Refactor code related to authentication:

* User model * SessionsController
2011-08-25 21:46:29 +00:00 · 2011-08-25 21:46:29 +00:00 · 4f66db2682
commit 4f66db2682
parent 07c2b5f525
4 changed files with 53 additions and 71 deletions
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -2,15 +2,12 @@ class SessionsController < ApplicationController
  skip_before_filter :authenticate!, :only => [:new, :create]

  def create
-    user = User.authenticate(
-      params[:session][:email],
-      params[:session][:password]
-    )
-    if ! user
-      render 'new'
-    else
+    user = User.find_by_email(params[:session][:email])
+    if user.try(:authenticate?, params[:session][:password])
      self.current_user = user
      redirect_to :root
+    else
+      render 'new'
    end
  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -3,31 +3,18 @@ require 'bcrypt'
 class User < ActiveRecord::Base
  include BCrypt

-  attr_accessor :password
+  attr_reader :password
  attr_accessible :email, :password, :password_confirmation

-  validates_presence_of :email
+  validates_presence_of :email, :password_hash
+  validates_confirmation_of :password

-  validates :password,
-    :presence     => true,
-    :confirmation => true
-
-  before_save :hash_password
-
-  def self.authenticate(email, password)
-    user = find_by_email(email)
-    return false if user.nil?
-    return user if Password.new(user.password_hash) == password
+  def password=(plain_password)
+    @password = plain_password
+    self.password_hash = Password.create(plain_password)
  end

-
-  private
-
-  def hash_password
-    self.password_hash = bcrypt(password)
-  end
-
-  def bcrypt(string)
-    Password.create(string)
+  def authenticate?(password)
+    Password.new(password_hash) == password
  end
 end
--- a/spec/controllers/sessions_controller_spec.rb
+++ b/spec/controllers/sessions_controller_spec.rb
@ -8,31 +8,39 @@ describe SessionsController do
  end

  describe 'POST create' do
-    context 'when the user submit invalid credentials' do
-      it 'renders the new template' do
-        User.stub(:authenticate).and_return(false)
-        post :create,
-          :session => Factory.attributes_for(:user)
-        response.should render_template('new')
-      end
-    end
-
-    context 'when the user submit valid credentials' do
    let(:user) { Factory.create(:user) }
-      before do
-        User.stub(:authenticate).and_return(user)
+
+    def do_create
+      post :create, :session => {
+        :email    => user.email,
+        :password => user.password
+      }
    end

+    context 'with valid credentials' do
      it 'signs the user in' do
-        post :create, :session => Factory.attributes_for(:user)
+        do_create
        controller.current_user.should == user
      end

      it 'redirects to the home page' do
-        post :create, :session => Factory.attributes_for(:user)
+        do_create
        response.should redirect_to(:root)
      end
    end
+
+    [:email, :password].each do |attr|
+      context "with invalid credentials (#{attr})" do
+        before do
+          user.stub(attr => user.send(attr) + '_INVALID')
+        end
+
+        it 'renders the new template' do
+          do_create
+          response.should render_template('new')
+        end
+      end
+    end
  end

  describe 'DELETE destroy' do
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@ -16,49 +16,39 @@ describe User do
    it { should_not be_valid }
  end

-  context 'when password empty' do
-    before do
-      user.password = ''
-    end
-
-    it { should_not be_valid }
-  end
-
  context 'when password_confirmation does not match password' do
    before do
-      user.password_confirmation = 'WRONG'
+      user.password_confirmation = user.password + 'INVALID'
    end

    it { should_not be_valid }
  end

-  describe '#hash_password' do
-    it 'is received when #save is sent' do
-      user.should_receive(:hash_password)
-      user.save
+  context 'when password_hash empty' do
+    before do
+      user.password_hash = ''
    end

-    it 'stores a bcrypt hash of the password' do
-      user.save
+    it { should_not be_valid }
+  end
+
+  describe '#password=' do
+    it 'stores a bcrypt hash of the password in password_hash' do
      BCrypt::Password.new(user.password_hash).should == user.password
    end
  end

-  describe '.authenticate' do
-    let (:user) { Factory.create(:user) }
-
-    it 'returns the user with valid credentials' do
-      User.authenticate(
-        user.email,
-        user.password
-      ).should == user
+  describe '#authenticate?' do
+    context 'with a valid password' do
+      it 'returns true' do
+        user.authenticate?(user.password).should be_true
+      end
    end

-    it 'returns false with invalid credentials' do
-      User.authenticate(
-        user.email,
-        'WRONG'
-      ).should be_false
+    context 'with an invalid password' do
+      it 'returns false' do
+        user.authenticate?(user.password + '_INVALID').should be_false
+      end
    end
  end
 end