##// END OF EJS Templates
jro_apps » redmine
RSS
Merged r16287 to r16289 (#24416)....
Jean-Philippe Lang -
r15916:e360394be7a4
parent child
Show More
Side by Side Unified
Context file:
r15916:e360394be7a4 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,361 +1,369
1 # Redmine - project management software
1 # Redmine - project management software
2 # Copyright (C) 2006-2016 Jean-Philippe Lang
2 # Copyright (C) 2006-2016 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 class AccountController < ApplicationController
18 class AccountController < ApplicationController
19 helper :custom_fields
19 helper :custom_fields
20 include CustomFieldsHelper
20 include CustomFieldsHelper
21
21
22 # prevents login action to be filtered by check_if_login_required application scope filter
22 # prevents login action to be filtered by check_if_login_required application scope filter
23 skip_before_filter :check_if_login_required, :check_password_change
23 skip_before_filter :check_if_login_required, :check_password_change
24
24
25 # Overrides ApplicationController#verify_authenticity_token to disable
25 # Overrides ApplicationController#verify_authenticity_token to disable
26 # token verification on openid callbacks
26 # token verification on openid callbacks
27 def verify_authenticity_token
27 def verify_authenticity_token
28 unless using_open_id?
28 unless using_open_id?
29 super
29 super
30 end
30 end
31 end
31 end
32
32
33 # Login request and validation
33 # Login request and validation
34 def login
34 def login
35 if request.get?
35 if request.get?
36 if User.current.logged?
36 if User.current.logged?
37 redirect_back_or_default home_url, :referer => true
37 redirect_back_or_default home_url, :referer => true
38 end
38 end
39 else
39 else
40 authenticate_user
40 authenticate_user
41 end
41 end
42 rescue AuthSourceException => e
42 rescue AuthSourceException => e
43 logger.error "An error occured when authenticating #{params[:username]}: #{e.message}"
43 logger.error "An error occured when authenticating #{params[:username]}: #{e.message}"
44 render_error :message => e.message
44 render_error :message => e.message
45 end
45 end
46
46
47 # Log out current user and redirect to welcome page
47 # Log out current user and redirect to welcome page
48 def logout
48 def logout
49 if User.current.anonymous?
49 if User.current.anonymous?
50 redirect_to home_url
50 redirect_to home_url
51 elsif request.post?
51 elsif request.post?
52 logout_user
52 logout_user
53 redirect_to home_url
53 redirect_to home_url
54 end
54 end
55 # display the logout form
55 # display the logout form
56 end
56 end
57
57
58 # Lets user choose a new password
58 # Lets user choose a new password
59 def lost_password
59 def lost_password
60 (redirect_to(home_url); return) unless Setting.lost_password?
60 (redirect_to(home_url); return) unless Setting.lost_password?
61 if params[:token]
61 if prt = (params[:token] || session[:password_recovery_token])
62 @token = Token.find_token("recovery", params[:token].to_s)
62 @token = Token.find_token("recovery", prt.to_s)
63 if @token.nil? || @token.expired?
63 if @token.nil? || @token.expired?
64 redirect_to home_url
64 redirect_to home_url
65 return
65 return
66 end
66 end
67
68 # redirect to remove the token query parameter from the URL and add it to the session
69 if request.query_parameters[:token].present?
70 session[:password_recovery_token] = @token.value
71 redirect_to lost_password_url
72 return
73 end
74
67 @user = @token.user
75 @user = @token.user
68 unless @user && @user.active?
76 unless @user && @user.active?
69 redirect_to home_url
77 redirect_to home_url
70 return
78 return
71 end
79 end
72 if request.post?
80 if request.post?
73 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
81 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
74 if @user.save
82 if @user.save
75 @token.destroy
83 @token.destroy
76 Mailer.password_updated(@user)
84 Mailer.password_updated(@user)
77 flash[:notice] = l(:notice_account_password_updated)
85 flash[:notice] = l(:notice_account_password_updated)
78 redirect_to signin_path
86 redirect_to signin_path
79 return
87 return
80 end
88 end
81 end
89 end
82 render :template => "account/password_recovery"
90 render :template => "account/password_recovery"
83 return
91 return
84 else
92 else
85 if request.post?
93 if request.post?
86 email = params[:mail].to_s
94 email = params[:mail].to_s
87 user = User.find_by_mail(email)
95 user = User.find_by_mail(email)
88 # user not found
96 # user not found
89 unless user
97 unless user
90 flash.now[:error] = l(:notice_account_unknown_email)
98 flash.now[:error] = l(:notice_account_unknown_email)
91 return
99 return
92 end
100 end
93 unless user.active?
101 unless user.active?
94 handle_inactive_user(user, lost_password_path)
102 handle_inactive_user(user, lost_password_path)
95 return
103 return
96 end
104 end
97 # user cannot change its password
105 # user cannot change its password
98 unless user.change_password_allowed?
106 unless user.change_password_allowed?
99 flash.now[:error] = l(:notice_can_t_change_password)
107 flash.now[:error] = l(:notice_can_t_change_password)
100 return
108 return
101 end
109 end
102 # create a new token for password recovery
110 # create a new token for password recovery
103 token = Token.new(:user => user, :action => "recovery")
111 token = Token.new(:user => user, :action => "recovery")
104 if token.save
112 if token.save
105 # Don't use the param to send the email
113 # Don't use the param to send the email
106 recipent = user.mails.detect {|e| email.casecmp(e) == 0} || user.mail
114 recipent = user.mails.detect {|e| email.casecmp(e) == 0} || user.mail
107 Mailer.lost_password(token, recipent).deliver
115 Mailer.lost_password(token, recipent).deliver
108 flash[:notice] = l(:notice_account_lost_email_sent)
116 flash[:notice] = l(:notice_account_lost_email_sent)
109 redirect_to signin_path
117 redirect_to signin_path
110 return
118 return
111 end
119 end
112 end
120 end
113 end
121 end
114 end
122 end
115
123
116 # User self-registration
124 # User self-registration
117 def register
125 def register
118 (redirect_to(home_url); return) unless Setting.self_registration? || session[:auth_source_registration]
126 (redirect_to(home_url); return) unless Setting.self_registration? || session[:auth_source_registration]
119 if request.get?
127 if request.get?
120 session[:auth_source_registration] = nil
128 session[:auth_source_registration] = nil
121 @user = User.new(:language => current_language.to_s)
129 @user = User.new(:language => current_language.to_s)
122 else
130 else
123 user_params = params[:user] || {}
131 user_params = params[:user] || {}
124 @user = User.new
132 @user = User.new
125 @user.safe_attributes = user_params
133 @user.safe_attributes = user_params
126 @user.pref.attributes = params[:pref] if params[:pref]
134 @user.pref.attributes = params[:pref] if params[:pref]
127 @user.admin = false
135 @user.admin = false
128 @user.register
136 @user.register
129 if session[:auth_source_registration]
137 if session[:auth_source_registration]
130 @user.activate
138 @user.activate
131 @user.login = session[:auth_source_registration][:login]
139 @user.login = session[:auth_source_registration][:login]
132 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
140 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
133 if @user.save
141 if @user.save
134 session[:auth_source_registration] = nil
142 session[:auth_source_registration] = nil
135 self.logged_user = @user
143 self.logged_user = @user
136 flash[:notice] = l(:notice_account_activated)
144 flash[:notice] = l(:notice_account_activated)
137 redirect_to my_account_path
145 redirect_to my_account_path
138 end
146 end
139 else
147 else
140 @user.login = params[:user][:login]
148 @user.login = params[:user][:login]
141 unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank?
149 unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank?
142 @user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation]
150 @user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation]
143 end
151 end
144
152
145 case Setting.self_registration
153 case Setting.self_registration
146 when '1'
154 when '1'
147 register_by_email_activation(@user)
155 register_by_email_activation(@user)
148 when '3'
156 when '3'
149 register_automatically(@user)
157 register_automatically(@user)
150 else
158 else
151 register_manually_by_administrator(@user)
159 register_manually_by_administrator(@user)
152 end
160 end
153 end
161 end
154 end
162 end
155 end
163 end
156
164
157 # Token based account activation
165 # Token based account activation
158 def activate
166 def activate
159 (redirect_to(home_url); return) unless Setting.self_registration? && params[:token].present?
167 (redirect_to(home_url); return) unless Setting.self_registration? && params[:token].present?
160 token = Token.find_token('register', params[:token].to_s)
168 token = Token.find_token('register', params[:token].to_s)
161 (redirect_to(home_url); return) unless token and !token.expired?
169 (redirect_to(home_url); return) unless token and !token.expired?
162 user = token.user
170 user = token.user
163 (redirect_to(home_url); return) unless user.registered?
171 (redirect_to(home_url); return) unless user.registered?
164 user.activate
172 user.activate
165 if user.save
173 if user.save
166 token.destroy
174 token.destroy
167 flash[:notice] = l(:notice_account_activated)
175 flash[:notice] = l(:notice_account_activated)
168 end
176 end
169 redirect_to signin_path
177 redirect_to signin_path
170 end
178 end
171
179
172 # Sends a new account activation email
180 # Sends a new account activation email
173 def activation_email
181 def activation_email
174 if session[:registered_user_id] && Setting.self_registration == '1'
182 if session[:registered_user_id] && Setting.self_registration == '1'
175 user_id = session.delete(:registered_user_id).to_i
183 user_id = session.delete(:registered_user_id).to_i
176 user = User.find_by_id(user_id)
184 user = User.find_by_id(user_id)
177 if user && user.registered?
185 if user && user.registered?
178 register_by_email_activation(user)
186 register_by_email_activation(user)
179 return
187 return
180 end
188 end
181 end
189 end
182 redirect_to(home_url)
190 redirect_to(home_url)
183 end
191 end
184
192
185 private
193 private
186
194
187 def authenticate_user
195 def authenticate_user
188 if Setting.openid? && using_open_id?
196 if Setting.openid? && using_open_id?
189 open_id_authenticate(params[:openid_url])
197 open_id_authenticate(params[:openid_url])
190 else
198 else
191 password_authentication
199 password_authentication
192 end
200 end
193 end
201 end
194
202
195 def password_authentication
203 def password_authentication
196 user = User.try_to_login(params[:username], params[:password], false)
204 user = User.try_to_login(params[:username], params[:password], false)
197
205
198 if user.nil?
206 if user.nil?
199 invalid_credentials
207 invalid_credentials
200 elsif user.new_record?
208 elsif user.new_record?
201 onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
209 onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
202 else
210 else
203 # Valid user
211 # Valid user
204 if user.active?
212 if user.active?
205 successful_authentication(user)
213 successful_authentication(user)
206 update_sudo_timestamp! # activate Sudo Mode
214 update_sudo_timestamp! # activate Sudo Mode
207 else
215 else
208 handle_inactive_user(user)
216 handle_inactive_user(user)
209 end
217 end
210 end
218 end
211 end
219 end
212
220
213 def open_id_authenticate(openid_url)
221 def open_id_authenticate(openid_url)
214 back_url = signin_url(:autologin => params[:autologin])
222 back_url = signin_url(:autologin => params[:autologin])
215 authenticate_with_open_id(
223 authenticate_with_open_id(
216 openid_url, :required => [:nickname, :fullname, :email],
224 openid_url, :required => [:nickname, :fullname, :email],
217 :return_to => back_url, :method => :post
225 :return_to => back_url, :method => :post
218 ) do |result, identity_url, registration|
226 ) do |result, identity_url, registration|
219 if result.successful?
227 if result.successful?
220 user = User.find_or_initialize_by_identity_url(identity_url)
228 user = User.find_or_initialize_by_identity_url(identity_url)
221 if user.new_record?
229 if user.new_record?
222 # Self-registration off
230 # Self-registration off
223 (redirect_to(home_url); return) unless Setting.self_registration?
231 (redirect_to(home_url); return) unless Setting.self_registration?
224 # Create on the fly
232 # Create on the fly
225 user.login = registration['nickname'] unless registration['nickname'].nil?
233 user.login = registration['nickname'] unless registration['nickname'].nil?
226 user.mail = registration['email'] unless registration['email'].nil?
234 user.mail = registration['email'] unless registration['email'].nil?
227 user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
235 user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
228 user.random_password
236 user.random_password
229 user.register
237 user.register
230 case Setting.self_registration
238 case Setting.self_registration
231 when '1'
239 when '1'
232 register_by_email_activation(user) do
240 register_by_email_activation(user) do
233 onthefly_creation_failed(user)
241 onthefly_creation_failed(user)
234 end
242 end
235 when '3'
243 when '3'
236 register_automatically(user) do
244 register_automatically(user) do
237 onthefly_creation_failed(user)
245 onthefly_creation_failed(user)
238 end
246 end
239 else
247 else
240 register_manually_by_administrator(user) do
248 register_manually_by_administrator(user) do
241 onthefly_creation_failed(user)
249 onthefly_creation_failed(user)
242 end
250 end
243 end
251 end
244 else
252 else
245 # Existing record
253 # Existing record
246 if user.active?
254 if user.active?
247 successful_authentication(user)
255 successful_authentication(user)
248 else
256 else
249 handle_inactive_user(user)
257 handle_inactive_user(user)
250 end
258 end
251 end
259 end
252 end
260 end
253 end
261 end
254 end
262 end
255
263
256 def successful_authentication(user)
264 def successful_authentication(user)
257 logger.info "Successful authentication for '#{user.login}' from #{request.remote_ip} at #{Time.now.utc}"
265 logger.info "Successful authentication for '#{user.login}' from #{request.remote_ip} at #{Time.now.utc}"
258 # Valid user
266 # Valid user
259 self.logged_user = user
267 self.logged_user = user
260 # generate a key and set cookie if autologin
268 # generate a key and set cookie if autologin
261 if params[:autologin] && Setting.autologin?
269 if params[:autologin] && Setting.autologin?
262 set_autologin_cookie(user)
270 set_autologin_cookie(user)
263 end
271 end
264 call_hook(:controller_account_success_authentication_after, {:user => user })
272 call_hook(:controller_account_success_authentication_after, {:user => user })
265 redirect_back_or_default my_page_path
273 redirect_back_or_default my_page_path
266 end
274 end
267
275
268 def set_autologin_cookie(user)
276 def set_autologin_cookie(user)
269 token = Token.create(:user => user, :action => 'autologin')
277 token = Token.create(:user => user, :action => 'autologin')
270 secure = Redmine::Configuration['autologin_cookie_secure']
278 secure = Redmine::Configuration['autologin_cookie_secure']
271 if secure.nil?
279 if secure.nil?
272 secure = request.ssl?
280 secure = request.ssl?
273 end
281 end
274 cookie_options = {
282 cookie_options = {
275 :value => token.value,
283 :value => token.value,
276 :expires => 1.year.from_now,
284 :expires => 1.year.from_now,
277 :path => (Redmine::Configuration['autologin_cookie_path'] || RedmineApp::Application.config.relative_url_root || '/'),
285 :path => (Redmine::Configuration['autologin_cookie_path'] || RedmineApp::Application.config.relative_url_root || '/'),
278 :secure => secure,
286 :secure => secure,
279 :httponly => true
287 :httponly => true
280 }
288 }
281 cookies[autologin_cookie_name] = cookie_options
289 cookies[autologin_cookie_name] = cookie_options
282 end
290 end
283
291
284 # Onthefly creation failed, display the registration form to fill/fix attributes
292 # Onthefly creation failed, display the registration form to fill/fix attributes
285 def onthefly_creation_failed(user, auth_source_options = { })
293 def onthefly_creation_failed(user, auth_source_options = { })
286 @user = user
294 @user = user
287 session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
295 session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
288 render :action => 'register'
296 render :action => 'register'
289 end
297 end
290
298
291 def invalid_credentials
299 def invalid_credentials
292 logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
300 logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
293 flash.now[:error] = l(:notice_account_invalid_credentials)
301 flash.now[:error] = l(:notice_account_invalid_credentials)
294 end
302 end
295
303
296 # Register a user for email activation.
304 # Register a user for email activation.
297 #
305 #
298 # Pass a block for behavior when a user fails to save
306 # Pass a block for behavior when a user fails to save
299 def register_by_email_activation(user, &block)
307 def register_by_email_activation(user, &block)
300 token = Token.new(:user => user, :action => "register")
308 token = Token.new(:user => user, :action => "register")
301 if user.save and token.save
309 if user.save and token.save
302 Mailer.register(token).deliver
310 Mailer.register(token).deliver
303 flash[:notice] = l(:notice_account_register_done, :email => ERB::Util.h(user.mail))
311 flash[:notice] = l(:notice_account_register_done, :email => ERB::Util.h(user.mail))
304 redirect_to signin_path
312 redirect_to signin_path
305 else
313 else
306 yield if block_given?
314 yield if block_given?
307 end
315 end
308 end
316 end
309
317
310 # Automatically register a user
318 # Automatically register a user
311 #
319 #
312 # Pass a block for behavior when a user fails to save
320 # Pass a block for behavior when a user fails to save
313 def register_automatically(user, &block)
321 def register_automatically(user, &block)
314 # Automatic activation
322 # Automatic activation
315 user.activate
323 user.activate
316 user.last_login_on = Time.now
324 user.last_login_on = Time.now
317 if user.save
325 if user.save
318 self.logged_user = user
326 self.logged_user = user
319 flash[:notice] = l(:notice_account_activated)
327 flash[:notice] = l(:notice_account_activated)
320 redirect_to my_account_path
328 redirect_to my_account_path
321 else
329 else
322 yield if block_given?
330 yield if block_given?
323 end
331 end
324 end
332 end
325
333
326 # Manual activation by the administrator
334 # Manual activation by the administrator
327 #
335 #
328 # Pass a block for behavior when a user fails to save
336 # Pass a block for behavior when a user fails to save
329 def register_manually_by_administrator(user, &block)
337 def register_manually_by_administrator(user, &block)
330 if user.save
338 if user.save
331 # Sends an email to the administrators
339 # Sends an email to the administrators
332 Mailer.account_activation_request(user).deliver
340 Mailer.account_activation_request(user).deliver
333 account_pending(user)
341 account_pending(user)
334 else
342 else
335 yield if block_given?
