##// END OF EJS Templates
jro_apps » redmine
RSS
Adds a test for User.try_to_login with active_only set to false....
Jean-Philippe Lang -
r11718:86cfa025edc8
parent child
Show More
Side by Side Unified
Context file:
r11718:86cfa025edc8 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,1130 +1,1135
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2013 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 require File.expand_path('../../test_helper', __FILE__)
19 19
20 20 class UserTest < ActiveSupport::TestCase
21 21 fixtures :users, :members, :projects, :roles, :member_roles, :auth_sources,
22 22 :trackers, :issue_statuses,
23 23 :projects_trackers,
24 24 :watchers,
25 25 :issue_categories, :enumerations, :issues,
26 26 :journals, :journal_details,
27 27 :groups_users,
28 28 :enabled_modules
29 29
30 30 def setup
31 31 @admin = User.find(1)
32 32 @jsmith = User.find(2)
33 33 @dlopper = User.find(3)
34 34 end
35 35
36 36 def test_sorted_scope_should_sort_user_by_display_name
37 37 assert_equal User.all.map(&:name).map(&:downcase).sort, User.sorted.all.map(&:name).map(&:downcase)
38 38 end
39 39
40 40 def test_generate
41 41 User.generate!(:firstname => 'Testing connection')
42 42 User.generate!(:firstname => 'Testing connection')
43 43 assert_equal 2, User.count(:all, :conditions => {:firstname => 'Testing connection'})
44 44 end
45 45
46 46 def test_truth
47 47 assert_kind_of User, @jsmith
48 48 end
49 49
50 50 def test_mail_should_be_stripped
51 51 u = User.new
52 52 u.mail = " foo@bar.com "
53 53 assert_equal "foo@bar.com", u.mail
54 54 end
55 55
56 56 def test_mail_validation
57 57 u = User.new
58 58 u.mail = ''
59 59 assert !u.valid?
60 60 assert_include I18n.translate('activerecord.errors.messages.blank'), u.errors[:mail]
61 61 end
62 62
63 63 def test_login_length_validation
64 64 user = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
65 65 user.login = "x" * (User::LOGIN_LENGTH_LIMIT+1)
66 66 assert !user.valid?
67 67
68 68 user.login = "x" * (User::LOGIN_LENGTH_LIMIT)
69 69 assert user.valid?
70 70 assert user.save
71 71 end
72 72
73 73 def test_generate_password_should_respect_minimum_password_length
74 74 with_settings :password_min_length => 15 do
75 75 user = User.generate!(:generate_password => true)
76 76 assert user.password.length >= 15
77 77 end
78 78 end
79 79
80 80 def test_generate_password_should_not_generate_password_with_less_than_10_characters
81 81 with_settings :password_min_length => 4 do
82 82 user = User.generate!(:generate_password => true)
83 83 assert user.password.length >= 10
84 84 end
85 85 end
86 86
87 87 def test_generate_password_on_create_should_set_password
88 88 user = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
89 89 user.login = "newuser"
90 90 user.generate_password = true
91 91 assert user.save
92 92
93 93 password = user.password
94 94 assert user.check_password?(password)
95 95 end
96 96
97 97 def test_generate_password_on_update_should_update_password
98 98 user = User.find(2)
99 99 hash = user.hashed_password
100 100 user.generate_password = true
101 101 assert user.save
102 102
103 103 password = user.password
104 104 assert user.check_password?(password)
105 105 assert_not_equal hash, user.reload.hashed_password
106 106 end
107 107
108 108 def test_create
109 109 user = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
110 110
111 111 user.login = "jsmith"
112 112 user.password, user.password_confirmation = "password", "password"
113 113 # login uniqueness
114 114 assert !user.save
115 115 assert_equal 1, user.errors.count
116 116
117 117 user.login = "newuser"
118 118 user.password, user.password_confirmation = "password", "pass"
119 119 # password confirmation
120 120 assert !user.save
121 121 assert_equal 1, user.errors.count
122 122
123 123 user.password, user.password_confirmation = "password", "password"
124 124 assert user.save
125 125 end
126 126
127 127 def test_user_before_create_should_set_the_mail_notification_to_the_default_setting
128 128 @user1 = User.generate!
129 129 assert_equal 'only_my_events', @user1.mail_notification
130 130 with_settings :default_notification_option => 'all' do
131 131 @user2 = User.generate!
132 132 assert_equal 'all', @user2.mail_notification
133 133 end
134 134 end
135 135
136 136 def test_user_login_should_be_case_insensitive
137 137 u = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
138 138 u.login = 'newuser'
139 139 u.password, u.password_confirmation = "password", "password"
140 140 assert u.save
141 141 u = User.new(:firstname => "Similar", :lastname => "User", :mail => "similaruser@somenet.foo")
142 142 u.login = 'NewUser'
143 143 u.password, u.password_confirmation = "password", "password"
144 144 assert !u.save
145 145 assert_include I18n.translate('activerecord.errors.messages.taken'), u.errors[:login]
146 146 end
147 147
148 148 def test_mail_uniqueness_should_not_be_case_sensitive
149 149 u = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
150 150 u.login = 'newuser1'
151 151 u.password, u.password_confirmation = "password", "password"
152 152 assert u.save
153 153
154 154 u = User.new(:firstname => "new", :lastname => "user", :mail => "newUser@Somenet.foo")
155 155 u.login = 'newuser2'
156 156 u.password, u.password_confirmation = "password", "password"
157 157 assert !u.save
158 158 assert_include I18n.translate('activerecord.errors.messages.taken'), u.errors[:mail]
159 159 end
160 160
161 161 def test_update
162 162 assert_equal "admin", @admin.login
163 163 @admin.login = "john"
164 164 assert @admin.save, @admin.errors.full_messages.join("; ")
165 165 @admin.reload
166 166 assert_equal "john", @admin.login
167 167 end
168 168
169 169 def test_update_should_not_fail_for_legacy_user_with_different_case_logins
170 170 u1 = User.new(:firstname => "new", :lastname => "user", :mail => "newuser1@somenet.foo")
171 171 u1.login = 'newuser1'
172 172 assert u1.save
173 173
174 174 u2 = User.new(:firstname => "new", :lastname => "user", :mail => "newuser2@somenet.foo")
175 175 u2.login = 'newuser1'
176 176 assert u2.save(:validate => false)
177 177
178 178 user = User.find(u2.id)
179 179 user.firstname = "firstname"
180 180 assert user.save, "Save failed"
181 181 end
182 182
183 183 def test_destroy_should_delete_members_and_roles
184 184 members = Member.find_all_by_user_id(2)
185 185 ms = members.size
186 186 rs = members.collect(&:roles).flatten.size
187 187
188 188 assert_difference 'Member.count', - ms do
189 189 assert_difference 'MemberRole.count', - rs do
190 190 User.find(2).destroy
191 191 end
192 192 end
193 193
194 194 assert_nil User.find_by_id(2)
195 195 assert Member.find_all_by_user_id(2).empty?
196 196 end
197 197
198 198 def test_destroy_should_update_attachments
199 199 attachment = Attachment.create!(:container => Project.find(1),
200 200 :file => uploaded_test_file("testfile.txt", "text/plain"),
201 201 :author_id => 2)
202 202
203 203 User.find(2).destroy
204 204 assert_nil User.find_by_id(2)
205 205 assert_equal User.anonymous, attachment.reload.author
206 206 end
207 207
208 208 def test_destroy_should_update_comments
209 209 comment = Comment.create!(
210 210 :commented => News.create!(:project_id => 1, :author_id => 1, :title => 'foo', :description => 'foo'),
211 211 :author => User.find(2),
212 212 :comments => 'foo'
213 213 )
214 214
215 215 User.find(2).destroy
216 216 assert_nil User.find_by_id(2)
217 217 assert_equal User.anonymous, comment.reload.author
218 218 end
219 219
220 220 def test_destroy_should_update_issues
221 221 issue = Issue.create!(:project_id => 1, :author_id => 2, :tracker_id => 1, :subject => 'foo')
222 222
223 223 User.find(2).destroy
224 224 assert_nil User.find_by_id(2)
225 225 assert_equal User.anonymous, issue.reload.author
226 226 end
227 227
228 228 def test_destroy_should_unassign_issues
229 229 issue = Issue.create!(:project_id => 1, :author_id => 1, :tracker_id => 1, :subject => 'foo', :assigned_to_id => 2)
230 230
231 231 User.find(2).destroy
232 232 assert_nil User.find_by_id(2)
233 233 assert_nil issue.reload.assigned_to
234 234 end
235 235
236 236 def test_destroy_should_update_journals
237 237 issue = Issue.create!(:project_id => 1, :author_id => 2, :tracker_id => 1, :subject => 'foo')
238 238 issue.init_journal(User.find(2), "update")
239 239 issue.save!
240 240
241 241 User.find(2).destroy
242 242 assert_nil User.find_by_id(2)
243 243 assert_equal User.anonymous, issue.journals.first.reload.user
244 244 end
245 245
246 246 def test_destroy_should_update_journal_details_old_value
247 247 issue = Issue.create!(:project_id => 1, :author_id => 1, :tracker_id => 1, :subject => 'foo', :assigned_to_id => 2)
248 248 issue.init_journal(User.find(1), "update")
249 249 issue.assigned_to_id = nil
250 250 assert_difference 'JournalDetail.count' do
251 251 issue.save!
252 252 end
253 253 journal_detail = JournalDetail.first(:order => 'id DESC')
254 254 assert_equal '2', journal_detail.old_value
255 255
256 256 User.find(2).destroy
257 257 assert_nil User.find_by_id(2)
258 258 assert_equal User.anonymous.id.to_s, journal_detail.reload.old_value
259 259 end
260 260
261 261 def test_destroy_should_update_journal_details_value
262 262 issue = Issue.create!(:project_id => 1, :author_id => 1, :tracker_id => 1, :subject => 'foo')
263 263 issue.init_journal(User.find(1), "update")
264 264 issue.assigned_to_id = 2
265 265 assert_difference 'JournalDetail.count' do
266 266 issue.save!
267 267 end
268 268 journal_detail = JournalDetail.first(:order => 'id DESC')
269 269 assert_equal '2', journal_detail.value
270 270
271 271 User.find(2).destroy
272 272 assert_nil User.find_by_id(2)
273 273 assert_equal User.anonymous.id.to_s, journal_detail.reload.value
274 274 end
275 275
276 276 def test_destroy_should_update_messages
277 277 board = Board.create!(:project_id => 1, :name => 'Board', :description => 'Board')
278 278 message = Message.create!(:board_id => board.id, :author_id => 2, :subject => 'foo', :content => 'foo')
279 279
280 280 User.find(2).destroy
281 281 assert_nil User.find_by_id(2)
282 282 assert_equal User.anonymous, message.reload.author
283 283 end
284 284
285 285 def test_destroy_should_update_news
286 286 news = News.create!(:project_id => 1, :author_id => 2, :title => 'foo', :description => 'foo')
287 287
288 288 User.find(2).destroy
289 289 assert_nil User.find_by_id(2)
290 290 assert_equal User.anonymous, news.reload.author
291 291 end
292 292
293 293 def test_destroy_should_delete_private_queries
294 294 query = Query.new(:name => 'foo', :is_public => false)
295 295 query.project_id = 1
296 296 query.user_id = 2
297 297 query.save!
298 298
299 299 User.find(2).destroy
300 300 assert_nil User.find_by_id(2)
301 301 assert_nil Query.find_by_id(query.id)
302 302 end
303 303
304 304 def test_destroy_should_update_public_queries
305 305 query = Query.new(:name => 'foo', :is_public => true)
306 306 query.project_id = 1
307 307 query.user_id = 2
308 308 query.save!
309 309
310 310 User.find(2).destroy
311 311 assert_nil User.find_by_id(2)
312 312 assert_equal User.anonymous, query.reload.user
313 313 end
314 314
315 315 def test_destroy_should_update_time_entries
316 316 entry = TimeEntry.new(:hours => '2', :spent_on => Date.today, :activity => TimeEntryActivity.create!(:name => 'foo'))
317 317 entry.project_id = 1
318 318 entry.user_id = 2
319 319 entry.save!
320 320
321 321 User.find(2).destroy
322 322 assert_nil User.find_by_id(2)
323 323 assert_equal User.anonymous, entry.reload.user
324 324 end
325 325
326 326 def test_destroy_should_delete_tokens
327 327 token = Token.create!(:user_id => 2, :value => 'foo')
328 328
329 329 User.find(2).destroy
330 330 assert_nil User.find_by_id(2)
331 331 assert_nil Token.find_by_id(token.id)
332 332 end
333 333
334 334 def test_destroy_should_delete_watchers
335 335 issue = Issue.create!(:project_id => 1, :author_id => 1, :tracker_id => 1, :subject => 'foo')
336 336 watcher = Watcher.create!(:user_id => 2, :watchable => issue)
337 337
338 338 User.find(2).destroy
339 339 assert_nil User.find_by_id(2)
340 340 assert_nil Watcher.find_by_id(watcher.id)
341 341 end
342 342
343 343 def test_destroy_should_update_wiki_contents
344 344 wiki_content = WikiContent.create!(
345 345 :text => 'foo',
346 346 :author_id => 2,
347 347 :page => WikiPage.create!(:title => 'Foo', :wiki => Wiki.create!(:project_id => 1, :start_page => 'Start'))
348 348 )
349 349 wiki_content.text = 'bar'
350 350 assert_difference 'WikiContent::Version.count' do
351 351 wiki_content.save!
352 352 end
353 353
354 354 User.find(2).destroy
355 355 assert_nil User.find_by_id(2)
356 356 assert_equal User.anonymous, wiki_content.reload.author
357 357 wiki_content.versions.each do |version|
358 358 assert_equal User.anonymous, version.reload.author
359 359 end
360 360 end
361 361
362 362 def test_destroy_should_nullify_issue_categories
363 363 category = IssueCategory.create!(:project_id => 1, :assigned_to_id => 2, :name => 'foo')
364 364
365 365 User.find(2).destroy
366 366 assert_nil User.find_by_id(2)
367 367 assert_nil category.reload.assigned_to_id
368 368 end
369 369
370 370 def test_destroy_should_nullify_changesets
371 371 changeset = Changeset.create!(
372 372 :repository => Repository::Subversion.create!(
373 373 :project_id => 1,
374 374 :url => 'file:///tmp',
375 375 :identifier => 'tmp'
376 376 ),
377 377 :revision => '12',
378 378 :committed_on => Time.now,
379 379 :committer => 'jsmith'
380 380 )
381 381 assert_equal 2, changeset.user_id
382 382
383 383 User.find(2).destroy
384 384 assert_nil User.find_by_id(2)
385 385 assert_nil changeset.reload.user_id
386 386 end
387 387
388 388 def test_anonymous_user_should_not_be_destroyable
389 389 assert_no_difference 'User.count' do
390 390 assert_equal false, User.anonymous.destroy
391 391 end
392 392 end
393 393
394 394 def test_validate_login_presence
395 395 @admin.login = ""
396 396 assert !@admin.save
397 397 assert_equal 1, @admin.errors.count
398 398 end
399 399
400 400 def test_validate_mail_notification_inclusion
401 401 u = User.new
402 402 u.mail_notification = 'foo'
403 403 u.save
404 404 assert_not_nil u.errors[:mail_notification]
405 405 end
406 406
407 test "User#try_to_login should fall-back to case-insensitive if user login is not found as-typed" do
408 user = User.try_to_login("AdMin", "admin")
409 assert_kind_of User, user
410 assert_equal "admin", user.login
411 end
412
413 test "User#try_to_login should select the exact matching user first" do
414 case_sensitive_user = User.generate! do |user|
415 user.password = "admin123"
416 end
417 # bypass validations to make it appear like existing data
418 case_sensitive_user.update_attribute(:login, 'ADMIN')
419
420 user = User.try_to_login("ADMIN", "admin123")
421 assert_kind_of User, user
422 assert_equal "ADMIN", user.login
423 end
424
425 407 def test_password
426 408 user = User.try_to_login("admin", "admin")
427 409 assert_kind_of User, user
428 410 assert_equal "admin", user.login
429 411 user.password = "hello123"
430 412 assert user.save
431 413
432 414 user = User.try_to_login("admin", "hello123")
433 415 assert_kind_of User, user
434 416 assert_equal "admin", user.login
435 417 end
436 418
437 419 def test_validate_password_length
438 420 with_settings :password_min_length => '100' do
439 421 user = User.new(:firstname => "new100", :lastname => "user100", :mail => "newuser100@somenet.foo")
440 422 user.login = "newuser100"
441 423 user.password, user.password_confirmation = "password100", "password100"
442 424 assert !user.save
443 425 assert_equal 1, user.errors.count
444 426 end
445 427 end
446 428
447 429 def test_name_format
448 430 assert_equal 'John S.', @jsmith.name(:firstname_lastinitial)
449 431 assert_equal 'Smith, John', @jsmith.name(:lastname_coma_firstname)
450 432 with_settings :user_format => :firstname_lastname do
451 433 assert_equal 'John Smith', @jsmith.reload.name
452 434 end
453 435 with_settings :user_format => :username do
454 436 assert_equal 'jsmith', @jsmith.reload.name
455 437 end
456 438 with_settings :user_format => :lastname do
457 439 assert_equal 'Smith', @jsmith.reload.name
458 440 end
459 441 end
460 442
461 443 def test_today_should_return_the_day_according_to_user_time_zone
462 444 preference = User.find(1).pref
463 445 date = Date.new(2012, 05, 15)
464 446 time = Time.gm(2012, 05, 15, 23, 30).utc # 2012-05-15 23:30 UTC
465 447 Date.stubs(:today).returns(date)
466 448 Time.stubs(:now).returns(time)
467 449
468 450 preference.update_attribute :time_zone, 'Baku' # UTC+4
469 451 assert_equal '2012-05-16', User.find(1).today.to_s
470 452
471 453 preference.update_attribute :time_zone, 'La Paz' # UTC-4
472 454 assert_equal '2012-05-15', User.find(1).today.to_s
473 455
474 456 preference.update_attribute :time_zone, ''
475 457 assert_equal '2012-05-15', User.find(1).today.to_s
476 458 end
477 459
478 460 def test_time_to_date_should_return_the_date_according_to_user_time_zone
479 461 preference = User.find(1).pref
480 462 time = Time.gm(2012, 05, 15, 23, 30).utc # 2012-05-15 23:30 UTC
481 463
482 464 preference.update_attribute :time_zone, 'Baku' # UTC+4
483 465 assert_equal '2012-05-16', User.find(1).time_to_date(time).to_s
484 466
485 467 preference.update_attribute :time_zone, 'La Paz' # UTC-4
486 468 assert_equal '2012-05-15', User.find(1).time_to_date(time).to_s
487 469
488 470 preference.update_attribute :time_zone, ''
489 471 assert_equal '2012-05-15', User.find(1).time_to_date(time).to_s
490 472 end
491 473
492 474 def test_fields_for_order_statement_should_return_fields_according_user_format_setting
493 475 with_settings :user_format => 'lastname_coma_firstname' do
494 476 assert_equal ['users.lastname', 'users.firstname', 'users.id'], User.fields_for_order_statement
495 477 end
496 478 end
497 479
498 480 def test_fields_for_order_statement_width_table_name_should_prepend_table_name
499 481 with_settings :user_format => 'lastname_firstname' do
500 482 assert_equal ['authors.lastname', 'authors.firstname', 'authors.id'], User.fields_for_order_statement('authors')
501 483 end
502 484 end
503 485
504 486 def test_fields_for_order_statement_with_blank_format_should_return_default
505 487 with_settings :user_format => '' do
506 488 assert_equal ['users.firstname', 'users.lastname', 'users.id'], User.fields_for_order_statement
507 489 end
508 490 end
509 491
510 492 def test_fields_for_order_statement_with_invalid_format_should_return_default
511 493 with_settings :user_format => 'foo' do
512 494 assert_equal ['users.firstname', 'users.lastname', 'users.id'], User.fields_for_order_statement
513 495 end
514 496 end
515 497
516 def test_lock
517 user = User.try_to_login("jsmith", "jsmith")
518 assert_equal @jsmith, user
498 test ".try_to_login with good credentials should return the user" do
499 user = User.try_to_login("admin", "admin")
500 assert_kind_of User, user
501 assert_equal "admin", user.login
502 end
519 503
504 test ".try_to_login with wrong credentials should return nil" do
505 assert_nil User.try_to_login("admin", "foo")
506 end
507
508 def test_try_to_login_with_locked_user_should_return_nil
520 509 @jsmith.status = User::STATUS_LOCKED
521 assert @jsmith.save
510 @jsmith.save!
522 511
523 512 user = User.try_to_login("jsmith", "jsmith")
524 513 assert_equal nil, user
525 514 end
526 515
527 test ".try_to_login with good credentials should return the user" do
528 user = User.try_to_login("admin", "admin")
516 def test_try_to_login_with_locked_user_and_not_active_only_should_return_user
517 @jsmith.status = User::STATUS_LOCKED
518 @jsmith.save!
519
520 user = User.try_to_login("jsmith", "jsmith", false)
521 assert_equal @jsmith, user
522 end
523
524 test ".try_to_login should fall-back to case-insensitive if user login is not found as-typed" do
525 user = User.try_to_login("AdMin", "admin")
529 526 assert_kind_of User, user
530 527 assert_equal "admin", user.login
531 528 end
532 529
533 test ".try_to_login with wrong credentials should return nil" do
534 assert_nil User.try_to_login("admin", "foo")
530 test ".try_to_login should select the exact matching user first" do
531 case_sensitive_user = User.generate! do |user|
532 user.password = "admin123"
533 end
534 # bypass validations to make it appear like existing data
535 case_sensitive_user.update_attribute(:login, 'ADMIN')
536
537 user = User.try_to_login("ADMIN", "admin123")
538 assert_kind_of User, user
539 assert_equal "ADMIN", user.login
535 540 end
536 541
537 542 if ldap_configured?
538 543 context "#try_to_login using LDAP" do
539 544 context "with failed connection to the LDAP server" do
540 545 should "return nil" do
541 546 @auth_source = AuthSourceLdap.find(1)
542 547 AuthSource.any_instance.stubs(:initialize_ldap_con).raises(Net::LDAP::LdapError, 'Cannot connect')
543 548
544 549 assert_equal nil, User.try_to_login('edavis', 'wrong')
545 550 end
546 551 end
547 552
548 553 context "with an unsuccessful authentication" do
549 554 should "return nil" do
550 555 assert_equal nil, User.try_to_login('edavis', 'wrong')
551 556 end
552 557 end
553 558
554 559 context "binding with user's account" do
555 560 setup do
556 561 @auth_source = AuthSourceLdap.find(1)
557 562 @auth_source.account = "uid=$login,ou=Person,dc=redmine,dc=org"
558 563 @auth_source.account_password = ''
559 564 @auth_source.save!
560 565
561 566 @ldap_user = User.new(:mail => 'example1@redmine.org', :firstname => 'LDAP', :lastname => 'user', :auth_source_id => 1)
562 567 @ldap_user.login = 'example1'
563 568 @ldap_user.save!
564 569 end
565 570
566 571 context "with a successful authentication" do
567 572 should "return the user" do
568 573 assert_equal @ldap_user, User.try_to_login('example1', '123456')
569 574 end
570 575 end
571 576
572 577 context "with an unsuccessful authentication" do
573 578 should "return nil" do
574 579 assert_nil User.try_to_login('example1', '11111')
575 580 end
576 581 end
577 582 end
578 583
579 584 context "on the fly registration" do
580 585 setup do
581 586 @auth_source = AuthSourceLdap.find(1)
582 587 @auth_source.update_attribute :onthefly_register, true
583 588 end
584 589
585 590 context "with a successful authentication" do
586 591 should "create a new user account if it doesn't exist" do
587 592 assert_difference('User.count') do
588 593 user = User.try_to_login('edavis', '123456')
589 594 assert !user.admin?
590 595 end
591 596 end
592 597
593 598 should "retrieve existing user" do
594 599 user = User.try_to_login('edavis', '123456')
595 600 user.admin = true
596 601 user.save!
597 602
598 603 assert_no_difference('User.count') do
599 604 user = User.try_to_login('edavis', '123456')
600 605 assert user.admin?
601 606 end
602 607 end
603 608 end
604 609
605 610 context "binding with user's account" do
606 611 setup do
607 612 @auth_source = AuthSourceLdap.find(1)
608 613 @auth_source.account = "uid=$login,ou=Person,dc=redmine,dc=org"
609 614 @auth_source.account_password = ''
610 615 @auth_source.save!
611 616 end
612 617
613 618 context "with a successful authentication" do
614 619 should "create a new user account if it doesn't exist" do
615 620 assert_difference('User.count') do
616 621 user = User.try_to_login('example1', '123456')
617 622 assert_kind_of User, user
618 623 end
619 624 end
620 625 end
621 626
622 627 context "with an unsuccessful authentication" do
623 628 should "return nil" do
624 629 assert_nil User.try_to_login('example1', '11111')
625 630 end
626 631 end
627 632 end
628 633 end
629 634 end
630 635
631 636 else
632 637 puts "Skipping LDAP tests."
633 638 end
634 639
635 640 def test_create_anonymous
636 641 AnonymousUser.delete_all
637 642 anon = User.anonymous
638 643 assert !anon.new_record?
639 644 assert_kind_of AnonymousUser, anon
640 645 end
641 646
642 647 def test_ensure_single_anonymous_user
643 648 AnonymousUser.delete_all
644 649 anon1 = User.anonymous
645 650 assert !anon1.new_record?
646 651 assert_kind_of AnonymousUser, anon1
647 652 anon2 = AnonymousUser.create(
648 653 :lastname => 'Anonymous', :firstname => '',
649 654 :mail => '', :login => '', :status => 0)
650 655 assert_equal 1, anon2.errors.count
651 656 end
652 657
653 658 def test_rss_key
654 659 assert_nil @jsmith.rss_token
655 660 key = @jsmith.rss_key
656 661 assert_equal 40, key.length
657 662
658 663 @jsmith.reload
659 664 assert_equal key, @jsmith.rss_key
660 665 end
661 666
662 667 def test_rss_key_should_not_be_generated_twice
663 668 assert_difference 'Token.count', 1 do
664 669 key1 = @jsmith.rss_key
665 670 key2 = @jsmith.rss_key
666 671 assert_equal key1, key2
667 672 end
668 673 end
669 674
670 675 def test_api_key_should_not_be_generated_twice
671 676 assert_difference 'Token.count', 1 do
672 677 key1 = @jsmith.api_key
673 678 key2 = @jsmith.api_key
674 679 assert_equal key1, key2
675 680 end
676 681 end
677 682
678 683 test "#api_key should generate a new one if the user doesn't have one" do
679 684 user = User.generate!(:api_token => nil)
680 685 assert_nil user.api_token
681 686
682 687 key = user.api_key
683 688 assert_equal 40, key.length
684 689 user.reload
685 690 assert_equal key, user.api_key
686 691 end
687 692
688 693 test "#api_key should return the existing api token value" do
689 694 user = User.generate!
690 695 token = Token.create!(:action => 'api')
691 696 user.api_token = token
692 697 assert user.save
693 698
694 699 assert_equal token.value, user.api_key
695 700 end
696 701
697 702 test "#find_by_api_key should return nil if no matching key is found" do
698 703 assert_nil User.find_by_api_key('zzzzzzzzz')
699 704 end
700 705
701 706 test "#find_by_api_key should return nil if the key is found for an inactive user" do
702 707 user = User.generate!
703 708 user.status = User::STATUS_LOCKED
704 709 token = Token.create!(:action => 'api')
705 710 user.api_token = token
706 711 user.save
707 712
708 713 assert_nil User.find_by_api_key(token.value)
709 714 end
710 715
711 716 test "#find_by_api_key should return the user if the key is found for an active user" do
712 717 user = User.generate!
713 718 token = Token.create!(:action => 'api')
714 719 user.api_token = token
715 720 user.save
716 721
717 722 assert_equal user, User.find_by_api_key(token.value)
718 723 end
719 724
720 725 def test_default_admin_account_changed_should_return_false_if_account_was_not_changed
721 726 user = User.find_by_login("admin")
722 727 user.password = "admin"
723 728 assert user.save(:validate => false)
724 729
725 730 assert_equal false, User.default_admin_account_changed?
726 731 end
727 732
728 733 def test_default_admin_account_changed_should_return_true_if_password_was_changed
729 734 user = User.find_by_login("admin")
730 735 user.password = "newpassword"
731 736 user.save!
732 737
733 738 assert_equal true, User.default_admin_account_changed?
734 739 end
735 740
736 741 def test_default_admin_account_changed_should_return_true_if_account_is_disabled
737 742 user = User.find_by_login("admin")
738 743 user.password = "admin"
739 744 user.status = User::STATUS_LOCKED
740 745 assert user.save(:validate => false)
741 746
742 747 assert_equal true, User.default_admin_account_changed?
743 748 end
744 749
745 750 def test_default_admin_account_changed_should_return_true_if_account_does_not_exist
746 751 user = User.find_by_login("admin")
747 752 user.destroy
748 753
749 754 assert_equal true, User.default_admin_account_changed?
750 755 end
751 756
752 757 def test_membership_with_project_should_return_membership
753 758 project = Project.find(1)
754 759
755 760 membership = @jsmith.membership(project)
756 761 assert_kind_of Member, membership
757 762 assert_equal @jsmith, membership.user
758 763 assert_equal project, membership.project
759 764 end
760 765
761 766 def test_membership_with_project_id_should_return_membership
762 767 project = Project.find(1)
763 768
764 769 membership = @jsmith.membership(1)
765 770 assert_kind_of Member, membership
766 771 assert_equal @jsmith, membership.user
767 772 assert_equal project, membership.project
768 773 end
769 774
770 775 def test_membership_for_non_member_should_return_nil
771 776 project = Project.find(1)
772 777
773 778 user = User.generate!
774 779 membership = user.membership(1)
775 780 assert_nil membership
776 781 end
777 782
778 783 def test_roles_for_project
779 784 # user with a role
780 785 roles = @jsmith.roles_for_project(Project.find(1))
781 786 assert_kind_of Role, roles.first
782 787 assert_equal "Manager", roles.first.name
783 788
784 789 # user with no role
785 790 assert_nil @dlopper.roles_for_project(Project.find(2)).detect {|role| role.member?}
786 791 end
787 792
788 793 def test_projects_by_role_for_user_with_role
789 794 user = User.find(2)
790 795 assert_kind_of Hash, user.projects_by_role
791 796 assert_equal 2, user.projects_by_role.size
792 797 assert_equal [1,5], user.projects_by_role[Role.find(1)].collect(&:id).sort
793 798 assert_equal [2], user.projects_by_role[Role.find(2)].collect(&:id).sort
794 799 end
795 800
796 801 def test_accessing_projects_by_role_with_no_projects_should_return_an_empty_array
797 802 user = User.find(2)
798 803 assert_equal [], user.projects_by_role[Role.find(3)]
799 804 # should not update the hash
800 805 assert_nil user.projects_by_role.values.detect(&:blank?)
801 806 end
802 807
803 808 def test_projects_by_role_for_user_with_no_role
804 809 user = User.generate!
805 810 assert_equal({}, user.projects_by_role)
806 811 end
807 812
808 813 def test_projects_by_role_for_anonymous
809 814 assert_equal({}, User.anonymous.projects_by_role)
810 815 end
811 816
812 817 def test_valid_notification_options
813 818 # without memberships
814 819 assert_equal 5, User.find(7).valid_notification_options.size
815 820 # with memberships
816 821 assert_equal 6, User.find(2).valid_notification_options.size
817 822 end
818 823
819 824 def test_valid_notification_options_class_method
820 825 assert_equal 5, User.valid_notification_options.size
821 826 assert_equal 5, User.valid_notification_options(User.find(7)).size
822 827 assert_equal 6, User.valid_notification_options(User.find(2)).size
823 828 end
824 829
825 830 def test_mail_notification_all
826 831 @jsmith.mail_notification = 'all'
827 832 @jsmith.notified_project_ids = []
828 833 @jsmith.save
829 834 @jsmith.reload
830 835 assert @jsmith.projects.first.recipients.include?(@jsmith.mail)
831 836 end
832 837
833 838 def test_mail_notification_selected
834 839 @jsmith.mail_notification = 'selected'
835 840 @jsmith.notified_project_ids = [1]
836 841 @jsmith.save
837 842 @jsmith.reload
838 843 assert Project.find(1).recipients.include?(@jsmith.mail)
839 844 end
840 845
841 846 def test_mail_notification_only_my_events
842 847 @jsmith.mail_notification = 'only_my_events'
843 848 @jsmith.notified_project_ids = []
844 849 @jsmith.save
845 850 @jsmith.reload
846 851 assert !@jsmith.projects.first.recipients.include?(@jsmith.mail)
847 852 end
848 853
849 854 def test_comments_sorting_preference
850 855 assert !@jsmith.wants_comments_in_reverse_order?
851 856 @jsmith.pref.comments_sorting = 'asc'
852 857 assert !@jsmith.wants_comments_in_reverse_order?
853 858 @jsmith.pref.comments_sorting = 'desc'
854 859 assert @jsmith.wants_comments_in_reverse_order?
855 860 end
856 861
857 862 def test_find_by_mail_should_be_case_insensitive
858 863 u = User.find_by_mail('JSmith@somenet.foo')
859 864 assert_not_nil u
860 865 assert_equal 'jsmith@somenet.foo', u.mail
861 866 end
862 867
863 868 def test_random_password
864 869 u = User.new
865 870 u.random_password
866 871 assert !u.password.blank?
867 872 assert !u.password_confirmation.blank?
868 873 end
869 874
870 875 test "#change_password_allowed? should be allowed if no auth source is set" do
871 876 user = User.generate!
872 877 assert user.change_password_allowed?
873 878 end
874 879
875 880 test "#change_password_allowed? should delegate to the auth source" do
876 881 user = User.generate!
877 882
878 883 allowed_auth_source = AuthSource.generate!
879 884 def allowed_auth_source.allow_password_changes?; true; end
880 885
881 886 denied_auth_source = AuthSource.generate!
882 887 def denied_auth_source.allow_password_changes?; false; end
883 888
884 889 assert user.change_password_allowed?
885 890
886 891 user.auth_source = allowed_auth_source
887 892 assert user.change_password_allowed?, "User not allowed to change password, though auth source does"
888 893
889 894 user.auth_source = denied_auth_source
890 895 assert !user.change_password_allowed?, "User allowed to change password, though auth source does not"
891 896 end
892 897
893 898 def test_own_account_deletable_should_be_true_with_unsubscrive_enabled
894 899 with_settings :unsubscribe => '1' do
895 900 assert_equal true, User.find(2).own_account_deletable?
896 901 end
897 902 end
898 903
899 904 def test_own_account_deletable_should_be_false_with_unsubscrive_disabled
900 905 with_settings :unsubscribe => '0' do
901 906 assert_equal false, User.find(2).own_account_deletable?
902 907 end
903 908 end
904 909
905 910 def test_own_account_deletable_should_be_false_for_a_single_admin
906 911 User.delete_all(["admin = ? AND id <> ?", true, 1])
907 912
908 913 with_settings :unsubscribe => '1' do
909 914 assert_equal false, User.find(1).own_account_deletable?
910 915 end
911 916 end
912 917
913 918 def test_own_account_deletable_should_be_true_for_an_admin_if_other_admin_exists
914 919 User.generate! do |user|
915 920 user.admin = true
916 921 end
917 922
918 923 with_settings :unsubscribe => '1' do
919 924 assert_equal true, User.find(1).own_account_deletable?
920 925 end
921 926 end
922 927
923 928 context "#allowed_to?" do
924 929 context "with a unique project" do
925 930 should "return false if project is archived" do
926 931 project = Project.find(1)
927 932 Project.any_instance.stubs(:status).returns(Project::STATUS_ARCHIVED)
928 933 assert_equal false, @admin.allowed_to?(:view_issues, Project.find(1))
929 934 end
930 935
931 936 should "return false for write action if project is closed" do
932 937 project = Project.find(1)
933 938 Project.any_instance.stubs(:status).returns(Project::STATUS_CLOSED)
934 939 assert_equal false, @admin.allowed_to?(:edit_project, Project.find(1))
935 940 end
936 941
937 942 should "return true for read action if project is closed" do
938 943 project = Project.find(1)
939 944 Project.any_instance.stubs(:status).returns(Project::STATUS_CLOSED)
940 945 assert_equal true, @admin.allowed_to?(:view_project, Project.find(1))
941 946 end
942 947
943 948 should "return false if related module is disabled" do
944 949 project = Project.find(1)
945 950 project.enabled_module_names = ["issue_tracking"]
946 951 assert_equal true, @admin.allowed_to?(:add_issues, project)
947 952 assert_equal false, @admin.allowed_to?(:view_wiki_pages, project)
948 953 end
949 954
950 955 should "authorize nearly everything for admin users" do
951 956 project = Project.find(1)
952 957 assert ! @admin.member_of?(project)
953 958 %w(edit_issues delete_issues manage_news add_documents manage_wiki).each do |p|
954 959 assert_equal true, @admin.allowed_to?(p.to_sym, project)
955 960 end
956 961 end
957 962
958 963 should "authorize normal users depending on their roles" do
959 964 project = Project.find(1)
960 965 assert_equal true, @jsmith.allowed_to?(:delete_messages, project) #Manager
961 966 assert_equal false, @dlopper.allowed_to?(:delete_messages, project) #Developper
962 967 end
963 968 end
964 969
965 970 context "with multiple projects" do
966 971 should "return false if array is empty" do
967 972 assert_equal false, @admin.allowed_to?(:view_project, [])
968 973 end
969 974
970 975 should "return true only if user has permission on all these projects" do
971 976 assert_equal true, @admin.allowed_to?(:view_project, Project.all)
972 977 assert_equal false, @dlopper.allowed_to?(:view_project, Project.all) #cannot see Project(2)
973 978 assert_equal true, @jsmith.allowed_to?(:edit_issues, @jsmith.projects) #Manager or Developer everywhere
974 979 assert_equal false, @jsmith.allowed_to?(:delete_issue_watchers, @jsmith.projects) #Dev cannot delete_issue_watchers
975 980 end
976 981
977 982 should "behave correctly with arrays of 1 project" do
978 983 assert_equal false, User.anonymous.allowed_to?(:delete_issues, [Project.first])
979 984 end
980 985 end
981 986
982 987 context "with options[:global]" do
983 988 should "authorize if user has at least one role that has this permission" do
984 989 @dlopper2 = User.find(5) #only Developper on a project, not Manager anywhere
985 990 @anonymous = User.find(6)
986 991 assert_equal true, @jsmith.allowed_to?(:delete_issue_watchers, nil, :global => true)
987 992 assert_equal false, @dlopper2.allowed_to?(:delete_issue_watchers, nil, :global => true)
988 993 assert_equal true, @dlopper2.allowed_to?(:add_issues, nil, :global => true)
989 994 assert_equal false, @anonymous.allowed_to?(:add_issues, nil, :global => true)
990 995 assert_equal true, @anonymous.allowed_to?(:view_issues, nil, :global => true)
991 996 end
992 997 end
993 998 end
994 999
995 1000 context "User#notify_about?" do
996 1001 context "Issues" do
997 1002 setup do
998 1003 @project = Project.find(1)
999 1004 @author = User.generate!
1000 1005 @assignee = User.generate!
1001 1006 @issue = Issue.generate!(:project => @project, :assigned_to => @assignee, :author => @author)
1002 1007 end
1003 1008
1004 1009 should "be true for a user with :all" do
1005 1010 @author.update_attribute(:mail_notification, 'all')
1006 1011 assert @author.notify_about?(@issue)
1007 1012 end
1008 1013
1009 1014 should "be false for a user with :none" do
1010 1015 @author.update_attribute(:mail_notification, 'none')
1011 1016 assert ! @author.notify_about?(@issue)
1012 1017 end
1013 1018
1014 1019 should "be false for a user with :only_my_events and isn't an author, creator, or assignee" do
1015 1020 @user = User.generate!(:mail_notification => 'only_my_events')
1016 1021 Member.create!(:user => @user, :project => @project, :role_ids => [1])
1017 1022 assert ! @user.notify_about?(@issue)
1018 1023 end
1019 1024
1020 1025 should "be true for a user with :only_my_events and is the author" do
1021 1026 @author.update_attribute(:mail_notification, 'only_my_events')
1022 1027 assert @author.notify_about?(@issue)
1023 1028 end
1024 1029
1025 1030 should "be true for a user with :only_my_events and is the assignee" do
1026 1031 @assignee.update_attribute(:mail_notification, 'only_my_events')
1027 1032 assert @assignee.notify_about?(@issue)
1028 1033 end
1029 1034
1030 1035 should "be true for a user with :only_assigned and is the assignee" do
1031 1036 @assignee.update_attribute(:mail_notification, 'only_assigned')
1032 1037 assert @assignee.notify_about?(@issue)
1033 1038 end
1034 1039
1035 1040 should "be false for a user with :only_assigned and is not the assignee" do
1036 1041 @author.update_attribute(:mail_notification, 'only_assigned')
1037 1042 assert ! @author.notify_about?(@issue)
1038 1043 end
1039 1044
1040 1045 should "be true for a user with :only_owner and is the author" do
1041 1046 @author.update_attribute(:mail_notification, 'only_owner')
1042 1047 assert @author.notify_about?(@issue)
1043 1048 end
1044 1049
1045 1050 should "be false for a user with :only_owner and is not the author" do
1046 1051 @assignee.update_attribute(:mail_notification, 'only_owner')
1047 1052 assert ! @assignee.notify_about?(@issue)
1048 1053 end
1049 1054
1050 1055 should "be true for a user with :selected and is the author" do
1051 1056 @author.update_attribute(:mail_notification, 'selected')
1052 1057 assert @author.notify_about?(@issue)
1053 1058 end
1054 1059
1055 1060 should "be true for a user with :selected and is the assignee" do
1056 1061 @assignee.update_attribute(:mail_notification, 'selected')
1057 1062 assert @assignee.notify_about?(@issue)
1058 1063 end
1059 1064
1060 1065 should "be false for a user with :selected and is not the author or assignee" do
1061 1066 @user = User.generate!(:mail_notification => 'selected')
1062 1067 Member.create!(:user => @user, :project => @project, :role_ids => [1])
1063 1068 assert ! @user.notify_about?(@issue)
1064 1069 end
1065 1070 end
1066 1071 end
1067 1072
1068 1073 def test_notify_about_news
1069 1074 user = User.generate!
1070 1075 news = News.new
1071 1076
1072 1077 User::MAIL_NOTIFICATION_OPTIONS.map(&:first).each do |option|
1073 1078 user.mail_notification = option
1074 1079 assert_equal (option != 'none'), user.notify_about?(news)
1075 1080 end
1076 1081 end
1077 1082
1078 1083 def test_salt_unsalted_passwords
1079 1084 # Restore a user with an unsalted password
1080 1085 user = User.find(1)
1081 1086 user.salt = nil
1082 1087 user.hashed_password = User.hash_password("unsalted")
1083 1088 user.save!
1084 1089
1085 1090 User.salt_unsalted_passwords!
1086 1091
1087 1092 user.reload
1088 1093 # Salt added
1089 1094 assert !user.salt.blank?
1090 1095 # Password still valid
1091 1096 assert user.check_password?("unsalted")
1092 1097 assert_equal user, User.try_to_login(user.login, "unsalted")
1093 1098 end
1094 1099
1095 1100 if Object.const_defined?(:OpenID)
1096 1101
1097 1102 def test_setting_identity_url
1098 1103 normalized_open_id_url = 'http://example.com/'
1099 1104 u = User.new( :identity_url => 'http://example.com/' )
1100 1105 assert_equal normalized_open_id_url, u.identity_url
1101 1106 end
1102 1107
1103 1108 def test_setting_identity_url_without_trailing_slash
1104 1109 normalized_open_id_url = 'http://example.com/'
1105 1110 u = User.new( :identity_url => 'http://example.com' )
1106 1111 assert_equal normalized_open_id_url, u.identity_url
1107 1112 end
1108 1113
1109 1114 def test_setting_identity_url_without_protocol
1110 1115 normalized_open_id_url = 'http://example.com/'
1111 1116 u = User.new( :identity_url => 'example.com' )
1112 1117 assert_equal normalized_open_id_url, u.identity_url
1113 1118 end
1114 1119
1115 1120 def test_setting_blank_identity_url
1116 1121 u = User.new( :identity_url => 'example.com' )
1117 1122 u.identity_url = ''
1118 1123 assert u.identity_url.blank?
1119 1124 end
1120 1125
1121 1126 def test_setting_invalid_identity_url
1122 1127 u = User.new( :identity_url => 'this is not an openid url' )
1123 1128 assert u.identity_url.blank?
1124 1129 end
1125 1130
1126 1131 else
1127 1132 puts "Skipping openid tests."
1128 1133 end
1129 1134
1130 1135 end
General Comments 0
You need to be logged in to leave comments. Login now