diff options
| -rw-r--r-- | app/controllers/user_controller.rb | 45 | ||||
| -rw-r--r-- | spec/controllers/user_controller_spec.rb | 35 |
2 files changed, 53 insertions, 27 deletions
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index f9a25c2e1..72693be1e 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -4,7 +4,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: user_controller.rb,v 1.17 2007-11-08 16:18:25 francis Exp $ +# $Id: user_controller.rb,v 1.18 2007-11-09 01:48:36 francis Exp $ class UserController < ApplicationController # XXX See controllers/application.rb simplify_url_part for reverse of expression in SQL below @@ -18,24 +18,7 @@ class UserController < ApplicationController # Login form def signin - # Redirect to front page later if nothing else specified - if not params[:r] and not params[:token] - params[:r] = "/" - end - # The explicit "signin" link uses this to specify where to go back to - if params[:r] - @post_redirect = PostRedirect.new(:uri => params[:r], :post_params => {}, - :reason_params => { - :web => "Please sign in or make a new account.", - :email => "Then your can sign in to GovernmentSpy.", - :email_subject => "Confirm your account on GovernmentSpy" - }) - @post_redirect.save! - params[:token] = @post_redirect.token - elsif params[:token] - # Otherwise we have a token (which represents a saved POST request0 - @post_redirect = PostRedirect.find_by_token(params[:token]) - end + work_out_post_redirect if not params[:user] # First time page is shown @@ -62,6 +45,8 @@ class UserController < ApplicationController # Create new account form def signup + work_out_post_redirect + # Make the user and try to save it @user = User.new(params[:user]) if not @user.valid? @@ -112,6 +97,28 @@ class UserController < ApplicationController private + # Decide where we are going to redirect back to after signin/signup, and record that + def work_out_post_redirect + # Redirect to front page later if nothing else specified + if not params[:r] and not params[:token] + params[:r] = "/" + end + # The explicit "signin" link uses this to specify where to go back to + if params[:r] + @post_redirect = PostRedirect.new(:uri => params[:r], :post_params => {}, + :reason_params => { + :web => "Please sign in or make a new account.", + :email => "Then your can sign in to GovernmentSpy.", + :email_subject => "Confirm your account on GovernmentSpy" + }) + @post_redirect.save! + params[:token] = @post_redirect.token + elsif params[:token] + # Otherwise we have a token (which represents a saved POST request0 + @post_redirect = PostRedirect.find_by_token(params[:token]) + end + end + # Ask for email confirmation def send_confirmation_mail raise "user #{@user.id} already confirmed" if @user.email_confirmed diff --git a/spec/controllers/user_controller_spec.rb b/spec/controllers/user_controller_spec.rb index fa8cea3b5..cf73e5d13 100644 --- a/spec/controllers/user_controller_spec.rb +++ b/spec/controllers/user_controller_spec.rb @@ -79,6 +79,7 @@ describe UserController, "when signing in" do } session[:user].should == users(:bob_smith_user).id response.should redirect_to(:controller => 'request', :action => 'list', :post_redirect => 1) + response.should_not send_email end it "should ask you to confirm your email if it isn't confirmed, after log in" do @@ -89,10 +90,28 @@ describe UserController, "when signing in" do :token => post_redirect.token } response.should render_template('confirm') - # XXX check email sent + response.should send_email end - it "should confirm your email, log you in and redirect you to where you were after you click an email link" + it "should confirm your email, log you in and redirect you to where you were after you click an email link" do + get :signin, :r => "/list" + post_redirect = get_last_postredirect + + post :signin, { :user => { :email => 'silly@localhost', :password => 'jonespassword' }, + :token => post_redirect.token + } + response.should send_email + + deliveries = ActionMailer::Base.deliveries + deliveries.size.should == 1 + mail = deliveries[0] + mail.body =~ /(http:\/\/.*\/c\/(.*))/ + mail_url = $1 + mail_token = $2 + + get :confirm, :email_token => post_redirect.email_token + response.should redirect_to(:controller => 'request', :action => 'list', :post_redirect => 1) + end end @@ -114,13 +133,13 @@ describe UserController, "when signing up" do assigns[:user].errors[:email].should_not be_nil end -# it "should ask you to confirm your email if you fill in the form right" do -# post :signup, { :user => { :email => 'new@localhost', :name => 'New Person', -# :password => 'sillypassword', :password_confirmation => 'sillypassword' } -# } -# response.should render_template('confirm') + it "should ask you to confirm your email if you fill in the form right" do + post :signup, { :user => { :email => 'new@localhost', :name => 'New Person', + :password => 'sillypassword', :password_confirmation => 'sillypassword' } + } + response.should render_template('confirm') # XXX if you go straight into signup form without token it doesn't make one -# end + end end describe UserController, "when signing out" do |