##// END OF EJS Templates
jro_apps » redmine
RSS
Merged r2986 from trunk....
Jean-Philippe Lang -
r2873:d09afa64c805
parent child
Show More
Side by Side Unified
Context file:
r2873:d09afa64c805 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,195 +1,199
1 # Redmine - project management software
1 # Redmine - project management software
2 # Copyright (C) 2006-2008 Jean-Philippe Lang
2 # Copyright (C) 2006-2008 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 class AccountController < ApplicationController
18 class AccountController < ApplicationController
19 helper :custom_fields
19 helper :custom_fields
20 include CustomFieldsHelper
20 include CustomFieldsHelper
21
21
22 # prevents login action to be filtered by check_if_login_required application scope filter
22 # prevents login action to be filtered by check_if_login_required application scope filter
23 skip_before_filter :check_if_login_required, :only => [:login, :lost_password, :register, :activate]
23 skip_before_filter :check_if_login_required, :only => [:login, :lost_password, :register, :activate]
24
24
25 # Show user's account
25 # Show user's account
26 def show
26 def show
27 @user = User.active.find(params[:id])
27 @user = User.active.find(params[:id])
28 @custom_values = @user.custom_values
28 @custom_values = @user.custom_values
29
29
30 # show only public projects and private projects that the logged in user is also a member of
30 # show only public projects and private projects that the logged in user is also a member of
31 @memberships = @user.memberships.select do |membership|
31 @memberships = @user.memberships.select do |membership|
32 membership.project.is_public? || (User.current.member_of?(membership.project))
32 membership.project.is_public? || (User.current.member_of?(membership.project))
33 end
33 end
34
34
35 events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
35 events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
36 @events_by_day = events.group_by(&:event_date)
36 @events_by_day = events.group_by(&:event_date)
37
37
38 if @user != User.current && !User.current.admin? && @memberships.empty? && events.empty?
39 render_404 and return
40 end
41
38 rescue ActiveRecord::RecordNotFound
42 rescue ActiveRecord::RecordNotFound
39 render_404
43 render_404
40 end
44 end
41
45
42 # Login request and validation
46 # Login request and validation
43 def login
47 def login
44 if request.get?
48 if request.get?
45 # Logout user
49 # Logout user
46 self.logged_user = nil
50 self.logged_user = nil
47 else
51 else
48 # Authenticate user
52 # Authenticate user
49 user = User.try_to_login(params[:username], params[:password])
53 user = User.try_to_login(params[:username], params[:password])
50 if user.nil?
54 if user.nil?
51 # Invalid credentials
55 # Invalid credentials
52 flash.now[:error] = l(:notice_account_invalid_creditentials)
56 flash.now[:error] = l(:notice_account_invalid_creditentials)
53 elsif user.new_record?
57 elsif user.new_record?
54 # Onthefly creation failed, display the registration form to fill/fix attributes
58 # Onthefly creation failed, display the registration form to fill/fix attributes
55 @user = user
59 @user = user
56 session[:auth_source_registration] = {:login => user.login, :auth_source_id => user.auth_source_id }
60 session[:auth_source_registration] = {:login => user.login, :auth_source_id => user.auth_source_id }
57 render :action => 'register'
61 render :action => 'register'
58 else
62 else
59 # Valid user
63 # Valid user
60 self.logged_user = user
64 self.logged_user = user
61 # generate a key and set cookie if autologin
65 # generate a key and set cookie if autologin
62 if params[:autologin] && Setting.autologin?
66 if params[:autologin] && Setting.autologin?
63 token = Token.create(:user => user, :action => 'autologin')
67 token = Token.create(:user => user, :action => 'autologin')
64 cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now }
68 cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now }
65 end
69 end
66 call_hook(:controller_account_success_authentication_after, {:user => user })
70 call_hook(:controller_account_success_authentication_after, {:user => user })
67 redirect_back_or_default :controller => 'my', :action => 'page'
71 redirect_back_or_default :controller => 'my', :action => 'page'
68 end
72 end
69 end
73 end
70 end
74 end
71
75
72 # Log out current user and redirect to welcome page
76 # Log out current user and redirect to welcome page
73 def logout
77 def logout
74 cookies.delete :autologin
78 cookies.delete :autologin
75 Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin']) if User.current.logged?
79 Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin']) if User.current.logged?
76 self.logged_user = nil
80 self.logged_user = nil
77 redirect_to home_url
81 redirect_to home_url
78 end
82 end
79
83
80 # Enable user to choose a new password
84 # Enable user to choose a new password
81 def lost_password
85 def lost_password
82 redirect_to(home_url) && return unless Setting.lost_password?
86 redirect_to(home_url) && return unless Setting.lost_password?
83 if params[:token]
87 if params[:token]
84 @token = Token.find_by_action_and_value("recovery", params[:token])
88 @token = Token.find_by_action_and_value("recovery", params[:token])
85 redirect_to(home_url) && return unless @token and !@token.expired?
89 redirect_to(home_url) && return unless @token and !@token.expired?
86 @user = @token.user
90 @user = @token.user
87 if request.post?
91 if request.post?
88 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
92 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
89 if @user.save
93 if @user.save
90 @token.destroy
94 @token.destroy
91 flash[:notice] = l(:notice_account_password_updated)
95 flash[:notice] = l(:notice_account_password_updated)
92 redirect_to :action => 'login'
96 redirect_to :action => 'login'
93 return
97 return
94 end
98 end
95 end
99 end
96 render :template => "account/password_recovery"
100 render :template => "account/password_recovery"
97 return
101 return
98 else
102 else
99 if request.post?
103 if request.post?
100 user = User.find_by_mail(params[:mail])
104 user = User.find_by_mail(params[:mail])
101 # user not found in db
105 # user not found in db
102 flash.now[:error] = l(:notice_account_unknown_email) and return unless user
106 flash.now[:error] = l(:notice_account_unknown_email) and return unless user
103 # user uses an external authentification
107 # user uses an external authentification
104 flash.now[:error] = l(:notice_can_t_change_password) and return if user.auth_source_id
108 flash.now[:error] = l(:notice_can_t_change_password) and return if user.auth_source_id
105 # create a new token for password recovery
109 # create a new token for password recovery
106 token = Token.new(:user => user, :action => "recovery")
110 token = Token.new(:user => user, :action => "recovery")
107 if token.save
111 if token.save
108 Mailer.deliver_lost_password(token)
112 Mailer.deliver_lost_password(token)
109 flash[:notice] = l(:notice_account_lost_email_sent)
113 flash[:notice] = l(:notice_account_lost_email_sent)
110 redirect_to :action => 'login'
114 redirect_to :action => 'login'
111 return
115 return
112 end
116 end
113 end
117 end
114 end
118 end
115 end
119 end
116
120
117 # User self-registration
121 # User self-registration
118 def register
122 def register
119 redirect_to(home_url) && return unless Setting.self_registration? || session[:auth_source_registration]
123 redirect_to(home_url) && return unless Setting.self_registration? || session[:auth_source_registration]
120 if request.get?
124 if request.get?
121 session[:auth_source_registration] = nil
125 session[:auth_source_registration] = nil
122 @user = User.new(:language => Setting.default_language)
126 @user = User.new(:language => Setting.default_language)
123 else
127 else
124 @user = User.new(params[:user])
128 @user = User.new(params[:user])
125 @user.admin = false
129 @user.admin = false
126 @user.status = User::STATUS_REGISTERED
130 @user.status = User::STATUS_REGISTERED
127 if session[:auth_source_registration]
131 if session[:auth_source_registration]
128 @user.status = User::STATUS_ACTIVE
132 @user.status = User::STATUS_ACTIVE
129 @user.login = session[:auth_source_registration][:login]
133 @user.login = session[:auth_source_registration][:login]
130 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
134 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
131 if @user.save
135 if @user.save
132 session[:auth_source_registration] = nil
136 session[:auth_source_registration] = nil
133 self.logged_user = @user
137 self.logged_user = @user
134 flash[:notice] = l(:notice_account_activated)
138 flash[:notice] = l(:notice_account_activated)
135 redirect_to :controller => 'my', :action => 'account'
139 redirect_to :controller => 'my', :action => 'account'
136 end
140 end
137 else
141 else
138 @user.login = params[:user][:login]
142 @user.login = params[:user][:login]
139 @user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
143 @user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
140 case Setting.self_registration
144 case Setting.self_registration
141 when '1'
145 when '1'
142 # Email activation
146 # Email activation
143 token = Token.new(:user => @user, :action => "register")
147 token = Token.new(:user => @user, :action => "register")
144 if @user.save and token.save
148 if @user.save and token.save
145 Mailer.deliver_register(token)
149 Mailer.deliver_register(token)
146 flash[:notice] = l(:notice_account_register_done)
150 flash[:notice] = l(:notice_account_register_done)
147 redirect_to :action => 'login'
151 redirect_to :action => 'login'
148 end
152 end
149 when '3'
153 when '3'
150 # Automatic activation
154 # Automatic activation
151 @user.status = User::STATUS_ACTIVE
155 @user.status = User::STATUS_ACTIVE
152 if @user.save
156 if @user.save
153 self.logged_user = @user
157 self.logged_user = @user
154 flash[:notice] = l(:notice_account_activated)
158 flash[:notice] = l(:notice_account_activated)
155 redirect_to :controller => 'my', :action => 'account'
159 redirect_to :controller => 'my', :action => 'account'
156 end
160 end
157 else
161 else
158 # Manual activation by the administrator
162 # Manual activation by the administrator
159 if @user.save
163 if @user.save
160 # Sends an email to the administrators
164 # Sends an email to the administrators
161 Mailer.deliver_account_activation_request(@user)
165 Mailer.deliver_account_activation_request(@user)
162 flash[:notice] = l(:notice_account_pending)
166 flash[:notice] = l(:notice_account_pending)
163 redirect_to :action => 'login'
167 redirect_to :action => 'login'
164 end
168 end
165 end
169 end
166 end
170 end
167 end
171 end
168 end
172 end
169
173
170 # Token based account activation
174 # Token based account activation
171 def activate
175 def activate
172 redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
176 redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
173 token = Token.find_by_action_and_value('register', params[:token])
177 token = Token.find_by_action_and_value('register', params[:token])
174 redirect_to(home_url) && return unless token and !token.expired?
178 redirect_to(home_url) && return unless token and !token.expired?
175 user = token.user
179 user = token.user
176 redirect_to(home_url) && return unless user.status == User::STATUS_REGISTERED
180 redirect_to(home_url) && return unless user.status == User::STATUS_REGISTERED
177 user.status = User::STATUS_ACTIVE
181 user.status = User::STATUS_ACTIVE
178 if user.save
182 if user.save
179 token.destroy
183 token.destroy
180 flash[:notice] = l(:notice_account_activated)
184 flash[:notice] = l(:notice_account_activated)
181 end
185 end
182 redirect_to :action => 'login'
186 redirect_to :action => 'login'
183 end
187 end
184
188
185 private
189 private
186 def logged_user=(user)
190 def logged_user=(user)
187 if user && user.is_a?(User)
191 if user && user.is_a?(User)
188 User.current = user
192 User.current = user
189 session[:user_id] = user.id
193 session[:user_id] = user.id
190 else
194 else
191 User.current = User.anonymous
195 User.current = User.anonymous
192 session[:user_id] = nil
196 session[:user_id] = nil
193 end
197 end
194 end
198 end
195 end
199 end
Show file before | Show file after | Hide comments
@@ -1,100 +1,148
1 ---
1 ---
2 users_004:
2 users_004:
3 created_on: 2006-07-19 19:34:07 +02:00
3 created_on: 2006-07-19 19:34:07 +02:00
4 status: 1
4 status: 1
5 last_login_on:
5 last_login_on:
6 language: en
6 language: en
7 hashed_password: 4e4aeb7baaf0706bd670263fef42dad15763b608
7 hashed_password: 4e4aeb7baaf0706bd670263fef42dad15763b608
8 updated_on: 2006-07-19 19:34:07 +02:00
8 updated_on: 2006-07-19 19:34:07 +02:00
9 admin: false
9 admin: false
10 mail: rhill@somenet.foo
10 mail: rhill@somenet.foo
11 lastname: Hill
11 lastname: Hill
12 firstname: Robert
12 firstname: Robert
13 id: 4
13 id: 4
14 auth_source_id:
14 auth_source_id:
15 mail_notification: true
15 mail_notification: true
16 login: rhill
16 login: rhill
17 type: User
17 type: User
18 users_001:
18 users_001:
19 created_on: 2006-07-19 19:12:21 +02:00
19 created_on: 2006-07-19 19:12:21 +02:00
20 status: 1
20 status: 1
21 last_login_on: 2006-07-19 22:57:52 +02:00
21 last_login_on: 2006-07-19 22:57:52 +02:00
22 language: en
22 language: en
23 hashed_password: d033e22ae348aeb5660fc2140aec35850c4da997
23 hashed_password: d033e22ae348aeb5660fc2140aec35850c4da997
24 updated_on: 2006-07-19 22:57:52 +02:00
24 updated_on: 2006-07-19 22:57:52 +02:00
25 admin: true
25 admin: true
26 mail: admin@somenet.foo
26 mail: admin@somenet.foo
27 lastname: Admin
27 lastname: Admin
28 firstname: redMine
28 firstname: redMine
29 id: 1
29 id: 1
30 auth_source_id:
30 auth_source_id:
31 mail_notification: true
31 mail_notification: true
32 login: admin
32 login: admin
33 type: User
33 type: User
34 users_002:
34 users_002:
35 created_on: 2006-07-19 19:32:09 +02:00
35 created_on: 2006-07-19 19:32:09 +02:00
36 status: 1
36 status: 1
37 last_login_on: 2006-07-19 22:42:15 +02:00
37 last_login_on: 2006-07-19 22:42:15 +02:00
38 language: en
38 language: en
39 hashed_password: a9a653d4151fa2c081ba1ffc2c2726f3b80b7d7d
39 hashed_password: a9a653d4151fa2c081ba1ffc2c2726f3b80b7d7d
40 updated_on: 2006-07-19 22:42:15 +02:00
40 updated_on: 2006-07-19 22:42:15 +02:00
41 admin: false
41 admin: false
42 mail: jsmith@somenet.foo
42 mail: jsmith@somenet.foo
43 lastname: Smith
43 lastname: Smith
44 firstname: John
44 firstname: John
45 id: 2
45 id: 2
46 auth_source_id:
46 auth_source_id:
47 mail_notification: true
47 mail_notification: true
48 login: jsmith
48 login: jsmith
49 type: User
49 type: User
50 users_003:
50 users_003:
51 created_on: 2006-07-19 19:33:19 +02:00
51 created_on: 2006-07-19 19:33:19 +02:00
52 status: 1
52 status: 1
53 last_login_on:
53 last_login_on:
54 language: en
54 language: en
55 hashed_password: 7feb7657aa7a7bf5aef3414a5084875f27192415
55 hashed_password: 7feb7657aa7a7bf5aef3414a5084875f27192415
56 updated_on: 2006-07-19 19:33:19 +02:00
56 updated_on: 2006-07-19 19:33:19 +02:00
57 admin: false
57 admin: false
58 mail: dlopper@somenet.foo
58 mail: dlopper@somenet.foo
59 lastname: Lopper
59 lastname: Lopper
60 firstname: Dave
60 firstname: Dave
61 id: 3
61 id: 3
62 auth_source_id:
62 auth_source_id:
63 mail_notification: true
63 mail_notification: true
64 login: dlopper
64 login: dlopper
65 type: User
65 type: User
66 users_005:
66 users_005:
67 id: 5
67 id: 5
68 created_on: 2006-07-19 19:33:19 +02:00
68 created_on: 2006-07-19 19:33:19 +02:00
69 # Locked
69 # Locked
70 status: 3
70 status: 3
71 last_login_on:
71 last_login_on:
72 language: en
72 language: en
73 hashed_password: 7feb7657aa7a7bf5aef3414a5084875f27192415
73 hashed_password: 7feb7657aa7a7bf5aef3414a5084875f27192415
74 updated_on: 2006-07-19 19:33:19 +02:00
74 updated_on: 2006-07-19 19:33:19 +02:00
75 admin: false
75 admin: false
76 mail: dlopper2@somenet.foo
76 mail: dlopper2@somenet.foo
77 lastname: Lopper2
77 lastname: Lopper2
78 firstname: Dave2
78 firstname: Dave2
79 auth_source_id:
79 auth_source_id:
80 mail_notification: true
80 mail_notification: true
81 login: dlopper2
81 login: dlopper2
82 type: User
82 type: User
83 users_006:
83 users_006:
84 id: 6
84 id: 6
85 created_on: 2006-07-19 19:33:19 +02:00
85 created_on: 2006-07-19 19:33:19 +02:00
86 status: 1
86 status: 1
87 last_login_on:
87 last_login_on:
88 language: ''
88 language: ''
89 hashed_password: 1
89 hashed_password: 1
90 updated_on: 2006-07-19 19:33:19 +02:00
90 updated_on: 2006-07-19 19:33:19 +02:00
91 admin: false
91 admin: false
92 mail: ''
92 mail: ''
93 lastname: Anonymous
93 lastname: Anonymous
94 firstname: ''
94 firstname: ''
95 auth_source_id:
95 auth_source_id:
96 mail_notification: false
96 mail_notification: false
97 login: ''
97 login: ''
98 type: AnonymousUser
98 type: AnonymousUser
99 users_007:
100 id: 7
101 created_on: 2006-07-19 19:33:19 +02:00
102 status: 1
103 last_login_on:
104 language: ''
105 hashed_password: 1
106 updated_on: 2006-07-19 19:33:19 +02:00
107 admin: false
108 mail: someone@foo.bar
109 lastname: One
110 firstname: Some
111 auth_source_id:
112 mail_notification: false
113 login: someone
114 type: User
115 users_008:
116 id: 8
117 created_on: 2006-07-19 19:33:19 +02:00
118 status: 1
119 last_login_on:
120 language: 'it'
121 hashed_password: 1
122 updated_on: 2006-07-19 19:33:19 +02:00
123 admin: false
124 mail: miscuser8@foo.bar
125 lastname: Misc
126 firstname: User
127 auth_source_id:
128 mail_notification: false
129 login: miscuser8
130 type: User
131 users_009:
132 id: 9
133 created_on: 2006-07-19 19:33:19 +02:00
134 status: 1
135 last_login_on:
136 language: 'it'
137 hashed_password: 1
138 updated_on: 2006-07-19 19:33:19 +02:00
139 admin: false
140 mail: miscuser9@foo.bar
141 lastname: Misc
142 firstname: User
143 auth_source_id:
144 mail_notification: false
145 login: miscuser9
146 type: User
99
147
100 No newline at end of file
148
Show file before | Show file after | Hide comments
@@ -1,84 +1,89
1 # redMine - project management software
1 # redMine - project management software
2 # Copyright (C) 2006-2007 Jean-Philippe Lang
2 # Copyright (C) 2006-2007 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 require File.dirname(__FILE__) + '/../test_helper'
18 require File.dirname(__FILE__) + '/../test_helper'
19 require 'account_controller'
19 require 'account_controller'
20
20
21 # Re-raise errors caught by the controller.
21 # Re-raise errors caught by the controller.
22 class AccountController; def rescue_action(e) raise e end; end
22 class AccountController; def rescue_action(e) raise e end; end
23
23
24 class AccountControllerTest < Test::Unit::TestCase
24 class AccountControllerTest < Test::Unit::TestCase
25 fixtures :users
25 fixtures :users
26
26
27 def setup
27 def setup
28 @controller = AccountController.new
28 @controller = AccountController.new
29 @request = ActionController::TestRequest.new
29 @request = ActionController::TestRequest.new
30 @response = ActionController::TestResponse.new
30 @response = ActionController::TestResponse.new
31 User.current = nil
31 User.current = nil
32 end
32 end
33
33
34 def test_show
34 def test_show
35 get :show, :id => 2
35 get :show, :id => 2
36 assert_response :success
36 assert_response :success
37 assert_template 'show'
37 assert_template 'show'
38 assert_not_nil assigns(:user)
38 assert_not_nil assigns(:user)
39 end
39 end
40
40
41 def test_show_inactive
41 def test_show_inactive
42 get :show, :id => 5
42 get :show, :id => 5
43 assert_response 404
43 assert_response 404
44 assert_nil assigns(:user)
44 assert_nil assigns(:user)
45 end
45 end
46
46
47 def test_show_should_not_reveal_users_with_no_visible_activity_or_project
48 get :show, :id => 9
49 assert_response 404
50 end
51
47 def test_login_should_redirect_to_back_url_param
52 def test_login_should_redirect_to_back_url_param
48 # request.uri is "test.host" in test environment
53 # request.uri is "test.host" in test environment
49 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http%3A%2F%2Ftest.host%2Fissues%2Fshow%2F1'
54 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http%3A%2F%2Ftest.host%2Fissues%2Fshow%2F1'
50 assert_redirected_to '/issues/show/1'
55 assert_redirected_to '/issues/show/1'
51 end
56 end
52
57
53 def test_login_should_not_redirect_to_another_host
58 def test_login_should_not_redirect_to_another_host
54 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http%3A%2F%2Ftest.foo%2Ffake'
59 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http%3A%2F%2Ftest.foo%2Ffake'
55 assert_redirected_to '/my/page'
60 assert_redirected_to '/my/page'
56 end
61 end
57
62
58 def test_login_with_wrong_password
63 def test_login_with_wrong_password
59 post :login, :username => 'admin', :password => 'bad'
64 post :login, :username => 'admin', :password => 'bad'
60 assert_response :success
65 assert_response :success
61 assert_template 'login'
66 assert_template 'login'
62 assert_tag 'div',
67 assert_tag 'div',
63 :attributes => { :class => "flash error" },
68 :attributes => { :class => "flash error" },
64 :content => /Invalid user or password/
69 :content => /Invalid user or password/
65 end
70 end
66
71
67 def test_autologin
72 def test_autologin
68 Setting.autologin = "7"
73 Setting.autologin = "7"
69 Token.delete_all
74 Token.delete_all
70 post :login, :username => 'admin', :password => 'admin', :autologin => 1
75 post :login, :username => 'admin', :password => 'admin', :autologin => 1
71 assert_redirected_to 'my/page'
76 assert_redirected_to 'my/page'
72 token = Token.find :first
77 token = Token.find :first
73 assert_not_nil token
78 assert_not_nil token
74 assert_equal User.find_by_login('admin'), token.user
79 assert_equal User.find_by_login('admin'), token.user
75 assert_equal 'autologin', token.action
80 assert_equal 'autologin', token.action
76 end
81 end
77
82
78 def test_logout
83 def test_logout
79 @request.session[:user_id] = 2
84 @request.session[:user_id] = 2
80 get :logout
85 get :logout
81 assert_redirected_to ''
86 assert_redirected_to ''
82 assert_nil @request.session[:user_id]
87 assert_nil @request.session[:user_id]
83 end
88 end
84 end
89 end
General Comments 0
You need to be logged in to leave comments. Login now