jro_apps/redmine Commit - r4379:cde02954c845

Moves password param to user hash param so that it can be set using the User API....

Jean-Philippe Lang -

r4379:cde02954c845

parent child

Context file:

r4379:cde02954c845

Collapse all files

app/controllers/users_controller.rb +9 -5

             # Redmine - project management software
             # Copyright (C) 2006-2010  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class UsersController < ApplicationController
               layout 'admin'
               before_filter :require_admin, :except => :show
               accept_key_auth :index, :show, :create, :update
               helper :sort
               include SortHelper
               helper :custom_fields
               include CustomFieldsHelper
               def index
                 sort_init 'login', 'asc'
                 sort_update %w(login firstname lastname mail admin created_on last_login_on)
                 case params[:format]
                 when 'xml', 'json'
                   @offset, @limit = api_offset_and_limit
                 else
                   @limit = per_page_option
                 end
                 @status = params[:status] ? params[:status].to_i : 1
                 c = ARCondition.new(@status == 0 ? "status <> 0" : ["status = ?", @status])
                 unless params[:name].blank?
                   name = "%#{params[:name].strip.downcase}%"
                   c << ["LOWER(login) LIKE ? OR LOWER(firstname) LIKE ? OR LOWER(lastname) LIKE ? OR LOWER(mail) LIKE ?", name, name, name, name]
                 end
                 @user_count = User.count(:conditions => c.conditions)
                 @user_pages = Paginator.new self, @user_count, @limit, params['page']
                 @offset ||= @user_pages.current.offset
                 @users =  User.find :all,
                                     :order => sort_clause,
                                     :conditions => c.conditions,
                                     :limit  =>  @limit,
                                     :offset =>  @offset
             		respond_to do |format|
             		  format.html { render :layout => !request.xhr? }
                   format.api
             		end
               end
               def show
                 @user = User.find(params[:id])
                 # show projects based on current user visibility
                 @memberships = @user.memberships.all(:conditions => Project.visible_by(User.current))
                 events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
                 @events_by_day = events.group_by(&:event_date)
                 unless User.current.admin?
                   if !@user.active? || (@user != User.current  && @memberships.empty? && events.empty?)
                     render_404
                     return
                   end
                 end
                 respond_to do |format|
                   format.html { render :layout => 'base' }
                   format.api
                 end
               rescue ActiveRecord::RecordNotFound
                 render_404
               end
               def new
                 @notification_options = User::MAIL_NOTIFICATION_OPTIONS
                 @notification_option = Setting.default_notification_option
                 @user = User.new(:language => Setting.default_language)
                 @auth_sources = AuthSource.find(:all)
               end
               verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
               def create
                 @notification_options = User::MAIL_NOTIFICATION_OPTIONS
                 @notification_option = Setting.default_notification_option
                 @user = User.new
                 @user.safe_attributes = params[:user]
                 @user.admin = params[:user][:admin] || false
                 @user.login = params[:user][:login]
-                @user.password, @user.password_confirmation = params[:password], params[:password_confirmation] unless @user.auth_source_id
+                @user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation] unless @user.auth_source_id
                 # TODO: Similar to My#account
                 @user.mail_notification = params[:notification_option] || 'only_my_events'
                 @user.pref.attributes = params[:pref]
                 @user.pref[:no_self_notified] = (params[:no_self_notified] == '1')
                 if @user.save
                   @user.pref.save
                   @user.notified_project_ids = (params[:notification_option] == 'selected' ? params[:notified_project_ids] : [])
                   Mailer.deliver_account_information(@user, params[:password]) if params[:send_information]
                   respond_to do |format|
                     format.html {
                       flash[:notice] = l(:notice_successful_create)
                       redirect_to(params[:continue] ?
                         {:controller => 'users', :action => 'new'} :
                         {:controller => 'users', :action => 'edit', :id => @user}
                       )
                     }
                     format.api  { render :action => 'show', :status => :created, :location => user_url(@user) }
                   end
                 else
                   @auth_sources = AuthSource.find(:all)
                   @notification_option = @user.mail_notification
+                  # Clear password input
+                  @user.password = @user.password_confirmation = nil
                   respond_to do |format|
                     format.html { render :action => 'new' }
                     format.api  { render_validation_errors(@user) }
                   end
                 end
               end
               def edit
                 @user = User.find(params[:id])
                 @notification_options = @user.valid_notification_options
                 @notification_option = @user.mail_notification
                 @auth_sources = AuthSource.find(:all)
                 @membership ||= Member.new
               end
               verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
               def update
                 @user = User.find(params[:id])
                 @notification_options = @user.valid_notification_options
                 @notification_option = @user.mail_notification
                 @user.admin = params[:user][:admin] if params[:user][:admin]
                 @user.login = params[:user][:login] if params[:user][:login]
-                if params[:password].present? && (@user.auth_source_id.nil? || params[:user][:auth_source_id].blank?)
+                if params[:user][:password].present? && (@user.auth_source_id.nil? || params[:user][:auth_source_id].blank?)
-                  @user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
+                  @user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation]
                 end
                 @user.group_ids = params[:user][:group_ids] if params[:user][:group_ids]
                 @user.safe_attributes = params[:user]
                 # Was the account actived ? (do it before User#save clears the change)
                 was_activated = (@user.status_change == [User::STATUS_REGISTERED, User::STATUS_ACTIVE])
                 # TODO: Similar to My#account
                 @user.mail_notification = params[:notification_option] || 'only_my_events'
                 @user.pref.attributes = params[:pref]
                 @user.pref[:no_self_notified] = (params[:no_self_notified] == '1')
                 if @user.save
                   @user.pref.save
                   @user.notified_project_ids = (params[:notification_option] == 'selected' ? params[:notified_project_ids] : [])
                   if was_activated
                     Mailer.deliver_account_activated(@user)
-                  elsif @user.active? && params[:send_information] && !params[:password].blank? && @user.auth_source_id.nil?
+                  elsif @user.active? && params[:send_information] && !params[:user][:password].blank? && @user.auth_source_id.nil?
-                    Mailer.deliver_account_information(@user, params[:password])
+                    Mailer.deliver_account_information(@user, params[:user][:password])
                   end
                   respond_to do |format|
                     format.html {
                       flash[:notice] = l(:notice_successful_update)
                       redirect_to :back
                     }
                     format.api  { head :ok }
                   end
                 else
                   @auth_sources = AuthSource.find(:all)
                   @membership ||= Member.new
+                  # Clear password input
+                  @user.password = @user.password_confirmation = nil
                   respond_to do |format|
                     format.html { render :action => :edit }
                     format.api  { render_validation_errors(@user) }
                   end
                 end
               rescue ::ActionController::RedirectBackError
                 redirect_to :controller => 'users', :action => 'edit', :id => @user
               end
               def edit_membership
                 @user = User.find(params[:id])
                 @membership = Member.edit_membership(params[:membership_id], params[:membership], @user)
                 @membership.save if request.post?
                 respond_to do |format|
                   if @membership.valid?
                     format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }
                     format.js {
                       render(:update) {|page|
                         page.replace_html "tab-content-memberships", :partial => 'users/memberships'
                         page.visual_effect(:highlight, "member-#{@membership.id}")
                       }
                     }
                   else
                     format.js {
                       render(:update) {|page|
                         page.alert(l(:notice_failed_to_save_members, :errors => @membership.errors.full_messages.join(', ')))
                       }
                     }
                   end
                 end
               end
               def destroy_membership
                 @user = User.find(params[:id])
                 @membership = Member.find(params[:membership_id])
                 if request.post? && @membership.deletable?
                   @membership.destroy
                 end
                 respond_to do |format|
                   format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }
                   format.js { render(:update) {|page| page.replace_html "tab-content-memberships", :partial => 'users/memberships'} }
                 end
               end
             end

app/views/users/_form.rhtml +2 -4

             <%= error_messages_for 'user' %>
             <!--[form:user]-->
             <div class="box tabular">
             <p><%= f.text_field :login, :required => true, :size => 25  %></p>
             <p><%= f.text_field :firstname, :required => true %></p>
             <p><%= f.text_field :lastname, :required => true %></p>
             <p><%= f.text_field :mail, :required => true %></p>
             <p><%= f.select :language, lang_options_for_select %></p>
             <% if Setting.openid? %>
             <p><%= f.text_field :identity_url  %></p>
             <% end %>
             <% @user.custom_field_values.each do |value| %>
             	<p><%= custom_field_tag_with_label :user, value %></p>
             <% end %>
             <p><%= f.check_box :admin, :disabled => (@user == User.current) %></p>
             <%= call_hook(:view_users_form, :user => @user, :form => f) %>
             </div>
             <div class="box tabular">
             <h3><%=l(:label_authentication)%></h3>
             <% unless @auth_sources.empty? %>
             <p><%= f.select :auth_source_id, ([[l(:label_internal), ""]] + @auth_sources.collect { |a| [a.name, a.id] }), {}, :onchange => "if (this.value=='') {Element.show('password_fields');} else {Element.hide('password_fields');}" %></p>
             <% end %>
             <div id="password_fields" style="<%= 'display:none;' if @user.auth_source %>">
-            <p><label for="password"><%=l(:field_password)%><span class="required"> *</span></label>
+            <p><%= f.password_field :password, :required => true, :size => 25  %><br />
-            <%= password_field_tag 'password', nil, :size => 25  %><br />
             <em><%= l(:text_caracters_minimum, :count => Setting.password_min_length) %></em></p>
-            <p><label for="password_confirmation"><%=l(:field_password_confirmation)%><span class="required"> *</span></label>
+            <p><%= f.password_field :password_confirmation, :required => true, :size => 25  %></p>
-            <%= password_field_tag 'password_confirmation', nil, :size => 25  %></p>
             </div>
             </div>
             <div class="box">
             <h3><%=l(:field_mail_notification)%></h3>
             <%= render :partial => 'users/mail_notifications' %>
             </div>
             <div class="box tabular">
             <h3><%=l(:label_preferences)%></h3>
             <%= render :partial => 'users/preferences' %>
             </div>
             <!--[eoform:user]-->

test/functional/users_controller_test.rb +10 -5

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require File.dirname(__FILE__) + '/../test_helper'
             require 'users_controller'
             # Re-raise errors caught by the controller.
             class UsersController; def rescue_action(e) raise e end; end
             class UsersControllerTest < ActionController::TestCase
               include Redmine::I18n
               fixtures :users, :projects, :members, :member_roles, :roles, :auth_sources, :custom_fields, :custom_values
               def setup
                 @controller = UsersController.new
                 @request    = ActionController::TestRequest.new
                 @response   = ActionController::TestResponse.new
                 User.current = nil
                 @request.session[:user_id] = 1 # admin
               end
               def test_index
                 get :index
                 assert_response :success
                 assert_template 'index'
               end
               def test_index
                 get :index
                 assert_response :success
                 assert_template 'index'
                 assert_not_nil assigns(:users)
                 # active users only
                 assert_nil assigns(:users).detect {|u| !u.active?}
               end
               def test_index_with_name_filter
                 get :index, :name => 'john'
                 assert_response :success
                 assert_template 'index'
                 users = assigns(:users)
                 assert_not_nil users
                 assert_equal 1, users.size
                 assert_equal 'John', users.first.firstname
               end
               def test_show
                 @request.session[:user_id] = nil
                 get :show, :id => 2
                 assert_response :success
                 assert_template 'show'
                 assert_not_nil assigns(:user)
                 assert_tag 'li', :content => /Phone number/
               end
               def test_show_should_not_display_hidden_custom_fields
                 @request.session[:user_id] = nil
                 UserCustomField.find_by_name('Phone number').update_attribute :visible, false
                 get :show, :id => 2
                 assert_response :success
                 assert_template 'show'
                 assert_not_nil assigns(:user)
                 assert_no_tag 'li', :content => /Phone number/
               end
               def test_show_should_not_fail_when_custom_values_are_nil
                 user = User.find(2)
                 # Create a custom field to illustrate the issue
                 custom_field = CustomField.create!(:name => 'Testing', :field_format => 'text')
                 custom_value = user.custom_values.build(:custom_field => custom_field).save!
                 get :show, :id => 2
                 assert_response :success
               end
               def test_show_inactive
                 @request.session[:user_id] = nil
                 get :show, :id => 5
                 assert_response 404
               end
               def test_show_should_not_reveal_users_with_no_visible_activity_or_project
                 @request.session[:user_id] = nil
                 get :show, :id => 9
                 assert_response 404
               end
               def test_show_inactive_by_admin
                 @request.session[:user_id] = 1
                 get :show, :id => 5
                 assert_response 200
                 assert_not_nil assigns(:user)
               end
               def test_show_displays_memberships_based_on_project_visibility
                 @request.session[:user_id] = 1
                 get :show, :id => 2
                 assert_response :success
                 memberships = assigns(:memberships)
                 assert_not_nil memberships
                 project_ids = memberships.map(&:project_id)
                 assert project_ids.include?(2) #private project admin can see
               end
               context "GET :new" do
                 setup do
                   get :new
                 end
                 should_assign_to :user
                 should_respond_with :success
                 should_render_template :new
               end
               context "POST :create" do
                 context "when successful" do
                   setup do
                     post :create, :user => {
                       :firstname => 'John',
                       :lastname => 'Doe',
                       :login => 'jdoe',
                       :password => 'test',
                       :password_confirmation => 'test',
                       :mail => 'jdoe@gmail.com'
                     },
                     :notification_option => 'none'
                   end
                   should_assign_to :user
                   should_respond_with :redirect
                   should_redirect_to('user edit') { {:controller => 'users', :action => 'edit', :id => User.find_by_login('jdoe')}}
                   should 'set the users mail notification' do
                     user = User.last
                     assert_equal 'none', user.mail_notification
                   end
+                  should 'set the password' do
+                    user = User.first(:order => 'id DESC')
+                    assert user.check_password?('test')
+                  end
                 end
                 context "when unsuccessful" do
                   setup do
                     post :create, :user => {}
                   end
                   should_assign_to :user
                   should_respond_with :success
                   should_render_template :new
                 end
               end
               def test_update
                 ActionMailer::Base.deliveries.clear
                 put :update, :id => 2, :user => {:firstname => 'Changed'}, :notification_option => 'all', :pref => {:hide_mail => '1', :comments_sorting => 'desc'}
                 user = User.find(2)
                 assert_equal 'Changed', user.firstname
                 assert_equal 'all', user.mail_notification
                 assert_equal true, user.pref[:hide_mail]
                 assert_equal 'desc', user.pref[:comments_sorting]
                 assert ActionMailer::Base.deliveries.empty?
               end
               def test_update_with_activation_should_send_a_notification
                 u = User.new(:firstname => 'Foo', :lastname => 'Bar', :mail => 'foo.bar@somenet.foo', :language => 'fr')
                 u.login = 'foo'
                 u.status = User::STATUS_REGISTERED
                 u.save!
                 ActionMailer::Base.deliveries.clear
                 Setting.bcc_recipients = '1'
                 put :update, :id => u.id, :user => {:status => User::STATUS_ACTIVE}
                 assert u.reload.active?
                 mail = ActionMailer::Base.deliveries.last
                 assert_not_nil mail
                 assert_equal ['foo.bar@somenet.foo'], mail.bcc
                 assert mail.body.include?(ll('fr', :notice_account_activated))
               end
-              def test_updat_with_password_change_should_send_a_notification
+              def test_update_with_password_change_should_send_a_notification
                 ActionMailer::Base.deliveries.clear
                 Setting.bcc_recipients = '1'
+                put :update, :id => 2, :user => {:password => 'newpass', :password_confirmation => 'newpass'}, :send_information => '1'
                 u = User.find(2)
-                put :update, :id => u.id, :user => {}, :password => 'newpass', :password_confirmation => 'newpass', :send_information => '1'
+                assert u.check_password?('newpass')
-                assert_equal User.hash_password('newpass'), u.reload.hashed_password
                 mail = ActionMailer::Base.deliveries.last
                 assert_not_nil mail
                 assert_equal [u.mail], mail.bcc
                 assert mail.body.include?('newpass')
               end
               test "put :update with a password change to an AuthSource user switching to Internal authentication" do
                 # Configure as auth source
                 u = User.find(2)
                 u.auth_source = AuthSource.find(1)
                 u.save!
-                put :update, :id => u.id, :user => {:auth_source_id => ''}, :password => 'newpass', :password_confirmation => 'newpass'
+                put :update, :id => u.id, :user => {:auth_source_id => '', :password => 'newpass'}, :password_confirmation => 'newpass'
                 assert_equal nil, u.reload.auth_source
-                assert_equal User.hash_password('newpass'), u.reload.hashed_password
+                assert u.check_password?('newpass')
               end
               def test_edit_membership
                 post :edit_membership, :id => 2, :membership_id => 1,
                                        :membership => { :role_ids => [2]}
                 assert_redirected_to :action => 'edit', :id => '2', :tab => 'memberships'
                 assert_equal [2], Member.find(1).role_ids
               end
               def test_destroy_membership
                 post :destroy_membership, :id => 2, :membership_id => 1
                 assert_redirected_to :action => 'edit', :id => '2', :tab => 'memberships'
                 assert_nil Member.find_by_id(1)
               end
             end

test/integration/api_test/users_test.rb +3 -2

             # Redmine - project management software
             # Copyright (C) 2006-2010  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require "#{File.dirname(__FILE__)}/../../test_helper"
             require 'pp'
             class ApiTest::UsersTest < ActionController::IntegrationTest
               fixtures :users
               def setup
                 Setting.rest_api_enabled = '1'
               end
               context "GET /users" do
                 should_allow_api_authentication(:get, "/users.xml")
                 should_allow_api_authentication(:get, "/users.json")
               end
               context "GET /users/2" do
                 context ".xml" do
                   should "return requested user" do
                     get '/users/2.xml'
                     assert_tag :tag => 'user',
                       :child => {:tag => 'id', :content => '2'}
                   end
                 end
                 context ".json" do
                   should "return requested user" do
                     get '/users/2.json'
                     json = ActiveSupport::JSON.decode(response.body)
                     assert_kind_of Hash, json
                     assert_kind_of Hash, json['user']
                     assert_equal 2, json['user']['id']
                   end
                 end
               end
               context "POST /users" do
                 context "with valid parameters" do
                   setup do
-                    @parameters = {:user => {:login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname', :mail => 'foo@example.net'}}
+                    @parameters = {:user => {:login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname', :mail => 'foo@example.net', :password => 'secret'}}
                   end
                   context ".xml" do
                     should_allow_api_authentication(:post,
                       '/users.xml',
-                      {:user => {:login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname', :mail => 'foo@example.net'}},
+                      {:user => {:login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname', :mail => 'foo@example.net', :password => 'secret'}},
                       {:success_code => :created})
                     should "create a user with the attributes" do
                       assert_difference('User.count') do
                         post '/users.xml', @parameters, :authorization => credentials('admin')
                       end
                       user = User.first(:order => 'id DESC')
                       assert_equal 'foo', user.login
                       assert_equal 'Firstname', user.firstname
                       assert_equal 'Lastname', user.lastname
                       assert_equal 'foo@example.net', user.mail
                       assert !user.admin?
+                      assert user.check_password?('secret')
                       assert_response :created
                       assert_equal 'application/xml', @response.content_type
                       assert_tag 'user', :child => {:tag => 'id', :content => user.id.to_s}
                     end
                   end
                   context ".json" do
                     should_allow_api_authentication(:post,
                       '/users.json',
                       {:user => {:login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname', :mail => 'foo@example.net'}},
                       {:success_code => :created})
                     should "create a user with the attributes" do
                       assert_difference('User.count') do
                         post '/users.json', @parameters, :authorization => credentials('admin')
                       end
                       user = User.first(:order => 'id DESC')
                       assert_equal 'foo', user.login
                       assert_equal 'Firstname', user.firstname
                       assert_equal 'Lastname', user.lastname
                       assert_equal 'foo@example.net', user.mail
                       assert !user.admin?
                       assert_response :created
                       assert_equal 'application/json', @response.content_type
                       json = ActiveSupport::JSON.decode(response.body)
                       assert_kind_of Hash, json
                       assert_kind_of Hash, json['user']
                       assert_equal user.id, json['user']['id']
                     end
                   end
                 end
                 context "with invalid parameters" do
                   setup do
                     @parameters = {:user => {:login => 'foo', :lastname => 'Lastname', :mail => 'foo'}}
                   end
                   context ".xml" do
                     should "return errors" do
                       assert_no_difference('User.count') do
                         post '/users.xml', @parameters, :authorization => credentials('admin')
                       end
                       assert_response :unprocessable_entity
                       assert_equal 'application/xml', @response.content_type
                       assert_tag 'errors', :child => {:tag => 'error', :content => "Firstname can't be blank"}
                     end
                   end
                   context ".json" do
                     should "return errors" do
                       assert_no_difference('User.count') do
                         post '/users.json', @parameters, :authorization => credentials('admin')
                       end
                       assert_response :unprocessable_entity
                       assert_equal 'application/json', @response.content_type
                       json = ActiveSupport::JSON.decode(response.body)
                       assert_kind_of Hash, json
                       assert json.has_key?('errors')
                       assert_kind_of Array, json['errors']
                     end
                   end
                 end
               end
               context "PUT /users/2" do
                 context "with valid parameters" do
                   setup do
                     @parameters = {:user => {:login => 'jsmith', :firstname => 'John', :lastname => 'Renamed', :mail => 'jsmith@somenet.foo'}}
                   end
                   context ".xml" do
                     should_allow_api_authentication(:put,
                       '/users/2.xml',
                       {:user => {:login => 'jsmith', :firstname => 'John', :lastname => 'Renamed', :mail => 'jsmith@somenet.foo'}},
                       {:success_code => :ok})
                     should "update user with the attributes" do
                       assert_no_difference('User.count') do
                         put '/users/2.xml', @parameters, :authorization => credentials('admin')
                       end
                       user = User.find(2)
                       assert_equal 'jsmith', user.login
                       assert_equal 'John', user.firstname
                       assert_equal 'Renamed', user.lastname
                       assert_equal 'jsmith@somenet.foo', user.mail
                       assert !user.admin?
                       assert_response :ok
                     end
                   end
                   context ".json" do
                     should_allow_api_authentication(:put,
                       '/users/2.json',
                       {:user => {:login => 'jsmith', :firstname => 'John', :lastname => 'Renamed', :mail => 'jsmith@somenet.foo'}},
                       {:success_code => :ok})
                     should "update user with the attributes" do
                       assert_no_difference('User.count') do
                         put '/users/2.json', @parameters, :authorization => credentials('admin')
                       end
                       user = User.find(2)
                       assert_equal 'jsmith', user.login
                       assert_equal 'John', user.firstname
                       assert_equal 'Renamed', user.lastname
                       assert_equal 'jsmith@somenet.foo', user.mail
                       assert !user.admin?
                       assert_response :ok
                     end
                   end
                 end
                 context "with invalid parameters" do
                   setup do
                     @parameters = {:user => {:login => 'jsmith', :firstname => '', :lastname => 'Lastname', :mail => 'foo'}}
                   end
                   context ".xml" do
                     should "return errors" do
                       assert_no_difference('User.count') do
                         put '/users/2.xml', @parameters, :authorization => credentials('admin')
                       end
                       assert_response :unprocessable_entity
                       assert_equal 'application/xml', @response.content_type
                       assert_tag 'errors', :child => {:tag => 'error', :content => "Firstname can't be blank"}
                     end
                   end
                   context ".json" do
                     should "return errors" do
                       assert_no_difference('User.count') do
                         put '/users/2.json', @parameters, :authorization => credentials('admin')
                       end
                       assert_response :unprocessable_entity
                       assert_equal 'application/json', @response.content_type
                       json = ActiveSupport::JSON.decode(response.body)
                       assert_kind_of Hash, json
                       assert json.has_key?('errors')
                       assert_kind_of Array, json['errors']
                     end
                   end
                 end
                 context "DELETE /users/2" do
                   context ".xml" do
                     should "not be allowed" do
                       assert_no_difference('User.count') do
                         delete '/users/2.xml'
                       end
                       assert_response :method_not_allowed
                     end
                   end
                   context ".json" do
                     should "not be allowed" do
                       assert_no_difference('User.count') do
                         delete '/users/2.json'
                       end
                       assert_response :method_not_allowed
                     end
                   end
                 end
               end
               def credentials(user, password=nil)
                 ActionController::HttpAuthentication::Basic.encode_credentials(user, password || user)
               end
             end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages