jro_apps/redmine Commit - r15907:0554e1f3cb3b

1

# Redmine - project management software

1

# Redmine - project management software

2

3

#

3

#

4

# This program is free software; you can redistribute it and/or

4

# This program is free software; you can redistribute it and/or

5

# modify it under the terms of the GNU General Public License

5

# modify it under the terms of the GNU General Public License

6

# as published by the Free Software Foundation; either version 2

6

# as published by the Free Software Foundation; either version 2

7

# of the License, or (at your option) any later version.

7

# of the License, or (at your option) any later version.

8

#

8

#

9

# This program is distributed in the hope that it will be useful,

9

# This program is distributed in the hope that it will be useful,

10

# but WITHOUT ANY WARRANTY; without even the implied warranty of

10

# but WITHOUT ANY WARRANTY; without even the implied warranty of

11

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

11

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

12

# GNU General Public License for more details.

12

# GNU General Public License for more details.

13

#

13

#

14

# You should have received a copy of the GNU General Public License

14

# You should have received a copy of the GNU General Public License

15

# along with this program; if not, write to the Free Software

15

# along with this program; if not, write to the Free Software

16

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

16

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

17

18

require File.expand_path('../../test_helper', __FILE__)

18

require File.expand_path('../../test_helper', __FILE__)

19

20

class AccountTest < Redmine::IntegrationTest

20

class AccountTest < Redmine::IntegrationTest

21

fixtures :users, :email_addresses, :roles

21

fixtures :users, :email_addresses, :roles

22

23

def test_login

23

def test_login

24

get "/my/page"

24

get "/my/page"

25

assert_redirected_to "/login?back_url=http%3A%2F%2Fwww.example.com%2Fmy%2Fpage"

25

assert_redirected_to "/login?back_url=http%3A%2F%2Fwww.example.com%2Fmy%2Fpage"

26

log_user('jsmith', 'jsmith')

26

log_user('jsmith', 'jsmith')

27

28

get "/my/account"

28

get "/my/account"

29

assert_response :success

29

assert_response :success

30

end

30

end

31

32

def test_login_should_set_session_token

32

def test_login_should_set_session_token

33

assert_difference 'Token.count' do

33

assert_difference 'Token.count' do

34

log_user('jsmith', 'jsmith')

34

log_user('jsmith', 'jsmith')

35

36

assert_equal 2, session[:user_id]

36

assert_equal 2, session[:user_id]

37

assert_not_nil session[:tk]

37

assert_not_nil session[:tk]

38

end

38

end

39

end

39

end

40

41

def test_autologin

41

def test_autologin

42

user = User.find(1)

42

user = User.find(1)

43

Token.delete_all

43

Token.delete_all

44

45

with_settings :autologin => '7' do

45

with_settings :autologin => '7' do

46

assert_difference 'Token.count', 2 do

46

assert_difference 'Token.count', 2 do

47

# User logs in with 'autologin' checked

47

# User logs in with 'autologin' checked

48

post '/login', :username => user.login, :password => 'admin', :autologin => 1

48

post '/login', :username => user.login, :password => 'admin', :autologin => 1

49

assert_redirected_to '/my/page'

49

assert_redirected_to '/my/page'

50

end

50

end

51

token = Token.where(:action => 'autologin').order(:id => :desc).first

51

token = Token.where(:action => 'autologin').order(:id => :desc).first

52

assert_not_nil token

52

assert_not_nil token

53

assert_equal user, token.user

53

assert_equal user, token.user

54

assert_equal 'autologin', token.action

54

assert_equal 'autologin', token.action

55

assert_equal user.id, session[:user_id]

55

assert_equal user.id, session[:user_id]

56

assert_equal token.value, cookies['autologin']

56

assert_equal token.value, cookies['autologin']

57

58

# Session is cleared

58

# Session is cleared

59

reset!

59

reset!

60

User.current = nil

60

User.current = nil

61

# Clears user's last login timestamp

61

# Clears user's last login timestamp

62

user.update_attribute :last_login_on, nil

62

user.update_attribute :last_login_on, nil

63

assert_nil user.reload.last_login_on

63

assert_nil user.reload.last_login_on

64

65

# User comes back with user's autologin cookie

65

# User comes back with user's autologin cookie

66

cookies[:autologin] = token.value

66

cookies[:autologin] = token.value

67

get '/my/page'

67

get '/my/page'

68

assert_response :success

68

assert_response :success

69

assert_equal user.id, session[:user_id]

69

assert_equal user.id, session[:user_id]

70

assert_not_nil user.reload.last_login_on

70

assert_not_nil user.reload.last_login_on

71

end

71

end

72

end

72

end

73

74

def test_autologin_should_use_autologin_cookie_name

74

def test_autologin_should_use_autologin_cookie_name

75

Token.delete_all

75

Token.delete_all

76

Redmine::Configuration.stubs(:[]).with('autologin_cookie_name').returns('custom_autologin')

76

Redmine::Configuration.stubs(:[]).with('autologin_cookie_name').returns('custom_autologin')

77

Redmine::Configuration.stubs(:[]).with('autologin_cookie_path').returns('/')

77

Redmine::Configuration.stubs(:[]).with('autologin_cookie_path').returns('/')

78

Redmine::Configuration.stubs(:[]).with('autologin_cookie_secure').returns(false)

78

Redmine::Configuration.stubs(:[]).with('autologin_cookie_secure').returns(false)

79

Redmine::Configuration.stubs(:[]).with('sudo_mode_timeout').returns(15)

79

Redmine::Configuration.stubs(:[]).with('sudo_mode_timeout').returns(15)

80

81

with_settings :autologin => '7' do

81

with_settings :autologin => '7' do

82

assert_difference 'Token.count', 2 do

82

assert_difference 'Token.count', 2 do

83

post '/login', :username => 'admin', :password => 'admin', :autologin => 1

83

post '/login', :username => 'admin', :password => 'admin', :autologin => 1

84

assert_response 302

84

assert_response 302

85

end

85

end

86

assert cookies['custom_autologin'].present?

86

assert cookies['custom_autologin'].present?

87

token = cookies['custom_autologin']

87

token = cookies['custom_autologin']

88

89

# Session is cleared

89

# Session is cleared

90

reset!

90

reset!

91

cookies['custom_autologin'] = token

91

cookies['custom_autologin'] = token

92

get '/my/page'

92

get '/my/page'

93

assert_response :success

93

assert_response :success

94

95

assert_difference 'Token.count', -2 do

95

assert_difference 'Token.count', -2 do

96

post '/logout'

96

post '/logout'

97

end

97

end

98

assert cookies['custom_autologin'].blank?

98

assert cookies['custom_autologin'].blank?

99

end

99

end

100

end

100

end

101

102

def test_lost_password

102

def test_lost_password

103

Token.delete_all

103

Token.delete_all

104

105

get "/account/lost_password"

105

get "/account/lost_password"

106

assert_response :success

106

assert_response :success

107

assert_select 'input[name=mail]'

107

assert_select 'input[name=mail]'

108

109

post "/account/lost_password", :mail => 'jSmith@somenet.foo'

109

post "/account/lost_password", :mail => 'jSmith@somenet.foo'

110

assert_redirected_to "/login"

110

assert_redirected_to "/login"

111

112

token = Token.first

112

token = Token.first

113

assert_equal 'recovery', token.action

113

assert_equal 'recovery', token.action

114

assert_equal 'jsmith@somenet.foo', token.user.mail

114

assert_equal 'jsmith@somenet.foo', token.user.mail

115

assert !token.expired?

115

assert !token.expired?

116

117

get "/account/lost_password", :token => token.value

117

get "/account/lost_password", :token => token.value

118

assert_redirected_to '/account/lost_password'

119

120

follow_redirect!

118

assert_response :success

121

assert_response :success

119

assert_select 'input[type=hidden][name=token][value=?]', token.value

122

assert_select 'input[type=hidden][name=token][value=?]', token.value

120

assert_select 'input[name=new_password]'

123

assert_select 'input[name=new_password]'

121

assert_select 'input[name=new_password_confirmation]'

124

assert_select 'input[name=new_password_confirmation]'

122

125

123

post "/account/lost_password",

126

post "/account/lost_password",

124

:token => token.value, :new_password => 'newpass123',

127

:token => token.value, :new_password => 'newpass123',

125

:new_password_confirmation => 'newpass123'

128

:new_password_confirmation => 'newpass123'

126

assert_redirected_to "/login"

129

assert_redirected_to "/login"

127

assert_equal 'Password was successfully updated.', flash[:notice]

130

assert_equal 'Password was successfully updated.', flash[:notice]

128

131

129

log_user('jsmith', 'newpass123')

132

log_user('jsmith', 'newpass123')

130

assert_equal false, Token.exists?(token.id), "Password recovery token was not deleted"

133

assert_equal false, Token.exists?(token.id), "Password recovery token was not deleted"

131

end

134

end

132

135

133

def test_user_with_must_change_passwd_should_be_forced_to_change_its_password

136

def test_user_with_must_change_passwd_should_be_forced_to_change_its_password

134

User.find_by_login('jsmith').update_attribute :must_change_passwd, true

137

User.find_by_login('jsmith').update_attribute :must_change_passwd, true

135

138

136

post '/login', :username => 'jsmith', :password => 'jsmith'

139

post '/login', :username => 'jsmith', :password => 'jsmith'

137

assert_redirected_to '/my/page'

140

assert_redirected_to '/my/page'

138

follow_redirect!

141

follow_redirect!

139

assert_redirected_to '/my/password'

142

assert_redirected_to '/my/password'

140

143

141

get '/issues'

144

get '/issues'

142

assert_redirected_to '/my/password'

145

assert_redirected_to '/my/password'

143

end

146

end

144

147

145

def test_flash_message_should_use_user_language_when_redirecting_user_for_password_change

148

def test_flash_message_should_use_user_language_when_redirecting_user_for_password_change

146

user = User.find_by_login('jsmith')

149

user = User.find_by_login('jsmith')

147

user.must_change_passwd = true

150

user.must_change_passwd = true

148

user.language = 'it'

151

user.language = 'it'

149

user.save!

152

user.save!

150

153

151

post '/login', :username => 'jsmith', :password => 'jsmith'

154

post '/login', :username => 'jsmith', :password => 'jsmith'

152

assert_redirected_to '/my/page'

155

assert_redirected_to '/my/page'

153

follow_redirect!

156

follow_redirect!

154

assert_redirected_to '/my/password'

157

assert_redirected_to '/my/password'

155

follow_redirect!

158

follow_redirect!

156

159

157

assert_select 'div.error', :text => /richiesto che sia cambiata/

160

assert_select 'div.error', :text => /richiesto che sia cambiata/

158

end

161

end

159

162

160

def test_user_with_must_change_passwd_should_be_able_to_change_its_password

163

def test_user_with_must_change_passwd_should_be_able_to_change_its_password

161

User.find_by_login('jsmith').update_attribute :must_change_passwd, true

164

User.find_by_login('jsmith').update_attribute :must_change_passwd, true

162

165

163

post '/login', :username => 'jsmith', :password => 'jsmith'

166

post '/login', :username => 'jsmith', :password => 'jsmith'

164

assert_redirected_to '/my/page'

167

assert_redirected_to '/my/page'

165

follow_redirect!

168

follow_redirect!

166

assert_redirected_to '/my/password'

169

assert_redirected_to '/my/password'

167

follow_redirect!

170

follow_redirect!

168

assert_response :success

171

assert_response :success

169

post '/my/password', :password => 'jsmith', :new_password => 'newpassword', :new_password_confirmation => 'newpassword'

172

post '/my/password', :password => 'jsmith', :new_password => 'newpassword', :new_password_confirmation => 'newpassword'

170

assert_redirected_to '/my/account'

173

assert_redirected_to '/my/account'

171

follow_redirect!

174

follow_redirect!

172

assert_response :success

175

assert_response :success

173

176

174

assert_equal false, User.find_by_login('jsmith').must_change_passwd?

177

assert_equal false, User.find_by_login('jsmith').must_change_passwd?

175

end

178

end

176

179

177

def test_user_with_expired_password_should_be_forced_to_change_its_password

180

def test_user_with_expired_password_should_be_forced_to_change_its_password

178

User.find_by_login('jsmith').update_attribute :passwd_changed_on, 14.days.ago

181

User.find_by_login('jsmith').update_attribute :passwd_changed_on, 14.days.ago

179

182

180

with_settings :password_max_age => 7 do

183

with_settings :password_max_age => 7 do

181

post '/login', :username => 'jsmith', :password => 'jsmith'

184

post '/login', :username => 'jsmith', :password => 'jsmith'

182

assert_redirected_to '/my/page'

185

assert_redirected_to '/my/page'

183

follow_redirect!

186

follow_redirect!

