##// END OF EJS Templates
jro_apps » redmine
RSS
Fixed registration form broken by r8479....
Jean-Philippe Lang -
r8662:9f6496b0bccb
parent child
Show More
Side by Side Unified
Context file:
r8662:9f6496b0bccb Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,283 +1,283
1 # Redmine - project management software
1 # Redmine - project management software
2 # Copyright (C) 2006-2011 Jean-Philippe Lang
2 # Copyright (C) 2006-2011 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 class AccountController < ApplicationController
18 class AccountController < ApplicationController
19 helper :custom_fields
19 helper :custom_fields
20 include CustomFieldsHelper
20 include CustomFieldsHelper
21
21
22 # prevents login action to be filtered by check_if_login_required application scope filter
22 # prevents login action to be filtered by check_if_login_required application scope filter
23 skip_before_filter :check_if_login_required
23 skip_before_filter :check_if_login_required
24
24
25 # Login request and validation
25 # Login request and validation
26 def login
26 def login
27 if request.get?
27 if request.get?
28 logout_user
28 logout_user
29 else
29 else
30 authenticate_user
30 authenticate_user
31 end
31 end
32 end
32 end
33
33
34 # Log out current user and redirect to welcome page
34 # Log out current user and redirect to welcome page
35 def logout
35 def logout
36 logout_user
36 logout_user
37 redirect_to home_url
37 redirect_to home_url
38 end
38 end
39
39
40 # Enable user to choose a new password
40 # Enable user to choose a new password
41 def lost_password
41 def lost_password
42 redirect_to(home_url) && return unless Setting.lost_password?
42 redirect_to(home_url) && return unless Setting.lost_password?
43 if params[:token]
43 if params[:token]
44 @token = Token.find_by_action_and_value("recovery", params[:token])
44 @token = Token.find_by_action_and_value("recovery", params[:token])
45 redirect_to(home_url) && return unless @token and !@token.expired?
45 redirect_to(home_url) && return unless @token and !@token.expired?
46 @user = @token.user
46 @user = @token.user
47 if request.post?
47 if request.post?
48 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
48 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
49 if @user.save
49 if @user.save
50 @token.destroy
50 @token.destroy
51 flash[:notice] = l(:notice_account_password_updated)
51 flash[:notice] = l(:notice_account_password_updated)
52 redirect_to :action => 'login'
52 redirect_to :action => 'login'
53 return
53 return
54 end
54 end
55 end
55 end
56 render :template => "account/password_recovery"
56 render :template => "account/password_recovery"
57 return
57 return
58 else
58 else
59 if request.post?
59 if request.post?
60 user = User.find_by_mail(params[:mail])
60 user = User.find_by_mail(params[:mail])
61 # user not found in db
61 # user not found in db
62 (flash.now[:error] = l(:notice_account_unknown_email); return) unless user
62 (flash.now[:error] = l(:notice_account_unknown_email); return) unless user
63 # user uses an external authentification
63 # user uses an external authentification
64 (flash.now[:error] = l(:notice_can_t_change_password); return) if user.auth_source_id
64 (flash.now[:error] = l(:notice_can_t_change_password); return) if user.auth_source_id
65 # create a new token for password recovery
65 # create a new token for password recovery
66 token = Token.new(:user => user, :action => "recovery")
66 token = Token.new(:user => user, :action => "recovery")
67 if token.save
67 if token.save
68 Mailer.deliver_lost_password(token)
68 Mailer.deliver_lost_password(token)
69 flash[:notice] = l(:notice_account_lost_email_sent)
69 flash[:notice] = l(:notice_account_lost_email_sent)
70 redirect_to :action => 'login'
70 redirect_to :action => 'login'
71 return
71 return
72 end
72 end
73 end
73 end
74 end
74 end
75 end
75 end
76
76
77 # User self-registration
77 # User self-registration
78 def register
78 def register
79 redirect_to(home_url) && return unless Setting.self_registration? || session[:auth_source_registration]
79 redirect_to(home_url) && return unless Setting.self_registration? || session[:auth_source_registration]
80 if request.get?
80 if request.get?
81 session[:auth_source_registration] = nil
81 session[:auth_source_registration] = nil
82 @user = User.new(:language => Setting.default_language)
82 @user = User.new(:language => Setting.default_language)
83 else
83 else
84 @user = User.new(params[:user])
84 @user = User.new(params[:user])
85 @user.admin = false
85 @user.admin = false
86 @user.register
86 @user.register
87 if session[:auth_source_registration]
87 if session[:auth_source_registration]
88 @user.activate
88 @user.activate
89 @user.login = session[:auth_source_registration][:login]
89 @user.login = session[:auth_source_registration][:login]
90 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
90 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
91 if @user.save
91 if @user.save
92 session[:auth_source_registration] = nil
92 session[:auth_source_registration] = nil
93 self.logged_user = @user
93 self.logged_user = @user
94 flash[:notice] = l(:notice_account_activated)
94 flash[:notice] = l(:notice_account_activated)
95 redirect_to :controller => 'my', :action => 'account'
95 redirect_to :controller => 'my', :action => 'account'
96 end
96 end
97 else
97 else
98 @user.login = params[:user][:login]
98 @user.login = params[:user][:login]
99 @user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
99 @user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation]
100
100
101 case Setting.self_registration
101 case Setting.self_registration
102 when '1'
102 when '1'
103 register_by_email_activation(@user)
103 register_by_email_activation(@user)
104 when '3'
104 when '3'
105 register_automatically(@user)
105 register_automatically(@user)
106 else
106 else
107 register_manually_by_administrator(@user)
107 register_manually_by_administrator(@user)
108 end
108 end
109 end
109 end
110 end
110 end
111 end
111 end
112
112
113 # Token based account activation
113 # Token based account activation
114 def activate
114 def activate
115 redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
115 redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
116 token = Token.find_by_action_and_value('register', params[:token])
116 token = Token.find_by_action_and_value('register', params[:token])
117 redirect_to(home_url) && return unless token and !token.expired?
117 redirect_to(home_url) && return unless token and !token.expired?
118 user = token.user
118 user = token.user
119 redirect_to(home_url) && return unless user.registered?
119 redirect_to(home_url) && return unless user.registered?
120 user.activate
120 user.activate
121 if user.save
121 if user.save
122 token.destroy
122 token.destroy
123 flash[:notice] = l(:notice_account_activated)
123 flash[:notice] = l(:notice_account_activated)
124 end
124 end
125 redirect_to :action => 'login'
125 redirect_to :action => 'login'
126 end
126 end
127
127
128 private
128 private
129
129
130 def logout_user
130 def logout_user
131 if User.current.logged?
131 if User.current.logged?
132 cookies.delete :autologin
132 cookies.delete :autologin
133 Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin'])
133 Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin'])
134 self.logged_user = nil
134 self.logged_user = nil
135 end
135 end
136 end
136 end
137
137
138 def authenticate_user
138 def authenticate_user
139 if Setting.openid? && using_open_id?
139 if Setting.openid? && using_open_id?
140 open_id_authenticate(params[:openid_url])
140 open_id_authenticate(params[:openid_url])
141 else
141 else
142 password_authentication
142 password_authentication
143 end
143 end
144 end
144 end
145
145
146 def password_authentication
146 def password_authentication
147 user = User.try_to_login(params[:username], params[:password])
147 user = User.try_to_login(params[:username], params[:password])
148
148
149 if user.nil?
149 if user.nil?
150 invalid_credentials
150 invalid_credentials
151 elsif user.new_record?
151 elsif user.new_record?
152 onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
152 onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
153 else
153 else
154 # Valid user
154 # Valid user
155 successful_authentication(user)
155 successful_authentication(user)
156 end
156 end
157 end
157 end
158
158
159 def open_id_authenticate(openid_url)
159 def open_id_authenticate(openid_url)
160 authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url) do |result, identity_url, registration|
160 authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url) do |result, identity_url, registration|
161 if result.successful?
161 if result.successful?
162 user = User.find_or_initialize_by_identity_url(identity_url)
162 user = User.find_or_initialize_by_identity_url(identity_url)
163 if user.new_record?
163 if user.new_record?
164 # Self-registration off
164 # Self-registration off
165 redirect_to(home_url) && return unless Setting.self_registration?
165 redirect_to(home_url) && return unless Setting.self_registration?
166
166
167 # Create on the fly
167 # Create on the fly
168 user.login = registration['nickname'] unless registration['nickname'].nil?
168 user.login = registration['nickname'] unless registration['nickname'].nil?
169 user.mail = registration['email'] unless registration['email'].nil?
169 user.mail = registration['email'] unless registration['email'].nil?
170 user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
170 user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
171 user.random_password
171 user.random_password
172 user.register
172 user.register
173
173
174 case Setting.self_registration
174 case Setting.self_registration
175 when '1'
175 when '1'
176 register_by_email_activation(user) do
176 register_by_email_activation(user) do
177 onthefly_creation_failed(user)
177 onthefly_creation_failed(user)
178 end
178 end
179 when '3'
179 when '3'
180 register_automatically(user) do
180 register_automatically(user) do
181 onthefly_creation_failed(user)
181 onthefly_creation_failed(user)
182 end
182 end
183 else
183 else
184 register_manually_by_administrator(user) do
184 register_manually_by_administrator(user) do
185 onthefly_creation_failed(user)
185 onthefly_creation_failed(user)
186 end
186 end
187 end
187 end
188 else
188 else
189 # Existing record
189 # Existing record
190 if user.active?
190 if user.active?
191 successful_authentication(user)
191 successful_authentication(user)
192 else
192 else
193 account_pending
193 account_pending
194 end
194 end
195 end
195 end
196 end
196 end
197 end
197 end
198 end
198 end
199
199
200 def successful_authentication(user)
200 def successful_authentication(user)
201 # Valid user
201 # Valid user
202 self.logged_user = user
202 self.logged_user = user
203 # generate a key and set cookie if autologin
203 # generate a key and set cookie if autologin
204 if params[:autologin] && Setting.autologin?
204 if params[:autologin] && Setting.autologin?
