jro_apps/redmine Commit - r3631:908d44519c41

Allow AuthSources to control if they allow password changes....

Eric Davis -

r3631:908d44519c41

parent child

Context file:

r3631:908d44519c41

Collapse all files

app/controllers/my_controller.rb +1 -1

             # Redmine - project management software
             # Copyright (C) 2006-2009  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class MyController < ApplicationController
               before_filter :require_login
               helper :issues
               helper :custom_fields
               BLOCKS = { 'issuesassignedtome' => :label_assigned_to_me_issues,
                          'issuesreportedbyme' => :label_reported_issues,
                          'issueswatched' => :label_watched_issues,
                          'news' => :label_news_latest,
                          'calendar' => :label_calendar,
                          'documents' => :label_document_plural,
                          'timelog' => :label_spent_time
                        }.merge(Redmine::Views::MyPage::Block.additional_blocks).freeze
               DEFAULT_LAYOUT = {  'left' => ['issuesassignedtome'],
                                   'right' => ['issuesreportedbyme']
                                }.freeze
               verify :xhr => true,
                      :only => [:add_block, :remove_block, :order_blocks]
               def index
                 page
                 render :action => 'page'
               end
               # Show user's page
               def page
                 @user = User.current
                 @blocks = @user.pref[:my_page_layout] || DEFAULT_LAYOUT
               end
               # Edit user's account
               def account
                 @user = User.current
                 @pref = @user.pref
                 if request.post?
                   @user.attributes = params[:user]
                   @user.mail_notification = (params[:notification_option] == 'all')
                   @user.pref.attributes = params[:pref]
                   @user.pref[:no_self_notified] = (params[:no_self_notified] == '1')
                   if @user.save
                     @user.pref.save
                     @user.notified_project_ids = (params[:notification_option] == 'selected' ? params[:notified_project_ids] : [])
                     set_language_if_valid @user.language
                     flash[:notice] = l(:notice_account_updated)
                     redirect_to :action => 'account'
                     return
                   end
                 end
                 @notification_options = [[l(:label_user_mail_option_all), 'all'],
                                          [l(:label_user_mail_option_none), 'none']]
                 # Only users that belong to more than 1 project can select projects for which they are notified
                 # Note that @user.membership.size would fail since AR ignores :include association option when doing a count
                 @notification_options.insert 1, [l(:label_user_mail_option_selected), 'selected'] if @user.memberships.length > 1
                 @notification_option = @user.mail_notification? ? 'all' : (@user.notified_projects_ids.empty? ? 'none' : 'selected')
               end
               # Manage user's password
               def password
                 @user = User.current
-                if @user.auth_source_id
+                unless @user.change_password_allowed?
                   flash[:error] = l(:notice_can_t_change_password)
                   redirect_to :action => 'account'
                   return
                 end
                 if request.post?
                   if @user.check_password?(params[:password])
                     @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
                     if @user.save
                       flash[:notice] = l(:notice_account_password_updated)
                       redirect_to :action => 'account'
                     end
                   else
                     flash[:error] = l(:notice_account_wrong_password)
                   end
                 end
               end
               # Create a new feeds key
               def reset_rss_key
                 if request.post?
                   if User.current.rss_token
                     User.current.rss_token.destroy
                     User.current.reload
                   end
                   User.current.rss_key
                   flash[:notice] = l(:notice_feeds_access_key_reseted)
                 end
                 redirect_to :action => 'account'
               end
               # Create a new API key
               def reset_api_key
                 if request.post?
                   if User.current.api_token
                     User.current.api_token.destroy
                     User.current.reload
                   end
                   User.current.api_key
                   flash[:notice] = l(:notice_api_access_key_reseted)
                 end
                 redirect_to :action => 'account'
               end
               # User's page layout configuration
               def page_layout
                 @user = User.current
                 @blocks = @user.pref[:my_page_layout] || DEFAULT_LAYOUT.dup
                 @block_options = []
                 BLOCKS.each {|k, v| @block_options << [l("my.blocks.#{v}", :default => [v, v.to_s.humanize]), k.dasherize]}
               end
               # Add a block to user's page
               # The block is added on top of the page
               # params[:block] : id of the block to add
               def add_block
                 block = params[:block].to_s.underscore
                 (render :nothing => true; return) unless block && (BLOCKS.keys.include? block)
                 @user = User.current
                 layout = @user.pref[:my_page_layout] || {}
                 # remove if already present in a group
                 %w(top left right).each {|f| (layout[f] ||= []).delete block }
                 # add it on top
                 layout['top'].unshift block
                 @user.pref[:my_page_layout] = layout
                 @user.pref.save
                 render :partial => "block", :locals => {:user => @user, :block_name => block}
               end
               # Remove a block to user's page
               # params[:block] : id of the block to remove
               def remove_block
                 block = params[:block].to_s.underscore
                 @user = User.current
                 # remove block in all groups
                 layout = @user.pref[:my_page_layout] || {}
                 %w(top left right).each {|f| (layout[f] ||= []).delete block }
                 @user.pref[:my_page_layout] = layout
                 @user.pref.save
                 render :nothing => true
               end
               # Change blocks order on user's page
               # params[:group] : group to order (top, left or right)
               # params[:list-(top|left|right)] : array of block ids of the group
               def order_blocks
                 group = params[:group]
                 @user = User.current
                 if group.is_a?(String)
                   group_items = (params["list-#{group}"] || []).collect(&:underscore)
                   if group_items and group_items.is_a? Array
                     layout = @user.pref[:my_page_layout] || {}
                     # remove group blocks if they are presents in other groups
                     %w(top left right).each {|f|
                       layout[f] = (layout[f] || []) - group_items
                     }
                     layout[group] = group_items
                     @user.pref[:my_page_layout] = layout
                     @user.pref.save
                   end
                 end
                 render :nothing => true
               end
             end

app/models/auth_source.rb +9 0

             # redMine - project management software
             # Copyright (C) 2006  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class AuthSource < ActiveRecord::Base
               has_many :users
               validates_presence_of :name
               validates_uniqueness_of :name
               validates_length_of :name, :maximum => 60
               def authenticate(login, password)
               end
               def test_connection
               end
               def auth_method_name
                 "Abstract"
               end
+              def allow_password_changes?
+                self.class.allow_password_changes?
+              end
+              # Does this auth source backend allow password changes?
+              def self.allow_password_changes?
+                false
+              end
               # Try to authenticate a user not yet registered against available sources
               def self.authenticate(login, password)
                 AuthSource.find(:all, :conditions => ["onthefly_register=?", true]).each do |source|
                   begin
                     logger.debug "Authenticating '#{login}' against '#{source.name}'" if logger && logger.debug?
                     attrs = source.authenticate(login, password)
                   rescue => e
                     logger.error "Error during authentication: #{e.message}"
                     attrs = nil
                   end
                   return attrs if attrs
                 end
                 return nil
               end
             end

app/models/user.rb +13 -3

             # Redmine - project management software
             # Copyright (C) 2006-2009  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require "digest/sha1"
             class User < Principal
               # Account statuses
               STATUS_ANONYMOUS  = 0
               STATUS_ACTIVE     = 1
               STATUS_REGISTERED = 2
               STATUS_LOCKED     = 3
               USER_FORMATS = {
                 :firstname_lastname => '#{firstname} #{lastname}',
                 :firstname => '#{firstname}',
                 :lastname_firstname => '#{lastname} #{firstname}',
                 :lastname_coma_firstname => '#{lastname}, #{firstname}',
                 :username => '#{login}'
               }
               has_and_belongs_to_many :groups, :after_add => Proc.new {|user, group| group.user_added(user)},
                                                :after_remove => Proc.new {|user, group| group.user_removed(user)}
               has_many :issue_categories, :foreign_key => 'assigned_to_id', :dependent => :nullify
               has_many :changesets, :dependent => :nullify
               has_one :preference, :dependent => :destroy, :class_name => 'UserPreference'
               has_one :rss_token, :dependent => :destroy, :class_name => 'Token', :conditions => "action='feeds'"
               has_one :api_token, :dependent => :destroy, :class_name => 'Token', :conditions => "action='api'"
               belongs_to :auth_source
               # Active non-anonymous users scope
               named_scope :active, :conditions => "#{User.table_name}.status = #{STATUS_ACTIVE}"
               acts_as_customizable
               attr_accessor :password, :password_confirmation
               attr_accessor :last_before_login_on
               # Prevents unauthorized assignments
               attr_protected :login, :admin, :password, :password_confirmation, :hashed_password, :group_ids
               validates_presence_of :login, :firstname, :lastname, :mail, :if => Proc.new { |user| !user.is_a?(AnonymousUser) }
               validates_uniqueness_of :login, :if => Proc.new { |user| !user.login.blank? }
               validates_uniqueness_of :mail, :if => Proc.new { |user| !user.mail.blank? }, :case_sensitive => false
               # Login must contain lettres, numbers, underscores only
               validates_format_of :login, :with => /^[a-z0-9_\-@\.]*$/i
               validates_length_of :login, :maximum => 30
               validates_format_of :firstname, :lastname, :with => /^[\w\s\'\-\.]*$/i
               validates_length_of :firstname, :lastname, :maximum => 30
               validates_format_of :mail, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i, :allow_nil => true
               validates_length_of :mail, :maximum => 60, :allow_nil => true
               validates_confirmation_of :password, :allow_nil => true
               def before_create
                 self.mail_notification = false
                 true
               end
               def before_save
                 # update hashed_password if password was set
-                self.hashed_password = User.hash_password(self.password) if self.password
+                self.hashed_password = User.hash_password(self.password) if self.password && self.auth_source_id.blank?
               end
               def reload(*args)
                 @name = nil
                 super
               end
               def identity_url=(url)
                 if url.blank?
                   write_attribute(:identity_url, '')
                 else
                   begin
                     write_attribute(:identity_url, OpenIdAuthentication.normalize_identifier(url))
                   rescue OpenIdAuthentication::InvalidOpenId
                     # Invlaid url, don't save
                   end
                 end
                 self.read_attribute(:identity_url)
               end
               # Returns the user that matches provided login and password, or nil
               def self.try_to_login(login, password)
                 # Make sure no one can sign in with an empty password
                 return nil if password.to_s.empty?
                 user = find(:first, :conditions => ["login=?", login])
                 if user
                   # user is already in local database
                   return nil if !user.active?
                   if user.auth_source
                     # user has an external authentication method
                     return nil unless user.auth_source.authenticate(login, password)
                   else
                     # authentication with local password
                     return nil unless User.hash_password(password) == user.hashed_password
                   end
                 else
                   # user is not yet registered, try to authenticate with available sources
                   attrs = AuthSource.authenticate(login, password)
                   if attrs
                     user = new(attrs)
                     user.login = login
                     user.language = Setting.default_language
                     if user.save
                       user.reload
-                      logger.info("User '#{user.login}' created from external auth source: #{user.auth_source.type} - #{user.auth_source.name}") if logger
+                      logger.info("User '#{user.login}' created from external auth source: #{user.auth_source.type} - #{user.auth_source.name}") if logger && user.auth_source
                     end
                   end
                 end
                 user.update_attribute(:last_login_on, Time.now) if user && !user.new_record?
                 user
               rescue => text
                 raise text
               end
               # Returns the user who matches the given autologin +key+ or nil
               def self.try_to_autologin(key)
                 tokens = Token.find_all_by_action_and_value('autologin', key)
                 # Make sure there's only 1 token that matches the key
                 if tokens.size == 1
                   token = tokens.first
                   if (token.created_on > Setting.autologin.to_i.day.ago) && token.user && token.user.active?
                     token.user.update_attribute(:last_login_on, Time.now)
                     token.user
                   end
                 end
               end
               # Return user's full name for display
               def name(formatter = nil)
                 if formatter
                   eval('"' + (USER_FORMATS[formatter] || USER_FORMATS[:firstname_lastname]) + '"')
                 else
                   @name ||= eval('"' + (USER_FORMATS[Setting.user_format] || USER_FORMATS[:firstname_lastname]) + '"')
                 end
               end
               def active?
                 self.status == STATUS_ACTIVE
               end
               def registered?
                 self.status == STATUS_REGISTERED
               end
               def locked?
                 self.status == STATUS_LOCKED
               end
               def check_password?(clear_password)
-                User.hash_password(clear_password) == self.hashed_password
+                if auth_source_id.present?
+                  auth_source.authenticate(self.login, clear_password)
+                else
+                  User.hash_password(clear_password) == self.hashed_password
+                end
+              end
+              # Does the backend storage allow this user to change their password?
+              def change_password_allowed?
+                return true if auth_source_id.blank?
+                return auth_source.allow_password_changes?
               end
               # Generate and set a random password.  Useful for automated user creation
               # Based on Token#generate_token_value
               #
               def random_password
                 chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
                 password = ''
 .times { |i| password << chars[rand(chars.size-1)] }
                 self.password = password
                 self.password_confirmation = password
                 self
               end
               def pref
                 self.preference ||= UserPreference.new(:user => self)
               end
               def time_zone
                 @time_zone ||= (self.pref.time_zone.blank? ? nil : ActiveSupport::TimeZone[self.pref.time_zone])
               end
               def wants_comments_in_reverse_order?
                 self.pref[:comments_sorting] == 'desc'
               end
               # Return user's RSS key (a 40 chars long string), used to access feeds
               def rss_key
                 token = self.rss_token || Token.create(:user => self, :action => 'feeds')
                 token.value
               end
               # Return user's API key (a 40 chars long string), used to access the API
               def api_key
                 token = self.api_token || self.create_api_token(:action => 'api')
                 token.value
               end
               # Return an array of project ids for which the user has explicitly turned mail notifications on
               def notified_projects_ids
                 @notified_projects_ids ||= memberships.select {|m| m.mail_notification?}.collect(&:project_id)
               end
               def notified_project_ids=(ids)
                 Member.update_all("mail_notification = #{connection.quoted_false}", ['user_id = ?', id])
                 Member.update_all("mail_notification = #{connection.quoted_true}", ['user_id = ? AND project_id IN (?)', id, ids]) if ids && !ids.empty?
                 @notified_projects_ids = nil
                 notified_projects_ids
               end
               def self.find_by_rss_key(key)
                 token = Token.find_by_value(key)
                 token && token.user.active? ? token.user : nil
               end
               def self.find_by_api_key(key)
                 token = Token.find_by_action_and_value('api', key)
                 token && token.user.active? ? token.user : nil
               end
               # Makes find_by_mail case-insensitive
               def self.find_by_mail(mail)
                 find(:first, :conditions => ["LOWER(mail) = ?", mail.to_s.downcase])
               end
               def to_s
                 name
               end
               # Returns the current day according to user's time zone
               def today
                 if time_zone.nil?
                   Date.today
                 else
                   Time.now.in_time_zone(time_zone).to_date
                 end
               end
               def logged?
                 true
               end
               def anonymous?
                 !logged?
               end
               # Return user's roles for project
               def roles_for_project(project)
                 roles = []
                 # No role on archived projects
                 return roles unless project && project.active?
                 if logged?
                   # Find project membership
                   membership = memberships.detect {|m| m.project_id == project.id}
                   if membership
                     roles = membership.roles
                   else
                     @role_non_member ||= Role.non_member
                     roles << @role_non_member
                   end
                 else
                   @role_anonymous ||= Role.anonymous
                   roles << @role_anonymous
                 end
                 roles
               end
               # Return true if the user is a member of project
               def member_of?(project)
                 !roles_for_project(project).detect {|role| role.member?}.nil?
               end
               # Return true if the user is allowed to do the specified action on project
               # action can be:
               # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
               # * a permission Symbol (eg. :edit_project)
               def allowed_to?(action, project, options={})
                 if project
                   # No action allowed on archived projects
                   return false unless project.active?
                   # No action allowed on disabled modules
                   return false unless project.allows_to?(action)
                   # Admin users are authorized for anything else
                   return true if admin?
                   roles = roles_for_project(project)
                   return false unless roles
                   roles.detect {|role| (project.is_public? || role.member?) && role.allowed_to?(action)}
                 elsif options[:global]
                   # Admin users are always authorized
                   return true if admin?
                   # authorize if user has at least one role that has this permission
                   roles = memberships.collect {|m| m.roles}.flatten.uniq
                   roles.detect {|r| r.allowed_to?(action)} || (self.logged? ? Role.non_member.allowed_to?(action) : Role.anonymous.allowed_to?(action))
                 else
                   false
                 end
               end
               def self.current=(user)
                 @current_user = user
               end
               def self.current
                 @current_user ||= User.anonymous
               end
               # Returns the anonymous user.  If the anonymous user does not exist, it is created.  There can be only
               # one anonymous user per database.
               def self.anonymous
                 anonymous_user = AnonymousUser.find(:first)
                 if anonymous_user.nil?
                   anonymous_user = AnonymousUser.create(:lastname => 'Anonymous', :firstname => '', :mail => '', :login => '', :status => 0)
                   raise 'Unable to create the anonymous user.' if anonymous_user.new_record?
                 end
                 anonymous_user
               end
               protected
               def validate
                 # Password length validation based on setting
                 if !password.nil? && password.size < Setting.password_min_length.to_i
                   errors.add(:password, :too_short, :count => Setting.password_min_length.to_i)
                 end
               end
               private
               # Return password digest
               def self.hash_password(clear_password)
                 Digest::SHA1.hexdigest(clear_password || "")
               end
             end
             class AnonymousUser < User
               def validate_on_create
                 # There should be only one AnonymousUser in the database
                 errors.add_to_base 'An anonymous user already exists.' if AnonymousUser.find(:first)
               end
               def available_custom_fields
                 []
               end
               # Overrides a few properties
               def logged?; false end
               def admin; false end
               def name(*args); I18n.t(:label_user_anonymous) end
               def mail; nil end
               def time_zone; nil end
               def rss_key; nil end
             end

app/views/my/account.rhtml +1 -1

             <div class="contextual">
-            <%= link_to(l(:button_change_password), :action => 'password') unless @user.auth_source_id %>
+            <%= link_to(l(:button_change_password), :action => 'password') if @user.change_password_allowed? %>
             <%= call_hook(:view_my_account_contextual, :user => @user)%>
             </div>
             <h2><%=l(:label_my_account)%></h2>
             <%= error_messages_for 'user' %>
             <% form_for :user, @user, :url => { :action => "account" },
                                       :builder => TabularFormBuilder,
                                       :lang => current_language,
                                       :html => { :id => 'my_account_form' } do |f| %>
             <div class="splitcontentleft">
             <h3><%=l(:label_information_plural)%></h3>
             <div class="box tabular">
             <p><%= f.text_field :firstname, :required => true %></p>
             <p><%= f.text_field :lastname, :required => true %></p>
             <p><%= f.text_field :mail, :required => true %></p>
             <p><%= f.select :language, lang_options_for_select %></p>
             <% if Setting.openid? %>
             <p><%= f.text_field :identity_url  %></p>
             <% end %>
             <% @user.custom_field_values.select(&:editable?).each do |value| %>
             	<p><%= custom_field_tag_with_label :user, value %></p>
             <% end %>
             <%= call_hook(:view_my_account, :user => @user, :form => f) %>
             </div>
             <%= submit_tag l(:button_save) %>
             </div>
             <div class="splitcontentright">
             <h3><%=l(:field_mail_notification)%></h3>
             <div class="box">
             <%= select_tag 'notification_option', options_for_select(@notification_options, @notification_option),
                                                   :onchange => 'if ($("notification_option").value == "selected") {Element.show("notified-projects")} else {Element.hide("notified-projects")}' %>
             <% content_tag 'div', :id => 'notified-projects', :style => (@notification_option == 'selected' ? '' : 'display:none;') do %>
             <p><% User.current.projects.each do |project| %>
                 <label><%= check_box_tag 'notified_project_ids[]', project.id, @user.notified_projects_ids.include?(project.id) %> <%=h project.name %></label><br />
             <% end %></p>
             <p><em><%= l(:text_user_mail_option) %></em></p>
             <% end %>
             <p><label><%= check_box_tag 'no_self_notified', 1, @user.pref[:no_self_notified] %> <%= l(:label_user_mail_no_self_notified) %></label></p>
             </div>
             <h3><%=l(:label_preferences)%></h3>
             <div class="box tabular">
             <% fields_for :pref, @user.pref, :builder => TabularFormBuilder, :lang => current_language do |pref_fields| %>
             <p><%= pref_fields.check_box :hide_mail %></p>
             <p><%= pref_fields.select :time_zone, ActiveSupport::TimeZone.all.collect {|z| [ z.to_s, z.name ]}, :include_blank => true %></p>
             <p><%= pref_fields.select :comments_sorting, [[l(:label_chronological_order), 'asc'], [l(:label_reverse_chronological_order), 'desc']] %></p>
             <% end %>
             </div>
             </div>
             <% end %>
             <% content_for :sidebar do %>
             <%= render :partial => 'sidebar' %>
             <% end %>
             <% html_title(l(:label_my_account)) -%>

test/unit/user_test.rb +26 0

             # redMine - project management software
             # Copyright (C) 2006  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require File.dirname(__FILE__) + '/../test_helper'
             class UserTest < ActiveSupport::TestCase
               fixtures :users, :members, :projects, :roles, :member_roles, :auth_sources
               def setup
                 @admin = User.find(1)
                 @jsmith = User.find(2)
                 @dlopper = User.find(3)
               end
               test 'object_daddy creation' do
                 User.generate_with_protected!(:firstname => 'Testing connection')
                 User.generate_with_protected!(:firstname => 'Testing connection')
                 assert_equal 2, User.count(:all, :conditions => {:firstname => 'Testing connection'})
               end
               def test_truth
                 assert_kind_of User, @jsmith
               end
               def test_create
                 user = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
                 user.login = "jsmith"
                 user.password, user.password_confirmation = "password", "password"
                 # login uniqueness
                 assert !user.save
                 assert_equal 1, user.errors.count
                 user.login = "newuser"
                 user.password, user.password_confirmation = "passwd", "password"
                 # password confirmation
                 assert !user.save
                 assert_equal 1, user.errors.count
                 user.password, user.password_confirmation = "password", "password"
                 assert user.save
               end
               def test_mail_uniqueness_should_not_be_case_sensitive
                 u = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
                 u.login = 'newuser1'
                 u.password, u.password_confirmation = "password", "password"
                 assert u.save
                 u = User.new(:firstname => "new", :lastname => "user", :mail => "newUser@Somenet.foo")
                 u.login = 'newuser2'
                 u.password, u.password_confirmation = "password", "password"
                 assert !u.save
                 assert_equal I18n.translate('activerecord.errors.messages.taken'), u.errors.on(:mail)
               end
               def test_update
                 assert_equal "admin", @admin.login
                 @admin.login = "john"
                 assert @admin.save, @admin.errors.full_messages.join("; ")
                 @admin.reload
                 assert_equal "john", @admin.login
               end
               def test_destroy
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert Member.find_all_by_user_id(2).empty?
               end
               def test_validate
                 @admin.login = ""
                 assert !@admin.save
                 assert_equal 1, @admin.errors.count
               end
               def test_password
                 user = User.try_to_login("admin", "admin")
                 assert_kind_of User, user
                 assert_equal "admin", user.login
                 user.password = "hello"
                 assert user.save
                 user = User.try_to_login("admin", "hello")
                 assert_kind_of User, user
                 assert_equal "admin", user.login
                 assert_equal User.hash_password("hello"), user.hashed_password
               end
               def test_name_format
                 assert_equal 'Smith, John', @jsmith.name(:lastname_coma_firstname)
                 Setting.user_format = :firstname_lastname
                 assert_equal 'John Smith', @jsmith.reload.name
                 Setting.user_format = :username
                 assert_equal 'jsmith', @jsmith.reload.name
               end
               def test_lock
                 user = User.try_to_login("jsmith", "jsmith")
                 assert_equal @jsmith, user
                 @jsmith.status = User::STATUS_LOCKED
                 assert @jsmith.save
                 user = User.try_to_login("jsmith", "jsmith")
                 assert_equal nil, user
               end
               if ldap_configured?
                 context "#try_to_login using LDAP" do
                   context "on the fly registration" do
                     setup do
                       @auth_source = AuthSourceLdap.find(1)
                     end
                     context "with a successful authentication" do
                       should "create a new user account if it doesn't exist" do
                         assert_difference('User.count') do
                           user = User.try_to_login('edavis', '123456')
                           assert !user.admin?
                         end
                       end
                       should "retrieve existing user" do
                         user = User.try_to_login('edavis', '123456')
                         user.admin = true
                         user.save!
                         assert_no_difference('User.count') do
                           user = User.try_to_login('edavis', '123456')
                           assert user.admin?
                         end
                       end
                     end
                   end
                 end
               else
                 puts "Skipping LDAP tests."
               end
               def test_create_anonymous
                 AnonymousUser.delete_all
                 anon = User.anonymous
                 assert !anon.new_record?
                 assert_kind_of AnonymousUser, anon
               end
               should_have_one :rss_token
               def test_rss_key
                 assert_nil @jsmith.rss_token
                 key = @jsmith.rss_key
                 assert_equal 40, key.length
                 @jsmith.reload
                 assert_equal key, @jsmith.rss_key
               end
               should_have_one :api_token
               context "User#api_key" do
                 should "generate a new one if the user doesn't have one" do
                   user = User.generate_with_protected!(:api_token => nil)
                   assert_nil user.api_token
                   key = user.api_key
                   assert_equal 40, key.length
                   user.reload
                   assert_equal key, user.api_key
                 end
                 should "return the existing api token value" do
                   user = User.generate_with_protected!
                   token = Token.generate!(:action => 'api')
                   user.api_token = token
                   assert user.save
                   assert_equal token.value, user.api_key
                 end
               end
               context "User#find_by_api_key" do
                 should "return nil if no matching key is found" do
                   assert_nil User.find_by_api_key('zzzzzzzzz')
                 end
                 should "return nil if the key is found for an inactive user" do
                   user = User.generate_with_protected!(:status => User::STATUS_LOCKED)
                   token = Token.generate!(:action => 'api')
                   user.api_token = token
                   user.save
                   assert_nil User.find_by_api_key(token.value)
                 end
                 should "return the user if the key is found for an active user" do
                   user = User.generate_with_protected!(:status => User::STATUS_ACTIVE)
                   token = Token.generate!(:action => 'api')
                   user.api_token = token
                   user.save
                   assert_equal user, User.find_by_api_key(token.value)
                 end
               end
               def test_roles_for_project
                 # user with a role
                 roles = @jsmith.roles_for_project(Project.find(1))
                 assert_kind_of Role, roles.first
                 assert_equal "Manager", roles.first.name
                 # user with no role
                 assert_nil @dlopper.roles_for_project(Project.find(2)).detect {|role| role.member?}
               end
               def test_mail_notification_all
                 @jsmith.mail_notification = true
                 @jsmith.notified_project_ids = []
                 @jsmith.save
                 @jsmith.reload
                 assert @jsmith.projects.first.recipients.include?(@jsmith.mail)
               end
               def test_mail_notification_selected
                 @jsmith.mail_notification = false
                 @jsmith.notified_project_ids = [1]
                 @jsmith.save
                 @jsmith.reload
                 assert Project.find(1).recipients.include?(@jsmith.mail)
               end
               def test_mail_notification_none
                 @jsmith.mail_notification = false
                 @jsmith.notified_project_ids = []
                 @jsmith.save
                 @jsmith.reload
                 assert !@jsmith.projects.first.recipients.include?(@jsmith.mail)
               end
               def test_comments_sorting_preference
                 assert !@jsmith.wants_comments_in_reverse_order?
                 @jsmith.pref.comments_sorting = 'asc'
                 assert !@jsmith.wants_comments_in_reverse_order?
                 @jsmith.pref.comments_sorting = 'desc'
                 assert @jsmith.wants_comments_in_reverse_order?
               end
               def test_find_by_mail_should_be_case_insensitive
                 u = User.find_by_mail('JSmith@somenet.foo')
                 assert_not_nil u
                 assert_equal 'jsmith@somenet.foo', u.mail
               end
               def test_random_password
                 u = User.new
                 u.random_password
                 assert !u.password.blank?
                 assert !u.password_confirmation.blank?
               end
+              context "#change_password_allowed?" do
+                should "be allowed if no auth source is set" do
+                  user = User.generate_with_protected!
+                  assert user.change_password_allowed?
+                end
+                should "delegate to the auth source" do
+                  user = User.generate_with_protected!
+                  allowed_auth_source = AuthSource.generate!
+                  def allowed_auth_source.allow_password_changes?; true; end
+                  denied_auth_source = AuthSource.generate!
+                  def denied_auth_source.allow_password_changes?; false; end
+                  assert user.change_password_allowed?
+                  user.auth_source = allowed_auth_source
+                  assert user.change_password_allowed?, "User not allowed to change password, though auth source does"
+                  user.auth_source = denied_auth_source
+                  assert !user.change_password_allowed?, "User allowed to change password, though auth source does not"
+                end
+              end
               if Object.const_defined?(:OpenID)
               def test_setting_identity_url
                 normalized_open_id_url = 'http://example.com/'
                 u = User.new( :identity_url => 'http://example.com/' )
                 assert_equal normalized_open_id_url, u.identity_url
               end
               def test_setting_identity_url_without_trailing_slash
                 normalized_open_id_url = 'http://example.com/'
                 u = User.new( :identity_url => 'http://example.com' )
                 assert_equal normalized_open_id_url, u.identity_url
               end
               def test_setting_identity_url_without_protocol
                 normalized_open_id_url = 'http://example.com/'
                 u = User.new( :identity_url => 'example.com' )
                 assert_equal normalized_open_id_url, u.identity_url
               end
               def test_setting_blank_identity_url
                 u = User.new( :identity_url => 'example.com' )
                 u.identity_url = ''
                 assert u.identity_url.blank?
               end
               def test_setting_invalid_identity_url
                 u = User.new( :identity_url => 'this is not an openid url' )
                 assert u.identity_url.blank?
               end
               else
                 puts "Skipping openid tests."
               end
             end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages