Mercurial > hg > soundsoftware-site

annotate test/unit/user_test.rb @ 36:de76cd3e8c8e cc-branches

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
* Probably abortive experiments in extracting the branch from Hg
author Chris Cannam <chris.cannam@soundsoftware.ac.uk>
date Wed, 20 Oct 2010 10:07:29 +0100
parents 40f7cfd4df19
children 94944d00e43c
rev   line source
Chris@0 1 # redMine - project management software
Chris@0 2 # Copyright (C) 2006 Jean-Philippe Lang
Chris@0 3 #
Chris@0 4 # This program is free software; you can redistribute it and/or
Chris@0 5 # modify it under the terms of the GNU General Public License
Chris@0 6 # as published by the Free Software Foundation; either version 2
Chris@0 7 # of the License, or (at your option) any later version.
Chris@0 8 #
Chris@0 9 # This program is distributed in the hope that it will be useful,
Chris@0 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
Chris@0 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
Chris@0 12 # GNU General Public License for more details.
Chris@0 13 #
Chris@0 14 # You should have received a copy of the GNU General Public License
Chris@0 15 # along with this program; if not, write to the Free Software
Chris@0 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
Chris@0 17
Chris@0 18 require File.dirname(__FILE__) + '/../test_helper'
Chris@0 19
Chris@0 20 class UserTest < ActiveSupport::TestCase
Chris@0 21 fixtures :users, :members, :projects, :roles, :member_roles, :auth_sources
Chris@0 22
Chris@0 23 def setup
Chris@0 24 @admin = User.find(1)
Chris@0 25 @jsmith = User.find(2)
Chris@0 26 @dlopper = User.find(3)
Chris@0 27 end
Chris@0 28
Chris@0 29 test 'object_daddy creation' do
Chris@0 30 User.generate_with_protected!(:firstname => 'Testing connection')
Chris@0 31 User.generate_with_protected!(:firstname => 'Testing connection')
Chris@0 32 assert_equal 2, User.count(:all, :conditions => {:firstname => 'Testing connection'})
Chris@0 33 end
Chris@0 34
Chris@0 35 def test_truth
Chris@0 36 assert_kind_of User, @jsmith
Chris@0 37 end
Chris@1 38
Chris@1 39 def test_mail_should_be_stripped
Chris@1 40 u = User.new
Chris@1 41 u.mail = " foo@bar.com "
Chris@1 42 assert_equal "foo@bar.com", u.mail
Chris@1 43 end
Chris@0 44
Chris@0 45 def test_create
Chris@0 46 user = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
Chris@0 47
Chris@0 48 user.login = "jsmith"
Chris@0 49 user.password, user.password_confirmation = "password", "password"
Chris@0 50 # login uniqueness
Chris@0 51 assert !user.save
Chris@0 52 assert_equal 1, user.errors.count
Chris@0 53
Chris@0 54 user.login = "newuser"
Chris@0 55 user.password, user.password_confirmation = "passwd", "password"
Chris@0 56 # password confirmation
Chris@0 57 assert !user.save
Chris@0 58 assert_equal 1, user.errors.count
Chris@0 59
Chris@0 60 user.password, user.password_confirmation = "password", "password"
Chris@0 61 assert user.save
Chris@0 62 end
Chris@0 63
Chris@0 64 context "User.login" do
Chris@0 65 should "be case-insensitive." do
Chris@0 66 u = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
Chris@0 67 u.login = 'newuser'
Chris@0 68 u.password, u.password_confirmation = "password", "password"
Chris@0 69 assert u.save
Chris@0 70
Chris@0 71 u = User.new(:firstname => "Similar", :lastname => "User", :mail => "similaruser@somenet.foo")
Chris@0 72 u.login = 'NewUser'
Chris@0 73 u.password, u.password_confirmation = "password", "password"
Chris@0 74 assert !u.save
Chris@0 75 assert_equal I18n.translate('activerecord.errors.messages.taken'), u.errors.on(:login)
Chris@0 76 end
Chris@0 77 end
Chris@0 78
Chris@0 79 def test_mail_uniqueness_should_not_be_case_sensitive
Chris@0 80 u = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
Chris@0 81 u.login = 'newuser1'
Chris@0 82 u.password, u.password_confirmation = "password", "password"
Chris@0 83 assert u.save
Chris@0 84
Chris@0 85 u = User.new(:firstname => "new", :lastname => "user", :mail => "newUser@Somenet.foo")
Chris@0 86 u.login = 'newuser2'
Chris@0 87 u.password, u.password_confirmation = "password", "password"
Chris@0 88 assert !u.save
Chris@0 89 assert_equal I18n.translate('activerecord.errors.messages.taken'), u.errors.on(:mail)
Chris@0 90 end
Chris@0 91
Chris@0 92 def test_update
Chris@0 93 assert_equal "admin", @admin.login
Chris@0 94 @admin.login = "john"
Chris@0 95 assert @admin.save, @admin.errors.full_messages.join("; ")
Chris@0 96 @admin.reload
Chris@0 97 assert_equal "john", @admin.login
Chris@0 98 end
Chris@0 99
Chris@0 100 def test_destroy
Chris@0 101 User.find(2).destroy
Chris@0 102 assert_nil User.find_by_id(2)
Chris@0 103 assert Member.find_all_by_user_id(2).empty?
Chris@0 104 end
Chris@0 105
Chris@0 106 def test_validate
Chris@0 107 @admin.login = ""
Chris@0 108 assert !@admin.save
Chris@0 109 assert_equal 1, @admin.errors.count
Chris@0 110 end
Chris@0 111
Chris@0 112 context "User#try_to_login" do
Chris@0 113 should "fall-back to case-insensitive if user login is not found as-typed." do
Chris@0 114 user = User.try_to_login("AdMin", "admin")
Chris@0 115 assert_kind_of User, user
Chris@0 116 assert_equal "admin", user.login
Chris@0 117 end
Chris@0 118
Chris@0 119 should "select the exact matching user first" do
Chris@0 120 case_sensitive_user = User.generate_with_protected!(:login => 'changed', :password => 'admin', :password_confirmation => 'admin')
Chris@0 121 # bypass validations to make it appear like existing data
Chris@0 122 case_sensitive_user.update_attribute(:login, 'ADMIN')
Chris@0 123
Chris@0 124 user = User.try_to_login("ADMIN", "admin")
Chris@0 125 assert_kind_of User, user
Chris@0 126 assert_equal "ADMIN", user.login
Chris@0 127
Chris@0 128 end
Chris@0 129 end
Chris@0 130
Chris@0 131 def test_password
Chris@0 132 user = User.try_to_login("admin", "admin")
Chris@0 133 assert_kind_of User, user
Chris@0 134 assert_equal "admin", user.login
Chris@0 135 user.password = "hello"
Chris@0 136 assert user.save
Chris@0 137
Chris@0 138 user = User.try_to_login("admin", "hello")
Chris@0 139 assert_kind_of User, user
Chris@0 140 assert_equal "admin", user.login
Chris@0 141 assert_equal User.hash_password("hello"), user.hashed_password
Chris@0 142 end
Chris@0 143
Chris@0 144 def test_name_format
Chris@0 145 assert_equal 'Smith, John', @jsmith.name(:lastname_coma_firstname)
Chris@0 146 Setting.user_format = :firstname_lastname
Chris@0 147 assert_equal 'John Smith', @jsmith.reload.name
Chris@0 148 Setting.user_format = :username
Chris@0 149 assert_equal 'jsmith', @jsmith.reload.name
Chris@0 150 end
Chris@0 151
Chris@0 152 def test_lock
Chris@0 153 user = User.try_to_login("jsmith", "jsmith")
Chris@0 154 assert_equal @jsmith, user
Chris@0 155
Chris@0 156 @jsmith.status = User::STATUS_LOCKED
Chris@0 157 assert @jsmith.save
Chris@0 158
Chris@0 159 user = User.try_to_login("jsmith", "jsmith")
Chris@0 160 assert_equal nil, user
Chris@0 161 end
Chris@0 162
Chris@0 163 if ldap_configured?
Chris@0 164 context "#try_to_login using LDAP" do
Chris@0 165 context "with failed connection to the LDAP server" do
Chris@0 166 should "return nil" do
Chris@0 167 @auth_source = AuthSourceLdap.find(1)
Chris@0 168 AuthSource.any_instance.stubs(:initialize_ldap_con).raises(Net::LDAP::LdapError, 'Cannot connect')
Chris@0 169
Chris@0 170 assert_equal nil, User.try_to_login('edavis', 'wrong')
Chris@0 171 end
Chris@0 172 end
Chris@0 173
Chris@0 174 context "with an unsuccessful authentication" do
Chris@0 175 should "return nil" do
Chris@0 176 assert_equal nil, User.try_to_login('edavis', 'wrong')
Chris@0 177 end
Chris@0 178 end
Chris@0 179
Chris@0 180 context "on the fly registration" do
Chris@0 181 setup do
Chris@0 182 @auth_source = AuthSourceLdap.find(1)
Chris@0 183 end
Chris@0 184
Chris@0 185 context "with a successful authentication" do
Chris@0 186 should "create a new user account if it doesn't exist" do
Chris@0 187 assert_difference('User.count') do
Chris@0 188 user = User.try_to_login('edavis', '123456')
Chris@0 189 assert !user.admin?
Chris@0 190 end
Chris@0 191 end
Chris@0 192
Chris@0 193 should "retrieve existing user" do
Chris@0 194 user = User.try_to_login('edavis', '123456')
Chris@0 195 user.admin = true
Chris@0 196 user.save!
Chris@0 197
Chris@0 198 assert_no_difference('User.count') do
Chris@0 199 user = User.try_to_login('edavis', '123456')
Chris@0 200 assert user.admin?
Chris@0 201 end
Chris@0 202 end
Chris@0 203 end
Chris@0 204 end
Chris@0 205 end
Chris@0 206
Chris@0 207 else
Chris@0 208 puts "Skipping LDAP tests."
Chris@0 209 end
Chris@0 210
Chris@0 211 def test_create_anonymous
Chris@0 212 AnonymousUser.delete_all
Chris@0 213 anon = User.anonymous
Chris@0 214 assert !anon.new_record?
Chris@0 215 assert_kind_of AnonymousUser, anon
Chris@0 216 end
Chris@0 217
Chris@0 218 should_have_one :rss_token
Chris@0 219
Chris@0 220 def test_rss_key
Chris@0 221 assert_nil @jsmith.rss_token
Chris@0 222 key = @jsmith.rss_key
Chris@0 223 assert_equal 40, key.length
Chris@0 224
Chris@0 225 @jsmith.reload
Chris@0 226 assert_equal key, @jsmith.rss_key
Chris@0 227 end
Chris@0 228
Chris@0 229
Chris@0 230 should_have_one :api_token
Chris@0 231
Chris@0 232 context "User#api_key" do
Chris@0 233 should "generate a new one if the user doesn't have one" do
Chris@0 234 user = User.generate_with_protected!(:api_token => nil)
Chris@0 235 assert_nil user.api_token
Chris@0 236
Chris@0 237 key = user.api_key
Chris@0 238 assert_equal 40, key.length
Chris@0 239 user.reload
Chris@0 240 assert_equal key, user.api_key
Chris@0 241 end
Chris@0 242
Chris@0 243 should "return the existing api token value" do
Chris@0 244 user = User.generate_with_protected!
