Merge pull request #37 from gurix/refactorings/tokens

Refactoring token handling
gurix · Jun 10, 2014 · d9fbcd6 · d9fbcd6
2 parents 69be514 + f862cb0
commit d9fbcd6
Show file tree

Hide file tree

Showing 10 changed files with 37 additions and 29 deletions.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    helena (0.2.0)
+    helena (0.2.1)
       bootstrap-sass
       breadcrumbs_on_rails
       haml

diff --git a/app/controllers/helena/sessions_controller.rb b/app/controllers/helena/sessions_controller.rb
@@ -3,9 +3,14 @@ class SessionsController < ApplicationController
     respond_to :html
 
     before_filter :load_survey
-    before_filter :load_session, only: [:show, :edit, :update]
+    before_filter :load_session, only: [:edit, :update]
 
     def show
+      @session = @survey.sessions.find_by view_token: params[:token]
+
+      @version = @survey.versions.find @session.version_id
+      @question_group = question_group
+
       @template = Liquid::Template.parse(@version.session_report)
       render html: @template.render(variable_mapping).html_safe, layout: true
     end
@@ -37,7 +42,7 @@ def load_survey
     end
 
     def load_session
-      @session = @survey.sessions.find params[:id]
+      @session = @survey.sessions.find_by token: params[:token]
 
       @version = @survey.versions.find @session.version_id
       @question_group = question_group

diff --git a/app/models/helena/session.rb b/app/models/helena/session.rb
@@ -3,29 +3,31 @@ class Session
     include Helena::Concerns::ApplicationModel
 
     field :token, type: String
+    field :view_token, type: String
     field :completed, type: Boolean, default: false
 
     belongs_to :survey, inverse_of: :sessions
     belongs_to :version, inverse_of: :sessions
 
     embeds_many :answers, inverse_of: :session, class_name: 'Helena::Answer'
 
-    validates :token, uniqueness: true
+    validates :token, :view_token, uniqueness: true
 
-    before_create :reset_token
+    before_create :reset_tokens
 
-    def reset_token
-      self.token = generate_token until unique_token?
+    def reset_tokens
+      self.token = generate_token(5) until unique_token_for?
+      self.view_token = generate_token(25) until unique_token_for?(:view_token)
     end
 
     private
 
-    def generate_token
-      SecureRandom.hex(5)
+    def generate_token(size)
+      SecureRandom.base64(size).delete('/+=')[0, size]
     end
 
-    def unique_token?
-      self.class.where(token: token).blank? && token.present?
+    def unique_token_for?(field = :token)
+      self.class.where(field => send(field)).blank? && send(field).present?
     end
   end
 end
diff --git a/app/views/helena/admin/sessions/index.html.haml b/app/views/helena/admin/sessions/index.html.haml
@@ -31,7 +31,7 @@
               %td
                 .btn-group
                   - if session.completed?
-                    = link_to t('shared.show'), survey_session_path(@survey, session), class: 'btn btn-primary'
-                  = link_to t('shared.edit'), edit_survey_session_path(@survey, session), class: 'btn btn-success'
+                    = link_to t('shared.show'), survey_session_path(@survey, session.view_token), class: 'btn btn-primary'
+                  = link_to t('shared.edit'), edit_survey_session_path(@survey, session.token), class: 'btn btn-success'
                   = link_to t('shared.delete'), admin_survey_session_path(@survey, session),
                     method: :delete, class: 'btn btn-danger', data: { confirm: t('shared.delete_question') }
diff --git a/app/views/helena/sessions/edit.html.haml b/app/views/helena/sessions/edit.html.haml
@@ -2,7 +2,7 @@
   = @version.survey_detail.title
 %fieldset[@question_group]
   %legend= @question_group.title
-  = simple_form_for(@session, url: helena.survey_session_path(@survey, @session), as: :session) do |f|
+  = simple_form_for(@session, url: helena.survey_session_path(@survey, @session.token), as: :session) do |f|
     - @questions.each do |question|
       = render "#{question.class.to_s.underscore}", form: f, question: question, answers: @answers, errors: @errors
 

diff --git a/config/routes.rb b/config/routes.rb
@@ -1,6 +1,6 @@
 Helena::Engine.routes.draw do
   resources :surveys do
-    resources :sessions, only: [:edit, :update, :show]
+    resources :sessions, only: [:show, :edit, :update], param: :token
   end
 
   scope :admin, as: :admin, module: :admin do

diff --git a/db/seeds.rb b/db/seeds.rb
@@ -156,7 +156,7 @@ def generate_sessions(survey, version)
 
   3.times {
     session = build :session, version: version, updated_at: DateTime.now - rand(999), completed: true
-    version.questions.each do |question|
+    version.question_groups.map(&:questions).flatten.each do |question|
       case question
       when Helena::Questions::ShortText
         session.answers << build(:string_answer, code: question.code, value: Faker::Skill.tech_skill )

diff --git a/lib/helena/version.rb b/lib/helena/version.rb
@@ -1,3 +1,3 @@
 module Helena
-  VERSION = '0.2.0'
+  VERSION = '0.2.1'
 end
diff --git a/spec/features/helena/manage_session_spec.rb b/spec/features/helena/manage_session_spec.rb
@@ -79,7 +79,7 @@
 
     session = survey.sessions.create version_id: version.id, token: 'abc'
 
-    visit helena.edit_survey_session_path(survey, session)
+    visit helena.edit_survey_session_path(survey, session.token)
 
     expect(page).to have_content 'Dummy Survey'
     expect(page).to have_content 'Page 1'
@@ -151,7 +151,7 @@
 
     session = survey.sessions.create version_id: version.id, token: 'abc'
 
-    visit helena.edit_survey_session_path(survey, session)
+    visit helena.edit_survey_session_path(survey, session.token)
 
     expect(page).to have_content "What's your name? *"
     expect { click_button 'Save' }.not_to change { session.reload.answers.count }
@@ -167,7 +167,7 @@
 
     session = survey.sessions.create version_id: version.id, token: 'abc'
 
-    visit helena.edit_survey_session_path(survey, session)
+    visit helena.edit_survey_session_path(survey, session.token)
 
     expect(page).to have_content 'Give a brief description of yourself *'
     expect { click_button 'Save' }.not_to change { session.reload.answers.count }
@@ -191,7 +191,7 @@
 
     session = survey.sessions.create version_id: version.id, token: 'abc'
 
-    visit helena.edit_survey_session_path(survey, session)
+    visit helena.edit_survey_session_path(survey, session.token)
 
     expect(page).to have_content 'What is the answer to the Ultimate Question of Life, the Universe, and Everything? *'
     expect { click_button 'Save' }.not_to change { session.reload.answers.count }
@@ -214,7 +214,7 @@
 
     session = survey.sessions.create version_id: version.id, token: 'abc'
 
-    visit helena.edit_survey_session_path(survey, session)
+    visit helena.edit_survey_session_path(survey, session.token)
 
     expect(page).to have_content 'What kind of food allergy do you have? *'
     expect { click_button 'Save' }.to change { session.reload.answers.map(&:value) }.from([]).to([0, 0, 0])
@@ -237,7 +237,7 @@
 
     session = survey.sessions.create version_id: version.id, token: 'abc'
 
-    visit helena.edit_survey_session_path(survey, session)
+    visit helena.edit_survey_session_path(survey, session.token)
 
     expect(page).to have_content 'What kind of food allergy do you have? *'
     check('Oats')
@@ -271,7 +271,7 @@
 
     session = survey.sessions.create version_id: version.id, token: 'abc'
 
-    visit helena.edit_survey_session_path(survey, session)
+    visit helena.edit_survey_session_path(survey, session.token)
 
     expect(page).to have_content 'Below are five statements with which you may agree or disagree. *'
 
@@ -289,12 +289,12 @@
     version.session_report = Haml::Engine.new(session_report).render
     version.save
 
-    session = survey.sessions.create version_id: version.id, token: 'abc'
+    session = survey.sessions.create version_id: version.id, view_token: 'abc'
 
     session.answers << build(:string_answer, code: 'country', value: 'USA')
     session.answers << build(:integer_answer, code: 'released', value: 2006)
 
-    visit helena.survey_session_path(survey, session)
+    visit helena.survey_session_path(survey, session.view_token)
 
     expect(page).to have_content 'Dummy Survey'
     expect(page).to have_content 'Leucadendron is a plants in the family Proteaceae.'
@@ -308,12 +308,12 @@
     version.session_report = Haml::Engine.new(session_report).render
     version.save
 
-    session = survey.sessions.create version_id: version.id, token: 'abc'
+    session = survey.sessions.create version_id: version.id, view_token: 'abc'
 
     session.answers << build(:string_answer, code: 'country', value: 'USA')
     session.answers << build(:integer_answer, code: 'released', value: 2006)
 
-    visit helena.survey_session_path(survey, session)
+    visit helena.survey_session_path(survey, session.view_token)
 
     expect(page).to have_content 'USA 2006'
   end

diff --git a/spec/models/helena/session_spec.rb b/spec/models/helena/session_spec.rb
@@ -7,13 +7,14 @@
   it { expect(subject).to embed_many(:answers) }
 
   it { expect(subject).to validate_uniqueness_of(:token) }
+  it { expect(subject).to validate_uniqueness_of(:view_token) }
 
   it 'has a valid factory' do
     expect(build :session).to be_valid
   end
 
   it 'assigns a token after when creating a session' do
-    expect_any_instance_of(Helena::Session).to receive(:generate_token).and_return('a493oP')
+    expect_any_instance_of(Helena::Session).to receive(:generate_token).exactly(2).times.and_return('a493oP')
     expect(create(:session_without_token).token).to eq 'a493oP'
   end
 end