##// END OF EJS Templates
jro_apps » redmine
RSS
Replace Date.today with User.current.today (#22320)....
Replace Date.today with User.current.today (#22320). Depending on the offset between a user's configured timezone and the server timezone, Date.today may be more or less often wrong from the user's perspective, leading to things like issues marked as overdue too early or too late, or yesterday / tomorrow being displayed / selected where 'today' is intended. A test case illustrating the problem with Issue#overdue? is included Patch by Jens Kraemer. git-svn-id: http://svn.redmine.org/redmine/trunk@15379 e93f8b46-1217-0410-a6f0-8f06a7374b81
Jean-Philippe Lang - - Load All Authors

File last commit:

r14903:56ba4d02097a
r14997:ed50d42210ea
Show More
account_controller_test.rb
465 lines | 14.8 KiB | text/x-ruby | RubyLexer
/ test / functional / account_controller_test.rb
History | Source | Raw |Copy content |Copy permalink
Toshi MARUYAMA
remove trailing white-spaces from test/functional/account_controller_test.rb....
 r5869 # Redmine - project management software
Jean-Philippe Lang
Updates copyright for 2016....
 r14856 # Copyright (C) 2006-2016 Jean-Philippe Lang
Jean-Philippe Lang
Added some functional tests and a CVS test repository....
 r974 #
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
Toshi MARUYAMA
remove trailing white-spaces from test/functional/account_controller_test.rb....
 r5869 #
Jean-Philippe Lang
Added some functional tests and a CVS test repository....
 r974 # This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
Toshi MARUYAMA
remove trailing white-spaces from test/functional/account_controller_test.rb....
 r5869 #
Jean-Philippe Lang
Added some functional tests and a CVS test repository....
 r974 # You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
Jean-Baptiste Barth
Use absolute paths in test/**/* requires for Ruby 1.9.2 compatibility. #4050...
 r4395 require File.expand_path('../../test_helper', __FILE__)
Jean-Philippe Lang
Added some functional tests and a CVS test repository....
 r974
Eric Davis
Upgraded to Rails 2.3.4 (#3597)...
 r2773 class AccountControllerTest < ActionController::TestCase
Jean-Philippe Lang
Missing fixtures....
 r13507 fixtures :users, :email_addresses, :roles
Toshi MARUYAMA
remove trailing white-spaces from test/functional/account_controller_test.rb....
 r5869
Jean-Philippe Lang
Added some functional tests and a CVS test repository....
 r974 def setup
User.current = nil
end
Toshi MARUYAMA
remove trailing white-spaces from test/functional/account_controller_test.rb....
 r5869
Jean-Philippe Lang
Preserve username when authentification failed (#11846)....
 r10398 def test_get_login
get :login
assert_response :success
assert_template 'login'
assert_select 'input[name=username]'
assert_select 'input[name=password]'
end
Jean-Philippe Lang
Redirect to back_url or referer when clicking "Sign in" while already logged-in (#15926)....
 r12430 def test_get_login_while_logged_in_should_redirect_to_back_url_if_present
@request.session[:user_id] = 2
@request.env["HTTP_REFERER"] = 'http://test.host/issues/show/1'
get :login, :back_url => 'http://test.host/issues/show/1'
assert_redirected_to '/issues/show/1'
assert_equal 2, @request.session[:user_id]
end
def test_get_login_while_logged_in_should_redirect_to_referer_without_back_url
@request.session[:user_id] = 2
@request.env["HTTP_REFERER"] = 'http://test.host/issues/show/1'
get :login
assert_redirected_to '/issues/show/1'
assert_equal 2, @request.session[:user_id]
end
def test_get_login_while_logged_in_should_redirect_to_home_by_default
Jean-Philippe Lang
Login link unexpected logs you out (#12611)....
 r10892 @request.session[:user_id] = 2
get :login
assert_redirected_to '/'
assert_equal 2, @request.session[:user_id]
end
Jean-Philippe Lang
Redirect user to the previous page after logging in (#1679)....
 r1686 def test_login_should_redirect_to_back_url_param
# request.uri is "test.host" in test environment
Jean-Philippe Lang
Fixed that back_url=/ param is ignored (#16467)....
 r12765 back_urls = [
'http://test.host/issues/show/1',
Jean-Philippe Lang
Open redirect vulnerability (#19577)....
 r14178 'http://test.host/',
Jean-Philippe Lang
Fixed that back_url=/ param is ignored (#16467)....
 r12765 '/'
]
back_urls.each do |back_url|
post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
assert_redirected_to back_url
end
Jean-Philippe Lang
Redirect user to the previous page after logging in (#1679)....
 r1686 end
Toshi MARUYAMA
remove trailing white-spaces from test/functional/account_controller_test.rb....
 r5869
Jean-Philippe Lang
Don't redirect to another suburi (#16530)....
 r12938 def test_login_with_suburi_should_redirect_to_back_url_param
Jean-Philippe Lang
Merged rails-4.1 branch (#14534)....
 r13100 @relative_url_root = Redmine::Utils.relative_url_root
Redmine::Utils.relative_url_root = '/redmine'
Jean-Philippe Lang
Don't redirect to another suburi (#16530)....
 r12938
back_urls = [
'http://test.host/redmine/issues/show/1',
'/redmine'
]
back_urls.each do |back_url|
post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
assert_redirected_to back_url
end
ensure
Jean-Philippe Lang
Merged rails-4.1 branch (#14534)....
 r13100 Redmine::Utils.relative_url_root = @relative_url_root
Jean-Philippe Lang
Don't redirect to another suburi (#16530)....
 r12938 end
Jean-Philippe Lang
Redirect user to the previous page after logging in (#1679)....
 r1686 def test_login_should_not_redirect_to_another_host
Jean-Philippe Lang
Fixed back url verification (#16466)....
 r12743 back_urls = [
'http://test.foo/fake',
'//test.foo/fake'
]
back_urls.each do |back_url|
post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
assert_redirected_to '/my/page'
end
Jean-Philippe Lang
Redirect user to the previous page after logging in (#1679)....
 r1686 end
Jean-Philippe Lang
Don't redirect to another suburi (#16530)....
 r12938 def test_login_with_suburi_should_not_redirect_to_another_suburi
Jean-Philippe Lang
Merged rails-4.1 branch (#14534)....
 r13100 @relative_url_root = Redmine::Utils.relative_url_root
Redmine::Utils.relative_url_root = '/redmine'
Jean-Philippe Lang
Don't redirect to another suburi (#16530)....
 r12938
back_urls = [
'http://test.host/',
'http://test.host/fake',
'http://test.host/fake/issues',
'http://test.host/redmine/../fake',
'http://test.host/redmine/../fake/issues',
Jean-Philippe Lang
Open redirect vulnerability (#19577)....
 r14178 'http://test.host/redmine/%2e%2e/fake',
'//test.foo/fake',
'http://test.host//fake',
'http://test.host/\n//fake',
'//bar@test.foo',
'//test.foo',
'////test.foo',
'@test.foo',
Jean-Philippe Lang
Adds a test for #20714....
 r14179 'fake@test.foo',
'.test.foo'
Jean-Philippe Lang
Don't redirect to another suburi (#16530)....
 r12938 ]
back_urls.each do |back_url|
post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
assert_redirected_to '/my/page'
end
ensure
Jean-Philippe Lang
Merged rails-4.1 branch (#14534)....
 r13100 Redmine::Utils.relative_url_root = @relative_url_root
Jean-Philippe Lang
Don't redirect to another suburi (#16530)....
 r12938 end
Jean-Philippe Lang
Added some functional tests and a CVS test repository....
 r974 def test_login_with_wrong_password
Jean-Philippe Lang
Login field name changed to username (#755)....
 r1167 post :login, :username => 'admin', :password => 'bad'
Jean-Philippe Lang
Added some functional tests and a CVS test repository....
 r974 assert_response :success
assert_template 'login'
Jean-Philippe Lang
Preserve username when authentification failed (#11846)....
 r10398
assert_select 'div.flash.error', :text => /Invalid user or password/
assert_select 'input[name=username][value=admin]'
assert_select 'input[name=password]'
assert_select 'input[name=password][value]', 0
Jean-Philippe Lang
Added some functional tests and a CVS test repository....
 r974 end
Toshi MARUYAMA
remove trailing white-spaces from test/functional/account_controller_test.rb....
 r5869
Jean-Philippe Lang
Adds a way for a registered user to get a new action email (#14228)....
 r11716 def test_login_with_locked_account_should_fail
User.find(2).update_attribute :status, User::STATUS_LOCKED
post :login, :username => 'jsmith', :password => 'jsmith'
assert_redirected_to '/login'
assert_include 'locked', flash[:error]
assert_nil @request.session[:user_id]
end
def test_login_as_registered_user_with_manual_activation_should_inform_user
User.find(2).update_attribute :status, User::STATUS_REGISTERED
with_settings :self_registration => '2', :default_language => 'en' do
post :login, :username => 'jsmith', :password => 'jsmith'
assert_redirected_to '/login'
assert_include 'pending administrator approval', flash[:error]
end
end
def test_login_as_registered_user_with_email_activation_should_propose_new_activation_email
User.find(2).update_attribute :status, User::STATUS_REGISTERED
with_settings :self_registration => '1', :default_language => 'en' do
post :login, :username => 'jsmith', :password => 'jsmith'
assert_redirected_to '/login'
assert_equal 2, @request.session[:registered_user_id]
assert_include 'new activation email', flash[:error]
end
end
Jean-Philippe Lang
Friendly response when the LDAP connection fails....
 r8791 def test_login_should_rescue_auth_source_exception
source = AuthSource.create!(:name => 'Test')
User.find(2).update_attribute :auth_source_id, source.id
AuthSource.any_instance.stubs(:authenticate).raises(AuthSourceException.new("Something wrong"))
post :login, :username => 'jsmith', :password => 'jsmith'
assert_response 500
Jean-Philippe Lang
Replaced remaining #assert_tag with #assert_select....
 r13242 assert_select_error /Something wrong/
Jean-Philippe Lang
Friendly response when the LDAP connection fails....
 r8791 end
Jean-Philippe Lang
Moved tests about session reset to functional tests....
 r8894 def test_login_should_reset_session
@controller.expects(:reset_session).once
post :login, :username => 'jsmith', :password => 'jsmith'
assert_response 302
end
Jean-Philippe Lang
Use POST instead of GET for logging out (#13022)....
 r11059 def test_get_logout_should_not_logout
Jean-Philippe Lang
Added some functional tests and a CVS test repository....
 r974 @request.session[:user_id] = 2
get :logout
Jean-Philippe Lang
Use POST instead of GET for logging out (#13022)....
 r11059 assert_response :success
assert_template 'logout'
assert_equal 2, @request.session[:user_id]
end
Jean-Philippe Lang
Additional tests for AccountController....
 r11792 def test_get_logout_with_anonymous_should_redirect
get :logout
assert_redirected_to '/'
end
Jean-Philippe Lang
Use POST instead of GET for logging out (#13022)....
 r11059 def test_logout
@request.session[:user_id] = 2
post :logout
Jean-Philippe Lang
Adds leading slash to all assert_redirected_to arguments (#6887)....
 r4293 assert_redirected_to '/'
Jean-Philippe Lang
Added some functional tests and a CVS test repository....
 r974 assert_nil @request.session[:user_id]
end
Eric Davis
Added tests for AccountController#register GET....
 r3789
Jean-Philippe Lang
Moved tests about session reset to functional tests....
 r8894 def test_logout_should_reset_session
@controller.expects(:reset_session).once
@request.session[:user_id] = 2
Jean-Philippe Lang
Use POST instead of GET for logging out (#13022)....
 r11059 post :logout
Jean-Philippe Lang
Moved tests about session reset to functional tests....
 r8894 assert_response 302
end
Jean-Philippe Lang
Change tests to use ruby/rails assertions....
 r8129 def test_get_register_with_registration_on
with_settings :self_registration => '3' do
get :register
assert_response :success
assert_template 'register'
assert_not_nil assigns(:user)
Jean-Philippe Lang
Fixed registration form broken by r8479....
 r8662
Jean-Philippe Lang
Use #assert_select instead of #assert_tag....
 r10836 assert_select 'input[name=?]', 'user[password]'
assert_select 'input[name=?]', 'user[password_confirmation]'
Eric Davis
Added tests for AccountController#register GET....
 r3789 end
Jean-Philippe Lang
Change tests to use ruby/rails assertions....
 r8129 end
Toshi MARUYAMA
remove trailing white-spaces from test/functional/account_controller_test.rb....
 r5869
Jean-Philippe Lang
Use browser language as default when registering....
 r10759 def test_get_register_should_detect_user_language
with_settings :self_registration => '3' do
@request.env['HTTP_ACCEPT_LANGUAGE'] = 'fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3'
get :register
assert_response :success
assert_not_nil assigns(:user)
assert_equal 'fr', assigns(:user).language
assert_select 'select[name=?]', 'user[language]' do
assert_select 'option[value=fr][selected=selected]'
end
end
end
Jean-Philippe Lang
Change tests to use ruby/rails assertions....
 r8129 def test_get_register_with_registration_off_should_redirect
with_settings :self_registration => '0' do
get :register
assert_redirected_to '/'
Eric Davis
Added tests for AccountController#register GET....
 r3789 end
end
Eric Davis
Added tests for AccountController#register POST with automatic registration....
 r3790
Jean-Philippe Lang
Adds the "Hide my email address" option on the registration form (#21500)....
 r14594 def test_get_register_should_show_hide_mail_preference
get :register
assert_select 'input[name=?][checked=checked]', 'pref[hide_mail]'
end
def test_get_register_should_show_hide_mail_preference_with_setting_turned_off
with_settings :default_users_hide_mail => '0' do
get :register
assert_select 'input[name=?]:not([checked=checked])', 'pref[hide_mail]'
end
end
Eric Davis
Added tests for AccountController#register POST with automatic registration....
 r3790 # See integration/account_test.rb for the full test
Jean-Philippe Lang
Change tests to use ruby/rails assertions....
 r8129 def test_post_register_with_registration_on
with_settings :self_registration => '3' do
assert_difference 'User.count' do
Eric Davis
Added tests for AccountController#register POST with automatic registration....
 r3790 post :register, :user => {
:login => 'register',
Jean-Philippe Lang
Use 8+ characters long passwords in tests....
 r10659 :password => 'secret123',
:password_confirmation => 'secret123',
Eric Davis
Added tests for AccountController#register POST with automatic registration....
 r3790 :firstname => 'John',
:lastname => 'Doe',
:mail => 'register@example.com'
}
Jean-Philippe Lang
Change tests to use ruby/rails assertions....
 r8129 assert_redirected_to '/my/account'
Eric Davis
Added tests for AccountController#register POST with automatic registration....
 r3790 end
Toshi MARUYAMA
Rails4: replace deprecated Relation#first with finder options at AccountControllerTest...
 r12230 user = User.order('id DESC').first
Jean-Philippe Lang
Change tests to use ruby/rails assertions....
 r8129 assert_equal 'register', user.login
Jean-Philippe Lang
Fixed registration form broken by r8479....
 r8662 assert_equal 'John', user.firstname
assert_equal 'Doe', user.lastname
assert_equal 'register@example.com', user.mail
Jean-Philippe Lang
Use 8+ characters long passwords in tests....
 r10659 assert user.check_password?('secret123')
Jean-Philippe Lang
Change tests to use ruby/rails assertions....
 r8129 assert user.active?
