jro_apps/redmine Commit - r4386:a49c7f95e236

Fixes password sending when creating user....

Jean-Philippe Lang -

r4386:a49c7f95e236

parent child

Context file:

r4386:a49c7f95e236

Collapse all files

app/controllers/users_controller.rb +1 -1

             # Redmine - project management software
             # Copyright (C) 2006-2010  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class UsersController < ApplicationController
               layout 'admin'
               before_filter :require_admin, :except => :show
               accept_key_auth :index, :show, :create, :update
               helper :sort
               include SortHelper
               helper :custom_fields
               include CustomFieldsHelper
               def index
                 sort_init 'login', 'asc'
                 sort_update %w(login firstname lastname mail admin created_on last_login_on)
                 case params[:format]
                 when 'xml', 'json'
                   @offset, @limit = api_offset_and_limit
                 else
                   @limit = per_page_option
                 end
                 @status = params[:status] ? params[:status].to_i : 1
                 c = ARCondition.new(@status == 0 ? "status <> 0" : ["status = ?", @status])
                 unless params[:name].blank?
                   name = "%#{params[:name].strip.downcase}%"
                   c << ["LOWER(login) LIKE ? OR LOWER(firstname) LIKE ? OR LOWER(lastname) LIKE ? OR LOWER(mail) LIKE ?", name, name, name, name]
                 end
                 @user_count = User.count(:conditions => c.conditions)
                 @user_pages = Paginator.new self, @user_count, @limit, params['page']
                 @offset ||= @user_pages.current.offset
                 @users =  User.find :all,
                                     :order => sort_clause,
                                     :conditions => c.conditions,
                                     :limit  =>  @limit,
                                     :offset =>  @offset
             		respond_to do |format|
             		  format.html { render :layout => !request.xhr? }
                   format.api
             		end
               end
               def show
                 @user = User.find(params[:id])
                 # show projects based on current user visibility
                 @memberships = @user.memberships.all(:conditions => Project.visible_by(User.current))
                 events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
                 @events_by_day = events.group_by(&:event_date)
                 unless User.current.admin?
                   if !@user.active? || (@user != User.current  && @memberships.empty? && events.empty?)
                     render_404
                     return
                   end
                 end
                 respond_to do |format|
                   format.html { render :layout => 'base' }
                   format.api
                 end
               rescue ActiveRecord::RecordNotFound
                 render_404
               end
               def new
                 @user = User.new(:language => Setting.default_language, :mail_notification => Setting.default_notification_option)
                 @auth_sources = AuthSource.find(:all)
               end
               verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
               def create
                 @user = User.new(:language => Setting.default_language, :mail_notification => Setting.default_notification_option)
                 @user.safe_attributes = params[:user]
                 @user.admin = params[:user][:admin] || false
                 @user.login = params[:user][:login]
                 @user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation] unless @user.auth_source_id
                 # TODO: Similar to My#account
                 @user.pref.attributes = params[:pref]
                 @user.pref[:no_self_notified] = (params[:no_self_notified] == '1')
                 if @user.save
                   @user.pref.save
                   @user.notified_project_ids = (@user.mail_notification == 'selected' ? params[:notified_project_ids] : [])
-                  Mailer.deliver_account_information(@user, params[:password]) if params[:send_information]
+                  Mailer.deliver_account_information(@user, params[:user][:password]) if params[:send_information]
                   respond_to do |format|
                     format.html {
                       flash[:notice] = l(:notice_successful_create)
                       redirect_to(params[:continue] ?
                         {:controller => 'users', :action => 'new'} :
                         {:controller => 'users', :action => 'edit', :id => @user}
                       )
                     }
                     format.api  { render :action => 'show', :status => :created, :location => user_url(@user) }
                   end
                 else
                   @auth_sources = AuthSource.find(:all)
                   # Clear password input
                   @user.password = @user.password_confirmation = nil
                   respond_to do |format|
                     format.html { render :action => 'new' }
                     format.api  { render_validation_errors(@user) }
                   end
                 end
               end
               def edit
                 @user = User.find(params[:id])
                 @auth_sources = AuthSource.find(:all)
                 @membership ||= Member.new
               end
               verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
               def update
                 @user = User.find(params[:id])
                 @user.admin = params[:user][:admin] if params[:user][:admin]
                 @user.login = params[:user][:login] if params[:user][:login]
                 if params[:user][:password].present? && (@user.auth_source_id.nil? || params[:user][:auth_source_id].blank?)
                   @user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation]
                 end
                 @user.safe_attributes = params[:user]
                 # Was the account actived ? (do it before User#save clears the change)
                 was_activated = (@user.status_change == [User::STATUS_REGISTERED, User::STATUS_ACTIVE])
                 # TODO: Similar to My#account
                 @user.pref.attributes = params[:pref]
                 @user.pref[:no_self_notified] = (params[:no_self_notified] == '1')
                 if @user.save
                   @user.pref.save
                   @user.notified_project_ids = (@user.mail_notification == 'selected' ? params[:notified_project_ids] : [])
                   if was_activated
                     Mailer.deliver_account_activated(@user)
                   elsif @user.active? && params[:send_information] && !params[:user][:password].blank? && @user.auth_source_id.nil?
                     Mailer.deliver_account_information(@user, params[:user][:password])
                   end
                   respond_to do |format|
                     format.html {
                       flash[:notice] = l(:notice_successful_update)
                       redirect_to :back
                     }
                     format.api  { head :ok }
                   end
                 else
                   @auth_sources = AuthSource.find(:all)
                   @membership ||= Member.new
                   # Clear password input
                   @user.password = @user.password_confirmation = nil
                   respond_to do |format|
                     format.html { render :action => :edit }
                     format.api  { render_validation_errors(@user) }
                   end
                 end
               rescue ::ActionController::RedirectBackError
                 redirect_to :controller => 'users', :action => 'edit', :id => @user
               end
               def edit_membership
                 @user = User.find(params[:id])
                 @membership = Member.edit_membership(params[:membership_id], params[:membership], @user)
                 @membership.save if request.post?
                 respond_to do |format|
                   if @membership.valid?
                     format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }
                     format.js {
                       render(:update) {|page|
                         page.replace_html "tab-content-memberships", :partial => 'users/memberships'
                         page.visual_effect(:highlight, "member-#{@membership.id}")
                       }
                     }
                   else
                     format.js {
                       render(:update) {|page|
                         page.alert(l(:notice_failed_to_save_members, :errors => @membership.errors.full_messages.join(', ')))
                       }
                     }
                   end
                 end
               end
               def destroy_membership
                 @user = User.find(params[:id])
                 @membership = Member.find(params[:membership_id])
                 if request.post? && @membership.deletable?
                   @membership.destroy
                 end
                 respond_to do |format|
                   format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }
                   format.js { render(:update) {|page| page.replace_html "tab-content-memberships", :partial => 'users/memberships'} }
                 end
               end
             end

test/functional/users_controller_test.rb +34 0

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require File.dirname(__FILE__) + '/../test_helper'
             require 'users_controller'
             # Re-raise errors caught by the controller.
             class UsersController; def rescue_action(e) raise e end; end
             class UsersControllerTest < ActionController::TestCase
               include Redmine::I18n
               fixtures :users, :projects, :members, :member_roles, :roles, :auth_sources, :custom_fields, :custom_values
               def setup
                 @controller = UsersController.new
                 @request    = ActionController::TestRequest.new
                 @response   = ActionController::TestResponse.new
                 User.current = nil
                 @request.session[:user_id] = 1 # admin
               end
               def test_index
                 get :index
                 assert_response :success
                 assert_template 'index'
               end
               def test_index
                 get :index
                 assert_response :success
                 assert_template 'index'
                 assert_not_nil assigns(:users)
                 # active users only
                 assert_nil assigns(:users).detect {|u| !u.active?}
               end
               def test_index_with_name_filter
                 get :index, :name => 'john'
                 assert_response :success
                 assert_template 'index'
                 users = assigns(:users)
                 assert_not_nil users
                 assert_equal 1, users.size
                 assert_equal 'John', users.first.firstname
               end
               def test_show
                 @request.session[:user_id] = nil
                 get :show, :id => 2
                 assert_response :success
                 assert_template 'show'
                 assert_not_nil assigns(:user)
                 assert_tag 'li', :content => /Phone number/
               end
               def test_show_should_not_display_hidden_custom_fields
                 @request.session[:user_id] = nil
                 UserCustomField.find_by_name('Phone number').update_attribute :visible, false
                 get :show, :id => 2
                 assert_response :success
                 assert_template 'show'
                 assert_not_nil assigns(:user)
                 assert_no_tag 'li', :content => /Phone number/
               end
               def test_show_should_not_fail_when_custom_values_are_nil
                 user = User.find(2)
                 # Create a custom field to illustrate the issue
                 custom_field = CustomField.create!(:name => 'Testing', :field_format => 'text')
                 custom_value = user.custom_values.build(:custom_field => custom_field).save!
                 get :show, :id => 2
                 assert_response :success
               end
               def test_show_inactive
                 @request.session[:user_id] = nil
                 get :show, :id => 5
                 assert_response 404
               end
               def test_show_should_not_reveal_users_with_no_visible_activity_or_project
                 @request.session[:user_id] = nil
                 get :show, :id => 9
                 assert_response 404
               end
               def test_show_inactive_by_admin
                 @request.session[:user_id] = 1
                 get :show, :id => 5
                 assert_response 200
                 assert_not_nil assigns(:user)
               end
               def test_show_displays_memberships_based_on_project_visibility
                 @request.session[:user_id] = 1
                 get :show, :id => 2
                 assert_response :success
                 memberships = assigns(:memberships)
                 assert_not_nil memberships
                 project_ids = memberships.map(&:project_id)
                 assert project_ids.include?(2) #private project admin can see
               end
               context "GET :new" do
                 setup do
                   get :new
                 end
                 should_assign_to :user
                 should_respond_with :success
                 should_render_template :new
               end
               context "POST :create" do
                 context "when successful" do
                   setup do
                     post :create, :user => {
                       :firstname => 'John',
                       :lastname => 'Doe',
                       :login => 'jdoe',
                       :password => 'test',
                       :password_confirmation => 'test',
                       :mail => 'jdoe@gmail.com',
                       :mail_notification => 'none'
                     }
                   end
                   should_assign_to :user
                   should_respond_with :redirect
                   should_redirect_to('user edit') { {:controller => 'users', :action => 'edit', :id => User.find_by_login('jdoe')}}
                   should 'set the users mail notification' do
                     user = User.last
                     assert_equal 'none', user.mail_notification
                   end
                   should 'set the password' do
                     user = User.first(:order => 'id DESC')
                     assert user.check_password?('test')
                   end
                 end
                 context "when unsuccessful" do
                   setup do
                     post :create, :user => {}
                   end
                   should_assign_to :user
                   should_respond_with :success
                   should_render_template :new
                 end
+              end
+              def test_create
+                Setting.bcc_recipients = '1'
+                assert_difference 'User.count' do
+                  assert_difference 'ActionMailer::Base.deliveries.size' do
+                    post :create,
+                      :user => {
+                        :firstname => 'John',
+                        :lastname => 'Doe',
+                        :login => 'jdoe',
+                        :password => 'secret',
+                        :password_confirmation => 'secret',
+                        :mail => 'jdoe@gmail.com',
+                        :mail_notification => 'none'
+                      },
+                      :send_information => '1'
+                  end
+                end
+                user = User.first(:order => 'id DESC')
+                assert_redirected_to :controller => 'users', :action => 'edit', :id => user.id
+                assert_equal 'John', user.firstname
+                assert_equal 'Doe', user.lastname
+                assert_equal 'jdoe', user.login
+                assert_equal 'jdoe@gmail.com', user.mail
+                assert_equal 'none', user.mail_notification
+                assert user.check_password?('secret')
+                mail = ActionMailer::Base.deliveries.last
+                assert_not_nil mail
+                assert_equal [user.mail], mail.bcc
+                assert mail.body.include?('secret')
               end
               def test_update
                 ActionMailer::Base.deliveries.clear
                 put :update, :id => 2, :user => {:firstname => 'Changed', :mail_notification => 'only_assigned'}, :pref => {:hide_mail => '1', :comments_sorting => 'desc'}
                 user = User.find(2)
                 assert_equal 'Changed', user.firstname
                 assert_equal 'only_assigned', user.mail_notification
                 assert_equal true, user.pref[:hide_mail]
                 assert_equal 'desc', user.pref[:comments_sorting]
                 assert ActionMailer::Base.deliveries.empty?
               end
               def test_update_with_group_ids_should_assign_groups
                 put :update, :id => 2, :user => {:group_ids => ['10']}
                 user = User.find(2)
                 assert_equal [10], user.group_ids
               end
               def test_update_with_activation_should_send_a_notification
                 u = User.new(:firstname => 'Foo', :lastname => 'Bar', :mail => 'foo.bar@somenet.foo', :language => 'fr')
                 u.login = 'foo'
                 u.status = User::STATUS_REGISTERED
                 u.save!
                 ActionMailer::Base.deliveries.clear
                 Setting.bcc_recipients = '1'
                 put :update, :id => u.id, :user => {:status => User::STATUS_ACTIVE}
                 assert u.reload.active?
                 mail = ActionMailer::Base.deliveries.last
                 assert_not_nil mail
                 assert_equal ['foo.bar@somenet.foo'], mail.bcc
                 assert mail.body.include?(ll('fr', :notice_account_activated))
               end
               def test_update_with_password_change_should_send_a_notification
                 ActionMailer::Base.deliveries.clear
                 Setting.bcc_recipients = '1'
                 put :update, :id => 2, :user => {:password => 'newpass', :password_confirmation => 'newpass'}, :send_information => '1'
                 u = User.find(2)
                 assert u.check_password?('newpass')
                 mail = ActionMailer::Base.deliveries.last
                 assert_not_nil mail
                 assert_equal [u.mail], mail.bcc
                 assert mail.body.include?('newpass')
               end
               test "put :update with a password change to an AuthSource user switching to Internal authentication" do
                 # Configure as auth source
                 u = User.find(2)
                 u.auth_source = AuthSource.find(1)
                 u.save!
                 put :update, :id => u.id, :user => {:auth_source_id => '', :password => 'newpass'}, :password_confirmation => 'newpass'
                 assert_equal nil, u.reload.auth_source
                 assert u.check_password?('newpass')
               end
               def test_edit_membership
                 post :edit_membership, :id => 2, :membership_id => 1,
                                        :membership => { :role_ids => [2]}
                 assert_redirected_to :action => 'edit', :id => '2', :tab => 'memberships'
                 assert_equal [2], Member.find(1).role_ids
               end
               def test_destroy_membership
                 post :destroy_membership, :id => 2, :membership_id => 1
                 assert_redirected_to :action => 'edit', :id => '2', :tab => 'memberships'
                 assert_nil Member.find_by_id(1)
               end
             end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages