb/twitter auth isn't added to the User until after save. --- controllers/sessions_controller.rb | 16 ++++++++++------ test/acceptance/signup_test.rb | 24 ++++++++++++++++++++++++ 2 files changed, 34 insertions(+), 6 deletions(-) diff --git a/controllers/sessions_controller.rb b/controllers/sessions_controller.rb index 96dae69e..7322839a 100644 --- a/controllers/sessions_controller.rb +++ b/controllers/sessions_controller.rb @@ -18,13 +18,17 @@ class Rstatus u = User.first :username => params[:username] if u.nil? @user = User.new params - if @user.save - session[:user_id] = @user.id - flash[:notice] = "Thanks for signing up!" - redirect "/" - else - haml :"login" + if @user.valid? + if @user.password.length > 0 + @user.save + session[:user_id] = @user.id + flash[:notice] = "Thanks for signing up!" + redirect "/" + else + @user.errors.add(:password, "can't be empty") + end end + haml :"login" else if user = User.authenticate(params[:username], params[:password]) session[:user_id] = user.id diff --git a/test/acceptance/signup_test.rb b/test/acceptance/signup_test.rb index dd048343..825e660e 100644 --- a/test/acceptance/signup_test.rb +++ b/test/acceptance/signup_test.rb @@ -38,6 +38,30 @@ assert_match /Username can't be empty/, page.body end + it "requires a password" do + visit '/login' + fill_in "username", :with => "baseball" + click_button "Log in" + + assert_match /Password can't be empty/, page.body + end + + it "does not save user to db if there wasn't a password" do + visit '/login' + fill_in "username", :with => "baseball" + click_button "Log in" + + assert_match /Password can't be empty/, page.body + + fill_in "username", :with => "baseball" + fill_in "password", :with => "baseball" + click_button "Log in" + + refute_match /The username exists; the password you entered was incorrect\. If you are trying to create a new account, please choose a different username/, page.body + refute_match /prohibited your account from being created/, page.body + assert_match /\//, page.current_url + end + it "shows an error if the username is too long" do visit '/login' fill_in "username", :with => "supercalifragilisticexpialidocious"