184

assert_redirected_to '/my/password'

187

assert_redirected_to '/my/password'

185

188

186

get '/issues'

189

get '/issues'

187

assert_redirected_to '/my/password'

190

assert_redirected_to '/my/password'

188

end

191

end

189

end

192

end

190

193

191

def test_user_with_expired_password_should_be_able_to_change_its_password

194

def test_user_with_expired_password_should_be_able_to_change_its_password

192

User.find_by_login('jsmith').update_attribute :passwd_changed_on, 14.days.ago

195

User.find_by_login('jsmith').update_attribute :passwd_changed_on, 14.days.ago

193

196

194

with_settings :password_max_age => 7 do

197

with_settings :password_max_age => 7 do

195

post '/login', :username => 'jsmith', :password => 'jsmith'

198

post '/login', :username => 'jsmith', :password => 'jsmith'

196

assert_redirected_to '/my/page'

199

assert_redirected_to '/my/page'

197

follow_redirect!

200

follow_redirect!

198

assert_redirected_to '/my/password'

201

assert_redirected_to '/my/password'

199

follow_redirect!

202

follow_redirect!

200

assert_response :success

203

assert_response :success

201

post '/my/password', :password => 'jsmith', :new_password => 'newpassword', :new_password_confirmation => 'newpassword'

204

post '/my/password', :password => 'jsmith', :new_password => 'newpassword', :new_password_confirmation => 'newpassword'

202

assert_redirected_to '/my/account'

205

assert_redirected_to '/my/account'

203

follow_redirect!

206

follow_redirect!

204

assert_response :success

207

assert_response :success

205

208

206

assert_equal false, User.find_by_login('jsmith').must_change_passwd?

209

assert_equal false, User.find_by_login('jsmith').must_change_passwd?

207

end

210

end

208

211

209

end

212

end

210

213

211

def test_register_with_automatic_activation

214

def test_register_with_automatic_activation

212

Setting.self_registration = '3'

215

Setting.self_registration = '3'

213

216

214

get '/account/register'

217

get '/account/register'

215

assert_response :success

218

assert_response :success

216

219

217

post '/account/register',

220

post '/account/register',

218

:user => {:login => "newuser", :language => "en",

221

:user => {:login => "newuser", :language => "en",

219

:firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",

222

:firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",

220

:password => "newpass123", :password_confirmation => "newpass123"}

223

:password => "newpass123", :password_confirmation => "newpass123"}

221

assert_redirected_to '/my/account'

224

assert_redirected_to '/my/account'

222

follow_redirect!

225

follow_redirect!

223

assert_response :success

226

assert_response :success

224

227

225

user = User.find_by_login('newuser')

228

user = User.find_by_login('newuser')

226

assert_not_nil user

229

assert_not_nil user

227

assert user.active?

230

assert user.active?

228

assert_not_nil user.last_login_on

231

assert_not_nil user.last_login_on

229

end

232

end

230

233

231

def test_register_with_manual_activation

234

def test_register_with_manual_activation

232

Setting.self_registration = '2'

235

Setting.self_registration = '2'

233

236

234

post '/account/register',

237

post '/account/register',

235

:user => {:login => "newuser", :language => "en",

238

:user => {:login => "newuser", :language => "en",

236

:firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",

239

:firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",

237

:password => "newpass123", :password_confirmation => "newpass123"}

240

:password => "newpass123", :password_confirmation => "newpass123"}

238

assert_redirected_to '/login'

241

assert_redirected_to '/login'

239

assert !User.find_by_login('newuser').active?

242

assert !User.find_by_login('newuser').active?

240

end

243

end

241

244

242

def test_register_with_email_activation

245

def test_register_with_email_activation

243

Setting.self_registration = '1'

246

Setting.self_registration = '1'

244

Token.delete_all

247

Token.delete_all

245

248

246

post '/account/register',

249

post '/account/register',

247

:user => {:login => "newuser", :language => "en",

250

:user => {:login => "newuser", :language => "en",

248

:firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",

251

:firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",

249

:password => "newpass123", :password_confirmation => "newpass123"}

252

:password => "newpass123", :password_confirmation => "newpass123"}

250

assert_redirected_to '/login'

253

assert_redirected_to '/login'

251

assert !User.find_by_login('newuser').active?

254

assert !User.find_by_login('newuser').active?

252

255

253

token = Token.first

256

token = Token.first

254

assert_equal 'register', token.action

257

assert_equal 'register', token.action

255

assert_equal 'newuser@foo.bar', token.user.mail

258

assert_equal 'newuser@foo.bar', token.user.mail

256

assert !token.expired?

259

assert !token.expired?

257

260

258

get '/account/activate', :token => token.value

261

get '/account/activate', :token => token.value

259

assert_redirected_to '/login'

262

assert_redirected_to '/login'

260

log_user('newuser', 'newpass123')

263

log_user('newuser', 'newpass123')

261

end

264

end

262

265

263

def test_onthefly_registration

266

def test_onthefly_registration

264

# disable registration

267

# disable registration

265

Setting.self_registration = '0'

268

Setting.self_registration = '0'

266

AuthSource.expects(:authenticate).returns(

269

AuthSource.expects(:authenticate).returns(

267

{:login => 'foo', :firstname => 'Foo', :lastname => 'Smith',

270

{:login => 'foo', :firstname => 'Foo', :lastname => 'Smith',

268

:mail => 'foo@bar.com', :auth_source_id => 66})

271

:mail => 'foo@bar.com', :auth_source_id => 66})

269

272

270

post '/login', :username => 'foo', :password => 'bar'

273

post '/login', :username => 'foo', :password => 'bar'

271

assert_redirected_to '/my/page'

274

assert_redirected_to '/my/page'

272

275

273

user = User.find_by_login('foo')

276

user = User.find_by_login('foo')

274

assert user.is_a?(User)

277

assert user.is_a?(User)

275

assert_equal 66, user.auth_source_id

278

assert_equal 66, user.auth_source_id

276

assert user.hashed_password.blank?

279

assert user.hashed_password.blank?

277

end

280

end

278

281

279

def test_onthefly_registration_with_invalid_attributes

282

def test_onthefly_registration_with_invalid_attributes

280

# disable registration

283

# disable registration

281

Setting.self_registration = '0'

284

Setting.self_registration = '0'

282

AuthSource.expects(:authenticate).returns(

285

AuthSource.expects(:authenticate).returns(

283

{:login => 'foo', :lastname => 'Smith', :auth_source_id => 66})

286

{:login => 'foo', :lastname => 'Smith', :auth_source_id => 66})

284

287

285

post '/login', :username => 'foo', :password => 'bar'

288

post '/login', :username => 'foo', :password => 'bar'

286

assert_response :success

289

assert_response :success

287

assert_select 'input[name=?][value=""]', 'user[firstname]'

290

assert_select 'input[name=?][value=""]', 'user[firstname]'

288

assert_select 'input[name=?][value=Smith]', 'user[lastname]'

291

assert_select 'input[name=?][value=Smith]', 'user[lastname]'

289

assert_select 'input[name=?]', 'user[login]', 0

292

assert_select 'input[name=?]', 'user[login]', 0

290

assert_select 'input[name=?]', 'user[password]', 0

293

assert_select 'input[name=?]', 'user[password]', 0

291

294

292

post '/account/register',

295

post '/account/register',

293

:user => {:firstname => 'Foo', :lastname => 'Smith', :mail => 'foo@bar.com'}

296

:user => {:firstname => 'Foo', :lastname => 'Smith', :mail => 'foo@bar.com'}

294

assert_redirected_to '/my/account'

297

assert_redirected_to '/my/account'

295

298

296

user = User.find_by_login('foo')

299

user = User.find_by_login('foo')

297

assert user.is_a?(User)

300

assert user.is_a?(User)

298

assert_equal 66, user.auth_source_id

301

assert_equal 66, user.auth_source_id

299

assert user.hashed_password.blank?

302

assert user.hashed_password.blank?

300

end

303

end

301

304

302

def test_registered_user_should_be_able_to_get_a_new_activation_email

305

def test_registered_user_should_be_able_to_get_a_new_activation_email

303

Token.delete_all

306

Token.delete_all

304

307

305

with_settings :self_registration => '1', :default_language => 'en' do

308

with_settings :self_registration => '1', :default_language => 'en' do

306

# register a new account

309

# register a new account

307

assert_difference 'User.count' do

310

assert_difference 'User.count' do

308

assert_difference 'Token.count' do

311

assert_difference 'Token.count' do

309

post '/account/register',

312

post '/account/register',

310

:user => {:login => "newuser", :language => "en",

313

:user => {:login => "newuser", :language => "en",

311

:firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",

314

:firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",

312

:password => "newpass123", :password_confirmation => "newpass123"}

315

:password => "newpass123", :password_confirmation => "newpass123"}

313

end

316

end

314

end

317

end

315

user = User.order('id desc').first

318

user = User.order('id desc').first

316

assert_equal User::STATUS_REGISTERED, user.status

319

assert_equal User::STATUS_REGISTERED, user.status

317

reset!

320

reset!

318

321

319

# try to use "lost password"

322

# try to use "lost password"

320

assert_no_difference 'ActionMailer::Base.deliveries.size' do

323

assert_no_difference 'ActionMailer::Base.deliveries.size' do

321

post '/account/lost_password', :mail => 'newuser@foo.bar'

324

post '/account/lost_password', :mail => 'newuser@foo.bar'

322

end

325

end

323

assert_redirected_to '/account/lost_password'

326

assert_redirected_to '/account/lost_password'

324

follow_redirect!

327

follow_redirect!

325

assert_response :success

328

assert_response :success

326

assert_select 'div.flash', :text => /new activation email/

329

assert_select 'div.flash', :text => /new activation email/

327

assert_select 'div.flash a[href="/account/activation_email"]'

330

assert_select 'div.flash a[href="/account/activation_email"]'

328

331

329

# request a new action activation email

332

# request a new action activation email

330

assert_difference 'ActionMailer::Base.deliveries.size' do

333

assert_difference 'ActionMailer::Base.deliveries.size' do

331

get '/account/activation_email'

334

get '/account/activation_email'

332

end

335

end

333

assert_redirected_to '/login'

336

assert_redirected_to '/login'

334

token = Token.order('id desc').first

337

token = Token.order('id desc').first

335

activation_path = "/account/activate?token=#{token.value}"

338

activation_path = "/account/activate?token=#{token.value}"

336

assert_include activation_path, mail_body(ActionMailer::Base.deliveries.last)

339

assert_include activation_path, mail_body(ActionMailer::Base.deliveries.last)

337

340

338

# activate the account

341

# activate the account

339

get activation_path

342

get activation_path

340

assert_redirected_to '/login'

343

assert_redirected_to '/login'

341

344

342

post '/login', :username => 'newuser', :password => 'newpass123'

345

post '/login', :username => 'newuser', :password => 'newpass123'

343

assert_redirected_to '/my/page'

346

assert_redirected_to '/my/page'

