sessions_test.rb
97 lines
| 2.7 KiB
| text/x-ruby
|
RubyLexer
Jean-Philippe Lang
|
r14353 | # Redmine - project management software | ||
|
Jean-Philippe Lang
|
r14856 | # Copyright (C) 2006-2016 Jean-Philippe Lang | ||
|
Jean-Philippe Lang
|
r14353 | # | ||
| # This program is free software; you can redistribute it and/or | ||||
| # modify it under the terms of the GNU General Public License | ||||
| # as published by the Free Software Foundation; either version 2 | ||||
| # of the License, or (at your option) any later version. | ||||
| # | ||||
| # This program is distributed in the hope that it will be useful, | ||||
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||
| # GNU General Public License for more details. | ||||
| # | ||||
| # You should have received a copy of the GNU General Public License | ||||
| # along with this program; if not, write to the Free Software | ||||
| # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | ||||
| require File.expand_path('../../test_helper', __FILE__) | ||||
| class SessionsTest < Redmine::IntegrationTest | ||||
| fixtures :users, :email_addresses, :roles | ||||
| def setup | ||||
| Rails.application.config.redmine_verify_sessions = true | ||||
| end | ||||
| def teardown | ||||
| Rails.application.config.redmine_verify_sessions = false | ||||
| end | ||||
| def test_change_password_kills_sessions | ||||
| log_user('jsmith', 'jsmith') | ||||
| jsmith = User.find(2) | ||||
| jsmith.password = "somenewpassword" | ||||
| jsmith.save! | ||||
| get '/my/account' | ||||
| assert_response 302 | ||||
| assert flash[:error].match(/Your session has expired/) | ||||
| end | ||||
| def test_lock_user_kills_sessions | ||||
| log_user('jsmith', 'jsmith') | ||||
| jsmith = User.find(2) | ||||
| assert jsmith.lock! | ||||
| assert jsmith.activate! | ||||
| get '/my/account' | ||||
| assert_response 302 | ||||
| assert flash[:error].match(/Your session has expired/) | ||||
| end | ||||
| def test_update_user_does_not_kill_sessions | ||||
| log_user('jsmith', 'jsmith') | ||||
| jsmith = User.find(2) | ||||
| jsmith.firstname = 'Robert' | ||||
| jsmith.save! | ||||
| get '/my/account' | ||||
| assert_response 200 | ||||
| end | ||||
| def test_change_password_generates_a_new_token_for_current_session | ||||
| log_user('jsmith', 'jsmith') | ||||
| assert_not_nil token = session[:tk] | ||||
| get '/my/password' | ||||
| assert_response 200 | ||||
| post '/my/password', :password => 'jsmith', | ||||
| :new_password => 'secret123', | ||||
| :new_password_confirmation => 'secret123' | ||||
| assert_response 302 | ||||
| assert_not_equal token, session[:tk] | ||||
| get '/my/account' | ||||
| assert_response 200 | ||||
| end | ||||
| def test_simultaneous_sessions_should_be_valid | ||||
| first = open_session do |session| | ||||
| session.post "/login", :username => 'jsmith', :password => 'jsmith' | ||||
| end | ||||
| other = open_session do |session| | ||||
| session.post "/login", :username => 'jsmith', :password => 'jsmith' | ||||
| end | ||||
| first.get '/my/account' | ||||
| assert_equal 200, first.response.response_code | ||||
| first.post '/logout' | ||||
| other.get '/my/account' | ||||
| assert_equal 200, other.response.response_code | ||||
| end | ||||
| end | ||||