##// END OF EJS Templates
jro_apps » redmine
RSS
Merged r16287 to r16289 (#24416)....
Jean-Philippe Lang -
r15917:a170c3d93c95
parent child
Show More
Side by Side Unified
Context file:
r15917:a170c3d93c95 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,359 +1,367
1 # Redmine - project management software
1 # Redmine - project management software
2 # Copyright (C) 2006-2016 Jean-Philippe Lang
2 # Copyright (C) 2006-2016 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 class AccountController < ApplicationController
18 class AccountController < ApplicationController
19 helper :custom_fields
19 helper :custom_fields
20 include CustomFieldsHelper
20 include CustomFieldsHelper
21
21
22 # prevents login action to be filtered by check_if_login_required application scope filter
22 # prevents login action to be filtered by check_if_login_required application scope filter
23 skip_before_filter :check_if_login_required, :check_password_change
23 skip_before_filter :check_if_login_required, :check_password_change
24
24
25 # Overrides ApplicationController#verify_authenticity_token to disable
25 # Overrides ApplicationController#verify_authenticity_token to disable
26 # token verification on openid callbacks
26 # token verification on openid callbacks
27 def verify_authenticity_token
27 def verify_authenticity_token
28 unless using_open_id?
28 unless using_open_id?
29 super
29 super
30 end
30 end
31 end
31 end
32
32
33 # Login request and validation
33 # Login request and validation
34 def login
34 def login
35 if request.get?
35 if request.get?
36 if User.current.logged?
36 if User.current.logged?
37 redirect_back_or_default home_url, :referer => true
37 redirect_back_or_default home_url, :referer => true
38 end
38 end
39 else
39 else
40 authenticate_user
40 authenticate_user
41 end
41 end
42 rescue AuthSourceException => e
42 rescue AuthSourceException => e
43 logger.error "An error occured when authenticating #{params[:username]}: #{e.message}"
43 logger.error "An error occured when authenticating #{params[:username]}: #{e.message}"
44 render_error :message => e.message
44 render_error :message => e.message
45 end
45 end
46
46
47 # Log out current user and redirect to welcome page
47 # Log out current user and redirect to welcome page
48 def logout
48 def logout
49 if User.current.anonymous?
49 if User.current.anonymous?
50 redirect_to home_url
50 redirect_to home_url
51 elsif request.post?
51 elsif request.post?
52 logout_user
52 logout_user
53 redirect_to home_url
53 redirect_to home_url
54 end
54 end
55 # display the logout form
55 # display the logout form
56 end
56 end
57
57
58 # Lets user choose a new password
58 # Lets user choose a new password
59 def lost_password
59 def lost_password
60 (redirect_to(home_url); return) unless Setting.lost_password?
60 (redirect_to(home_url); return) unless Setting.lost_password?
61 if params[:token]
61 if prt = (params[:token] || session[:password_recovery_token])
62 @token = Token.find_token("recovery", params[:token].to_s)
62 @token = Token.find_token("recovery", prt.to_s)
63 if @token.nil? || @token.expired?
63 if @token.nil? || @token.expired?
64 redirect_to home_url
64 redirect_to home_url
65 return
65 return
66 end
66 end
67
68 # redirect to remove the token query parameter from the URL and add it to the session
69 if request.query_parameters[:token].present?
70 session[:password_recovery_token] = @token.value
71 redirect_to lost_password_url
72 return
73 end
74
67 @user = @token.user
75 @user = @token.user
68 unless @user && @user.active?
76 unless @user && @user.active?
69 redirect_to home_url
77 redirect_to home_url
70 return
78 return
71 end
79 end
72 if request.post?
80 if request.post?
73 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
81 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
74 if @user.save
82 if @user.save
75 @token.destroy
83 @token.destroy
76 flash[:notice] = l(:notice_account_password_updated)
84 flash[:notice] = l(:notice_account_password_updated)
77 redirect_to signin_path
85 redirect_to signin_path
78 return
86 return
79 end
87 end
80 end
88 end
81 render :template => "account/password_recovery"
89 render :template => "account/password_recovery"
82 return
90 return
83 else
91 else
84 if request.post?
92 if request.post?
85 email = params[:mail].to_s
93 email = params[:mail].to_s
86 user = User.find_by_mail(email)
94 user = User.find_by_mail(email)
87 # user not found
95 # user not found
88 unless user
96 unless user
89 flash.now[:error] = l(:notice_account_unknown_email)
97 flash.now[:error] = l(:notice_account_unknown_email)
90 return
98 return
91 end
99 end
92 unless user.active?
100 unless user.active?
93 handle_inactive_user(user, lost_password_path)
101 handle_inactive_user(user, lost_password_path)
94 return
102 return
95 end
103 end
96 # user cannot change its password
104 # user cannot change its password
97 unless user.change_password_allowed?
105 unless user.change_password_allowed?
98 flash.now[:error] = l(:notice_can_t_change_password)
106 flash.now[:error] = l(:notice_can_t_change_password)
99 return
107 return
100 end
108 end
101 # create a new token for password recovery
109 # create a new token for password recovery
102 token = Token.new(:user => user, :action => "recovery")
110 token = Token.new(:user => user, :action => "recovery")
103 if token.save
111 if token.save
104 # Don't use the param to send the email
112 # Don't use the param to send the email
105 recipent = user.mails.detect {|e| email.casecmp(e) == 0} || user.mail
113 recipent = user.mails.detect {|e| email.casecmp(e) == 0} || user.mail
106 Mailer.lost_password(token, recipent).deliver
114 Mailer.lost_password(token, recipent).deliver
107 flash[:notice] = l(:notice_account_lost_email_sent)
115 flash[:notice] = l(:notice_account_lost_email_sent)
108 redirect_to signin_path
116 redirect_to signin_path
109 return
117 return
110 end
118 end
111 end
119 end
112 end
120 end
113 end
121 end
114
122
115 # User self-registration
123 # User self-registration
116 def register
124 def register
117 (redirect_to(home_url); return) unless Setting.self_registration? || session[:auth_source_registration]
125 (redirect_to(home_url); return) unless Setting.self_registration? || session[:auth_source_registration]
118 if request.get?
126 if request.get?
119 session[:auth_source_registration] = nil
127 session[:auth_source_registration] = nil
120 @user = User.new(:language => current_language.to_s)
128 @user = User.new(:language => current_language.to_s)
121 else
129 else
122 user_params = params[:user] || {}
130 user_params = params[:user] || {}
123 @user = User.new
131 @user = User.new
124 @user.safe_attributes = user_params
132 @user.safe_attributes = user_params
125 @user.admin = false
133 @user.admin = false
126 @user.register
134 @user.register
127 if session[:auth_source_registration]
135 if session[:auth_source_registration]
128 @user.activate
136 @user.activate
129 @user.login = session[:auth_source_registration][:login]
137 @user.login = session[:auth_source_registration][:login]
130 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
138 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
131 if @user.save
139 if @user.save
132 session[:auth_source_registration] = nil
140 session[:auth_source_registration] = nil
133 self.logged_user = @user
141 self.logged_user = @user
134 flash[:notice] = l(:notice_account_activated)
142 flash[:notice] = l(:notice_account_activated)
135 redirect_to my_account_path
143 redirect_to my_account_path
136 end
144 end
137 else
145 else
138 @user.login = params[:user][:login]
146 @user.login = params[:user][:login]
139 unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank?
147 unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank?
140 @user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation]
148 @user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation]
141 end
149 end
142
150
143 case Setting.self_registration
151 case Setting.self_registration
144 when '1'
152 when '1'
145 register_by_email_activation(@user)
153 register_by_email_activation(@user)
146 when '3'
154 when '3'
147 register_automatically(@user)
155 register_automatically(@user)
148 else
156 else
149 register_manually_by_administrator(@user)
157 register_manually_by_administrator(@user)
150 end
158 end
151 end
159 end
152 end
160 end
153 end
161 end
154
162
155 # Token based account activation
163 # Token based account activation
156 def activate
164 def activate
157 (redirect_to(home_url); return) unless Setting.self_registration? && params[:token].present?
165 (redirect_to(home_url); return) unless Setting.self_registration? && params[:token].present?
158 token = Token.find_token('register', params[:token].to_s)
166 token = Token.find_token('register', params[:token].to_s)
159 (redirect_to(home_url); return) unless token and !token.expired?
167 (redirect_to(home_url); return) unless token and !token.expired?
160 user = token.user
168 user = token.user
161 (redirect_to(home_url); return) unless user.registered?
169 (redirect_to(home_url); return) unless user.registered?
