jro_apps/redmine Commit - r9245:269e9057ddff

Fixed that "Default administrator account changed" is always true (#10622)....

Jean-Philippe Lang -

r9245:269e9057ddff

parent child

Context file:

r9245:269e9057ddff

Collapse all files

app/controllers/admin_controller.rb +1 -3

             # Redmine - project management software
             # Copyright (C) 2006-2011  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class AdminController < ApplicationController
               layout 'admin'
               menu_item :projects, :only => :projects
               menu_item :plugins, :only => :plugins
               menu_item :info, :only => :info
               before_filter :require_admin
               helper :sort
               include SortHelper
               def index
                 @no_configuration_data = Redmine::DefaultData::Loader::no_data?
               end
               def projects
                 @status = params[:status] || 1
                 scope = Project.status(@status)
                 scope = scope.like(params[:name]) if params[:name].present?
                 @projects = scope.all(:order => 'lft')
                 render :action => "projects", :layout => false if request.xhr?
               end
               def plugins
                 @plugins = Redmine::Plugin.all
               end
               # Loads the default configuration
               # (roles, trackers, statuses, workflow, enumerations)
               def default_configuration
                 if request.post?
                   begin
                     Redmine::DefaultData::Loader::load(params[:lang])
                     flash[:notice] = l(:notice_default_data_loaded)
                   rescue Exception => e
                     flash[:error] = l(:error_can_t_load_default_data, e.message)
                   end
                 end
                 redirect_to :action => 'index'
               end
               def test_email
                 raise_delivery_errors = ActionMailer::Base.raise_delivery_errors
                 # Force ActionMailer to raise delivery errors so we can catch it
                 ActionMailer::Base.raise_delivery_errors = true
                 begin
                   @test = Mailer.deliver_test_email(User.current)
                   flash[:notice] = l(:notice_email_sent, User.current.mail)
                 rescue Exception => e
                   flash[:error] = l(:notice_email_error, e.message)
                 end
                 ActionMailer::Base.raise_delivery_errors = raise_delivery_errors
                 redirect_to :controller => 'settings', :action => 'edit', :tab => 'notifications'
               end
               def info
                 @db_adapter_name = ActiveRecord::Base.connection.adapter_name
                 @checklist = [
-                  [:text_default_administrator_account_changed,
+                  [:text_default_administrator_account_changed, User.default_admin_account_changed?],
-                      User.find(:first,
-                                :conditions => ["login=? and hashed_password=?", 'admin', User.hash_password('admin')]).nil?],
                   [:text_file_repository_writable, File.writable?(Attachment.storage_path)],
                   [:text_plugin_assets_writable,   File.writable?(Redmine::Plugin.public_directory)],
                   [:text_rmagick_available,        Object.const_defined?(:Magick)]
                 ]
               end
             end

app/models/user.rb +5 0

             # Redmine - project management software
             # Copyright (C) 2006-2011  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require "digest/sha1"
             class User < Principal
               include Redmine::SafeAttributes
               # Account statuses
               STATUS_ANONYMOUS  = 0
               STATUS_ACTIVE     = 1
               STATUS_REGISTERED = 2
               STATUS_LOCKED     = 3
               # Different ways of displaying/sorting users
               USER_FORMATS = {
                 :firstname_lastname => {:string => '#{firstname} #{lastname}', :order => %w(firstname lastname id)},
                 :firstname => {:string => '#{firstname}', :order => %w(firstname id)},
                 :lastname_firstname => {:string => '#{lastname} #{firstname}', :order => %w(lastname firstname id)},
                 :lastname_coma_firstname => {:string => '#{lastname}, #{firstname}', :order => %w(lastname firstname id)},
                 :username => {:string => '#{login}', :order => %w(login id)},
               }
               MAIL_NOTIFICATION_OPTIONS = [
                 ['all', :label_user_mail_option_all],
                 ['selected', :label_user_mail_option_selected],
                 ['only_my_events', :label_user_mail_option_only_my_events],
                 ['only_assigned', :label_user_mail_option_only_assigned],
                 ['only_owner', :label_user_mail_option_only_owner],
                 ['none', :label_user_mail_option_none]
               ]
               has_and_belongs_to_many :groups, :after_add => Proc.new {|user, group| group.user_added(user)},
                                                :after_remove => Proc.new {|user, group| group.user_removed(user)}
               has_many :changesets, :dependent => :nullify
               has_one :preference, :dependent => :destroy, :class_name => 'UserPreference'
               has_one :rss_token, :class_name => 'Token', :conditions => "action='feeds'"
               has_one :api_token, :class_name => 'Token', :conditions => "action='api'"
               belongs_to :auth_source
               # Active non-anonymous users scope
               named_scope :active, :conditions => "#{User.table_name}.status = #{STATUS_ACTIVE}"
               named_scope :logged, :conditions => "#{User.table_name}.status <> #{STATUS_ANONYMOUS}"
               named_scope :status, lambda {|arg| arg.blank? ? {} : {:conditions => {:status => arg.to_i}} }
               acts_as_customizable
               attr_accessor :password, :password_confirmation
               attr_accessor :last_before_login_on
               # Prevents unauthorized assignments
               attr_protected :login, :admin, :password, :password_confirmation, :hashed_password
               LOGIN_LENGTH_LIMIT = 60
               MAIL_LENGTH_LIMIT = 60
               validates_presence_of :login, :firstname, :lastname, :mail, :if => Proc.new { |user| !user.is_a?(AnonymousUser) }
               validates_uniqueness_of :login, :if => Proc.new { |user| !user.login.blank? }, :case_sensitive => false
               validates_uniqueness_of :mail, :if => Proc.new { |user| !user.mail.blank? }, :case_sensitive => false
               # Login must contain lettres, numbers, underscores only
               validates_format_of :login, :with => /^[a-z0-9_\-@\.]*$/i
               validates_length_of :login, :maximum => LOGIN_LENGTH_LIMIT
               validates_length_of :firstname, :lastname, :maximum => 30
               validates_format_of :mail, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i, :allow_blank => true
               validates_length_of :mail, :maximum => MAIL_LENGTH_LIMIT, :allow_nil => true
               validates_confirmation_of :password, :allow_nil => true
               validates_inclusion_of :mail_notification, :in => MAIL_NOTIFICATION_OPTIONS.collect(&:first), :allow_blank => true
               validate :validate_password_length
               before_create :set_mail_notification
               before_save   :update_hashed_password
               before_destroy :remove_references_before_destroy
               named_scope :in_group, lambda {|group|
                 group_id = group.is_a?(Group) ? group.id : group.to_i
                 { :conditions => ["#{User.table_name}.id IN (SELECT gu.user_id FROM #{table_name_prefix}groups_users#{table_name_suffix} gu WHERE gu.group_id = ?)", group_id] }
               }
               named_scope :not_in_group, lambda {|group|
                 group_id = group.is_a?(Group) ? group.id : group.to_i
                 { :conditions => ["#{User.table_name}.id NOT IN (SELECT gu.user_id FROM #{table_name_prefix}groups_users#{table_name_suffix} gu WHERE gu.group_id = ?)", group_id] }
               }
               def set_mail_notification
                 self.mail_notification = Setting.default_notification_option if self.mail_notification.blank?