205 set_autologin_cookie(user)
205 set_autologin_cookie(user)
206 end
206 end
207 call_hook(:controller_account_success_authentication_after, {:user => user })
207 call_hook(:controller_account_success_authentication_after, {:user => user })
208 redirect_back_or_default :controller => 'my', :action => 'page'
208 redirect_back_or_default :controller => 'my', :action => 'page'
209 end
209 end
210
210
211 def set_autologin_cookie(user)
211 def set_autologin_cookie(user)
212 token = Token.create(:user => user, :action => 'autologin')
212 token = Token.create(:user => user, :action => 'autologin')
213 cookie_name = Redmine::Configuration['autologin_cookie_name'] || 'autologin'
213 cookie_name = Redmine::Configuration['autologin_cookie_name'] || 'autologin'
214 cookie_options = {
214 cookie_options = {
215 :value => token.value,
215 :value => token.value,
216 :expires => 1.year.from_now,
216 :expires => 1.year.from_now,
217 :path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
217 :path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
218 :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
218 :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
219 :httponly => true
219 :httponly => true
220 }
220 }
221 cookies[cookie_name] = cookie_options
221 cookies[cookie_name] = cookie_options
222 end
222 end
223
223
224 # Onthefly creation failed, display the registration form to fill/fix attributes
224 # Onthefly creation failed, display the registration form to fill/fix attributes
225 def onthefly_creation_failed(user, auth_source_options = { })
225 def onthefly_creation_failed(user, auth_source_options = { })
226 @user = user
226 @user = user
227 session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
227 session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
228 render :action => 'register'
228 render :action => 'register'
229 end
229 end
230
230
231 def invalid_credentials
231 def invalid_credentials
232 logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
232 logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
233 flash.now[:error] = l(:notice_account_invalid_creditentials)
233 flash.now[:error] = l(:notice_account_invalid_creditentials)
234 end
234 end
235
235
236 # Register a user for email activation.
236 # Register a user for email activation.
237 #
237 #
238 # Pass a block for behavior when a user fails to save
238 # Pass a block for behavior when a user fails to save
239 def register_by_email_activation(user, &block)
239 def register_by_email_activation(user, &block)
240 token = Token.new(:user => user, :action => "register")
240 token = Token.new(:user => user, :action => "register")
241 if user.save and token.save
241 if user.save and token.save
242 Mailer.deliver_register(token)
242 Mailer.deliver_register(token)
243 flash[:notice] = l(:notice_account_register_done)
243 flash[:notice] = l(:notice_account_register_done)
244 redirect_to :action => 'login'
244 redirect_to :action => 'login'
245 else
245 else
246 yield if block_given?
246 yield if block_given?
247 end
247 end
248 end
248 end
249
249
250 # Automatically register a user
250 # Automatically register a user
251 #
251 #
252 # Pass a block for behavior when a user fails to save
252 # Pass a block for behavior when a user fails to save
253 def register_automatically(user, &block)
253 def register_automatically(user, &block)
254 # Automatic activation
254 # Automatic activation
255 user.activate
255 user.activate
256 user.last_login_on = Time.now
256 user.last_login_on = Time.now
257 if user.save
257 if user.save
258 self.logged_user = user
258 self.logged_user = user
259 flash[:notice] = l(:notice_account_activated)
259 flash[:notice] = l(:notice_account_activated)
260 redirect_to :controller => 'my', :action => 'account'
260 redirect_to :controller => 'my', :action => 'account'
261 else
261 else
262 yield if block_given?
262 yield if block_given?
263 end
263 end
264 end
264 end
265
265
266 # Manual activation by the administrator
266 # Manual activation by the administrator
267 #
267 #
268 # Pass a block for behavior when a user fails to save
268 # Pass a block for behavior when a user fails to save
269 def register_manually_by_administrator(user, &block)
269 def register_manually_by_administrator(user, &block)
270 if user.save
270 if user.save
271 # Sends an email to the administrators
271 # Sends an email to the administrators
272 Mailer.deliver_account_activation_request(user)
272 Mailer.deliver_account_activation_request(user)
273 account_pending
273 account_pending
274 else
274 else
275 yield if block_given?
275 yield if block_given?
276 end
276 end
277 end
277 end
278
278
279 def account_pending
279 def account_pending
280 flash[:notice] = l(:notice_account_pending)
280 flash[:notice] = l(:notice_account_pending)
281 redirect_to :action => 'login'
281 redirect_to :action => 'login'
282 end
282 end
283 end
283 end
Show file before | Show file after | Hide comments
@@ -1,215 +1,222
1 # Redmine - project management software
1 # Redmine - project management software
2 # Copyright (C) 2006-2011 Jean-Philippe Lang
2 # Copyright (C) 2006-2011 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 require File.expand_path('../../test_helper', __FILE__)
18 require File.expand_path('../../test_helper', __FILE__)
19 require 'account_controller'
19 require 'account_controller'
20
20
21 # Re-raise errors caught by the controller.
21 # Re-raise errors caught by the controller.
22 class AccountController; def rescue_action(e) raise e end; end
22 class AccountController; def rescue_action(e) raise e end; end
23
23
24 class AccountControllerTest < ActionController::TestCase
24 class AccountControllerTest < ActionController::TestCase
25 fixtures :users, :roles
25 fixtures :users, :roles
26
26
27 def setup
27 def setup
28 @controller = AccountController.new
28 @controller = AccountController.new
29 @request = ActionController::TestRequest.new
29 @request = ActionController::TestRequest.new
30 @response = ActionController::TestResponse.new
30 @response = ActionController::TestResponse.new
31 User.current = nil
31 User.current = nil
32 end
32 end
33
33
34 def test_login_should_redirect_to_back_url_param
34 def test_login_should_redirect_to_back_url_param
35 # request.uri is "test.host" in test environment
35 # request.uri is "test.host" in test environment
36 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http%3A%2F%2Ftest.host%2Fissues%2Fshow%2F1'
36 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http%3A%2F%2Ftest.host%2Fissues%2Fshow%2F1'
37 assert_redirected_to '/issues/show/1'
37 assert_redirected_to '/issues/show/1'
38 end
38 end
39
39
40 def test_login_should_not_redirect_to_another_host
40 def test_login_should_not_redirect_to_another_host
41 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http%3A%2F%2Ftest.foo%2Ffake'
41 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http%3A%2F%2Ftest.foo%2Ffake'
42 assert_redirected_to '/my/page'
42 assert_redirected_to '/my/page'
43 end
43 end
44
44
45 def test_login_with_wrong_password
45 def test_login_with_wrong_password
46 post :login, :username => 'admin', :password => 'bad'
46 post :login, :username => 'admin', :password => 'bad'
47 assert_response :success
47 assert_response :success
48 assert_template 'login'
48 assert_template 'login'
49 assert_tag 'div',
49 assert_tag 'div',
50 :attributes => { :class => "flash error" },
50 :attributes => { :class => "flash error" },
51 :content => /Invalid user or password/
51 :content => /Invalid user or password/
52 end
52 end
53
53
54 if Object.const_defined?(:OpenID)
54 if Object.const_defined?(:OpenID)
55
55
56 def test_login_with_openid_for_existing_user
56 def test_login_with_openid_for_existing_user
57 Setting.self_registration = '3'
57 Setting.self_registration = '3'
58 Setting.openid = '1'
58 Setting.openid = '1'
59 existing_user = User.new(:firstname => 'Cool',
59 existing_user = User.new(:firstname => 'Cool',
60 :lastname => 'User',
60 :lastname => 'User',
61 :mail => 'user@somedomain.com',
61 :mail => 'user@somedomain.com',
62 :identity_url => 'http://openid.example.com/good_user')
62 :identity_url => 'http://openid.example.com/good_user')
63 existing_user.login = 'cool_user'
63 existing_user.login = 'cool_user'
64 assert existing_user.save!
64 assert existing_user.save!
65
65
66 post :login, :openid_url => existing_user.identity_url
66 post :login, :openid_url => existing_user.identity_url
67 assert_redirected_to '/my/page'
67 assert_redirected_to '/my/page'
68 end
68 end
69
69
70 def test_login_with_invalid_openid_provider
70 def test_login_with_invalid_openid_provider
71 Setting.self_registration = '0'
71 Setting.self_registration = '0'
72 Setting.openid = '1'
72 Setting.openid = '1'
73 post :login, :openid_url => 'http;//openid.example.com/good_user'
73 post :login, :openid_url => 'http;//openid.example.com/good_user'
74 assert_redirected_to home_url
74 assert_redirected_to home_url
75 end
75 end
76
76
77 def test_login_with_openid_for_existing_non_active_user
77 def test_login_with_openid_for_existing_non_active_user
78 Setting.self_registration = '2'
78 Setting.self_registration = '2'
79 Setting.openid = '1'
79 Setting.openid = '1'
80 existing_user = User.new(:firstname => 'Cool',
80 existing_user = User.new(:firstname => 'Cool',
81 :lastname => 'User',
81 :lastname => 'User',
82 :mail => 'user@somedomain.com',
82 :mail => 'user@somedomain.com',
83 :identity_url => 'http://openid.example.com/good_user',
83 :identity_url => 'http://openid.example.com/good_user',
84 :status => User::STATUS_REGISTERED)
84 :status => User::STATUS_REGISTERED)
85 existing_user.login = 'cool_user'
85 existing_user.login = 'cool_user'
86 assert existing_user.save!
86 assert existing_user.save!
87
87
88 post :login, :openid_url => existing_user.identity_url
88 post :login, :openid_url => existing_user.identity_url
89 assert_redirected_to '/login'
89 assert_redirected_to '/login'
90 end
90 end
91
91
92 def test_login_with_openid_with_new_user_created
92 def test_login_with_openid_with_new_user_created
93 Setting.self_registration = '3'
93 Setting.self_registration = '3'
94 Setting.openid = '1'
94 Setting.openid = '1'
95 post :login, :openid_url => 'http://openid.example.com/good_user'
95 post :login, :openid_url => 'http://openid.example.com/good_user'
96 assert_redirected_to '/my/account'
96 assert_redirected_to '/my/account'
97 user = User.find_by_login('cool_user')
97 user = User.find_by_login('cool_user')
98 assert user
98 assert user
99 assert_equal 'Cool', user.firstname
99 assert_equal 'Cool', user.firstname
100 assert_equal 'User', user.lastname
100 assert_equal 'User', user.lastname
101 end
101 end
102
102
103 def test_login_with_openid_with_new_user_and_self_registration_off
103 def test_login_with_openid_with_new_user_and_self_registration_off
104 Setting.self_registration = '0'
104 Setting.self_registration = '0'
105 Setting.openid = '1'
105 Setting.openid = '1'
106 post :login, :openid_url => 'http://openid.example.com/good_user'
106 post :login, :openid_url => 'http://openid.example.com/good_user'
107 assert_redirected_to home_url
107 assert_redirected_to home_url
108 user = User.find_by_login('cool_user')
108 user = User.find_by_login('cool_user')
109 assert ! user
109 assert ! user
110 end
110 end
111
111
112 def test_login_with_openid_with_new_user_created_with_email_activation_should_have_a_token
112 def test_login_with_openid_with_new_user_created_with_email_activation_should_have_a_token
113 Setting.self_registration = '1'
113 Setting.self_registration = '1'
114 Setting.openid = '1'
114 Setting.openid = '1'
115 post :login, :openid_url => 'http://openid.example.com/good_user'
115 post :login, :openid_url => 'http://openid.example.com/good_user'
116 assert_redirected_to '/login'
116 assert_redirected_to '/login'
117 user = User.find_by_login('cool_user')
117 user = User.find_by_login('cool_user')
118 assert user
118 assert user
119
119
120 token = Token.find_by_user_id_and_action(user.id, 'register')
120 token = Token.find_by_user_id_and_action(user.id, 'register')
121 assert token
121 assert token
122 end
122 end
123
123
124 def test_login_with_openid_with_new_user_created_with_manual_activation
124 def test_login_with_openid_with_new_user_created_with_manual_activation
125 Setting.self_registration = '2'
125 Setting.self_registration = '2'
126 Setting.openid = '1'
126 Setting.openid = '1'
127 post :login, :openid_url => 'http://openid.example.com/good_user'
127 post :login, :openid_url => 'http://openid.example.com/good_user'
128 assert_redirected_to '/login'
128 assert_redirected_to '/login'
129 user = User.find_by_login('cool_user')
129 user = User.find_by_login('cool_user')
130 assert user
130 assert user
131 assert_equal User::STATUS_REGISTERED, user.status
131 assert_equal User::STATUS_REGISTERED, user.status
132 end
132 end
133
133
134 def test_login_with_openid_with_new_user_with_conflict_should_register
134 def test_login_with_openid_with_new_user_with_conflict_should_register
135 Setting.self_registration = '3'
135 Setting.self_registration = '3'
136 Setting.openid = '1'
136 Setting.openid = '1'
137 existing_user = User.new(:firstname => 'Cool', :lastname => 'User', :mail => 'user@somedomain.com')
137 existing_user = User.new(:firstname => 'Cool', :lastname => 'User', :mail => 'user@somedomain.com')
138 existing_user.login = 'cool_user'
138 existing_user.login = 'cool_user'
139 assert existing_user.save!
139 assert existing_user.save!
140
140
141 post :login, :openid_url => 'http://openid.example.com/good_user'
141 post :login, :openid_url => 'http://openid.example.com/good_user'
142 assert_response :success
142 assert_response :success
143 assert_template 'register'
143 assert_template 'register'
144 assert assigns(:user)
144 assert assigns(:user)
145 assert_equal 'http://openid.example.com/good_user', assigns(:user)[:identity_url]
145 assert_equal 'http://openid.example.com/good_user', assigns(:user)[:identity_url]
146 end
146 end
147
147
148 def test_setting_openid_should_return_true_when_set_to_true
148 def test_setting_openid_should_return_true_when_set_to_true
149 Setting.openid = '1'
149 Setting.openid = '1'
150 assert_equal true, Setting.openid?
150 assert_equal true, Setting.openid?
151 end
151 end
152
152
153 else
153 else
154 puts "Skipping openid tests."
154 puts "Skipping openid tests."
155 end
155 end
156
156
157 def test_logout
157 def test_logout
158 @request.session[:user_id] = 2
158 @request.session[:user_id] = 2
159 get :logout
159 get :logout
160 assert_redirected_to '/'
160 assert_redirected_to '/'
161 assert_nil @request.session[:user_id]
161 assert_nil @request.session[:user_id]
162 end
162 end
163
163
164 def test_get_register_with_registration_on
164 def test_get_register_with_registration_on
165 with_settings :self_registration => '3' do
165 with_settings :self_registration => '3' do
166 get :register
166 get :register
167 assert_response :success
167 assert_response :success
168 assert_template 'register'
168 assert_template 'register'
169 assert_not_nil assigns(:user)
169 assert_not_nil assigns(:user)
170
171 assert_tag 'input', :attributes => {:name => 'user[password]'}
172 assert_tag 'input', :attributes => {:name => 'user[password_confirmation]'}
170 end
173 end
171 end
174 end
172
175
173 def test_get_register_with_registration_off_should_redirect
176 def test_get_register_with_registration_off_should_redirect
174 with_settings :self_registration => '0' do
177 with_settings :self_registration => '0' do
175 get :register
178 get :register
176 assert_redirected_to '/'
179 assert_redirected_to '/'
177 end
180 end
178 end
181 end
179
182
180 # See integration/account_test.rb for the full test
183 # See integration/account_test.rb for the full test
181 def test_post_register_with_registration_on
184 def test_post_register_with_registration_on
182 with_settings :self_registration => '3' do
185 with_settings :self_registration => '3' do
183 assert_difference 'User.count' do
186 assert_difference 'User.count' do
184 post :register, :user => {
187 post :register, :user => {
185 :login => 'register',
188 :login => 'register',
186 :password => 'test',
189 :password => 'test',
187 :password_confirmation => 'test',
190 :password_confirmation => 'test',
188 :firstname => 'John',
191 :firstname => 'John',
189 :lastname => 'Doe',
192 :lastname => 'Doe',
190 :mail => 'register@example.com'
193 :mail => 'register@example.com'
191 }
194 }
192 assert_redirected_to '/my/account'
195 assert_redirected_to '/my/account'
193 end
196 end
194 user = User.first(:order => 'id DESC')
197 user = User.first(:order => 'id DESC')
195 assert_equal 'register', user.login
198 assert_equal 'register', user.login
199 assert_equal 'John', user.firstname
200 assert_equal 'Doe', user.lastname
201 assert_equal 'register@example.com', user.mail
202 assert user.check_password?('test')
196 assert user.active?
203 assert user.active?
197 end
204 end
198 end
205 end
199
206
200 def test_post_register_with_registration_off_should_redirect
207 def test_post_register_with_registration_off_should_redirect
201 with_settings :self_registration => '0' do
208 with_settings :self_registration => '0' do
202 assert_no_difference 'User.count' do
209 assert_no_difference 'User.count' do
203 post :register, :user => {
210 post :register, :user => {
204 :login => 'register',
211 :login => 'register',
205 :password => 'test',
212 :password => 'test',
206 :password_confirmation => 'test',
213 :password_confirmation => 'test',
207 :firstname => 'John',
214 :firstname => 'John',
208 :lastname => 'Doe',
215 :lastname => 'Doe',
209 :mail => 'register@example.com'
216 :mail => 'register@example.com'
210 }
217 }
211 assert_redirected_to '/'
218 assert_redirected_to '/'
212 end
219 end
213 end
220 end
214 end
221 end
215 end
222 end
Show file before | Show file after | Hide comments
@@ -1,206 +1,206
1 # Redmine - project management software
1 # Redmine - project management software
2 # Copyright (C) 2006-2011 Jean-Philippe Lang
2 # Copyright (C) 2006-2011 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 require File.expand_path('../../test_helper', __FILE__)
18 require File.expand_path('../../test_helper', __FILE__)
19
19
20 begin
20 begin
21 require 'mocha'
21 require 'mocha'
22 rescue
22 rescue
23 # Won't run some tests
23 # Won't run some tests
24 end
24 end
25
25
26 class AccountTest < ActionController::IntegrationTest
26 class AccountTest < ActionController::IntegrationTest
27 fixtures :users, :roles
27 fixtures :users, :roles
28
28
29 # Replace this with your real tests.
29 # Replace this with your real tests.
30 def test_login
30 def test_login
31 get "my/page"
31 get "my/page"
32 assert_redirected_to "/login?back_url=http%3A%2F%2Fwww.example.com%2Fmy%2Fpage"
32 assert_redirected_to "/login?back_url=http%3A%2F%2Fwww.example.com%2Fmy%2Fpage"
33 log_user('jsmith', 'jsmith')
33 log_user('jsmith', 'jsmith')
34
34
35 get "my/account"
35 get "my/account"
36 assert_response :success
36 assert_response :success
37 assert_template "my/account"
37 assert_template "my/account"
38 end
38 end
39
39
40 def test_autologin
40 def test_autologin
41 user = User.find(1)
41 user = User.find(1)
42 Setting.autologin = "7"
42 Setting.autologin = "7"
43 Token.delete_all
43 Token.delete_all
44
44
45 # User logs in with 'autologin' checked
45 # User logs in with 'autologin' checked
46 post '/login', :username => user.login, :password => 'admin', :autologin => 1
46 post '/login', :username => user.login, :password => 'admin', :autologin => 1
47 assert_redirected_to '/my/page'
47 assert_redirected_to '/my/page'
48 token = Token.find :first
48 token = Token.find :first
49 assert_not_nil token
49 assert_not_nil token
50 assert_equal user, token.user
50 assert_equal user, token.user
51 assert_equal 'autologin', token.action
51 assert_equal 'autologin', token.action
52 assert_equal user.id, session[:user_id]
52 assert_equal user.id, session[:user_id]
53 assert_equal token.value, cookies['autologin']
53 assert_equal token.value, cookies['autologin']
54
54
55 # Session is cleared
55 # Session is cleared
56 reset!
56 reset!
57 User.current = nil
57 User.current = nil
58 # Clears user's last login timestamp
58 # Clears user's last login timestamp
59 user.update_attribute :last_login_on, nil
59 user.update_attribute :last_login_on, nil
60 assert_nil user.reload.last_login_on
60 assert_nil user.reload.last_login_on
61
61
62 # User comes back with his autologin cookie
62 # User comes back with his autologin cookie
63 cookies[:autologin] = token.value
63 cookies[:autologin] = token.value
64 get '/my/page'
64 get '/my/page'
65 assert_response :success
65 assert_response :success
66 assert_template 'my/page'
66 assert_template 'my/page'
67 assert_equal user.id, session[:user_id]
67 assert_equal user.id, session[:user_id]
68 assert_not_nil user.reload.last_login_on
68 assert_not_nil user.reload.last_login_on
69 assert user.last_login_on.utc > 10.second.ago.utc
69 assert user.last_login_on.utc > 10.second.ago.utc
70 end
70 end
71
71
72 def test_lost_password
72 def test_lost_password
73 Token.delete_all
73 Token.delete_all
74
74
75 get "account/lost_password"
75 get "account/lost_password"
76 assert_response :success
76 assert_response :success
77 assert_template "account/lost_password"
77 assert_template "account/lost_password"
78
78
79 post "account/lost_password", :mail => 'jSmith@somenet.foo'
79 post "account/lost_password", :mail => 'jSmith@somenet.foo'
80 assert_redirected_to "/login"
80 assert_redirected_to "/login"
81
81
82 token = Token.find(:first)
82 token = Token.find(:first)
83 assert_equal 'recovery', token.action
83 assert_equal 'recovery', token.action
84 assert_equal 'jsmith@somenet.foo', token.user.mail
84 assert_equal 'jsmith@somenet.foo', token.user.mail
85 assert !token.expired?
85 assert !token.expired?
86
86
87 get "account/lost_password", :token => token.value
87 get "account/lost_password", :token => token.value
88 assert_response :success
88 assert_response :success
89 assert_template "account/password_recovery"
89 assert_template "account/password_recovery"
90
90
91 post "account/lost_password", :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'newpass'
91 post "account/lost_password", :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'newpass'
92 assert_redirected_to "/login"
92 assert_redirected_to "/login"
93 assert_equal 'Password was successfully updated.', flash[:notice]
93 assert_equal 'Password was successfully updated.', flash[:notice]
94
94
95 log_user('jsmith', 'newpass')
95 log_user('jsmith', 'newpass')
96 assert_equal 0, Token.count
96 assert_equal 0, Token.count
97 end
97 end
98
98
99 def test_register_with_automatic_activation
99 def test_register_with_automatic_activation
100 Setting.self_registration = '3'
100 Setting.self_registration = '3'
101
101
102 get 'account/register'
102 get 'account/register'
103 assert_response :success
103 assert_response :success
104 assert_template 'account/register'
104 assert_template 'account/register'
105
105
106 post 'account/register', :user => {:login => "newuser", :language => "en", :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar"},
106 post 'account/register', :user => {:login => "newuser", :language => "en", :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",
107 :password => "newpass", :password_confirmation => "newpass"
107 :password => "newpass", :password_confirmation => "newpass"}
108 assert_redirected_to '/my/account'
108 assert_redirected_to '/my/account'
109 follow_redirect!
109 follow_redirect!
110 assert_response :success
110 assert_response :success
111 assert_template 'my/account'
111 assert_template 'my/account'
112
112
113 user = User.find_by_login('newuser')
113 user = User.find_by_login('newuser')
114 assert_not_nil user
114 assert_not_nil user
115 assert user.active?
115 assert user.active?
116 assert_not_nil user.last_login_on
116 assert_not_nil user.last_login_on
117 end
117 end
118
118
119 def test_register_with_manual_activation
119 def test_register_with_manual_activation
120 Setting.self_registration = '2'
120 Setting.self_registration = '2'
121
121
122 post 'account/register', :user => {:login => "newuser", :language => "en", :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar"},
122 post 'account/register', :user => {:login => "newuser", :language => "en", :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",
123 :password => "newpass", :password_confirmation => "newpass"
123 :password => "newpass", :password_confirmation => "newpass"}
124 assert_redirected_to '/login'
124 assert_redirected_to '/login'
125 assert !User.find_by_login('newuser').active?
125 assert !User.find_by_login('newuser').active?
126 end
126 end
127
127
128 def test_register_with_email_activation
128 def test_register_with_email_activation
129 Setting.self_registration = '1'
129 Setting.self_registration = '1'
130 Token.delete_all
130 Token.delete_all
131
131
132 post 'account/register', :user => {:login => "newuser", :language => "en", :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar"},
132 post 'account/register', :user => {:login => "newuser", :language => "en", :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",
133 :password => "newpass", :password_confirmation => "newpass"
133 :password => "newpass", :password_confirmation => "newpass"}
134 assert_redirected_to '/login'
134 assert_redirected_to '/login'
135 assert !User.find_by_login('newuser').active?
135 assert !User.find_by_login('newuser').active?
136
136
137 token = Token.find(:first)
137 token = Token.find(:first)
138 assert_equal 'register', token.action
138 assert_equal 'register', token.action
139 assert_equal 'newuser@foo.bar', token.user.mail
139 assert_equal 'newuser@foo.bar', token.user.mail
140 assert !token.expired?
140 assert !token.expired?
141
141
142 get 'account/activate', :token => token.value
142 get 'account/activate', :token => token.value
143 assert_redirected_to '/login'
143 assert_redirected_to '/login'
144 log_user('newuser', 'newpass')
144 log_user('newuser', 'newpass')
145 end
145 end
146
146
147 if Object.const_defined?(:Mocha)
147 if Object.const_defined?(:Mocha)
148
148
149 def test_onthefly_registration
149 def test_onthefly_registration
150 # disable registration
150 # disable registration
151 Setting.self_registration = '0'
151 Setting.self_registration = '0'
152 AuthSource.expects(:authenticate).returns({:login => 'foo', :firstname => 'Foo', :lastname => 'Smith', :mail => 'foo@bar.com', :auth_source_id => 66})
152 AuthSource.expects(:authenticate).returns({:login => 'foo', :firstname => 'Foo', :lastname => 'Smith', :mail => 'foo@bar.com', :auth_source_id => 66})
153
153
154 post '/login', :username => 'foo', :password => 'bar'
154 post '/login', :username => 'foo', :password => 'bar'
155 assert_redirected_to '/my/page'
155 assert_redirected_to '/my/page'
156
156
157 user = User.find_by_login('foo')
157 user = User.find_by_login('foo')
158 assert user.is_a?(User)
158 assert user.is_a?(User)
159 assert_equal 66, user.auth_source_id
159 assert_equal 66, user.auth_source_id
160 assert user.hashed_password.blank?
160 assert user.hashed_password.blank?
161 end
161 end
162
162
163 def test_onthefly_registration_with_invalid_attributes
163 def test_onthefly_registration_with_invalid_attributes
164 # disable registration
164 # disable registration
165 Setting.self_registration = '0'
165 Setting.self_registration = '0'
166 AuthSource.expects(:authenticate).returns({:login => 'foo', :lastname => 'Smith', :auth_source_id => 66})
166 AuthSource.expects(:authenticate).returns({:login => 'foo', :lastname => 'Smith', :auth_source_id => 66})
167
167
168 post '/login', :username => 'foo', :password => 'bar'
168 post '/login', :username => 'foo', :password => 'bar'
169 assert_response :success
169 assert_response :success
170 assert_template 'account/register'
170 assert_template 'account/register'
171 assert_tag :input, :attributes => { :name => 'user[firstname]', :value => '' }
171 assert_tag :input, :attributes => { :name => 'user[firstname]', :value => '' }
172 assert_tag :input, :attributes => { :name => 'user[lastname]', :value => 'Smith' }
172 assert_tag :input, :attributes => { :name => 'user[lastname]', :value => 'Smith' }
173 assert_no_tag :input, :attributes => { :name => 'user[login]' }
173 assert_no_tag :input, :attributes => { :name => 'user[login]' }
174 assert_no_tag :input, :attributes => { :name => 'user[password]' }
174 assert_no_tag :input, :attributes => { :name => 'user[password]' }
175
175
176 post 'account/register', :user => {:firstname => 'Foo', :lastname => 'Smith', :mail => 'foo@bar.com'}
176 post 'account/register', :user => {:firstname => 'Foo', :lastname => 'Smith', :mail => 'foo@bar.com'}
177 assert_redirected_to '/my/account'
177 assert_redirected_to '/my/account'
178
178
179 user = User.find_by_login('foo')
179 user = User.find_by_login('foo')
180 assert user.is_a?(User)
180 assert user.is_a?(User)
181 assert_equal 66, user.auth_source_id
181 assert_equal 66, user.auth_source_id
182 assert user.hashed_password.blank?
182 assert user.hashed_password.blank?
183 end
183 end
184
184
185 def test_login_and_logout_should_clear_session
185 def test_login_and_logout_should_clear_session
186 get '/login'
186 get '/login'
187 sid = session[:session_id]
187 sid = session[:session_id]
188
188
189 post '/login', :username => 'admin', :password => 'admin'
189 post '/login', :username => 'admin', :password => 'admin'
190 assert_redirected_to '/my/page'
190 assert_redirected_to '/my/page'
191 assert_not_equal sid, session[:session_id], "login should reset session"
191 assert_not_equal sid, session[:session_id], "login should reset session"
192 assert_equal 1, session[:user_id]
192 assert_equal 1, session[:user_id]
193 sid = session[:session_id]
193 sid = session[:session_id]
194
194
195 get '/'
195 get '/'
196 assert_equal sid, session[:session_id]
196 assert_equal sid, session[:session_id]
197
197
198 get '/logout'
198 get '/logout'
199 assert_not_equal sid, session[:session_id], "logout should reset session"
199 assert_not_equal sid, session[:session_id], "logout should reset session"
200 assert_nil session[:user_id]
200 assert_nil session[:user_id]
201 end
201 end
202
202
203 else
203 else
204 puts 'Mocha is missing. Skipping tests.'
204 puts 'Mocha is missing. Skipping tests.'
205 end
205 end
206 end
206 end
General Comments 0
You need to be logged in to leave comments. Login now