| @@ -1,433 +1,434 | |||||
| 1 | # Redmine - project management software |
|
1 | # Redmine - project management software | |
| 2 | # Copyright (C) 2006-2015 Jean-Philippe Lang |
|
2 | # Copyright (C) 2006-2015 Jean-Philippe Lang | |
| 3 | # |
|
3 | # | |
| 4 | # This program is free software; you can redistribute it and/or |
|
4 | # This program is free software; you can redistribute it and/or | |
| 5 | # modify it under the terms of the GNU General Public License |
|
5 | # modify it under the terms of the GNU General Public License | |
| 6 | # as published by the Free Software Foundation; either version 2 |
|
6 | # as published by the Free Software Foundation; either version 2 | |
| 7 | # of the License, or (at your option) any later version. |
|
7 | # of the License, or (at your option) any later version. | |
| 8 | # |
|
8 | # | |
| 9 | # This program is distributed in the hope that it will be useful, |
|
9 | # This program is distributed in the hope that it will be useful, | |
| 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 12 | # GNU General Public License for more details. |
|
12 | # GNU General Public License for more details. | |
| 13 | # |
|
13 | # | |
| 14 | # You should have received a copy of the GNU General Public License |
|
14 | # You should have received a copy of the GNU General Public License | |
| 15 | # along with this program; if not, write to the Free Software |
|
15 | # along with this program; if not, write to the Free Software | |
| 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |
| 17 |
|
17 | |||
| 18 | require File.expand_path('../../test_helper', __FILE__) |
|
18 | require File.expand_path('../../test_helper', __FILE__) | |
| 19 |
|
19 | |||
| 20 | class AccountControllerTest < ActionController::TestCase |
|
20 | class AccountControllerTest < ActionController::TestCase | |
| 21 | fixtures :users, :email_addresses, :roles |
|
21 | fixtures :users, :email_addresses, :roles | |
| 22 |
|
22 | |||
| 23 | def setup |
|
23 | def setup | |
| 24 | User.current = nil |
|
24 | User.current = nil | |
| 25 | end |
|
25 | end | |
| 26 |
|
26 | |||
| 27 | def test_get_login |
|
27 | def test_get_login | |
| 28 | get :login |
|
28 | get :login | |
| 29 | assert_response :success |
|
29 | assert_response :success | |
| 30 | assert_template 'login' |
|
30 | assert_template 'login' | |
| 31 |
|
31 | |||
| 32 | assert_select 'input[name=username]' |
|
32 | assert_select 'input[name=username]' | |
| 33 | assert_select 'input[name=password]' |
|
33 | assert_select 'input[name=password]' | |
| 34 | end |
|
34 | end | |
| 35 |
|
35 | |||
| 36 | def test_get_login_while_logged_in_should_redirect_to_back_url_if_present |
|
36 | def test_get_login_while_logged_in_should_redirect_to_back_url_if_present | |
| 37 | @request.session[:user_id] = 2 |
|
37 | @request.session[:user_id] = 2 | |
| 38 | @request.env["HTTP_REFERER"] = 'http://test.host/issues/show/1' |
|
38 | @request.env["HTTP_REFERER"] = 'http://test.host/issues/show/1' | |
| 39 |
|
39 | |||
| 40 | get :login, :back_url => 'http://test.host/issues/show/1' |
|
40 | get :login, :back_url => 'http://test.host/issues/show/1' | |
| 41 | assert_redirected_to '/issues/show/1' |
|
41 | assert_redirected_to '/issues/show/1' | |
| 42 | assert_equal 2, @request.session[:user_id] |
|
42 | assert_equal 2, @request.session[:user_id] | |
| 43 | end |
|
43 | end | |
| 44 |
|
44 | |||
| 45 | def test_get_login_while_logged_in_should_redirect_to_referer_without_back_url |
|
45 | def test_get_login_while_logged_in_should_redirect_to_referer_without_back_url | |
| 46 | @request.session[:user_id] = 2 |
|
46 | @request.session[:user_id] = 2 | |
| 47 | @request.env["HTTP_REFERER"] = 'http://test.host/issues/show/1' |
|
47 | @request.env["HTTP_REFERER"] = 'http://test.host/issues/show/1' | |
| 48 |
|
48 | |||
| 49 | get :login |
|
49 | get :login | |
| 50 | assert_redirected_to '/issues/show/1' |
|
50 | assert_redirected_to '/issues/show/1' | |
| 51 | assert_equal 2, @request.session[:user_id] |
|
51 | assert_equal 2, @request.session[:user_id] | |
| 52 | end |
|
52 | end | |
| 53 |
|
53 | |||
| 54 | def test_get_login_while_logged_in_should_redirect_to_home_by_default |