                 true
               end
               def update_hashed_password
                 # update hashed_password if password was set
                 if self.password && self.auth_source_id.blank?
                   salt_password(password)
                 end
               end
               def reload(*args)
                 @name = nil
                 @projects_by_role = nil
                 super
               end
               def mail=(arg)
                 write_attribute(:mail, arg.to_s.strip)
               end
               def identity_url=(url)
                 if url.blank?
                   write_attribute(:identity_url, '')
                 else
                   begin
                     write_attribute(:identity_url, OpenIdAuthentication.normalize_identifier(url))
                   rescue OpenIdAuthentication::InvalidOpenId
                     # Invlaid url, don't save
                   end
                 end
                 self.read_attribute(:identity_url)
               end
               # Returns the user that matches provided login and password, or nil
               def self.try_to_login(login, password)
                 # Make sure no one can sign in with an empty password
                 return nil if password.to_s.empty?
                 user = find_by_login(login)
                 if user
                   # user is already in local database
                   return nil if !user.active?
                   if user.auth_source
                     # user has an external authentication method
                     return nil unless user.auth_source.authenticate(login, password)
                   else
                     # authentication with local password
                     return nil unless user.check_password?(password)
                   end
                 else
                   # user is not yet registered, try to authenticate with available sources
                   attrs = AuthSource.authenticate(login, password)
                   if attrs
                     user = new(attrs)
                     user.login = login
                     user.language = Setting.default_language
                     if user.save
                       user.reload
                       logger.info("User '#{user.login}' created from external auth source: #{user.auth_source.type} - #{user.auth_source.name}") if logger && user.auth_source
                     end
                   end
                 end
                 user.update_attribute(:last_login_on, Time.now) if user && !user.new_record?
                 user
               rescue => text
                 raise text
               end
               # Returns the user who matches the given autologin +key+ or nil
               def self.try_to_autologin(key)
                 tokens = Token.find_all_by_action_and_value('autologin', key)
                 # Make sure there's only 1 token that matches the key
                 if tokens.size == 1
                   token = tokens.first
                   if (token.created_on > Setting.autologin.to_i.day.ago) && token.user && token.user.active?
                     token.user.update_attribute(:last_login_on, Time.now)
                     token.user
                   end
                 end
               end
               def self.name_formatter(formatter = nil)
                 USER_FORMATS[formatter || Setting.user_format] || USER_FORMATS[:firstname_lastname]
               end
               # Returns an array of fields names than can be used to make an order statement for users
               # according to how user names are displayed
               # Examples:
               #
               #   User.fields_for_order_statement              => ['users.login', 'users.id']
               #   User.fields_for_order_statement('authors')   => ['authors.login', 'authors.id']
               def self.fields_for_order_statement(table=nil)
                 table ||= table_name
                 name_formatter[:order].map {|field| "#{table}.#{field}"}
               end
               # Return user's full name for display
               def name(formatter = nil)
                 f = self.class.name_formatter(formatter)
                 if formatter
                   eval('"' + f[:string] + '"')
                 else
                   @name ||= eval('"' + f[:string] + '"')
                 end
               end
               def active?
                 self.status == STATUS_ACTIVE
               end
               def registered?
                 self.status == STATUS_REGISTERED
               end
               def locked?
                 self.status == STATUS_LOCKED
               end
               def activate
                 self.status = STATUS_ACTIVE
               end
               def register
                 self.status = STATUS_REGISTERED
               end
               def lock
                 self.status = STATUS_LOCKED
               end
               def activate!
                 update_attribute(:status, STATUS_ACTIVE)
               end
               def register!
                 update_attribute(:status, STATUS_REGISTERED)
               end
               def lock!
                 update_attribute(:status, STATUS_LOCKED)
               end
               # Returns true if +clear_password+ is the correct user's password, otherwise false
               def check_password?(clear_password)
                 if auth_source_id.present?
                   auth_source.authenticate(self.login, clear_password)
                 else
                   User.hash_password("#{salt}#{User.hash_password clear_password}") == hashed_password
                 end
               end
               # Generates a random salt and computes hashed_password for +clear_password+
               # The hashed password is stored in the following form: SHA1(salt + SHA1(password))
               def salt_password(clear_password)
                 self.salt = User.generate_salt
                 self.hashed_password = User.hash_password("#{salt}#{User.hash_password clear_password}")
               end
               # Does the backend storage allow this user to change their password?
               def change_password_allowed?
                 return true if auth_source.nil?
                 return auth_source.allow_password_changes?
               end
               # Generate and set a random password.  Useful for automated user creation
               # Based on Token#generate_token_value
               #
               def random_password
                 chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
                 password = ''
 .times { |i| password << chars[rand(chars.size-1)] }
                 self.password = password
                 self.password_confirmation = password
                 self
               end
               def pref
                 self.preference ||= UserPreference.new(:user => self)
               end
               def time_zone
                 @time_zone ||= (self.pref.time_zone.blank? ? nil : ActiveSupport::TimeZone[self.pref.time_zone])
               end
               def wants_comments_in_reverse_order?
                 self.pref[:comments_sorting] == 'desc'
               end
               # Return user's RSS key (a 40 chars long string), used to access feeds
               def rss_key
                 token = self.rss_token || Token.create(:user => self, :action => 'feeds')
                 token.value
               end
               # Return user's API key (a 40 chars long string), used to access the API
               def api_key
                 token = self.api_token || self.create_api_token(:action => 'api')
                 token.value
               end
               # Return an array of project ids for which the user has explicitly turned mail notifications on
               def notified_projects_ids
                 @notified_projects_ids ||= memberships.select {|m| m.mail_notification?}.collect(&:project_id)
               end
               def notified_project_ids=(ids)
                 Member.update_all("mail_notification = #{connection.quoted_false}", ['user_id = ?', id])
                 Member.update_all("mail_notification = #{connection.quoted_true}", ['user_id = ? AND project_id IN (?)', id, ids]) if ids && !ids.empty?
                 @notified_projects_ids = nil
                 notified_projects_ids
               end
               def valid_notification_options
                 self.class.valid_notification_options(self)
               end
               # Only users that belong to more than 1 project can select projects for which they are notified
               def self.valid_notification_options(user=nil)
                 # Note that @user.membership.size would fail since AR ignores
                 # :include association option when doing a count
                 if user.nil? || user.memberships.length < 1
                   MAIL_NOTIFICATION_OPTIONS.reject {|option| option.first == 'selected'}
                 else
                   MAIL_NOTIFICATION_OPTIONS
                 end
               end
               # Find a user account by matching the exact login and then a case-insensitive
               # version.  Exact matches will be given priority.
               def self.find_by_login(login)
                 # First look for an exact match
                 user = all(:conditions => {:login => login}).detect {|u| u.login == login}
                 unless user
                   # Fail over to case-insensitive if none was found
                   user = first(:conditions => ["LOWER(login) = ?", login.to_s.downcase])
                 end
                 user
               end
               def self.find_by_rss_key(key)
                 token = Token.find_by_value(key)
                 token && token.user.active? ? token.user : nil
               end
               def self.find_by_api_key(key)
                 token = Token.find_by_action_and_value('api', key)
                 token && token.user.active? ? token.user : nil
               end
               # Makes find_by_mail case-insensitive
               def self.find_by_mail(mail)
                 find(:first, :conditions => ["LOWER(mail) = ?", mail.to_s.downcase])
               end
+              # Returns true if the default admin account can no longer be used
+              def self.default_admin_account_changed?
+                !User.active.find_by_login("admin").try(:check_password?, "admin")
+              end
               def to_s
                 name
               end
               # Returns the current day according to user's time zone
               def today
                 if time_zone.nil?
                   Date.today
                 else
                   Time.now.in_time_zone(time_zone).to_date
                 end
               end
               def logged?
                 true
               end
               def anonymous?
                 !logged?
               end
               # Return user's roles for project
               def roles_for_project(project)
                 roles = []
                 # No role on archived projects
                 return roles unless project && project.active?
                 if logged?
                   # Find project membership
                   membership = memberships.detect {|m| m.project_id == project.id}
                   if membership
                     roles = membership.roles
                   else
                     @role_non_member ||= Role.non_member
                     roles << @role_non_member
                   end
                 else
                   @role_anonymous ||= Role.anonymous
                   roles << @role_anonymous
                 end
                 roles
               end
               # Return true if the user is a member of project
               def member_of?(project)
                 !roles_for_project(project).detect {|role| role.member?}.nil?
               end
               # Returns a hash of user's projects grouped by roles
               def projects_by_role
                 return @projects_by_role if @projects_by_role
                 @projects_by_role = Hash.new {|h,k| h[k]=[]}
                 memberships.each do |membership|
                   membership.roles.each do |role|
                     @projects_by_role[role] << membership.project if membership.project
                   end
                 end
                 @projects_by_role.each do |role, projects|
                   projects.uniq!
                 end
                 @projects_by_role
               end
               # Returns true if user is arg or belongs to arg
               def is_or_belongs_to?(arg)
                 if arg.is_a?(User)
                   self == arg
                 elsif arg.is_a?(Group)
                   arg.users.include?(self)
                 else
                   false
                 end
               end
               # Return true if the user is allowed to do the specified action on a specific context
               # Action can be:
               # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
               # * a permission Symbol (eg. :edit_project)
               # Context can be:
               # * a project : returns true if user is allowed to do the specified action on this project
               # * an array of projects : returns true if user is allowed on every project
               # * nil with options[:global] set : check if user has at least one role allowed for this action,
               #   or falls back to Non Member / Anonymous permissions depending if the user is logged
               def allowed_to?(action, context, options={}, &block)
                 if context && context.is_a?(Project)
                   # No action allowed on archived projects
                   return false unless context.active?
                   # No action allowed on disabled modules
                   return false unless context.allows_to?(action)
                   # Admin users are authorized for anything else
                   return true if admin?
                   roles = roles_for_project(context)
                   return false unless roles
                   roles.detect {|role|
                     (context.is_public? || role.member?) &&
                     role.allowed_to?(action) &&
                     (block_given? ? yield(role, self) : true)
                   }
                 elsif context && context.is_a?(Array)
                   # Authorize if user is authorized on every element of the array
                   context.map do |project|
                     allowed_to?(action, project, options, &block)
                   end.inject do |memo,allowed|
                     memo && allowed
                   end
                 elsif options[:global]
                   # Admin users are always authorized
                   return true if admin?
                   # authorize if user has at least one role that has this permission
                   roles = memberships.collect {|m| m.roles}.flatten.uniq
                   roles << (self.logged? ? Role.non_member : Role.anonymous)
                   roles.detect {|role|
                     role.allowed_to?(action) &&
                     (block_given? ? yield(role, self) : true)
                   }
                 else
                   false
                 end
               end
               # Is the user allowed to do the specified action on any project?
               # See allowed_to? for the actions and valid options.
               def allowed_to_globally?(action, options, &block)
                 allowed_to?(action, nil, options.reverse_merge(:global => true), &block)
               end
               safe_attributes 'login',
                 'firstname',
                 'lastname',
                 'mail',
                 'mail_notification',
                 'language',
                 'custom_field_values',
                 'custom_fields',
                 'identity_url'
               safe_attributes 'status',
                 'auth_source_id',
                 :if => lambda {|user, current_user| current_user.admin?}
               safe_attributes 'group_ids',
                 :if => lambda {|user, current_user| current_user.admin? && !user.new_record?}
               # Utility method to help check if a user should be notified about an
               # event.
               #
               # TODO: only supports Issue events currently
               def notify_about?(object)
                 case mail_notification
                 when 'all'
                   true
                 when 'selected'
                   # user receives notifications for created/assigned issues on unselected projects
                   if object.is_a?(Issue) && (object.author == self || is_or_belongs_to?(object.assigned_to) || is_or_belongs_to?(object.assigned_to_was))
                     true
                   else
                     false
                   end
                 when 'none'
                   false
                 when 'only_my_events'
                   if object.is_a?(Issue) && (object.author == self || is_or_belongs_to?(object.assigned_to) || is_or_belongs_to?(object.assigned_to_was))
                     true
                   else
                     false
                   end
                 when 'only_assigned'
                   if object.is_a?(Issue) && (is_or_belongs_to?(object.assigned_to) || is_or_belongs_to?(object.assigned_to_was))
                     true
                   else
                     false
                   end
                 when 'only_owner'
                   if object.is_a?(Issue) && object.author == self
                     true
                   else
                     false
                   end
                 else
                   false
                 end
               end
               def self.current=(user)
                 @current_user = user
               end
               def self.current
                 @current_user ||= User.anonymous
               end
               # Returns the anonymous user.  If the anonymous user does not exist, it is created.  There can be only
               # one anonymous user per database.
               def self.anonymous
                 anonymous_user = AnonymousUser.find(:first)
                 if anonymous_user.nil?
                   anonymous_user = AnonymousUser.create(:lastname => 'Anonymous', :firstname => '', :mail => '', :login => '', :status => 0)
                   raise 'Unable to create the anonymous user.' if anonymous_user.new_record?
                 end
                 anonymous_user
               end
               # Salts all existing unsalted passwords
               # It changes password storage scheme from SHA1(password) to SHA1(salt + SHA1(password))
               # This method is used in the SaltPasswords migration and is to be kept as is
               def self.salt_unsalted_passwords!
                 transaction do
                   User.find_each(:conditions => "salt IS NULL OR salt = ''") do |user|
                     next if user.hashed_password.blank?
                     salt = User.generate_salt
                     hashed_password = User.hash_password("#{salt}#{user.hashed_password}")
                     User.update_all("salt = '#{salt}', hashed_password = '#{hashed_password}'", ["id = ?", user.id] )
                   end
                 end
               end
               protected
               def validate_password_length
                 # Password length validation based on setting
                 if !password.nil? && password.size < Setting.password_min_length.to_i
                   errors.add(:password, :too_short, :count => Setting.password_min_length.to_i)
                 end
               end
               private
               # Removes references that are not handled by associations
               # Things that are not deleted are reassociated with the anonymous user
               def remove_references_before_destroy
                 return if self.id.nil?
                 substitute = User.anonymous
                 Attachment.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
                 Comment.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
                 Issue.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
                 Issue.update_all 'assigned_to_id = NULL', ['assigned_to_id = ?', id]
                 Journal.update_all ['user_id = ?', substitute.id], ['user_id = ?', id]
                 JournalDetail.update_all ['old_value = ?', substitute.id.to_s], ["property = 'attr' AND prop_key = 'assigned_to_id' AND old_value = ?", id.to_s]
                 JournalDetail.update_all ['value = ?', substitute.id.to_s], ["property = 'attr' AND prop_key = 'assigned_to_id' AND value = ?", id.to_s]
                 Message.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
                 News.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
                 # Remove private queries and keep public ones
                 ::Query.delete_all ['user_id = ? AND is_public = ?', id, false]
                 ::Query.update_all ['user_id = ?', substitute.id], ['user_id = ?', id]
                 TimeEntry.update_all ['user_id = ?', substitute.id], ['user_id = ?', id]
                 Token.delete_all ['user_id = ?', id]
                 Watcher.delete_all ['user_id = ?', id]
                 WikiContent.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
                 WikiContent::Version.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
               end
               # Return password digest
               def self.hash_password(clear_password)
                 Digest::SHA1.hexdigest(clear_password || "")
               end
               # Returns a 128bits random salt as a hex string (32 chars long)
               def self.generate_salt
                 Redmine::Utils.random_hex(16)
               end
             end
             class AnonymousUser < User
               validate :validate_anonymous_uniqueness, :on => :create
               def validate_anonymous_uniqueness
                 # There should be only one AnonymousUser in the database
                 errors.add :base, 'An anonymous user already exists.' if AnonymousUser.find(:first)
               end
               def available_custom_fields
                 []
               end
               # Overrides a few properties
               def logged?; false end
               def admin; false end
               def name(*args); I18n.t(:label_user_anonymous) end
               def mail; nil end
               def time_zone; nil end
               def rss_key; nil end
               # Anonymous user can not be destroyed
               def destroy
                 false
               end
             end

test/unit/user_test.rb +32 0

             # Redmine - project management software
             # Copyright (C) 2006-2011  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require File.expand_path('../../test_helper', __FILE__)
             class UserTest < ActiveSupport::TestCase
               fixtures :users, :members, :projects, :roles, :member_roles, :auth_sources,
                         :trackers, :issue_statuses,
                         :projects_trackers,
                         :watchers,
                         :issue_categories, :enumerations, :issues,
                         :journals, :journal_details,
                         :groups_users,
                         :enabled_modules,
                         :workflows
               def setup
                 @admin = User.find(1)
                 @jsmith = User.find(2)
                 @dlopper = User.find(3)
               end
               test 'object_daddy creation' do
                 User.generate_with_protected!(:firstname => 'Testing connection')
                 User.generate_with_protected!(:firstname => 'Testing connection')
                 assert_equal 2, User.count(:all, :conditions => {:firstname => 'Testing connection'})
               end
               def test_truth
                 assert_kind_of User, @jsmith
               end
               def test_mail_should_be_stripped
                 u = User.new
                 u.mail = " foo@bar.com  "
                 assert_equal "foo@bar.com", u.mail
               end
               def test_mail_validation
                 u = User.new
                 u.mail = ''
                 assert !u.valid?
                 assert_include I18n.translate('activerecord.errors.messages.blank'), u.errors[:mail]
               end
               def test_login_length_validation
                 user = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
                 user.login = "x" * (User::LOGIN_LENGTH_LIMIT+1)
                 assert !user.valid?
                 user.login = "x" * (User::LOGIN_LENGTH_LIMIT)
                 assert user.valid?
                 assert user.save
               end
               def test_create
                 user = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
                 user.login = "jsmith"
                 user.password, user.password_confirmation = "password", "password"
                 # login uniqueness
                 assert !user.save
                 assert_equal 1, user.errors.count
                 user.login = "newuser"
                 user.password, user.password_confirmation = "passwd", "password"
                 # password confirmation
                 assert !user.save
                 assert_equal 1, user.errors.count
                 user.password, user.password_confirmation = "password", "password"
                 assert user.save
               end
               context "User#before_create" do
                 should "set the mail_notification to the default Setting" do
                   @user1 = User.generate_with_protected!
                   assert_equal 'only_my_events', @user1.mail_notification
                   with_settings :default_notification_option => 'all' do
                     @user2 = User.generate_with_protected!
                     assert_equal 'all', @user2.mail_notification
                   end
                 end
               end
               context "User.login" do
                 should "be case-insensitive." do
                   u = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
                   u.login = 'newuser'
                   u.password, u.password_confirmation = "password", "password"
                   assert u.save
                   u = User.new(:firstname => "Similar", :lastname => "User", :mail => "similaruser@somenet.foo")
                   u.login = 'NewUser'
                   u.password, u.password_confirmation = "password", "password"
                   assert !u.save
                   assert_include I18n.translate('activerecord.errors.messages.taken'), u.errors[:login]
                 end
               end
               def test_mail_uniqueness_should_not_be_case_sensitive
                 u = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
                 u.login = 'newuser1'
                 u.password, u.password_confirmation = "password", "password"
                 assert u.save
                 u = User.new(:firstname => "new", :lastname => "user", :mail => "newUser@Somenet.foo")
                 u.login = 'newuser2'
                 u.password, u.password_confirmation = "password", "password"
                 assert !u.save
                 assert_include I18n.translate('activerecord.errors.messages.taken'), u.errors[:mail]
               end
               def test_update
                 assert_equal "admin", @admin.login
                 @admin.login = "john"
                 assert @admin.save, @admin.errors.full_messages.join("; ")
                 @admin.reload
                 assert_equal "john", @admin.login
               end
               def test_destroy_should_delete_members_and_roles
                 members = Member.find_all_by_user_id(2)
                 ms = members.size
                 rs = members.collect(&:roles).flatten.size
                 assert_difference 'Member.count', - ms do
                   assert_difference 'MemberRole.count', - rs do
                     User.find(2).destroy
                   end
                 end
                 assert_nil User.find_by_id(2)
                 assert Member.find_all_by_user_id(2).empty?
               end
               def test_destroy_should_update_attachments
                 attachment = Attachment.create!(:container => Project.find(1),
                   :file => uploaded_test_file("testfile.txt", "text/plain"),
                   :author_id => 2)
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_equal User.anonymous, attachment.reload.author
               end
               def test_destroy_should_update_comments
                 comment = Comment.create!(
                   :commented => News.create!(:project_id => 1, :author_id => 1, :title => 'foo', :description => 'foo'),
                   :author => User.find(2),
                   :comments => 'foo'
                 )
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_equal User.anonymous, comment.reload.author
               end
               def test_destroy_should_update_issues
                 issue = Issue.create!(:project_id => 1, :author_id => 2, :tracker_id => 1, :subject => 'foo')
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_equal User.anonymous, issue.reload.author
               end
               def test_destroy_should_unassign_issues
                 issue = Issue.create!(:project_id => 1, :author_id => 1, :tracker_id => 1, :subject => 'foo', :assigned_to_id => 2)
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_nil issue.reload.assigned_to
               end
               def test_destroy_should_update_journals
                 issue = Issue.create!(:project_id => 1, :author_id => 2, :tracker_id => 1, :subject => 'foo')
                 issue.init_journal(User.find(2), "update")
                 issue.save!
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_equal User.anonymous, issue.journals.first.reload.user
               end
               def test_destroy_should_update_journal_details_old_value
                 issue = Issue.create!(:project_id => 1, :author_id => 1, :tracker_id => 1, :subject => 'foo', :assigned_to_id => 2)
                 issue.init_journal(User.find(1), "update")
                 issue.assigned_to_id = nil
                 assert_difference 'JournalDetail.count' do
                   issue.save!
                 end
                 journal_detail = JournalDetail.first(:order => 'id DESC')
                 assert_equal '2', journal_detail.old_value
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_equal User.anonymous.id.to_s, journal_detail.reload.old_value
               end
               def test_destroy_should_update_journal_details_value
                 issue = Issue.create!(:project_id => 1, :author_id => 1, :tracker_id => 1, :subject => 'foo')
                 issue.init_journal(User.find(1), "update")
                 issue.assigned_to_id = 2
                 assert_difference 'JournalDetail.count' do
                   issue.save!
                 end
                 journal_detail = JournalDetail.first(:order => 'id DESC')
                 assert_equal '2', journal_detail.value
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_equal User.anonymous.id.to_s, journal_detail.reload.value
               end
               def test_destroy_should_update_messages
                 board = Board.create!(:project_id => 1, :name => 'Board', :description => 'Board')
                 message = Message.create!(:board_id => board.id, :author_id => 2, :subject => 'foo', :content => 'foo')
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_equal User.anonymous, message.reload.author
               end
               def test_destroy_should_update_news
                 news = News.create!(:project_id => 1, :author_id => 2, :title => 'foo', :description => 'foo')
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_equal User.anonymous, news.reload.author
               end
               def test_destroy_should_delete_private_queries
                 query = Query.new(:name => 'foo', :is_public => false)
                 query.project_id = 1
                 query.user_id = 2
                 query.save!
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_nil Query.find_by_id(query.id)
               end
               def test_destroy_should_update_public_queries
                 query = Query.new(:name => 'foo', :is_public => true)
                 query.project_id = 1
                 query.user_id = 2
                 query.save!
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_equal User.anonymous, query.reload.user
               end
               def test_destroy_should_update_time_entries
                 entry = TimeEntry.new(:hours => '2', :spent_on => Date.today, :activity => TimeEntryActivity.create!(:name => 'foo'))
                 entry.project_id = 1
                 entry.user_id = 2
                 entry.save!
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_equal User.anonymous, entry.reload.user
               end
               def test_destroy_should_delete_tokens
                 token = Token.create!(:user_id => 2, :value => 'foo')
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_nil Token.find_by_id(token.id)
               end
               def test_destroy_should_delete_watchers
                 issue = Issue.create!(:project_id => 1, :author_id => 1, :tracker_id => 1, :subject => 'foo')
                 watcher = Watcher.create!(:user_id => 2, :watchable => issue)
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_nil Watcher.find_by_id(watcher.id)
               end
               def test_destroy_should_update_wiki_contents
                 wiki_content = WikiContent.create!(
                   :text => 'foo',
                   :author_id => 2,
                   :page => WikiPage.create!(:title => 'Foo', :wiki => Wiki.create!(:project_id => 1, :start_page => 'Start'))
                 )
                 wiki_content.text = 'bar'
                 assert_difference 'WikiContent::Version.count' do
                   wiki_content.save!
                 end
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_equal User.anonymous, wiki_content.reload.author
                 wiki_content.versions.each do |version|
                   assert_equal User.anonymous, version.reload.author
                 end
               end
               def test_destroy_should_nullify_issue_categories
                 category = IssueCategory.create!(:project_id => 1, :assigned_to_id => 2, :name => 'foo')
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_nil category.reload.assigned_to_id
               end
               def test_destroy_should_nullify_changesets
                 changeset = Changeset.create!(
                   :repository => Repository::Subversion.generate!(
                     :project_id => 1
                   ),
                   :revision => '12',
                   :committed_on => Time.now,
                   :committer => 'jsmith'
                   )
                 assert_equal 2, changeset.user_id
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_nil changeset.reload.user_id
               end
               def test_anonymous_user_should_not_be_destroyable
                 assert_no_difference 'User.count' do
                   assert_equal false, User.anonymous.destroy
                 end
               end
               def test_validate_login_presence
                 @admin.login = ""
                 assert !@admin.save
                 assert_equal 1, @admin.errors.count
               end
               def test_validate_mail_notification_inclusion
                 u = User.new
                 u.mail_notification = 'foo'
                 u.save
                 assert_not_nil u.errors[:mail_notification]
               end
               context "User#try_to_login" do
                 should "fall-back to case-insensitive if user login is not found as-typed." do
                   user = User.try_to_login("AdMin", "admin")
                   assert_kind_of User, user
                   assert_equal "admin", user.login
                 end
                 should "select the exact matching user first" do
                   case_sensitive_user = User.generate_with_protected!(
                                                :login => 'changed', :password => 'admin',
                                                :password_confirmation => 'admin')
                   # bypass validations to make it appear like existing data
                   case_sensitive_user.update_attribute(:login, 'ADMIN')
                   user = User.try_to_login("ADMIN", "admin")
                   assert_kind_of User, user
                   assert_equal "ADMIN", user.login
                 end
               end
               def test_password
                 user = User.try_to_login("admin", "admin")
                 assert_kind_of User, user
                 assert_equal "admin", user.login
                 user.password = "hello"
                 assert user.save
                 user = User.try_to_login("admin", "hello")
                 assert_kind_of User, user
                 assert_equal "admin", user.login
               end
               def test_validate_password_length
                 with_settings :password_min_length => '100' do
                   user = User.new(:firstname => "new100", :lastname => "user100", :mail => "newuser100@somenet.foo")
                   user.login = "newuser100"
                   user.password, user.password_confirmation = "password100", "password100"
                   assert !user.save
                   assert_equal 1, user.errors.count
                 end
               end
               def test_name_format
                 assert_equal 'Smith, John', @jsmith.name(:lastname_coma_firstname)
                 with_settings :user_format => :firstname_lastname do
                   assert_equal 'John Smith', @jsmith.reload.name
                 end
                 with_settings :user_format => :username do
                   assert_equal 'jsmith', @jsmith.reload.name
                 end
               end
               def test_fields_for_order_statement_should_return_fields_according_user_format_setting
                 with_settings :user_format => 'lastname_coma_firstname' do
                   assert_equal ['users.lastname', 'users.firstname', 'users.id'], User.fields_for_order_statement
                 end
               end
               def test_fields_for_order_statement_width_table_name_should_prepend_table_name
                 with_settings :user_format => 'lastname_firstname' do
                   assert_equal ['authors.lastname', 'authors.firstname', 'authors.id'], User.fields_for_order_statement('authors')
                 end
               end
               def test_fields_for_order_statement_with_blank_format_should_return_default
                 with_settings :user_format => '' do
                   assert_equal ['users.firstname', 'users.lastname', 'users.id'], User.fields_for_order_statement
                 end
               end
               def test_fields_for_order_statement_with_invalid_format_should_return_default
                 with_settings :user_format => 'foo' do
                   assert_equal ['users.firstname', 'users.lastname', 'users.id'], User.fields_for_order_statement
                 end
               end
               def test_lock
                 user = User.try_to_login("jsmith", "jsmith")
                 assert_equal @jsmith, user
                 @jsmith.status = User::STATUS_LOCKED
                 assert @jsmith.save
                 user = User.try_to_login("jsmith", "jsmith")
                 assert_equal nil, user
               end
               context ".try_to_login" do
                 context "with good credentials" do
                   should "return the user" do
                     user = User.try_to_login("admin", "admin")
                     assert_kind_of User, user
                     assert_equal "admin", user.login
                   end
                 end
                 context "with wrong credentials" do
                   should "return nil" do
                     assert_nil User.try_to_login("admin", "foo")
                   end
                 end
               end
               if ldap_configured?
                 context "#try_to_login using LDAP" do
                   context "with failed connection to the LDAP server" do
                     should "return nil" do
                       @auth_source = AuthSourceLdap.find(1)
                       AuthSource.any_instance.stubs(:initialize_ldap_con).raises(Net::LDAP::LdapError, 'Cannot connect')
                       assert_equal nil, User.try_to_login('edavis', 'wrong')
                     end
                   end
                   context "with an unsuccessful authentication" do
                     should "return nil" do
                       assert_equal nil, User.try_to_login('edavis', 'wrong')
                     end
                   end
                   context "binding with user's account" do
                     setup do
                       @auth_source = AuthSourceLdap.find(1)
                       @auth_source.account = "uid=$login,ou=Person,dc=redmine,dc=org"
                       @auth_source.account_password = ''
                       @auth_source.save!
                       @ldap_user = User.new(:mail => 'example1@redmine.org', :firstname => 'LDAP', :lastname => 'user', :auth_source_id => 1)
                       @ldap_user.login = 'example1'
                       @ldap_user.save!
                     end
                     context "with a successful authentication" do
                       should "return the user" do
                         assert_equal @ldap_user, User.try_to_login('example1', '123456')
                       end
                     end
                     context "with an unsuccessful authentication" do
                       should "return nil" do
                         assert_nil User.try_to_login('example1', '11111')
                       end
                     end
                   end
                   context "on the fly registration" do
                     setup do
                       @auth_source = AuthSourceLdap.find(1)
                       @auth_source.update_attribute :onthefly_register, true
                     end
                     context "with a successful authentication" do
                       should "create a new user account if it doesn't exist" do
                         assert_difference('User.count') do
                           user = User.try_to_login('edavis', '123456')
                           assert !user.admin?
                         end
                       end
                       should "retrieve existing user" do
                         user = User.try_to_login('edavis', '123456')
                         user.admin = true
                         user.save!
                         assert_no_difference('User.count') do
                           user = User.try_to_login('edavis', '123456')
                           assert user.admin?
                         end
                       end
                     end
                     context "binding with user's account" do
                       setup do
                         @auth_source = AuthSourceLdap.find(1)
                         @auth_source.account = "uid=$login,ou=Person,dc=redmine,dc=org"
                         @auth_source.account_password = ''
                         @auth_source.save!
                       end
                       context "with a successful authentication" do
                         should "create a new user account if it doesn't exist" do
                           assert_difference('User.count') do
                             user = User.try_to_login('example1', '123456')
                             assert_kind_of User, user
                           end
                         end
                       end
                       context "with an unsuccessful authentication" do
                         should "return nil" do
                           assert_nil User.try_to_login('example1', '11111')
                         end
                       end
                     end
                   end
                 end
               else
                 puts "Skipping LDAP tests."
               end
               def test_create_anonymous
                 AnonymousUser.delete_all
                 anon = User.anonymous
                 assert !anon.new_record?
                 assert_kind_of AnonymousUser, anon
               end
               def test_ensure_single_anonymous_user
                 AnonymousUser.delete_all
                 anon1 = User.anonymous
                 assert !anon1.new_record?
                 assert_kind_of AnonymousUser, anon1
                 anon2 = AnonymousUser.create(
                             :lastname => 'Anonymous', :firstname => '',
                             :mail => '', :login => '', :status => 0)
                 assert_equal 1, anon2.errors.count
               end
               def test_rss_key
                 assert_nil @jsmith.rss_token
                 key = @jsmith.rss_key
                 assert_equal 40, key.length
                 @jsmith.reload
                 assert_equal key, @jsmith.rss_key
               end
               context "User#api_key" do
                 should "generate a new one if the user doesn't have one" do
                   user = User.generate_with_protected!(:api_token => nil)
                   assert_nil user.api_token
                   key = user.api_key
                   assert_equal 40, key.length
                   user.reload
                   assert_equal key, user.api_key
                 end
                 should "return the existing api token value" do
                   user = User.generate_with_protected!
                   token = Token.generate!(:action => 'api')
                   user.api_token = token
                   assert user.save
                   assert_equal token.value, user.api_key
                 end
               end
               context "User#find_by_api_key" do
                 should "return nil if no matching key is found" do
                   assert_nil User.find_by_api_key('zzzzzzzzz')
                 end
                 should "return nil if the key is found for an inactive user" do
                   user = User.generate_with_protected!(:status => User::STATUS_LOCKED)
                   token = Token.generate!(:action => 'api')
                   user.api_token = token
                   user.save
                   assert_nil User.find_by_api_key(token.value)
                 end
                 should "return the user if the key is found for an active user" do
                   user = User.generate_with_protected!(:status => User::STATUS_ACTIVE)
                   token = Token.generate!(:action => 'api')
                   user.api_token = token
                   user.save
                   assert_equal user, User.find_by_api_key(token.value)
                 end
               end
+              def test_default_admin_account_changed_should_return_false_if_account_was_not_changed
+                user = User.find_by_login("admin")
+                user.password = "admin"
+                user.save!
+                assert_equal false, User.default_admin_account_changed?
+              end
+              def test_default_admin_account_changed_should_return_true_if_password_was_changed
+                user = User.find_by_login("admin")
+                user.password = "newpassword"
+                user.save!
+                assert_equal true, User.default_admin_account_changed?
+              end
+              def test_default_admin_account_changed_should_return_true_if_account_is_disabled
+                user = User.find_by_login("admin")
+                user.password = "admin"
+                user.status = User::STATUS_LOCKED
+                user.save!
+                assert_equal true, User.default_admin_account_changed?
+              end
+              def test_default_admin_account_changed_should_return_true_if_account_does_not_exist
+                user = User.find_by_login("admin")
+                user.destroy
+                assert_equal true, User.default_admin_account_changed?
+              end
               def test_roles_for_project
                 # user with a role
                 roles = @jsmith.roles_for_project(Project.find(1))
                 assert_kind_of Role, roles.first
                 assert_equal "Manager", roles.first.name
                 # user with no role
                 assert_nil @dlopper.roles_for_project(Project.find(2)).detect {|role| role.member?}
               end
               def test_projects_by_role_for_user_with_role
                 user = User.find(2)
                 assert_kind_of Hash, user.projects_by_role
                 assert_equal 2, user.projects_by_role.size
                 assert_equal [1,5], user.projects_by_role[Role.find(1)].collect(&:id).sort
                 assert_equal [2], user.projects_by_role[Role.find(2)].collect(&:id).sort
               end
               def test_projects_by_role_for_user_with_no_role
                 user = User.generate!
                 assert_equal({}, user.projects_by_role)
               end
               def test_projects_by_role_for_anonymous
                 assert_equal({}, User.anonymous.projects_by_role)
               end
               def test_valid_notification_options
                 # without memberships
                 assert_equal 5, User.find(7).valid_notification_options.size
                 # with memberships
                 assert_equal 6, User.find(2).valid_notification_options.size
               end
               def test_valid_notification_options_class_method
                 assert_equal 5, User.valid_notification_options.size
                 assert_equal 5, User.valid_notification_options(User.find(7)).size
                 assert_equal 6, User.valid_notification_options(User.find(2)).size
               end
               def test_mail_notification_all
                 @jsmith.mail_notification = 'all'
                 @jsmith.notified_project_ids = []
                 @jsmith.save
                 @jsmith.reload
                 assert @jsmith.projects.first.recipients.include?(@jsmith.mail)
               end
               def test_mail_notification_selected
                 @jsmith.mail_notification = 'selected'
                 @jsmith.notified_project_ids = [1]
                 @jsmith.save
                 @jsmith.reload
                 assert Project.find(1).recipients.include?(@jsmith.mail)
               end
               def test_mail_notification_only_my_events
                 @jsmith.mail_notification = 'only_my_events'
                 @jsmith.notified_project_ids = []
                 @jsmith.save
                 @jsmith.reload
                 assert !@jsmith.projects.first.recipients.include?(@jsmith.mail)
               end
               def test_comments_sorting_preference
                 assert !@jsmith.wants_comments_in_reverse_order?
                 @jsmith.pref.comments_sorting = 'asc'
                 assert !@jsmith.wants_comments_in_reverse_order?
                 @jsmith.pref.comments_sorting = 'desc'
                 assert @jsmith.wants_comments_in_reverse_order?
               end
               def test_find_by_mail_should_be_case_insensitive
                 u = User.find_by_mail('JSmith@somenet.foo')
                 assert_not_nil u
                 assert_equal 'jsmith@somenet.foo', u.mail
               end
               def test_random_password
                 u = User.new
                 u.random_password
                 assert !u.password.blank?
                 assert !u.password_confirmation.blank?
               end
               context "#change_password_allowed?" do
                 should "be allowed if no auth source is set" do
                   user = User.generate_with_protected!
                   assert user.change_password_allowed?
                 end
                 should "delegate to the auth source" do
                   user = User.generate_with_protected!
                   allowed_auth_source = AuthSource.generate!
                   def allowed_auth_source.allow_password_changes?; true; end
                   denied_auth_source = AuthSource.generate!
                   def denied_auth_source.allow_password_changes?; false; end
                   assert user.change_password_allowed?
                   user.auth_source = allowed_auth_source
                   assert user.change_password_allowed?, "User not allowed to change password, though auth source does"
                   user.auth_source = denied_auth_source
                   assert !user.change_password_allowed?, "User allowed to change password, though auth source does not"
                 end
               end
               context "#allowed_to?" do
                 context "with a unique project" do
                   should "return false if project is archived" do
                     project = Project.find(1)
                     Project.any_instance.stubs(:status).returns(Project::STATUS_ARCHIVED)
                     assert ! @admin.allowed_to?(:view_issues, Project.find(1))
                   end
                   should "return false if related module is disabled" do
                     project = Project.find(1)
                     project.enabled_module_names = ["issue_tracking"]
                     assert @admin.allowed_to?(:add_issues, project)
                     assert ! @admin.allowed_to?(:view_wiki_pages, project)
                   end
                   should "authorize nearly everything for admin users" do
                     project = Project.find(1)
                     assert ! @admin.member_of?(project)
                     %w(edit_issues delete_issues manage_news manage_documents manage_wiki).each do |p|
                       assert @admin.allowed_to?(p.to_sym, project)
                     end
                   end
                   should "authorize normal users depending on their roles" do
                     project = Project.find(1)
                     assert @jsmith.allowed_to?(:delete_messages, project)    #Manager
                     assert ! @dlopper.allowed_to?(:delete_messages, project) #Developper
                   end
                 end
                 context "with multiple projects" do
                   should "return false if array is empty" do
                     assert ! @admin.allowed_to?(:view_project, [])
                   end
                   should "return true only if user has permission on all these projects" do
                     assert @admin.allowed_to?(:view_project, Project.all)
                     assert ! @dlopper.allowed_to?(:view_project, Project.all) #cannot see Project(2)
                     assert @jsmith.allowed_to?(:edit_issues, @jsmith.projects) #Manager or Developer everywhere
                     assert ! @jsmith.allowed_to?(:delete_issue_watchers, @jsmith.projects) #Dev cannot delete_issue_watchers
                   end
                   should "behave correctly with arrays of 1 project" do
                     assert ! User.anonymous.allowed_to?(:delete_issues, [Project.first])
                   end
                 end
                 context "with options[:global]" do
                   should "authorize if user has at least one role that has this permission" do
                     @dlopper2 = User.find(5) #only Developper on a project, not Manager anywhere
                     @anonymous = User.find(6)
                     assert @jsmith.allowed_to?(:delete_issue_watchers, nil, :global => true)
                     assert ! @dlopper2.allowed_to?(:delete_issue_watchers, nil, :global => true)
                     assert @dlopper2.allowed_to?(:add_issues, nil, :global => true)
                     assert ! @anonymous.allowed_to?(:add_issues, nil, :global => true)
                     assert @anonymous.allowed_to?(:view_issues, nil, :global => true)
                   end
                 end
               end
               context "User#notify_about?" do
                 context "Issues" do
                   setup do
                     @project = Project.find(1)
                     @author = User.generate_with_protected!
                     @assignee = User.generate_with_protected!
                     @issue = Issue.generate_for_project!(@project, :assigned_to => @assignee, :author => @author)
                   end
                   should "be true for a user with :all" do
                     @author.update_attribute(:mail_notification, 'all')
                     assert @author.notify_about?(@issue)
                   end
                   should "be false for a user with :none" do
                     @author.update_attribute(:mail_notification, 'none')
                     assert ! @author.notify_about?(@issue)
                   end
                   should "be false for a user with :only_my_events and isn't an author, creator, or assignee" do
                     @user = User.generate_with_protected!(:mail_notification => 'only_my_events')
                     Member.create!(:user => @user, :project => @project, :role_ids => [1])
                     assert ! @user.notify_about?(@issue)
                   end
                   should "be true for a user with :only_my_events and is the author" do
                     @author.update_attribute(:mail_notification, 'only_my_events')
                     assert @author.notify_about?(@issue)
                   end
                   should "be true for a user with :only_my_events and is the assignee" do
                     @assignee.update_attribute(:mail_notification, 'only_my_events')
                     assert @assignee.notify_about?(@issue)
                   end
                   should "be true for a user with :only_assigned and is the assignee" do
                     @assignee.update_attribute(:mail_notification, 'only_assigned')
                     assert @assignee.notify_about?(@issue)
                   end
                   should "be false for a user with :only_assigned and is not the assignee" do
                     @author.update_attribute(:mail_notification, 'only_assigned')
                     assert ! @author.notify_about?(@issue)
                   end
                   should "be true for a user with :only_owner and is the author" do
                     @author.update_attribute(:mail_notification, 'only_owner')
                     assert @author.notify_about?(@issue)
                   end
                   should "be false for a user with :only_owner and is not the author" do
                     @assignee.update_attribute(:mail_notification, 'only_owner')
                     assert ! @assignee.notify_about?(@issue)
                   end
                   should "be true for a user with :selected and is the author" do
                     @author.update_attribute(:mail_notification, 'selected')
                     assert @author.notify_about?(@issue)
                   end
                   should "be true for a user with :selected and is the assignee" do
                     @assignee.update_attribute(:mail_notification, 'selected')
                     assert @assignee.notify_about?(@issue)
                   end
                   should "be false for a user with :selected and is not the author or assignee" do
                     @user = User.generate_with_protected!(:mail_notification => 'selected')
                     Member.create!(:user => @user, :project => @project, :role_ids => [1])
                     assert ! @user.notify_about?(@issue)
                   end
                 end
                 context "other events" do
                   should 'be added and tested'
                 end
               end
               def test_salt_unsalted_passwords
                 # Restore a user with an unsalted password
                 user = User.find(1)
                 user.salt = nil
                 user.hashed_password = User.hash_password("unsalted")
                 user.save!
                 User.salt_unsalted_passwords!
                 user.reload
                 # Salt added
                 assert !user.salt.blank?
                 # Password still valid
                 assert user.check_password?("unsalted")
                 assert_equal user, User.try_to_login(user.login, "unsalted")
               end
               if Object.const_defined?(:OpenID)
               def test_setting_identity_url
                 normalized_open_id_url = 'http://example.com/'
                 u = User.new( :identity_url => 'http://example.com/' )
                 assert_equal normalized_open_id_url, u.identity_url
               end
               def test_setting_identity_url_without_trailing_slash
                 normalized_open_id_url = 'http://example.com/'
                 u = User.new( :identity_url => 'http://example.com' )
                 assert_equal normalized_open_id_url, u.identity_url
               end
               def test_setting_identity_url_without_protocol
                 normalized_open_id_url = 'http://example.com/'
                 u = User.new( :identity_url => 'example.com' )
                 assert_equal normalized_open_id_url, u.identity_url
               end
               def test_setting_blank_identity_url
                 u = User.new( :identity_url => 'example.com' )
                 u.identity_url = ''
                 assert u.identity_url.blank?
               end
               def test_setting_invalid_identity_url
                 u = User.new( :identity_url => 'this is not an openid url' )
                 assert u.identity_url.blank?
               end
               else
                 puts "Skipping openid tests."
               end
             end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages