jro_apps/redmine Commit - r11792:085417bdbb34

1

# Redmine - project management software

1

# Redmine - project management software

2

3

#

3

#

4

# This program is free software; you can redistribute it and/or

4

# This program is free software; you can redistribute it and/or

5

# modify it under the terms of the GNU General Public License

5

# modify it under the terms of the GNU General Public License

6

# as published by the Free Software Foundation; either version 2

6

# as published by the Free Software Foundation; either version 2

7

# of the License, or (at your option) any later version.

7

# of the License, or (at your option) any later version.

8

#

8

#

9

# This program is distributed in the hope that it will be useful,

9

# This program is distributed in the hope that it will be useful,

10

# but WITHOUT ANY WARRANTY; without even the implied warranty of

10

# but WITHOUT ANY WARRANTY; without even the implied warranty of

11

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

11

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

12

# GNU General Public License for more details.

12

# GNU General Public License for more details.

13

#

13

#

14

# You should have received a copy of the GNU General Public License

14

# You should have received a copy of the GNU General Public License

15

# along with this program; if not, write to the Free Software

15

# along with this program; if not, write to the Free Software

16

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

16

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

17

18

require File.expand_path('../../test_helper', __FILE__)

18

require File.expand_path('../../test_helper', __FILE__)

19

20

class AccountControllerTest < ActionController::TestCase

20

class AccountControllerTest < ActionController::TestCase

21

fixtures :users, :roles

21

fixtures :users, :roles

22

23

def setup

23

def setup

24

User.current = nil

24

User.current = nil

25

end

25

end

26

27

def test_get_login

27

def test_get_login

28

get :login

28

get :login

29

assert_response :success

29

assert_response :success

30

assert_template 'login'

30

assert_template 'login'

31

32

assert_select 'input[name=username]'

32

assert_select 'input[name=username]'

33

assert_select 'input[name=password]'

33

assert_select 'input[name=password]'

34

end

34

end

35

36

def test_get_login_while_logged_in_should_redirect_to_home

36

def test_get_login_while_logged_in_should_redirect_to_home

37

@request.session[:user_id] = 2

37

@request.session[:user_id] = 2

38

39

get :login

39

get :login

40

assert_redirected_to '/'

40

assert_redirected_to '/'

41

assert_equal 2, @request.session[:user_id]

41

assert_equal 2, @request.session[:user_id]

42

end

42

end

43

44

def test_login_should_redirect_to_back_url_param

44

def test_login_should_redirect_to_back_url_param

45

# request.uri is "test.host" in test environment

45

# request.uri is "test.host" in test environment

46

post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.host/issues/show/1'

46

post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.host/issues/show/1'

47

assert_redirected_to '/issues/show/1'

47

assert_redirected_to '/issues/show/1'

48

end

48

end

49

50

def test_login_should_not_redirect_to_another_host

50

def test_login_should_not_redirect_to_another_host

51

post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.foo/fake'

51

post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.foo/fake'

52

assert_redirected_to '/my/page'

52

assert_redirected_to '/my/page'

53

end

53

end

54

55

def test_login_with_wrong_password

55

def test_login_with_wrong_password

56

post :login, :username => 'admin', :password => 'bad'

56

post :login, :username => 'admin', :password => 'bad'

57

assert_response :success

57

assert_response :success

58

assert_template 'login'

58

assert_template 'login'

59

60

assert_select 'div.flash.error', :text => /Invalid user or password/

60

assert_select 'div.flash.error', :text => /Invalid user or password/

61

assert_select 'input[name=username][value=admin]'

61

assert_select 'input[name=username][value=admin]'

62

assert_select 'input[name=password]'

62

assert_select 'input[name=password]'

63

assert_select 'input[name=password][value]', 0

63

assert_select 'input[name=password][value]', 0

64

end

64

end

65

66

def test_login_with_locked_account_should_fail

66

def test_login_with_locked_account_should_fail

67

User.find(2).update_attribute :status, User::STATUS_LOCKED

67

User.find(2).update_attribute :status, User::STATUS_LOCKED

68

69

post :login, :username => 'jsmith', :password => 'jsmith'

69

post :login, :username => 'jsmith', :password => 'jsmith'

70

assert_redirected_to '/login'

70

assert_redirected_to '/login'

71

assert_include 'locked', flash[:error]

71

assert_include 'locked', flash[:error]

72

assert_nil @request.session[:user_id]

72

assert_nil @request.session[:user_id]

73

end

73

end

74

75

def test_login_as_registered_user_with_manual_activation_should_inform_user

75

def test_login_as_registered_user_with_manual_activation_should_inform_user

76

User.find(2).update_attribute :status, User::STATUS_REGISTERED

76

User.find(2).update_attribute :status, User::STATUS_REGISTERED

77

78

with_settings :self_registration => '2', :default_language => 'en' do

78

with_settings :self_registration => '2', :default_language => 'en' do

79

post :login, :username => 'jsmith', :password => 'jsmith'

79

post :login, :username => 'jsmith', :password => 'jsmith'

80

assert_redirected_to '/login'

80

assert_redirected_to '/login'

81

assert_include 'pending administrator approval', flash[:error]

81

assert_include 'pending administrator approval', flash[:error]

82

end

82

end

83

end

83

end

84

85

def test_login_as_registered_user_with_email_activation_should_propose_new_activation_email

85

def test_login_as_registered_user_with_email_activation_should_propose_new_activation_email

86

User.find(2).update_attribute :status, User::STATUS_REGISTERED

86

User.find(2).update_attribute :status, User::STATUS_REGISTERED

87

88

with_settings :self_registration => '1', :default_language => 'en' do

88

with_settings :self_registration => '1', :default_language => 'en' do

89

post :login, :username => 'jsmith', :password => 'jsmith'

89

post :login, :username => 'jsmith', :password => 'jsmith'

90

assert_redirected_to '/login'

90

assert_redirected_to '/login'

91

assert_equal 2, @request.session[:registered_user_id]

91

assert_equal 2, @request.session[:registered_user_id]

92

assert_include 'new activation email', flash[:error]

92

assert_include 'new activation email', flash[:error]

93

end

93

end

94

end

94

end

95

96

def test_login_should_rescue_auth_source_exception

96

def test_login_should_rescue_auth_source_exception

97

source = AuthSource.create!(:name => 'Test')

97

source = AuthSource.create!(:name => 'Test')

98

User.find(2).update_attribute :auth_source_id, source.id

98

User.find(2).update_attribute :auth_source_id, source.id

99

AuthSource.any_instance.stubs(:authenticate).raises(AuthSourceException.new("Something wrong"))

99

AuthSource.any_instance.stubs(:authenticate).raises(AuthSourceException.new("Something wrong"))

100

101

post :login, :username => 'jsmith', :password => 'jsmith'

101

post :login, :username => 'jsmith', :password => 'jsmith'

102

assert_response 500

102

assert_response 500

103

assert_error_tag :content => /Something wrong/

103

assert_error_tag :content => /Something wrong/

104

end

104

end

105

106

def test_login_should_reset_session

106

def test_login_should_reset_session

107

@controller.expects(:reset_session).once

107

@controller.expects(:reset_session).once

108

109

post :login, :username => 'jsmith', :password => 'jsmith'

109

post :login, :username => 'jsmith', :password => 'jsmith'

110

assert_response 302

110

assert_response 302

111

end

111

end

112

113

def test_get_logout_should_not_logout

113

def test_get_logout_should_not_logout

114

@request.session[:user_id] = 2

114

@request.session[:user_id] = 2

115

get :logout

115

get :logout

116

assert_response :success

116

assert_response :success

117

assert_template 'logout'

117

assert_template 'logout'

118

119

assert_equal 2, @request.session[:user_id]

119

assert_equal 2, @request.session[:user_id]

120

end

120

end

121

122

def test_get_logout_with_anonymous_should_redirect

123

get :logout

124

assert_redirected_to '/'

125

end

126

122

def test_logout

127

def test_logout

123

@request.session[:user_id] = 2

128

@request.session[:user_id] = 2

124

post :logout

129

post :logout

125

assert_redirected_to '/'

130

assert_redirected_to '/'

126

assert_nil @request.session[:user_id]

131

assert_nil @request.session[:user_id]

127

end

132

end

128

133

129

def test_logout_should_reset_session

134

def test_logout_should_reset_session

130

@controller.expects(:reset_session).once

135

@controller.expects(:reset_session).once

131

136

132

@request.session[:user_id] = 2

137

@request.session[:user_id] = 2

133

post :logout

138

post :logout

134

assert_response 302

139

assert_response 302

135

end

140

end

136

141

137

def test_get_register_with_registration_on

142

def test_get_register_with_registration_on

138

with_settings :self_registration => '3' do

143

with_settings :self_registration => '3' do

139

get :register

144

get :register

140

assert_response :success

145

assert_response :success

141

assert_template 'register'

146

assert_template 'register'

142

assert_not_nil assigns(:user)

147

assert_not_nil assigns(:user)

143

148

144

assert_select 'input[name=?]', 'user[password]'

149

assert_select 'input[name=?]', 'user[password]'

145

assert_select 'input[name=?]', 'user[password_confirmation]'

150

assert_select 'input[name=?]', 'user[password_confirmation]'

146

end

151

end

147

end

152

end

148

153

149

def test_get_register_should_detect_user_language

154

def test_get_register_should_detect_user_language

150

with_settings :self_registration => '3' do

155

with_settings :self_registration => '3' do

151

@request.env['HTTP_ACCEPT_LANGUAGE'] = 'fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3'

156

@request.env['HTTP_ACCEPT_LANGUAGE'] = 'fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3'

152

get :register

157

get :register

153

assert_response :success

158

assert_response :success

154

assert_not_nil assigns(:user)

159

assert_not_nil assigns(:user)

155

assert_equal 'fr', assigns(:user).language

160

assert_equal 'fr', assigns(:user).language

156

assert_select 'select[name=?]', 'user[language]' do

161

assert_select 'select[name=?]', 'user[language]' do

157

assert_select 'option[value=fr][selected=selected]'

162

assert_select 'option[value=fr][selected=selected]'

158

end

163

end

159

end

164

end

160

end

165

end

161

166

162

def test_get_register_with_registration_off_should_redirect

167

def test_get_register_with_registration_off_should_redirect

163

with_settings :self_registration => '0' do

168

with_settings :self_registration => '0' do

164

get :register

169

get :register

165

assert_redirected_to '/'

170

assert_redirected_to '/'

166

end

171

end

167

end

172

end

168

173

169

# See integration/account_test.rb for the full test

174

# See integration/account_test.rb for the full test

170

def test_post_register_with_registration_on

175

def test_post_register_with_registration_on

171

with_settings :self_registration => '3' do

176

with_settings :self_registration => '3' do

172

assert_difference 'User.count' do

177

assert_difference 'User.count' do

173

post :register, :user => {

178

post :register, :user => {

174

:login => 'register',

179

:login => 'register',

175

:password => 'secret123',

180

:password => 'secret123',

176

:password_confirmation => 'secret123',

181

:password_confirmation => 'secret123',

177

:firstname => 'John',

182

:firstname => 'John',

178

:lastname => 'Doe',

183

:lastname => 'Doe',

179

:mail => 'register@example.com'

184

:mail => 'register@example.com'

180

}

185

}

181

assert_redirected_to '/my/account'

186

assert_redirected_to '/my/account'

182

end

187

end

183

user = User.first(:order => 'id DESC')

188

user = User.first(:order => 'id DESC')

184

assert_equal 'register', user.login

189

assert_equal 'register', user.login

185

assert_equal 'John', user.firstname

190

assert_equal 'John', user.firstname

186

assert_equal 'Doe', user.lastname

191

assert_equal 'Doe', user.lastname

187

assert_equal 'register@example.com', user.mail

192

assert_equal 'register@example.com', user.mail

188

assert user.check_password?('secret123')

193

assert user.check_password?('secret123')

189

assert user.active?

194

assert user.active?

190

end

195

end

191

end

196

end

192

197

193

def test_post_register_with_registration_off_should_redirect

198

def test_post_register_with_registration_off_should_redirect

194

with_settings :self_registration => '0' do

199

with_settings :self_registration => '0' do

195

assert_no_difference 'User.count' do

200

assert_no_difference 'User.count' do

196

post :register, :user => {

201

post :register, :user => {

197

:login => 'register',

202

:login => 'register',

198

:password => 'test',

203

:password => 'test',

199

:password_confirmation => 'test',

204

:password_confirmation => 'test',

200

:firstname => 'John',

205

:firstname => 'John',

201

:lastname => 'Doe',

206

:lastname => 'Doe',

202

:mail => 'register@example.com'

207

:mail => 'register@example.com'

203

}

208

}

204

assert_redirected_to '/'

209

assert_redirected_to '/'

205

end

210

end

206

end

211

end

207

end

212

end

208

213

209

def test_get_lost_password_should_display_lost_password_form

214

def test_get_lost_password_should_display_lost_password_form

210

get :lost_password

215

get :lost_password

211

assert_response :success

216

assert_response :success

212

assert_select 'input[name=mail]'

217

assert_select 'input[name=mail]'

213

end

218

end

214

219

215

def test_lost_password_for_active_user_should_create_a_token

220

def test_lost_password_for_active_user_should_create_a_token

216

Token.delete_all

221

Token.delete_all

217

ActionMailer::Base.deliveries.clear

222

ActionMailer::Base.deliveries.clear

218

assert_difference 'ActionMailer::Base.deliveries.size' do

223

assert_difference 'ActionMailer::Base.deliveries.size' do

219

assert_difference 'Token.count' do

224

assert_difference 'Token.count' do

220

with_settings :host_name => 'mydomain.foo', :protocol => 'http' do

225

with_settings :host_name => 'mydomain.foo', :protocol => 'http' do

221

post :lost_password, :mail => 'JSmith@somenet.foo'

226

post :lost_password, :mail => 'JSmith@somenet.foo'

222

assert_redirected_to '/login'

227

assert_redirected_to '/login'

223

end

228

end

224

end

229

end

225

end

230

end

226

231

227

token = Token.order('id DESC').first

232

token = Token.order('id DESC').first

228

assert_equal User.find(2), token.user

233

assert_equal User.find(2), token.user

229

assert_equal 'recovery', token.action

234

assert_equal 'recovery', token.action

230

235

231

assert_select_email do

236

assert_select_email do

232

assert_select "a[href=?]", "http://mydomain.foo/account/lost_password?token=#{token.value}"

237

assert_select "a[href=?]", "http://mydomain.foo/account/lost_password?token=#{token.value}"

233

end

238

end

234

end

239

end

235

240

236

def test_lost_password_for_unknown_user_should_fail

241

def test_lost_password_for_unknown_user_should_fail

237

Token.delete_all

242

Token.delete_all

238

assert_no_difference 'Token.count' do

243

assert_no_difference 'Token.count' do

239

post :lost_password, :mail => 'invalid@somenet.foo'

244

post :lost_password, :mail => 'invalid@somenet.foo'

240

assert_response :success

245

assert_response :success

241

end

246

end

242

end

247

end

243

248

244

def test_lost_password_for_non_active_user_should_fail

249

def test_lost_password_for_non_active_user_should_fail

245

Token.delete_all

250

Token.delete_all

246

assert User.find(2).lock!

251

assert User.find(2).lock!