|
54 | def test_get_login_while_logged_in_should_redirect_to_home_by_default | |
| 55 | @request.session[:user_id] = 2 |
|
55 | @request.session[:user_id] = 2 | |
| 56 |
|
56 | |||
| 57 | get :login |
|
57 | get :login | |
| 58 | assert_redirected_to '/' |
|
58 | assert_redirected_to '/' | |
| 59 | assert_equal 2, @request.session[:user_id] |
|
59 | assert_equal 2, @request.session[:user_id] | |
| 60 | end |
|
60 | end | |
| 61 |
|
61 | |||
| 62 | def test_login_should_redirect_to_back_url_param |
|
62 | def test_login_should_redirect_to_back_url_param | |
| 63 | # request.uri is "test.host" in test environment |
|
63 | # request.uri is "test.host" in test environment | |
| 64 | back_urls = [ |
|
64 | back_urls = [ | |
| 65 | 'http://test.host/issues/show/1', |
|
65 | 'http://test.host/issues/show/1', | |
| 66 | 'http://test.host/', |
|
66 | 'http://test.host/', | |
| 67 | '/' |
|
67 | '/' | |
| 68 | ] |
|
68 | ] | |
| 69 | back_urls.each do |back_url| |
|
69 | back_urls.each do |back_url| | |
| 70 | post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url |
|
70 | post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url | |
| 71 | assert_redirected_to back_url |
|
71 | assert_redirected_to back_url | |
| 72 | end |
|
72 | end | |
| 73 | end |
|
73 | end | |
| 74 |
|
74 | |||
| 75 | def test_login_with_suburi_should_redirect_to_back_url_param |
|
75 | def test_login_with_suburi_should_redirect_to_back_url_param | |
| 76 | @relative_url_root = Redmine::Utils.relative_url_root |
|
76 | @relative_url_root = Redmine::Utils.relative_url_root | |
| 77 | Redmine::Utils.relative_url_root = '/redmine' |
|
77 | Redmine::Utils.relative_url_root = '/redmine' | |
| 78 |
|
78 | |||
| 79 | back_urls = [ |
|
79 | back_urls = [ | |
| 80 | 'http://test.host/redmine/issues/show/1', |
|
80 | 'http://test.host/redmine/issues/show/1', | |
| 81 | '/redmine' |
|
81 | '/redmine' | |
| 82 | ] |
|
82 | ] | |
| 83 | back_urls.each do |back_url| |
|
83 | back_urls.each do |back_url| | |
| 84 | post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url |
|
84 | post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url | |
| 85 | assert_redirected_to back_url |
|
85 | assert_redirected_to back_url | |
| 86 | end |
|
86 | end | |
| 87 | ensure |
|
87 | ensure | |
| 88 | Redmine::Utils.relative_url_root = @relative_url_root |
|
88 | Redmine::Utils.relative_url_root = @relative_url_root | |
| 89 | end |
|
89 | end | |
| 90 |
|
90 | |||
| 91 | def test_login_should_not_redirect_to_another_host |
|
91 | def test_login_should_not_redirect_to_another_host | |
| 92 | back_urls = [ |
|
92 | back_urls = [ | |
| 93 | 'http://test.foo/fake', |
|
93 | 'http://test.foo/fake', | |
| 94 | '//test.foo/fake' |
|
94 | '//test.foo/fake' | |
| 95 | ] |
|
95 | ] | |
| 96 | back_urls.each do |back_url| |
|
96 | back_urls.each do |back_url| | |
| 97 | post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url |
|
97 | post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url | |
| 98 | assert_redirected_to '/my/page' |
|
98 | assert_redirected_to '/my/page' | |
| 99 | end |
|
99 | end | |
| 100 | end |
|
100 | end | |
| 101 |
|
101 | |||
| 102 | def test_login_with_suburi_should_not_redirect_to_another_suburi |
|
102 | def test_login_with_suburi_should_not_redirect_to_another_suburi | |
| 103 | @relative_url_root = Redmine::Utils.relative_url_root |
|
103 | @relative_url_root = Redmine::Utils.relative_url_root | |
| 104 | Redmine::Utils.relative_url_root = '/redmine' |
|
104 | Redmine::Utils.relative_url_root = '/redmine' | |
| 105 |
|
105 | |||
| 106 | back_urls = [ |
|
106 | back_urls = [ | |
| 107 | 'http://test.host/', |
|
107 | 'http://test.host/', | |
| 108 | 'http://test.host/fake', |
|
108 | 'http://test.host/fake', | |
| 109 | 'http://test.host/fake/issues', |
|
109 | 'http://test.host/fake/issues', | |
| 110 | 'http://test.host/redmine/../fake', |
|
110 | 'http://test.host/redmine/../fake', | |
| 111 | 'http://test.host/redmine/../fake/issues', |
|
111 | 'http://test.host/redmine/../fake/issues', | |
| 112 | 'http://test.host/redmine/%2e%2e/fake', |
|
112 | 'http://test.host/redmine/%2e%2e/fake', | |
| 113 | '//test.foo/fake', |
|
113 | '//test.foo/fake', | |
| 114 | 'http://test.host//fake', |
|
114 | 'http://test.host//fake', | |
| 115 | 'http://test.host/\n//fake', |
|
115 | 'http://test.host/\n//fake', | |
| 116 | '//bar@test.foo', |
|
116 | '//bar@test.foo', | |
| 117 | '//test.foo', |
|
117 | '//test.foo', | |
| 118 | '////test.foo', |
|
118 | '////test.foo', | |
| 119 | '@test.foo', |
|
119 | '@test.foo', | |
| 120 | 'fake@test.foo' |
|
120 | 'fake@test.foo', | |
|
|
121 | '.test.foo' | |||
| 121 | ] |
|
122 | ] | |
| 122 | back_urls.each do |back_url| |
|
123 | back_urls.each do |back_url| | |
| 123 | post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url |
|
124 | post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url | |
| 124 | assert_redirected_to '/my/page' |
|
125 | assert_redirected_to '/my/page' | |
| 125 | end |
|
126 | end | |
| 126 | ensure |
|
127 | ensure | |
| 127 | Redmine::Utils.relative_url_root = @relative_url_root |
|
128 | Redmine::Utils.relative_url_root = @relative_url_root | |
| 128 | end |
|
129 | end | |
| 129 |
|
130 | |||
| 130 | def test_login_with_wrong_password |
|
131 | def test_login_with_wrong_password | |
| 131 | post :login, :username => 'admin', :password => 'bad' |
|
132 | post :login, :username => 'admin', :password => 'bad' | |
| 132 | assert_response :success |
|
133 | assert_response :success | |
| 133 | assert_template 'login' |
|
134 | assert_template 'login' | |
| 134 |
|
135 | |||
| 135 | assert_select 'div.flash.error', :text => /Invalid user or password/ |
|
136 | assert_select 'div.flash.error', :text => /Invalid user or password/ | |
| 136 | assert_select 'input[name=username][value=admin]' |
|
137 | assert_select 'input[name=username][value=admin]' | |
| 137 | assert_select 'input[name=password]' |
|
138 | assert_select 'input[name=password]' | |
| 138 | assert_select 'input[name=password][value]', 0 |
|
139 | assert_select 'input[name=password][value]', 0 | |
| 139 | end |
|
140 | end | |
| 140 |
|
141 | |||
| 141 | def test_login_with_locked_account_should_fail |
|
142 | def test_login_with_locked_account_should_fail | |
| 142 | User.find(2).update_attribute :status, User::STATUS_LOCKED |
|
143 | User.find(2).update_attribute :status, User::STATUS_LOCKED | |
| 143 |
|
144 | |||
| 144 | post :login, :username => 'jsmith', :password => 'jsmith' |
|
145 | post :login, :username => 'jsmith', :password => 'jsmith' | |
| 145 | assert_redirected_to '/login' |
|
146 | assert_redirected_to '/login' | |
| 146 | assert_include 'locked', flash[:error] |
|
147 | assert_include 'locked', flash[:error] | |
| 147 | assert_nil @request.session[:user_id] |
|
148 | assert_nil @request.session[:user_id] | |
| 148 | end |
|
149 | end | |
| 149 |
|
150 | |||
| 150 | def test_login_as_registered_user_with_manual_activation_should_inform_user |
|
151 | def test_login_as_registered_user_with_manual_activation_should_inform_user | |
| 151 | User.find(2).update_attribute :status, User::STATUS_REGISTERED |
|
152 | User.find(2).update_attribute :status, User::STATUS_REGISTERED | |
| 152 |
|
153 | |||
| 153 | with_settings :self_registration => '2', :default_language => 'en' do |
|
154 | with_settings :self_registration => '2', :default_language => 'en' do | |
| 154 | post :login, :username => 'jsmith', :password => 'jsmith' |
|
155 | post :login, :username => 'jsmith', :password => 'jsmith' | |
| 155 | assert_redirected_to '/login' |
|
156 | assert_redirected_to '/login' | |
| 156 | assert_include 'pending administrator approval', flash[:error] |
|
157 | assert_include 'pending administrator approval', flash[:error] | |
| 157 | end |
|
158 | end | |
| 158 | end |
|
159 | end | |
| 159 |
|
160 | |||
| 160 | def test_login_as_registered_user_with_email_activation_should_propose_new_activation_email |
|
161 | def test_login_as_registered_user_with_email_activation_should_propose_new_activation_email | |
| 161 | User.find(2).update_attribute :status, User::STATUS_REGISTERED |
|
162 | User.find(2).update_attribute :status, User::STATUS_REGISTERED | |
| 162 |
|
163 | |||
| 163 | with_settings :self_registration => '1', :default_language => 'en' do |
|
164 | with_settings :self_registration => '1', :default_language => 'en' do | |
| 164 | post :login, :username => 'jsmith', :password => 'jsmith' |
|
165 | post :login, :username => 'jsmith', :password => 'jsmith' | |
| 165 | assert_redirected_to '/login' |
|
166 | assert_redirected_to '/login' | |
| 166 | assert_equal 2, @request.session[:registered_user_id] |
|
167 | assert_equal 2, @request.session[:registered_user_id] | |
| 167 | assert_include 'new activation email', flash[:error] |
|
168 | assert_include 'new activation email', flash[:error] | |
| 168 | end |
|
169 | end | |
| 169 | end |
|
170 | end | |
| 170 |
|
171 | |||
| 171 | def test_login_should_rescue_auth_source_exception |
|
172 | def test_login_should_rescue_auth_source_exception | |
| 172 | source = AuthSource.create!(:name => 'Test') |
|
173 | source = AuthSource.create!(:name => 'Test') | |
| 173 | User.find(2).update_attribute :auth_source_id, source.id |
|
174 | User.find(2).update_attribute :auth_source_id, source.id | |
| 174 | AuthSource.any_instance.stubs(:authenticate).raises(AuthSourceException.new("Something wrong")) |
|
175 | AuthSource.any_instance.stubs(:authenticate).raises(AuthSourceException.new("Something wrong")) | |
| 175 |
|
176 | |||
| 176 | post :login, :username => 'jsmith', :password => 'jsmith' |
|
177 | post :login, :username => 'jsmith', :password => 'jsmith' | |
| 177 | assert_response 500 |
|
178 | assert_response 500 | |
| 178 | assert_select_error /Something wrong/ |
|
179 | assert_select_error /Something wrong/ | |
| 179 | end |
|
180 | end | |
| 180 |
|
181 | |||
| 181 | def test_login_should_reset_session |
|
182 | def test_login_should_reset_session | |
| 182 | @controller.expects(:reset_session).once |
|
183 | @controller.expects(:reset_session).once | |
| 183 |
|
184 | |||
| 184 | post :login, :username => 'jsmith', :password => 'jsmith' |
|
185 | post :login, :username => 'jsmith', :password => 'jsmith' | |
| 185 | assert_response 302 |
|
186 | assert_response 302 | |
| 186 | end |
|
187 | end | |
| 187 |
|
188 | |||
| 188 | def test_get_logout_should_not_logout |
|
189 | def test_get_logout_should_not_logout | |
| 189 | @request.session[:user_id] = 2 |
|
190 | @request.session[:user_id] = 2 | |
| 190 | get :logout |
|
191 | get :logout | |
| 191 | assert_response :success |
|
192 | assert_response :success | |
| 192 | assert_template 'logout' |
|
193 | assert_template 'logout' | |
| 193 |
|
194 | |||
| 194 | assert_equal 2, @request.session[:user_id] |
|
195 | assert_equal 2, @request.session[:user_id] | |
| 195 | end |
|
196 | end | |
| 196 |
|
197 | |||
| 197 | def test_get_logout_with_anonymous_should_redirect |
|
198 | def test_get_logout_with_anonymous_should_redirect | |
| 198 | get :logout |
|
199 | get :logout | |
| 199 | assert_redirected_to '/' |
|
200 | assert_redirected_to '/' | |
| 200 | end |
|
201 | end | |
| 201 |
|
202 | |||
| 202 | def test_logout |
|
203 | def test_logout | |
| 203 | @request.session[:user_id] = 2 |
|
204 | @request.session[:user_id] = 2 | |
| 204 | post :logout |
|
205 | post :logout | |
| 205 | assert_redirected_to '/' |
|
206 | assert_redirected_to '/' | |
| 206 | assert_nil @request.session[:user_id] |
|
207 | assert_nil @request.session[:user_id] | |
| 207 | end |
|
208 | end | |
| 208 |
|
209 | |||
| 209 | def test_logout_should_reset_session |
|
210 | def test_logout_should_reset_session | |
| 210 | @controller.expects(:reset_session).once |
|
211 | @controller.expects(:reset_session).once | |
| 211 |
|
212 | |||
| 212 | @request.session[:user_id] = 2 |
|
213 | @request.session[:user_id] = 2 | |
| 213 | post :logout |
|
214 | post :logout | |
| 214 | assert_response 302 |
|
215 | assert_response 302 | |
| 215 | end |
|
216 | end | |
| 216 |
|
217 | |||
| 217 | def test_get_register_with_registration_on |
|
218 | def test_get_register_with_registration_on | |
| 218 | with_settings :self_registration => '3' do |
|
219 | with_settings :self_registration => '3' do | |
| 219 | get :register |
|
220 | get :register | |
| 220 | assert_response :success |
|
221 | assert_response :success | |
| 221 | assert_template 'register' |
|
222 | assert_template 'register' | |
| 222 | assert_not_nil assigns(:user) |
|
223 | assert_not_nil assigns(:user) | |
| 223 |
|
224 | |||
| 224 | assert_select 'input[name=?]', 'user[password]' |
|
225 | assert_select 'input[name=?]', 'user[password]' | |
| 225 | assert_select 'input[name=?]', 'user[password_confirmation]' |
|
226 | assert_select 'input[name=?]', 'user[password_confirmation]' | |
| 226 | end |
|
227 | end | |
| 227 | end |
|
228 | end | |
| 228 |
|
229 | |||
| 229 | def test_get_register_should_detect_user_language |
|
230 | def test_get_register_should_detect_user_language | |
| 230 | with_settings :self_registration => '3' do |
|
231 | with_settings :self_registration => '3' do | |
| 231 | @request.env['HTTP_ACCEPT_LANGUAGE'] = 'fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3' |
|
232 | @request.env['HTTP_ACCEPT_LANGUAGE'] = 'fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3' | |
| 232 | get :register |
|
233 | get :register | |
| 233 | assert_response :success |
|
234 | assert_response :success | |
| 234 | assert_not_nil assigns(:user) |
|
235 | assert_not_nil assigns(:user) | |
| 235 | assert_equal 'fr', assigns(:user).language |
|
236 | assert_equal 'fr', assigns(:user).language | |
| 236 | assert_select 'select[name=?]', 'user[language]' do |
|
237 | assert_select 'select[name=?]', 'user[language]' do | |
| 237 | assert_select 'option[value=fr][selected=selected]' |
|
238 | assert_select 'option[value=fr][selected=selected]' | |
| 238 | end |
|
239 | end | |
| 239 | end |
|
240 | end | |
| 240 | end |
|
241 | end | |
| 241 |
|
242 | |||
| 242 | def test_get_register_with_registration_off_should_redirect |
|
243 | def test_get_register_with_registration_off_should_redirect | |
| 243 | with_settings :self_registration => '0' do |
|
244 | with_settings :self_registration => '0' do | |
| 244 | get :register |
|
245 | get :register | |
| 245 | assert_redirected_to '/' |
|
246 | assert_redirected_to '/' | |
| 246 | end |
|
247 | end | |
| 247 | end |
|
248 | end | |
| 248 |
|
249 | |||
| 249 | # See integration/account_test.rb for the full test |
|
250 | # See integration/account_test.rb for the full test | |
| 250 | def test_post_register_with_registration_on |
|
251 | def test_post_register_with_registration_on | |
| 251 | with_settings :self_registration => '3' do |
|
252 | with_settings :self_registration => '3' do | |
| 252 | assert_difference 'User.count' do |
|
253 | assert_difference 'User.count' do | |
| 253 | post :register, :user => { |
|
254 | post :register, :user => { | |
| 254 | :login => 'register', |
|
255 | :login => 'register', | |
| 255 | :password => 'secret123', |
|
256 | :password => 'secret123', | |
| 256 | :password_confirmation => 'secret123', |
|
257 | :password_confirmation => 'secret123', | |
| 257 | :firstname => 'John', |
|
258 | :firstname => 'John', | |
| 258 | :lastname => 'Doe', |
|
259 | :lastname => 'Doe', | |
| 259 | :mail => 'register@example.com' |
|
260 | :mail => 'register@example.com' | |
| 260 | } |
|
261 | } | |
| 261 | assert_redirected_to '/my/account' |
|
262 | assert_redirected_to '/my/account' | |
| 262 | end |
|
263 | end | |
| 263 | user = User.order('id DESC').first |
|
264 | user = User.order('id DESC').first | |
| 264 | assert_equal 'register', user.login |
|
265 | assert_equal 'register', user.login | |
| 265 | assert_equal 'John', user.firstname |
|
266 | assert_equal 'John', user.firstname | |
| 266 | assert_equal 'Doe', user.lastname |
|
267 | assert_equal 'Doe', user.lastname | |
| 267 | assert_equal 'register@example.com', user.mail |
|
268 | assert_equal 'register@example.com', user.mail | |
| 268 | assert user.check_password?('secret123') |
|
269 | assert user.check_password?('secret123') | |
| 269 | assert user.active? |
|
270 | assert user.active? | |
| 270 | end |
|
271 | end | |
| 271 | end |
|
272 | end | |
| 272 |
|
273 | |||
| 273 | def test_post_register_with_registration_off_should_redirect |
|
274 | def test_post_register_with_registration_off_should_redirect | |
| 274 | with_settings :self_registration => '0' do |
|
275 | with_settings :self_registration => '0' do | |
| 275 | assert_no_difference 'User.count' do |
|
276 | assert_no_difference 'User.count' do | |
| 276 | post :register, :user => { |
|
277 | post :register, :user => { | |
| 277 | :login => 'register', |
|
278 | :login => 'register', | |
| 278 | :password => 'test', |
|
279 | :password => 'test', | |
| 279 | :password_confirmation => 'test', |
|
280 | :password_confirmation => 'test', | |
| 280 | :firstname => 'John', |
|
281 | :firstname => 'John', | |
| 281 | :lastname => 'Doe', |
|
282 | :lastname => 'Doe', | |
| 282 | :mail => 'register@example.com' |
|
283 | :mail => 'register@example.com' | |
| 283 | } |
|
284 | } | |
| 284 | assert_redirected_to '/' |
|
285 | assert_redirected_to '/' | |
| 285 | end |
|
286 | end | |
| 286 | end |
|
287 | end | |
| 287 | end |
|
288 | end | |
| 288 |
|
289 | |||
| 289 | def test_get_lost_password_should_display_lost_password_form |
|
290 | def test_get_lost_password_should_display_lost_password_form | |
| 290 | get :lost_password |
|
291 | get :lost_password | |
| 291 | assert_response :success |
|
292 | assert_response :success | |
| 292 | assert_select 'input[name=mail]' |
|
293 | assert_select 'input[name=mail]' | |
| 293 | end |
|
294 | end | |
| 294 |
|
295 | |||
| 295 | def test_lost_password_for_active_user_should_create_a_token |
|
296 | def test_lost_password_for_active_user_should_create_a_token | |
| 296 | Token.delete_all |
|
297 | Token.delete_all | |
| 297 | ActionMailer::Base.deliveries.clear |
|
298 | ActionMailer::Base.deliveries.clear | |
| 298 | assert_difference 'ActionMailer::Base.deliveries.size' do |
|
299 | assert_difference 'ActionMailer::Base.deliveries.size' do | |
| 299 | assert_difference 'Token.count' do |
|
300 | assert_difference 'Token.count' do | |
| 300 | with_settings :host_name => 'mydomain.foo', :protocol => 'http' do |
|
301 | with_settings :host_name => 'mydomain.foo', :protocol => 'http' do | |
| 301 | post :lost_password, :mail => 'JSmith@somenet.foo' |
|
302 | post :lost_password, :mail => 'JSmith@somenet.foo' | |
| 302 | assert_redirected_to '/login' |
|
303 | assert_redirected_to '/login' | |
| 303 | end |
|
304 | end | |
| 304 | end |
|
305 | end | |
| 305 | end |
|
306 | end | |
| 306 |
|
307 | |||
| 307 | token = Token.order('id DESC').first |
|
308 | token = Token.order('id DESC').first | |
| 308 | assert_equal User.find(2), token.user |
|
309 | assert_equal User.find(2), token.user | |
| 309 | assert_equal 'recovery', token.action |
|
310 | assert_equal 'recovery', token.action | |
| 310 |
|
311 | |||
| 311 | assert_select_email do |
|
312 | assert_select_email do | |
| 312 | assert_select "a[href=?]", "http://mydomain.foo/account/lost_password?token=#{token.value}" |
|
313 | assert_select "a[href=?]", "http://mydomain.foo/account/lost_password?token=#{token.value}" | |
| 313 | end |
|
314 | end | |
| 314 | end |
|
315 | end | |
| 315 |
|
316 | |||
| 316 | def test_lost_password_using_additional_email_address_should_send_email_to_the_address |
|
317 | def test_lost_password_using_additional_email_address_should_send_email_to_the_address | |
| 317 | EmailAddress.create!(:user_id => 2, :address => 'anotherAddress@foo.bar') |
|
318 | EmailAddress.create!(:user_id => 2, :address => 'anotherAddress@foo.bar') | |
| 318 | Token.delete_all |
|
319 | Token.delete_all | |
| 319 |
|
320 | |||
| 320 | assert_difference 'ActionMailer::Base.deliveries.size' do |
|
321 | assert_difference 'ActionMailer::Base.deliveries.size' do | |
| 321 | assert_difference 'Token.count' do |
|
322 | assert_difference 'Token.count' do | |
| 322 | post :lost_password, :mail => 'ANOTHERaddress@foo.bar' |
|
323 | post :lost_password, :mail => 'ANOTHERaddress@foo.bar' | |
| 323 | assert_redirected_to '/login' |
|
324 | assert_redirected_to '/login' | |
| 324 | end |
|
325 | end | |
| 325 | end |
|
326 | end | |
| 326 | mail = ActionMailer::Base.deliveries.last |
|
327 | mail = ActionMailer::Base.deliveries.last | |
| 327 | assert_equal ['anotherAddress@foo.bar'], mail.bcc |
|
328 | assert_equal ['anotherAddress@foo.bar'], mail.bcc | |
| 328 | end |
|
329 | end | |
| 329 |
|
330 | |||
| 330 | def test_lost_password_for_unknown_user_should_fail |
|
331 | def test_lost_password_for_unknown_user_should_fail | |
| 331 | Token.delete_all |
|
332 | Token.delete_all | |
| 332 | assert_no_difference 'Token.count' do |
|
333 | assert_no_difference 'Token.count' do | |
| 333 | post :lost_password, :mail => 'invalid@somenet.foo' |
|
334 | post :lost_password, :mail => 'invalid@somenet.foo' | |
| 334 | assert_response :success |
|
335 | assert_response :success | |
| 335 | end |
|
336 | end | |
| 336 | end |
|
337 | end | |
| 337 |
|
338 | |||
| 338 | def test_lost_password_for_non_active_user_should_fail |
|
339 | def test_lost_password_for_non_active_user_should_fail | |
| 339 | Token.delete_all |
|
340 | Token.delete_all | |
| 340 | assert User.find(2).lock! |
|
341 | assert User.find(2).lock! | |
| 341 |
|
342 | |||
| 342 | assert_no_difference 'Token.count' do |
|
343 | assert_no_difference 'Token.count' do | |
| 343 | post :lost_password, :mail => 'JSmith@somenet.foo' |
|
344 | post :lost_password, :mail => 'JSmith@somenet.foo' | |
| 344 | assert_redirected_to '/account/lost_password' |
|
345 | assert_redirected_to '/account/lost_password' | |
| 345 | end |
|
346 | end | |
| 346 | end |
|
347 | end | |
| 347 |
|
348 | |||
| 348 | def test_lost_password_for_user_who_cannot_change_password_should_fail |
|
349 | def test_lost_password_for_user_who_cannot_change_password_should_fail | |
| 349 | User.any_instance.stubs(:change_password_allowed?).returns(false) |
|
350 | User.any_instance.stubs(:change_password_allowed?).returns(false) | |
| 350 |
|
351 | |||
| 351 | assert_no_difference 'Token.count' do |
|
352 | assert_no_difference 'Token.count' do | |
| 352 | post :lost_password, :mail => 'JSmith@somenet.foo' |
|
353 | post :lost_password, :mail => 'JSmith@somenet.foo' | |
| 353 | assert_response :success |
|
354 | assert_response :success | |
| 354 | end |
|
355 | end | |
| 355 | end |
|
356 | end | |
| 356 |
|
357 | |||
| 357 | def test_get_lost_password_with_token_should_display_the_password_recovery_form |
|
358 | def test_get_lost_password_with_token_should_display_the_password_recovery_form | |
| 358 | user = User.find(2) |
|
359 | user = User.find(2) | |
| 359 | token = Token.create!(:action => 'recovery', :user => user) |
|
360 | token = Token.create!(:action => 'recovery', :user => user) | |
| 360 |
|
361 | |||
| 361 | get :lost_password, :token => token.value |
|
362 | get :lost_password, :token => token.value | |
| 362 | assert_response :success |
|
363 | assert_response :success | |
| 363 | assert_template 'password_recovery' |
|
364 | assert_template 'password_recovery' | |
| 364 |
|
365 | |||
| 365 | assert_select 'input[type=hidden][name=token][value=?]', token.value |
|
366 | assert_select 'input[type=hidden][name=token][value=?]', token.value | |
| 366 | end |
|
367 | end | |
| 367 |
|
368 | |||
| 368 | def test_get_lost_password_with_invalid_token_should_redirect |
|
369 | def test_get_lost_password_with_invalid_token_should_redirect | |
| 369 | get :lost_password, :token => "abcdef" |
|
370 | get :lost_password, :token => "abcdef" | |
| 370 | assert_redirected_to '/' |
|
371 | assert_redirected_to '/' | |
| 371 | end |
|
372 | end | |
| 372 |
|
373 | |||
| 373 | def test_post_lost_password_with_token_should_change_the_user_password |
|
374 | def test_post_lost_password_with_token_should_change_the_user_password | |
| 374 | user = User.find(2) |
|
375 | user = User.find(2) | |
| 375 | token = Token.create!(:action => 'recovery', :user => user) |
|
376 | token = Token.create!(:action => 'recovery', :user => user) | |
| 376 |
|
377 | |||
| 377 | post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123' |
|
378 | post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123' | |
| 378 | assert_redirected_to '/login' |
|
379 | assert_redirected_to '/login' | |
| 379 | user.reload |
|
380 | user.reload | |
| 380 | assert user.check_password?('newpass123') |
|
381 | assert user.check_password?('newpass123') | |
| 381 | assert_nil Token.find_by_id(token.id), "Token was not deleted" |
|
382 | assert_nil Token.find_by_id(token.id), "Token was not deleted" | |
| 382 | end |
|
383 | end | |
| 383 |
|
384 | |||
| 384 | def test_post_lost_password_with_token_for_non_active_user_should_fail |
|
385 | def test_post_lost_password_with_token_for_non_active_user_should_fail | |
| 385 | user = User.find(2) |
|
386 | user = User.find(2) | |
| 386 | token = Token.create!(:action => 'recovery', :user => user) |
|
387 | token = Token.create!(:action => 'recovery', :user => user) | |
| 387 | user.lock! |
|
388 | user.lock! | |
| 388 |
|
389 | |||
| 389 | post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123' |
|
390 | post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123' | |
| 390 | assert_redirected_to '/' |
|
391 | assert_redirected_to '/' | |
| 391 | assert ! user.check_password?('newpass123') |
|
392 | assert ! user.check_password?('newpass123') | |
| 392 | end |
|
393 | end | |
| 393 |
|
394 | |||
| 394 | def test_post_lost_password_with_token_and_password_confirmation_failure_should_redisplay_the_form |
|
395 | def test_post_lost_password_with_token_and_password_confirmation_failure_should_redisplay_the_form | |
| 395 | user = User.find(2) |
|
396 | user = User.find(2) | |
| 396 | token = Token.create!(:action => 'recovery', :user => user) |
|
397 | token = Token.create!(:action => 'recovery', :user => user) | |
| 397 |
|
398 | |||
| 398 | post :lost_password, :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'wrongpass' |
|
399 | post :lost_password, :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'wrongpass' | |
| 399 | assert_response :success |
|
400 | assert_response :success | |
| 400 | assert_template 'password_recovery' |
|
401 | assert_template 'password_recovery' | |
| 401 | assert_not_nil Token.find_by_id(token.id), "Token was deleted" |
|
402 | assert_not_nil Token.find_by_id(token.id), "Token was deleted" | |
| 402 |
|
403 | |||
| 403 | assert_select 'input[type=hidden][name=token][value=?]', token.value |
|
404 | assert_select 'input[type=hidden][name=token][value=?]', token.value | |
| 404 | end |
|
405 | end | |
| 405 |
|
406 | |||
| 406 | def test_post_lost_password_with_invalid_token_should_redirect |
|
407 | def test_post_lost_password_with_invalid_token_should_redirect | |
| 407 | post :lost_password, :token => "abcdef", :new_password => 'newpass', :new_password_confirmation => 'newpass' |
|
408 | post :lost_password, :token => "abcdef", :new_password => 'newpass', :new_password_confirmation => 'newpass' | |
| 408 | assert_redirected_to '/' |
|
409 | assert_redirected_to '/' | |
| 409 | end |
|
410 | end | |
| 410 |
|
411 | |||
| 411 | def test_activation_email_should_send_an_activation_email |
|
412 | def test_activation_email_should_send_an_activation_email | |
| 412 | User.find(2).update_attribute :status, User::STATUS_REGISTERED |
|
413 | User.find(2).update_attribute :status, User::STATUS_REGISTERED | |
| 413 | @request.session[:registered_user_id] = 2 |
|
414 | @request.session[:registered_user_id] = 2 | |
| 414 |
|
415 | |||
| 415 | with_settings :self_registration => '1' do |
|
416 | with_settings :self_registration => '1' do | |
| 416 | assert_difference 'ActionMailer::Base.deliveries.size' do |
|
417 | assert_difference 'ActionMailer::Base.deliveries.size' do | |
| 417 | get :activation_email |
|
418 | get :activation_email | |
| 418 | assert_redirected_to '/login' |
|
419 | assert_redirected_to '/login' | |
| 419 | end |
|
420 | end | |
| 420 | end |
|
421 | end | |
| 421 | end |
|
422 | end | |
| 422 |
|
423 | |||
| 423 | def test_activation_email_without_session_data_should_fail |
|
424 | def test_activation_email_without_session_data_should_fail | |
| 424 | User.find(2).update_attribute :status, User::STATUS_REGISTERED |
|
425 | User.find(2).update_attribute :status, User::STATUS_REGISTERED | |
| 425 |
|
426 | |||
| 426 | with_settings :self_registration => '1' do |
|
427 | with_settings :self_registration => '1' do | |
| 427 | assert_no_difference 'ActionMailer::Base.deliveries.size' do |
|
428 | assert_no_difference 'ActionMailer::Base.deliveries.size' do | |
| 428 | get :activation_email |
|
429 | get :activation_email | |
| 429 | assert_redirected_to '/' |
|
430 | assert_redirected_to '/' | |
| 430 | end |
|
431 | end | |
| 431 | end |
|
432 | end | |
| 432 | end |
|
433 | end | |
| 433 | end |
|
434 | end | |
General Comments 0
You need to be logged in to leave comments.
Login now