344

end

347

end

345

end

348

end

346

end

349

end

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             # Redmine - project management software
             # Copyright (C) 2006-2016  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require File.expand_path('../../test_helper', __FILE__)
             class AccountTest < Redmine::IntegrationTest
               fixtures :users, :email_addresses, :roles
               def test_login
                 get "/my/page"
                 assert_redirected_to "/login?back_url=http%3A%2F%2Fwww.example.com%2Fmy%2Fpage"
                 log_user('jsmith', 'jsmith')
                 get "/my/account"
                 assert_response :success
               end
               def test_login_should_set_session_token
                 assert_difference 'Token.count' do
                   log_user('jsmith', 'jsmith')
                   assert_equal 2, session[:user_id]
                   assert_not_nil session[:tk]
                 end
               end
               def test_autologin
                 user = User.find(1)
                 Token.delete_all
                 with_settings :autologin => '7' do
                   assert_difference 'Token.count', 2 do
                     # User logs in with 'autologin' checked
                     post '/login', :username => user.login, :password => 'admin', :autologin => 1
                     assert_redirected_to '/my/page'
                   end
                   token = Token.where(:action => 'autologin').order(:id => :desc).first
                   assert_not_nil token
                   assert_equal user, token.user
                   assert_equal 'autologin', token.action
                   assert_equal user.id, session[:user_id]
                   assert_equal token.value, cookies['autologin']
                   # Session is cleared
                   reset!
                   User.current = nil
                   # Clears user's last login timestamp
                   user.update_attribute :last_login_on, nil
                   assert_nil user.reload.last_login_on
                   # User comes back with user's autologin cookie
                   cookies[:autologin] = token.value
                   get '/my/page'
                   assert_response :success
                   assert_equal user.id, session[:user_id]
                   assert_not_nil user.reload.last_login_on
                 end
               end
               def test_autologin_should_use_autologin_cookie_name
                 Token.delete_all
                 Redmine::Configuration.stubs(:[]).with('autologin_cookie_name').returns('custom_autologin')
                 Redmine::Configuration.stubs(:[]).with('autologin_cookie_path').returns('/')
                 Redmine::Configuration.stubs(:[]).with('autologin_cookie_secure').returns(false)
                 Redmine::Configuration.stubs(:[]).with('sudo_mode_timeout').returns(15)
                 with_settings :autologin => '7' do
                   assert_difference 'Token.count', 2 do
                     post '/login', :username => 'admin', :password => 'admin', :autologin => 1
                     assert_response 302
                   end
                   assert cookies['custom_autologin'].present?
                   token = cookies['custom_autologin']
                   # Session is cleared
                   reset!
                   cookies['custom_autologin'] = token
                   get '/my/page'
                   assert_response :success
                   assert_difference 'Token.count', -2 do
                     post '/logout'
                   end
                   assert cookies['custom_autologin'].blank?
                 end
               end
               def test_lost_password
                 Token.delete_all
                 get "/account/lost_password"
                 assert_response :success
                 assert_select 'input[name=mail]'
                 post "/account/lost_password", :mail => 'jSmith@somenet.foo'
                 assert_redirected_to "/login"
                 token = Token.first
                 assert_equal 'recovery', token.action
                 assert_equal 'jsmith@somenet.foo', token.user.mail
                 assert !token.expired?
                 get "/account/lost_password", :token => token.value
+                assert_redirected_to '/account/lost_password'
+                follow_redirect!
                 assert_response :success
                 assert_select 'input[type=hidden][name=token][value=?]', token.value
                 assert_select 'input[name=new_password]'
                 assert_select 'input[name=new_password_confirmation]'
                 post "/account/lost_password",
                      :token => token.value, :new_password => 'newpass123',
                      :new_password_confirmation => 'newpass123'
                 assert_redirected_to "/login"
                 assert_equal 'Password was successfully updated.', flash[:notice]
                 log_user('jsmith', 'newpass123')
                 assert_equal false, Token.exists?(token.id), "Password recovery token was not deleted"
               end
               def test_user_with_must_change_passwd_should_be_forced_to_change_its_password
                 User.find_by_login('jsmith').update_attribute :must_change_passwd, true
                 post '/login', :username => 'jsmith', :password => 'jsmith'
                 assert_redirected_to '/my/page'
                 follow_redirect!
                 assert_redirected_to '/my/password'
                 get '/issues'
                 assert_redirected_to '/my/password'
               end
               def test_flash_message_should_use_user_language_when_redirecting_user_for_password_change
                 user = User.find_by_login('jsmith')
                 user.must_change_passwd = true
                 user.language = 'it'
                 user.save!
                 post '/login', :username => 'jsmith', :password => 'jsmith'
                 assert_redirected_to '/my/page'
                 follow_redirect!
                 assert_redirected_to '/my/password'
                 follow_redirect!
                 assert_select 'div.error', :text => /richiesto che sia cambiata/
               end
               def test_user_with_must_change_passwd_should_be_able_to_change_its_password
                 User.find_by_login('jsmith').update_attribute :must_change_passwd, true
                 post '/login', :username => 'jsmith', :password => 'jsmith'
                 assert_redirected_to '/my/page'
                 follow_redirect!
                 assert_redirected_to '/my/password'
                 follow_redirect!
                 assert_response :success
                 post '/my/password', :password => 'jsmith', :new_password => 'newpassword', :new_password_confirmation => 'newpassword'
                 assert_redirected_to '/my/account'
                 follow_redirect!
                 assert_response :success
                 assert_equal false, User.find_by_login('jsmith').must_change_passwd?
               end
               def test_user_with_expired_password_should_be_forced_to_change_its_password
                 User.find_by_login('jsmith').update_attribute :passwd_changed_on, 14.days.ago
                 with_settings :password_max_age => 7 do
                   post '/login', :username => 'jsmith', :password => 'jsmith'
                   assert_redirected_to '/my/page'
                   follow_redirect!
                   assert_redirected_to '/my/password'
                   get '/issues'
                   assert_redirected_to '/my/password'
                 end
               end
               def test_user_with_expired_password_should_be_able_to_change_its_password
                 User.find_by_login('jsmith').update_attribute :passwd_changed_on, 14.days.ago
                 with_settings :password_max_age => 7 do
                   post '/login', :username => 'jsmith', :password => 'jsmith'
                   assert_redirected_to '/my/page'
                   follow_redirect!
                   assert_redirected_to '/my/password'
                   follow_redirect!
                   assert_response :success
                   post '/my/password', :password => 'jsmith', :new_password => 'newpassword', :new_password_confirmation => 'newpassword'
                   assert_redirected_to '/my/account'
                   follow_redirect!
                   assert_response :success
                   assert_equal false, User.find_by_login('jsmith').must_change_passwd?
                 end
               end
               def test_register_with_automatic_activation
                 Setting.self_registration = '3'
                 get '/account/register'
                 assert_response :success
                 post '/account/register',
                      :user => {:login => "newuser", :language => "en",
                                :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",
                                :password => "newpass123", :password_confirmation => "newpass123"}
                 assert_redirected_to '/my/account'
                 follow_redirect!
                 assert_response :success
                 user = User.find_by_login('newuser')
                 assert_not_nil user
                 assert user.active?
                 assert_not_nil user.last_login_on
               end
               def test_register_with_manual_activation
                 Setting.self_registration = '2'
                 post '/account/register',
                      :user => {:login => "newuser", :language => "en",
                                :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",
                                :password => "newpass123", :password_confirmation => "newpass123"}
                 assert_redirected_to '/login'
                 assert !User.find_by_login('newuser').active?
               end
               def test_register_with_email_activation
                 Setting.self_registration = '1'
                 Token.delete_all
                 post '/account/register',
                      :user => {:login => "newuser", :language => "en",
                                :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",
                                :password => "newpass123", :password_confirmation => "newpass123"}
                 assert_redirected_to '/login'
                 assert !User.find_by_login('newuser').active?
                 token = Token.first
                 assert_equal 'register', token.action
                 assert_equal 'newuser@foo.bar', token.user.mail
                 assert !token.expired?
                 get '/account/activate', :token => token.value
                 assert_redirected_to '/login'
                 log_user('newuser', 'newpass123')
               end
               def test_onthefly_registration
                 # disable registration
                 Setting.self_registration = '0'
                 AuthSource.expects(:authenticate).returns(
                   {:login => 'foo', :firstname => 'Foo', :lastname => 'Smith',
                    :mail => 'foo@bar.com', :auth_source_id => 66})
                 post '/login', :username => 'foo', :password => 'bar'
                 assert_redirected_to '/my/page'
                 user = User.find_by_login('foo')
                 assert user.is_a?(User)
                 assert_equal 66, user.auth_source_id
                 assert user.hashed_password.blank?
               end
               def test_onthefly_registration_with_invalid_attributes
                 # disable registration
                 Setting.self_registration = '0'
                 AuthSource.expects(:authenticate).returns(
                   {:login => 'foo', :lastname => 'Smith', :auth_source_id => 66})
                 post '/login', :username => 'foo', :password => 'bar'
                 assert_response :success
                 assert_select 'input[name=?][value=""]', 'user[firstname]'
                 assert_select 'input[name=?][value=Smith]', 'user[lastname]'
                 assert_select 'input[name=?]', 'user[login]', 0
                 assert_select 'input[name=?]', 'user[password]', 0
                 post '/account/register',
                      :user => {:firstname => 'Foo', :lastname => 'Smith', :mail => 'foo@bar.com'}
                 assert_redirected_to '/my/account'
                 user = User.find_by_login('foo')
                 assert user.is_a?(User)
                 assert_equal 66, user.auth_source_id
                 assert user.hashed_password.blank?
               end
               def test_registered_user_should_be_able_to_get_a_new_activation_email
                 Token.delete_all
                 with_settings :self_registration => '1', :default_language => 'en' do
                   # register a new account
                   assert_difference 'User.count' do
                     assert_difference 'Token.count' do
                       post '/account/register',
                          :user => {:login => "newuser", :language => "en",
                                    :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",
                                    :password => "newpass123", :password_confirmation => "newpass123"}
                     end
                   end
                   user = User.order('id desc').first
                   assert_equal User::STATUS_REGISTERED, user.status
                   reset!
                   # try to use "lost password"
                   assert_no_difference 'ActionMailer::Base.deliveries.size' do
                     post '/account/lost_password', :mail => 'newuser@foo.bar'
                   end
                   assert_redirected_to '/account/lost_password'
                   follow_redirect!
                   assert_response :success
                   assert_select 'div.flash', :text => /new activation email/
                   assert_select 'div.flash a[href="/account/activation_email"]'
                   # request a new action activation email
                   assert_difference 'ActionMailer::Base.deliveries.size' do
                     get '/account/activation_email'
                   end
                   assert_redirected_to '/login'
                   token = Token.order('id desc').first
                   activation_path = "/account/activate?token=#{token.value}"
                   assert_include activation_path, mail_body(ActionMailer::Base.deliveries.last)
                   # activate the account
                   get activation_path
                   assert_redirected_to '/login'
                   post '/login', :username => 'newuser', :password => 'newpass123'
                   assert_redirected_to '/my/page'
                 end
               end
             end