authlogic - Clayton Lengel-Zigich

If you’re using Cucumber and you’re not using Transformations you’re doing it wrong. I just started using these recently and ran into a problem with creating records using factory_girl factories that made use of sequences. While trying to create multiple Authlogic user records with a unique email and unique single_access_token using a Cucumber table, the functionality of Factory.next(:email) wasn’t working correctly, I would always get the same e-mail address. Turns out it was an easy fix, just had to use lazy attributes in my factory.

The Scenario, Step Definition and Factory

  Scenario: Presenter List
    Given the following presenters:
      | Name    | Bio                 | Website              |
      | Clayton | Rails dev @integrum | http://claytonlz.com |
      | Chris   | Scrum @integrum     |                      |
    And I am on the homepage
    When I follow "Presenters"
    Then I should see "Clayton"
    And I should see "Rails dev @integrum"
    And I should see "http://claytonlz.com"
    Then I should see "Chris"
    And I should see "Scrum @integrum"

My Step Definition
This uses the Transformation table below:

Given /^the following presenters:$/ do |table|
  table.each do |attrs|
    Factory.create(:user, attrs)
  end
end

This transformation takes a table like the one in my scenario above, and assigns the values to a hash using the actual model attribute names (Name isn’t an attribute on a user but name is). The regular cucumber step definition “consumes” this hash for each entry in the table and passes it to a Factory for creation.

Transform /^table:Name,Bio,Website$/ do |table|
  table.hashes.map do |hash|
    {:name => hash[:Name], :bio => hash[:Bio], :website => hash[:Website]}
  end
end

My Factory

This is a pretty basic factory for an authlogic user model, I’m using factory_girl sequences to give me a “unique” e-mail and single access token, which are required by Authlogic.

Factory.define :user do |user|
  user.email Factory.next(:email)
  user.name ""
  user.bio ""
  user.website ""
  user.password "password"
  user.password_confirmation "password"
  user.single_access_token Factory.next(:single_access_token)
end

The problem

The above scenario will fail when it tries to create the user records via the factories. You’ll see a validation error about how the user model requires a unique e-mail and single access token. You’ll be wondering, “hey why are my sequences working?”. When you inspect the log you’ll see that they are in fact NOT working.

The Quick Answer

The easy answer to this is that you need to use lazy attributes in your factory for the sequences so that they are loaded each time instead of once.

Factory.define :user do |user|
  user.email { Factory.next(:email) }
  user.name ""
  user.bio ""
  user.website ""
  user.password "password"
  user.password_confirmation "password"
  user.single_access_token { Factory.next(:single_access_token) }
end

Notice the curly braces around the sequences

The Longer Answer

The cucumber rdoc explains the Transform functionality, albeit somewhat hard to understand.

Registers a proc that will be called with a step definition argument if it matches the pattern passed as the first argument to Transform. Alternatively, if the pattern contains captures then they will be yielded as arguments to the provided proc. The return value of the proc is consequently yielded to the step definition.

I think the issue comes from something with the way these Procs are created, called and also their scope with regard to the step definition etc. I don’t think my ruby-fu is strong enough to give a good explanation but maybe I’m going in the right direction.

I found a great tutorial explaining how to setup user activation with authlogic, but it was a little hard to read so I’ve dumped it all into one easier to read file.

Here’s the original: http://github.com/matthooks/authlogic-activation-tutorial/tree/master
Here’s my fork on github: http://github.com/clayton/authlogic-activation-tutorial/tree/master

Below is the formatted guide that is on github.

Remember, all credit goes to Matt Hooks and his original Authlogic Account Activation Tutorial

Introduction

This is an easier to read version of Matt Hooks’ Authlogic Activation Tutorial. The tutorial is divided into a number of steps and walks through the process of implementing user activation functionality into your pre-existing Rails app using Authlogic. If you are just starting out with Authlogic, be sure to checkout the Authlogic Example Tutorial.

Step 1

Let’s begin by adding an ‘active’ field with a default of false to the user model.

script/generate migration AddActiveToUsers active:boolean

  # new migration XXX_add_active_to_users.rb
  class AddActiveToUsers < ActiveRecord::Migration
    def self.up
      add_column :users, :active, :boolean, :default => false, :null => false
    end
 
    def self.down
      remove_column :users, :active
    end
  end

Step 2

Don’t forget to run the migraiton.

rake db:migrate

Authlogic automatically executes the following methods, if present, upon user action: active?, approved?, and confirmed?. Let’s create an “active?” method so we can hook into this magical goodness. And we should make sure that we protect the active attribute from mass-assignments by calling attr_accessible.

  # added to user.rb
  attr_accessible :login, :email, :password, :password_confirmation, :openid_identifier
 
  def active?
    active
  end

Step 3

Now try to log in. You should receive the error, “Your account is not active.” So far so good. Let’s make a controller to handle our activations:

script/generate controller activations new create

  # new file app/controllers/activations_controller.rb
  class ActivationsController < ApplicationController
    before_filter :require_no_user, :only => [:new, :create]
 
    def new
      @user = User.find_using_perishable_token(params[:activation_code], 1.week) || (raise Exception)
      raise Exception if @user.active?
    end
 
    def create
      @user = User.find(params[:id])
 
      raise Exception if @user.active?
 
      if @user.activate!
        @user.deliver_activation_confirmation!
        redirect_to account_url
      else
        render :action => :new
      end
    end
 
  end

Step 4

I raise exceptions in these actions to make sure that someone who is already active cannot re-activate their account and to deal with an invalid perishable token. I’ll leave it up to you how you want to handle these errors — you should probably provide some sort of “My Token is Expired!” action that will reset the token and resend the activation email if the user does not get around to activating right away.

Going down the list, let’s define the missing actions. First:

  # added to user.rb
  def activate!
    self.active = true
    save
  end

Step 5

Next, let’s make sure our user gets an e-mail with his activation code when he signs up. How are we getting our activation code? The same way we get our password reset code — through our perishable token:

Update: If you are experiencing the “Missing host to link to! Please provide :host parameter ” error see this post Missing host to link to! Please provide :host parameter

  # added to app/models/user.rb
  def deliver_activation_instructions!
    reset_perishable_token!
    Notifier.deliver_activation_instructions(self)
  end
 
  def deliver_activation_confirmation!
    reset_perishable_token!
    Notifier.deliver_activation_confirmation(self)
  end
 
  # added to app/models/notifier.rb
  def activation_instructions(user)
    subject       "Activation Instructions"
    from          "Binary Logic Notifier <noreply@binarylogic.com>"
    recipients    user.email
    sent_on       Time.now
    body          :account_activation_url => register_url(user.perishable_token)
  end
 
  def activation_confirmation(user)
    subject       "Activation Complete"
    from          "Binary Logic Notifier <noreply@binarylogic.com>"
    recipients    user.email
    sent_on       Time.now
    body          :root_url => root_url
  end
 
  # added to config/routes.rb
  map.register '/register/:activation_code', :controller => 'activations', :action => 'new'
  map.activate '/activate/:id', :controller => 'activations', :action => 'create'
 
  <!-- new file app/views/notifier/activation_instructions.erb --> 
  Thank you for creating an account! Click the url below to activate your account!
 
  <%= @account_activation_url %>
 
  If the above URL does not work try copying and pasting it into your browser. If you continue to have problem, please feel free to contact us.
 
  <!-- new file app/views/notifier/activation_confirmation.erb -->
  Your account has been activated.
 
  <%= @root_url %>
 
  If the above URL does not work try copying and pasting it into your browser. If you continue to have problem, please feel free to contact us.

Step 6

Now let’s modify the user create action:

  # modified app/controllers/users_controller.rb
  def create
    @user = User.new(params[:user])
 
    # Saving without session maintenance to skip
    # auto-login which can't happen here because
    # the User has not yet been activated
    if @user.save_without_session_maintenance
      @user.deliver_activation_instructions!
      flash[:notice] = "Your account has been created. Please check your e-mail for your account activation instructions!"
      redirect_to root_url
    else
      render :action => :new
    end
  end

Step 7

As the comment says, we don’t need the Authlogic auto-login to take place so we save without maintaining the session. Now let’s define the ‘register’ view.

  <!-- new file app/views/activations/new.html.erb -->
 
  <h1>Activate your account</h1>
 
  <% form_for @user, :url => activate_path(@user.id), :html => { :method => :post } do |f| %>
  	<%= f.error_messages %>
  	<%= f.submit "Activate" %>
  <% end %>

Step 8

Let’s see if things are working…

… (processing) …

Looks like our user got activated!

But there’s a slight problem. Since we didn’t update the user’s password, we didn’t get a magical Authlogic auto-login! How rude.

At this point it’s perfectly fine to let the user log themselves in. And you can certainly simplify the activation down to one action so the user doesn’t have to click another button. But, I like Authlogic’s session maintenance. I also like short signup forms. So let’s kill two birds with one stone.

Let’s set up the user creation form to only ask for a user’s login/email. Then, let’s ask the user to set their password/openid upon activation, which will log them in automatically.

First, let’s change our acts_as_authentic call to only check for password length on update if the user has no credentials set.

  # modified user.rb
  # For authlogic 2.0+
  acts_as_authentic do |c|
    c.validates_length_of_password_field_options = {:on => :update, :minimum => 4, :if => :has_no_credentials?}
    c.validates_length_of_password_confirmation_field_options = {:on => :update, :minimum => 4, :if => :has_no_credentials?}
  end
 
  # Pre-authlogic 2.0
  # acts_as_authentic :login_field_validation_options => { :if => :openid_identifier_blank? },
  #                   :password_field_validation_options => { :if => :openid_identifier_blank? },
  #                   :password_field_validates_length_of_options => { :on => :update, :if => :has_no_credentials? }
 
  # ...
  # we need to make sure that either a password or openid gets set
  # when the user activates his account
  def has_no_credentials?
    self.crypted_password.blank? && self.openid_identifier.blank?
  end
 
  # ...
  # now let's define a couple of methods in the user model. The first
  # will take care of setting any data that you want to happen at signup
  # (aka before activation)
  def signup!(params)
    self.login = params[:user][:login]
    self.email = params[:user][:email]
    save_without_session_maintenance
  end
 
  # the second will take care of setting any data that you want to happen
  # at activation. at the very least this will be setting active to true
  # and setting a pass, openid, or both.
  def activate!(params)
    self.active = true
    self.password = params[:user][:password]
    self.password_confirmation = params[:user][:password_confirmation]
    self.openid_identifier = params[:user][:openid_identifier]
    save
  end
 
  # modified activations_controller.rb
  def create
    @user = User.find(params[:id])
 
    raise Exception if @user.active?
 
    if @user.activate!(params)
      @user.deliver_activation_confirmation!
      flash[:notice] = "Your account has been activated."
      redirect_to account_url
    else
      render :action => :new
    end
  end
 
  # modified users_controller.rb
  def create
    @user = User.new
 
    if @user.signup!(params)
      @user.deliver_activation_instructions!
      flash[:notice] = "Your account has been created. Please check your e-mail for your account activation instructions!"
      redirect_to root_url
    else
      render :action => :new
    end
  end

Step 10

Now we need to update our views to reflect the new signup process.

  <!-- modified app/views/activations/new.html.erb -->
  <h1>Activate your account</h1>
 
  <% form_for @user, :url => activate_path(@user.id), :html => { :method => :post } do |form| %>
  	<%= form.error_messages %>
  	<%= render :partial => "form", :locals => { :form => form }%>
  	<%= form.submit "Activate" %>
  <% end %>
 
  <!-- new file app/views/activations/_form.html.erb -->
  <%= form.label :password, "Set your password" %><br />
  <%= form.password_field :password %><br />
  <br />
  <%= form.label :password_confirmation %><br />
  <%= form.password_field :password_confirmation %><br />
  <br />
  <%= form.label :openid_identifier, "Or use OpenID instead of your email / password" %><br />
  <%= form.text_field :openid_identifier %><br />

The End

And that’s it! Let me know if you have any suggestions for improvement.

Cucumber Table Transformations with Factory Girl Sequences