247

252

248

assert_no_difference 'Token.count' do

253

assert_no_difference 'Token.count' do

249

post :lost_password, :mail => 'JSmith@somenet.foo'

254

post :lost_password, :mail => 'JSmith@somenet.foo'

250

assert_redirected_to '/account/lost_password'

255

assert_redirected_to '/account/lost_password'

251

end

256

end

252

end

257

end

253

258

259

def test_lost_password_for_user_who_cannot_change_password_should_fail

260

User.any_instance.stubs(:change_password_allowed?).returns(false)

261

262

assert_no_difference 'Token.count' do

263

post :lost_password, :mail => 'JSmith@somenet.foo'

264

assert_response :success

265

end

266

end

267

254

def test_get_lost_password_with_token_should_display_the_password_recovery_form

268

def test_get_lost_password_with_token_should_display_the_password_recovery_form

255

user = User.find(2)

269

user = User.find(2)

256

token = Token.create!(:action => 'recovery', :user => user)

270

token = Token.create!(:action => 'recovery', :user => user)

257

271

258

get :lost_password, :token => token.value

272

get :lost_password, :token => token.value

259

assert_response :success

273

assert_response :success

260

assert_template 'password_recovery'

274

assert_template 'password_recovery'

261

275

262

assert_select 'input[type=hidden][name=token][value=?]', token.value

276

assert_select 'input[type=hidden][name=token][value=?]', token.value

263

end

277

end

264

278

265

def test_get_lost_password_with_invalid_token_should_redirect

279

def test_get_lost_password_with_invalid_token_should_redirect

266

get :lost_password, :token => "abcdef"

280

get :lost_password, :token => "abcdef"

267

assert_redirected_to '/'

281

assert_redirected_to '/'

268

end

282

end

269

283

270

def test_post_lost_password_with_token_should_change_the_user_password

284

def test_post_lost_password_with_token_should_change_the_user_password

271

user = User.find(2)

285

user = User.find(2)

272

token = Token.create!(:action => 'recovery', :user => user)

286

token = Token.create!(:action => 'recovery', :user => user)

273

287

274

post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123'

288

post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123'

275

assert_redirected_to '/login'

289

assert_redirected_to '/login'

276

user.reload

290

user.reload

277

assert user.check_password?('newpass123')

291

assert user.check_password?('newpass123')

278

assert_nil Token.find_by_id(token.id), "Token was not deleted"

292

assert_nil Token.find_by_id(token.id), "Token was not deleted"

279

end

293

end

280

294

281

def test_post_lost_password_with_token_for_non_active_user_should_fail

295

def test_post_lost_password_with_token_for_non_active_user_should_fail

282

user = User.find(2)

296

user = User.find(2)

283

token = Token.create!(:action => 'recovery', :user => user)

297

token = Token.create!(:action => 'recovery', :user => user)

284

user.lock!

298

user.lock!

285

299

286

post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123'

300

post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123'

287

assert_redirected_to '/'

301

assert_redirected_to '/'

288

assert ! user.check_password?('newpass123')

302

assert ! user.check_password?('newpass123')

289

end

303

end

290

304

291

def test_post_lost_password_with_token_and_password_confirmation_failure_should_redisplay_the_form

305

def test_post_lost_password_with_token_and_password_confirmation_failure_should_redisplay_the_form

292

user = User.find(2)

306

user = User.find(2)

293

token = Token.create!(:action => 'recovery', :user => user)

307

token = Token.create!(:action => 'recovery', :user => user)

294

308

295

post :lost_password, :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'wrongpass'

309

post :lost_password, :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'wrongpass'

296

assert_response :success

310

assert_response :success

297

assert_template 'password_recovery'

311

assert_template 'password_recovery'

298

assert_not_nil Token.find_by_id(token.id), "Token was deleted"

312

assert_not_nil Token.find_by_id(token.id), "Token was deleted"

299

313

300

assert_select 'input[type=hidden][name=token][value=?]', token.value

314

assert_select 'input[type=hidden][name=token][value=?]', token.value

301

end

315

end

302

316

303

def test_post_lost_password_with_invalid_token_should_redirect

317

def test_post_lost_password_with_invalid_token_should_redirect

304

post :lost_password, :token => "abcdef", :new_password => 'newpass', :new_password_confirmation => 'newpass'

318

post :lost_password, :token => "abcdef", :new_password => 'newpass', :new_password_confirmation => 'newpass'

305

assert_redirected_to '/'

319

assert_redirected_to '/'

306

end

320

end

307

321

308

def test_activation_email_should_send_an_activation_email

322

def test_activation_email_should_send_an_activation_email

309

User.find(2).update_attribute :status, User::STATUS_REGISTERED

323

User.find(2).update_attribute :status, User::STATUS_REGISTERED

310

@request.session[:registered_user_id] = 2

324

@request.session[:registered_user_id] = 2

311

325

312

with_settings :self_registration => '1' do

326

with_settings :self_registration => '1' do

313

assert_difference 'ActionMailer::Base.deliveries.size' do

327

assert_difference 'ActionMailer::Base.deliveries.size' do

314

get :activation_email

328

get :activation_email

315

assert_redirected_to '/login'

329

assert_redirected_to '/login'

316

end

330

end

317

end

331

end

318

end

332

end

333

334

def test_activation_email_without_session_data_should_fail

335

User.find(2).update_attribute :status, User::STATUS_REGISTERED

336

337

with_settings :self_registration => '1' do

338

assert_no_difference 'ActionMailer::Base.deliveries.size' do

339

get :activation_email

340

assert_redirected_to '/'

341

end

342

end

343

end

319

end

344

end

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             # Redmine - project management software
             # Copyright (C) 2006-2013  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require File.expand_path('../../test_helper', __FILE__)
             class AccountControllerTest < ActionController::TestCase
               fixtures :users, :roles
               def setup
                 User.current = nil
               end
               def test_get_login
                 get :login
                 assert_response :success
                 assert_template 'login'
                 assert_select 'input[name=username]'
                 assert_select 'input[name=password]'
               end
               def test_get_login_while_logged_in_should_redirect_to_home
                 @request.session[:user_id] = 2
                 get :login
                 assert_redirected_to '/'
                 assert_equal 2, @request.session[:user_id]
               end
               def test_login_should_redirect_to_back_url_param
                 # request.uri is "test.host" in test environment
                 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.host/issues/show/1'
                 assert_redirected_to '/issues/show/1'
               end
               def test_login_should_not_redirect_to_another_host
                 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.foo/fake'
                 assert_redirected_to '/my/page'
               end
               def test_login_with_wrong_password
                 post :login, :username => 'admin', :password => 'bad'
                 assert_response :success
                 assert_template 'login'
                 assert_select 'div.flash.error', :text => /Invalid user or password/
                 assert_select 'input[name=username][value=admin]'
                 assert_select 'input[name=password]'
                 assert_select 'input[name=password][value]', 0
               end
               def test_login_with_locked_account_should_fail
                 User.find(2).update_attribute :status, User::STATUS_LOCKED
                 post :login, :username => 'jsmith', :password => 'jsmith'
                 assert_redirected_to '/login'
                 assert_include 'locked', flash[:error]
                 assert_nil @request.session[:user_id]
               end
               def test_login_as_registered_user_with_manual_activation_should_inform_user
                 User.find(2).update_attribute :status, User::STATUS_REGISTERED
                 with_settings :self_registration => '2', :default_language => 'en' do
                   post :login, :username => 'jsmith', :password => 'jsmith'
                   assert_redirected_to '/login'
                   assert_include 'pending administrator approval', flash[:error]
                 end
               end
               def test_login_as_registered_user_with_email_activation_should_propose_new_activation_email
                 User.find(2).update_attribute :status, User::STATUS_REGISTERED
                 with_settings :self_registration => '1', :default_language => 'en' do
                   post :login, :username => 'jsmith', :password => 'jsmith'
                   assert_redirected_to '/login'
                   assert_equal 2, @request.session[:registered_user_id]
                   assert_include 'new activation email', flash[:error]
                 end
               end
               def test_login_should_rescue_auth_source_exception
                 source = AuthSource.create!(:name => 'Test')
                 User.find(2).update_attribute :auth_source_id, source.id
                 AuthSource.any_instance.stubs(:authenticate).raises(AuthSourceException.new("Something wrong"))
                 post :login, :username => 'jsmith', :password => 'jsmith'
                 assert_response 500
                 assert_error_tag :content => /Something wrong/
               end
               def test_login_should_reset_session
                 @controller.expects(:reset_session).once
                 post :login, :username => 'jsmith', :password => 'jsmith'
                 assert_response 302
               end
               def test_get_logout_should_not_logout
                 @request.session[:user_id] = 2
                 get :logout
                 assert_response :success
                 assert_template 'logout'
                 assert_equal 2, @request.session[:user_id]
               end
+              def test_get_logout_with_anonymous_should_redirect
+                get :logout
+                assert_redirected_to '/'
+              end
               def test_logout
                 @request.session[:user_id] = 2
                 post :logout
                 assert_redirected_to '/'
                 assert_nil @request.session[:user_id]
               end
               def test_logout_should_reset_session
                 @controller.expects(:reset_session).once
                 @request.session[:user_id] = 2
                 post :logout
                 assert_response 302
               end
               def test_get_register_with_registration_on
                 with_settings :self_registration => '3' do
                   get :register
                   assert_response :success
                   assert_template 'register'
                   assert_not_nil assigns(:user)
                   assert_select 'input[name=?]', 'user[password]'
                   assert_select 'input[name=?]', 'user[password_confirmation]'
                 end
               end
               def test_get_register_should_detect_user_language
                 with_settings :self_registration => '3' do
                   @request.env['HTTP_ACCEPT_LANGUAGE'] = 'fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3'
                   get :register
                   assert_response :success
                   assert_not_nil assigns(:user)
                   assert_equal 'fr', assigns(:user).language
                   assert_select 'select[name=?]', 'user[language]' do
                     assert_select 'option[value=fr][selected=selected]'
                   end
                 end
               end
               def test_get_register_with_registration_off_should_redirect
                 with_settings :self_registration => '0' do
                   get :register
                   assert_redirected_to '/'
                 end
               end
               # See integration/account_test.rb for the full test
               def test_post_register_with_registration_on
                 with_settings :self_registration => '3' do
                   assert_difference 'User.count' do
                     post :register, :user => {
                       :login => 'register',
                       :password => 'secret123',
                       :password_confirmation => 'secret123',
                       :firstname => 'John',
                       :lastname => 'Doe',
                       :mail => 'register@example.com'
                     }
                     assert_redirected_to '/my/account'
                   end
                   user = User.first(:order => 'id DESC')
                   assert_equal 'register', user.login
                   assert_equal 'John', user.firstname
                   assert_equal 'Doe', user.lastname
                   assert_equal 'register@example.com', user.mail
                   assert user.check_password?('secret123')
                   assert user.active?
                 end
               end
               def test_post_register_with_registration_off_should_redirect
                 with_settings :self_registration => '0' do
                   assert_no_difference 'User.count' do
                     post :register, :user => {
                       :login => 'register',
                       :password => 'test',
                       :password_confirmation => 'test',
                       :firstname => 'John',
                       :lastname => 'Doe',
                       :mail => 'register@example.com'
                     }
                     assert_redirected_to '/'
                   end
                 end
               end
               def test_get_lost_password_should_display_lost_password_form
                 get :lost_password
                 assert_response :success
                 assert_select 'input[name=mail]'
               end
               def test_lost_password_for_active_user_should_create_a_token
                 Token.delete_all
                 ActionMailer::Base.deliveries.clear
                 assert_difference 'ActionMailer::Base.deliveries.size' do
                   assert_difference 'Token.count' do
                     with_settings :host_name => 'mydomain.foo', :protocol => 'http' do
                       post :lost_password, :mail => 'JSmith@somenet.foo'
                       assert_redirected_to '/login'
                     end
                   end
                 end
                 token = Token.order('id DESC').first
                 assert_equal User.find(2), token.user
                 assert_equal 'recovery', token.action
                 assert_select_email do
                   assert_select "a[href=?]", "http://mydomain.foo/account/lost_password?token=#{token.value}"
                 end
               end
               def test_lost_password_for_unknown_user_should_fail
                 Token.delete_all
                 assert_no_difference 'Token.count' do
                   post :lost_password, :mail => 'invalid@somenet.foo'
                   assert_response :success
                 end
               end
               def test_lost_password_for_non_active_user_should_fail
                 Token.delete_all
                 assert User.find(2).lock!
                 assert_no_difference 'Token.count' do
                   post :lost_password, :mail => 'JSmith@somenet.foo'
                   assert_redirected_to '/account/lost_password'
                 end
               end
+              def test_lost_password_for_user_who_cannot_change_password_should_fail
+                User.any_instance.stubs(:change_password_allowed?).returns(false)
+                assert_no_difference 'Token.count' do
+                  post :lost_password, :mail => 'JSmith@somenet.foo'
+                  assert_response :success
+                end
+              end
               def test_get_lost_password_with_token_should_display_the_password_recovery_form
                 user = User.find(2)
                 token = Token.create!(:action => 'recovery', :user => user)
                 get :lost_password, :token => token.value
                 assert_response :success
                 assert_template 'password_recovery'
                 assert_select 'input[type=hidden][name=token][value=?]', token.value
               end
               def test_get_lost_password_with_invalid_token_should_redirect
                 get :lost_password, :token => "abcdef"
                 assert_redirected_to '/'
               end
               def test_post_lost_password_with_token_should_change_the_user_password
                 user = User.find(2)
                 token = Token.create!(:action => 'recovery', :user => user)
                 post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123'
                 assert_redirected_to '/login'
                 user.reload
                 assert user.check_password?('newpass123')
                 assert_nil Token.find_by_id(token.id), "Token was not deleted"
               end
               def test_post_lost_password_with_token_for_non_active_user_should_fail
                 user = User.find(2)
                 token = Token.create!(:action => 'recovery', :user => user)
                 user.lock!
                 post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123'
                 assert_redirected_to '/'
                 assert ! user.check_password?('newpass123')
               end
               def test_post_lost_password_with_token_and_password_confirmation_failure_should_redisplay_the_form
                 user = User.find(2)
                 token = Token.create!(:action => 'recovery', :user => user)
                 post :lost_password, :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'wrongpass'
                 assert_response :success
                 assert_template 'password_recovery'
                 assert_not_nil Token.find_by_id(token.id), "Token was deleted"
                 assert_select 'input[type=hidden][name=token][value=?]', token.value
               end
               def test_post_lost_password_with_invalid_token_should_redirect
                 post :lost_password, :token => "abcdef", :new_password => 'newpass', :new_password_confirmation => 'newpass'
                 assert_redirected_to '/'
               end
               def test_activation_email_should_send_an_activation_email
                 User.find(2).update_attribute :status, User::STATUS_REGISTERED
                 @request.session[:registered_user_id] = 2
                 with_settings :self_registration => '1' do
                   assert_difference 'ActionMailer::Base.deliveries.size' do
                     get :activation_email
                     assert_redirected_to '/login'
                   end
                 end
               end
+              def test_activation_email_without_session_data_should_fail
+                User.find(2).update_attribute :status, User::STATUS_REGISTERED
+                with_settings :self_registration => '1' do
+                  assert_no_difference 'ActionMailer::Base.deliveries.size' do
+                    get :activation_email
+                    assert_redirected_to '/'
+                  end
+                end
+              end
             end