| @@ -1,138 +1,138 | |||||
| 1 | # Redmine - project management software |
|
1 | # Redmine - project management software | |
| 2 | # Copyright (C) 2006-2015 Jean-Philippe Lang |
|
2 | # Copyright (C) 2006-2015 Jean-Philippe Lang | |
| 3 | # |
|
3 | # | |
| 4 | # This program is free software; you can redistribute it and/or |
|
4 | # This program is free software; you can redistribute it and/or | |
| 5 | # modify it under the terms of the GNU General Public License |
|
5 | # modify it under the terms of the GNU General Public License | |
| 6 | # as published by the Free Software Foundation; either version 2 |
|
6 | # as published by the Free Software Foundation; either version 2 | |
| 7 | # of the License, or (at your option) any later version. |
|
7 | # of the License, or (at your option) any later version. | |
| 8 | # |
|
8 | # | |
| 9 | # This program is distributed in the hope that it will be useful, |
|
9 | # This program is distributed in the hope that it will be useful, | |
| 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 12 | # GNU General Public License for more details. |
|
12 | # GNU General Public License for more details. | |
| 13 | # |
|
13 | # | |
| 14 | # You should have received a copy of the GNU General Public License |
|
14 | # You should have received a copy of the GNU General Public License | |
| 15 | # along with this program; if not, write to the Free Software |
|
15 | # along with this program; if not, write to the Free Software | |
| 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |
| 17 |
|
17 | |||
| 18 | require File.expand_path('../../test_helper', __FILE__) |
|
18 | require File.expand_path('../../test_helper', __FILE__) | |
| 19 |
|
19 | |||
| 20 | class SessionsControllerTest < ActionController::TestCase |
|
20 | class SessionsControllerTest < ActionController::TestCase | |
| 21 | include Redmine::I18n |
|
21 | include Redmine::I18n | |
| 22 | tests WelcomeController |
|
22 | tests WelcomeController | |
| 23 |
|
23 | |||
| 24 | fixtures :users, :email_addresses |
|
24 | fixtures :users, :email_addresses | |
| 25 |
|
25 | |||
| 26 | def setup |
|
26 | def setup | |
| 27 | Rails.application.config.redmine_verify_sessions = true |
|
27 | Rails.application.config.redmine_verify_sessions = true | |
| 28 | end |
|
28 | end | |
| 29 |
|
29 | |||
| 30 | def teardown |
|
30 | def teardown | |
| 31 | Rails.application.config.redmine_verify_sessions = false |
|
31 | Rails.application.config.redmine_verify_sessions = false | |
| 32 | end |
|
32 | end | |
| 33 |
|
33 | |||
| 34 | def test_session_token_should_be_updated |
|
34 | def test_session_token_should_be_updated | |
| 35 | created = 10.hours.ago |
|
35 | created = 10.hours.ago | |
| 36 | token = Token.create!(:user_id => 2, :action => 'session', :created_on => created, :updated_on => created) |
|
36 | token = Token.create!(:user_id => 2, :action => 'session', :created_on => created, :updated_on => created) | |
| 37 |
|
37 | |||
| 38 | get :index, {}, {:user_id => 2, :tk => token.value} |
|
38 | get :index, {}, {:user_id => 2, :tk => token.value} | |
| 39 | assert_response :success |
|
39 | assert_response :success | |
| 40 | token.reload |
|
40 | token.reload | |
| 41 | assert_equal created, token.created_on |
|
41 | assert_equal created.to_i, token.created_on.to_i | |
| 42 | assert_not_equal created, token.updated_on |
|
42 | assert_not_equal created.to_i, token.updated_on.to_i | |
| 43 | assert token.updated_on > created |
|
43 | assert token.updated_on > created | |
| 44 | end |
|
44 | end | |
| 45 |
|
45 | |||
| 46 | def test_user_session_should_not_be_reset_if_lifetime_and_timeout_disabled |
|
46 | def test_user_session_should_not_be_reset_if_lifetime_and_timeout_disabled | |
| 47 | created = 2.years.ago |
|
47 | created = 2.years.ago | |
| 48 | token = Token.create!(:user_id => 2, :action => 'session', :created_on => created, :updated_on => created) |
|
48 | token = Token.create!(:user_id => 2, :action => 'session', :created_on => created, :updated_on => created) | |
| 49 |
|
49 | |||
| 50 | with_settings :session_lifetime => '0', :session_timeout => '0' do |
|
50 | with_settings :session_lifetime => '0', :session_timeout => '0' do | |
| 51 | get :index, {}, {:user_id => 2, :tk => token.value} |
|
51 | get :index, {}, {:user_id => 2, :tk => token.value} | |
| 52 | assert_response :success |
|
52 | assert_response :success | |
| 53 | end |
|
53 | end | |
| 54 | end |
|
54 | end | |
| 55 |
|
55 | |||
| 56 | def test_user_session_without_token_should_be_reset |
|
56 | def test_user_session_without_token_should_be_reset | |
| 57 | get :index, {}, {:user_id => 2} |
|
57 | get :index, {}, {:user_id => 2} | |
| 58 | assert_redirected_to 'http://test.host/login?back_url=http%3A%2F%2Ftest.host%2F' |
|
58 | assert_redirected_to 'http://test.host/login?back_url=http%3A%2F%2Ftest.host%2F' | |
| 59 | end |
|
59 | end | |
| 60 |
|
60 | |||
| 61 | def test_expired_user_session_should_be_reset_if_lifetime_enabled |
|
61 | def test_expired_user_session_should_be_reset_if_lifetime_enabled | |
| 62 | created = 2.days.ago |
|
62 | created = 2.days.ago | |
| 63 | token = Token.create!(:user_id => 2, :action => 'session', :created_on => created, :updated_on => created) |
|
63 | token = Token.create!(:user_id => 2, :action => 'session', :created_on => created, :updated_on => created) | |
| 64 |
|
64 | |||
| 65 | with_settings :session_timeout => '720' do |
|
65 | with_settings :session_timeout => '720' do | |
| 66 | get :index, {}, {:user_id => 2, :tk => token.value} |
|
66 | get :index, {}, {:user_id => 2, :tk => token.value} | |
| 67 | assert_redirected_to 'http://test.host/login?back_url=http%3A%2F%2Ftest.host%2F' |
|
67 | assert_redirected_to 'http://test.host/login?back_url=http%3A%2F%2Ftest.host%2F' | |
| 68 | end |
|
68 | end | |
| 69 | end |
|
69 | end | |
| 70 |
|
70 | |||
| 71 | def test_valid_user_session_should_not_be_reset_if_lifetime_enabled |
|
71 | def test_valid_user_session_should_not_be_reset_if_lifetime_enabled | |
| 72 | created = 3.hours.ago |
|
72 | created = 3.hours.ago | |
| 73 | token = Token.create!(:user_id => 2, :action => 'session', :created_on => created, :updated_on => created) |
|
73 | token = Token.create!(:user_id => 2, :action => 'session', :created_on => created, :updated_on => created) | |
| 74 |
|
74 | |||
| 75 | with_settings :session_timeout => '720' do |
|
75 | with_settings :session_timeout => '720' do | |
| 76 | get :index, {}, {:user_id => 2, :tk => token.value} |
|
76 | get :index, {}, {:user_id => 2, :tk => token.value} | |
| 77 | assert_response :success |
|
77 | assert_response :success | |
| 78 | end |
|
78 | end | |
| 79 | end |
|
79 | end | |
| 80 |
|
80 | |||
| 81 | def test_expired_user_session_should_be_reset_if_timeout_enabled |
|
81 | def test_expired_user_session_should_be_reset_if_timeout_enabled | |
| 82 | created = 4.hours.ago |
|
82 | created = 4.hours.ago | |
| 83 | token = Token.create!(:user_id => 2, :action => 'session', :created_on => created, :updated_on => created) |
|
83 | token = Token.create!(:user_id => 2, :action => 'session', :created_on => created, :updated_on => created) | |
| 84 |
|
84 | |||
| 85 | with_settings :session_timeout => '60' do |
|
85 | with_settings :session_timeout => '60' do | |
| 86 | get :index, {}, {:user_id => 2, :tk => token.value} |
|
86 | get :index, {}, {:user_id => 2, :tk => token.value} | |
| 87 | assert_redirected_to 'http://test.host/login?back_url=http%3A%2F%2Ftest.host%2F' |
|
87 | assert_redirected_to 'http://test.host/login?back_url=http%3A%2F%2Ftest.host%2F' | |
| 88 | end |
|
88 | end | |
| 89 | end |
|
89 | end | |
| 90 |
|
90 | |||
| 91 | def test_valid_user_session_should_not_be_reset_if_timeout_enabled |
|
91 | def test_valid_user_session_should_not_be_reset_if_timeout_enabled | |
| 92 | created = 10.minutes.ago |
|
92 | created = 10.minutes.ago | |
| 93 | token = Token.create!(:user_id => 2, :action => 'session', :created_on => created, :updated_on => created) |
|
93 | token = Token.create!(:user_id => 2, :action => 'session', :created_on => created, :updated_on => created) | |
| 94 |
|
94 | |||
| 95 | with_settings :session_timeout => '60' do |
|
95 | with_settings :session_timeout => '60' do | |
| 96 | get :index, {}, {:user_id => 2, :tk => token.value} |
|
96 | get :index, {}, {:user_id => 2, :tk => token.value} | |
| 97 | assert_response :success |
|
97 | assert_response :success | |
| 98 | end |
|
98 | end | |
| 99 | end |
|
99 | end | |
| 100 |
|
100 | |||
| 101 | def test_expired_user_session_should_be_restarted_if_autologin |
|
101 | def test_expired_user_session_should_be_restarted_if_autologin | |
| 102 | created = 2.hours.ago |
|
102 | created = 2.hours.ago | |
| 103 | token = Token.create!(:user_id => 2, :action => 'session', :created_on => created, :updated_on => created) |
|
103 | token = Token.create!(:user_id => 2, :action => 'session', :created_on => created, :updated_on => created) | |
| 104 |
|
104 | |||
| 105 | with_settings :session_lifetime => '720', :session_timeout => '60', :autologin => 7 do |
|
105 | with_settings :session_lifetime => '720', :session_timeout => '60', :autologin => 7 do | |
| 106 | autologin_token = Token.create!(:user_id => 2, :action => 'autologin', :created_on => 1.day.ago) |
|
106 | autologin_token = Token.create!(:user_id => 2, :action => 'autologin', :created_on => 1.day.ago) | |
| 107 | @request.cookies['autologin'] = autologin_token.value |
|
107 | @request.cookies['autologin'] = autologin_token.value | |
| 108 |
|
108 | |||
| 109 | get :index, {}, {:user_id => 2, :tk => token.value} |
|
109 | get :index, {}, {:user_id => 2, :tk => token.value} | |
| 110 | assert_equal 2, session[:user_id] |
|
110 | assert_equal 2, session[:user_id] | |
| 111 | assert_response :success |
|
111 | assert_response :success | |
| 112 | assert_not_equal token.value, session[:tk] |
|
112 | assert_not_equal token.value, session[:tk] | |
| 113 | end |
|
113 | end | |
| 114 | end |
|
114 | end | |
| 115 |
|
115 | |||
| 116 | def test_expired_user_session_should_set_locale |
|
116 | def test_expired_user_session_should_set_locale | |
| 117 | set_language_if_valid 'it' |
|
117 | set_language_if_valid 'it' | |
| 118 | user = User.find(2) |
|
118 | user = User.find(2) | |
| 119 | user.language = 'fr' |
|
119 | user.language = 'fr' | |
| 120 | user.save! |
|
120 | user.save! | |
| 121 | created = 4.hours.ago |
|
121 | created = 4.hours.ago | |
| 122 | token = Token.create!(:user_id => 2, :action => 'session', :created_on => created, :updated_on => created) |
|
122 | token = Token.create!(:user_id => 2, :action => 'session', :created_on => created, :updated_on => created) | |
| 123 |
|
123 | |||
| 124 | with_settings :session_timeout => '60' do |
|
124 | with_settings :session_timeout => '60' do | |
| 125 | get :index, {}, {:user_id => user.id, :tk => token.value} |
|
125 | get :index, {}, {:user_id => user.id, :tk => token.value} | |
| 126 | assert_redirected_to 'http://test.host/login?back_url=http%3A%2F%2Ftest.host%2F' |
|
126 | assert_redirected_to 'http://test.host/login?back_url=http%3A%2F%2Ftest.host%2F' | |
| 127 | assert_include "Veuillez vous reconnecter", flash[:error] |
|
127 | assert_include "Veuillez vous reconnecter", flash[:error] | |
| 128 | assert_equal :fr, current_language |
|
128 | assert_equal :fr, current_language | |
| 129 | end |
|
129 | end | |
| 130 | end |
|
130 | end | |
| 131 |
|
131 | |||
| 132 | def test_anonymous_session_should_not_be_reset |
|
132 | def test_anonymous_session_should_not_be_reset | |
| 133 | with_settings :session_lifetime => '720', :session_timeout => '60' do |
|
133 | with_settings :session_lifetime => '720', :session_timeout => '60' do | |
| 134 | get :index |
|
134 | get :index | |
| 135 | assert_response :success |
|
135 | assert_response :success | |
| 136 | end |
|
136 | end | |
| 137 | end |
|
137 | end | |
| 138 | end |
|
138 | end | |
General Comments 0
You need to be logged in to leave comments.
Login now