Eric Davis
Added tests for AccountController#register POST with automatic registration....
 r3790 end
Jean-Philippe Lang
Change tests to use ruby/rails assertions....
 r8129 end
def test_post_register_with_registration_off_should_redirect
with_settings :self_registration => '0' do
assert_no_difference 'User.count' do
post :register, :user => {
:login => 'register',
:password => 'test',
:password_confirmation => 'test',
:firstname => 'John',
:lastname => 'Doe',
:mail => 'register@example.com'
}
assert_redirected_to '/'
Eric Davis
Added tests for AccountController#register POST with automatic registration....
 r3790 end
end
end
Jean-Philippe Lang
Code cleanup....
 r9760
Jean-Philippe Lang
Adds the "Hide my email address" option on the registration form (#21500)....
 r14594 def test_post_register_should_create_user_with_hide_mail_preference
with_settings :default_users_hide_mail => '0' do
user = new_record(User) do
post :register, :user => {
:login => 'register',
:password => 'secret123', :password_confirmation => 'secret123',
:firstname => 'John', :lastname => 'Doe',
:mail => 'register@example.com'
}, :pref => {
:hide_mail => '1'
}
end
assert_equal true, user.pref.hide_mail
end
end
Jean-Philippe Lang
Code cleanup....
 r9760 def test_get_lost_password_should_display_lost_password_form
get :lost_password
assert_response :success
assert_select 'input[name=mail]'
end
def test_lost_password_for_active_user_should_create_a_token
Jean-Philippe Lang
Test failure....
 r9761 Token.delete_all
Jean-Philippe Lang
Fixed test failure....
 r9762 ActionMailer::Base.deliveries.clear
Jean-Philippe Lang
Code cleanup....
 r9760 assert_difference 'ActionMailer::Base.deliveries.size' do
assert_difference 'Token.count' do
Jean-Philippe Lang
No need to use custom host name in these tests....
 r14903 post :lost_password, :mail => 'JSmith@somenet.foo'
assert_redirected_to '/login'
Jean-Philippe Lang
Code cleanup....
 r9760 end
end
token = Token.order('id DESC').first
assert_equal User.find(2), token.user
assert_equal 'recovery', token.action
assert_select_email do
Jean-Philippe Lang
No need to use custom host name in these tests....
 r14903 assert_select "a[href=?]", "http://localhost:3000/account/lost_password?token=#{token.value}"
Jean-Philippe Lang
Code cleanup....
 r9760 end
end
Jean-Philippe Lang
Send password reset email to the email used in lost password form (#4244)....
 r13506 def test_lost_password_using_additional_email_address_should_send_email_to_the_address
EmailAddress.create!(:user_id => 2, :address => 'anotherAddress@foo.bar')
Token.delete_all
assert_difference 'ActionMailer::Base.deliveries.size' do
assert_difference 'Token.count' do
post :lost_password, :mail => 'ANOTHERaddress@foo.bar'
assert_redirected_to '/login'
end
end
mail = ActionMailer::Base.deliveries.last
assert_equal ['anotherAddress@foo.bar'], mail.bcc
end
Jean-Philippe Lang
Code cleanup....
 r9760 def test_lost_password_for_unknown_user_should_fail
Jean-Philippe Lang
Test failure....
 r9761 Token.delete_all
Jean-Philippe Lang
Code cleanup....
 r9760 assert_no_difference 'Token.count' do
post :lost_password, :mail => 'invalid@somenet.foo'
assert_response :success
end
end
def test_lost_password_for_non_active_user_should_fail
Jean-Philippe Lang
Test failure....
 r9761 Token.delete_all
Jean-Philippe Lang
Code cleanup....
 r9760 assert User.find(2).lock!
assert_no_difference 'Token.count' do
post :lost_password, :mail => 'JSmith@somenet.foo'
Jean-Philippe Lang
Adds a way for a registered user to get a new action email (#14228)....
 r11716 assert_redirected_to '/account/lost_password'
Jean-Philippe Lang
Code cleanup....
 r9760 end
end
Jean-Philippe Lang
Code cleanup....
 r9763
Jean-Philippe Lang
Additional tests for AccountController....
 r11792 def test_lost_password_for_user_who_cannot_change_password_should_fail
User.any_instance.stubs(:change_password_allowed?).returns(false)
assert_no_difference 'Token.count' do
post :lost_password, :mail => 'JSmith@somenet.foo'
assert_response :success
end
end
Jean-Philippe Lang
Code cleanup....
 r9763 def test_get_lost_password_with_token_should_display_the_password_recovery_form
user = User.find(2)
token = Token.create!(:action => 'recovery', :user => user)
get :lost_password, :token => token.value
assert_response :success
assert_template 'password_recovery'
assert_select 'input[type=hidden][name=token][value=?]', token.value
end
def test_get_lost_password_with_invalid_token_should_redirect
get :lost_password, :token => "abcdef"
assert_redirected_to '/'
end
def test_post_lost_password_with_token_should_change_the_user_password
Jean-Philippe Lang
Security notifications when password or email adress is changed (#21421)....
 r14763 ActionMailer::Base.deliveries.clear
Jean-Philippe Lang
Code cleanup....
 r9763 user = User.find(2)
token = Token.create!(:action => 'recovery', :user => user)
Jean-Philippe Lang
Use 8+ characters long passwords in tests....
 r10659 post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123'
Jean-Philippe Lang
Code cleanup....
 r9763 assert_redirected_to '/login'
user.reload
Jean-Philippe Lang
Use 8+ characters long passwords in tests....
 r10659 assert user.check_password?('newpass123')
Jean-Philippe Lang
Code cleanup....
 r9763 assert_nil Token.find_by_id(token.id), "Token was not deleted"
Jean-Philippe Lang
Security notifications when password or email adress is changed (#21421)....
 r14763 assert_not_nil (mail = ActionMailer::Base.deliveries.last)
assert_select_email do
assert_select 'a[href^=?]', 'http://localhost:3000/my/password', :text => 'Change password'
end
Jean-Philippe Lang
Code cleanup....
 r9763 end
def test_post_lost_password_with_token_for_non_active_user_should_fail
user = User.find(2)
token = Token.create!(:action => 'recovery', :user => user)
user.lock!
Jean-Philippe Lang
Use 8+ characters long passwords in tests....
 r10659 post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123'
Jean-Philippe Lang
Code cleanup....
 r9763 assert_redirected_to '/'
Jean-Philippe Lang
Use 8+ characters long passwords in tests....
 r10659 assert ! user.check_password?('newpass123')
Jean-Philippe Lang
Code cleanup....
 r9763 end
def test_post_lost_password_with_token_and_password_confirmation_failure_should_redisplay_the_form
user = User.find(2)
token = Token.create!(:action => 'recovery', :user => user)
post :lost_password, :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'wrongpass'
assert_response :success
assert_template 'password_recovery'
assert_not_nil Token.find_by_id(token.id), "Token was deleted"
assert_select 'input[type=hidden][name=token][value=?]', token.value
end
def test_post_lost_password_with_invalid_token_should_redirect
post :lost_password, :token => "abcdef", :new_password => 'newpass', :new_password_confirmation => 'newpass'
assert_redirected_to '/'
end
Jean-Philippe Lang
Adds a way for a registered user to get a new action email (#14228)....
 r11716
def test_activation_email_should_send_an_activation_email
User.find(2).update_attribute :status, User::STATUS_REGISTERED
@request.session[:registered_user_id] = 2
with_settings :self_registration => '1' do
assert_difference 'ActionMailer::Base.deliveries.size' do
get :activation_email
assert_redirected_to '/login'
end
end
end
Jean-Philippe Lang
Additional tests for AccountController....
 r11792
def test_activation_email_without_session_data_should_fail
User.find(2).update_attribute :status, User::STATUS_REGISTERED
with_settings :self_registration => '1' do
assert_no_difference 'ActionMailer::Base.deliveries.size' do
get :activation_email
assert_redirected_to '/'
end
end
end
Jean-Philippe Lang
Added some functional tests and a CVS test repository....
 r974 end