##// END OF EJS Templates
jro_apps » redmine
RSS
Fixes password sending when creating user....
Jean-Philippe Lang -
r4386:a49c7f95e236
parent child
Show More
Side by Side Unified
Context file:
r4386:a49c7f95e236 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,221 +1,221
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2010 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class UsersController < ApplicationController
19 19 layout 'admin'
20 20
21 21 before_filter :require_admin, :except => :show
22 22 accept_key_auth :index, :show, :create, :update
23 23
24 24 helper :sort
25 25 include SortHelper
26 26 helper :custom_fields
27 27 include CustomFieldsHelper
28 28
29 29 def index
30 30 sort_init 'login', 'asc'
31 31 sort_update %w(login firstname lastname mail admin created_on last_login_on)
32 32
33 33 case params[:format]
34 34 when 'xml', 'json'
35 35 @offset, @limit = api_offset_and_limit
36 36 else
37 37 @limit = per_page_option
38 38 end
39 39
40 40 @status = params[:status] ? params[:status].to_i : 1
41 41 c = ARCondition.new(@status == 0 ? "status <> 0" : ["status = ?", @status])
42 42
43 43 unless params[:name].blank?
44 44 name = "%#{params[:name].strip.downcase}%"
45 45 c << ["LOWER(login) LIKE ? OR LOWER(firstname) LIKE ? OR LOWER(lastname) LIKE ? OR LOWER(mail) LIKE ?", name, name, name, name]
46 46 end
47 47
48 48 @user_count = User.count(:conditions => c.conditions)
49 49 @user_pages = Paginator.new self, @user_count, @limit, params['page']
50 50 @offset ||= @user_pages.current.offset
51 51 @users = User.find :all,
52 52 :order => sort_clause,
53 53 :conditions => c.conditions,
54 54 :limit => @limit,
55 55 :offset => @offset
56 56
57 57 respond_to do |format|
58 58 format.html { render :layout => !request.xhr? }
59 59 format.api
60 60 end
61 61 end
62 62
63 63 def show
64 64 @user = User.find(params[:id])
65 65
66 66 # show projects based on current user visibility
67 67 @memberships = @user.memberships.all(:conditions => Project.visible_by(User.current))
68 68
69 69 events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
70 70 @events_by_day = events.group_by(&:event_date)
71 71
72 72 unless User.current.admin?
73 73 if !@user.active? || (@user != User.current && @memberships.empty? && events.empty?)
74 74 render_404
75 75 return
76 76 end
77 77 end
78 78
79 79 respond_to do |format|
80 80 format.html { render :layout => 'base' }
81 81 format.api
82 82 end
83 83 rescue ActiveRecord::RecordNotFound
84 84 render_404
85 85 end
86 86
87 87 def new
88 88 @user = User.new(:language => Setting.default_language, :mail_notification => Setting.default_notification_option)
89 89 @auth_sources = AuthSource.find(:all)
90 90 end
91 91
92 92 verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
93 93 def create
94 94 @user = User.new(:language => Setting.default_language, :mail_notification => Setting.default_notification_option)
95 95 @user.safe_attributes = params[:user]
96 96 @user.admin = params[:user][:admin] || false
97 97 @user.login = params[:user][:login]
98 98 @user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation] unless @user.auth_source_id
99 99
100 100 # TODO: Similar to My#account
101 101 @user.pref.attributes = params[:pref]
102 102 @user.pref[:no_self_notified] = (params[:no_self_notified] == '1')
103 103
104 104 if @user.save
105 105 @user.pref.save
106 106 @user.notified_project_ids = (@user.mail_notification == 'selected' ? params[:notified_project_ids] : [])
107 107
108 Mailer.deliver_account_information(@user, params[:password]) if params[:send_information]
108 Mailer.deliver_account_information(@user, params[:user][:password]) if params[:send_information]
109 109
110 110 respond_to do |format|
111 111 format.html {
112 112 flash[:notice] = l(:notice_successful_create)
113 113 redirect_to(params[:continue] ?
114 114 {:controller => 'users', :action => 'new'} :
115 115 {:controller => 'users', :action => 'edit', :id => @user}
116 116 )
117 117 }
118 118 format.api { render :action => 'show', :status => :created, :location => user_url(@user) }
119 119 end
120 120 else
121 121 @auth_sources = AuthSource.find(:all)
122 122 # Clear password input
123 123 @user.password = @user.password_confirmation = nil
124 124
125 125 respond_to do |format|
126 126 format.html { render :action => 'new' }
127 127 format.api { render_validation_errors(@user) }
128 128 end
129 129 end
130 130 end
131 131
132 132 def edit
133 133 @user = User.find(params[:id])
134 134
135 135 @auth_sources = AuthSource.find(:all)
136 136 @membership ||= Member.new
137 137 end
138 138
139 139 verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
140 140 def update
141 141 @user = User.find(params[:id])
142 142
143 143 @user.admin = params[:user][:admin] if params[:user][:admin]
144 144 @user.login = params[:user][:login] if params[:user][:login]
145 145 if params[:user][:password].present? && (@user.auth_source_id.nil? || params[:user][:auth_source_id].blank?)
146 146 @user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation]
147 147 end
148 148 @user.safe_attributes = params[:user]
149 149 # Was the account actived ? (do it before User#save clears the change)
150 150 was_activated = (@user.status_change == [User::STATUS_REGISTERED, User::STATUS_ACTIVE])
151 151 # TODO: Similar to My#account
152 152 @user.pref.attributes = params[:pref]
153 153 @user.pref[:no_self_notified] = (params[:no_self_notified] == '1')
154 154
155 155 if @user.save
156 156 @user.pref.save
157 157 @user.notified_project_ids = (@user.mail_notification == 'selected' ? params[:notified_project_ids] : [])
158 158
159 159 if was_activated
160 160 Mailer.deliver_account_activated(@user)
161 161 elsif @user.active? && params[:send_information] && !params[:user][:password].blank? && @user.auth_source_id.nil?
162 162 Mailer.deliver_account_information(@user, params[:user][:password])
163 163 end
164 164
165 165 respond_to do |format|
166 166 format.html {
167 167 flash[:notice] = l(:notice_successful_update)
168 168 redirect_to :back
169 169 }
170 170 format.api { head :ok }
171 171 end
172 172 else
173 173 @auth_sources = AuthSource.find(:all)
174 174 @membership ||= Member.new
175 175 # Clear password input
176 176 @user.password = @user.password_confirmation = nil
177 177
178 178 respond_to do |format|
179 179 format.html { render :action => :edit }
180 180 format.api { render_validation_errors(@user) }
181 181 end
182 182 end
183 183 rescue ::ActionController::RedirectBackError
184 184 redirect_to :controller => 'users', :action => 'edit', :id => @user
185 185 end
186 186
187 187 def edit_membership
188 188 @user = User.find(params[:id])
189 189 @membership = Member.edit_membership(params[:membership_id], params[:membership], @user)
190 190 @membership.save if request.post?
191 191 respond_to do |format|
192 192 if @membership.valid?
193 193 format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }
194 194 format.js {
195 195 render(:update) {|page|
196 196 page.replace_html "tab-content-memberships", :partial => 'users/memberships'
197 197 page.visual_effect(:highlight, "member-#{@membership.id}")
198 198 }
199 199 }
200 200 else
201 201 format.js {
202 202 render(:update) {|page|
203 203 page.alert(l(:notice_failed_to_save_members, :errors => @membership.errors.full_messages.join(', ')))
204 204 }
205 205 }
206 206 end
207 207 end
208 208 end
209 209
210 210 def destroy_membership
211 211 @user = User.find(params[:id])
212 212 @membership = Member.find(params[:membership_id])
213 213 if request.post? && @membership.deletable?
214 214 @membership.destroy
215 215 end
216 216 respond_to do |format|
217 217 format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }
218 218 format.js { render(:update) {|page| page.replace_html "tab-content-memberships", :partial => 'users/memberships'} }
219 219 end
220 220 end
221 221 end
Show file before | Show file after | Hide comments
@@ -1,247 +1,281
1 1 # redMine - project management software
2 2 # Copyright (C) 2006-2007 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 require File.dirname(__FILE__) + '/../test_helper'
19 19 require 'users_controller'
20 20
21 21 # Re-raise errors caught by the controller.
22 22 class UsersController; def rescue_action(e) raise e end; end
23 23
24 24 class UsersControllerTest < ActionController::TestCase
25 25 include Redmine::I18n
26 26
27 27 fixtures :users, :projects, :members, :member_roles, :roles, :auth_sources, :custom_fields, :custom_values
28 28
29 29 def setup
30 30 @controller = UsersController.new
31 31 @request = ActionController::TestRequest.new
32 32 @response = ActionController::TestResponse.new
33 33 User.current = nil
34 34 @request.session[:user_id] = 1 # admin
35 35 end
36 36
37 37 def test_index
38 38 get :index
39 39 assert_response :success
40 40 assert_template 'index'
41 41 end
42 42
43 43 def test_index
44 44 get :index
45 45 assert_response :success
46 46 assert_template 'index'
47 47 assert_not_nil assigns(:users)
48 48 # active users only
49 49 assert_nil assigns(:users).detect {|u| !u.active?}
50 50 end
51 51
52 52 def test_index_with_name_filter
53 53 get :index, :name => 'john'
54 54 assert_response :success
55 55 assert_template 'index'
56 56 users = assigns(:users)
57 57 assert_not_nil users
58 58 assert_equal 1, users.size
59 59 assert_equal 'John', users.first.firstname
60 60 end
61 61
62 62 def test_show
63 63 @request.session[:user_id] = nil
64 64 get :show, :id => 2
65 65 assert_response :success
66 66 assert_template 'show'
67 67 assert_not_nil assigns(:user)
68 68
69 69 assert_tag 'li', :content => /Phone number/
70 70 end
71 71
72 72 def test_show_should_not_display_hidden_custom_fields
73 73 @request.session[:user_id] = nil
74 74 UserCustomField.find_by_name('Phone number').update_attribute :visible, false
75 75 get :show, :id => 2
76 76 assert_response :success
77 77 assert_template 'show'
78 78 assert_not_nil assigns(:user)
79 79
80 80 assert_no_tag 'li', :content => /Phone number/
81 81 end
82 82
83 83 def test_show_should_not_fail_when_custom_values_are_nil
84 84 user = User.find(2)
85 85
86 86 # Create a custom field to illustrate the issue
87 87 custom_field = CustomField.create!(:name => 'Testing', :field_format => 'text')
88 88 custom_value = user.custom_values.build(:custom_field => custom_field).save!
89 89
90 90 get :show, :id => 2
91 91 assert_response :success
92 92 end
93 93
94 94 def test_show_inactive
95 95 @request.session[:user_id] = nil
96 96 get :show, :id => 5
97 97 assert_response 404
98 98 end
99 99
100 100 def test_show_should_not_reveal_users_with_no_visible_activity_or_project
101 101 @request.session[:user_id] = nil
102 102 get :show, :id => 9
103 103 assert_response 404
104 104 end
105 105
106 106 def test_show_inactive_by_admin
107 107 @request.session[:user_id] = 1
108 108 get :show, :id => 5
109 109 assert_response 200
110 110 assert_not_nil assigns(:user)
111 111 end
112 112
113 113 def test_show_displays_memberships_based_on_project_visibility
114 114 @request.session[:user_id] = 1
115 115 get :show, :id => 2
116 116 assert_response :success
117 117 memberships = assigns(:memberships)
118 118 assert_not_nil memberships
119 119 project_ids = memberships.map(&:project_id)
120 120 assert project_ids.include?(2) #private project admin can see
121 121 end
122 122
123 123 context "GET :new" do
124 124 setup do
125 125 get :new
126 126 end
127 127
128 128 should_assign_to :user
129 129 should_respond_with :success
130 130 should_render_template :new
131 131 end
132 132
133 133 context "POST :create" do
134 134 context "when successful" do
135 135 setup do
136 136 post :create, :user => {
137 137 :firstname => 'John',
138 138 :lastname => 'Doe',
139 139 :login => 'jdoe',
140 140 :password => 'test',
141 141 :password_confirmation => 'test',
142 142 :mail => 'jdoe@gmail.com',
143 143 :mail_notification => 'none'
144 144 }
145 145 end
146 146
147 147 should_assign_to :user
148 148 should_respond_with :redirect
149 149 should_redirect_to('user edit') { {:controller => 'users', :action => 'edit', :id => User.find_by_login('jdoe')}}
150 150
151 151 should 'set the users mail notification' do
152 152 user = User.last
153 153 assert_equal 'none', user.mail_notification
154 154 end
155 155
156 156 should 'set the password' do
157 157 user = User.first(:order => 'id DESC')
158 158 assert user.check_password?('test')
159 159 end
160 160 end
161 161
162 162 context "when unsuccessful" do
163 163 setup do
164 164 post :create, :user => {}
165 165 end
166 166
167 167 should_assign_to :user
168 168 should_respond_with :success
169 169 should_render_template :new
170 170 end
171
171 end
172
173 def test_create
174 Setting.bcc_recipients = '1'
175
176 assert_difference 'User.count' do
177 assert_difference 'ActionMailer::Base.deliveries.size' do
178 post :create,
179 :user => {
180 :firstname => 'John',
181 :lastname => 'Doe',
182 :login => 'jdoe',
183 :password => 'secret',
184 :password_confirmation => 'secret',
185 :mail => 'jdoe@gmail.com',
186 :mail_notification => 'none'
187 },
188 :send_information => '1'
189 end
190 end
191
192 user = User.first(:order => 'id DESC')
193 assert_redirected_to :controller => 'users', :action => 'edit', :id => user.id
194
195 assert_equal 'John', user.firstname
196 assert_equal 'Doe', user.lastname
197 assert_equal 'jdoe', user.login
198 assert_equal 'jdoe@gmail.com', user.mail
199 assert_equal 'none', user.mail_notification
200 assert user.check_password?('secret')
201
202 mail = ActionMailer::Base.deliveries.last
203 assert_not_nil mail
204 assert_equal [user.mail], mail.bcc
205 assert mail.body.include?('secret')
172 206 end
173 207
174 208 def test_update
175 209 ActionMailer::Base.deliveries.clear
176 210 put :update, :id => 2, :user => {:firstname => 'Changed', :mail_notification => 'only_assigned'}, :pref => {:hide_mail => '1', :comments_sorting => 'desc'}
177 211
178 212 user = User.find(2)
179 213 assert_equal 'Changed', user.firstname
180 214 assert_equal 'only_assigned', user.mail_notification
181 215 assert_equal true, user.pref[:hide_mail]
182 216 assert_equal 'desc', user.pref[:comments_sorting]
183 217 assert ActionMailer::Base.deliveries.empty?
184 218 end
185 219
186 220 def test_update_with_group_ids_should_assign_groups
187 221 put :update, :id => 2, :user => {:group_ids => ['10']}
188 222
189 223 user = User.find(2)
190 224 assert_equal [10], user.group_ids
191 225 end
192 226
193 227 def test_update_with_activation_should_send_a_notification
194 228 u = User.new(:firstname => 'Foo', :lastname => 'Bar', :mail => 'foo.bar@somenet.foo', :language => 'fr')
195 229 u.login = 'foo'
196 230 u.status = User::STATUS_REGISTERED
197 231 u.save!
198 232 ActionMailer::Base.deliveries.clear
199 233 Setting.bcc_recipients = '1'
200 234
201 235 put :update, :id => u.id, :user => {:status => User::STATUS_ACTIVE}
202 236 assert u.reload.active?
203 237 mail = ActionMailer::Base.deliveries.last
204 238 assert_not_nil mail
205 239 assert_equal ['foo.bar@somenet.foo'], mail.bcc
206 240 assert mail.body.include?(ll('fr', :notice_account_activated))
207 241 end
208 242
209 243 def test_update_with_password_change_should_send_a_notification
210 244 ActionMailer::Base.deliveries.clear
211 245 Setting.bcc_recipients = '1'
212 246
213 247 put :update, :id => 2, :user => {:password => 'newpass', :password_confirmation => 'newpass'}, :send_information => '1'
214 248 u = User.find(2)
215 249 assert u.check_password?('newpass')
216 250
217 251 mail = ActionMailer::Base.deliveries.last
218 252 assert_not_nil mail
219 253 assert_equal [u.mail], mail.bcc
220 254 assert mail.body.include?('newpass')
221 255 end
222 256
223 257 test "put :update with a password change to an AuthSource user switching to Internal authentication" do
224 258 # Configure as auth source
225 259 u = User.find(2)
226 260 u.auth_source = AuthSource.find(1)
227 261 u.save!
228 262
229 263 put :update, :id => u.id, :user => {:auth_source_id => '', :password => 'newpass'}, :password_confirmation => 'newpass'
230 264
231 265 assert_equal nil, u.reload.auth_source
232 266 assert u.check_password?('newpass')
233 267 end
234 268
235 269 def test_edit_membership
236 270 post :edit_membership, :id => 2, :membership_id => 1,
237 271 :membership => { :role_ids => [2]}
238 272 assert_redirected_to :action => 'edit', :id => '2', :tab => 'memberships'
239 273 assert_equal [2], Member.find(1).role_ids
240 274 end
241 275
242 276 def test_destroy_membership
243 277 post :destroy_membership, :id => 2, :membership_id => 1
244 278 assert_redirected_to :action => 'edit', :id => '2', :tab => 'memberships'
245 279 assert_nil Member.find_by_id(1)
246 280 end
247 281 end
General Comments 0
You need to be logged in to leave comments. Login now