##// END OF EJS Templates
jro_apps » redmine
RSS
Fixed that OpenID authentication fails with 422 error due to token verification (#15735)....
Jean-Philippe Lang -
r12163:5ee277fa22e9
parent child
Show More
Side by Side Unified
Context file:
r12163:5ee277fa22e9 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,343 +1,351
1 # Redmine - project management software
1 # Redmine - project management software
2 # Copyright (C) 2006-2013 Jean-Philippe Lang
2 # Copyright (C) 2006-2013 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 class AccountController < ApplicationController
18 class AccountController < ApplicationController
19 helper :custom_fields
19 helper :custom_fields
20 include CustomFieldsHelper
20 include CustomFieldsHelper
21
21
22 # prevents login action to be filtered by check_if_login_required application scope filter
22 # prevents login action to be filtered by check_if_login_required application scope filter
23 skip_before_filter :check_if_login_required, :check_password_change
23 skip_before_filter :check_if_login_required, :check_password_change
24
24
25 # Overrides ApplicationController#verify_authenticity_token to disable
26 # token verification on openid callbacks
27 def verify_authenticity_token
28 unless using_open_id?
29 super
30 end
31 end
32
25 # Login request and validation
33 # Login request and validation
26 def login
34 def login
27 if request.get?
35 if request.get?
28 if User.current.logged?
36 if User.current.logged?
29 redirect_to home_url
37 redirect_to home_url
30 end
38 end
31 else
39 else
32 authenticate_user
40 authenticate_user
33 end
41 end
34 rescue AuthSourceException => e
42 rescue AuthSourceException => e
35 logger.error "An error occured when authenticating #{params[:username]}: #{e.message}"
43 logger.error "An error occured when authenticating #{params[:username]}: #{e.message}"
36 render_error :message => e.message
44 render_error :message => e.message
37 end
45 end
38
46
39 # Log out current user and redirect to welcome page
47 # Log out current user and redirect to welcome page
40 def logout
48 def logout
41 if User.current.anonymous?
49 if User.current.anonymous?
42 redirect_to home_url
50 redirect_to home_url
43 elsif request.post?
51 elsif request.post?
44 logout_user
52 logout_user
45 redirect_to home_url
53 redirect_to home_url
46 end
54 end
47 # display the logout form
55 # display the logout form
48 end
56 end
49
57
50 # Lets user choose a new password
58 # Lets user choose a new password
51 def lost_password
59 def lost_password
52 (redirect_to(home_url); return) unless Setting.lost_password?
60 (redirect_to(home_url); return) unless Setting.lost_password?
53 if params[:token]
61 if params[:token]
54 @token = Token.find_token("recovery", params[:token].to_s)
62 @token = Token.find_token("recovery", params[:token].to_s)
55 if @token.nil? || @token.expired?
63 if @token.nil? || @token.expired?
56 redirect_to home_url
64 redirect_to home_url
57 return
65 return
58 end
66 end
59 @user = @token.user
67 @user = @token.user
60 unless @user && @user.active?
68 unless @user && @user.active?
61 redirect_to home_url
69 redirect_to home_url
62 return
70 return
63 end
71 end
64 if request.post?
72 if request.post?
65 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
73 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
66 if @user.save
74 if @user.save
67 @token.destroy
75 @token.destroy
68 flash[:notice] = l(:notice_account_password_updated)
76 flash[:notice] = l(:notice_account_password_updated)
69 redirect_to signin_path
77 redirect_to signin_path
70 return
78 return
71 end
79 end
72 end
80 end
73 render :template => "account/password_recovery"
81 render :template => "account/password_recovery"
74 return
82 return
75 else
83 else
76 if request.post?
84 if request.post?
77 user = User.find_by_mail(params[:mail].to_s)
85 user = User.find_by_mail(params[:mail].to_s)
78 # user not found
86 # user not found
79 unless user
87 unless user
80 flash.now[:error] = l(:notice_account_unknown_email)
88 flash.now[:error] = l(:notice_account_unknown_email)
81 return
89 return
82 end
90 end
83 unless user.active?
91 unless user.active?
84 handle_inactive_user(user, lost_password_path)
92 handle_inactive_user(user, lost_password_path)
85 return
93 return
86 end
94 end
87 # user cannot change its password
95 # user cannot change its password
88 unless user.change_password_allowed?
96 unless user.change_password_allowed?
89 flash.now[:error] = l(:notice_can_t_change_password)
97 flash.now[:error] = l(:notice_can_t_change_password)
90 return
98 return
91 end
99 end
92 # create a new token for password recovery
100 # create a new token for password recovery
93 token = Token.new(:user => user, :action => "recovery")
101 token = Token.new(:user => user, :action => "recovery")
94 if token.save
102 if token.save
95 Mailer.lost_password(token).deliver
103 Mailer.lost_password(token).deliver
96 flash[:notice] = l(:notice_account_lost_email_sent)
104 flash[:notice] = l(:notice_account_lost_email_sent)
97 redirect_to signin_path
105 redirect_to signin_path
98 return
106 return
99 end
107 end
100 end
108 end
101 end
109 end
102 end
110 end
103
111
104 # User self-registration
112 # User self-registration
105 def register
113 def register
106 (redirect_to(home_url); return) unless Setting.self_registration? || session[:auth_source_registration]
114 (redirect_to(home_url); return) unless Setting.self_registration? || session[:auth_source_registration]
107 if request.get?
115 if request.get?
108 session[:auth_source_registration] = nil
116 session[:auth_source_registration] = nil
109 @user = User.new(:language => current_language.to_s)
117 @user = User.new(:language => current_language.to_s)
110 else
118 else
111 user_params = params[:user] || {}
119 user_params = params[:user] || {}
112 @user = User.new
120 @user = User.new
113 @user.safe_attributes = user_params
121 @user.safe_attributes = user_params
114 @user.admin = false
122 @user.admin = false
115 @user.register
123 @user.register
116 if session[:auth_source_registration]
124 if session[:auth_source_registration]
117 @user.activate
125 @user.activate
118 @user.login = session[:auth_source_registration][:login]
126 @user.login = session[:auth_source_registration][:login]
119 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
127 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
120 if @user.save
128 if @user.save
121 session[:auth_source_registration] = nil
129 session[:auth_source_registration] = nil
122 self.logged_user = @user
130 self.logged_user = @user
123 flash[:notice] = l(:notice_account_activated)
131 flash[:notice] = l(:notice_account_activated)
124 redirect_to my_account_path
132 redirect_to my_account_path
125 end
133 end
126 else
134 else
127 @user.login = params[:user][:login]
135 @user.login = params[:user][:login]
128 unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank?
136 unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank?
129 @user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation]
137 @user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation]
130 end
138 end
131
139
132 case Setting.self_registration
140 case Setting.self_registration
133 when '1'
141 when '1'
134 register_by_email_activation(@user)
142 register_by_email_activation(@user)
135 when '3'
143 when '3'
136 register_automatically(@user)
144 register_automatically(@user)
137 else
145 else
138 register_manually_by_administrator(@user)
146 register_manually_by_administrator(@user)
139 end
147 end
140 end
148 end
141 end
149 end
142 end
150 end
143
151
144 # Token based account activation
152 # Token based account activation
145 def activate
153 def activate
146 (redirect_to(home_url); return) unless Setting.self_registration? && params[:token].present?
154 (redirect_to(home_url); return) unless Setting.self_registration? && params[:token].present?
147 token = Token.find_token('register', params[:token].to_s)
155 token = Token.find_token('register', params[:token].to_s)
148 (redirect_to(home_url); return) unless token and !token.expired?
156 (redirect_to(home_url); return) unless token and !token.expired?
149 user = token.user
157 user = token.user
150 (redirect_to(home_url); return) unless user.registered?
158 (redirect_to(home_url); return) unless user.registered?
151 user.activate
159 user.activate
152 if user.save
160 if user.save
153 token.destroy
161 token.destroy
154 flash[:notice] = l(:notice_account_activated)
162 flash[:notice] = l(:notice_account_activated)
155 end
163 end
156 redirect_to signin_path
164 redirect_to signin_path
157 end
165 end
158
166
159 # Sends a new account activation email
167 # Sends a new account activation email
160 def activation_email
168 def activation_email
161 if session[:registered_user_id] && Setting.self_registration == '1'
169 if session[:registered_user_id] && Setting.self_registration == '1'
162 user_id = session.delete(:registered_user_id).to_i
170 user_id = session.delete(:registered_user_id).to_i
163 user = User.find_by_id(user_id)
171 user = User.find_by_id(user_id)
164 if user && user.registered?
172 if user && user.registered?
165 register_by_email_activation(user)
173 register_by_email_activation(user)
166 return
174 return
167 end
175 end
168 end
176 end
169 redirect_to(home_url)
177 redirect_to(home_url)
170 end
178 end
171
179
172 private
180 private
173
181
174 def authenticate_user
182 def authenticate_user
175 if Setting.openid? && using_open_id?
183 if Setting.openid? && using_open_id?
176 open_id_authenticate(params[:openid_url])
184 open_id_authenticate(params[:openid_url])
177 else
185 else
178 password_authentication
186 password_authentication
179 end
187 end
180 end
188 end
181
189
182 def password_authentication
190 def password_authentication
183 user = User.try_to_login(params[:username], params[:password], false)
191 user = User.try_to_login(params[:username], params[:password], false)
184
192
185 if user.nil?
193 if user.nil?
186 invalid_credentials
194 invalid_credentials
187 elsif user.new_record?
195 elsif user.new_record?
188 onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
196 onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
189 else
197 else
190 # Valid user
198 # Valid user
191 if user.active?
199 if user.active?
192 successful_authentication(user)
200 successful_authentication(user)
193 else
201 else
194 handle_inactive_user(user)
202 handle_inactive_user(user)
195 end
203 end
196 end
204 end
197 end
205 end
198
206
199 def open_id_authenticate(openid_url)
207 def open_id_authenticate(openid_url)
200 back_url = signin_url(:autologin => params[:autologin])
208 back_url = signin_url(:autologin => params[:autologin])
201 authenticate_with_open_id(
209 authenticate_with_open_id(
202 openid_url, :required => [:nickname, :fullname, :email],
210 openid_url, :required => [:nickname, :fullname, :email],
203 :return_to => back_url, :method => :post
211 :return_to => back_url, :method => :post
204 ) do |result, identity_url, registration|
212 ) do |result, identity_url, registration|
205 if result.successful?
213 if result.successful?
206 user = User.find_or_initialize_by_identity_url(identity_url)
214 user = User.find_or_initialize_by_identity_url(identity_url)
207 if user.new_record?
215 if user.new_record?
208 # Self-registration off
216 # Self-registration off
209 (redirect_to(home_url); return) unless Setting.self_registration?
217 (redirect_to(home_url); return) unless Setting.self_registration?
210 # Create on the fly
218 # Create on the fly
211 user.login = registration['nickname'] unless registration['nickname'].nil?
219 user.login = registration['nickname'] unless registration['nickname'].nil?
212 user.mail = registration['email'] unless registration['email'].nil?
220 user.mail = registration['email'] unless registration['email'].nil?
213 user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
221 user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
214 user.random_password
222 user.random_password
215 user.register
223 user.register
216 case Setting.self_registration
224 case Setting.self_registration
217 when '1'
225 when '1'
218 register_by_email_activation(user) do
226 register_by_email_activation(user) do
219 onthefly_creation_failed(user)
227 onthefly_creation_failed(user)
220 end
228 end
221 when '3'
229 when '3'
222 register_automatically(user) do
230 register_automatically(user) do
223 onthefly_creation_failed(user)
231 onthefly_creation_failed(user)
224 end
232 end
225 else
233 else
226 register_manually_by_administrator(user) do
234 register_manually_by_administrator(user) do
227 onthefly_creation_failed(user)
235 onthefly_creation_failed(user)
228 end
236 end
229 end
237 end
230 else
238 else
231 # Existing record
239 # Existing record
232 if user.active?
240 if user.active?
233 successful_authentication(user)
241 successful_authentication(user)
234 else
242 else
235 handle_inactive_user(user)
243 handle_inactive_user(user)
236 end
244 end
237 end
245 end
238 end
246 end
239 end
247 end
240 end
248 end
241
249
242 def successful_authentication(user)
250 def successful_authentication(user)
243 logger.info "Successful authentication for '#{user.login}' from #{request.remote_ip} at #{Time.now.utc}"
251 logger.info "Successful authentication for '#{user.login}' from #{request.remote_ip} at #{Time.now.utc}"
244 # Valid user
252 # Valid user
245 self.logged_user = user
253 self.logged_user = user
246 # generate a key and set cookie if autologin
254 # generate a key and set cookie if autologin
247 if params[:autologin] && Setting.autologin?
255 if params[:autologin] && Setting.autologin?
248 set_autologin_cookie(user)
256 set_autologin_cookie(user)
249 end
257 end
250 call_hook(:controller_account_success_authentication_after, {:user => user })
258 call_hook(:controller_account_success_authentication_after, {:user => user })
251 redirect_back_or_default my_page_path
259 redirect_back_or_default my_page_path
252 end
260 end
253
261
254 def set_autologin_cookie(user)
262 def set_autologin_cookie(user)
255 token = Token.create(:user => user, :action => 'autologin')
263 token = Token.create(:user => user, :action => 'autologin')
256 cookie_options = {
264 cookie_options = {
257 :value => token.value,
265 :value => token.value,
258 :expires => 1.year.from_now,
266 :expires => 1.year.from_now,
259 :path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
267 :path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
260 :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
268 :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
261 :httponly => true
269 :httponly => true
262 }
270 }
263 cookies[autologin_cookie_name] = cookie_options
271 cookies[autologin_cookie_name] = cookie_options
264 end
272 end
265
273
266 # Onthefly creation failed, display the registration form to fill/fix attributes
274 # Onthefly creation failed, display the registration form to fill/fix attributes
267 def onthefly_creation_failed(user, auth_source_options = { })
275 def onthefly_creation_failed(user, auth_source_options = { })
268 @user = user
276 @user = user
269 session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
277 session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
270 render :action => 'register'
278 render :action => 'register'
271 end
279 end
272
280
273 def invalid_credentials
281 def invalid_credentials
274 logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
282 logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
275 flash.now[:error] = l(:notice_account_invalid_creditentials)
283 flash.now[:error] = l(:notice_account_invalid_creditentials)
276 end
284 end
277
285
278 # Register a user for email activation.
286 # Register a user for email activation.
279 #
287 #
280 # Pass a block for behavior when a user fails to save
288 # Pass a block for behavior when a user fails to save
281 def register_by_email_activation(user, &block)
289 def register_by_email_activation(user, &block)
282 token = Token.new(:user => user, :action => "register")
290 token = Token.new(:user => user, :action => "register")
283 if user.save and token.save
291 if user.save and token.save
284 Mailer.register(token).deliver
292 Mailer.register(token).deliver
285 flash[:notice] = l(:notice_account_register_done, :email => user.mail)
293 flash[:notice] = l(:notice_account_register_done, :email => user.mail)
286 redirect_to signin_path
294 redirect_to signin_path
287 else
295 else
288 yield if block_given?
296 yield if block_given?
289 end
297 end
290 end
298 end
291
299
292 # Automatically register a user
300 # Automatically register a user
293 #
301 #
294 # Pass a block for behavior when a user fails to save
302 # Pass a block for behavior when a user fails to save
295 def register_automatically(user, &block)
303 def register_automatically(user, &block)
296 # Automatic activation
304 # Automatic activation
297 user.activate
305 user.activate
298 user.last_login_on = Time.now
306 user.last_login_on = Time.now
299 if user.save
307 if user.save
300 self.logged_user = user
308 self.logged_user = user
301 flash[:notice] = l(:notice_account_activated)
309 flash[:notice] = l(:notice_account_activated)
302 redirect_to my_account_path
310 redirect_to my_account_path
303 else
311 else
304 yield if block_given?
312 yield if block_given?
305 end
313 end
306 end
314 end
307
315
308 # Manual activation by the administrator
316 # Manual activation by the administrator
309 #
317 #
310 # Pass a block for behavior when a user fails to save
318 # Pass a block for behavior when a user fails to save
311 def register_manually_by_administrator(user, &block)
319 def register_manually_by_administrator(user, &block)
312 if user.save
320 if user.save
313 # Sends an email to the administrators
321 # Sends an email to the administrators
314 Mailer.account_activation_request(user).deliver
322 Mailer.account_activation_request(user).deliver
315 account_pending(user)
323 account_pending(user)
316 else
324 else
317 yield if block_given?
325 yield if block_given?
318 end
326 end
319 end
327 end
320
328
321 def handle_inactive_user(user, redirect_path=signin_path)
329 def handle_inactive_user(user, redirect_path=signin_path)
322 if user.registered?
330 if user.registered?
323 account_pending(user, redirect_path)
331 account_pending(user, redirect_path)
324 else
332 else
325 account_locked(user, redirect_path)
333 account_locked(user, redirect_path)
326 end
334 end
327 end
335 end
328
336
329 def account_pending(user, redirect_path=signin_path)
337 def account_pending(user, redirect_path=signin_path)
330 if Setting.self_registration == '1'
338 if Setting.self_registration == '1'
331 flash[:error] = l(:notice_account_not_activated_yet, :url => activation_email_path)
339 flash[:error] = l(:notice_account_not_activated_yet, :url => activation_email_path)
332 session[:registered_user_id] = user.id
340 session[:registered_user_id] = user.id
333 else
341 else
334 flash[:error] = l(:notice_account_pending)
342 flash[:error] = l(:notice_account_pending)
335 end
343 end
336 redirect_to redirect_path
344 redirect_to redirect_path
337 end
345 end
338
346
339 def account_locked(user, redirect_path=signin_path)
347 def account_locked(user, redirect_path=signin_path)
340 flash[:error] = l(:notice_account_locked)
348 flash[:error] = l(:notice_account_locked)
341 redirect_to redirect_path
349 redirect_to redirect_path
342 end
350 end
343 end
351 end
Show file before | Show file after | Hide comments
@@ -1,165 +1,175
1 # Redmine - project management software
1 # Redmine - project management software
2 # Copyright (C) 2006-2013 Jean-Philippe Lang
2 # Copyright (C) 2006-2013 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 require File.expand_path('../../test_helper', __FILE__)
18 require File.expand_path('../../test_helper', __FILE__)
19
19
20 class AccountControllerOpenidTest < ActionController::TestCase
20 class AccountControllerOpenidTest < ActionController::TestCase
21 tests AccountController
21 tests AccountController
22 fixtures :users, :roles
22 fixtures :users, :roles
23
23
24 def setup
24 def setup
25 User.current = nil
25 User.current = nil
26 Setting.openid = '1'
26 Setting.openid = '1'
27 end
27 end
28
28
29 def teardown
29 def teardown
30 Setting.openid = '0'
30 Setting.openid = '0'
31 end
31 end
32
32
33 if Object.const_defined?(:OpenID)
33 if Object.const_defined?(:OpenID)
34
34
35 def test_login_with_openid_for_existing_user
35 def test_login_with_openid_for_existing_user
36 Setting.self_registration = '3'
36 Setting.self_registration = '3'
37 existing_user = User.new(:firstname => 'Cool',
37 existing_user = User.new(:firstname => 'Cool',
38 :lastname => 'User',
38 :lastname => 'User',
39 :mail => 'user@somedomain.com',
39 :mail => 'user@somedomain.com',
40 :identity_url => 'http://openid.example.com/good_user')
40 :identity_url => 'http://openid.example.com/good_user')
41 existing_user.login = 'cool_user'
41 existing_user.login = 'cool_user'
42 assert existing_user.save!
42 assert existing_user.save!
43
43
44 post :login, :openid_url => existing_user.identity_url
44 post :login, :openid_url => existing_user.identity_url
45 assert_redirected_to '/my/page'
45 assert_redirected_to '/my/page'
46 end
46 end
47
47
48 def test_login_with_invalid_openid_provider
48 def test_login_with_invalid_openid_provider
49 Setting.self_registration = '0'
49 Setting.self_registration = '0'
50 post :login, :openid_url => 'http;//openid.example.com/good_user'
50 post :login, :openid_url => 'http;//openid.example.com/good_user'
51 assert_redirected_to home_url
51 assert_redirected_to home_url
52 end
52 end
53
53
54 def test_login_with_openid_for_existing_non_active_user
54 def test_login_with_openid_for_existing_non_active_user
55 Setting.self_registration = '2'
55 Setting.self_registration = '2'
56 existing_user = User.new(:firstname => 'Cool',
56 existing_user = User.new(:firstname => 'Cool',
57 :lastname => 'User',
57 :lastname => 'User',
58 :mail => 'user@somedomain.com',
58 :mail => 'user@somedomain.com',
59 :identity_url => 'http://openid.example.com/good_user',
59 :identity_url => 'http://openid.example.com/good_user',
60 :status => User::STATUS_REGISTERED)
60 :status => User::STATUS_REGISTERED)
61 existing_user.login = 'cool_user'
61 existing_user.login = 'cool_user'
62 assert existing_user.save!
62 assert existing_user.save!
63
63
64 post :login, :openid_url => existing_user.identity_url
64 post :login, :openid_url => existing_user.identity_url
65 assert_redirected_to '/login'
65 assert_redirected_to '/login'
66 end
66 end
67
67
68 def test_login_with_openid_with_new_user_created
68 def test_login_with_openid_with_new_user_created
69 Setting.self_registration = '3'
69 Setting.self_registration = '3'
70 post :login, :openid_url => 'http://openid.example.com/good_user'
70 post :login, :openid_url => 'http://openid.example.com/good_user'
71 assert_redirected_to '/my/account'
71 assert_redirected_to '/my/account'
72 user = User.find_by_login('cool_user')
72 user = User.find_by_login('cool_user')
73 assert user
73 assert user
74 assert_equal 'Cool', user.firstname
74 assert_equal 'Cool', user.firstname
75 assert_equal 'User', user.lastname
75 assert_equal 'User', user.lastname
76 end
76 end
77
77
78 def test_login_with_openid_with_new_user_and_self_registration_off
78 def test_login_with_openid_with_new_user_and_self_registration_off
79 Setting.self_registration = '0'
79 Setting.self_registration = '0'
80 post :login, :openid_url => 'http://openid.example.com/good_user'
80 post :login, :openid_url => 'http://openid.example.com/good_user'
81 assert_redirected_to home_url
81 assert_redirected_to home_url
82 user = User.find_by_login('cool_user')
82 user = User.find_by_login('cool_user')
83 assert_nil user
83 assert_nil user
84 end
84 end
85
85
86 def test_login_with_openid_with_new_user_created_with_email_activation_should_have_a_token
86 def test_login_with_openid_with_new_user_created_with_email_activation_should_have_a_token
87 Setting.self_registration = '1'
87 Setting.self_registration = '1'
88 post :login, :openid_url => 'http://openid.example.com/good_user'
88 post :login, :openid_url => 'http://openid.example.com/good_user'
89 assert_redirected_to '/login'
89 assert_redirected_to '/login'
90 user = User.find_by_login('cool_user')
90 user = User.find_by_login('cool_user')
91 assert user
91 assert user
92
92
93 token = Token.find_by_user_id_and_action(user.id, 'register')
93 token = Token.find_by_user_id_and_action(user.id, 'register')
94 assert token
94 assert token
95 end
95 end
96
96
97 def test_login_with_openid_with_new_user_created_with_manual_activation
97 def test_login_with_openid_with_new_user_created_with_manual_activation
98 Setting.self_registration = '2'
98 Setting.self_registration = '2'
99 post :login, :openid_url => 'http://openid.example.com/good_user'
99 post :login, :openid_url => 'http://openid.example.com/good_user'
100 assert_redirected_to '/login'
100 assert_redirected_to '/login'
101 user = User.find_by_login('cool_user')
101 user = User.find_by_login('cool_user')
102 assert user
102 assert user
103 assert_equal User::STATUS_REGISTERED, user.status
103 assert_equal User::STATUS_REGISTERED, user.status
104 end
104 end
105
105
106 def test_login_with_openid_with_new_user_with_conflict_should_register
106 def test_login_with_openid_with_new_user_with_conflict_should_register
107 Setting.self_registration = '3'
107 Setting.self_registration = '3'
108 existing_user = User.new(:firstname => 'Cool', :lastname => 'User', :mail => 'user@somedomain.com')
108 existing_user = User.new(:firstname => 'Cool', :lastname => 'User', :mail => 'user@somedomain.com')
109 existing_user.login = 'cool_user'
109 existing_user.login = 'cool_user'
110 assert existing_user.save!
110 assert existing_user.save!
111
111
112 post :login, :openid_url => 'http://openid.example.com/good_user'
112 post :login, :openid_url => 'http://openid.example.com/good_user'
113 assert_response :success
113 assert_response :success
114 assert_template 'register'
114 assert_template 'register'
115 assert assigns(:user)
115 assert assigns(:user)
116 assert_equal 'http://openid.example.com/good_user', assigns(:user)[:identity_url]
116 assert_equal 'http://openid.example.com/good_user', assigns(:user)[:identity_url]
117 end
117 end
118
118
119 def test_login_with_openid_with_new_user_with_missing_information_should_register
119 def test_login_with_openid_with_new_user_with_missing_information_should_register
120 Setting.self_registration = '3'
120 Setting.self_registration = '3'
121
121
122 post :login, :openid_url => 'http://openid.example.com/good_blank_user'
122 post :login, :openid_url => 'http://openid.example.com/good_blank_user'
123 assert_response :success
123 assert_response :success
124 assert_template 'register'
124 assert_template 'register'
125 assert assigns(:user)
125 assert assigns(:user)
126 assert_equal 'http://openid.example.com/good_blank_user', assigns(:user)[:identity_url]
126 assert_equal 'http://openid.example.com/good_blank_user', assigns(:user)[:identity_url]
127
127
128 assert_select 'input[name=?]', 'user[login]'
128 assert_select 'input[name=?]', 'user[login]'
129 assert_select 'input[name=?]', 'user[password]'
129 assert_select 'input[name=?]', 'user[password]'
130 assert_select 'input[name=?]', 'user[password_confirmation]'
130 assert_select 'input[name=?]', 'user[password_confirmation]'
131 assert_select 'input[name=?][value=?]', 'user[identity_url]', 'http://openid.example.com/good_blank_user'
131 assert_select 'input[name=?][value=?]', 'user[identity_url]', 'http://openid.example.com/good_blank_user'
132 end
132 end
133
133
134 def test_post_login_should_not_verify_token_when_using_open_id
135 ActionController::Base.allow_forgery_protection = true
136 AccountController.any_instance.stubs(:using_open_id?).returns(true)
137 AccountController.any_instance.stubs(:authenticate_with_open_id).returns(true)
138 post :login
139 assert_response 200
140 ensure
141 ActionController::Base.allow_forgery_protection = false
142 end
143
134 def test_register_after_login_failure_should_not_require_user_to_enter_a_password
144 def test_register_after_login_failure_should_not_require_user_to_enter_a_password
135 Setting.self_registration = '3'
145 Setting.self_registration = '3'
136
146
137 assert_difference 'User.count' do
147 assert_difference 'User.count' do
138 post :register, :user => {
148 post :register, :user => {
139 :login => 'good_blank_user',
149 :login => 'good_blank_user',
140 :password => '',
150 :password => '',
141 :password_confirmation => '',
151 :password_confirmation => '',
142 :firstname => 'Cool',
152 :firstname => 'Cool',
143 :lastname => 'User',
153 :lastname => 'User',
144 :mail => 'user@somedomain.com',
154 :mail => 'user@somedomain.com',
145 :identity_url => 'http://openid.example.com/good_blank_user'
155 :identity_url => 'http://openid.example.com/good_blank_user'
146 }
156 }
147 assert_response 302
157 assert_response 302
148 end
158 end
149
159
150 user = User.first(:order => 'id DESC')
160 user = User.first(:order => 'id DESC')
151 assert_equal 'http://openid.example.com/good_blank_user', user.identity_url
161 assert_equal 'http://openid.example.com/good_blank_user', user.identity_url
152 assert user.hashed_password.blank?, "Hashed password was #{user.hashed_password}"
162 assert user.hashed_password.blank?, "Hashed password was #{user.hashed_password}"
153 end
163 end
154
164
155 def test_setting_openid_should_return_true_when_set_to_true
165 def test_setting_openid_should_return_true_when_set_to_true
156 assert_equal true, Setting.openid?
166 assert_equal true, Setting.openid?
157 end
167 end
158
168
159 else
169 else
160 puts "Skipping openid tests."
170 puts "Skipping openid tests."
161
171
162 def test_dummy
172 def test_dummy
163 end
173 end
164 end
174 end
165 end
175 end
General Comments 0
You need to be logged in to leave comments. Login now