##// END OF EJS Templates
jro_apps » redmine
RSS
Unescape back_url param before calling redirect_to....
Jean-Philippe Lang -
r1891:8a356baf3e32
parent child
Show More
Side by Side Unified
Context file:
r1891:8a356baf3e32 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,225 +1,226
1 1 # redMine - project management software
2 2 # Copyright (C) 2006-2007 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 require 'uri'
19 require 'cgi'
19 20
20 21 class ApplicationController < ActionController::Base
21 22 layout 'base'
22 23
23 24 before_filter :user_setup, :check_if_login_required, :set_localization
24 25 filter_parameter_logging :password
25 26
26 27 include Redmine::MenuManager::MenuController
27 28 helper Redmine::MenuManager::MenuHelper
28 29
29 30 REDMINE_SUPPORTED_SCM.each do |scm|
30 31 require_dependency "repository/#{scm.underscore}"
31 32 end
32 33
33 34 def current_role
34 35 @current_role ||= User.current.role_for_project(@project)
35 36 end
36 37
37 38 def user_setup
38 39 # Check the settings cache for each request
39 40 Setting.check_cache
40 41 # Find the current user
41 42 User.current = find_current_user
42 43 end
43 44
44 45 # Returns the current user or nil if no user is logged in
45 46 def find_current_user
46 47 if session[:user_id]
47 48 # existing session
48 49 (User.find_active(session[:user_id]) rescue nil)
49 50 elsif cookies[:autologin] && Setting.autologin?
50 51 # auto-login feature
51 52 User.find_by_autologin_key(cookies[:autologin])
52 53 elsif params[:key] && accept_key_auth_actions.include?(params[:action])
53 54 # RSS key authentication
54 55 User.find_by_rss_key(params[:key])
55 56 end
56 57 end
57 58
58 59 # check if login is globally required to access the application
59 60 def check_if_login_required
60 61 # no check needed if user is already logged in
61 62 return true if User.current.logged?
62 63 require_login if Setting.login_required?
63 64 end
64 65
65 66 def set_localization
66 67 User.current.language = nil unless User.current.logged?
67 68 lang = begin
68 69 if !User.current.language.blank? && GLoc.valid_language?(User.current.language)
69 70 User.current.language
70 71 elsif request.env['HTTP_ACCEPT_LANGUAGE']
71 72 accept_lang = parse_qvalues(request.env['HTTP_ACCEPT_LANGUAGE']).first.downcase
72 73 if !accept_lang.blank? && (GLoc.valid_language?(accept_lang) || GLoc.valid_language?(accept_lang = accept_lang.split('-').first))
73 74 User.current.language = accept_lang
74 75 end
75 76 end
76 77 rescue
77 78 nil
78 79 end || Setting.default_language
79 80 set_language_if_valid(lang)
80 81 end
81 82
82 83 def require_login
83 84 if !User.current.logged?
84 85 redirect_to :controller => "account", :action => "login", :back_url => (request.relative_url_root + request.request_uri)
85 86 return false
86 87 end
87 88 true
88 89 end
89 90
90 91 def require_admin
91 92 return unless require_login
92 93 if !User.current.admin?
93 94 render_403
94 95 return false
95 96 end
96 97 true
97 98 end
98 99
99 100 def deny_access
100 101 User.current.logged? ? render_403 : require_login
101 102 end
102 103
103 104 # Authorize the user for the requested action
104 105 def authorize(ctrl = params[:controller], action = params[:action])
105 106 allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project)
106 107 allowed ? true : deny_access
107 108 end
108 109
109 110 # make sure that the user is a member of the project (or admin) if project is private
110 111 # used as a before_filter for actions that do not require any particular permission on the project
111 112 def check_project_privacy
112 113 if @project && @project.active?
113 114 if @project.is_public? || User.current.member_of?(@project) || User.current.admin?
114 115 true
115 116 else
116 117 User.current.logged? ? render_403 : require_login
117 118 end
118 119 else
119 120 @project = nil
120 121 render_404
121 122 false
122 123 end
123 124 end
124 125
125 126 def redirect_back_or_default(default)
126 back_url = params[:back_url]
127 back_url = CGI.unescape(params[:back_url].to_s)
127 128 if !back_url.blank?
128 129 uri = URI.parse(back_url)
129 130 # do not redirect user to another host
130 131 if uri.relative? || (uri.host == request.host)
131 132 redirect_to(back_url) and return
132 133 end
133 134 end
134 135 redirect_to default
135 136 end
136 137
137 138 def render_403
138 139 @project = nil
139 140 render :template => "common/403", :layout => !request.xhr?, :status => 403
140 141 return false
141 142 end
142 143
143 144 def render_404
144 145 render :template => "common/404", :layout => !request.xhr?, :status => 404
145 146 return false
146 147 end
147 148
148 149 def render_error(msg)
149 150 flash.now[:error] = msg
150 151 render :nothing => true, :layout => !request.xhr?, :status => 500
151 152 end
152 153
153 154 def render_feed(items, options={})
154 155 @items = items || []
155 156 @items.sort! {|x,y| y.event_datetime <=> x.event_datetime }
156 157 @items = @items.slice(0, Setting.feeds_limit.to_i)
157 158 @title = options[:title] || Setting.app_title
158 159 render :template => "common/feed.atom.rxml", :layout => false, :content_type => 'application/atom+xml'
159 160 end
160 161
161 162 def self.accept_key_auth(*actions)
162 163 actions = actions.flatten.map(&:to_s)
163 164 write_inheritable_attribute('accept_key_auth_actions', actions)
164 165 end
165 166
166 167 def accept_key_auth_actions
167 168 self.class.read_inheritable_attribute('accept_key_auth_actions') || []
168 169 end
169 170
170 171 # TODO: move to model
171 172 def attach_files(obj, attachments)
172 173 attached = []
173 174 if attachments && attachments.is_a?(Hash)
174 175 attachments.each_value do |attachment|
175 176 file = attachment['file']
176 177 next unless file && file.size > 0
177 178 a = Attachment.create(:container => obj,
178 179 :file => file,
179 180 :description => attachment['description'].to_s.strip,
180 181 :author => User.current)
181 182 attached << a unless a.new_record?
182 183 end
183 184 end
184 185 attached
185 186 end
186 187
187 188 # Returns the number of objects that should be displayed
188 189 # on the paginated list
189 190 def per_page_option
190 191 per_page = nil
191 192 if params[:per_page] && Setting.per_page_options_array.include?(params[:per_page].to_s.to_i)
192 193 per_page = params[:per_page].to_s.to_i
193 194 session[:per_page] = per_page
194 195 elsif session[:per_page]
195 196 per_page = session[:per_page]
196 197 else
197 198 per_page = Setting.per_page_options_array.first || 25
198 199 end
199 200 per_page
200 201 end
201 202
202 203 # qvalues http header parser
203 204 # code taken from webrick
204 205 def parse_qvalues(value)
205 206 tmp = []
206 207 if value
207 208 parts = value.split(/,\s*/)
208 209 parts.each {|part|
209 210 if m = %r{^([^\s,]+?)(?:;\s*q=(\d+(?:\.\d+)?))?$}.match(part)
210 211 val = m[1]
211 212 q = (m[2] or 1).to_f
212 213 tmp.push([val, q])
213 214 end
214 215 }
215 216 tmp = tmp.sort_by{|val, q| -q}
216 217 tmp.collect!{|val, q| val}
217 218 end
218 219 return tmp
219 220 end
220 221
221 222 # Returns a string that can be used as filename value in Content-Disposition header
222 223 def filename_for_content_disposition(name)
223 224 request.env['HTTP_USER_AGENT'] =~ %r{MSIE} ? ERB::Util.url_encode(name) : name
224 225 end
225 226 end
Show file before | Show file after | Hide comments
@@ -1,285 +1,285
1 1 # redMine - project management software
2 2 # Copyright (C) 2006-2007 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class TimelogController < ApplicationController
19 19 menu_item :issues
20 20 before_filter :find_project, :authorize, :only => [:edit, :destroy]
21 21 before_filter :find_optional_project, :only => [:report, :details]
22 22
23 23 verify :method => :post, :only => :destroy, :redirect_to => { :action => :details }
24 24
25 25 helper :sort
26 26 include SortHelper
27 27 helper :issues
28 28 include TimelogHelper
29 29 helper :custom_fields
30 30 include CustomFieldsHelper
31 31
32 32 def report
33 33 @available_criterias = { 'project' => {:sql => "#{TimeEntry.table_name}.project_id",
34 34 :klass => Project,
35 35 :label => :label_project},
36 36 'version' => {:sql => "#{Issue.table_name}.fixed_version_id",
37 37 :klass => Version,
38 38 :label => :label_version},
39 39 'category' => {:sql => "#{Issue.table_name}.category_id",
40 40 :klass => IssueCategory,
41 41 :label => :field_category},
42 42 'member' => {:sql => "#{TimeEntry.table_name}.user_id",
43 43 :klass => User,
44 44 :label => :label_member},
45 45 'tracker' => {:sql => "#{Issue.table_name}.tracker_id",
46 46 :klass => Tracker,
47 47 :label => :label_tracker},
48 48 'activity' => {:sql => "#{TimeEntry.table_name}.activity_id",
49 49 :klass => Enumeration,
50 50 :label => :label_activity},
51 51 'issue' => {:sql => "#{TimeEntry.table_name}.issue_id",
52 52 :klass => Issue,
53 53 :label => :label_issue}
54 54 }
55 55
56 56 # Add list and boolean custom fields as available criterias
57 57 custom_fields = (@project.nil? ? IssueCustomField.for_all : @project.all_issue_custom_fields)
58 58 custom_fields.select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
59 59 @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'Issue' AND c.customized_id = #{Issue.table_name}.id)",
60 60 :format => cf.field_format,
61 61 :label => cf.name}
62 62 end if @project
63 63
64 64 # Add list and boolean time entry custom fields
65 65 TimeEntryCustomField.find(:all).select {|cf| %w(list bool).include? cf.field_format }.each do |cf|
66 66 @available_criterias["cf_#{cf.id}"] = {:sql => "(SELECT c.value FROM #{CustomValue.table_name} c WHERE c.custom_field_id = #{cf.id} AND c.customized_type = 'TimeEntry' AND c.customized_id = #{TimeEntry.table_name}.id)",
67 67 :format => cf.field_format,
68 68 :label => cf.name}
69 69 end
70 70
71 71 @criterias = params[:criterias] || []
72 72 @criterias = @criterias.select{|criteria| @available_criterias.has_key? criteria}
73 73 @criterias.uniq!
74 74 @criterias = @criterias[0,3]
75 75
76 76 @columns = (params[:columns] && %w(year month week day).include?(params[:columns])) ? params[:columns] : 'month'
77 77
78 78 retrieve_date_range
79 79
80 80 unless @criterias.empty?
81 81 sql_select = @criterias.collect{|criteria| @available_criterias[criteria][:sql] + " AS " + criteria}.join(', ')
82 82 sql_group_by = @criterias.collect{|criteria| @available_criterias[criteria][:sql]}.join(', ')
83 83
84 84 sql = "SELECT #{sql_select}, tyear, tmonth, tweek, spent_on, SUM(hours) AS hours"
85 85 sql << " FROM #{TimeEntry.table_name}"
86 86 sql << " LEFT JOIN #{Issue.table_name} ON #{TimeEntry.table_name}.issue_id = #{Issue.table_name}.id"
87 87 sql << " LEFT JOIN #{Project.table_name} ON #{TimeEntry.table_name}.project_id = #{Project.table_name}.id"
88 88 sql << " WHERE"
89 89 sql << " (%s) AND" % @project.project_condition(Setting.display_subprojects_issues?) if @project
90 90 sql << " (%s) AND" % Project.allowed_to_condition(User.current, :view_time_entries)
91 91 sql << " (spent_on BETWEEN '%s' AND '%s')" % [ActiveRecord::Base.connection.quoted_date(@from.to_time), ActiveRecord::Base.connection.quoted_date(@to.to_time)]
92 92 sql << " GROUP BY #{sql_group_by}, tyear, tmonth, tweek, spent_on"
93 93
94 94 @hours = ActiveRecord::Base.connection.select_all(sql)
95 95
96 96 @hours.each do |row|
97 97 case @columns
98 98 when 'year'
99 99 row['year'] = row['tyear']
100 100 when 'month'
101 101 row['month'] = "#{row['tyear']}-#{row['tmonth']}"
102 102 when 'week'
103 103 row['week'] = "#{row['tyear']}-#{row['tweek']}"
104 104 when 'day'
105 105 row['day'] = "#{row['spent_on']}"
106 106 end
107 107 end
108 108
109 109 @total_hours = @hours.inject(0) {|s,k| s = s + k['hours'].to_f}
110 110
111 111 @periods = []
112 112 # Date#at_beginning_of_ not supported in Rails 1.2.x
113 113 date_from = @from.to_time
114 114 # 100 columns max
115 115 while date_from <= @to.to_time && @periods.length < 100
116 116 case @columns
117 117 when 'year'
118 118 @periods << "#{date_from.year}"
119 119 date_from = (date_from + 1.year).at_beginning_of_year
120 120 when 'month'
121 121 @periods << "#{date_from.year}-#{date_from.month}"
122 122 date_from = (date_from + 1.month).at_beginning_of_month
123 123 when 'week'
124 124 @periods << "#{date_from.year}-#{date_from.to_date.cweek}"
125 125 date_from = (date_from + 7.day).at_beginning_of_week
126 126 when 'day'
127 127 @periods << "#{date_from.to_date}"
128 128 date_from = date_from + 1.day
129 129 end
130 130 end
131 131 end
132 132
133 133 respond_to do |format|
134 134 format.html { render :layout => !request.xhr? }
135 135 format.csv { send_data(report_to_csv(@criterias, @periods, @hours).read, :type => 'text/csv; header=present', :filename => 'timelog.csv') }
136 136 end
137 137 end
138 138
139 139 def details
140 140 sort_init 'spent_on', 'desc'
141 141 sort_update
142 142
143 143 cond = ARCondition.new
144 144 if @project.nil?
145 145 cond << Project.allowed_to_condition(User.current, :view_time_entries)
146 146 elsif @issue.nil?
147 147 cond << @project.project_condition(Setting.display_subprojects_issues?)
148 148 else
149 149 cond << ["#{TimeEntry.table_name}.issue_id = ?", @issue.id]
150 150 end
151 151
152 152 retrieve_date_range
153 153 cond << ['spent_on BETWEEN ? AND ?', @from, @to]
154 154
155 155 TimeEntry.visible_by(User.current) do
156 156 respond_to do |format|
157 157 format.html {
158 158 # Paginate results
159 159 @entry_count = TimeEntry.count(:include => :project, :conditions => cond.conditions)
160 160 @entry_pages = Paginator.new self, @entry_count, per_page_option, params['page']
161 161 @entries = TimeEntry.find(:all,
162 162 :include => [:project, :activity, :user, {:issue => :tracker}],
163 163 :conditions => cond.conditions,
164 164 :order => sort_clause,
165 165 :limit => @entry_pages.items_per_page,
166 166 :offset => @entry_pages.current.offset)
167 167 @total_hours = TimeEntry.sum(:hours, :include => :project, :conditions => cond.conditions).to_f
168 168
169 169 render :layout => !request.xhr?
170 170 }
171 171 format.atom {
172 172 entries = TimeEntry.find(:all,
173 173 :include => [:project, :activity, :user, {:issue => :tracker}],
174 174 :conditions => cond.conditions,
175 175 :order => "#{TimeEntry.table_name}.created_on DESC",
176 176 :limit => Setting.feeds_limit.to_i)
177 177 render_feed(entries, :title => l(:label_spent_time))
178 178 }
179 179 format.csv {
180 180 # Export all entries
181 181 @entries = TimeEntry.find(:all,
182 182 :include => [:project, :activity, :user, {:issue => [:tracker, :assigned_to, :priority]}],
183 183 :conditions => cond.conditions,
184 184 :order => sort_clause)
185 185 send_data(entries_to_csv(@entries).read, :type => 'text/csv; header=present', :filename => 'timelog.csv')
186 186 }
187 187 end
188 188 end
189 189 end
190 190
191 191 def edit
192 192 render_403 and return if @time_entry && !@time_entry.editable_by?(User.current)
193 193 @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => Date.today)
194 194 @time_entry.attributes = params[:time_entry]
195 195 if request.post? and @time_entry.save
196 196 flash[:notice] = l(:notice_successful_update)
197 redirect_to(params[:back_url].blank? ? {:action => 'details', :project_id => @time_entry.project} : params[:back_url])
197 redirect_back_or_default :action => 'details', :project_id => @time_entry.project
198 198 return
199 199 end
200 200 end
201 201
202 202 def destroy
203 203 render_404 and return unless @time_entry
204 204 render_403 and return unless @time_entry.editable_by?(User.current)
205 205 @time_entry.destroy
206 206 flash[:notice] = l(:notice_successful_delete)
207 207 redirect_to :back
208 208 rescue ::ActionController::RedirectBackError
209 209 redirect_to :action => 'details', :project_id => @time_entry.project
210 210 end
211 211
212 212 private
213 213 def find_project
214 214 if params[:id]
215 215 @time_entry = TimeEntry.find(params[:id])
216 216 @project = @time_entry.project
217 217 elsif params[:issue_id]
218 218 @issue = Issue.find(params[:issue_id])
219 219 @project = @issue.project
220 220 elsif params[:project_id]
221 221 @project = Project.find(params[:project_id])
222 222 else
223 223 render_404
224 224 return false
225 225 end
226 226 rescue ActiveRecord::RecordNotFound
227 227 render_404
228 228 end
229 229
230 230 def find_optional_project
231 231 if !params[:issue_id].blank?
232 232 @issue = Issue.find(params[:issue_id])
233 233 @project = @issue.project
234 234 elsif !params[:project_id].blank?
235 235 @project = Project.find(params[:project_id])
236 236 end
237 237 deny_access unless User.current.allowed_to?(:view_time_entries, @project, :global => true)
238 238 end
239 239
240 240 # Retrieves the date range based on predefined ranges or specific from/to param dates
241 241 def retrieve_date_range
242 242 @free_period = false
243 243 @from, @to = nil, nil
244 244
245 245 if params[:period_type] == '1' || (params[:period_type].nil? && !params[:period].nil?)
246 246 case params[:period].to_s
247 247 when 'today'
248 248 @from = @to = Date.today
249 249 when 'yesterday'
250 250 @from = @to = Date.today - 1
251 251 when 'current_week'
252 252 @from = Date.today - (Date.today.cwday - 1)%7
253 253 @to = @from + 6
254 254 when 'last_week'
255 255 @from = Date.today - 7 - (Date.today.cwday - 1)%7
256 256 @to = @from + 6
257 257 when '7_days'
258 258 @from = Date.today - 7
259 259 @to = Date.today
260 260 when 'current_month'
261 261 @from = Date.civil(Date.today.year, Date.today.month, 1)
262 262 @to = (@from >> 1) - 1
263 263 when 'last_month'
264 264 @from = Date.civil(Date.today.year, Date.today.month, 1) << 1
265 265 @to = (@from >> 1) - 1
266 266 when '30_days'
267 267 @from = Date.today - 30
268 268 @to = Date.today
269 269 when 'current_year'
270 270 @from = Date.civil(Date.today.year, 1, 1)
271 271 @to = Date.civil(Date.today.year, 12, 31)
272 272 end
273 273 elsif params[:period_type] == '2' || (params[:period_type].nil? && (!params[:from].nil? || !params[:to].nil?))
274 274 begin; @from = params[:from].to_s.to_date unless params[:from].blank?; rescue; end
275 275 begin; @to = params[:to].to_s.to_date unless params[:to].blank?; rescue; end
276 276 @free_period = true
277 277 else
278 278 # default
279 279 end
280 280
281 281 @from, @to = @to, @from if @from && @to && @from > @to
282 282 @from ||= (TimeEntry.minimum(:spent_on, :include => :project, :conditions => Project.allowed_to_condition(User.current, :view_time_entries)) || Date.today) - 1
283 283 @to ||= (TimeEntry.maximum(:spent_on, :include => :project, :conditions => Project.allowed_to_condition(User.current, :view_time_entries)) || Date.today)
284 284 end
285 285 end
Show file before | Show file after | Hide comments
@@ -1,84 +1,84
1 1 # redMine - project management software
2 2 # Copyright (C) 2006-2007 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 require File.dirname(__FILE__) + '/../test_helper'
19 19 require 'account_controller'
20 20
21 21 # Re-raise errors caught by the controller.
22 22 class AccountController; def rescue_action(e) raise e end; end
23 23
24 24 class AccountControllerTest < Test::Unit::TestCase
25 25 fixtures :users
26 26
27 27 def setup
28 28 @controller = AccountController.new
29 29 @request = ActionController::TestRequest.new
30 30 @response = ActionController::TestResponse.new
31 31 User.current = nil
32 32 end
33 33
34 34 def test_show
35 35 get :show, :id => 2
36 36 assert_response :success
37 37 assert_template 'show'
38 38 assert_not_nil assigns(:user)
39 39 end
40 40
41 41 def test_show_inactive
42 42 get :show, :id => 5
43 43 assert_response 404
44 44 assert_nil assigns(:user)
45 45 end
46 46
47 47 def test_login_should_redirect_to_back_url_param
48 48 # request.uri is "test.host" in test environment
49 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.host/issues/show/1'
49 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http%3A%2F%2Ftest.host%2Fissues%2Fshow%2F1'
50 50 assert_redirected_to '/issues/show/1'
51 51 end
52 52
53 53 def test_login_should_not_redirect_to_another_host
54 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.foo/fake'
54 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http%3A%2F%2Ftest.foo%2Ffake'
55 55 assert_redirected_to '/my/page'
56 56 end
57 57
58 58 def test_login_with_wrong_password
59 59 post :login, :username => 'admin', :password => 'bad'
60 60 assert_response :success
61 61 assert_template 'login'
62 62 assert_tag 'div',
63 63 :attributes => { :class => "flash error" },
64 64 :content => /Invalid user or password/
65 65 end
66 66
67 67 def test_autologin
68 68 Setting.autologin = "7"
69 69 Token.delete_all
70 70 post :login, :username => 'admin', :password => 'admin', :autologin => 1
71 71 assert_redirected_to 'my/page'
72 72 token = Token.find :first
73 73 assert_not_nil token
74 74 assert_equal User.find_by_login('admin'), token.user
75 75 assert_equal 'autologin', token.action
76 76 end
77 77
78 78 def test_logout
79 79 @request.session[:user_id] = 2
80 80 get :logout
81 81 assert_redirected_to ''
82 82 assert_nil @request.session[:user_id]
83 83 end
84 84 end
General Comments 0
You need to be logged in to leave comments. Login now