162 user.activate
170 user.activate
163 if user.save
171 if user.save
164 token.destroy
172 token.destroy
165 flash[:notice] = l(:notice_account_activated)
173 flash[:notice] = l(:notice_account_activated)
166 end
174 end
167 redirect_to signin_path
175 redirect_to signin_path
168 end
176 end
169
177
170 # Sends a new account activation email
178 # Sends a new account activation email
171 def activation_email
179 def activation_email
172 if session[:registered_user_id] && Setting.self_registration == '1'
180 if session[:registered_user_id] && Setting.self_registration == '1'
173 user_id = session.delete(:registered_user_id).to_i
181 user_id = session.delete(:registered_user_id).to_i
174 user = User.find_by_id(user_id)
182 user = User.find_by_id(user_id)
175 if user && user.registered?
183 if user && user.registered?
176 register_by_email_activation(user)
184 register_by_email_activation(user)
177 return
185 return
178 end
186 end
179 end
187 end
180 redirect_to(home_url)
188 redirect_to(home_url)
181 end
189 end
182
190
183 private
191 private
184
192
185 def authenticate_user
193 def authenticate_user
186 if Setting.openid? && using_open_id?
194 if Setting.openid? && using_open_id?
187 open_id_authenticate(params[:openid_url])
195 open_id_authenticate(params[:openid_url])
188 else
196 else
189 password_authentication
197 password_authentication
190 end
198 end
191 end
199 end
192
200
193 def password_authentication
201 def password_authentication
194 user = User.try_to_login(params[:username], params[:password], false)
202 user = User.try_to_login(params[:username], params[:password], false)
195
203
196 if user.nil?
204 if user.nil?
197 invalid_credentials
205 invalid_credentials
198 elsif user.new_record?
206 elsif user.new_record?
199 onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
207 onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
200 else
208 else
201 # Valid user
209 # Valid user
202 if user.active?
210 if user.active?
203 successful_authentication(user)
211 successful_authentication(user)
204 update_sudo_timestamp! # activate Sudo Mode
212 update_sudo_timestamp! # activate Sudo Mode
205 else
213 else
206 handle_inactive_user(user)
214 handle_inactive_user(user)
207 end
215 end
208 end
216 end
209 end
217 end
210
218
211 def open_id_authenticate(openid_url)
219 def open_id_authenticate(openid_url)
212 back_url = signin_url(:autologin => params[:autologin])
220 back_url = signin_url(:autologin => params[:autologin])
213 authenticate_with_open_id(
221 authenticate_with_open_id(
214 openid_url, :required => [:nickname, :fullname, :email],
222 openid_url, :required => [:nickname, :fullname, :email],
215 :return_to => back_url, :method => :post
223 :return_to => back_url, :method => :post
216 ) do |result, identity_url, registration|
224 ) do |result, identity_url, registration|
217 if result.successful?
225 if result.successful?
218 user = User.find_or_initialize_by_identity_url(identity_url)
226 user = User.find_or_initialize_by_identity_url(identity_url)
219 if user.new_record?
227 if user.new_record?
220 # Self-registration off
228 # Self-registration off
221 (redirect_to(home_url); return) unless Setting.self_registration?
229 (redirect_to(home_url); return) unless Setting.self_registration?
222 # Create on the fly
230 # Create on the fly
223 user.login = registration['nickname'] unless registration['nickname'].nil?
231 user.login = registration['nickname'] unless registration['nickname'].nil?
224 user.mail = registration['email'] unless registration['email'].nil?
232 user.mail = registration['email'] unless registration['email'].nil?
225 user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
233 user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
226 user.random_password
234 user.random_password
227 user.register
235 user.register
228 case Setting.self_registration
236 case Setting.self_registration
229 when '1'
237 when '1'
230 register_by_email_activation(user) do
238 register_by_email_activation(user) do
231 onthefly_creation_failed(user)
239 onthefly_creation_failed(user)
232 end
240 end
233 when '3'
241 when '3'
234 register_automatically(user) do
242 register_automatically(user) do
235 onthefly_creation_failed(user)
243 onthefly_creation_failed(user)
236 end
244 end
237 else
245 else
238 register_manually_by_administrator(user) do
246 register_manually_by_administrator(user) do
239 onthefly_creation_failed(user)
247 onthefly_creation_failed(user)
240 end
248 end
241 end
249 end
242 else
250 else
243 # Existing record
251 # Existing record
244 if user.active?
252 if user.active?
245 successful_authentication(user)
253 successful_authentication(user)
246 else
254 else
247 handle_inactive_user(user)
255 handle_inactive_user(user)
248 end
256 end
249 end
257 end
250 end
258 end
251 end
259 end
252 end
260 end
253
261
254 def successful_authentication(user)
262 def successful_authentication(user)
255 logger.info "Successful authentication for '#{user.login}' from #{request.remote_ip} at #{Time.now.utc}"
263 logger.info "Successful authentication for '#{user.login}' from #{request.remote_ip} at #{Time.now.utc}"
256 # Valid user
264 # Valid user
257 self.logged_user = user
265 self.logged_user = user
258 # generate a key and set cookie if autologin
266 # generate a key and set cookie if autologin
259 if params[:autologin] && Setting.autologin?
267 if params[:autologin] && Setting.autologin?
260 set_autologin_cookie(user)
268 set_autologin_cookie(user)
261 end
269 end
262 call_hook(:controller_account_success_authentication_after, {:user => user })
270 call_hook(:controller_account_success_authentication_after, {:user => user })
263 redirect_back_or_default my_page_path
271 redirect_back_or_default my_page_path
264 end
272 end
265
273
266 def set_autologin_cookie(user)
274 def set_autologin_cookie(user)
267 token = Token.create(:user => user, :action => 'autologin')
275 token = Token.create(:user => user, :action => 'autologin')
268 secure = Redmine::Configuration['autologin_cookie_secure']
276 secure = Redmine::Configuration['autologin_cookie_secure']
269 if secure.nil?
277 if secure.nil?
270 secure = request.ssl?
278 secure = request.ssl?
271 end
279 end
272 cookie_options = {
280 cookie_options = {
273 :value => token.value,
281 :value => token.value,
274 :expires => 1.year.from_now,
282 :expires => 1.year.from_now,
275 :path => (Redmine::Configuration['autologin_cookie_path'] || RedmineApp::Application.config.relative_url_root || '/'),
283 :path => (Redmine::Configuration['autologin_cookie_path'] || RedmineApp::Application.config.relative_url_root || '/'),
276 :secure => secure,
284 :secure => secure,
277 :httponly => true
285 :httponly => true
278 }
286 }
279 cookies[autologin_cookie_name] = cookie_options
287 cookies[autologin_cookie_name] = cookie_options
280 end
288 end
281
289
282 # Onthefly creation failed, display the registration form to fill/fix attributes
290 # Onthefly creation failed, display the registration form to fill/fix attributes
283 def onthefly_creation_failed(user, auth_source_options = { })
291 def onthefly_creation_failed(user, auth_source_options = { })
284 @user = user
292 @user = user
285 session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
293 session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
286 render :action => 'register'
294 render :action => 'register'
287 end
295 end
288
296
289 def invalid_credentials
297 def invalid_credentials
290 logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
298 logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
291 flash.now[:error] = l(:notice_account_invalid_creditentials)
299 flash.now[:error] = l(:notice_account_invalid_creditentials)
292 end
300 end
293
301
294 # Register a user for email activation.
302 # Register a user for email activation.
295 #
303 #
296 # Pass a block for behavior when a user fails to save
304 # Pass a block for behavior when a user fails to save
297 def register_by_email_activation(user, &block)
305 def register_by_email_activation(user, &block)
298 token = Token.new(:user => user, :action => "register")
306 token = Token.new(:user => user, :action => "register")
299 if user.save and token.save
307 if user.save and token.save
300 Mailer.register(token).deliver
308 Mailer.register(token).deliver
301 flash[:notice] = l(:notice_account_register_done, :email => ERB::Util.h(user.mail))
309 flash[:notice] = l(:notice_account_register_done, :email => ERB::Util.h(user.mail))
302 redirect_to signin_path
310 redirect_to signin_path
303 else
311 else
304 yield if block_given?
312 yield if block_given?
305 end
313 end
306 end
314 end
307
315
308 # Automatically register a user
316 # Automatically register a user
309 #
317 #
310 # Pass a block for behavior when a user fails to save
318 # Pass a block for behavior when a user fails to save
311 def register_automatically(user, &block)
319 def register_automatically(user, &block)
312 # Automatic activation
320 # Automatic activation
313 user.activate
321 user.activate
314 user.last_login_on = Time.now
322 user.last_login_on = Time.now
315 if user.save
323 if user.save
316 self.logged_user = user
324 self.logged_user = user
317 flash[:notice] = l(:notice_account_activated)
325 flash[:notice] = l(:notice_account_activated)
318 redirect_to my_account_path
326 redirect_to my_account_path
319 else
327 else
320 yield if block_given?
328 yield if block_given?
321 end
329 end
322 end
330 end
323
331
324 # Manual activation by the administrator
332 # Manual activation by the administrator
325 #
333 #
326 # Pass a block for behavior when a user fails to save
334 # Pass a block for behavior when a user fails to save
327 def register_manually_by_administrator(user, &block)
335 def register_manually_by_administrator(user, &block)
328 if user.save
336 if user.save
329 # Sends an email to the administrators
337 # Sends an email to the administrators
330 Mailer.account_activation_request(user).deliver
338 Mailer.account_activation_request(user).deliver
331 account_pending(user)
339 account_pending(user)
332 else
340 else
333 yield if block_given?
341 yield if block_given?
334 end
342 end
335 end
343 end
336
344
337 def handle_inactive_user(user, redirect_path=signin_path)
345 def handle_inactive_user(user, redirect_path=signin_path)
338 if user.registered?
346 if user.registered?
339 account_pending(user, redirect_path)
347 account_pending(user, redirect_path)
340 else
348 else
341 account_locked(user, redirect_path)
349 account_locked(user, redirect_path)
342 end
350 end
343 end
351 end
344
352
345 def account_pending(user, redirect_path=signin_path)
353 def account_pending(user, redirect_path=signin_path)
346 if Setting.self_registration == '1'
354 if Setting.self_registration == '1'
347 flash[:error] = l(:notice_account_not_activated_yet, :url => activation_email_path)
355 flash[:error] = l(:notice_account_not_activated_yet, :url => activation_email_path)
348 session[:registered_user_id] = user.id
356 session[:registered_user_id] = user.id
349 else
357 else
350 flash[:error] = l(:notice_account_pending)
358 flash[:error] = l(:notice_account_pending)
351 end
359 end
352 redirect_to redirect_path
360 redirect_to redirect_path
353 end
361 end
354
362
355 def account_locked(user, redirect_path=signin_path)
363 def account_locked(user, redirect_path=signin_path)
356 flash[:error] = l(:notice_account_locked)
364 flash[:error] = l(:notice_account_locked)
357 redirect_to redirect_path
365 redirect_to redirect_path
358 end
366 end
359 end
367 end
Show file before | Show file after | Hide comments
@@ -1,434 +1,445
1 # Redmine - project management software
1 # Redmine - project management software
2 # Copyright (C) 2006-2016 Jean-Philippe Lang
2 # Copyright (C) 2006-2016 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 require File.expand_path('../../test_helper', __FILE__)
18 require File.expand_path('../../test_helper', __FILE__)
19
19
20 class AccountControllerTest < ActionController::TestCase
20 class AccountControllerTest < ActionController::TestCase
21 fixtures :users, :email_addresses, :roles
21 fixtures :users, :email_addresses, :roles
22
22
23 def setup
23 def setup
24 User.current = nil
24 User.current = nil
25 end
25 end
26
26
27 def test_get_login
27 def test_get_login
28 get :login
28 get :login
29 assert_response :success
29 assert_response :success
30 assert_template 'login'
30 assert_template 'login'
31
31
32 assert_select 'input[name=username]'
32 assert_select 'input[name=username]'
33 assert_select 'input[name=password]'
33 assert_select 'input[name=password]'
34 end
34 end
35
35
36 def test_get_login_while_logged_in_should_redirect_to_back_url_if_present
36 def test_get_login_while_logged_in_should_redirect_to_back_url_if_present
37 @request.session[:user_id] = 2
37 @request.session[:user_id] = 2
38 @request.env["HTTP_REFERER"] = 'http://test.host/issues/show/1'
38 @request.env["HTTP_REFERER"] = 'http://test.host/issues/show/1'
39
39
40 get :login, :back_url => 'http://test.host/issues/show/1'
40 get :login, :back_url => 'http://test.host/issues/show/1'
41 assert_redirected_to '/issues/show/1'
41 assert_redirected_to '/issues/show/1'
42 assert_equal 2, @request.session[:user_id]
42 assert_equal 2, @request.session[:user_id]
43 end
43 end
44
44
45 def test_get_login_while_logged_in_should_redirect_to_referer_without_back_url
45 def test_get_login_while_logged_in_should_redirect_to_referer_without_back_url
46 @request.session[:user_id] = 2
46 @request.session[:user_id] = 2
47 @request.env["HTTP_REFERER"] = 'http://test.host/issues/show/1'
47 @request.env["HTTP_REFERER"] = 'http://test.host/issues/show/1'
48
48
49 get :login
49 get :login
50 assert_redirected_to '/issues/show/1'
50 assert_redirected_to '/issues/show/1'
51 assert_equal 2, @request.session[:user_id]
51 assert_equal 2, @request.session[:user_id]
52 end
52 end
53
53
54 def test_get_login_while_logged_in_should_redirect_to_home_by_default
54 def test_get_login_while_logged_in_should_redirect_to_home_by_default
55 @request.session[:user_id] = 2
55 @request.session[:user_id] = 2
56
56
57 get :login
57 get :login
58 assert_redirected_to '/'
58 assert_redirected_to '/'
59 assert_equal 2, @request.session[:user_id]
59 assert_equal 2, @request.session[:user_id]
60 end
60 end
61
61
62 def test_login_should_redirect_to_back_url_param
62 def test_login_should_redirect_to_back_url_param
63 # request.uri is "test.host" in test environment
63 # request.uri is "test.host" in test environment
64 back_urls = [
64 back_urls = [
65 'http://test.host/issues/show/1',
65 'http://test.host/issues/show/1',
66 'http://test.host/',
66 'http://test.host/',
67 '/'
67 '/'
68 ]
68 ]
69 back_urls.each do |back_url|
69 back_urls.each do |back_url|
70 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
70 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
71 assert_redirected_to back_url
71 assert_redirected_to back_url
72 end
72 end
73 end
73 end
74
74
75 def test_login_with_suburi_should_redirect_to_back_url_param
75 def test_login_with_suburi_should_redirect_to_back_url_param
76 @relative_url_root = Redmine::Utils.relative_url_root
76 @relative_url_root = Redmine::Utils.relative_url_root
77 Redmine::Utils.relative_url_root = '/redmine'
77 Redmine::Utils.relative_url_root = '/redmine'
78
78
79 back_urls = [
79 back_urls = [
80 'http://test.host/redmine/issues/show/1',
80 'http://test.host/redmine/issues/show/1',
81 '/redmine'
81 '/redmine'
82 ]
82 ]
83 back_urls.each do |back_url|
83 back_urls.each do |back_url|
84 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
84 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
85 assert_redirected_to back_url
85 assert_redirected_to back_url
86 end
86 end
87 ensure
87 ensure
88 Redmine::Utils.relative_url_root = @relative_url_root
88 Redmine::Utils.relative_url_root = @relative_url_root
89 end
89 end
90
90
91 def test_login_should_not_redirect_to_another_host
91 def test_login_should_not_redirect_to_another_host
92 back_urls = [
92 back_urls = [
93 'http://test.foo/fake',
93 'http://test.foo/fake',
94 '//test.foo/fake'
94 '//test.foo/fake'
95 ]
95 ]
96 back_urls.each do |back_url|
96 back_urls.each do |back_url|
97 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
97 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
98 assert_redirected_to '/my/page'
98 assert_redirected_to '/my/page'
99 end
99 end
100 end
100 end
101
101
102 def test_login_with_suburi_should_not_redirect_to_another_suburi
102 def test_login_with_suburi_should_not_redirect_to_another_suburi
103 @relative_url_root = Redmine::Utils.relative_url_root
103 @relative_url_root = Redmine::Utils.relative_url_root
104 Redmine::Utils.relative_url_root = '/redmine'
104 Redmine::Utils.relative_url_root = '/redmine'
105
105
106 back_urls = [
106 back_urls = [
107 'http://test.host/',
107 'http://test.host/',
108 'http://test.host/fake',
108 'http://test.host/fake',
109 'http://test.host/fake/issues',
109 'http://test.host/fake/issues',
110 'http://test.host/redmine/../fake',
110 'http://test.host/redmine/../fake',
111 'http://test.host/redmine/../fake/issues',
111 'http://test.host/redmine/../fake/issues',
112 'http://test.host/redmine/%2e%2e/fake',
112 'http://test.host/redmine/%2e%2e/fake',
113 '//test.foo/fake',
113 '//test.foo/fake',
114 'http://test.host//fake',
114 'http://test.host//fake',
115 'http://test.host/\n//fake',
115 'http://test.host/\n//fake',
116 '//bar@test.foo',
116 '//bar@test.foo',
117 '//test.foo',
117 '//test.foo',
118 '////test.foo',
118 '////test.foo',
119 '@test.foo',
119 '@test.foo',
120 'fake@test.foo',
120 'fake@test.foo',
121 '.test.foo'
121 '.test.foo'
122 ]
122 ]
123 back_urls.each do |back_url|
123 back_urls.each do |back_url|
124 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
124 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
125 assert_redirected_to '/my/page'
125 assert_redirected_to '/my/page'
126 end
126 end
127 ensure
127 ensure
128 Redmine::Utils.relative_url_root = @relative_url_root
128 Redmine::Utils.relative_url_root = @relative_url_root
129 end
129 end
130
130
131 def test_login_with_wrong_password
131 def test_login_with_wrong_password
132 post :login, :username => 'admin', :password => 'bad'
132 post :login, :username => 'admin', :password => 'bad'
133 assert_response :success
133 assert_response :success
134 assert_template 'login'
134 assert_template 'login'
135
135
136 assert_select 'div.flash.error', :text => /Invalid user or password/
136 assert_select 'div.flash.error', :text => /Invalid user or password/
137 assert_select 'input[name=username][value=admin]'
137 assert_select 'input[name=username][value=admin]'
138 assert_select 'input[name=password]'
138 assert_select 'input[name=password]'
139 assert_select 'input[name=password][value]', 0
139 assert_select 'input[name=password][value]', 0
140 end
140 end
141
141
142 def test_login_with_locked_account_should_fail
142 def test_login_with_locked_account_should_fail
143 User.find(2).update_attribute :status, User::STATUS_LOCKED
143 User.find(2).update_attribute :status, User::STATUS_LOCKED
144
144
145 post :login, :username => 'jsmith', :password => 'jsmith'
145 post :login, :username => 'jsmith', :password => 'jsmith'
146 assert_redirected_to '/login'
146 assert_redirected_to '/login'
147 assert_include 'locked', flash[:error]
147 assert_include 'locked', flash[:error]
148 assert_nil @request.session[:user_id]
148 assert_nil @request.session[:user_id]
149 end
149 end
150
150
151 def test_login_as_registered_user_with_manual_activation_should_inform_user
151 def test_login_as_registered_user_with_manual_activation_should_inform_user
152 User.find(2).update_attribute :status, User::STATUS_REGISTERED
152 User.find(2).update_attribute :status, User::STATUS_REGISTERED
153
153
154 with_settings :self_registration => '2', :default_language => 'en' do
154 with_settings :self_registration => '2', :default_language => 'en' do
155 post :login, :username => 'jsmith', :password => 'jsmith'
155 post :login, :username => 'jsmith', :password => 'jsmith'
156 assert_redirected_to '/login'
156 assert_redirected_to '/login'
157 assert_include 'pending administrator approval', flash[:error]
157 assert_include 'pending administrator approval', flash[:error]
158 end
158 end
159 end
159 end
160
160
161 def test_login_as_registered_user_with_email_activation_should_propose_new_activation_email
161 def test_login_as_registered_user_with_email_activation_should_propose_new_activation_email
162 User.find(2).update_attribute :status, User::STATUS_REGISTERED
162 User.find(2).update_attribute :status, User::STATUS_REGISTERED
163
163
164 with_settings :self_registration => '1', :default_language => 'en' do
164 with_settings :self_registration => '1', :default_language => 'en' do
165 post :login, :username => 'jsmith', :password => 'jsmith'
165 post :login, :username => 'jsmith', :password => 'jsmith'
166 assert_redirected_to '/login'
166 assert_redirected_to '/login'
167 assert_equal 2, @request.session[:registered_user_id]
167 assert_equal 2, @request.session[:registered_user_id]
168 assert_include 'new activation email', flash[:error]
168 assert_include 'new activation email', flash[:error]
169 end
169 end
170 end
170 end
171
171
172 def test_login_should_rescue_auth_source_exception
172 def test_login_should_rescue_auth_source_exception
173 source = AuthSource.create!(:name => 'Test')
173 source = AuthSource.create!(:name => 'Test')
174 User.find(2).update_attribute :auth_source_id, source.id
174 User.find(2).update_attribute :auth_source_id, source.id
175 AuthSource.any_instance.stubs(:authenticate).raises(AuthSourceException.new("Something wrong"))
175 AuthSource.any_instance.stubs(:authenticate).raises(AuthSourceException.new("Something wrong"))
176
176
177 post :login, :username => 'jsmith', :password => 'jsmith'
177 post :login, :username => 'jsmith', :password => 'jsmith'
178 assert_response 500
178 assert_response 500
179 assert_select_error /Something wrong/
179 assert_select_error /Something wrong/
180 end
180 end
181
181
182 def test_login_should_reset_session
182 def test_login_should_reset_session
183 @controller.expects(:reset_session).once
183 @controller.expects(:reset_session).once
184
184
185 post :login, :username => 'jsmith', :password => 'jsmith'
185 post :login, :username => 'jsmith', :password => 'jsmith'
186 assert_response 302
186 assert_response 302
187 end
187 end
188
188
189 def test_get_logout_should_not_logout
189 def test_get_logout_should_not_logout
190 @request.session[:user_id] = 2
190 @request.session[:user_id] = 2
191 get :logout
191 get :logout
192 assert_response :success
192 assert_response :success
193 assert_template 'logout'
193 assert_template 'logout'
194
194
195 assert_equal 2, @request.session[:user_id]
195 assert_equal 2, @request.session[:user_id]
196 end
196 end
197
197
198 def test_get_logout_with_anonymous_should_redirect
198 def test_get_logout_with_anonymous_should_redirect
199 get :logout
199 get :logout
200 assert_redirected_to '/'
200 assert_redirected_to '/'
201 end
201 end
202
202
203 def test_logout
203 def test_logout
204 @request.session[:user_id] = 2
204 @request.session[:user_id] = 2
205 post :logout
205 post :logout
206 assert_redirected_to '/'
206 assert_redirected_to '/'
207 assert_nil @request.session[:user_id]
207 assert_nil @request.session[:user_id]
208 end
208 end
209
209
210 def test_logout_should_reset_session
210 def test_logout_should_reset_session
211 @controller.expects(:reset_session).once
211 @controller.expects(:reset_session).once
212
212
213 @request.session[:user_id] = 2
213 @request.session[:user_id] = 2
214 post :logout
214 post :logout
215 assert_response 302
215 assert_response 302
216 end
216 end
217
217
218 def test_get_register_with_registration_on
218 def test_get_register_with_registration_on
219 with_settings :self_registration => '3' do
219 with_settings :self_registration => '3' do
220 get :register
220 get :register
221 assert_response :success
221 assert_response :success
222 assert_template 'register'
222 assert_template 'register'
223 assert_not_nil assigns(:user)
223 assert_not_nil assigns(:user)
224
224
225 assert_select 'input[name=?]', 'user[password]'
225 assert_select 'input[name=?]', 'user[password]'
226 assert_select 'input[name=?]', 'user[password_confirmation]'
226 assert_select 'input[name=?]', 'user[password_confirmation]'
227 end
227 end
228 end
228 end
229
229
230 def test_get_register_should_detect_user_language
230 def test_get_register_should_detect_user_language
231 with_settings :self_registration => '3' do
231 with_settings :self_registration => '3' do
232 @request.env['HTTP_ACCEPT_LANGUAGE'] = 'fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3'
232 @request.env['HTTP_ACCEPT_LANGUAGE'] = 'fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3'
233 get :register
233 get :register
234 assert_response :success
234 assert_response :success
235 assert_not_nil assigns(:user)
235 assert_not_nil assigns(:user)
236 assert_equal 'fr', assigns(:user).language
236 assert_equal 'fr', assigns(:user).language
237 assert_select 'select[name=?]', 'user[language]' do
237 assert_select 'select[name=?]', 'user[language]' do
238 assert_select 'option[value=fr][selected=selected]'
238 assert_select 'option[value=fr][selected=selected]'
239 end
239 end
240 end
240 end
241 end
241 end
242
242
243 def test_get_register_with_registration_off_should_redirect
243 def test_get_register_with_registration_off_should_redirect
244 with_settings :self_registration => '0' do
244 with_settings :self_registration => '0' do
245 get :register
245 get :register
246 assert_redirected_to '/'
246 assert_redirected_to '/'
247 end
247 end
248 end
248 end
249
249
250 # See integration/account_test.rb for the full test
250 # See integration/account_test.rb for the full test
251 def test_post_register_with_registration_on
251 def test_post_register_with_registration_on
252 with_settings :self_registration => '3' do
252 with_settings :self_registration => '3' do
253 assert_difference 'User.count' do
253 assert_difference 'User.count' do
254 post :register, :user => {
254 post :register, :user => {
255 :login => 'register',
255 :login => 'register',
256 :password => 'secret123',
256 :password => 'secret123',
257 :password_confirmation => 'secret123',
257 :password_confirmation => 'secret123',
258 :firstname => 'John',
258 :firstname => 'John',
259 :lastname => 'Doe',
259 :lastname => 'Doe',
260 :mail => 'register@example.com'
260 :mail => 'register@example.com'
261 }
261 }
262 assert_redirected_to '/my/account'
262 assert_redirected_to '/my/account'
263 end
263 end
264 user = User.order('id DESC').first
264 user = User.order('id DESC').first
265 assert_equal 'register', user.login
265 assert_equal 'register', user.login
266 assert_equal 'John', user.firstname
266 assert_equal 'John', user.firstname
267 assert_equal 'Doe', user.lastname
267 assert_equal 'Doe', user.lastname
268 assert_equal 'register@example.com', user.mail
268 assert_equal 'register@example.com', user.mail
269 assert user.check_password?('secret123')
269 assert user.check_password?('secret123')
270 assert user.active?
270 assert user.active?
271 end
271 end
272 end
272 end
273
273
274 def test_post_register_with_registration_off_should_redirect
274 def test_post_register_with_registration_off_should_redirect
275 with_settings :self_registration => '0' do
275 with_settings :self_registration => '0' do
276 assert_no_difference 'User.count' do
276 assert_no_difference 'User.count' do
277 post :register, :user => {
277 post :register, :user => {
278 :login => 'register',
278 :login => 'register',
279 :password => 'test',
279 :password => 'test',
280 :password_confirmation => 'test',
280 :password_confirmation => 'test',
281 :firstname => 'John',
281 :firstname => 'John',
282 :lastname => 'Doe',
282 :lastname => 'Doe',
283 :mail => 'register@example.com'
283 :mail => 'register@example.com'
284 }
284 }
285 assert_redirected_to '/'
285 assert_redirected_to '/'
286 end
286 end
287 end
287 end
288 end
288 end
289
289
290 def test_get_lost_password_should_display_lost_password_form
290 def test_get_lost_password_should_display_lost_password_form
291 get :lost_password
291 get :lost_password
292 assert_response :success
292 assert_response :success
293 assert_select 'input[name=mail]'
293 assert_select 'input[name=mail]'
294 end
294 end
295
295
296 def test_lost_password_for_active_user_should_create_a_token
296 def test_lost_password_for_active_user_should_create_a_token
297 Token.delete_all
297 Token.delete_all
298 ActionMailer::Base.deliveries.clear
298 ActionMailer::Base.deliveries.clear
299 assert_difference 'ActionMailer::Base.deliveries.size' do
299 assert_difference 'ActionMailer::Base.deliveries.size' do
300 assert_difference 'Token.count' do
300 assert_difference 'Token.count' do
301 with_settings :host_name => 'mydomain.foo', :protocol => 'http' do
301 with_settings :host_name => 'mydomain.foo', :protocol => 'http' do
302 post :lost_password, :mail => 'JSmith@somenet.foo'
302 post :lost_password, :mail => 'JSmith@somenet.foo'
303 assert_redirected_to '/login'
303 assert_redirected_to '/login'
304 end
304 end
305 end
305 end
306 end
306 end
307
307
308 token = Token.order('id DESC').first
308 token = Token.order('id DESC').first
309 assert_equal User.find(2), token.user
309 assert_equal User.find(2), token.user
310 assert_equal 'recovery', token.action
310 assert_equal 'recovery', token.action
311
311
312 assert_select_email do
312 assert_select_email do
313 assert_select "a[href=?]", "http://mydomain.foo/account/lost_password?token=#{token.value}"
313 assert_select "a[href=?]", "http://mydomain.foo/account/lost_password?token=#{token.value}"
314 end
314 end
315 end
315 end
316
316
317 def test_lost_password_using_additional_email_address_should_send_email_to_the_address
317 def test_lost_password_using_additional_email_address_should_send_email_to_the_address
318 EmailAddress.create!(:user_id => 2, :address => 'anotherAddress@foo.bar')
318 EmailAddress.create!(:user_id => 2, :address => 'anotherAddress@foo.bar')
319 Token.delete_all
319 Token.delete_all
320
320
321 assert_difference 'ActionMailer::Base.deliveries.size' do
321 assert_difference 'ActionMailer::Base.deliveries.size' do
322 assert_difference 'Token.count' do
322 assert_difference 'Token.count' do
323 post :lost_password, :mail => 'ANOTHERaddress@foo.bar'
323 post :lost_password, :mail => 'ANOTHERaddress@foo.bar'
324 assert_redirected_to '/login'
324 assert_redirected_to '/login'
325 end
325 end
326 end
326 end
327 mail = ActionMailer::Base.deliveries.last
327 mail = ActionMailer::Base.deliveries.last
328 assert_equal ['anotherAddress@foo.bar'], mail.bcc
328 assert_equal ['anotherAddress@foo.bar'], mail.bcc
329 end
329 end
330
330
331 def test_lost_password_for_unknown_user_should_fail
331 def test_lost_password_for_unknown_user_should_fail
332 Token.delete_all
332 Token.delete_all
333 assert_no_difference 'Token.count' do
333 assert_no_difference 'Token.count' do
334 post :lost_password, :mail => 'invalid@somenet.foo'
334 post :lost_password, :mail => 'invalid@somenet.foo'
335 assert_response :success
335 assert_response :success
336 end
336 end
337 end
337 end
338
338
339 def test_lost_password_for_non_active_user_should_fail
339 def test_lost_password_for_non_active_user_should_fail
340 Token.delete_all
340 Token.delete_all
341 assert User.find(2).lock!
341 assert User.find(2).lock!
342
342
343 assert_no_difference 'Token.count' do
343 assert_no_difference 'Token.count' do
344 post :lost_password, :mail => 'JSmith@somenet.foo'
344 post :lost_password, :mail => 'JSmith@somenet.foo'
345 assert_redirected_to '/account/lost_password'
345 assert_redirected_to '/account/lost_password'
346 end
346 end
347 end
347 end
348
348
349 def test_lost_password_for_user_who_cannot_change_password_should_fail
349 def test_lost_password_for_user_who_cannot_change_password_should_fail
350 User.any_instance.stubs(:change_password_allowed?).returns(false)
350 User.any_instance.stubs(:change_password_allowed?).returns(false)
351
351
352 assert_no_difference 'Token.count' do
352 assert_no_difference 'Token.count' do
353 post :lost_password, :mail => 'JSmith@somenet.foo'
353 post :lost_password, :mail => 'JSmith@somenet.foo'
354 assert_response :success
354 assert_response :success
355 end
355 end
356 end
356 end
357
357
358 def test_get_lost_password_with_token_should_display_the_password_recovery_form
358 def test_get_lost_password_with_token_should_redirect_with_token_in_session
359 user = User.find(2)
359 user = User.find(2)
360 token = Token.create!(:action => 'recovery', :user => user)
360 token = Token.create!(:action => 'recovery', :user => user)
361
361
362 get :lost_password, :token => token.value
362 get :lost_password, :token => token.value
363 assert_redirected_to '/account/lost_password'
364
365 assert_equal token.value, request.session[:password_recovery_token]
366 end
367
368 def test_get_lost_password_with_token_in_session_should_display_the_password_recovery_form
369 user = User.find(2)
370 token = Token.create!(:action => 'recovery', :user => user)
371 request.session[:password_recovery_token] = token.value
372
373 get :lost_password
363 assert_response :success
374 assert_response :success
364 assert_template 'password_recovery'
375 assert_template 'password_recovery'
365
376
366 assert_select 'input[type=hidden][name=token][value=?]', token.value
377 assert_select 'input[type=hidden][name=token][value=?]', token.value
367 end
378 end
368
379
369 def test_get_lost_password_with_invalid_token_should_redirect
380 def test_get_lost_password_with_invalid_token_should_redirect
370 get :lost_password, :token => "abcdef"
381 get :lost_password, :token => "abcdef"
371 assert_redirected_to '/'
382 assert_redirected_to '/'
372 end
383 end
373
384
374 def test_post_lost_password_with_token_should_change_the_user_password
385 def test_post_lost_password_with_token_should_change_the_user_password
375 user = User.find(2)
386 user = User.find(2)
376 token = Token.create!(:action => 'recovery', :user => user)
387 token = Token.create!(:action => 'recovery', :user => user)
377
388
378 post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123'
389 post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123'
379 assert_redirected_to '/login'
390 assert_redirected_to '/login'
380 user.reload
391 user.reload
381 assert user.check_password?('newpass123')
392 assert user.check_password?('newpass123')
382 assert_nil Token.find_by_id(token.id), "Token was not deleted"
393 assert_nil Token.find_by_id(token.id), "Token was not deleted"
383 end
394 end
384
395
385 def test_post_lost_password_with_token_for_non_active_user_should_fail
396 def test_post_lost_password_with_token_for_non_active_user_should_fail
386 user = User.find(2)
397 user = User.find(2)
387 token = Token.create!(:action => 'recovery', :user => user)
398 token = Token.create!(:action => 'recovery', :user => user)
388 user.lock!
399 user.lock!
389
400
390 post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123'
401 post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123'
391 assert_redirected_to '/'
402 assert_redirected_to '/'
392 assert ! user.check_password?('newpass123')
403 assert ! user.check_password?('newpass123')
393 end
404 end
394
405
395 def test_post_lost_password_with_token_and_password_confirmation_failure_should_redisplay_the_form
406 def test_post_lost_password_with_token_and_password_confirmation_failure_should_redisplay_the_form
396 user = User.find(2)
407 user = User.find(2)
397 token = Token.create!(:action => 'recovery', :user => user)
408 token = Token.create!(:action => 'recovery', :user => user)
398
409
399 post :lost_password, :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'wrongpass'
410 post :lost_password, :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'wrongpass'
400 assert_response :success
411 assert_response :success
401 assert_template 'password_recovery'
412 assert_template 'password_recovery'
402 assert_not_nil Token.find_by_id(token.id), "Token was deleted"
413 assert_not_nil Token.find_by_id(token.id), "Token was deleted"
403
414
404 assert_select 'input[type=hidden][name=token][value=?]', token.value
415 assert_select 'input[type=hidden][name=token][value=?]', token.value
405 end
416 end
406
417
407 def test_post_lost_password_with_invalid_token_should_redirect
418 def test_post_lost_password_with_invalid_token_should_redirect
408 post :lost_password, :token => "abcdef", :new_password => 'newpass', :new_password_confirmation => 'newpass'
419 post :lost_password, :token => "abcdef", :new_password => 'newpass', :new_password_confirmation => 'newpass'
409 assert_redirected_to '/'
420 assert_redirected_to '/'
410 end
421 end
411
422
412 def test_activation_email_should_send_an_activation_email
423 def test_activation_email_should_send_an_activation_email
413 User.find(2).update_attribute :status, User::STATUS_REGISTERED
424 User.find(2).update_attribute :status, User::STATUS_REGISTERED
414 @request.session[:registered_user_id] = 2
425 @request.session[:registered_user_id] = 2
415
426
416 with_settings :self_registration => '1' do
427 with_settings :self_registration => '1' do
417 assert_difference 'ActionMailer::Base.deliveries.size' do
428 assert_difference 'ActionMailer::Base.deliveries.size' do
418 get :activation_email
429 get :activation_email
419 assert_redirected_to '/login'
430 assert_redirected_to '/login'
420 end
431 end
421 end
432 end
422 end
433 end
423
434
424 def test_activation_email_without_session_data_should_fail
435 def test_activation_email_without_session_data_should_fail
425 User.find(2).update_attribute :status, User::STATUS_REGISTERED
436 User.find(2).update_attribute :status, User::STATUS_REGISTERED
426
437
427 with_settings :self_registration => '1' do
438 with_settings :self_registration => '1' do
428 assert_no_difference 'ActionMailer::Base.deliveries.size' do
439 assert_no_difference 'ActionMailer::Base.deliveries.size' do
429 get :activation_email
440 get :activation_email
430 assert_redirected_to '/'
441 assert_redirected_to '/'
431 end
442 end
432 end
443 end
433 end
444 end
434 end
445 end
Show file before | Show file after | Hide comments
@@ -1,338 +1,341
1 # Redmine - project management software
1 # Redmine - project management software
2 # Copyright (C) 2006-2016 Jean-Philippe Lang
2 # Copyright (C) 2006-2016 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 require File.expand_path('../../test_helper', __FILE__)
18 require File.expand_path('../../test_helper', __FILE__)
19
19
20 class AccountTest < Redmine::IntegrationTest
20 class AccountTest < Redmine::IntegrationTest
21 fixtures :users, :email_addresses, :roles
21 fixtures :users, :email_addresses, :roles
22
22
23 def test_login
23 def test_login
24 get "/my/page"
24 get "/my/page"
25 assert_redirected_to "/login?back_url=http%3A%2F%2Fwww.example.com%2Fmy%2Fpage"
25 assert_redirected_to "/login?back_url=http%3A%2F%2Fwww.example.com%2Fmy%2Fpage"
26 log_user('jsmith', 'jsmith')
26 log_user('jsmith', 'jsmith')
27
27
28 get "/my/account"
28 get "/my/account"
29 assert_response :success
29 assert_response :success
30 assert_template "my/account"
30 assert_template "my/account"
31 end
31 end
32
32
33 def test_login_should_set_session_token
33 def test_login_should_set_session_token
34 assert_difference 'Token.count' do
34 assert_difference 'Token.count' do
35 log_user('jsmith', 'jsmith')
35 log_user('jsmith', 'jsmith')
36
36
37 assert_equal 2, session[:user_id]
37 assert_equal 2, session[:user_id]
38 assert_not_nil session[:tk]
38 assert_not_nil session[:tk]
39 end
39 end
40 end
40 end
41
41
42 def test_autologin
42 def test_autologin
43 user = User.find(1)
43 user = User.find(1)
44 Token.delete_all
44 Token.delete_all
45
45
46 with_settings :autologin => '7' do
46 with_settings :autologin => '7' do
47 assert_difference 'Token.count', 2 do
47 assert_difference 'Token.count', 2 do
48 # User logs in with 'autologin' checked
48 # User logs in with 'autologin' checked
49 post '/login', :username => user.login, :password => 'admin', :autologin => 1
49 post '/login', :username => user.login, :password => 'admin', :autologin => 1
50 assert_redirected_to '/my/page'
50 assert_redirected_to '/my/page'
51 end
51 end
52 token = Token.where(:action => 'autologin').order(:id => :desc).first
52 token = Token.where(:action => 'autologin').order(:id => :desc).first
53 assert_not_nil token
53 assert_not_nil token
54 assert_equal user, token.user
54 assert_equal user, token.user
55 assert_equal 'autologin', token.action
55 assert_equal 'autologin', token.action
56 assert_equal user.id, session[:user_id]
56 assert_equal user.id, session[:user_id]
57 assert_equal token.value, cookies['autologin']
57 assert_equal token.value, cookies['autologin']
58
58
59 # Session is cleared
59 # Session is cleared
60 reset!
60 reset!
61 User.current = nil
61 User.current = nil
62 # Clears user's last login timestamp
62 # Clears user's last login timestamp
63 user.update_attribute :last_login_on, nil
63 user.update_attribute :last_login_on, nil
64 assert_nil user.reload.last_login_on
64 assert_nil user.reload.last_login_on
65
65
66 # User comes back with user's autologin cookie
66 # User comes back with user's autologin cookie
67 cookies[:autologin] = token.value
67 cookies[:autologin] = token.value
68 get '/my/page'
68 get '/my/page'
69 assert_response :success
69 assert_response :success
70 assert_template 'my/page'
70 assert_template 'my/page'
71 assert_equal user.id, session[:user_id]
71 assert_equal user.id, session[:user_id]
72 assert_not_nil user.reload.last_login_on
72 assert_not_nil user.reload.last_login_on
73 end
73 end
74 end
74 end
75
75
76 def test_autologin_should_use_autologin_cookie_name
76 def test_autologin_should_use_autologin_cookie_name
77 Token.delete_all
77 Token.delete_all
78 Redmine::Configuration.stubs(:[]).with('autologin_cookie_name').returns('custom_autologin')
78 Redmine::Configuration.stubs(:[]).with('autologin_cookie_name').returns('custom_autologin')
79 Redmine::Configuration.stubs(:[]).with('autologin_cookie_path').returns('/')
79 Redmine::Configuration.stubs(:[]).with('autologin_cookie_path').returns('/')
80 Redmine::Configuration.stubs(:[]).with('autologin_cookie_secure').returns(false)
80 Redmine::Configuration.stubs(:[]).with('autologin_cookie_secure').returns(false)
81 Redmine::Configuration.stubs(:[]).with('sudo_mode_timeout').returns(15)
81 Redmine::Configuration.stubs(:[]).with('sudo_mode_timeout').returns(15)
82
82
83 with_settings :autologin => '7' do
83 with_settings :autologin => '7' do
84 assert_difference 'Token.count', 2 do
84 assert_difference 'Token.count', 2 do
85 post '/login', :username => 'admin', :password => 'admin', :autologin => 1
85 post '/login', :username => 'admin', :password => 'admin', :autologin => 1
86 assert_response 302
86 assert_response 302
87 end
87 end
88 assert cookies['custom_autologin'].present?
88 assert cookies['custom_autologin'].present?
89 token = cookies['custom_autologin']
89 token = cookies['custom_autologin']
90
90
91 # Session is cleared
91 # Session is cleared
92 reset!
92 reset!
93 cookies['custom_autologin'] = token
93 cookies['custom_autologin'] = token
94 get '/my/page'
94 get '/my/page'
95 assert_response :success
95 assert_response :success
96
96
97 assert_difference 'Token.count', -2 do
97 assert_difference 'Token.count', -2 do
98 post '/logout'
98 post '/logout'
99 end
99 end
100 assert cookies['custom_autologin'].blank?
100 assert cookies['custom_autologin'].blank?
101 end
101 end
102 end
102 end
103
103
104 def test_lost_password
104 def test_lost_password
105 Token.delete_all
105 Token.delete_all
106
106
107 get "/account/lost_password"
107 get "/account/lost_password"
108 assert_response :success
108 assert_response :success
109 assert_template "account/lost_password"
109 assert_template "account/lost_password"
110 assert_select 'input[name=mail]'
110 assert_select 'input[name=mail]'
111
111
112 post "/account/lost_password", :mail => 'jSmith@somenet.foo'
112 post "/account/lost_password", :mail => 'jSmith@somenet.foo'
113 assert_redirected_to "/login"
113 assert_redirected_to "/login"
114
114
115 token = Token.first
115 token = Token.first
116 assert_equal 'recovery', token.action
116 assert_equal 'recovery', token.action
117 assert_equal 'jsmith@somenet.foo', token.user.mail
117 assert_equal 'jsmith@somenet.foo', token.user.mail
118 assert !token.expired?
118 assert !token.expired?
119
119
120 get "/account/lost_password", :token => token.value
120 get "/account/lost_password", :token => token.value
121 assert_redirected_to '/account/lost_password'
122
123 follow_redirect!
121 assert_response :success
124 assert_response :success
122 assert_template "account/password_recovery"
125 assert_template "account/password_recovery"
123 assert_select 'input[type=hidden][name=token][value=?]', token.value
126 assert_select 'input[type=hidden][name=token][value=?]', token.value
124 assert_select 'input[name=new_password]'
127 assert_select 'input[name=new_password]'
125 assert_select 'input[name=new_password_confirmation]'
128 assert_select 'input[name=new_password_confirmation]'
126
129
127 post "/account/lost_password",
130 post "/account/lost_password",
128 :token => token.value, :new_password => 'newpass123',
131 :token => token.value, :new_password => 'newpass123',
129 :new_password_confirmation => 'newpass123'
132 :new_password_confirmation => 'newpass123'
130 assert_redirected_to "/login"
133 assert_redirected_to "/login"
131 assert_equal 'Password was successfully updated.', flash[:notice]
134 assert_equal 'Password was successfully updated.', flash[:notice]
132
135
133 log_user('jsmith', 'newpass123')
136 log_user('jsmith', 'newpass123')
134 assert_equal false, Token.exists?(token.id), "Password recovery token was not deleted"
137 assert_equal false, Token.exists?(token.id), "Password recovery token was not deleted"
135 end
138 end
136
139
137 def test_user_with_must_change_passwd_should_be_forced_to_change_its_password
140 def test_user_with_must_change_passwd_should_be_forced_to_change_its_password
138 User.find_by_login('jsmith').update_attribute :must_change_passwd, true
141 User.find_by_login('jsmith').update_attribute :must_change_passwd, true
139
142
140 post '/login', :username => 'jsmith', :password => 'jsmith'
143 post '/login', :username => 'jsmith', :password => 'jsmith'
141 assert_redirected_to '/my/page'
144 assert_redirected_to '/my/page'
142 follow_redirect!
145 follow_redirect!
143 assert_redirected_to '/my/password'
146 assert_redirected_to '/my/password'
144
147
145 get '/issues'
148 get '/issues'
146 assert_redirected_to '/my/password'
149 assert_redirected_to '/my/password'
147 end
150 end
148
151
149 def test_user_with_must_change_passwd_should_be_able_to_change_its_password
152 def test_user_with_must_change_passwd_should_be_able_to_change_its_password
150 User.find_by_login('jsmith').update_attribute :must_change_passwd, true
153 User.find_by_login('jsmith').update_attribute :must_change_passwd, true
151
154
152 post '/login', :username => 'jsmith', :password => 'jsmith'
155 post '/login', :username => 'jsmith', :password => 'jsmith'
153 assert_redirected_to '/my/page'
156 assert_redirected_to '/my/page'
154 follow_redirect!
157 follow_redirect!
155 assert_redirected_to '/my/password'
158 assert_redirected_to '/my/password'
156 follow_redirect!
159 follow_redirect!
157 assert_response :success
160 assert_response :success
158 post '/my/password', :password => 'jsmith', :new_password => 'newpassword', :new_password_confirmation => 'newpassword'
161 post '/my/password', :password => 'jsmith', :new_password => 'newpassword', :new_password_confirmation => 'newpassword'
159 assert_redirected_to '/my/account'
162 assert_redirected_to '/my/account'
160 follow_redirect!
163 follow_redirect!
161 assert_response :success
164 assert_response :success
162
165
163 assert_equal false, User.find_by_login('jsmith').must_change_passwd?
166 assert_equal false, User.find_by_login('jsmith').must_change_passwd?
164 end
167 end
165
168
166 def test_user_with_expired_password_should_be_forced_to_change_its_password
169 def test_user_with_expired_password_should_be_forced_to_change_its_password
167 User.find_by_login('jsmith').update_attribute :passwd_changed_on, 14.days.ago
170 User.find_by_login('jsmith').update_attribute :passwd_changed_on, 14.days.ago
168
171
169 with_settings :password_max_age => 7 do
172 with_settings :password_max_age => 7 do
170 post '/login', :username => 'jsmith', :password => 'jsmith'
173 post '/login', :username => 'jsmith', :password => 'jsmith'
171 assert_redirected_to '/my/page'
174 assert_redirected_to '/my/page'
172 follow_redirect!
175 follow_redirect!
173 assert_redirected_to '/my/password'
176 assert_redirected_to '/my/password'
174
177
175 get '/issues'
178 get '/issues'
176 assert_redirected_to '/my/password'
179 assert_redirected_to '/my/password'
177 end
180 end
178 end
181 end
179
182
180 def test_user_with_expired_password_should_be_able_to_change_its_password
183 def test_user_with_expired_password_should_be_able_to_change_its_password
181 User.find_by_login('jsmith').update_attribute :passwd_changed_on, 14.days.ago
184 User.find_by_login('jsmith').update_attribute :passwd_changed_on, 14.days.ago
182
185
183 with_settings :password_max_age => 7 do
186 with_settings :password_max_age => 7 do
184 post '/login', :username => 'jsmith', :password => 'jsmith'
187 post '/login', :username => 'jsmith', :password => 'jsmith'
185 assert_redirected_to '/my/page'
188 assert_redirected_to '/my/page'
186 follow_redirect!
189 follow_redirect!
187 assert_redirected_to '/my/password'
190 assert_redirected_to '/my/password'
188 follow_redirect!
191 follow_redirect!
189 assert_response :success
192 assert_response :success
190 post '/my/password', :password => 'jsmith', :new_password => 'newpassword', :new_password_confirmation => 'newpassword'
193 post '/my/password', :password => 'jsmith', :new_password => 'newpassword', :new_password_confirmation => 'newpassword'
191 assert_redirected_to '/my/account'
194 assert_redirected_to '/my/account'
192 follow_redirect!
195 follow_redirect!
193 assert_response :success
196 assert_response :success
194
197
195 assert_equal false, User.find_by_login('jsmith').must_change_passwd?
198 assert_equal false, User.find_by_login('jsmith').must_change_passwd?
196 end
199 end
197
200
198 end
201 end
199
202
200 def test_register_with_automatic_activation
203 def test_register_with_automatic_activation
201 Setting.self_registration = '3'
204 Setting.self_registration = '3'
202
205
203 get '/account/register'
206 get '/account/register'
204 assert_response :success
207 assert_response :success
205 assert_template 'account/register'
208 assert_template 'account/register'
206
209
207 post '/account/register',
210 post '/account/register',
208 :user => {:login => "newuser", :language => "en",
211 :user => {:login => "newuser", :language => "en",
209 :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",
212 :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",
210 :password => "newpass123", :password_confirmation => "newpass123"}
213 :password => "newpass123", :password_confirmation => "newpass123"}
211 assert_redirected_to '/my/account'
214 assert_redirected_to '/my/account'
212 follow_redirect!
215 follow_redirect!
213 assert_response :success
216 assert_response :success
214 assert_template 'my/account'
217 assert_template 'my/account'
215
218
216 user = User.find_by_login('newuser')
219 user = User.find_by_login('newuser')
217 assert_not_nil user
220 assert_not_nil user
218 assert user.active?
221 assert user.active?
219 assert_not_nil user.last_login_on
222 assert_not_nil user.last_login_on
220 end
223 end
221
224
222 def test_register_with_manual_activation
225 def test_register_with_manual_activation
223 Setting.self_registration = '2'
226 Setting.self_registration = '2'
224
227
225 post '/account/register',
228 post '/account/register',
226 :user => {:login => "newuser", :language => "en",
229 :user => {:login => "newuser", :language => "en",
227 :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",
230 :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",
228 :password => "newpass123", :password_confirmation => "newpass123"}
231 :password => "newpass123", :password_confirmation => "newpass123"}
229 assert_redirected_to '/login'
232 assert_redirected_to '/login'
230 assert !User.find_by_login('newuser').active?
233 assert !User.find_by_login('newuser').active?
231 end
234 end
232
235
233 def test_register_with_email_activation
236 def test_register_with_email_activation
234 Setting.self_registration = '1'
237 Setting.self_registration = '1'
235 Token.delete_all
238 Token.delete_all
236
239
237 post '/account/register',
240 post '/account/register',
238 :user => {:login => "newuser", :language => "en",
241 :user => {:login => "newuser", :language => "en",
239 :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",
242 :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",
240 :password => "newpass123", :password_confirmation => "newpass123"}
243 :password => "newpass123", :password_confirmation => "newpass123"}
241 assert_redirected_to '/login'
244 assert_redirected_to '/login'
242 assert !User.find_by_login('newuser').active?
245 assert !User.find_by_login('newuser').active?
243
246
244 token = Token.first
247 token = Token.first
245 assert_equal 'register', token.action
248 assert_equal 'register', token.action
246 assert_equal 'newuser@foo.bar', token.user.mail
249 assert_equal 'newuser@foo.bar', token.user.mail
247 assert !token.expired?
250 assert !token.expired?
248
251
249 get '/account/activate', :token => token.value
252 get '/account/activate', :token => token.value
250 assert_redirected_to '/login'
253 assert_redirected_to '/login'
251 log_user('newuser', 'newpass123')
254 log_user('newuser', 'newpass123')
252 end
255 end
253
256
254 def test_onthefly_registration
257 def test_onthefly_registration
255 # disable registration
258 # disable registration
256 Setting.self_registration = '0'
259 Setting.self_registration = '0'
257 AuthSource.expects(:authenticate).returns(
260 AuthSource.expects(:authenticate).returns(
258 {:login => 'foo', :firstname => 'Foo', :lastname => 'Smith',
261 {:login => 'foo', :firstname => 'Foo', :lastname => 'Smith',
259 :mail => 'foo@bar.com', :auth_source_id => 66})
262 :mail => 'foo@bar.com', :auth_source_id => 66})
260
263
261 post '/login', :username => 'foo', :password => 'bar'
264 post '/login', :username => 'foo', :password => 'bar'
262 assert_redirected_to '/my/page'
265 assert_redirected_to '/my/page'
263
266
264 user = User.find_by_login('foo')
267 user = User.find_by_login('foo')
265 assert user.is_a?(User)
268 assert user.is_a?(User)
266 assert_equal 66, user.auth_source_id
269 assert_equal 66, user.auth_source_id
267 assert user.hashed_password.blank?
270 assert user.hashed_password.blank?
268 end
271 end
269
272
270 def test_onthefly_registration_with_invalid_attributes
273 def test_onthefly_registration_with_invalid_attributes
271 # disable registration
274 # disable registration
272 Setting.self_registration = '0'
275 Setting.self_registration = '0'
273 AuthSource.expects(:authenticate).returns(
276 AuthSource.expects(:authenticate).returns(
274 {:login => 'foo', :lastname => 'Smith', :auth_source_id => 66})
277 {:login => 'foo', :lastname => 'Smith', :auth_source_id => 66})
275
278
276 post '/login', :username => 'foo', :password => 'bar'
279 post '/login', :username => 'foo', :password => 'bar'
277 assert_response :success
280 assert_response :success
278 assert_template 'account/register'
281 assert_template 'account/register'
279 assert_select 'input[name=?][value=""]', 'user[firstname]'
282 assert_select 'input[name=?][value=""]', 'user[firstname]'
280 assert_select 'input[name=?][value=Smith]', 'user[lastname]'
283 assert_select 'input[name=?][value=Smith]', 'user[lastname]'
281 assert_select 'input[name=?]', 'user[login]', 0
284 assert_select 'input[name=?]', 'user[login]', 0
282 assert_select 'input[name=?]', 'user[password]', 0
285 assert_select 'input[name=?]', 'user[password]', 0
283
286
284 post '/account/register',
287 post '/account/register',
285 :user => {:firstname => 'Foo', :lastname => 'Smith', :mail => 'foo@bar.com'}
288 :user => {:firstname => 'Foo', :lastname => 'Smith', :mail => 'foo@bar.com'}
286 assert_redirected_to '/my/account'
289 assert_redirected_to '/my/account'
287
290
288 user = User.find_by_login('foo')
291 user = User.find_by_login('foo')
289 assert user.is_a?(User)
292 assert user.is_a?(User)
290 assert_equal 66, user.auth_source_id
293 assert_equal 66, user.auth_source_id
291 assert user.hashed_password.blank?
294 assert user.hashed_password.blank?
292 end
295 end
293
296
294 def test_registered_user_should_be_able_to_get_a_new_activation_email
297 def test_registered_user_should_be_able_to_get_a_new_activation_email
295 Token.delete_all
298 Token.delete_all
296
299
297 with_settings :self_registration => '1', :default_language => 'en' do
300 with_settings :self_registration => '1', :default_language => 'en' do
298 # register a new account
301 # register a new account
299 assert_difference 'User.count' do
302 assert_difference 'User.count' do
300 assert_difference 'Token.count' do
303 assert_difference 'Token.count' do
301 post '/account/register',
304 post '/account/register',
302 :user => {:login => "newuser", :language => "en",
305 :user => {:login => "newuser", :language => "en",
303 :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",
306 :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",
304 :password => "newpass123", :password_confirmation => "newpass123"}
307 :password => "newpass123", :password_confirmation => "newpass123"}
305 end
308 end
306 end
309 end
307 user = User.order('id desc').first
310 user = User.order('id desc').first
308 assert_equal User::STATUS_REGISTERED, user.status
311 assert_equal User::STATUS_REGISTERED, user.status
309 reset!
312 reset!
310
313
311 # try to use "lost password"
314 # try to use "lost password"
312 assert_no_difference 'ActionMailer::Base.deliveries.size' do
315 assert_no_difference 'ActionMailer::Base.deliveries.size' do
313 post '/account/lost_password', :mail => 'newuser@foo.bar'
316 post '/account/lost_password', :mail => 'newuser@foo.bar'
314 end
317 end
315 assert_redirected_to '/account/lost_password'
318 assert_redirected_to '/account/lost_password'
316 follow_redirect!
319 follow_redirect!
317 assert_response :success
320 assert_response :success
318 assert_select 'div.flash', :text => /new activation email/
321 assert_select 'div.flash', :text => /new activation email/
319 assert_select 'div.flash a[href="/account/activation_email"]'
322 assert_select 'div.flash a[href="/account/activation_email"]'
320
323
321 # request a new action activation email
324 # request a new action activation email
322 assert_difference 'ActionMailer::Base.deliveries.size' do
325 assert_difference 'ActionMailer::Base.deliveries.size' do
323 get '/account/activation_email'
326 get '/account/activation_email'
324 end
327 end
325 assert_redirected_to '/login'
328 assert_redirected_to '/login'
326 token = Token.order('id desc').first
329 token = Token.order('id desc').first
327 activation_path = "/account/activate?token=#{token.value}"
330 activation_path = "/account/activate?token=#{token.value}"
328 assert_include activation_path, mail_body(ActionMailer::Base.deliveries.last)
331 assert_include activation_path, mail_body(ActionMailer::Base.deliveries.last)
329
332
330 # activate the account
333 # activate the account
331 get activation_path
334 get activation_path
332 assert_redirected_to '/login'
335 assert_redirected_to '/login'
333
336
334 post '/login', :username => 'newuser', :password => 'newpass123'
337 post '/login', :username => 'newuser', :password => 'newpass123'
335 assert_redirected_to '/my/page'
338 assert_redirected_to '/my/page'
336 end
339 end
337 end
340 end
338 end
341 end
General Comments 0
You need to be logged in to leave comments. Login now