##// END OF EJS Templates
jro_apps » redmine
RSS
Add some tests for User#try_to_login with LDAP. #5592...
Eric Davis -
r3705:6ef240841cff
parent child
Show More
Side by Side Unified
Context file:
r3705:6ef240841cff Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,372 +1,387
1 # redMine - project management software
1 # redMine - project management software
2 # Copyright (C) 2006 Jean-Philippe Lang
2 # Copyright (C) 2006 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 require File.dirname(__FILE__) + '/../test_helper'
18 require File.dirname(__FILE__) + '/../test_helper'
19
19
20 class UserTest < ActiveSupport::TestCase
20 class UserTest < ActiveSupport::TestCase
21 fixtures :users, :members, :projects, :roles, :member_roles, :auth_sources
21 fixtures :users, :members, :projects, :roles, :member_roles, :auth_sources
22
22
23 def setup
23 def setup
24 @admin = User.find(1)
24 @admin = User.find(1)
25 @jsmith = User.find(2)
25 @jsmith = User.find(2)
26 @dlopper = User.find(3)
26 @dlopper = User.find(3)
27 end
27 end
28
28
29 test 'object_daddy creation' do
29 test 'object_daddy creation' do
30 User.generate_with_protected!(:firstname => 'Testing connection')
30 User.generate_with_protected!(:firstname => 'Testing connection')
31 User.generate_with_protected!(:firstname => 'Testing connection')
31 User.generate_with_protected!(:firstname => 'Testing connection')
32 assert_equal 2, User.count(:all, :conditions => {:firstname => 'Testing connection'})
32 assert_equal 2, User.count(:all, :conditions => {:firstname => 'Testing connection'})
33 end
33 end
34
34
35 def test_truth
35 def test_truth
36 assert_kind_of User, @jsmith
36 assert_kind_of User, @jsmith
37 end
37 end
38
38
39 def test_create
39 def test_create
40 user = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
40 user = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
41
41
42 user.login = "jsmith"
42 user.login = "jsmith"
43 user.password, user.password_confirmation = "password", "password"
43 user.password, user.password_confirmation = "password", "password"
44 # login uniqueness
44 # login uniqueness
45 assert !user.save
45 assert !user.save
46 assert_equal 1, user.errors.count
46 assert_equal 1, user.errors.count
47
47
48 user.login = "newuser"
48 user.login = "newuser"
49 user.password, user.password_confirmation = "passwd", "password"
49 user.password, user.password_confirmation = "passwd", "password"
50 # password confirmation
50 # password confirmation
51 assert !user.save
51 assert !user.save
52 assert_equal 1, user.errors.count
52 assert_equal 1, user.errors.count
53
53
54 user.password, user.password_confirmation = "password", "password"
54 user.password, user.password_confirmation = "password", "password"
55 assert user.save
55 assert user.save
56 end
56 end
57
57
58 context "User.login" do
58 context "User.login" do
59 should "be case-insensitive." do
59 should "be case-insensitive." do
60 u = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
60 u = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
61 u.login = 'newuser'
61 u.login = 'newuser'
62 u.password, u.password_confirmation = "password", "password"
62 u.password, u.password_confirmation = "password", "password"
63 assert u.save
63 assert u.save
64
64
65 u = User.new(:firstname => "Similar", :lastname => "User", :mail => "similaruser@somenet.foo")
65 u = User.new(:firstname => "Similar", :lastname => "User", :mail => "similaruser@somenet.foo")
66 u.login = 'NewUser'
66 u.login = 'NewUser'
67 u.password, u.password_confirmation = "password", "password"
67 u.password, u.password_confirmation = "password", "password"
68 assert !u.save
68 assert !u.save
69 assert_equal I18n.translate('activerecord.errors.messages.taken'), u.errors.on(:login)
69 assert_equal I18n.translate('activerecord.errors.messages.taken'), u.errors.on(:login)
70 end
70 end
71 end
71 end
72
72
73 def test_mail_uniqueness_should_not_be_case_sensitive
73 def test_mail_uniqueness_should_not_be_case_sensitive
74 u = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
74 u = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
75 u.login = 'newuser1'
75 u.login = 'newuser1'
76 u.password, u.password_confirmation = "password", "password"
76 u.password, u.password_confirmation = "password", "password"
77 assert u.save
77 assert u.save
78
78
79 u = User.new(:firstname => "new", :lastname => "user", :mail => "newUser@Somenet.foo")
79 u = User.new(:firstname => "new", :lastname => "user", :mail => "newUser@Somenet.foo")
80 u.login = 'newuser2'
80 u.login = 'newuser2'
81 u.password, u.password_confirmation = "password", "password"
81 u.password, u.password_confirmation = "password", "password"
82 assert !u.save
82 assert !u.save
83 assert_equal I18n.translate('activerecord.errors.messages.taken'), u.errors.on(:mail)
83 assert_equal I18n.translate('activerecord.errors.messages.taken'), u.errors.on(:mail)
84 end
84 end
85
85
86 def test_update
86 def test_update
87 assert_equal "admin", @admin.login
87 assert_equal "admin", @admin.login
88 @admin.login = "john"
88 @admin.login = "john"
89 assert @admin.save, @admin.errors.full_messages.join("; ")
89 assert @admin.save, @admin.errors.full_messages.join("; ")
90 @admin.reload
90 @admin.reload
91 assert_equal "john", @admin.login
91 assert_equal "john", @admin.login
92 end
92 end
93
93
94 def test_destroy
94 def test_destroy
95 User.find(2).destroy
95 User.find(2).destroy
96 assert_nil User.find_by_id(2)
96 assert_nil User.find_by_id(2)
97 assert Member.find_all_by_user_id(2).empty?
97 assert Member.find_all_by_user_id(2).empty?
98 end
98 end
99
99
100 def test_validate
100 def test_validate
101 @admin.login = ""
101 @admin.login = ""
102 assert !@admin.save
102 assert !@admin.save
103 assert_equal 1, @admin.errors.count
103 assert_equal 1, @admin.errors.count
104 end
104 end
105
105
106 context "User#try_to_login" do
106 context "User#try_to_login" do
107 should "fall-back to case-insensitive if user login is not found as-typed." do
107 should "fall-back to case-insensitive if user login is not found as-typed." do
108 user = User.try_to_login("AdMin", "admin")
108 user = User.try_to_login("AdMin", "admin")
109 assert_kind_of User, user
109 assert_kind_of User, user
110 assert_equal "admin", user.login
110 assert_equal "admin", user.login
111 end
111 end
112
112
113 should "select the exact matching user first" do
113 should "select the exact matching user first" do
114 case_sensitive_user = User.generate_with_protected!(:login => 'changed', :password => 'admin', :password_confirmation => 'admin')
114 case_sensitive_user = User.generate_with_protected!(:login => 'changed', :password => 'admin', :password_confirmation => 'admin')
115 # bypass validations to make it appear like existing data
115 # bypass validations to make it appear like existing data
116 case_sensitive_user.update_attribute(:login, 'ADMIN')
116 case_sensitive_user.update_attribute(:login, 'ADMIN')
117
117
118 user = User.try_to_login("ADMIN", "admin")
118 user = User.try_to_login("ADMIN", "admin")
119 assert_kind_of User, user
119 assert_kind_of User, user
120 assert_equal "ADMIN", user.login
120 assert_equal "ADMIN", user.login
121
121
122 end
122 end
123 end
123 end
124
124
125 def test_password
125 def test_password
126 user = User.try_to_login("admin", "admin")
126 user = User.try_to_login("admin", "admin")
127 assert_kind_of User, user
127 assert_kind_of User, user
128 assert_equal "admin", user.login
128 assert_equal "admin", user.login
129 user.password = "hello"
129 user.password = "hello"
130 assert user.save
130 assert user.save
131
131
132 user = User.try_to_login("admin", "hello")
132 user = User.try_to_login("admin", "hello")
133 assert_kind_of User, user
133 assert_kind_of User, user
134 assert_equal "admin", user.login
134 assert_equal "admin", user.login
135 assert_equal User.hash_password("hello"), user.hashed_password
135 assert_equal User.hash_password("hello"), user.hashed_password
136 end
136 end
137
137
138 def test_name_format
138 def test_name_format
139 assert_equal 'Smith, John', @jsmith.name(:lastname_coma_firstname)
139 assert_equal 'Smith, John', @jsmith.name(:lastname_coma_firstname)
140 Setting.user_format = :firstname_lastname
140 Setting.user_format = :firstname_lastname
141 assert_equal 'John Smith', @jsmith.reload.name
141 assert_equal 'John Smith', @jsmith.reload.name
142 Setting.user_format = :username
142 Setting.user_format = :username
143 assert_equal 'jsmith', @jsmith.reload.name
143 assert_equal 'jsmith', @jsmith.reload.name
144 end
144 end
145
145
146 def test_lock
146 def test_lock
147 user = User.try_to_login("jsmith", "jsmith")
147 user = User.try_to_login("jsmith", "jsmith")
148 assert_equal @jsmith, user
148 assert_equal @jsmith, user
149
149
150 @jsmith.status = User::STATUS_LOCKED
150 @jsmith.status = User::STATUS_LOCKED
151 assert @jsmith.save
151 assert @jsmith.save
152
152
153 user = User.try_to_login("jsmith", "jsmith")
153 user = User.try_to_login("jsmith", "jsmith")
154 assert_equal nil, user
154 assert_equal nil, user
155 end
155 end
156
156
157 if ldap_configured?
157 if ldap_configured?
158 context "#try_to_login using LDAP" do
158 context "#try_to_login using LDAP" do
159 context "with failed connection to the LDAP server" do
160 should "return nil" do
161 @auth_source = AuthSourceLdap.find(1)
162 AuthSource.any_instance.stubs(:initialize_ldap_con).raises(Net::LDAP::LdapError, 'Cannot connect')
163
164 assert_equal nil, User.try_to_login('edavis', 'wrong')
165 end
166 end
167
168 context "with an unsuccessful authentication" do
169 should "return nil" do
170 assert_equal nil, User.try_to_login('edavis', 'wrong')
171 end
172 end
173
159 context "on the fly registration" do
174 context "on the fly registration" do
160 setup do
175 setup do
161 @auth_source = AuthSourceLdap.find(1)
176 @auth_source = AuthSourceLdap.find(1)
162 end
177 end
163
178
164 context "with a successful authentication" do
179 context "with a successful authentication" do
165 should "create a new user account if it doesn't exist" do
180 should "create a new user account if it doesn't exist" do
166 assert_difference('User.count') do
181 assert_difference('User.count') do
167 user = User.try_to_login('edavis', '123456')
182 user = User.try_to_login('edavis', '123456')
168 assert !user.admin?
183 assert !user.admin?
169 end
184 end
170 end
185 end
171
186
172 should "retrieve existing user" do
187 should "retrieve existing user" do
173 user = User.try_to_login('edavis', '123456')
188 user = User.try_to_login('edavis', '123456')
174 user.admin = true
189 user.admin = true
175 user.save!
190 user.save!
176
191
177 assert_no_difference('User.count') do
192 assert_no_difference('User.count') do
178 user = User.try_to_login('edavis', '123456')
193 user = User.try_to_login('edavis', '123456')
179 assert user.admin?
194 assert user.admin?
180 end
195 end
181 end
196 end
182 end
197 end
183 end
198 end
184 end
199 end
185
200
186 else
201 else
187 puts "Skipping LDAP tests."
202 puts "Skipping LDAP tests."
188 end
203 end
189
204
190 def test_create_anonymous
205 def test_create_anonymous
191 AnonymousUser.delete_all
206 AnonymousUser.delete_all
192 anon = User.anonymous
207 anon = User.anonymous
193 assert !anon.new_record?
208 assert !anon.new_record?
194 assert_kind_of AnonymousUser, anon
209 assert_kind_of AnonymousUser, anon
195 end
210 end
196
211
197 should_have_one :rss_token
212 should_have_one :rss_token
198
213
199 def test_rss_key
214 def test_rss_key
200 assert_nil @jsmith.rss_token
215 assert_nil @jsmith.rss_token
201 key = @jsmith.rss_key
216 key = @jsmith.rss_key
202 assert_equal 40, key.length
217 assert_equal 40, key.length
203
218
204 @jsmith.reload
219 @jsmith.reload
205 assert_equal key, @jsmith.rss_key
220 assert_equal key, @jsmith.rss_key
206 end
221 end
207
222
208
223
209 should_have_one :api_token
224 should_have_one :api_token
210
225
211 context "User#api_key" do
226 context "User#api_key" do
212 should "generate a new one if the user doesn't have one" do
227 should "generate a new one if the user doesn't have one" do
213 user = User.generate_with_protected!(:api_token => nil)
228 user = User.generate_with_protected!(:api_token => nil)
214 assert_nil user.api_token
229 assert_nil user.api_token
215
230
216 key = user.api_key
231 key = user.api_key
217 assert_equal 40, key.length
232 assert_equal 40, key.length
218 user.reload
233 user.reload
219 assert_equal key, user.api_key
234 assert_equal key, user.api_key
220 end
235 end
221
236
222 should "return the existing api token value" do
237 should "return the existing api token value" do
223 user = User.generate_with_protected!
238 user = User.generate_with_protected!
224 token = Token.generate!(:action => 'api')
239 token = Token.generate!(:action => 'api')
225 user.api_token = token
240 user.api_token = token
226 assert user.save
241 assert user.save
227
242
228 assert_equal token.value, user.api_key
243 assert_equal token.value, user.api_key
229 end
244 end
230 end
245 end
231
246
232 context "User#find_by_api_key" do
247 context "User#find_by_api_key" do
233 should "return nil if no matching key is found" do
248 should "return nil if no matching key is found" do
234 assert_nil User.find_by_api_key('zzzzzzzzz')
249 assert_nil User.find_by_api_key('zzzzzzzzz')
235 end
250 end
236
251
237 should "return nil if the key is found for an inactive user" do
252 should "return nil if the key is found for an inactive user" do
238 user = User.generate_with_protected!(:status => User::STATUS_LOCKED)
253 user = User.generate_with_protected!(:status => User::STATUS_LOCKED)
239 token = Token.generate!(:action => 'api')
254 token = Token.generate!(:action => 'api')
240 user.api_token = token
255 user.api_token = token
241 user.save
256 user.save
242
257
243 assert_nil User.find_by_api_key(token.value)
258 assert_nil User.find_by_api_key(token.value)
244 end
259 end
245
260
246 should "return the user if the key is found for an active user" do
261 should "return the user if the key is found for an active user" do
247 user = User.generate_with_protected!(:status => User::STATUS_ACTIVE)
262 user = User.generate_with_protected!(:status => User::STATUS_ACTIVE)
248 token = Token.generate!(:action => 'api')
263 token = Token.generate!(:action => 'api')
249 user.api_token = token
264 user.api_token = token
250 user.save
265 user.save
251
266
252 assert_equal user, User.find_by_api_key(token.value)
267 assert_equal user, User.find_by_api_key(token.value)
253 end
268 end
254 end
269 end
255
270
256 def test_roles_for_project
271 def test_roles_for_project
257 # user with a role
272 # user with a role
258 roles = @jsmith.roles_for_project(Project.find(1))
273 roles = @jsmith.roles_for_project(Project.find(1))
259 assert_kind_of Role, roles.first
274 assert_kind_of Role, roles.first
260 assert_equal "Manager", roles.first.name
275 assert_equal "Manager", roles.first.name
261
276
262 # user with no role
277 # user with no role
263 assert_nil @dlopper.roles_for_project(Project.find(2)).detect {|role| role.member?}
278 assert_nil @dlopper.roles_for_project(Project.find(2)).detect {|role| role.member?}
264 end
279 end
265
280
266 def test_mail_notification_all
281 def test_mail_notification_all
267 @jsmith.mail_notification = true
282 @jsmith.mail_notification = true
268 @jsmith.notified_project_ids = []
283 @jsmith.notified_project_ids = []
269 @jsmith.save
284 @jsmith.save
270 @jsmith.reload
285 @jsmith.reload
271 assert @jsmith.projects.first.recipients.include?(@jsmith.mail)
286 assert @jsmith.projects.first.recipients.include?(@jsmith.mail)
272 end
287 end
273
288
274 def test_mail_notification_selected
289 def test_mail_notification_selected
275 @jsmith.mail_notification = false
290 @jsmith.mail_notification = false
276 @jsmith.notified_project_ids = [1]
291 @jsmith.notified_project_ids = [1]
277 @jsmith.save
292 @jsmith.save
278 @jsmith.reload
293 @jsmith.reload
279 assert Project.find(1).recipients.include?(@jsmith.mail)
294 assert Project.find(1).recipients.include?(@jsmith.mail)
280 end
295 end
281
296
282 def test_mail_notification_none
297 def test_mail_notification_none
283 @jsmith.mail_notification = false
298 @jsmith.mail_notification = false
284 @jsmith.notified_project_ids = []
299 @jsmith.notified_project_ids = []
285 @jsmith.save
300 @jsmith.save
286 @jsmith.reload
301 @jsmith.reload
287 assert !@jsmith.projects.first.recipients.include?(@jsmith.mail)
302 assert !@jsmith.projects.first.recipients.include?(@jsmith.mail)
288 end
303 end
289
304
290 def test_comments_sorting_preference
305 def test_comments_sorting_preference
291 assert !@jsmith.wants_comments_in_reverse_order?
306 assert !@jsmith.wants_comments_in_reverse_order?
292 @jsmith.pref.comments_sorting = 'asc'
307 @jsmith.pref.comments_sorting = 'asc'
293 assert !@jsmith.wants_comments_in_reverse_order?
308 assert !@jsmith.wants_comments_in_reverse_order?
294 @jsmith.pref.comments_sorting = 'desc'
309 @jsmith.pref.comments_sorting = 'desc'
295 assert @jsmith.wants_comments_in_reverse_order?
310 assert @jsmith.wants_comments_in_reverse_order?
296 end
311 end
297
312
298 def test_find_by_mail_should_be_case_insensitive
313 def test_find_by_mail_should_be_case_insensitive
299 u = User.find_by_mail('JSmith@somenet.foo')
314 u = User.find_by_mail('JSmith@somenet.foo')
300 assert_not_nil u
315 assert_not_nil u
301 assert_equal 'jsmith@somenet.foo', u.mail
316 assert_equal 'jsmith@somenet.foo', u.mail
302 end
317 end
303
318
304 def test_random_password
319 def test_random_password
305 u = User.new
320 u = User.new
306 u.random_password
321 u.random_password
307 assert !u.password.blank?
322 assert !u.password.blank?
308 assert !u.password_confirmation.blank?
323 assert !u.password_confirmation.blank?
309 end
324 end
310
325
311 context "#change_password_allowed?" do
326 context "#change_password_allowed?" do
312 should "be allowed if no auth source is set" do
327 should "be allowed if no auth source is set" do
313 user = User.generate_with_protected!
328 user = User.generate_with_protected!
314 assert user.change_password_allowed?
329 assert user.change_password_allowed?
315 end
330 end
316
331
317 should "delegate to the auth source" do
332 should "delegate to the auth source" do
318 user = User.generate_with_protected!
333 user = User.generate_with_protected!
319
334
320 allowed_auth_source = AuthSource.generate!
335 allowed_auth_source = AuthSource.generate!
321 def allowed_auth_source.allow_password_changes?; true; end
336 def allowed_auth_source.allow_password_changes?; true; end
322
337
323 denied_auth_source = AuthSource.generate!
338 denied_auth_source = AuthSource.generate!
324 def denied_auth_source.allow_password_changes?; false; end
339 def denied_auth_source.allow_password_changes?; false; end
325
340
326 assert user.change_password_allowed?
341 assert user.change_password_allowed?
327
342
328 user.auth_source = allowed_auth_source
343 user.auth_source = allowed_auth_source
329 assert user.change_password_allowed?, "User not allowed to change password, though auth source does"
344 assert user.change_password_allowed?, "User not allowed to change password, though auth source does"
330
345
331 user.auth_source = denied_auth_source
346 user.auth_source = denied_auth_source
332 assert !user.change_password_allowed?, "User allowed to change password, though auth source does not"
347 assert !user.change_password_allowed?, "User allowed to change password, though auth source does not"
333 end
348 end
334
349
335 end
350 end
336
351
337 if Object.const_defined?(:OpenID)
352 if Object.const_defined?(:OpenID)
338
353
339 def test_setting_identity_url
354 def test_setting_identity_url
340 normalized_open_id_url = 'http://example.com/'
355 normalized_open_id_url = 'http://example.com/'
341 u = User.new( :identity_url => 'http://example.com/' )
356 u = User.new( :identity_url => 'http://example.com/' )
342 assert_equal normalized_open_id_url, u.identity_url
357 assert_equal normalized_open_id_url, u.identity_url
343 end
358 end
344
359
345 def test_setting_identity_url_without_trailing_slash
360 def test_setting_identity_url_without_trailing_slash
346 normalized_open_id_url = 'http://example.com/'
361 normalized_open_id_url = 'http://example.com/'
347 u = User.new( :identity_url => 'http://example.com' )
362 u = User.new( :identity_url => 'http://example.com' )
348 assert_equal normalized_open_id_url, u.identity_url
363 assert_equal normalized_open_id_url, u.identity_url
349 end
364 end
350
365
351 def test_setting_identity_url_without_protocol
366 def test_setting_identity_url_without_protocol
352 normalized_open_id_url = 'http://example.com/'
367 normalized_open_id_url = 'http://example.com/'
353 u = User.new( :identity_url => 'example.com' )
368 u = User.new( :identity_url => 'example.com' )
354 assert_equal normalized_open_id_url, u.identity_url
369 assert_equal normalized_open_id_url, u.identity_url
355 end
370 end
356
371
357 def test_setting_blank_identity_url
372 def test_setting_blank_identity_url
358 u = User.new( :identity_url => 'example.com' )
373 u = User.new( :identity_url => 'example.com' )
359 u.identity_url = ''
374 u.identity_url = ''
360 assert u.identity_url.blank?
375 assert u.identity_url.blank?
361 end
376 end
362
377
363 def test_setting_invalid_identity_url
378 def test_setting_invalid_identity_url
364 u = User.new( :identity_url => 'this is not an openid url' )
379 u = User.new( :identity_url => 'this is not an openid url' )
365 assert u.identity_url.blank?
380 assert u.identity_url.blank?
366 end
381 end
367
382
368 else
383 else
369 puts "Skipping openid tests."
384 puts "Skipping openid tests."
370 end
385 end
371
386
372 end
387 end
General Comments 0
You need to be logged in to leave comments. Login now