jro_apps/redmine Commit - r15730:e8cffd614e4a

1

require File.expand_path('../../test_helper', __FILE__)

1

require File.expand_path('../../test_helper', __FILE__)

2

3

class SudoModeTest < Redmine::IntegrationTest

3

class SudoModeTest < Redmine::IntegrationTest

4

fixtures :projects, :members, :member_roles, :roles, :users, :email_addresses

4

fixtures :projects, :members, :member_roles, :roles, :users, :email_addresses

5

6

def setup

6

def setup

7

Redmine::SudoMode.stubs(:enabled?).returns(true)

7

Redmine::SudoMode.stubs(:enabled?).returns(true)

8

end

8

end

9

10

def teardown

11

travel_back

12

end

13

10

def test_sudo_mode_should_be_active_after_login

14

def test_sudo_mode_should_be_active_after_login

11

log_user("admin", "admin")

15

log_user("admin", "admin")

12

get "/users/new"

16

get "/users/new"

13

assert_response :success

17

assert_response :success

14

post "/users",

18

post "/users",

15

:user => { :login => "psmith", :firstname => "Paul",

19

:user => { :login => "psmith", :firstname => "Paul",

16

:lastname => "Smith", :mail => "psmith@somenet.foo",

20

:lastname => "Smith", :mail => "psmith@somenet.foo",

17

:language => "en", :password => "psmith09",

21

:language => "en", :password => "psmith09",

18

:password_confirmation => "psmith09" }

22

:password_confirmation => "psmith09" }

19

assert_response 302

23

assert_response 302

20

24

21

user = User.find_by_login("psmith")

25

user = User.find_by_login("psmith")

22

assert_kind_of User, user

26

assert_kind_of User, user

23

end

27

end

24

28

25

def test_add_user

29

def test_add_user

26

log_user("admin", "admin")

30

log_user("admin", "admin")

27

expire_sudo_mode!

31

expire_sudo_mode!

28

get "/users/new"

32

get "/users/new"

29

assert_response :success

33

assert_response :success

30

post "/users",

34

post "/users",

31

:user => { :login => "psmith", :firstname => "Paul",

35

:user => { :login => "psmith", :firstname => "Paul",

32

:lastname => "Smith", :mail => "psmith@somenet.foo",

36

:lastname => "Smith", :mail => "psmith@somenet.foo",

33

:language => "en", :password => "psmith09",

37

:language => "en", :password => "psmith09",

34

:password_confirmation => "psmith09" }

38

:password_confirmation => "psmith09" }

35

assert_response :success

39

assert_response :success

36

assert_nil User.find_by_login("psmith")

40

assert_nil User.find_by_login("psmith")

37

41

38

assert_select 'input[name=?][value=?]', 'user[login]', 'psmith'

42

assert_select 'input[name=?][value=?]', 'user[login]', 'psmith'

39

assert_select 'input[name=?][value=?]', 'user[firstname]', 'Paul'

43

assert_select 'input[name=?][value=?]', 'user[firstname]', 'Paul'

40

44

41

post "/users",

45

post "/users",

42

:user => { :login => "psmith", :firstname => "Paul",

46

:user => { :login => "psmith", :firstname => "Paul",

43

:lastname => "Smith", :mail => "psmith@somenet.foo",

47

:lastname => "Smith", :mail => "psmith@somenet.foo",

44

:language => "en", :password => "psmith09",

48

:language => "en", :password => "psmith09",

45

:password_confirmation => "psmith09" },

49

:password_confirmation => "psmith09" },

46

:sudo_password => 'admin'

50

:sudo_password => 'admin'

47

assert_response 302

51

assert_response 302

48

52

49

user = User.find_by_login("psmith")

53

user = User.find_by_login("psmith")

50

assert_kind_of User, user

54

assert_kind_of User, user

51

end

55

end

52

56

53

def test_create_member_xhr

57

def test_create_member_xhr

54

log_user 'admin', 'admin'

58

log_user 'admin', 'admin'

55

expire_sudo_mode!

59

expire_sudo_mode!

56

get '/projects/ecookbook/settings/members'

60

get '/projects/ecookbook/settings/members'

57

assert_response :success

61

assert_response :success

58

62

59

assert_no_difference 'Member.count' do

63

assert_no_difference 'Member.count' do

60

xhr :post, '/projects/ecookbook/memberships', membership: {role_ids: [1], user_id: 7}

64

xhr :post, '/projects/ecookbook/memberships', membership: {role_ids: [1], user_id: 7}

61

end

65

end

62

66

63

assert_no_difference 'Member.count' do

67

assert_no_difference 'Member.count' do

64

xhr :post, '/projects/ecookbook/memberships', membership: {role_ids: [1], user_id: 7}, sudo_password: ''

68

xhr :post, '/projects/ecookbook/memberships', membership: {role_ids: [1], user_id: 7}, sudo_password: ''

65

end

69

end

66

70

67

assert_no_difference 'Member.count' do

71

assert_no_difference 'Member.count' do

68

xhr :post, '/projects/ecookbook/memberships', membership: {role_ids: [1], user_id: 7}, sudo_password: 'wrong'

72

xhr :post, '/projects/ecookbook/memberships', membership: {role_ids: [1], user_id: 7}, sudo_password: 'wrong'

69

end

73

end

70

74

71

assert_difference 'Member.count' do

75

assert_difference 'Member.count' do

72

xhr :post, '/projects/ecookbook/memberships', membership: {role_ids: [1], user_id: 7}, sudo_password: 'admin'

76

xhr :post, '/projects/ecookbook/memberships', membership: {role_ids: [1], user_id: 7}, sudo_password: 'admin'

73

end

77

end

74

assert User.find(7).member_of?(Project.find(1))

78

assert User.find(7).member_of?(Project.find(1))

75

end

79

end

76

80

77

def test_create_member

81

def test_create_member

78

log_user 'admin', 'admin'

82

log_user 'admin', 'admin'

79

expire_sudo_mode!

83

expire_sudo_mode!

80

get '/projects/ecookbook/settings/members'

84

get '/projects/ecookbook/settings/members'

81

assert_response :success

85

assert_response :success

82

86

83

assert_no_difference 'Member.count' do

87

assert_no_difference 'Member.count' do

84

post '/projects/ecookbook/memberships', membership: {role_ids: [1], user_id: 7}

88

post '/projects/ecookbook/memberships', membership: {role_ids: [1], user_id: 7}

85

end

89

end

86

90

87

assert_no_difference 'Member.count' do

91

assert_no_difference 'Member.count' do

88

post '/projects/ecookbook/memberships', membership: {role_ids: [1], user_id: 7}, sudo_password: ''

92

post '/projects/ecookbook/memberships', membership: {role_ids: [1], user_id: 7}, sudo_password: ''

89

end

93

end

90

94

91

assert_no_difference 'Member.count' do

95

assert_no_difference 'Member.count' do

92

post '/projects/ecookbook/memberships', membership: {role_ids: [1], user_id: 7}, sudo_password: 'wrong'

96

post '/projects/ecookbook/memberships', membership: {role_ids: [1], user_id: 7}, sudo_password: 'wrong'

93

end

97

end

94

98

95

assert_difference 'Member.count' do

99

assert_difference 'Member.count' do

96

post '/projects/ecookbook/memberships', membership: {role_ids: [1], user_id: 7}, sudo_password: 'admin'

100

post '/projects/ecookbook/memberships', membership: {role_ids: [1], user_id: 7}, sudo_password: 'admin'

97

end

101

end

98

102

99

assert_redirected_to '/projects/ecookbook/settings/members'

103

assert_redirected_to '/projects/ecookbook/settings/members'

100

assert User.find(7).member_of?(Project.find(1))

104

assert User.find(7).member_of?(Project.find(1))

101

end

105

end

102

106

103

def test_create_role

107

def test_create_role

104

log_user 'admin', 'admin'

108

log_user 'admin', 'admin'

105

expire_sudo_mode!

109

expire_sudo_mode!

106

get '/roles'

110

get '/roles'

107

assert_response :success

111

assert_response :success

108

112

109

get '/roles/new'

113

get '/roles/new'

110

assert_response :success

114

assert_response :success

111

115

112

post '/roles', role: { }

116

post '/roles', role: { }

113

assert_response :success

117

assert_response :success

114

assert_select 'h2', 'Confirm your password to continue'

118

assert_select 'h2', 'Confirm your password to continue'

115

assert_select 'form[action="/roles"]'

119

assert_select 'form[action="/roles"]'

116

assert_select '#flash_error', 0

120

assert_select '#flash_error', 0

117

121

118

post '/roles', role: { name: 'new role', issues_visibility: 'all' }

122

post '/roles', role: { name: 'new role', issues_visibility: 'all' }

119

assert_response :success

123

assert_response :success

120

assert_select 'h2', 'Confirm your password to continue'

124

assert_select 'h2', 'Confirm your password to continue'

121

assert_select 'form[action="/roles"]'

125

assert_select 'form[action="/roles"]'

122

assert_select 'input[type=hidden][name=?][value=?]', 'role[name]', 'new role'

126

assert_select 'input[type=hidden][name=?][value=?]', 'role[name]', 'new role'

123

assert_select '#flash_error', 0

127

assert_select '#flash_error', 0

124

128

125

post '/roles', role: { name: 'new role', issues_visibility: 'all' }, sudo_password: 'wrong'

129

post '/roles', role: { name: 'new role', issues_visibility: 'all' }, sudo_password: 'wrong'

126

assert_response :success

130

assert_response :success

127

assert_select 'h2', 'Confirm your password to continue'

131

assert_select 'h2', 'Confirm your password to continue'

128

assert_select 'form[action="/roles"]'

132

assert_select 'form[action="/roles"]'

129

assert_select 'input[type=hidden][name=?][value=?]', 'role[name]', 'new role'

133

assert_select 'input[type=hidden][name=?][value=?]', 'role[name]', 'new role'

130

assert_select '#flash_error'

134

assert_select '#flash_error'

131

135

132

assert_difference 'Role.count' do

136

assert_difference 'Role.count' do

133

post '/roles', role: { name: 'new role', issues_visibility: 'all', assignable: '1', permissions: %w(view_calendar) }, sudo_password: 'admin'

137

post '/roles', role: { name: 'new role', issues_visibility: 'all', assignable: '1', permissions: %w(view_calendar) }, sudo_password: 'admin'

134

end

138

end

135

assert_redirected_to '/roles'

139

assert_redirected_to '/roles'

136

end

140

end

137

141

138

def test_update_email_address

142

def test_update_email_address

139

log_user 'jsmith', 'jsmith'

143

log_user 'jsmith', 'jsmith'

140

expire_sudo_mode!

144

expire_sudo_mode!

141

get '/my/account'

145

get '/my/account'

142

assert_response :success

146

assert_response :success

143

post '/my/account', user: { mail: 'newmail@test.com' }

147

post '/my/account', user: { mail: 'newmail@test.com' }

144

assert_response :success

148

assert_response :success

145

assert_select 'h2', 'Confirm your password to continue'

149

assert_select 'h2', 'Confirm your password to continue'

146

assert_select 'form[action="/my/account"]'

150

assert_select 'form[action="/my/account"]'

147

assert_select 'input[type=hidden][name=?][value=?]', 'user[mail]', 'newmail@test.com'

151

assert_select 'input[type=hidden][name=?][value=?]', 'user[mail]', 'newmail@test.com'

148

assert_select '#flash_error', 0

152

assert_select '#flash_error', 0

149

153

150

# wrong password

154

# wrong password

151

post '/my/account', user: { mail: 'newmail@test.com' }, sudo_password: 'wrong'

155

post '/my/account', user: { mail: 'newmail@test.com' }, sudo_password: 'wrong'

152

assert_response :success

156

assert_response :success

153

assert_select 'h2', 'Confirm your password to continue'

157

assert_select 'h2', 'Confirm your password to continue'

154

assert_select 'form[action="/my/account"]'

158

assert_select 'form[action="/my/account"]'

155

assert_select 'input[type=hidden][name=?][value=?]', 'user[mail]', 'newmail@test.com'

159

assert_select 'input[type=hidden][name=?][value=?]', 'user[mail]', 'newmail@test.com'

156

assert_select '#flash_error'

160

assert_select '#flash_error'

157

161

158

# correct password

162

# correct password

159

post '/my/account', user: { mail: 'newmail@test.com' }, sudo_password: 'jsmith'

163

post '/my/account', user: { mail: 'newmail@test.com' }, sudo_password: 'jsmith'

160

assert_redirected_to '/my/account'

164

assert_redirected_to '/my/account'

161

assert_equal 'newmail@test.com', User.find_by_login('jsmith').mail

165

assert_equal 'newmail@test.com', User.find_by_login('jsmith').mail

162

166

163

# sudo mode should now be active and not require password again

167

# sudo mode should now be active and not require password again

164

post '/my/account', user: { mail: 'even.newer.mail@test.com' }

168

post '/my/account', user: { mail: 'even.newer.mail@test.com' }

165

assert_redirected_to '/my/account'

169

assert_redirected_to '/my/account'

166

assert_equal 'even.newer.mail@test.com', User.find_by_login('jsmith').mail

170

assert_equal 'even.newer.mail@test.com', User.find_by_login('jsmith').mail

167

end

171

end

168

172

169

def test_sudo_mode_should_skip_api_requests

173

def test_sudo_mode_should_skip_api_requests

170

with_settings :rest_api_enabled => '1' do

174

with_settings :rest_api_enabled => '1' do

171

assert_difference('User.count') do

175

assert_difference('User.count') do

172

post '/users.json', {

176

post '/users.json', {

173

:user => {

177

:user => {

174

:login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname',

178

:login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname',

175

:mail => 'foo@example.net', :password => 'secret123',

179

:mail => 'foo@example.net', :password => 'secret123',

176

:mail_notification => 'only_assigned'}

180

:mail_notification => 'only_assigned'}

177

},

181

},

178

credentials('admin')

182

credentials('admin')

179

183

180

assert_response :created

184

assert_response :created

181

end

185

end

182

end

186

end

183

end

187

end

184

188

185

private

189

private

186

190

187

# sudo mode is active after sign, let it expire by advancing the time

191

# sudo mode is active after sign, let it expire by advancing the time

188

def expire_sudo_mode!

192

def expire_sudo_mode!

189

travel_to 20.minutes.from_now

193

travel_to 20.minutes.from_now

190

end

194

end

191

end

195

end

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             require File.expand_path('../../test_helper', __FILE__)
             class SudoModeTest < Redmine::IntegrationTest
               fixtures :projects, :members, :member_roles, :roles, :users, :email_addresses
               def setup
                 Redmine::SudoMode.stubs(:enabled?).returns(true)
               end
+              def teardown
+                travel_back
+              end
               def test_sudo_mode_should_be_active_after_login
                 log_user("admin", "admin")
                 get "/users/new"
                 assert_response :success
                 post "/users",
                      :user => { :login => "psmith", :firstname => "Paul",
                                 :lastname => "Smith", :mail => "psmith@somenet.foo",
                                 :language => "en", :password => "psmith09",
                                 :password_confirmation => "psmith09" }
                 assert_response 302
                 user = User.find_by_login("psmith")
                 assert_kind_of User, user
               end
               def test_add_user
                 log_user("admin", "admin")
                 expire_sudo_mode!
                 get "/users/new"
                 assert_response :success
                 post "/users",
                      :user => { :login => "psmith", :firstname => "Paul",
                                 :lastname => "Smith", :mail => "psmith@somenet.foo",
                                 :language => "en", :password => "psmith09",
                                 :password_confirmation => "psmith09" }
                 assert_response :success
                 assert_nil User.find_by_login("psmith")
                 assert_select 'input[name=?][value=?]', 'user[login]', 'psmith'
                 assert_select 'input[name=?][value=?]', 'user[firstname]', 'Paul'
                 post "/users",
                      :user => { :login => "psmith", :firstname => "Paul",
                                 :lastname => "Smith", :mail => "psmith@somenet.foo",
                                 :language => "en", :password => "psmith09",
                                 :password_confirmation => "psmith09" },
                      :sudo_password => 'admin'
                 assert_response 302
                 user = User.find_by_login("psmith")
                 assert_kind_of User, user
               end
               def test_create_member_xhr
                 log_user 'admin', 'admin'
                 expire_sudo_mode!
                 get '/projects/ecookbook/settings/members'
                 assert_response :success
                 assert_no_difference 'Member.count' do
                   xhr :post, '/projects/ecookbook/memberships', membership: {role_ids: [1], user_id: 7}
                 end
                 assert_no_difference 'Member.count' do
                   xhr :post, '/projects/ecookbook/memberships', membership: {role_ids: [1], user_id: 7}, sudo_password: ''
                 end
                 assert_no_difference 'Member.count' do
                   xhr :post, '/projects/ecookbook/memberships', membership: {role_ids: [1], user_id: 7}, sudo_password: 'wrong'
                 end
                 assert_difference 'Member.count' do
                   xhr :post, '/projects/ecookbook/memberships', membership: {role_ids: [1], user_id: 7}, sudo_password: 'admin'
                 end
                 assert User.find(7).member_of?(Project.find(1))
               end
               def test_create_member
                 log_user 'admin', 'admin'
                 expire_sudo_mode!
                 get '/projects/ecookbook/settings/members'
                 assert_response :success
                 assert_no_difference 'Member.count' do
                   post '/projects/ecookbook/memberships', membership: {role_ids: [1], user_id: 7}
                 end
                 assert_no_difference 'Member.count' do
                   post '/projects/ecookbook/memberships', membership: {role_ids: [1], user_id: 7}, sudo_password: ''
                 end
                 assert_no_difference 'Member.count' do
                   post '/projects/ecookbook/memberships', membership: {role_ids: [1], user_id: 7}, sudo_password: 'wrong'
                 end
                 assert_difference 'Member.count' do
                   post '/projects/ecookbook/memberships', membership: {role_ids: [1], user_id: 7}, sudo_password: 'admin'
                 end
                 assert_redirected_to '/projects/ecookbook/settings/members'
                 assert User.find(7).member_of?(Project.find(1))
               end
               def test_create_role
                 log_user 'admin', 'admin'
                 expire_sudo_mode!
                 get '/roles'
                 assert_response :success
                 get '/roles/new'
                 assert_response :success
                 post '/roles', role: { }
                 assert_response :success
                 assert_select 'h2', 'Confirm your password to continue'
                 assert_select 'form[action="/roles"]'
                 assert_select '#flash_error', 0
                 post '/roles', role: { name: 'new role', issues_visibility: 'all' }
                 assert_response :success
                 assert_select 'h2', 'Confirm your password to continue'
                 assert_select 'form[action="/roles"]'
                 assert_select 'input[type=hidden][name=?][value=?]', 'role[name]', 'new role'
                 assert_select '#flash_error', 0
                 post '/roles', role: { name: 'new role', issues_visibility: 'all' }, sudo_password: 'wrong'
                 assert_response :success
                 assert_select 'h2', 'Confirm your password to continue'
                 assert_select 'form[action="/roles"]'
                 assert_select 'input[type=hidden][name=?][value=?]', 'role[name]', 'new role'
                 assert_select '#flash_error'
                 assert_difference 'Role.count' do
                   post '/roles', role: { name: 'new role', issues_visibility: 'all', assignable: '1', permissions: %w(view_calendar) }, sudo_password: 'admin'
                 end
                 assert_redirected_to '/roles'
               end
               def test_update_email_address
                 log_user 'jsmith', 'jsmith'
                 expire_sudo_mode!
                 get '/my/account'
                 assert_response :success
                 post '/my/account', user: { mail: 'newmail@test.com' }
                 assert_response :success
                 assert_select 'h2', 'Confirm your password to continue'
                 assert_select 'form[action="/my/account"]'
                 assert_select 'input[type=hidden][name=?][value=?]', 'user[mail]', 'newmail@test.com'
                 assert_select '#flash_error', 0
                 # wrong password
                 post '/my/account', user: { mail: 'newmail@test.com' }, sudo_password: 'wrong'
                 assert_response :success
                 assert_select 'h2', 'Confirm your password to continue'
                 assert_select 'form[action="/my/account"]'
                 assert_select 'input[type=hidden][name=?][value=?]', 'user[mail]', 'newmail@test.com'
                 assert_select '#flash_error'
                 # correct password
                 post '/my/account', user: { mail: 'newmail@test.com' }, sudo_password: 'jsmith'
                 assert_redirected_to '/my/account'
                 assert_equal 'newmail@test.com', User.find_by_login('jsmith').mail
                 # sudo mode should now be active and not require password again
                 post '/my/account', user: { mail: 'even.newer.mail@test.com' }
                 assert_redirected_to '/my/account'
                 assert_equal 'even.newer.mail@test.com', User.find_by_login('jsmith').mail
               end
               def test_sudo_mode_should_skip_api_requests
                 with_settings :rest_api_enabled => '1' do
                   assert_difference('User.count') do
                     post '/users.json', {
                       :user => {
                         :login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname',
                         :mail => 'foo@example.net', :password => 'secret123',
                         :mail_notification => 'only_assigned'}
                       },
                       credentials('admin')
                     assert_response :created
                   end
                 end
               end
               private
               # sudo mode is active after sign, let it expire by advancing the time
               def expire_sudo_mode!
                 travel_to 20.minutes.from_now
               end
             end