Chris@0 245 token = Token.generate!(:action => 'api')
Chris@0 246 user.api_token = token
Chris@0 247 assert user.save
Chris@0 248
Chris@0 249 assert_equal token.value, user.api_key
Chris@0 250 end
Chris@0 251 end
Chris@0 252
Chris@0 253 context "User#find_by_api_key" do
Chris@0 254 should "return nil if no matching key is found" do
Chris@0 255 assert_nil User.find_by_api_key('zzzzzzzzz')
Chris@0 256 end
Chris@0 257
Chris@0 258 should "return nil if the key is found for an inactive user" do
Chris@0 259 user = User.generate_with_protected!(:status => User::STATUS_LOCKED)
Chris@0 260 token = Token.generate!(:action => 'api')
Chris@0 261 user.api_token = token
Chris@0 262 user.save
Chris@0 263
Chris@0 264 assert_nil User.find_by_api_key(token.value)
Chris@0 265 end
Chris@0 266
Chris@0 267 should "return the user if the key is found for an active user" do
Chris@0 268 user = User.generate_with_protected!(:status => User::STATUS_ACTIVE)
Chris@0 269 token = Token.generate!(:action => 'api')
Chris@0 270 user.api_token = token
Chris@0 271 user.save
Chris@0 272
Chris@0 273 assert_equal user, User.find_by_api_key(token.value)
Chris@0 274 end
Chris@0 275 end
Chris@0 276
Chris@0 277 def test_roles_for_project
Chris@0 278 # user with a role
Chris@0 279 roles = @jsmith.roles_for_project(Project.find(1))
Chris@0 280 assert_kind_of Role, roles.first
Chris@0 281 assert_equal "Manager", roles.first.name
Chris@0 282
Chris@0 283 # user with no role
Chris@0 284 assert_nil @dlopper.roles_for_project(Project.find(2)).detect {|role| role.member?}
Chris@0 285 end
Chris@0 286
Chris@0 287 def test_mail_notification_all
Chris@0 288 @jsmith.mail_notification = true
Chris@0 289 @jsmith.notified_project_ids = []
Chris@0 290 @jsmith.save
Chris@0 291 @jsmith.reload
Chris@0 292 assert @jsmith.projects.first.recipients.include?(@jsmith.mail)
Chris@0 293 end
Chris@0 294
Chris@0 295 def test_mail_notification_selected
Chris@0 296 @jsmith.mail_notification = false
Chris@0 297 @jsmith.notified_project_ids = [1]
Chris@0 298 @jsmith.save
Chris@0 299 @jsmith.reload
Chris@0 300 assert Project.find(1).recipients.include?(@jsmith.mail)
Chris@0 301 end
Chris@0 302
Chris@0 303 def test_mail_notification_none
Chris@0 304 @jsmith.mail_notification = false
Chris@0 305 @jsmith.notified_project_ids = []
Chris@0 306 @jsmith.save
Chris@0 307 @jsmith.reload
Chris@0 308 assert !@jsmith.projects.first.recipients.include?(@jsmith.mail)
Chris@0 309 end
Chris@0 310
Chris@0 311 def test_comments_sorting_preference
Chris@0 312 assert !@jsmith.wants_comments_in_reverse_order?
Chris@0 313 @jsmith.pref.comments_sorting = 'asc'
Chris@0 314 assert !@jsmith.wants_comments_in_reverse_order?
Chris@0 315 @jsmith.pref.comments_sorting = 'desc'
Chris@0 316 assert @jsmith.wants_comments_in_reverse_order?
Chris@0 317 end
Chris@0 318
Chris@0 319 def test_find_by_mail_should_be_case_insensitive
Chris@0 320 u = User.find_by_mail('JSmith@somenet.foo')
Chris@0 321 assert_not_nil u
Chris@0 322 assert_equal 'jsmith@somenet.foo', u.mail
Chris@0 323 end
Chris@0 324
Chris@0 325 def test_random_password
Chris@0 326 u = User.new
Chris@0 327 u.random_password
Chris@0 328 assert !u.password.blank?
Chris@0 329 assert !u.password_confirmation.blank?
Chris@0 330 end
Chris@0 331
Chris@0 332 context "#change_password_allowed?" do
Chris@0 333 should "be allowed if no auth source is set" do
Chris@0 334 user = User.generate_with_protected!
Chris@0 335 assert user.change_password_allowed?
Chris@0 336 end
Chris@0 337
Chris@0 338 should "delegate to the auth source" do
Chris@0 339 user = User.generate_with_protected!
Chris@0 340
Chris@0 341 allowed_auth_source = AuthSource.generate!
Chris@0 342 def allowed_auth_source.allow_password_changes?; true; end
Chris@0 343
Chris@0 344 denied_auth_source = AuthSource.generate!
Chris@0 345 def denied_auth_source.allow_password_changes?; false; end
Chris@0 346
Chris@0 347 assert user.change_password_allowed?
Chris@0 348
Chris@0 349 user.auth_source = allowed_auth_source
Chris@0 350 assert user.change_password_allowed?, "User not allowed to change password, though auth source does"
Chris@0 351
Chris@0 352 user.auth_source = denied_auth_source
Chris@0 353 assert !user.change_password_allowed?, "User allowed to change password, though auth source does not"
Chris@0 354 end
Chris@0 355
Chris@0 356 end
Chris@0 357
chris@22 358 context "#allowed_to?" do
chris@22 359 context "with a unique project" do
chris@22 360 should "return false if project is archived" do
chris@22 361 project = Project.find(1)
chris@22 362 Project.any_instance.stubs(:status).returns(Project::STATUS_ARCHIVED)
chris@22 363 assert ! @admin.allowed_to?(:view_issues, Project.find(1))
chris@22 364 end
chris@22 365
chris@22 366 should "return false if related module is disabled" do
chris@22 367 project = Project.find(1)
chris@22 368 project.enabled_module_names = ["issue_tracking"]
chris@22 369 assert @admin.allowed_to?(:add_issues, project)
chris@22 370 assert ! @admin.allowed_to?(:view_wiki_pages, project)
chris@22 371 end
chris@22 372
chris@22 373 should "authorize nearly everything for admin users" do
chris@22 374 project = Project.find(1)
chris@22 375 assert ! @admin.member_of?(project)
chris@22 376 %w(edit_issues delete_issues manage_news manage_documents manage_wiki).each do |p|
chris@22 377 assert @admin.allowed_to?(p.to_sym, project)
chris@22 378 end
chris@22 379 end
chris@22 380
chris@22 381 should "authorize normal users depending on their roles" do
chris@22 382 project = Project.find(1)
chris@22 383 assert @jsmith.allowed_to?(:delete_messages, project) #Manager
chris@22 384 assert ! @dlopper.allowed_to?(:delete_messages, project) #Developper
chris@22 385 end
chris@22 386 end
chris@22 387
chris@22 388 context "with options[:global]" do
chris@22 389 should "authorize if user has at least one role that has this permission" do
chris@22 390 @dlopper2 = User.find(5) #only Developper on a project, not Manager anywhere
chris@22 391 @anonymous = User.find(6)
chris@22 392 assert @jsmith.allowed_to?(:delete_issue_watchers, nil, :global => true)
chris@22 393 assert ! @dlopper2.allowed_to?(:delete_issue_watchers, nil, :global => true)
chris@22 394 assert @dlopper2.allowed_to?(:add_issues, nil, :global => true)
chris@22 395 assert ! @anonymous.allowed_to?(:add_issues, nil, :global => true)
chris@22 396 assert @anonymous.allowed_to?(:view_issues, nil, :global => true)
chris@22 397 end
chris@22 398 end
chris@22 399 end
chris@22 400
Chris@0 401 if Object.const_defined?(:OpenID)
Chris@0 402
Chris@0 403 def test_setting_identity_url
Chris@0 404 normalized_open_id_url = 'http://example.com/'
Chris@0 405 u = User.new( :identity_url => 'http://example.com/' )
Chris@0 406 assert_equal normalized_open_id_url, u.identity_url
Chris@0 407 end
Chris@0 408
Chris@0 409 def test_setting_identity_url_without_trailing_slash
Chris@0 410 normalized_open_id_url = 'http://example.com/'
Chris@0 411 u = User.new( :identity_url => 'http://example.com' )
Chris@0 412 assert_equal normalized_open_id_url, u.identity_url
Chris@0 413 end
Chris@0 414
Chris@0 415 def test_setting_identity_url_without_protocol
Chris@0 416 normalized_open_id_url = 'http://example.com/'
Chris@0 417 u = User.new( :identity_url => 'example.com' )
Chris@0 418 assert_equal normalized_open_id_url, u.identity_url
Chris@0 419 end
Chris@0 420
Chris@0 421 def test_setting_blank_identity_url
Chris@0 422 u = User.new( :identity_url => 'example.com' )
Chris@0 423 u.identity_url = ''
Chris@0 424 assert u.identity_url.blank?
Chris@0 425 end
Chris@0 426
Chris@0 427 def test_setting_invalid_identity_url
Chris@0 428 u = User.new( :identity_url => 'this is not an openid url' )
Chris@0 429 assert u.identity_url.blank?
Chris@0 430 end
Chris@0 431
Chris@0 432 else
Chris@0 433 puts "Skipping openid tests."
Chris@0 434 end
Chris@0 435
Chris@0 436 end