##// END OF EJS Templates
jro_apps » redmine
RSS
Added tests for the other OpenID authentication cases. #699...
Eric Davis -
r2384:876fb69271ed
parent child
Show More
Side by Side Unified
Context file:
r2384:876fb69271ed Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,235 +1,235
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2008 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class AccountController < ApplicationController
19 19 helper :custom_fields
20 20 include CustomFieldsHelper
21 21
22 22 # prevents login action to be filtered by check_if_login_required application scope filter
23 23 skip_before_filter :check_if_login_required, :only => [:login, :lost_password, :register, :activate]
24 24
25 25 # Show user's account
26 26 def show
27 27 @user = User.active.find(params[:id])
28 28 @custom_values = @user.custom_values
29 29
30 30 # show only public projects and private projects that the logged in user is also a member of
31 31 @memberships = @user.memberships.select do |membership|
32 32 membership.project.is_public? || (User.current.member_of?(membership.project))
33 33 end
34 34
35 35 events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
36 36 @events_by_day = events.group_by(&:event_date)
37 37
38 38 rescue ActiveRecord::RecordNotFound
39 39 render_404
40 40 end
41 41
42 42 # Login request and validation
43 43 def login
44 44 if request.get?
45 45 # Logout user
46 46 self.logged_user = nil
47 47 else
48 48 # Authenticate user
49 49 unless using_open_id?
50 50 password_authentication
51 51 else
52 52 open_id_authenticate(params[:openid_url])
53 53 end
54 54 end
55 55 end
56 56
57 57 # Log out current user and redirect to welcome page
58 58 def logout
59 59 cookies.delete :autologin
60 60 Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin']) if User.current.logged?
61 61 self.logged_user = nil
62 62 redirect_to home_url
63 63 end
64 64
65 65 # Enable user to choose a new password
66 66 def lost_password
67 67 redirect_to(home_url) && return unless Setting.lost_password?
68 68 if params[:token]
69 69 @token = Token.find_by_action_and_value("recovery", params[:token])
70 70 redirect_to(home_url) && return unless @token and !@token.expired?
71 71 @user = @token.user
72 72 if request.post?
73 73 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
74 74 if @user.save
75 75 @token.destroy
76 76 flash[:notice] = l(:notice_account_password_updated)
77 77 redirect_to :action => 'login'
78 78 return
79 79 end
80 80 end
81 81 render :template => "account/password_recovery"
82 82 return
83 83 else
84 84 if request.post?
85 85 user = User.find_by_mail(params[:mail])
86 86 # user not found in db
87 87 flash.now[:error] = l(:notice_account_unknown_email) and return unless user
88 88 # user uses an external authentification
89 89 flash.now[:error] = l(:notice_can_t_change_password) and return if user.auth_source_id
90 90 # create a new token for password recovery
91 91 token = Token.new(:user => user, :action => "recovery")
92 92 if token.save
93 93 Mailer.deliver_lost_password(token)
94 94 flash[:notice] = l(:notice_account_lost_email_sent)
95 95 redirect_to :action => 'login'
96 96 return
97 97 end
98 98 end
99 99 end
100 100 end
101 101
102 102 # User self-registration
103 103 def register
104 104 redirect_to(home_url) && return unless Setting.self_registration? || session[:auth_source_registration]
105 105 if request.get?
106 106 session[:auth_source_registration] = nil
107 107 @user = User.new(:language => Setting.default_language)
108 108 else
109 109 @user = User.new(params[:user])
110 110 @user.admin = false
111 111 @user.status = User::STATUS_REGISTERED
112 112 if session[:auth_source_registration]
113 113 @user.status = User::STATUS_ACTIVE
114 114 @user.login = session[:auth_source_registration][:login]
115 115 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
116 116 if @user.save
117 117 session[:auth_source_registration] = nil
118 118 self.logged_user = @user
119 119 flash[:notice] = l(:notice_account_activated)
120 120 redirect_to :controller => 'my', :action => 'account'
121 121 end
122 122 else
123 123 @user.login = params[:user][:login]
124 124 @user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
125 125 case Setting.self_registration
126 126 when '1'
127 127 # Email activation
128 128 token = Token.new(:user => @user, :action => "register")
129 129 if @user.save and token.save
130 130 Mailer.deliver_register(token)
131 131 flash[:notice] = l(:notice_account_register_done)
132 132 redirect_to :action => 'login'
133 133 end
134 134 when '3'
135 135 # Automatic activation
136 136 @user.status = User::STATUS_ACTIVE
137 137 if @user.save
138 138 self.logged_user = @user
139 139 flash[:notice] = l(:notice_account_activated)
140 140 redirect_to :controller => 'my', :action => 'account'
141 141 end
142 142 else
143 143 # Manual activation by the administrator
144 144 if @user.save
145 145 # Sends an email to the administrators
146 146 Mailer.deliver_account_activation_request(@user)
147 147 flash[:notice] = l(:notice_account_pending)
148 148 redirect_to :action => 'login'
149 149 end
150 150 end
151 151 end
152 152 end
153 153 end
154 154
155 155 # Token based account activation
156 156 def activate
157 157 redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
158 158 token = Token.find_by_action_and_value('register', params[:token])
159 159 redirect_to(home_url) && return unless token and !token.expired?
160 160 user = token.user
161 161 redirect_to(home_url) && return unless user.status == User::STATUS_REGISTERED
162 162 user.status = User::STATUS_ACTIVE
163 163 if user.save
164 164 token.destroy
165 165 flash[:notice] = l(:notice_account_activated)
166 166 end
167 167 redirect_to :action => 'login'
168 168 end
169 169
170 170 private
171 171 def logged_user=(user)
172 172 if user && user.is_a?(User)
173 173 User.current = user
174 174 session[:user_id] = user.id
175 175 else
176 176 User.current = User.anonymous
177 177 session[:user_id] = nil
178 178 end
179 179 end
180 180
181 181 def password_authentication
182 182 user = User.try_to_login(params[:username], params[:password])
183 183 if user.nil?
184 184 # Invalid credentials
185 185 flash.now[:error] = l(:notice_account_invalid_creditentials)
186 186 elsif user.new_record?
187 187 # Onthefly creation failed, display the registration form to fill/fix attributes
188 188 @user = user
189 189 session[:auth_source_registration] = {:login => user.login, :auth_source_id => user.auth_source_id }
190 190 render :action => 'register'
191 191 else
192 192 # Valid user
193 193 successful_authentication(user)
194 194 end
195 195 end
196 196
197 197
198 198 def open_id_authenticate(openid_url)
199 199 authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url) do |result, identity_url, registration|
200 200 if result.successful?
201 201 user = User.find_or_initialize_by_identity_url(identity_url)
202 202 if user.new_record?
203 203 # Create on the fly
204 user.login = registration['nickname']
205 user.mail = registration['email']
206 user.firstname, user.lastname = registration['fullname'].split(' ')
204 user.login = registration['nickname'] unless registration['nickname'].nil?
205 user.mail = registration['email'] unless registration['email'].nil?
206 user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
207 207 user.random_password
208 208 if user.save
209 209 successful_authentication(user)
210 210 else
211 211 # Onthefly creation failed, display the registration form to fill/fix attributes
212 212 @user = user
213 213 session[:auth_source_registration] = {:login => user.login, :identity_url => identity_url }
214 214 render :action => 'register'
215 215 end
216 216 else
217 217 # Existing record
218 218 successful_authentication(user)
219 219 end
220 220 end
221 221 end
222 222 end
223 223
224 224 def successful_authentication(user)
225 225 # Valid user
226 226 self.logged_user = user
227 227 # generate a key and set cookie if autologin
228 228 if params[:autologin] && Setting.autologin?
229 229 token = Token.create(:user => user, :action => 'autologin')
230 230 cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now }
231 231 end
232 232 redirect_back_or_default :controller => 'my', :action => 'page'
233 233 end
234 234
235 235 end
Show file before | Show file after | Hide comments
@@ -1,98 +1,110
1 1 # redMine - project management software
2 2 # Copyright (C) 2006-2007 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 require File.dirname(__FILE__) + '/../test_helper'
19 19 require 'account_controller'
20 20
21 21 # Re-raise errors caught by the controller.
22 22 class AccountController; def rescue_action(e) raise e end; end
23 23
24 24 class AccountControllerTest < Test::Unit::TestCase
25 25 fixtures :users, :roles
26 26
27 27 def setup
28 28 @controller = AccountController.new
29 29 @request = ActionController::TestRequest.new
30 30 @response = ActionController::TestResponse.new
31 31 User.current = nil
32 32 end
33 33
34 34 def test_show
35 35 get :show, :id => 2
36 36 assert_response :success
37 37 assert_template 'show'
38 38 assert_not_nil assigns(:user)
39 39 end
40 40
41 41 def test_show_inactive
42 42 get :show, :id => 5
43 43 assert_response 404
44 44 assert_nil assigns(:user)
45 45 end
46 46
47 47 def test_login_should_redirect_to_back_url_param
48 48 # request.uri is "test.host" in test environment
49 49 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http%3A%2F%2Ftest.host%2Fissues%2Fshow%2F1'
50 50 assert_redirected_to '/issues/show/1'
51 51 end
52 52
53 53 def test_login_should_not_redirect_to_another_host
54 54 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http%3A%2F%2Ftest.foo%2Ffake'
55 55 assert_redirected_to '/my/page'
56 56 end
57 57
58 58 def test_login_with_wrong_password
59 59 post :login, :username => 'admin', :password => 'bad'
60 60 assert_response :success
61 61 assert_template 'login'
62 62 assert_tag 'div',
63 63 :attributes => { :class => "flash error" },
64 64 :content => /Invalid user or password/
65 65 end
66 66
67 67 def test_login_with_openid
68 68 post :login, :openid_url => 'http://openid.example.com/good_user'
69 69 assert_redirected_to 'my/page'
70 70 end
71 71
72 72 def test_login_with_openid_with_new_user_created
73
73 post :login, :openid_url => 'http://openid.example.com/good_user'
74 assert_redirected_to 'my/page'
75 user = User.find_by_login('cool_user')
76 assert user
77 assert_equal 'Cool', user.firstname
78 assert_equal 'User', user.lastname
74 79 end
75 80
81 def test_login_with_openid_with_new_user_with_conflict_should_register
82 existing_user = User.new(:firstname => 'Cool', :lastname => 'User', :mail => 'user@somedomain.com')
83 existing_user.login = 'cool_user'
84 assert existing_user.save!
76 85
77 def test_login_with_openid_with_new_user_with_conflict
78
86 post :login, :openid_url => 'http://openid.example.com/good_user'
87 assert_response :success
88 assert_template 'register'
89 assert assigns(:user)
90 assert_equal 'http://openid.example.com/good_user', assigns(:user)[:identity_url]
79 91 end
80 92
81 93 def test_autologin
82 94 Setting.autologin = "7"
83 95 Token.delete_all
84 96 post :login, :username => 'admin', :password => 'admin', :autologin => 1
85 97 assert_redirected_to 'my/page'
86 98 token = Token.find :first
87 99 assert_not_nil token
88 100 assert_equal User.find_by_login('admin'), token.user
89 101 assert_equal 'autologin', token.action
90 102 end
91 103
92 104 def test_logout
93 105 @request.session[:user_id] = 2
94 106 get :logout
95 107 assert_redirected_to ''
96 108 assert_nil @request.session[:user_id]
97 109 end
98 110 end
Show file before | Show file after | Hide comments
@@ -1,68 +1,68
1 1 # redMine - project management software
2 2 # Copyright (C) 2006 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 ENV["RAILS_ENV"] ||= "test"
19 19 require File.expand_path(File.dirname(__FILE__) + "/../config/environment")
20 20 require 'test_help'
21 21 require File.expand_path(File.dirname(__FILE__) + '/helper_testcase')
22 load File.join(RAILS_ROOT,'test', 'mocks', 'open_id_authentication_mock.rb')
22 require File.join(RAILS_ROOT,'test', 'mocks', 'open_id_authentication_mock.rb')
23 23
24 24 class Test::Unit::TestCase
25 25 # Transactional fixtures accelerate your tests by wrapping each test method
26 26 # in a transaction that's rolled back on completion. This ensures that the
27 27 # test database remains unchanged so your fixtures don't have to be reloaded
28 28 # between every test method. Fewer database queries means faster tests.
29 29 #
30 30 # Read Mike Clark's excellent walkthrough at
31 31 # http://clarkware.com/cgi/blosxom/2005/10/24#Rails10FastTesting
32 32 #
33 33 # Every Active Record database supports transactions except MyISAM tables
34 34 # in MySQL. Turn off transactional fixtures in this case; however, if you
35 35 # don't care one way or the other, switching from MyISAM to InnoDB tables
36 36 # is recommended.
37 37 self.use_transactional_fixtures = true
38 38
39 39 # Instantiated fixtures are slow, but give you @david where otherwise you
40 40 # would need people(:david). If you don't want to migrate your existing
41 41 # test cases which use the @david style and don't mind the speed hit (each
42 42 # instantiated fixtures translates to a database query per test method),
43 43 # then set this back to true.
44 44 self.use_instantiated_fixtures = false
45 45
46 46 # Add more helper methods to be used by all tests here...
47 47
48 48 def log_user(login, password)
49 49 get "/account/login"
50 50 assert_equal nil, session[:user_id]
51 51 assert_response :success
52 52 assert_template "account/login"
53 53 post "/account/login", :username => login, :password => password
54 54 assert_redirected_to "my/page"
55 55 assert_equal login, User.find(session[:user_id]).login
56 56 end
57 57
58 58 def test_uploaded_file(name, mime)
59 59 ActionController::TestUploadedFile.new(Test::Unit::TestCase.fixture_path + "/files/#{name}", mime)
60 60 end
61 61
62 62 # Use a temporary directory for attachment related tests
63 63 def set_tmp_attachments_directory
64 64 Dir.mkdir "#{RAILS_ROOT}/tmp/test" unless File.directory?("#{RAILS_ROOT}/tmp/test")
65 65 Dir.mkdir "#{RAILS_ROOT}/tmp/test/attachments" unless File.directory?("#{RAILS_ROOT}/tmp/test/attachments")
66 66 Attachment.storage_path = "#{RAILS_ROOT}/tmp/test/attachments"
67 67 end
68 68 end
General Comments 0
You need to be logged in to leave comments. Login now