343 yield if block_given?
336 end
344 end
337 end
345 end
338
346
339 def handle_inactive_user(user, redirect_path=signin_path)
347 def handle_inactive_user(user, redirect_path=signin_path)
340 if user.registered?
348 if user.registered?
341 account_pending(user, redirect_path)
349 account_pending(user, redirect_path)
342 else
350 else
343 account_locked(user, redirect_path)
351 account_locked(user, redirect_path)
344 end
352 end
345 end
353 end
346
354
347 def account_pending(user, redirect_path=signin_path)
355 def account_pending(user, redirect_path=signin_path)
348 if Setting.self_registration == '1'
356 if Setting.self_registration == '1'
349 flash[:error] = l(:notice_account_not_activated_yet, :url => activation_email_path)
357 flash[:error] = l(:notice_account_not_activated_yet, :url => activation_email_path)
350 session[:registered_user_id] = user.id
358 session[:registered_user_id] = user.id
351 else
359 else
352 flash[:error] = l(:notice_account_pending)
360 flash[:error] = l(:notice_account_pending)
353 end
361 end
354 redirect_to redirect_path
362 redirect_to redirect_path
355 end
363 end
356
364
357 def account_locked(user, redirect_path=signin_path)
365 def account_locked(user, redirect_path=signin_path)
358 flash[:error] = l(:notice_account_locked)
366 flash[:error] = l(:notice_account_locked)
359 redirect_to redirect_path
367 redirect_to redirect_path
360 end
368 end
361 end
369 end
Show file before | Show file after | Hide comments
@@ -1,465 +1,476
1 # Redmine - project management software
1 # Redmine - project management software
2 # Copyright (C) 2006-2016 Jean-Philippe Lang
2 # Copyright (C) 2006-2016 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 require File.expand_path('../../test_helper', __FILE__)
18 require File.expand_path('../../test_helper', __FILE__)
19
19
20 class AccountControllerTest < ActionController::TestCase
20 class AccountControllerTest < ActionController::TestCase
21 fixtures :users, :email_addresses, :roles
21 fixtures :users, :email_addresses, :roles
22
22
23 def setup
23 def setup
24 User.current = nil
24 User.current = nil
25 end
25 end
26
26
27 def test_get_login
27 def test_get_login
28 get :login
28 get :login
29 assert_response :success
29 assert_response :success
30 assert_template 'login'
30 assert_template 'login'
31
31
32 assert_select 'input[name=username]'
32 assert_select 'input[name=username]'
33 assert_select 'input[name=password]'
33 assert_select 'input[name=password]'
34 end
34 end
35
35
36 def test_get_login_while_logged_in_should_redirect_to_back_url_if_present
36 def test_get_login_while_logged_in_should_redirect_to_back_url_if_present
37 @request.session[:user_id] = 2
37 @request.session[:user_id] = 2
38 @request.env["HTTP_REFERER"] = 'http://test.host/issues/show/1'
38 @request.env["HTTP_REFERER"] = 'http://test.host/issues/show/1'
39
39
40 get :login, :back_url => 'http://test.host/issues/show/1'
40 get :login, :back_url => 'http://test.host/issues/show/1'
41 assert_redirected_to '/issues/show/1'
41 assert_redirected_to '/issues/show/1'
42 assert_equal 2, @request.session[:user_id]
42 assert_equal 2, @request.session[:user_id]
43 end
43 end
44
44
45 def test_get_login_while_logged_in_should_redirect_to_referer_without_back_url
45 def test_get_login_while_logged_in_should_redirect_to_referer_without_back_url
46 @request.session[:user_id] = 2
46 @request.session[:user_id] = 2
47 @request.env["HTTP_REFERER"] = 'http://test.host/issues/show/1'
47 @request.env["HTTP_REFERER"] = 'http://test.host/issues/show/1'
48
48
49 get :login
49 get :login
50 assert_redirected_to '/issues/show/1'
50 assert_redirected_to '/issues/show/1'
51 assert_equal 2, @request.session[:user_id]
51 assert_equal 2, @request.session[:user_id]
52 end
52 end
53
53
54 def test_get_login_while_logged_in_should_redirect_to_home_by_default
54 def test_get_login_while_logged_in_should_redirect_to_home_by_default
55 @request.session[:user_id] = 2
55 @request.session[:user_id] = 2
56
56
57 get :login
57 get :login
58 assert_redirected_to '/'
58 assert_redirected_to '/'
59 assert_equal 2, @request.session[:user_id]
59 assert_equal 2, @request.session[:user_id]
60 end
60 end
61
61
62 def test_login_should_redirect_to_back_url_param
62 def test_login_should_redirect_to_back_url_param
63 # request.uri is "test.host" in test environment
63 # request.uri is "test.host" in test environment
64 back_urls = [
64 back_urls = [
65 'http://test.host/issues/show/1',
65 'http://test.host/issues/show/1',
66 'http://test.host/',
66 'http://test.host/',
67 '/'
67 '/'
68 ]
68 ]
69 back_urls.each do |back_url|
69 back_urls.each do |back_url|
70 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
70 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
71 assert_redirected_to back_url
71 assert_redirected_to back_url
72 end
72 end
73 end
73 end
74
74
75 def test_login_with_suburi_should_redirect_to_back_url_param
75 def test_login_with_suburi_should_redirect_to_back_url_param
76 @relative_url_root = Redmine::Utils.relative_url_root
76 @relative_url_root = Redmine::Utils.relative_url_root
77 Redmine::Utils.relative_url_root = '/redmine'
77 Redmine::Utils.relative_url_root = '/redmine'
78
78
79 back_urls = [
79 back_urls = [
80 'http://test.host/redmine/issues/show/1',
80 'http://test.host/redmine/issues/show/1',
81 '/redmine'
81 '/redmine'
82 ]
82 ]
83 back_urls.each do |back_url|
83 back_urls.each do |back_url|
84 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
84 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
85 assert_redirected_to back_url
85 assert_redirected_to back_url
86 end
86 end
87 ensure
87 ensure
88 Redmine::Utils.relative_url_root = @relative_url_root
88 Redmine::Utils.relative_url_root = @relative_url_root
89 end
89 end
90
90
91 def test_login_should_not_redirect_to_another_host
91 def test_login_should_not_redirect_to_another_host
92 back_urls = [
92 back_urls = [
93 'http://test.foo/fake',
93 'http://test.foo/fake',
94 '//test.foo/fake'
94 '//test.foo/fake'
95 ]
95 ]
96 back_urls.each do |back_url|
96 back_urls.each do |back_url|
97 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
97 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
98 assert_redirected_to '/my/page'
98 assert_redirected_to '/my/page'
99 end
99 end
100 end
100 end
101
101
102 def test_login_with_suburi_should_not_redirect_to_another_suburi
102 def test_login_with_suburi_should_not_redirect_to_another_suburi
103 @relative_url_root = Redmine::Utils.relative_url_root
103 @relative_url_root = Redmine::Utils.relative_url_root
104 Redmine::Utils.relative_url_root = '/redmine'
104 Redmine::Utils.relative_url_root = '/redmine'
105
105
106 back_urls = [
106 back_urls = [
107 'http://test.host/',
107 'http://test.host/',
108 'http://test.host/fake',
108 'http://test.host/fake',
109 'http://test.host/fake/issues',
109 'http://test.host/fake/issues',
110 'http://test.host/redmine/../fake',
110 'http://test.host/redmine/../fake',
111 'http://test.host/redmine/../fake/issues',
111 'http://test.host/redmine/../fake/issues',
112 'http://test.host/redmine/%2e%2e/fake',
112 'http://test.host/redmine/%2e%2e/fake',
113 '//test.foo/fake',
113 '//test.foo/fake',
114 'http://test.host//fake',
114 'http://test.host//fake',
115 'http://test.host/\n//fake',
115 'http://test.host/\n//fake',
116 '//bar@test.foo',
116 '//bar@test.foo',
117 '//test.foo',
117 '//test.foo',
118 '////test.foo',
118 '////test.foo',
119 '@test.foo',
119 '@test.foo',
120 'fake@test.foo',
120 'fake@test.foo',
121 '.test.foo'
121 '.test.foo'
122 ]
122 ]
123 back_urls.each do |back_url|
123 back_urls.each do |back_url|
124 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
124 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
125 assert_redirected_to '/my/page'
125 assert_redirected_to '/my/page'
126 end
126 end
127 ensure
127 ensure
128 Redmine::Utils.relative_url_root = @relative_url_root
128 Redmine::Utils.relative_url_root = @relative_url_root
129 end
129 end
130
130
131 def test_login_with_wrong_password
131 def test_login_with_wrong_password
132 post :login, :username => 'admin', :password => 'bad'
132 post :login, :username => 'admin', :password => 'bad'
133 assert_response :success
133 assert_response :success
134 assert_template 'login'
134 assert_template 'login'
135
135
136 assert_select 'div.flash.error', :text => /Invalid user or password/
136 assert_select 'div.flash.error', :text => /Invalid user or password/
137 assert_select 'input[name=username][value=admin]'
137 assert_select 'input[name=username][value=admin]'
138 assert_select 'input[name=password]'
138 assert_select 'input[name=password]'
139 assert_select 'input[name=password][value]', 0
139 assert_select 'input[name=password][value]', 0
140 end
140 end
141
141
142 def test_login_with_locked_account_should_fail
142 def test_login_with_locked_account_should_fail
143 User.find(2).update_attribute :status, User::STATUS_LOCKED
