##// END OF EJS Templates
jro_apps » redmine
RSS
Preserve username when authentification failed (#11846)....
Jean-Philippe Lang -
r10398:3e706adddddf
parent child
Show More
Side by Side Unified
Context file:
r10398:3e706adddddf Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,42 +1,47
1 1 <%= call_hook :view_account_login_top %>
2 2 <div id="login-form">
3 3 <%= form_tag(signin_path) do %>
4 4 <%= back_url_hidden_field_tag %>
5 5 <table>
6 6 <tr>
7 7 <td align="right"><label for="username"><%=l(:field_login)%>:</label></td>
8 <td align="left"><%= text_field_tag 'username', nil, :tabindex => '1' %></td>
8 <td align="left"><%= text_field_tag 'username', params[:username], :tabindex => '1' %></td>
9 9 </tr>
10 10 <tr>
11 11 <td align="right"><label for="password"><%=l(:field_password)%>:</label></td>
12 12 <td align="left"><%= password_field_tag 'password', nil, :tabindex => '2' %></td>
13 13 </tr>
14 14 <% if Setting.openid? %>
15 15 <tr>
16 16 <td align="right"><label for="openid_url"><%=l(:field_identity_url)%></label></td>
17 17 <td align="left"><%= text_field_tag "openid_url", nil, :tabindex => '3' %></td>
18 18 </tr>
19 19 <% end %>
20 20 <tr>
21 21 <td></td>
22 22 <td align="left">
23 23 <% if Setting.autologin? %>
24 24 <label for="autologin"><%= check_box_tag 'autologin', 1, false, :tabindex => 4 %> <%= l(:label_stay_logged_in) %></label>
25 25 <% end %>
26 26 </td>
27 27 </tr>
28 28 <tr>
29 29 <td align="left">
30 30 <% if Setting.lost_password? %>
31 31 <%= link_to l(:label_password_lost), lost_password_path %>
32 32 <% end %>
33 33 </td>
34 34 <td align="right">
35 35 <input type="submit" name="login" value="<%=l(:button_login)%> &#187;" tabindex="5"/>
36 36 </td>
37 37 </tr>
38 38 </table>
39 <%= javascript_tag "$('#username').focus();" %>
40 39 <% end %>
41 40 </div>
42 41 <%= call_hook :view_account_login_bottom %>
42
43 <% if params[:username].present? %>
44 <%= javascript_tag "$('#password').focus();" %>
45 <% else %>
46 <%= javascript_tag "$('#username').focus();" %>
47 <% end %>
Show file before | Show file after | Hide comments
@@ -1,243 +1,254
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2012 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 require File.expand_path('../../test_helper', __FILE__)
19 19 require 'account_controller'
20 20
21 21 # Re-raise errors caught by the controller.
22 22 class AccountController; def rescue_action(e) raise e end; end
23 23
24 24 class AccountControllerTest < ActionController::TestCase
25 25 fixtures :users, :roles
26 26
27 27 def setup
28 28 @controller = AccountController.new
29 29 @request = ActionController::TestRequest.new
30 30 @response = ActionController::TestResponse.new
31 31 User.current = nil
32 32 end
33 33
34 def test_get_login
35 get :login
36 assert_response :success
37 assert_template 'login'
38
39 assert_select 'input[name=username]'
40 assert_select 'input[name=password]'
41 end
42
34 43 def test_login_should_redirect_to_back_url_param
35 44 # request.uri is "test.host" in test environment
36 45 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.host/issues/show/1'
37 46 assert_redirected_to '/issues/show/1'
38 47 end
39 48
40 49 def test_login_should_not_redirect_to_another_host
41 50 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.foo/fake'
42 51 assert_redirected_to '/my/page'
43 52 end
44 53
45 54 def test_login_with_wrong_password
46 55 post :login, :username => 'admin', :password => 'bad'
47 56 assert_response :success
48 57 assert_template 'login'
49 assert_tag 'div',
50 :attributes => { :class => "flash error" },
51 :content => /Invalid user or password/
58
59 assert_select 'div.flash.error', :text => /Invalid user or password/
60 assert_select 'input[name=username][value=admin]'
61 assert_select 'input[name=password]'
62 assert_select 'input[name=password][value]', 0
52 63 end
53 64
54 65 def test_login_should_rescue_auth_source_exception
55 66 source = AuthSource.create!(:name => 'Test')
56 67 User.find(2).update_attribute :auth_source_id, source.id
57 68 AuthSource.any_instance.stubs(:authenticate).raises(AuthSourceException.new("Something wrong"))
58 69
59 70 post :login, :username => 'jsmith', :password => 'jsmith'
60 71 assert_response 500
61 72 assert_error_tag :content => /Something wrong/
62 73 end
63 74
64 75 def test_login_should_reset_session
65 76 @controller.expects(:reset_session).once
66 77
67 78 post :login, :username => 'jsmith', :password => 'jsmith'
68 79 assert_response 302
69 80 end
70 81
71 82 def test_logout
72 83 @request.session[:user_id] = 2
73 84 get :logout
74 85 assert_redirected_to '/'
75 86 assert_nil @request.session[:user_id]
76 87 end
77 88
78 89 def test_logout_should_reset_session
79 90 @controller.expects(:reset_session).once
80 91
81 92 @request.session[:user_id] = 2
82 93 get :logout
83 94 assert_response 302
84 95 end
85 96
86 97 def test_get_register_with_registration_on
87 98 with_settings :self_registration => '3' do
88 99 get :register
89 100 assert_response :success
90 101 assert_template 'register'
91 102 assert_not_nil assigns(:user)
92 103
93 104 assert_tag 'input', :attributes => {:name => 'user[password]'}
94 105 assert_tag 'input', :attributes => {:name => 'user[password_confirmation]'}
95 106 end
96 107 end
97 108
98 109 def test_get_register_with_registration_off_should_redirect
99 110 with_settings :self_registration => '0' do
100 111 get :register
101 112 assert_redirected_to '/'
102 113 end
103 114 end
104 115
105 116 # See integration/account_test.rb for the full test
106 117 def test_post_register_with_registration_on
107 118 with_settings :self_registration => '3' do
108 119 assert_difference 'User.count' do
109 120 post :register, :user => {
110 121 :login => 'register',
111 122 :password => 'test',
112 123 :password_confirmation => 'test',
113 124 :firstname => 'John',
114 125 :lastname => 'Doe',
115 126 :mail => 'register@example.com'
116 127 }
117 128 assert_redirected_to '/my/account'
118 129 end
119 130 user = User.first(:order => 'id DESC')
120 131 assert_equal 'register', user.login
121 132 assert_equal 'John', user.firstname
122 133 assert_equal 'Doe', user.lastname
123 134 assert_equal 'register@example.com', user.mail
124 135 assert user.check_password?('test')
125 136 assert user.active?
126 137 end
127 138 end
128 139
129 140 def test_post_register_with_registration_off_should_redirect
130 141 with_settings :self_registration => '0' do
131 142 assert_no_difference 'User.count' do
132 143 post :register, :user => {
133 144 :login => 'register',
134 145 :password => 'test',
135 146 :password_confirmation => 'test',
136 147 :firstname => 'John',
137 148 :lastname => 'Doe',
138 149 :mail => 'register@example.com'
139 150 }
140 151 assert_redirected_to '/'
141 152 end
142 153 end
143 154 end
144 155
145 156 def test_get_lost_password_should_display_lost_password_form
146 157 get :lost_password
147 158 assert_response :success
148 159 assert_select 'input[name=mail]'
149 160 end
150 161
151 162 def test_lost_password_for_active_user_should_create_a_token
152 163 Token.delete_all
153 164 ActionMailer::Base.deliveries.clear
154 165 assert_difference 'ActionMailer::Base.deliveries.size' do
155 166 assert_difference 'Token.count' do
156 167 with_settings :host_name => 'mydomain.foo', :protocol => 'http' do
157 168 post :lost_password, :mail => 'JSmith@somenet.foo'
158 169 assert_redirected_to '/login'
159 170 end
160 171 end
161 172 end
162 173
163 174 token = Token.order('id DESC').first
164 175 assert_equal User.find(2), token.user
165 176 assert_equal 'recovery', token.action
166 177
167 178 assert_select_email do
168 179 assert_select "a[href=?]", "http://mydomain.foo/account/lost_password?token=#{token.value}"
169 180 end
170 181 end
171 182
172 183 def test_lost_password_for_unknown_user_should_fail
173 184 Token.delete_all
174 185 assert_no_difference 'Token.count' do
175 186 post :lost_password, :mail => 'invalid@somenet.foo'
176 187 assert_response :success
177 188 end
178 189 end
179 190
180 191 def test_lost_password_for_non_active_user_should_fail
181 192 Token.delete_all
182 193 assert User.find(2).lock!
183 194
184 195 assert_no_difference 'Token.count' do
185 196 post :lost_password, :mail => 'JSmith@somenet.foo'
186 197 assert_response :success
187 198 end
188 199 end
189 200
190 201 def test_get_lost_password_with_token_should_display_the_password_recovery_form
191 202 user = User.find(2)
192 203 token = Token.create!(:action => 'recovery', :user => user)
193 204
194 205 get :lost_password, :token => token.value
195 206 assert_response :success
196 207 assert_template 'password_recovery'
197 208
198 209 assert_select 'input[type=hidden][name=token][value=?]', token.value
199 210 end
200 211
201 212 def test_get_lost_password_with_invalid_token_should_redirect
202 213 get :lost_password, :token => "abcdef"
203 214 assert_redirected_to '/'
204 215 end
205 216
206 217 def test_post_lost_password_with_token_should_change_the_user_password
207 218 user = User.find(2)
208 219 token = Token.create!(:action => 'recovery', :user => user)
209 220
210 221 post :lost_password, :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'newpass'
211 222 assert_redirected_to '/login'
212 223 user.reload
213 224 assert user.check_password?('newpass')
214 225 assert_nil Token.find_by_id(token.id), "Token was not deleted"
215 226 end
216 227
217 228 def test_post_lost_password_with_token_for_non_active_user_should_fail
218 229 user = User.find(2)
219 230 token = Token.create!(:action => 'recovery', :user => user)
220 231 user.lock!
221 232
222 233 post :lost_password, :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'newpass'
223 234 assert_redirected_to '/'
224 235 assert ! user.check_password?('newpass')
225 236 end
226 237
227 238 def test_post_lost_password_with_token_and_password_confirmation_failure_should_redisplay_the_form
228 239 user = User.find(2)
229 240 token = Token.create!(:action => 'recovery', :user => user)
230 241
231 242 post :lost_password, :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'wrongpass'
232 243 assert_response :success
233 244 assert_template 'password_recovery'
234 245 assert_not_nil Token.find_by_id(token.id), "Token was deleted"
235 246
236 247 assert_select 'input[type=hidden][name=token][value=?]', token.value
237 248 end
238 249
239 250 def test_post_lost_password_with_invalid_token_should_redirect
240 251 post :lost_password, :token => "abcdef", :new_password => 'newpass', :new_password_confirmation => 'newpass'
241 252 assert_redirected_to '/'
242 253 end
243 254 end
General Comments 0
You need to be logged in to leave comments. Login now