Last active
August 29, 2015 13:57
-
-
Save joelcdoyle/9747192 to your computer and use it in GitHub Desktop.
Update Password Woes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| GEM | |
| remote: https://rubygems.org/ | |
| specs: | |
| actionmailer (4.0.0) | |
| actionpack (= 4.0.0) | |
| mail (~> 2.5.3) | |
| actionpack (4.0.0) | |
| activesupport (= 4.0.0) | |
| builder (~> 3.1.0) | |
| erubis (~> 2.7.0) | |
| rack (~> 1.5.2) | |
| rack-test (~> 0.6.2) | |
| activemodel (4.0.0) | |
| activesupport (= 4.0.0) | |
| builder (~> 3.1.0) | |
| activerecord (4.0.0) | |
| activemodel (= 4.0.0) | |
| activerecord-deprecated_finders (~> 1.0.2) | |
| activesupport (= 4.0.0) | |
| arel (~> 4.0.0) | |
| activerecord-deprecated_finders (1.0.3) | |
| activesupport (4.0.0) | |
| i18n (~> 0.6, >= 0.6.4) | |
| minitest (~> 4.2) | |
| multi_json (~> 1.3) | |
| thread_safe (~> 0.1) | |
| tzinfo (~> 0.3.37) | |
| addressable (2.3.5) | |
| annotate (2.5.0) | |
| rake | |
| arel (4.0.0) | |
| atomic (1.1.14) | |
| awesome_print (1.1.0) | |
| bcrypt-ruby (3.1.2) | |
| better_errors (1.0.1) | |
| coderay (>= 1.0.0) | |
| erubis (>= 2.6.6) | |
| binding_of_caller (0.7.2) | |
| debug_inspector (>= 0.0.1) | |
| bootstrap-sass (3.1.1.0) | |
| sass (~> 3.2) | |
| builder (3.1.4) | |
| celluloid (0.14.1) | |
| timers (>= 1.0.0) | |
| coderay (1.0.9) | |
| coffee-rails (4.0.0) | |
| coffee-script (>= 2.2.0) | |
| railties (>= 4.0.0.beta, < 5.0) | |
| coffee-script (2.2.0) | |
| coffee-script-source | |
| execjs | |
| coffee-script-source (1.6.3) | |
| connection_pool (1.1.0) | |
| crack (0.4.2) | |
| safe_yaml (~> 1.0.0) | |
| daemons (1.1.9) | |
| dalli (2.6.4) | |
| database_cleaner (1.0.1) | |
| debug_inspector (0.0.2) | |
| devise (3.0.3) | |
| bcrypt-ruby (~> 3.0) | |
| orm_adapter (~> 0.1) | |
| railties (>= 3.2.6, < 5) | |
| warden (~> 1.2.3) | |
| devise_header_token (1.0.0) | |
| devise | |
| diff-lcs (1.2.4) | |
| dotenv (0.8.0) | |
| email_spec (1.5.0) | |
| launchy (~> 2.1) | |
| mail (~> 2.2) | |
| erubis (2.7.0) | |
| eventmachine (1.0.3) | |
| execjs (2.0.1) | |
| factory_girl (4.2.0) | |
| activesupport (>= 3.0.0) | |
| factory_girl_rails (4.2.1) | |
| factory_girl (~> 4.2.0) | |
| railties (>= 3.0.0) | |
| faker (1.3.0) | |
| i18n (~> 0.5) | |
| figaro (0.7.0) | |
| bundler (~> 1.0) | |
| rails (>= 3, < 5) | |
| foreman (0.63.0) | |
| dotenv (>= 0.7) | |
| thor (>= 0.13.6) | |
| haml (4.0.3) | |
| tilt | |
| hike (1.2.3) | |
| i18n (0.6.5) | |
| jbuilder (1.5.1) | |
| activesupport (>= 3.0.0) | |
| multi_json (>= 1.2.0) | |
| jquery-rails (3.0.4) | |
| railties (>= 3.0, < 5.0) | |
| thor (>= 0.14, < 2.0) | |
| json (1.8.0) | |
| launchy (2.3.0) | |
| addressable (~> 2.3) | |
| mail (2.5.4) | |
| mime-types (~> 1.16) | |
| treetop (~> 1.4.8) | |
| mailcatcher (0.2.4) | |
| eventmachine | |
| haml | |
| i18n | |
| json | |
| sinatra | |
| skinny (>= 0.1.2) | |
| sqlite3-ruby | |
| thin | |
| memcachier (0.0.2) | |
| method_source (0.8.2) | |
| mime-types (1.25) | |
| minitest (4.7.5) | |
| multi_json (1.8.0) | |
| orm_adapter (0.4.0) | |
| pg (0.16.0) | |
| polyglot (0.3.3) | |
| pry (0.9.12.2) | |
| coderay (~> 1.0.5) | |
| method_source (~> 0.8) | |
| slop (~> 3.4) | |
| pry-doc (0.4.6) | |
| pry (>= 0.9) | |
| yard (>= 0.8) | |
| pry-rails (0.3.2) | |
| pry (>= 0.9.10) | |
| puma (2.5.1) | |
| rack (>= 1.1, < 2.0) | |
| quiet_assets (1.0.2) | |
| railties (>= 3.1, < 5.0) | |
| rack (1.5.2) | |
| rack-protection (1.5.0) | |
| rack | |
| rack-test (0.6.2) | |
| rack (>= 1.0) | |
| rails (4.0.0) | |
| actionmailer (= 4.0.0) | |
| actionpack (= 4.0.0) | |
| activerecord (= 4.0.0) | |
| activesupport (= 4.0.0) | |
| bundler (>= 1.3.0, < 2.0) | |
| railties (= 4.0.0) | |
| sprockets-rails (~> 2.0.0) | |
| rails_12factor (0.0.2) | |
| rails_serve_static_assets | |
| rails_stdout_logging | |
| rails_serve_static_assets (0.0.1) | |
| rails_stdout_logging (0.0.1) | |
| railties (4.0.0) | |
| actionpack (= 4.0.0) | |
| activesupport (= 4.0.0) | |
| rake (>= 0.8.7) | |
| thor (>= 0.18.1, < 2.0) | |
| rake (10.1.1) | |
| rdoc (3.12.2) | |
| json (~> 1.4) | |
| redis (3.0.3) | |
| redis-namespace (1.3.0) | |
| redis (~> 3.0.0) | |
| rspec-core (2.14.5) | |
| rspec-expectations (2.14.2) | |
| diff-lcs (>= 1.1.3, < 2.0) | |
| rspec-mocks (2.14.3) | |
| rspec-rails (2.14.0) | |
| actionpack (>= 3.0) | |
| activesupport (>= 3.0) | |
| railties (>= 3.0) | |
| rspec-core (~> 2.14.0) | |
| rspec-expectations (~> 2.14.0) | |
| rspec-mocks (~> 2.14.0) | |
| safe_yaml (1.0.1) | |
| sass (3.2.10) | |
| sass-rails (4.0.0) | |
| railties (>= 4.0.0.beta, < 5.0) | |
| sass (>= 3.1.10) | |
| sprockets-rails (~> 2.0.0) | |
| sdoc (0.3.20) | |
| json (>= 1.1.3) | |
| rdoc (~> 3.10) | |
| sidekiq (2.12.3) | |
| celluloid (>= 0.14.1) | |
| connection_pool (>= 1.0.0) | |
| json | |
| redis (>= 3.0) | |
| redis-namespace | |
| sinatra (1.4.3) | |
| rack (~> 1.4) | |
| rack-protection (~> 1.4) | |
| tilt (~> 1.3, >= 1.3.4) | |
| skinny (0.2.3) | |
| eventmachine (~> 1.0.0) | |
| thin (~> 1.5.0) | |
| slim (2.0.1) | |
| temple (~> 0.6.6) | |
| tilt (>= 1.3.3, < 2.1) | |
| slop (3.4.6) | |
| sprockets (2.10.0) | |
| hike (~> 1.2) | |
| multi_json (~> 1.0) | |
| rack (~> 1.0) | |
| tilt (~> 1.1, != 1.3.0) | |
| sprockets-rails (2.0.0) | |
| actionpack (>= 3.0) | |
| activesupport (>= 3.0) | |
| sprockets (~> 2.8) | |
| sqlite3 (1.3.8) | |
| sqlite3-ruby (1.3.3) | |
| sqlite3 (>= 1.3.3) | |
| temple (0.6.6) | |
| thin (1.5.1) | |
| daemons (>= 1.0.9) | |
| eventmachine (>= 0.12.6) | |
| rack (>= 1.0.0) | |
| thor (0.18.1) | |
| thread_safe (0.1.3) | |
| atomic | |
| tilt (1.4.1) | |
| timers (1.1.0) | |
| treetop (1.4.15) | |
| polyglot | |
| polyglot (>= 0.3.1) | |
| turbolinks (1.3.0) | |
| coffee-rails | |
| tzinfo (0.3.37) | |
| uglifier (2.2.1) | |
| execjs (>= 0.3.0) | |
| multi_json (~> 1.0, >= 1.0.2) | |
| vcr (2.8.0) | |
| warden (1.2.3) | |
| rack (>= 1.0) | |
| webmock (1.17.4) | |
| addressable (>= 2.2.7) | |
| crack (>= 0.3.2) | |
| yard (0.8.7.1) | |
| PLATFORMS | |
| ruby | |
| DEPENDENCIES | |
| annotate | |
| awesome_print | |
| better_errors | |
| binding_of_caller | |
| bootstrap-sass (~> 3.1.1) | |
| coffee-rails (~> 4.0.0) | |
| dalli | |
| database_cleaner (< 1.1.0) | |
| devise | |
| devise_header_token | |
| email_spec | |
| factory_girl_rails | |
| faker (~> 1.2) | |
| figaro | |
| foreman | |
| jbuilder (~> 1.2) | |
| jquery-rails | |
| launchy | |
| mailcatcher | |
| memcachier | |
| pg | |
| pry | |
| pry-doc | |
| pry-rails | |
| puma | |
| quiet_assets | |
| rack-test | |
| rails (~> 4.0.0) | |
| rails_12factor | |
| rspec-rails (~> 2.14) | |
| sass-rails (~> 4.0.0) | |
| sdoc | |
| sidekiq | |
| slim | |
| thin | |
| turbolinks | |
| uglifier (>= 1.3.0) | |
| vcr (~> 2.6) | |
| webmock (~> 1.13) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class User < ActiveRecord::Base | |
| # Include default devise modules. Others available are: | |
| # :token_authenticatable, :confirmable, | |
| # :lockable, :timeoutable and :omniauthable | |
| devise :database_authenticatable, :registerable, | |
| :recoverable, :trackable, :validatable, :token_authenticatable | |
| before_save :ensure_authentication_token! | |
| validates :email, :uniqueness => { :message => "This email is already being used." } | |
| validates_confirmation_of :password, :only => [:create, :update] | |
| include Concerns::Trusting | |
| def ensure_authentication_token | |
| if authentication_token.blank? | |
| self.authentication_token = generate_authentication_token | |
| end | |
| end | |
| private | |
| def generate_authentication_token | |
| loop do | |
| token = Devise.friendly_token | |
| break token unless User.where(authentication_token: token).first | |
| end | |
| end | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| context "when updating user password" do | |
| it "should accept request if current password is provided" do | |
| user = User.create!(email: "[email protected]", password: "validPassword", password_confirmation: "validPassword") | |
| sign_in user | |
| put :update, {id: user.id, current_password: "validPassword", password: "newPassword", password_confirmation: "newPassword" } | |
| response.status.should be 200 | |
| end | |
| it "should reject request if current password is not provided" do | |
| user = User.create!(email: "[email protected]", password: "validPassword", password_confirmation: "validPassword") | |
| sign_in user | |
| put :update, {id: user.id, password: "newPassword", password_confirmation: "newPassword" } | |
| response.status.should be 422 | |
| end | |
| #this test fails. Devise allows the password to change without providing confirmation | |
| it "should reject request if password confirmation is not provided" do | |
| user = User.create!(email: "[email protected]", password: "validPassword", password_confirmation: "validPassword") | |
| sign_in user | |
| put :update, {id: user.id, password: "newPassword", current_password: "validPassword" } | |
| #actuall response is 200 (OK) | |
| response.status.should be 422 | |
| end | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class Api::V1::UsersController < Api::V1::BaseApiController | |
| respond_to :json | |
| skip_before_filter :authenticate_api_v1_user!, :only => [:create, :forgot_password] | |
| def update | |
| @user = User.find(update_user_params[:id]) | |
| if @user.nil? | |
| render :json => { :errors => "User not found" }, status: 404 | |
| else | |
| if params.has_key?(:password) | |
| #update_with_password returns true even when update_user_params[:password_confirmation] is nil | |
| if @user.update_with_password(update_user_params) | |
| render :status => 200, :json => { :auth_token => @user.authentication_token, :email => @user.email } | |
| else | |
| render json: { errors: @user.errors }, status: 422 | |
| end | |
| else | |
| if @user.update(update_user_params) | |
| render :status => 200, :json => { :auth_token => @user.authentication_token, :email => @user.email } | |
| return | |
| else | |
| render json: @user.errors, status: 422 | |
| end | |
| end | |
| end | |
| end | |
| def update_user_params | |
| params.permit(:id, :email, :current_password, :password, :password_confirmation, :first_name, :last_name) | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment