##// END OF EJS Templates
jro_apps » redmine
RSS
add test of validate password length at unit user test...
Toshi MARUYAMA -
r7310:80581538a164
parent child
Show More
Side by Side Unified
Context file:
r7310:80581538a164 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,822 +1,832
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2011 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 require File.expand_path('../../test_helper', __FILE__)
19 19
20 20 class UserTest < ActiveSupport::TestCase
21 21 fixtures :users, :members, :projects, :roles, :member_roles, :auth_sources
22 22
23 23 def setup
24 24 @admin = User.find(1)
25 25 @jsmith = User.find(2)
26 26 @dlopper = User.find(3)
27 27 end
28 28
29 29 test 'object_daddy creation' do
30 30 User.generate_with_protected!(:firstname => 'Testing connection')
31 31 User.generate_with_protected!(:firstname => 'Testing connection')
32 32 assert_equal 2, User.count(:all, :conditions => {:firstname => 'Testing connection'})
33 33 end
34 34
35 35 def test_truth
36 36 assert_kind_of User, @jsmith
37 37 end
38 38
39 39 def test_mail_should_be_stripped
40 40 u = User.new
41 41 u.mail = " foo@bar.com "
42 42 assert_equal "foo@bar.com", u.mail
43 43 end
44 44
45 45 def test_mail_validation
46 46 u = User.new
47 47 u.mail = ''
48 48 assert !u.valid?
49 49 assert_equal I18n.translate('activerecord.errors.messages.blank'), u.errors.on(:mail)
50 50 end
51 51
52 52 def test_create
53 53 user = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
54 54
55 55 user.login = "jsmith"
56 56 user.password, user.password_confirmation = "password", "password"
57 57 # login uniqueness
58 58 assert !user.save
59 59 assert_equal 1, user.errors.count
60 60
61 61 user.login = "newuser"
62 62 user.password, user.password_confirmation = "passwd", "password"
63 63 # password confirmation
64 64 assert !user.save
65 65 assert_equal 1, user.errors.count
66 66
67 67 user.password, user.password_confirmation = "password", "password"
68 68 assert user.save
69 69 end
70 70
71 71 context "User#before_create" do
72 72 should "set the mail_notification to the default Setting" do
73 73 @user1 = User.generate_with_protected!
74 74 assert_equal 'only_my_events', @user1.mail_notification
75 75
76 76 with_settings :default_notification_option => 'all' do
77 77 @user2 = User.generate_with_protected!
78 78 assert_equal 'all', @user2.mail_notification
79 79 end
80 80 end
81 81 end
82 82
83 83 context "User.login" do
84 84 should "be case-insensitive." do
85 85 u = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
86 86 u.login = 'newuser'
87 87 u.password, u.password_confirmation = "password", "password"
88 88 assert u.save
89 89
90 90 u = User.new(:firstname => "Similar", :lastname => "User", :mail => "similaruser@somenet.foo")
91 91 u.login = 'NewUser'
92 92 u.password, u.password_confirmation = "password", "password"
93 93 assert !u.save
94 94 assert_equal I18n.translate('activerecord.errors.messages.taken'), u.errors.on(:login)
95 95 end
96 96 end
97 97
98 98 def test_mail_uniqueness_should_not_be_case_sensitive
99 99 u = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
100 100 u.login = 'newuser1'
101 101 u.password, u.password_confirmation = "password", "password"
102 102 assert u.save
103 103
104 104 u = User.new(:firstname => "new", :lastname => "user", :mail => "newUser@Somenet.foo")
105 105 u.login = 'newuser2'
106 106 u.password, u.password_confirmation = "password", "password"
107 107 assert !u.save
108 108 assert_equal I18n.translate('activerecord.errors.messages.taken'), u.errors.on(:mail)
109 109 end
110 110
111 111 def test_update
112 112 assert_equal "admin", @admin.login
113 113 @admin.login = "john"
114 114 assert @admin.save, @admin.errors.full_messages.join("; ")
115 115 @admin.reload
116 116 assert_equal "john", @admin.login
117 117 end
118 118
119 119 def test_destroy_should_delete_members_and_roles
120 120 members = Member.find_all_by_user_id(2)
121 121 ms = members.size
122 122 rs = members.collect(&:roles).flatten.size
123 123
124 124 assert_difference 'Member.count', - ms do
125 125 assert_difference 'MemberRole.count', - rs do
126 126 User.find(2).destroy
127 127 end
128 128 end
129 129
130 130 assert_nil User.find_by_id(2)
131 131 assert Member.find_all_by_user_id(2).empty?
132 132 end
133 133
134 134 def test_destroy_should_update_attachments
135 135 attachment = Attachment.create!(:container => Project.find(1),
136 136 :file => uploaded_test_file("testfile.txt", "text/plain"),
137 137 :author_id => 2)
138 138
139 139 User.find(2).destroy
140 140 assert_nil User.find_by_id(2)
141 141 assert_equal User.anonymous, attachment.reload.author
142 142 end
143 143
144 144 def test_destroy_should_update_comments
145 145 comment = Comment.create!(
146 146 :commented => News.create!(:project_id => 1, :author_id => 1, :title => 'foo', :description => 'foo'),
147 147 :author => User.find(2),
148 148 :comments => 'foo'
149 149 )
150 150
151 151 User.find(2).destroy
152 152 assert_nil User.find_by_id(2)
153 153 assert_equal User.anonymous, comment.reload.author
154 154 end
155 155
156 156 def test_destroy_should_update_issues
157 157 issue = Issue.create!(:project_id => 1, :author_id => 2, :tracker_id => 1, :subject => 'foo')
158 158
159 159 User.find(2).destroy
160 160 assert_nil User.find_by_id(2)
161 161 assert_equal User.anonymous, issue.reload.author
162 162 end
163 163
164 164 def test_destroy_should_unassign_issues
165 165 issue = Issue.create!(:project_id => 1, :author_id => 1, :tracker_id => 1, :subject => 'foo', :assigned_to_id => 2)
166 166
167 167 User.find(2).destroy
168 168 assert_nil User.find_by_id(2)
169 169 assert_nil issue.reload.assigned_to
170 170 end
171 171
172 172 def test_destroy_should_update_journals
173 173 issue = Issue.create!(:project_id => 1, :author_id => 2, :tracker_id => 1, :subject => 'foo')
174 174 issue.init_journal(User.find(2), "update")
175 175 issue.save!
176 176
177 177 User.find(2).destroy
178 178 assert_nil User.find_by_id(2)
179 179 assert_equal User.anonymous, issue.journals.first.reload.user
180 180 end
181 181
182 182 def test_destroy_should_update_journal_details_old_value
183 183 issue = Issue.create!(:project_id => 1, :author_id => 1, :tracker_id => 1, :subject => 'foo', :assigned_to_id => 2)
184 184 issue.init_journal(User.find(1), "update")
185 185 issue.assigned_to_id = nil
186 186 assert_difference 'JournalDetail.count' do
187 187 issue.save!
188 188 end
189 189 journal_detail = JournalDetail.first(:order => 'id DESC')
190 190 assert_equal '2', journal_detail.old_value
191 191
192 192 User.find(2).destroy
193 193 assert_nil User.find_by_id(2)
194 194 assert_equal User.anonymous.id.to_s, journal_detail.reload.old_value
195 195 end
196 196
197 197 def test_destroy_should_update_journal_details_value
198 198 issue = Issue.create!(:project_id => 1, :author_id => 1, :tracker_id => 1, :subject => 'foo')
199 199 issue.init_journal(User.find(1), "update")
200 200 issue.assigned_to_id = 2
201 201 assert_difference 'JournalDetail.count' do
202 202 issue.save!
203 203 end
204 204 journal_detail = JournalDetail.first(:order => 'id DESC')
205 205 assert_equal '2', journal_detail.value
206 206
207 207 User.find(2).destroy
208 208 assert_nil User.find_by_id(2)
209 209 assert_equal User.anonymous.id.to_s, journal_detail.reload.value
210 210 end
211 211
212 212 def test_destroy_should_update_messages
213 213 board = Board.create!(:project_id => 1, :name => 'Board', :description => 'Board')
214 214 message = Message.create!(:board_id => board.id, :author_id => 2, :subject => 'foo', :content => 'foo')
215 215
216 216 User.find(2).destroy
217 217 assert_nil User.find_by_id(2)
218 218 assert_equal User.anonymous, message.reload.author
219 219 end
220 220
221 221 def test_destroy_should_update_news
222 222 news = News.create!(:project_id => 1, :author_id => 2, :title => 'foo', :description => 'foo')
223 223
224 224 User.find(2).destroy
225 225 assert_nil User.find_by_id(2)
226 226 assert_equal User.anonymous, news.reload.author
227 227 end
228 228
229 229 def test_destroy_should_delete_private_queries
230 230 query = Query.new(:name => 'foo', :is_public => false)
231 231 query.project_id = 1
232 232 query.user_id = 2
233 233 query.save!
234 234
235 235 User.find(2).destroy
236 236 assert_nil User.find_by_id(2)
237 237 assert_nil Query.find_by_id(query.id)
238 238 end
239 239
240 240 def test_destroy_should_update_public_queries
241 241 query = Query.new(:name => 'foo', :is_public => true)
242 242 query.project_id = 1
243 243 query.user_id = 2
244 244 query.save!
245 245
246 246 User.find(2).destroy
247 247 assert_nil User.find_by_id(2)
248 248 assert_equal User.anonymous, query.reload.user
249 249 end
250 250
251 251 def test_destroy_should_update_time_entries
252 252 entry = TimeEntry.new(:hours => '2', :spent_on => Date.today, :activity => TimeEntryActivity.create!(:name => 'foo'))
253 253 entry.project_id = 1
254 254 entry.user_id = 2
255 255 entry.save!
256 256
257 257 User.find(2).destroy
258 258 assert_nil User.find_by_id(2)
259 259 assert_equal User.anonymous, entry.reload.user
260 260 end
261 261
262 262 def test_destroy_should_delete_tokens
263 263 token = Token.create!(:user_id => 2, :value => 'foo')
264 264
265 265 User.find(2).destroy
266 266 assert_nil User.find_by_id(2)
267 267 assert_nil Token.find_by_id(token.id)
268 268 end
269 269
270 270 def test_destroy_should_delete_watchers
271 271 issue = Issue.create!(:project_id => 1, :author_id => 1, :tracker_id => 1, :subject => 'foo')
272 272 watcher = Watcher.create!(:user_id => 2, :watchable => issue)
273 273
274 274 User.find(2).destroy
275 275 assert_nil User.find_by_id(2)
276 276 assert_nil Watcher.find_by_id(watcher.id)
277 277 end
278 278
279 279 def test_destroy_should_update_wiki_contents
280 280 wiki_content = WikiContent.create!(
281 281 :text => 'foo',
282 282 :author_id => 2,
283 283 :page => WikiPage.create!(:title => 'Foo', :wiki => Wiki.create!(:project_id => 1, :start_page => 'Start'))
284 284 )
285 285 wiki_content.text = 'bar'
286 286 assert_difference 'WikiContent::Version.count' do
287 287 wiki_content.save!
288 288 end
289 289
290 290 User.find(2).destroy
291 291 assert_nil User.find_by_id(2)
292 292 assert_equal User.anonymous, wiki_content.reload.author
293 293 wiki_content.versions.each do |version|
294 294 assert_equal User.anonymous, version.reload.author
295 295 end
296 296 end
297 297
298 298 def test_destroy_should_nullify_issue_categories
299 299 category = IssueCategory.create!(:project_id => 1, :assigned_to_id => 2, :name => 'foo')
300 300
301 301 User.find(2).destroy
302 302 assert_nil User.find_by_id(2)
303 303 assert_nil category.reload.assigned_to_id
304 304 end
305 305
306 306 def test_destroy_should_nullify_changesets
307 307 changeset = Changeset.create!(
308 308 :repository => Repository::Subversion.create!(
309 309 :project_id => 1,
310 310 :url => 'file:///var/svn'
311 311 ),
312 312 :revision => '12',
313 313 :committed_on => Time.now,
314 314 :committer => 'jsmith'
315 315 )
316 316 assert_equal 2, changeset.user_id
317 317
318 318 User.find(2).destroy
319 319 assert_nil User.find_by_id(2)
320 320 assert_nil changeset.reload.user_id
321 321 end
322 322
323 323 def test_anonymous_user_should_not_be_destroyable
324 324 assert_no_difference 'User.count' do
325 325 assert_equal false, User.anonymous.destroy
326 326 end
327 327 end
328 328
329 329 def test_validate_login_presence
330 330 @admin.login = ""
331 331 assert !@admin.save
332 332 assert_equal 1, @admin.errors.count
333 333 end
334 334
335 335 def test_validate_mail_notification_inclusion
336 336 u = User.new
337 337 u.mail_notification = 'foo'
338 338 u.save
339 339 assert_not_nil u.errors.on(:mail_notification)
340 340 end
341 341
342 342 context "User#try_to_login" do
343 343 should "fall-back to case-insensitive if user login is not found as-typed." do
344 344 user = User.try_to_login("AdMin", "admin")
345 345 assert_kind_of User, user
346 346 assert_equal "admin", user.login
347 347 end
348 348
349 349 should "select the exact matching user first" do
350 350 case_sensitive_user = User.generate_with_protected!(:login => 'changed', :password => 'admin', :password_confirmation => 'admin')
351 351 # bypass validations to make it appear like existing data
352 352 case_sensitive_user.update_attribute(:login, 'ADMIN')
353 353
354 354 user = User.try_to_login("ADMIN", "admin")
355 355 assert_kind_of User, user
356 356 assert_equal "ADMIN", user.login
357 357
358 358 end
359 359 end
360 360
361 361 def test_password
362 362 user = User.try_to_login("admin", "admin")
363 363 assert_kind_of User, user
364 364 assert_equal "admin", user.login
365 365 user.password = "hello"
366 366 assert user.save
367 367
368 368 user = User.try_to_login("admin", "hello")
369 369 assert_kind_of User, user
370 370 assert_equal "admin", user.login
371 371 end
372 372
373 def test_validate_password_length
374 with_settings :password_min_length => '100' do
375 user = User.new(:firstname => "new100", :lastname => "user100", :mail => "newuser100@somenet.foo")
376 user.login = "newuser100"
377 user.password, user.password_confirmation = "password100", "password100"
378 assert !user.save
379 assert_equal 1, user.errors.count
380 end
381 end
382
373 383 def test_name_format
374 384 assert_equal 'Smith, John', @jsmith.name(:lastname_coma_firstname)
375 385 Setting.user_format = :firstname_lastname
376 386 assert_equal 'John Smith', @jsmith.reload.name
377 387 Setting.user_format = :username
378 388 assert_equal 'jsmith', @jsmith.reload.name
379 389 end
380 390
381 391 def test_lock
382 392 user = User.try_to_login("jsmith", "jsmith")
383 393 assert_equal @jsmith, user
384 394
385 395 @jsmith.status = User::STATUS_LOCKED
386 396 assert @jsmith.save
387 397
388 398 user = User.try_to_login("jsmith", "jsmith")
389 399 assert_equal nil, user
390 400 end
391 401
392 402 context ".try_to_login" do
393 403 context "with good credentials" do
394 404 should "return the user" do
395 405 user = User.try_to_login("admin", "admin")
396 406 assert_kind_of User, user
397 407 assert_equal "admin", user.login
398 408 end
399 409 end
400 410
401 411 context "with wrong credentials" do
402 412 should "return nil" do
403 413 assert_nil User.try_to_login("admin", "foo")
404 414 end
405 415 end
406 416 end
407 417
408 418 if ldap_configured?
409 419 context "#try_to_login using LDAP" do
410 420 context "with failed connection to the LDAP server" do
411 421 should "return nil" do
412 422 @auth_source = AuthSourceLdap.find(1)
413 423 AuthSource.any_instance.stubs(:initialize_ldap_con).raises(Net::LDAP::LdapError, 'Cannot connect')
414 424
415 425 assert_equal nil, User.try_to_login('edavis', 'wrong')
416 426 end
417 427 end
418 428
419 429 context "with an unsuccessful authentication" do
420 430 should "return nil" do
421 431 assert_equal nil, User.try_to_login('edavis', 'wrong')
422 432 end
423 433 end
424 434
425 435 context "on the fly registration" do
426 436 setup do
427 437 @auth_source = AuthSourceLdap.find(1)
428 438 end
429 439
430 440 context "with a successful authentication" do
431 441 should "create a new user account if it doesn't exist" do
432 442 assert_difference('User.count') do
433 443 user = User.try_to_login('edavis', '123456')
434 444 assert !user.admin?
435 445 end
436 446 end
437 447
438 448 should "retrieve existing user" do
439 449 user = User.try_to_login('edavis', '123456')
440 450 user.admin = true
441 451 user.save!
442 452
443 453 assert_no_difference('User.count') do
444 454 user = User.try_to_login('edavis', '123456')
445 455 assert user.admin?
446 456 end
447 457 end
448 458 end
449 459 end
450 460 end
451 461
452 462 else
453 463 puts "Skipping LDAP tests."
454 464 end
455 465
456 466 def test_create_anonymous
457 467 AnonymousUser.delete_all
458 468 anon = User.anonymous
459 469 assert !anon.new_record?
460 470 assert_kind_of AnonymousUser, anon
461 471 end
462 472
463 473 should_have_one :rss_token
464 474
465 475 def test_rss_key
466 476 assert_nil @jsmith.rss_token
467 477 key = @jsmith.rss_key
468 478 assert_equal 40, key.length
469 479
470 480 @jsmith.reload
471 481 assert_equal key, @jsmith.rss_key
472 482 end
473 483
474 484
475 485 should_have_one :api_token
476 486
477 487 context "User#api_key" do
478 488 should "generate a new one if the user doesn't have one" do
479 489 user = User.generate_with_protected!(:api_token => nil)
480 490 assert_nil user.api_token
481 491
482 492 key = user.api_key
483 493 assert_equal 40, key.length
484 494 user.reload
485 495 assert_equal key, user.api_key
486 496 end
487 497
488 498 should "return the existing api token value" do
489 499 user = User.generate_with_protected!
490 500 token = Token.generate!(:action => 'api')
491 501 user.api_token = token
492 502 assert user.save
493 503
494 504 assert_equal token.value, user.api_key
495 505 end
496 506 end
497 507
498 508 context "User#find_by_api_key" do
499 509 should "return nil if no matching key is found" do
500 510 assert_nil User.find_by_api_key('zzzzzzzzz')
501 511 end
502 512
503 513 should "return nil if the key is found for an inactive user" do
504 514 user = User.generate_with_protected!(:status => User::STATUS_LOCKED)
505 515 token = Token.generate!(:action => 'api')
506 516 user.api_token = token
507 517 user.save
508 518
509 519 assert_nil User.find_by_api_key(token.value)
510 520 end
511 521
512 522 should "return the user if the key is found for an active user" do
513 523 user = User.generate_with_protected!(:status => User::STATUS_ACTIVE)
514 524 token = Token.generate!(:action => 'api')
515 525 user.api_token = token
516 526 user.save
517 527
518 528 assert_equal user, User.find_by_api_key(token.value)
519 529 end
520 530 end
521 531
522 532 def test_roles_for_project
523 533 # user with a role
524 534 roles = @jsmith.roles_for_project(Project.find(1))
525 535 assert_kind_of Role, roles.first
526 536 assert_equal "Manager", roles.first.name
527 537
528 538 # user with no role
529 539 assert_nil @dlopper.roles_for_project(Project.find(2)).detect {|role| role.member?}
530 540 end
531 541
532 542 def test_projects_by_role_for_user_with_role
533 543 user = User.find(2)
534 544 assert_kind_of Hash, user.projects_by_role
535 545 assert_equal 2, user.projects_by_role.size
536 546 assert_equal [1,5], user.projects_by_role[Role.find(1)].collect(&:id).sort
537 547 assert_equal [2], user.projects_by_role[Role.find(2)].collect(&:id).sort
538 548 end
539 549
540 550 def test_projects_by_role_for_user_with_no_role
541 551 user = User.generate!
542 552 assert_equal({}, user.projects_by_role)
543 553 end
544 554
545 555 def test_projects_by_role_for_anonymous
546 556 assert_equal({}, User.anonymous.projects_by_role)
547 557 end
548 558
549 559 def test_valid_notification_options
550 560 # without memberships
551 561 assert_equal 5, User.find(7).valid_notification_options.size
552 562 # with memberships
553 563 assert_equal 6, User.find(2).valid_notification_options.size
554 564 end
555 565
556 566 def test_valid_notification_options_class_method
557 567 assert_equal 5, User.valid_notification_options.size
558 568 assert_equal 5, User.valid_notification_options(User.find(7)).size
559 569 assert_equal 6, User.valid_notification_options(User.find(2)).size
560 570 end
561 571
562 572 def test_mail_notification_all
563 573 @jsmith.mail_notification = 'all'
564 574 @jsmith.notified_project_ids = []
565 575 @jsmith.save
566 576 @jsmith.reload
567 577 assert @jsmith.projects.first.recipients.include?(@jsmith.mail)
568 578 end
569 579
570 580 def test_mail_notification_selected
571 581 @jsmith.mail_notification = 'selected'
572 582 @jsmith.notified_project_ids = [1]
573 583 @jsmith.save
574 584 @jsmith.reload
575 585 assert Project.find(1).recipients.include?(@jsmith.mail)
576 586 end
577 587
578 588 def test_mail_notification_only_my_events
579 589 @jsmith.mail_notification = 'only_my_events'
580 590 @jsmith.notified_project_ids = []
581 591 @jsmith.save
582 592 @jsmith.reload
583 593 assert !@jsmith.projects.first.recipients.include?(@jsmith.mail)
584 594 end
585 595
586 596 def test_comments_sorting_preference
587 597 assert !@jsmith.wants_comments_in_reverse_order?
588 598 @jsmith.pref.comments_sorting = 'asc'
589 599 assert !@jsmith.wants_comments_in_reverse_order?
590 600 @jsmith.pref.comments_sorting = 'desc'
591 601 assert @jsmith.wants_comments_in_reverse_order?
592 602 end
593 603
594 604 def test_find_by_mail_should_be_case_insensitive
595 605 u = User.find_by_mail('JSmith@somenet.foo')
596 606 assert_not_nil u
597 607 assert_equal 'jsmith@somenet.foo', u.mail
598 608 end
599 609
600 610 def test_random_password
601 611 u = User.new
602 612 u.random_password
603 613 assert !u.password.blank?
604 614 assert !u.password_confirmation.blank?
605 615 end
606 616
607 617 context "#change_password_allowed?" do
608 618 should "be allowed if no auth source is set" do
609 619 user = User.generate_with_protected!
610 620 assert user.change_password_allowed?
611 621 end
612 622
613 623 should "delegate to the auth source" do
614 624 user = User.generate_with_protected!
615 625
616 626 allowed_auth_source = AuthSource.generate!
617 627 def allowed_auth_source.allow_password_changes?; true; end
618 628
619 629 denied_auth_source = AuthSource.generate!
620 630 def denied_auth_source.allow_password_changes?; false; end
621 631
622 632 assert user.change_password_allowed?
623 633
624 634 user.auth_source = allowed_auth_source
625 635 assert user.change_password_allowed?, "User not allowed to change password, though auth source does"
626 636
627 637 user.auth_source = denied_auth_source
628 638 assert !user.change_password_allowed?, "User allowed to change password, though auth source does not"
629 639 end
630 640
631 641 end
632 642
633 643 context "#allowed_to?" do
634 644 context "with a unique project" do
635 645 should "return false if project is archived" do
636 646 project = Project.find(1)
637 647 Project.any_instance.stubs(:status).returns(Project::STATUS_ARCHIVED)
638 648 assert ! @admin.allowed_to?(:view_issues, Project.find(1))
639 649 end
640 650
641 651 should "return false if related module is disabled" do
642 652 project = Project.find(1)
643 653 project.enabled_module_names = ["issue_tracking"]
644 654 assert @admin.allowed_to?(:add_issues, project)
645 655 assert ! @admin.allowed_to?(:view_wiki_pages, project)
646 656 end
647 657
648 658 should "authorize nearly everything for admin users" do
649 659 project = Project.find(1)
650 660 assert ! @admin.member_of?(project)
651 661 %w(edit_issues delete_issues manage_news manage_documents manage_wiki).each do |p|
652 662 assert @admin.allowed_to?(p.to_sym, project)
653 663 end
654 664 end
655 665
656 666 should "authorize normal users depending on their roles" do
657 667 project = Project.find(1)
658 668 assert @jsmith.allowed_to?(:delete_messages, project) #Manager
659 669 assert ! @dlopper.allowed_to?(:delete_messages, project) #Developper
660 670 end
661 671 end
662 672
663 673 context "with multiple projects" do
664 674 should "return false if array is empty" do
665 675 assert ! @admin.allowed_to?(:view_project, [])
666 676 end
667 677
668 678 should "return true only if user has permission on all these projects" do
669 679 assert @admin.allowed_to?(:view_project, Project.all)
670 680 assert ! @dlopper.allowed_to?(:view_project, Project.all) #cannot see Project(2)
671 681 assert @jsmith.allowed_to?(:edit_issues, @jsmith.projects) #Manager or Developer everywhere
672 682 assert ! @jsmith.allowed_to?(:delete_issue_watchers, @jsmith.projects) #Dev cannot delete_issue_watchers
673 683 end
674 684
675 685 should "behave correctly with arrays of 1 project" do
676 686 assert ! User.anonymous.allowed_to?(:delete_issues, [Project.first])
677 687 end
678 688 end
679 689
680 690 context "with options[:global]" do
681 691 should "authorize if user has at least one role that has this permission" do
682 692 @dlopper2 = User.find(5) #only Developper on a project, not Manager anywhere
683 693 @anonymous = User.find(6)
684 694 assert @jsmith.allowed_to?(:delete_issue_watchers, nil, :global => true)
685 695 assert ! @dlopper2.allowed_to?(:delete_issue_watchers, nil, :global => true)
686 696 assert @dlopper2.allowed_to?(:add_issues, nil, :global => true)
687 697 assert ! @anonymous.allowed_to?(:add_issues, nil, :global => true)
688 698 assert @anonymous.allowed_to?(:view_issues, nil, :global => true)
689 699 end
690 700 end
691 701 end
692 702
693 703 context "User#notify_about?" do
694 704 context "Issues" do
695 705 setup do
696 706 @project = Project.find(1)
697 707 @author = User.generate_with_protected!
698 708 @assignee = User.generate_with_protected!
699 709 @issue = Issue.generate_for_project!(@project, :assigned_to => @assignee, :author => @author)
700 710 end
701 711
702 712 should "be true for a user with :all" do
703 713 @author.update_attribute(:mail_notification, 'all')
704 714 assert @author.notify_about?(@issue)
705 715 end
706 716
707 717 should "be false for a user with :none" do
708 718 @author.update_attribute(:mail_notification, 'none')
709 719 assert ! @author.notify_about?(@issue)
710 720 end
711 721
712 722 should "be false for a user with :only_my_events and isn't an author, creator, or assignee" do
713 723 @user = User.generate_with_protected!(:mail_notification => 'only_my_events')
714 724 Member.create!(:user => @user, :project => @project, :role_ids => [1])
715 725 assert ! @user.notify_about?(@issue)
716 726 end
717 727
718 728 should "be true for a user with :only_my_events and is the author" do
719 729 @author.update_attribute(:mail_notification, 'only_my_events')
720 730 assert @author.notify_about?(@issue)
721 731 end
722 732
723 733 should "be true for a user with :only_my_events and is the assignee" do
724 734 @assignee.update_attribute(:mail_notification, 'only_my_events')
725 735 assert @assignee.notify_about?(@issue)
726 736 end
727 737
728 738 should "be true for a user with :only_assigned and is the assignee" do
729 739 @assignee.update_attribute(:mail_notification, 'only_assigned')
730 740 assert @assignee.notify_about?(@issue)
731 741 end
732 742
733 743 should "be false for a user with :only_assigned and is not the assignee" do
734 744 @author.update_attribute(:mail_notification, 'only_assigned')
735 745 assert ! @author.notify_about?(@issue)
736 746 end
737 747
738 748 should "be true for a user with :only_owner and is the author" do
739 749 @author.update_attribute(:mail_notification, 'only_owner')
740 750 assert @author.notify_about?(@issue)
741 751 end
742 752
743 753 should "be false for a user with :only_owner and is not the author" do
744 754 @assignee.update_attribute(:mail_notification, 'only_owner')
745 755 assert ! @assignee.notify_about?(@issue)
746 756 end
747 757
748 758 should "be true for a user with :selected and is the author" do
749 759 @author.update_attribute(:mail_notification, 'selected')
750 760 assert @author.notify_about?(@issue)
751 761 end
752 762
753 763 should "be true for a user with :selected and is the assignee" do
754 764 @assignee.update_attribute(:mail_notification, 'selected')
755 765 assert @assignee.notify_about?(@issue)
756 766 end
757 767
758 768 should "be false for a user with :selected and is not the author or assignee" do
759 769 @user = User.generate_with_protected!(:mail_notification => 'selected')
760 770 Member.create!(:user => @user, :project => @project, :role_ids => [1])
761 771 assert ! @user.notify_about?(@issue)
762 772 end
763 773 end
764 774
765 775 context "other events" do
766 776 should 'be added and tested'
767 777 end
768 778 end
769 779
770 780 def test_salt_unsalted_passwords
771 781 # Restore a user with an unsalted password
772 782 user = User.find(1)
773 783 user.salt = nil
774 784 user.hashed_password = User.hash_password("unsalted")
775 785 user.save!
776 786
777 787 User.salt_unsalted_passwords!
778 788
779 789 user.reload
780 790 # Salt added
781 791 assert !user.salt.blank?
782 792 # Password still valid
783 793 assert user.check_password?("unsalted")
784 794 assert_equal user, User.try_to_login(user.login, "unsalted")
785 795 end
786 796
787 797 if Object.const_defined?(:OpenID)
788 798
789 799 def test_setting_identity_url
790 800 normalized_open_id_url = 'http://example.com/'
791 801 u = User.new( :identity_url => 'http://example.com/' )
792 802 assert_equal normalized_open_id_url, u.identity_url
793 803 end
794 804
795 805 def test_setting_identity_url_without_trailing_slash
796 806 normalized_open_id_url = 'http://example.com/'
797 807 u = User.new( :identity_url => 'http://example.com' )
798 808 assert_equal normalized_open_id_url, u.identity_url
799 809 end
800 810
801 811 def test_setting_identity_url_without_protocol
802 812 normalized_open_id_url = 'http://example.com/'
803 813 u = User.new( :identity_url => 'example.com' )
804 814 assert_equal normalized_open_id_url, u.identity_url
805 815 end
806 816
807 817 def test_setting_blank_identity_url
808 818 u = User.new( :identity_url => 'example.com' )
809 819 u.identity_url = ''
810 820 assert u.identity_url.blank?
811 821 end
812 822
813 823 def test_setting_invalid_identity_url
814 824 u = User.new( :identity_url => 'this is not an openid url' )
815 825 assert u.identity_url.blank?
816 826 end
817 827
818 828 else
819 829 puts "Skipping openid tests."
820 830 end
821 831
822 832 end
General Comments 0
You need to be logged in to leave comments. Login now