restful_authentication: 3 unit tests break!

Hi all

I have installed restful_authentication. However, I didn't active the
email-verification option in the first way, so I tried to activate it
manually some time later. But now I have problems with my application
and I'm trying to solve them bit by bit.

First of all, my unit tests don't work:

  1) Failure:
test_should_initialize_activation_code_upon_creation(UserTest)
    [./test/unit/user_test.rb:18:in
`test_should_initialize_activation_code_upon_creation'
     /Library/Ruby/Gems/1.8/gems/activesupport-2.1.0/lib/active_support/testing/setup_and_teardown.rb:33:in
`__send__'
     /Library/Ruby/Gems/1.8/gems/activesupport-2.1.0/lib/active_support/testing/setup_and_teardown.rb:33:in
`run']:
<nil> expected to not be nil.

  2) Failure:
test_should_unsuspend_user_to_active_state(UserTest)
    [./test/unit/user_test.rb:130:in
`test_should_unsuspend_user_to_active_state'
     /Library/Ruby/Gems/1.8/gems/activesupport-2.1.0/lib/active_support/testing/setup_and_teardown.rb:33:in
`__send__'
     /Library/Ruby/Gems/1.8/gems/activesupport-2.1.0/lib/active_support/testing/setup_and_teardown.rb:33:in
`run']:
<false> is not true.

  3) Failure:
test_suspended_user_should_not_authenticate(UserTest)
    [./test/unit/user_test.rb:123:in
`test_suspended_user_should_not_authenticate'
     /Library/Ruby/Gems/1.8/gems/activesupport-2.1.0/lib/active_support/testing/setup_and_teardown.rb:33:in
`__send__'
     /Library/Ruby/Gems/1.8/gems/activesupport-2.1.0/lib/active_support/testing/setup_and_teardown.rb:33:in
`run']:
<#<User id: 1, login: "quentin", email: "quentin@example.com",
crypted_password: "00742970dc9e6319f8019fd54864d3ea740f04b1", salt:
"7e3041ebc2fc05a40c60028e2c4901a81035d3cd", created_at: "2009-04-15
15:13:00", updated_at: "2009-04-20 15:13:01", remember_token: nil,
remember_token_expires_at: nil, first_name: "Quentin", last_name:
"Tarantino", activation_code: nil, state: "suspended", activated_at:
nil, deleted_at: nil>> expected to be != to
<#<User id: 1, login: "quentin", email: "quentin@example.com",
crypted_password: "00742970dc9e6319f8019fd54864d3ea740f04b1", salt:
"7e3041ebc2fc05a40c60028e2c4901a81035d3cd", created_at: "2009-04-15
15:13:00", updated_at: "2009-04-20 15:13:01", remember_token: nil,
remember_token_expires_at: nil, first_name: "Quentin", last_name:
"Tarantino", activation_code: nil, state: "suspended", activated_at:
nil, deleted_at: nil>>.

43 tests, 83 assertions, 3 failures, 0 errors
rake aborted!
Command failed with status (1):
[/System/Library/Frameworks/Ruby.framework/...]

(See full trace by running task with --trace)

Sadly I have no idea how to fix them... what could be wrong? My user
model looks the following:

require 'digest/sha1'
class User < ActiveRecord::Base
  # Virtual attribute for the unencrypted password
  attr_accessor :password

  validates_presence_of :login,
    :email,
    :first_name,
    :last_name
  validates_presence_of :password, :if =>
:password_required?
  validates_presence_of :password_confirmation, :if =>
:password_required?
  validates_length_of :password, :within => 4..40, :if =>
:password_required?
  validates_confirmation_of :password, :if =>
:password_required?
  validates_length_of :login, :within => 3..40
  validates_length_of :email, :within => 3..100
  validates_uniqueness_of :login, :email, :case_sensitive => false
  before_save :encrypt_password

  has_many :comments,
    :dependent => :destroy

  has_many :blogs,
    :dependent => :destroy

  # prevents a user from submitting a crafted form that bypasses
activation
  # anything else you want your user to change should be added here.
  attr_accessible :login,
    :email,
    :first_name,
    :last_name,
    :password,
    :password_confirmation

  acts_as_state_machine :initial => :pending
  state :passive
  state :pending, :enter => :make_activation_code
  state :active, :enter => :do_activate
  state :suspended
  state :deleted, :enter => :do_delete

  event :register do
    transitions :from => :passive, :to => :pending, :guard => Proc.new
{|u| !(u.crypted_password.blank? && u.password.blank?) }
  end

  event :activate do
    transitions :from => :pending, :to => :active
  end

  event :suspend do
    transitions :from => [:passive, :pending, :active], :to =>
:suspended
  end

  event :delete do
    transitions :from => [:passive, :pending, :active, :suspended], :to
=> :deleted
  end

  event :unsuspend do
    transitions :from => :suspended, :to => :active, :guard => Proc.new
{|u| !u.activated_at.blank? }
    transitions :from => :suspended, :to => :pending, :guard => Proc.new
{|u| !u.activation_code.blank? }
    transitions :from => :suspended, :to => :passive
  end

  # Authenticates a user by their login name and unencrypted password.
Returns the user or nil.
  def self.authenticate(login, password)
    u = find_by_login(login) # need to get the salt
    u && u.authenticated?(password) ? u : nil
  end

  # Encrypts some data with the salt.
  def self.encrypt(password, salt)
    Digest::SHA1.hexdigest("--#{salt}--#{password}--")
  end

  # Encrypts the password with the user salt
  def encrypt(password)
    self.class.encrypt(password, salt)
  end

  def authenticated?(password)
    crypted_password == encrypt(password)
  end

  def remember_token?
    remember_token_expires_at && Time.now.utc <
remember_token_expires_at
  end

  # These create and unset the fields required for remembering users
between browser closes
  def remember_me
    remember_me_for 2.weeks
  end

  def remember_me_for(time)
    remember_me_until time.from_now.utc
  end

  def remember_me_until(time)
    self.remember_token_expires_at = time
    self.remember_token =
encrypt("#{email}--#{remember_token_expires_at}")
    save(false)
  end

  def forget_me
    self.remember_token_expires_at = nil
    self.remember_token = nil
    save(false)
  end

  # Returns true if the user has just been activated.
  def recently_activated?
    @activated
  end

  def forgot_password
    @forgotten_password = true
    self.make_password_reset_code
  end

  def reset_password
    # First update the password_reset_code before setting the
    # reset_password flag to avoid duplicate email notifications.
    update_attributes(:password_reset_code => nil)
    @reset_password = true
  end

  def recently_forgot_password?
    @forgotten_password
  end

  def recently_reset_password?
    @reset_password
  end

  def display_name
    "#{first_name} #{last_name}"
  end

protected
  # before filter
  def encrypt_password
    return if password.blank?
    self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--")
if new_record?
    self.crypted_password = encrypt(password)
  end

  def password_required?
    crypted_password.blank? || !password.blank?
  end

  def make_activation_code
    self.deleted_at = nil
    self.activation_code = Digest::SHA1.hexdigest(
Time.now.to_s.split(//).sort_by {rand}.join )
  end

  def do_delete
    self.deleted_at = Time.now.utc
  end

  def do_activate
    @activated = true
    self.activated_at = Time.now.utc
    self.deleted_at = self.activation_code = nil
  end

  def make_password_reset_code
    self.password_reset_code = Digest::SHA1.hexdigest(
Time.now.to_s.split(//).sort_by {rand}.join )
  end
end

It's basically the original model, but I added first_name and last_name.

I'd be very thankful for some debugging help...
Josh

OK, the first error could be solved. I did not call register! when
creating the object.

protected
  def create_user(options = {})
    record = User.new({ :login => 'quire',
                        :email => 'quire@example.com',
                        :first_name => 'Quire',
                        :last_name => 'Quare',
                        :password => 'quire',
                        :password_confirmation => 'quire',
                        :state => 'pending'
                      }.merge(options))
    record.register! if record.valid? # Here I just called record.save
before
    record
  end

Anyway, why do I have to call record.register! here? What's the
difference to record.save? I guess it has something to do with
acts_as_state_machine?

I guess it has something to do with acts_as_state_machine?

Yes. Don't you read the source code of your plugins before using them?
That's bold.

Fernando Perez wrote:

I guess it has something to do with acts_as_state_machine?

Yes. Don't you read the source code of your plugins before using them?
That's bold.

Thanks for your very helpful answer. :wink:

Fernando Perez wrote:

I guess it has something to do with acts_as_state_machine?

Yes. Don't you read the source code of your plugins before using them?
That's bold.

OK, I read some of the source code of the plugin. Sadly I'm no very
experienced Ruby programmer, so I have a question.

Where does a new record get saved to the DB when calling register!?

record = User.new({ :login => 'quire', :email => 'quire@example.com', :password => 'quire', :password_confirmation => 'quire' })

=> #<User id: nil, first_name: nil, last_name: nil, login: "quire",
email: "quire@example.com", remember_token: nil, crypted_password: nil,
password_reset_code: nil, salt: nil, activation_code: nil,
remember_token_expires_at: nil, activated_at: nil, deleted_at: nil,
state: "passive", created_at: nil, updated_at: nil>

record.new_record?

=> true

record.register!

=> true

record.new_record?

=> false

I'm trying to get into this plugin, but it seems very tricky to me...

The record gets saved by aasm (acts_as_state_machine). By using this
plugin, your model has different "states" that is stored most likely
in a :state column. When you call register or register! on your model,
it is telling aasm to change the state of your model:

event :register do
    transitions :from => :passive, :to => :pending, :guard => Proc.new
{|u| !(u.crypted_password.blank? && u.password.blank?) }
end

In this case, it's changing your model from the :passive state to
the :pending state. What happens at this point is that
make_activation_code is called because of this line:

state :pending, :enter => :make_activation_code.

Your model is saved after you call register because aasm changes the
state of the model and then saves that model.

Hopefully this helps.

Jon