143 User.find(2).update_attribute :status, User::STATUS_LOCKED
144
144
145 post :login, :username => 'jsmith', :password => 'jsmith'
145 post :login, :username => 'jsmith', :password => 'jsmith'
146 assert_redirected_to '/login'
146 assert_redirected_to '/login'
147 assert_include 'locked', flash[:error]
147 assert_include 'locked', flash[:error]
148 assert_nil @request.session[:user_id]
148 assert_nil @request.session[:user_id]
149 end
149 end
150
150
151 def test_login_as_registered_user_with_manual_activation_should_inform_user
151 def test_login_as_registered_user_with_manual_activation_should_inform_user
152 User.find(2).update_attribute :status, User::STATUS_REGISTERED
152 User.find(2).update_attribute :status, User::STATUS_REGISTERED
153
153
154 with_settings :self_registration => '2', :default_language => 'en' do
154 with_settings :self_registration => '2', :default_language => 'en' do
155 post :login, :username => 'jsmith', :password => 'jsmith'
155 post :login, :username => 'jsmith', :password => 'jsmith'
156 assert_redirected_to '/login'
156 assert_redirected_to '/login'
157 assert_include 'pending administrator approval', flash[:error]
157 assert_include 'pending administrator approval', flash[:error]
158 end
158 end
159 end
159 end
160
160
161 def test_login_as_registered_user_with_email_activation_should_propose_new_activation_email
161 def test_login_as_registered_user_with_email_activation_should_propose_new_activation_email
162 User.find(2).update_attribute :status, User::STATUS_REGISTERED
162 User.find(2).update_attribute :status, User::STATUS_REGISTERED
163
163
164 with_settings :self_registration => '1', :default_language => 'en' do
164 with_settings :self_registration => '1', :default_language => 'en' do
165 post :login, :username => 'jsmith', :password => 'jsmith'
165 post :login, :username => 'jsmith', :password => 'jsmith'
166 assert_redirected_to '/login'
166 assert_redirected_to '/login'
167 assert_equal 2, @request.session[:registered_user_id]
167 assert_equal 2, @request.session[:registered_user_id]
168 assert_include 'new activation email', flash[:error]
168 assert_include 'new activation email', flash[:error]
169 end
169 end
170 end
170 end
171
171
172 def test_login_should_rescue_auth_source_exception
172 def test_login_should_rescue_auth_source_exception
173 source = AuthSource.create!(:name => 'Test')
173 source = AuthSource.create!(:name => 'Test')
174 User.find(2).update_attribute :auth_source_id, source.id
174 User.find(2).update_attribute :auth_source_id, source.id
175 AuthSource.any_instance.stubs(:authenticate).raises(AuthSourceException.new("Something wrong"))
175 AuthSource.any_instance.stubs(:authenticate).raises(AuthSourceException.new("Something wrong"))
176
176
177 post :login, :username => 'jsmith', :password => 'jsmith'
177 post :login, :username => 'jsmith', :password => 'jsmith'
178 assert_response 500
178 assert_response 500
179 assert_select_error /Something wrong/
179 assert_select_error /Something wrong/
180 end
180 end
181
181
182 def test_login_should_reset_session
182 def test_login_should_reset_session
183 @controller.expects(:reset_session).once
183 @controller.expects(:reset_session).once
184
184
185 post :login, :username => 'jsmith', :password => 'jsmith'
185 post :login, :username => 'jsmith', :password => 'jsmith'
186 assert_response 302
186 assert_response 302
187 end
187 end
188
188
189 def test_get_logout_should_not_logout
189 def test_get_logout_should_not_logout
190 @request.session[:user_id] = 2
190 @request.session[:user_id] = 2
191 get :logout
191 get :logout
192 assert_response :success
192 assert_response :success
193 assert_template 'logout'
193 assert_template 'logout'
194
194
195 assert_equal 2, @request.session[:user_id]
195 assert_equal 2, @request.session[:user_id]
196 end
196 end
197
197
198 def test_get_logout_with_anonymous_should_redirect
198 def test_get_logout_with_anonymous_should_redirect
199 get :logout
199 get :logout
200 assert_redirected_to '/'
200 assert_redirected_to '/'
201 end
201 end
202
202
203 def test_logout
203 def test_logout
204 @request.session[:user_id] = 2
204 @request.session[:user_id] = 2
205 post :logout
205 post :logout
206 assert_redirected_to '/'
206 assert_redirected_to '/'
207 assert_nil @request.session[:user_id]
207 assert_nil @request.session[:user_id]
208 end
208 end
209
209
210 def test_logout_should_reset_session
210 def test_logout_should_reset_session
211 @controller.expects(:reset_session).once
211 @controller.expects(:reset_session).once
212
212
213 @request.session[:user_id] = 2
213 @request.session[:user_id] = 2
214 post :logout
214 post :logout
215 assert_response 302
215 assert_response 302
216 end
216 end
217
217
218 def test_get_register_with_registration_on
218 def test_get_register_with_registration_on
219 with_settings :self_registration => '3' do
219 with_settings :self_registration => '3' do
220 get :register
220 get :register
221 assert_response :success
221 assert_response :success
222 assert_template 'register'
222 assert_template 'register'
223 assert_not_nil assigns(:user)
223 assert_not_nil assigns(:user)
224
224
225 assert_select 'input[name=?]', 'user[password]'
225 assert_select 'input[name=?]', 'user[password]'
226 assert_select 'input[name=?]', 'user[password_confirmation]'
226 assert_select 'input[name=?]', 'user[password_confirmation]'
227 end
227 end
228 end
228 end
229
229
230 def test_get_register_should_detect_user_language
230 def test_get_register_should_detect_user_language
231 with_settings :self_registration => '3' do
231 with_settings :self_registration => '3' do
232 @request.env['HTTP_ACCEPT_LANGUAGE'] = 'fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3'
232 @request.env['HTTP_ACCEPT_LANGUAGE'] = 'fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3'
233 get :register
233 get :register
234 assert_response :success
234 assert_response :success
235 assert_not_nil assigns(:user)
235 assert_not_nil assigns(:user)
236 assert_equal 'fr', assigns(:user).language
236 assert_equal 'fr', assigns(:user).language
237 assert_select 'select[name=?]', 'user[language]' do
237 assert_select 'select[name=?]', 'user[language]' do
238 assert_select 'option[value=fr][selected=selected]'
238 assert_select 'option[value=fr][selected=selected]'
239 end
239 end
240 end
240 end
241 end
241 end
242
242
243 def test_get_register_with_registration_off_should_redirect
243 def test_get_register_with_registration_off_should_redirect
244 with_settings :self_registration => '0' do
244 with_settings :self_registration => '0' do
245 get :register
245 get :register
246 assert_redirected_to '/'
246 assert_redirected_to '/'
247 end
247 end
248 end
248 end
249
249
250 def test_get_register_should_show_hide_mail_preference
250 def test_get_register_should_show_hide_mail_preference
251 get :register
251 get :register
252 assert_select 'input[name=?][checked=checked]', 'pref[hide_mail]'
252 assert_select 'input[name=?][checked=checked]', 'pref[hide_mail]'
253 end
253 end
254
254
255 def test_get_register_should_show_hide_mail_preference_with_setting_turned_off
255 def test_get_register_should_show_hide_mail_preference_with_setting_turned_off
256 with_settings :default_users_hide_mail => '0' do
256 with_settings :default_users_hide_mail => '0' do
257 get :register
257 get :register
258 assert_select 'input[name=?]:not([checked=checked])', 'pref[hide_mail]'
258 assert_select 'input[name=?]:not([checked=checked])', 'pref[hide_mail]'
259 end
259 end
260 end
260 end
261
261
262 # See integration/account_test.rb for the full test
262 # See integration/account_test.rb for the full test
263 def test_post_register_with_registration_on
263 def test_post_register_with_registration_on
264 with_settings :self_registration => '3' do
264 with_settings :self_registration => '3' do
265 assert_difference 'User.count' do
265 assert_difference 'User.count' do
266 post :register, :user => {
266 post :register, :user => {
267 :login => 'register',
267 :login => 'register',
268 :password => 'secret123',
268 :password => 'secret123',
269 :password_confirmation => 'secret123',
269 :password_confirmation => 'secret123',
270 :firstname => 'John',
270 :firstname => 'John',
271 :lastname => 'Doe',
271 :lastname => 'Doe',
272 :mail => 'register@example.com'
272 :mail => 'register@example.com'
273 }
273 }
274 assert_redirected_to '/my/account'
274 assert_redirected_to '/my/account'
275 end
275 end
276 user = User.order('id DESC').first
276 user = User.order('id DESC').first
277 assert_equal 'register', user.login
277 assert_equal 'register', user.login
278 assert_equal 'John', user.firstname
278 assert_equal 'John', user.firstname
279 assert_equal 'Doe', user.lastname
279 assert_equal 'Doe', user.lastname
280 assert_equal 'register@example.com', user.mail
280 assert_equal 'register@example.com', user.mail
281 assert user.check_password?('secret123')
281 assert user.check_password?('secret123')
282 assert user.active?
282 assert user.active?
283 end
283 end
284 end
284 end
285
285
286 def test_post_register_with_registration_off_should_redirect
286 def test_post_register_with_registration_off_should_redirect
287 with_settings :self_registration => '0' do
287 with_settings :self_registration => '0' do
288 assert_no_difference 'User.count' do
288 assert_no_difference 'User.count' do
289 post :register, :user => {
289 post :register, :user => {
290 :login => 'register',
290 :login => 'register',
291 :password => 'test',
291 :password => 'test',
292 :password_confirmation => 'test',
292 :password_confirmation => 'test',
293 :firstname => 'John',
293 :firstname => 'John',
294 :lastname => 'Doe',
294 :lastname => 'Doe',
295 :mail => 'register@example.com'
295 :mail => 'register@example.com'
296 }
296 }
297 assert_redirected_to '/'
297 assert_redirected_to '/'
298 end
298 end
299 end
299 end
300 end
300 end
301
301
302 def test_post_register_should_create_user_with_hide_mail_preference
302 def test_post_register_should_create_user_with_hide_mail_preference
303 with_settings :default_users_hide_mail => '0' do
303 with_settings :default_users_hide_mail => '0' do
304 user = new_record(User) do
304 user = new_record(User) do
305 post :register, :user => {
305 post :register, :user => {
306 :login => 'register',
306 :login => 'register',
307 :password => 'secret123', :password_confirmation => 'secret123',
307 :password => 'secret123', :password_confirmation => 'secret123',
308 :firstname => 'John', :lastname => 'Doe',
308 :firstname => 'John', :lastname => 'Doe',
309 :mail => 'register@example.com'
309 :mail => 'register@example.com'
310 }, :pref => {
310 }, :pref => {
311 :hide_mail => '1'
311 :hide_mail => '1'
312 }
312 }
313 end
313 end
314 assert_equal true, user.pref.hide_mail
314 assert_equal true, user.pref.hide_mail
315 end
315 end
316 end
316 end
317
317
318 def test_get_lost_password_should_display_lost_password_form
318 def test_get_lost_password_should_display_lost_password_form
319 get :lost_password
319 get :lost_password
320 assert_response :success
320 assert_response :success
321 assert_select 'input[name=mail]'
321 assert_select 'input[name=mail]'
322 end
322 end
323
323
324 def test_lost_password_for_active_user_should_create_a_token
324 def test_lost_password_for_active_user_should_create_a_token
325 Token.delete_all
325 Token.delete_all
326 ActionMailer::Base.deliveries.clear
326 ActionMailer::Base.deliveries.clear
327 assert_difference 'ActionMailer::Base.deliveries.size' do
327 assert_difference 'ActionMailer::Base.deliveries.size' do
328 assert_difference 'Token.count' do
328 assert_difference 'Token.count' do
329 post :lost_password, :mail => 'JSmith@somenet.foo'
329 post :lost_password, :mail => 'JSmith@somenet.foo'
330 assert_redirected_to '/login'
330 assert_redirected_to '/login'
331 end
331 end
332 end
332 end
333
333
334 token = Token.order('id DESC').first
334 token = Token.order('id DESC').first
335 assert_equal User.find(2), token.user
335 assert_equal User.find(2), token.user
336 assert_equal 'recovery', token.action
336 assert_equal 'recovery', token.action
337
337
338 assert_select_email do
338 assert_select_email do
339 assert_select "a[href=?]", "http://localhost:3000/account/lost_password?token=#{token.value}"
339 assert_select "a[href=?]", "http://localhost:3000/account/lost_password?token=#{token.value}"
340 end
340 end
341 end
341 end
342
342
343 def test_lost_password_using_additional_email_address_should_send_email_to_the_address
343 def test_lost_password_using_additional_email_address_should_send_email_to_the_address
344 EmailAddress.create!(:user_id => 2, :address => 'anotherAddress@foo.bar')
344 EmailAddress.create!(:user_id => 2, :address => 'anotherAddress@foo.bar')
345 Token.delete_all
345 Token.delete_all
346
346
347 assert_difference 'ActionMailer::Base.deliveries.size' do
347 assert_difference 'ActionMailer::Base.deliveries.size' do
348 assert_difference 'Token.count' do
348 assert_difference 'Token.count' do
349 post :lost_password, :mail => 'ANOTHERaddress@foo.bar'
349 post :lost_password, :mail => 'ANOTHERaddress@foo.bar'
350 assert_redirected_to '/login'
350 assert_redirected_to '/login'
351 end
351 end
352 end
352 end
353 mail = ActionMailer::Base.deliveries.last
353 mail = ActionMailer::Base.deliveries.last
354 assert_equal ['anotherAddress@foo.bar'], mail.bcc
354 assert_equal ['anotherAddress@foo.bar'], mail.bcc
355 end
355 end
356
356
357 def test_lost_password_for_unknown_user_should_fail
357 def test_lost_password_for_unknown_user_should_fail
358 Token.delete_all
358 Token.delete_all
359 assert_no_difference 'Token.count' do
359 assert_no_difference 'Token.count' do
360 post :lost_password, :mail => 'invalid@somenet.foo'
360 post :lost_password, :mail => 'invalid@somenet.foo'
361 assert_response :success
361 assert_response :success
362 end
362 end
363 end
363 end
364
364
365 def test_lost_password_for_non_active_user_should_fail
365 def test_lost_password_for_non_active_user_should_fail
366 Token.delete_all
366 Token.delete_all
367 assert User.find(2).lock!
367 assert User.find(2).lock!
368
368
369 assert_no_difference 'Token.count' do
369 assert_no_difference 'Token.count' do
370 post :lost_password, :mail => 'JSmith@somenet.foo'
370 post :lost_password, :mail => 'JSmith@somenet.foo'
371 assert_redirected_to '/account/lost_password'
371 assert_redirected_to '/account/lost_password'
372 end
372 end
373 end
373 end
374
374
375 def test_lost_password_for_user_who_cannot_change_password_should_fail
375 def test_lost_password_for_user_who_cannot_change_password_should_fail
376 User.any_instance.stubs(:change_password_allowed?).returns(false)
376 User.any_instance.stubs(:change_password_allowed?).returns(false)
377
377
378 assert_no_difference 'Token.count' do
378 assert_no_difference 'Token.count' do
379 post :lost_password, :mail => 'JSmith@somenet.foo'
379 post :lost_password, :mail => 'JSmith@somenet.foo'
380 assert_response :success
380 assert_response :success
381 end
381 end
382 end
382 end
383
383
384 def test_get_lost_password_with_token_should_display_the_password_recovery_form
384 def test_get_lost_password_with_token_should_redirect_with_token_in_session
385 user = User.find(2)
385 user = User.find(2)
386 token = Token.create!(:action => 'recovery', :user => user)
386 token = Token.create!(:action => 'recovery', :user => user)
387
387
388 get :lost_password, :token => token.value
388 get :lost_password, :token => token.value
389 assert_redirected_to '/account/lost_password'
390
391 assert_equal token.value, request.session[:password_recovery_token]
392 end
393
394 def test_get_lost_password_with_token_in_session_should_display_the_password_recovery_form
395 user = User.find(2)
396 token = Token.create!(:action => 'recovery', :user => user)
397 request.session[:password_recovery_token] = token.value
398
399 get :lost_password
389 assert_response :success
400 assert_response :success
390 assert_template 'password_recovery'
401 assert_template 'password_recovery'
391
402
392 assert_select 'input[type=hidden][name=token][value=?]', token.value
403 assert_select 'input[type=hidden][name=token][value=?]', token.value
393 end
404 end
394
405
395 def test_get_lost_password_with_invalid_token_should_redirect
406 def test_get_lost_password_with_invalid_token_should_redirect
396 get :lost_password, :token => "abcdef"
407 get :lost_password, :token => "abcdef"
397 assert_redirected_to '/'
408 assert_redirected_to '/'
398 end
409 end
399
410
400 def test_post_lost_password_with_token_should_change_the_user_password
411 def test_post_lost_password_with_token_should_change_the_user_password
401 ActionMailer::Base.deliveries.clear
412 ActionMailer::Base.deliveries.clear
402 user = User.find(2)
413 user = User.find(2)
403 token = Token.create!(:action => 'recovery', :user => user)
414 token = Token.create!(:action => 'recovery', :user => user)
404
415
405 post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123'
416 post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123'
406 assert_redirected_to '/login'
417 assert_redirected_to '/login'
407 user.reload
418 user.reload
408 assert user.check_password?('newpass123')
419 assert user.check_password?('newpass123')
409 assert_nil Token.find_by_id(token.id), "Token was not deleted"
420 assert_nil Token.find_by_id(token.id), "Token was not deleted"
410 assert_not_nil (mail = ActionMailer::Base.deliveries.last)
421 assert_not_nil (mail = ActionMailer::Base.deliveries.last)
411 assert_select_email do
422 assert_select_email do
412 assert_select 'a[href^=?]', 'http://localhost:3000/my/password', :text => 'Change password'
423 assert_select 'a[href^=?]', 'http://localhost:3000/my/password', :text => 'Change password'
413 end
424 end
414 end
425 end
415
426
416 def test_post_lost_password_with_token_for_non_active_user_should_fail
427 def test_post_lost_password_with_token_for_non_active_user_should_fail
417 user = User.find(2)
428 user = User.find(2)
418 token = Token.create!(:action => 'recovery', :user => user)
429 token = Token.create!(:action => 'recovery', :user => user)
419 user.lock!
430 user.lock!
420
431
421 post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123'
432 post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123'
422 assert_redirected_to '/'
433 assert_redirected_to '/'
423 assert ! user.check_password?('newpass123')
434 assert ! user.check_password?('newpass123')
424 end
435 end
425
436
426 def test_post_lost_password_with_token_and_password_confirmation_failure_should_redisplay_the_form
437 def test_post_lost_password_with_token_and_password_confirmation_failure_should_redisplay_the_form
427 user = User.find(2)
438 user = User.find(2)
428 token = Token.create!(:action => 'recovery', :user => user)
439 token = Token.create!(:action => 'recovery', :user => user)
429
440
430 post :lost_password, :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'wrongpass'
441 post :lost_password, :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'wrongpass'
431 assert_response :success
442 assert_response :success
432 assert_template 'password_recovery'
443 assert_template 'password_recovery'
433 assert_not_nil Token.find_by_id(token.id), "Token was deleted"
444 assert_not_nil Token.find_by_id(token.id), "Token was deleted"
434
445
435 assert_select 'input[type=hidden][name=token][value=?]', token.value
446 assert_select 'input[type=hidden][name=token][value=?]', token.value
436 end
447 end
437
448
438 def test_post_lost_password_with_invalid_token_should_redirect
449 def test_post_lost_password_with_invalid_token_should_redirect
439 post :lost_password, :token => "abcdef", :new_password => 'newpass', :new_password_confirmation => 'newpass'
450 post :lost_password, :token => "abcdef", :new_password => 'newpass', :new_password_confirmation => 'newpass'
440 assert_redirected_to '/'
451 assert_redirected_to '/'
441 end
452 end
442
453
443 def test_activation_email_should_send_an_activation_email
454 def test_activation_email_should_send_an_activation_email
444 User.find(2).update_attribute :status, User::STATUS_REGISTERED
455 User.find(2).update_attribute :status, User::STATUS_REGISTERED
445 @request.session[:registered_user_id] = 2
456 @request.session[:registered_user_id] = 2
446
457
447 with_settings :self_registration => '1' do
458 with_settings :self_registration => '1' do
448 assert_difference 'ActionMailer::Base.deliveries.size' do
459 assert_difference 'ActionMailer::Base.deliveries.size' do
449 get :activation_email
460 get :activation_email
450 assert_redirected_to '/login'
461 assert_redirected_to '/login'
451 end
462 end
452 end
463 end
453 end
464 end
454
465
455 def test_activation_email_without_session_data_should_fail
466 def test_activation_email_without_session_data_should_fail
456 User.find(2).update_attribute :status, User::STATUS_REGISTERED
467 User.find(2).update_attribute :status, User::STATUS_REGISTERED
457
468
458 with_settings :self_registration => '1' do
469 with_settings :self_registration => '1' do
459 assert_no_difference 'ActionMailer::Base.deliveries.size' do
470 assert_no_difference 'ActionMailer::Base.deliveries.size' do
460 get :activation_email
471 get :activation_email
461 assert_redirected_to '/'
472 assert_redirected_to '/'
462 end
473 end
463 end
474 end
464 end
475 end
465 end
476 end
Show file before | Show file after | Hide comments
@@ -1,353 +1,356
1 # Redmine - project management software
1 # Redmine - project management software
2 # Copyright (C) 2006-2016 Jean-Philippe Lang
2 # Copyright (C) 2006-2016 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 require File.expand_path('../../test_helper', __FILE__)
18 require File.expand_path('../../test_helper', __FILE__)
19
19
20 class AccountTest < Redmine::IntegrationTest
20 class AccountTest < Redmine::IntegrationTest
21 fixtures :users, :email_addresses, :roles
21 fixtures :users, :email_addresses, :roles
22
22
23 def test_login
23 def test_login
24 get "/my/page"
24 get "/my/page"
25 assert_redirected_to "/login?back_url=http%3A%2F%2Fwww.example.com%2Fmy%2Fpage"
25 assert_redirected_to "/login?back_url=http%3A%2F%2Fwww.example.com%2Fmy%2Fpage"
26 log_user('jsmith', 'jsmith')
26 log_user('jsmith', 'jsmith')
27
27
28 get "/my/account"
28 get "/my/account"
29 assert_response :success
29 assert_response :success
30 assert_template "my/account"
30 assert_template "my/account"
31 end
31 end
32
32
33 def test_login_should_set_session_token
33 def test_login_should_set_session_token
34 assert_difference 'Token.count' do
34 assert_difference 'Token.count' do
35 log_user('jsmith', 'jsmith')
35 log_user('jsmith', 'jsmith')
36
36
37 assert_equal 2, session[:user_id]
37 assert_equal 2, session[:user_id]
38 assert_not_nil session[:tk]
38 assert_not_nil session[:tk]
39 end
39 end
40 end
40 end
41
41
42 def test_autologin
42 def test_autologin
43 user = User.find(1)
43 user = User.find(1)
44 Token.delete_all
44 Token.delete_all
45
45
46 with_settings :autologin => '7' do
46 with_settings :autologin => '7' do
47 assert_difference 'Token.count', 2 do
47 assert_difference 'Token.count', 2 do
48 # User logs in with 'autologin' checked
48 # User logs in with 'autologin' checked
49 post '/login', :username => user.login, :password => 'admin', :autologin => 1
49 post '/login', :username => user.login, :password => 'admin', :autologin => 1
50 assert_redirected_to '/my/page'
50 assert_redirected_to '/my/page'
51 end
51 end
52 token = Token.where(:action => 'autologin').order(:id => :desc).first
52 token = Token.where(:action => 'autologin').order(:id => :desc).first
53 assert_not_nil token
53 assert_not_nil token
54 assert_equal user, token.user
54 assert_equal user, token.user
55 assert_equal 'autologin', token.action
55 assert_equal 'autologin', token.action
56 assert_equal user.id, session[:user_id]
56 assert_equal user.id, session[:user_id]
57 assert_equal token.value, cookies['autologin']
57 assert_equal token.value, cookies['autologin']
58
58
59 # Session is cleared
59 # Session is cleared
60 reset!
60 reset!
61 User.current = nil
61 User.current = nil
62 # Clears user's last login timestamp
62 # Clears user's last login timestamp
63 user.update_attribute :last_login_on, nil
63 user.update_attribute :last_login_on, nil
64 assert_nil user.reload.last_login_on
64 assert_nil user.reload.last_login_on
65
65
66 # User comes back with user's autologin cookie
66 # User comes back with user's autologin cookie
67 cookies[:autologin] = token.value
67 cookies[:autologin] = token.value
68 get '/my/page'
68 get '/my/page'
69 assert_response :success
69 assert_response :success
70 assert_template 'my/page'
70 assert_template 'my/page'
71 assert_equal user.id, session[:user_id]
71 assert_equal user.id, session[:user_id]
72 assert_not_nil user.reload.last_login_on
72 assert_not_nil user.reload.last_login_on
73 end
73 end
74 end
74 end
75
75
76 def test_autologin_should_use_autologin_cookie_name
76 def test_autologin_should_use_autologin_cookie_name
77 Token.delete_all
77 Token.delete_all
78 Redmine::Configuration.stubs(:[]).with('autologin_cookie_name').returns('custom_autologin')
78 Redmine::Configuration.stubs(:[]).with('autologin_cookie_name').returns('custom_autologin')
79 Redmine::Configuration.stubs(:[]).with('autologin_cookie_path').returns('/')
79 Redmine::Configuration.stubs(:[]).with('autologin_cookie_path').returns('/')
80 Redmine::Configuration.stubs(:[]).with('autologin_cookie_secure').returns(false)
80 Redmine::Configuration.stubs(:[]).with('autologin_cookie_secure').returns(false)
81 Redmine::Configuration.stubs(:[]).with('sudo_mode_timeout').returns(15)
81 Redmine::Configuration.stubs(:[]).with('sudo_mode_timeout').returns(15)
82
82
83 with_settings :autologin => '7' do
83 with_settings :autologin => '7' do
84 assert_difference 'Token.count', 2 do
84 assert_difference 'Token.count', 2 do
85 post '/login', :username => 'admin', :password => 'admin', :autologin => 1
85 post '/login', :username => 'admin', :password => 'admin', :autologin => 1
86 assert_response 302
86 assert_response 302
87 end
87 end
88 assert cookies['custom_autologin'].present?
88 assert cookies['custom_autologin'].present?
89 token = cookies['custom_autologin']
89 token = cookies['custom_autologin']
90
90
91 # Session is cleared
91 # Session is cleared
92 reset!
92 reset!
93 cookies['custom_autologin'] = token
93 cookies['custom_autologin'] = token
94 get '/my/page'
94 get '/my/page'
95 assert_response :success
95 assert_response :success
96
96
97 assert_difference 'Token.count', -2 do
97 assert_difference 'Token.count', -2 do
98 post '/logout'
98 post '/logout'
99 end
99 end
100 assert cookies['custom_autologin'].blank?
100 assert cookies['custom_autologin'].blank?
101 end
101 end
102 end
102 end
103
103
104 def test_lost_password
104 def test_lost_password
105 Token.delete_all
105 Token.delete_all
106
106
107 get "/account/lost_password"
107 get "/account/lost_password"
108 assert_response :success
108 assert_response :success
109 assert_template "account/lost_password"
109 assert_template "account/lost_password"
110 assert_select 'input[name=mail]'
110 assert_select 'input[name=mail]'
111
111
112 post "/account/lost_password", :mail => 'jSmith@somenet.foo'
112 post "/account/lost_password", :mail => 'jSmith@somenet.foo'
113 assert_redirected_to "/login"
113 assert_redirected_to "/login"
114
114
115 token = Token.first
115 token = Token.first
116 assert_equal 'recovery', token.action
116 assert_equal 'recovery', token.action
117 assert_equal 'jsmith@somenet.foo', token.user.mail
117 assert_equal 'jsmith@somenet.foo', token.user.mail
118 assert !token.expired?
118 assert !token.expired?
119
119
120 get "/account/lost_password", :token => token.value
120 get "/account/lost_password", :token => token.value
121 assert_redirected_to '/account/lost_password'
122
123 follow_redirect!
121 assert_response :success
124 assert_response :success
122 assert_template "account/password_recovery"
125 assert_template "account/password_recovery"
123 assert_select 'input[type=hidden][name=token][value=?]', token.value
126 assert_select 'input[type=hidden][name=token][value=?]', token.value
124 assert_select 'input[name=new_password]'
127 assert_select 'input[name=new_password]'
125 assert_select 'input[name=new_password_confirmation]'
128 assert_select 'input[name=new_password_confirmation]'
126
129
127 post "/account/lost_password",
130 post "/account/lost_password",
128 :token => token.value, :new_password => 'newpass123',
131 :token => token.value, :new_password => 'newpass123',
129 :new_password_confirmation => 'newpass123'
132 :new_password_confirmation => 'newpass123'
130 assert_redirected_to "/login"
133 assert_redirected_to "/login"
131 assert_equal 'Password was successfully updated.', flash[:notice]
134 assert_equal 'Password was successfully updated.', flash[:notice]
132
135
133 log_user('jsmith', 'newpass123')
136 log_user('jsmith', 'newpass123')
134 assert_equal false, Token.exists?(token.id), "Password recovery token was not deleted"
137 assert_equal false, Token.exists?(token.id), "Password recovery token was not deleted"
135 end
138 end
136
139
137 def test_user_with_must_change_passwd_should_be_forced_to_change_its_password
140 def test_user_with_must_change_passwd_should_be_forced_to_change_its_password
138 User.find_by_login('jsmith').update_attribute :must_change_passwd, true
141 User.find_by_login('jsmith').update_attribute :must_change_passwd, true
139
142
140 post '/login', :username => 'jsmith', :password => 'jsmith'
143 post '/login', :username => 'jsmith', :password => 'jsmith'
141 assert_redirected_to '/my/page'
144 assert_redirected_to '/my/page'
142 follow_redirect!
145 follow_redirect!
143 assert_redirected_to '/my/password'
146 assert_redirected_to '/my/password'
144
147
145 get '/issues'
148 get '/issues'
146 assert_redirected_to '/my/password'
149 assert_redirected_to '/my/password'
147 end
150 end
148
151
149 def test_flash_message_should_use_user_language_when_redirecting_user_for_password_change
152 def test_flash_message_should_use_user_language_when_redirecting_user_for_password_change
150 user = User.find_by_login('jsmith')
153 user = User.find_by_login('jsmith')
151 user.must_change_passwd = true
154 user.must_change_passwd = true
152 user.language = 'it'
155 user.language = 'it'
153 user.save!
156 user.save!
154
157
155 post '/login', :username => 'jsmith', :password => 'jsmith'
158 post '/login', :username => 'jsmith', :password => 'jsmith'
156 assert_redirected_to '/my/page'
159 assert_redirected_to '/my/page'
157 follow_redirect!
160 follow_redirect!
158 assert_redirected_to '/my/password'
161 assert_redirected_to '/my/password'
159 follow_redirect!
162 follow_redirect!
160
163
161 assert_select 'div.error', :text => /richiesto che sia cambiata/
164 assert_select 'div.error', :text => /richiesto che sia cambiata/
162 end
165 end
163
166
164 def test_user_with_must_change_passwd_should_be_able_to_change_its_password
167 def test_user_with_must_change_passwd_should_be_able_to_change_its_password
165 User.find_by_login('jsmith').update_attribute :must_change_passwd, true
168 User.find_by_login('jsmith').update_attribute :must_change_passwd, true
166
169
167 post '/login', :username => 'jsmith', :password => 'jsmith'
170 post '/login', :username => 'jsmith', :password => 'jsmith'
168 assert_redirected_to '/my/page'
171 assert_redirected_to '/my/page'
169 follow_redirect!
172 follow_redirect!
170 assert_redirected_to '/my/password'
173 assert_redirected_to '/my/password'
171 follow_redirect!
174 follow_redirect!
172 assert_response :success
175 assert_response :success
173 post '/my/password', :password => 'jsmith', :new_password => 'newpassword', :new_password_confirmation => 'newpassword'
176 post '/my/password', :password => 'jsmith', :new_password => 'newpassword', :new_password_confirmation => 'newpassword'
174 assert_redirected_to '/my/account'
177 assert_redirected_to '/my/account'
175 follow_redirect!
178 follow_redirect!
176 assert_response :success
179 assert_response :success
177
180
178 assert_equal false, User.find_by_login('jsmith').must_change_passwd?
181 assert_equal false, User.find_by_login('jsmith').must_change_passwd?
179 end
182 end
180
183
181 def test_user_with_expired_password_should_be_forced_to_change_its_password
184 def test_user_with_expired_password_should_be_forced_to_change_its_password
182 User.find_by_login('jsmith').update_attribute :passwd_changed_on, 14.days.ago
185 User.find_by_login('jsmith').update_attribute :passwd_changed_on, 14.days.ago
183
186
184 with_settings :password_max_age => 7 do
187 with_settings :password_max_age => 7 do
185 post '/login', :username => 'jsmith', :password => 'jsmith'
188 post '/login', :username => 'jsmith', :password => 'jsmith'
186 assert_redirected_to '/my/page'
189 assert_redirected_to '/my/page'
187 follow_redirect!
190 follow_redirect!
188 assert_redirected_to '/my/password'
191 assert_redirected_to '/my/password'
189
192
190 get '/issues'
193 get '/issues'
191 assert_redirected_to '/my/password'
194 assert_redirected_to '/my/password'
192 end
195 end
193 end
196 end
194
197
195 def test_user_with_expired_password_should_be_able_to_change_its_password
198 def test_user_with_expired_password_should_be_able_to_change_its_password
196 User.find_by_login('jsmith').update_attribute :passwd_changed_on, 14.days.ago
199 User.find_by_login('jsmith').update_attribute :passwd_changed_on, 14.days.ago
197
200
198 with_settings :password_max_age => 7 do
201 with_settings :password_max_age => 7 do
199 post '/login', :username => 'jsmith', :password => 'jsmith'
202 post '/login', :username => 'jsmith', :password => 'jsmith'
200 assert_redirected_to '/my/page'
203 assert_redirected_to '/my/page'
201 follow_redirect!
204 follow_redirect!
202 assert_redirected_to '/my/password'
205 assert_redirected_to '/my/password'
203 follow_redirect!
206 follow_redirect!
204 assert_response :success
207 assert_response :success
205 post '/my/password', :password => 'jsmith', :new_password => 'newpassword', :new_password_confirmation => 'newpassword'
208 post '/my/password', :password => 'jsmith', :new_password => 'newpassword', :new_password_confirmation => 'newpassword'
206 assert_redirected_to '/my/account'
209 assert_redirected_to '/my/account'
207 follow_redirect!
210 follow_redirect!
208 assert_response :success
211 assert_response :success
209
212
210 assert_equal false, User.find_by_login('jsmith').must_change_passwd?
213 assert_equal false, User.find_by_login('jsmith').must_change_passwd?
211 end
214 end
212
215
213 end
216 end
214
217
215 def test_register_with_automatic_activation
218 def test_register_with_automatic_activation
216 Setting.self_registration = '3'
219 Setting.self_registration = '3'
217
220
218 get '/account/register'
221 get '/account/register'
219 assert_response :success
222 assert_response :success
220 assert_template 'account/register'
223 assert_template 'account/register'
221
224
222 post '/account/register',
225 post '/account/register',
223 :user => {:login => "newuser", :language => "en",
226 :user => {:login => "newuser", :language => "en",
224 :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",
227 :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",
225 :password => "newpass123", :password_confirmation => "newpass123"}
228 :password => "newpass123", :password_confirmation => "newpass123"}
226 assert_redirected_to '/my/account'
229 assert_redirected_to '/my/account'
227 follow_redirect!
230 follow_redirect!
228 assert_response :success
231 assert_response :success
229 assert_template 'my/account'
232 assert_template 'my/account'
230
233
231 user = User.find_by_login('newuser')
234 user = User.find_by_login('newuser')
232 assert_not_nil user
235 assert_not_nil user
233 assert user.active?
236 assert user.active?
234 assert_not_nil user.last_login_on
237 assert_not_nil user.last_login_on
235 end
238 end
236
239
237 def test_register_with_manual_activation
240 def test_register_with_manual_activation
238 Setting.self_registration = '2'
241 Setting.self_registration = '2'
239
242
240 post '/account/register',
243 post '/account/register',
241 :user => {:login => "newuser", :language => "en",
244 :user => {:login => "newuser", :language => "en",
242 :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",
245 :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",
243 :password => "newpass123", :password_confirmation => "newpass123"}
246 :password => "newpass123", :password_confirmation => "newpass123"}
244 assert_redirected_to '/login'
247 assert_redirected_to '/login'
245 assert !User.find_by_login('newuser').active?
248 assert !User.find_by_login('newuser').active?
246 end
249 end
247
250
248 def test_register_with_email_activation
251 def test_register_with_email_activation
249 Setting.self_registration = '1'
252 Setting.self_registration = '1'
250 Token.delete_all
253 Token.delete_all
251
254
252 post '/account/register',
255 post '/account/register',
253 :user => {:login => "newuser", :language => "en",
256 :user => {:login => "newuser", :language => "en",
254 :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",
257 :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",
255 :password => "newpass123", :password_confirmation => "newpass123"}
258 :password => "newpass123", :password_confirmation => "newpass123"}
256 assert_redirected_to '/login'
259 assert_redirected_to '/login'
257 assert !User.find_by_login('newuser').active?
260 assert !User.find_by_login('newuser').active?
258
261
259 token = Token.first
262 token = Token.first
260 assert_equal 'register', token.action
263 assert_equal 'register', token.action
261 assert_equal 'newuser@foo.bar', token.user.mail
264 assert_equal 'newuser@foo.bar', token.user.mail
262 assert !token.expired?
265 assert !token.expired?
263
266
264 get '/account/activate', :token => token.value
267 get '/account/activate', :token => token.value
265 assert_redirected_to '/login'
268 assert_redirected_to '/login'
266 log_user('newuser', 'newpass123')
269 log_user('newuser', 'newpass123')
267 end
270 end
268
271
269 def test_onthefly_registration
272 def test_onthefly_registration
270 # disable registration
273 # disable registration
271 Setting.self_registration = '0'
274 Setting.self_registration = '0'
272 AuthSource.expects(:authenticate).returns(
275 AuthSource.expects(:authenticate).returns(
273 {:login => 'foo', :firstname => 'Foo', :lastname => 'Smith',
276 {:login => 'foo', :firstname => 'Foo', :lastname => 'Smith',
274 :mail => 'foo@bar.com', :auth_source_id => 66})
277 :mail => 'foo@bar.com', :auth_source_id => 66})
275
278
276 post '/login', :username => 'foo', :password => 'bar'
279 post '/login', :username => 'foo', :password => 'bar'
277 assert_redirected_to '/my/page'
280 assert_redirected_to '/my/page'
278
281
279 user = User.find_by_login('foo')
282 user = User.find_by_login('foo')
280 assert user.is_a?(User)
283 assert user.is_a?(User)
281 assert_equal 66, user.auth_source_id
284 assert_equal 66, user.auth_source_id
282 assert user.hashed_password.blank?
285 assert user.hashed_password.blank?
283 end
286 end
284
287
285 def test_onthefly_registration_with_invalid_attributes
288 def test_onthefly_registration_with_invalid_attributes
286 # disable registration
289 # disable registration
287 Setting.self_registration = '0'
290 Setting.self_registration = '0'
288 AuthSource.expects(:authenticate).returns(
291 AuthSource.expects(:authenticate).returns(
289 {:login => 'foo', :lastname => 'Smith', :auth_source_id => 66})
292 {:login => 'foo', :lastname => 'Smith', :auth_source_id => 66})
290
293
291 post '/login', :username => 'foo', :password => 'bar'
294 post '/login', :username => 'foo', :password => 'bar'
292 assert_response :success
295 assert_response :success
293 assert_template 'account/register'
296 assert_template 'account/register'
294 assert_select 'input[name=?][value=""]', 'user[firstname]'
297 assert_select 'input[name=?][value=""]', 'user[firstname]'
295 assert_select 'input[name=?][value=Smith]', 'user[lastname]'
298 assert_select 'input[name=?][value=Smith]', 'user[lastname]'
296 assert_select 'input[name=?]', 'user[login]', 0
299 assert_select 'input[name=?]', 'user[login]', 0
297 assert_select 'input[name=?]', 'user[password]', 0
300 assert_select 'input[name=?]', 'user[password]', 0
298
301
299 post '/account/register',
302 post '/account/register',
300 :user => {:firstname => 'Foo', :lastname => 'Smith', :mail => 'foo@bar.com'}
303 :user => {:firstname => 'Foo', :lastname => 'Smith', :mail => 'foo@bar.com'}
301 assert_redirected_to '/my/account'
304 assert_redirected_to '/my/account'
302
305
303 user = User.find_by_login('foo')
306 user = User.find_by_login('foo')
304 assert user.is_a?(User)
307 assert user.is_a?(User)
305 assert_equal 66, user.auth_source_id
308 assert_equal 66, user.auth_source_id
306 assert user.hashed_password.blank?
309 assert user.hashed_password.blank?
307 end
310 end
308
311
309 def test_registered_user_should_be_able_to_get_a_new_activation_email
312 def test_registered_user_should_be_able_to_get_a_new_activation_email
310 Token.delete_all
313 Token.delete_all
311
314
312 with_settings :self_registration => '1', :default_language => 'en' do
315 with_settings :self_registration => '1', :default_language => 'en' do
313 # register a new account
316 # register a new account
314 assert_difference 'User.count' do
317 assert_difference 'User.count' do
315 assert_difference 'Token.count' do
318 assert_difference 'Token.count' do
316 post '/account/register',
319 post '/account/register',
317 :user => {:login => "newuser", :language => "en",
320 :user => {:login => "newuser", :language => "en",
318 :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",
321 :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",
319 :password => "newpass123", :password_confirmation => "newpass123"}
322 :password => "newpass123", :password_confirmation => "newpass123"}
320 end
323 end
321 end
324 end
322 user = User.order('id desc').first
325 user = User.order('id desc').first
323 assert_equal User::STATUS_REGISTERED, user.status
326 assert_equal User::STATUS_REGISTERED, user.status
324 reset!
327 reset!
325
328
326 # try to use "lost password"
329 # try to use "lost password"
327 assert_no_difference 'ActionMailer::Base.deliveries.size' do
330 assert_no_difference 'ActionMailer::Base.deliveries.size' do
328 post '/account/lost_password', :mail => 'newuser@foo.bar'
331 post '/account/lost_password', :mail => 'newuser@foo.bar'
329 end
332 end
330 assert_redirected_to '/account/lost_password'
333 assert_redirected_to '/account/lost_password'
331 follow_redirect!
334 follow_redirect!
332 assert_response :success
335 assert_response :success
333 assert_select 'div.flash', :text => /new activation email/
336 assert_select 'div.flash', :text => /new activation email/
334 assert_select 'div.flash a[href="/account/activation_email"]'
337 assert_select 'div.flash a[href="/account/activation_email"]'
335
338
336 # request a new action activation email
339 # request a new action activation email
337 assert_difference 'ActionMailer::Base.deliveries.size' do
340 assert_difference 'ActionMailer::Base.deliveries.size' do
338 get '/account/activation_email'
341 get '/account/activation_email'
339 end
342 end
340 assert_redirected_to '/login'
343 assert_redirected_to '/login'
341 token = Token.order('id desc').first
344 token = Token.order('id desc').first
342 activation_path = "/account/activate?token=#{token.value}"
345 activation_path = "/account/activate?token=#{token.value}"
343 assert_include activation_path, mail_body(ActionMailer::Base.deliveries.last)
346 assert_include activation_path, mail_body(ActionMailer::Base.deliveries.last)
344
347
345 # activate the account
348 # activate the account
346 get activation_path
349 get activation_path
347 assert_redirected_to '/login'
350 assert_redirected_to '/login'
348
351
349 post '/login', :username => 'newuser', :password => 'newpass123'
352 post '/login', :username => 'newuser', :password => 'newpass123'
350 assert_redirected_to '/my/page'
353 assert_redirected_to '/my/page'
351 end
354 end
352 end
355 end
353 end
356 end
General Comments 0
You need to be logged in to leave comments. Login now