annotate .svn/pristine/c5/c5174ec087843933ec7faabc4ea89143a776e91a.svn-base @ 1524:82fac3dcf466 redmine-2.5-integration

Fix failure to interpret Javascript when autocompleting members for project
author Chris Cannam <chris.cannam@soundsoftware.ac.uk>
date Thu, 11 Sep 2014 10:24:38 +0100
parents dffacf8a6908
children
rev   line source
Chris@1517 1 # Redmine - project management software
Chris@1517 2 # Copyright (C) 2006-2014 Jean-Philippe Lang
Chris@1517 3 #
Chris@1517 4 # This program is free software; you can redistribute it and/or
Chris@1517 5 # modify it under the terms of the GNU General Public License
Chris@1517 6 # as published by the Free Software Foundation; either version 2
Chris@1517 7 # of the License, or (at your option) any later version.
Chris@1517 8 #
Chris@1517 9 # This program is distributed in the hope that it will be useful,
Chris@1517 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
Chris@1517 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
Chris@1517 12 # GNU General Public License for more details.
Chris@1517 13 #
Chris@1517 14 # You should have received a copy of the GNU General Public License
Chris@1517 15 # along with this program; if not, write to the Free Software
Chris@1517 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
Chris@1517 17
Chris@1517 18 require File.expand_path('../../test_helper', __FILE__)
Chris@1517 19
Chris@1517 20 class AccountControllerTest < ActionController::TestCase
Chris@1517 21 fixtures :users, :roles
Chris@1517 22
Chris@1517 23 def setup
Chris@1517 24 User.current = nil
Chris@1517 25 end
Chris@1517 26
Chris@1517 27 def test_get_login
Chris@1517 28 get :login
Chris@1517 29 assert_response :success
Chris@1517 30 assert_template 'login'
Chris@1517 31
Chris@1517 32 assert_select 'input[name=username]'
Chris@1517 33 assert_select 'input[name=password]'
Chris@1517 34 end
Chris@1517 35
Chris@1517 36 def test_get_login_while_logged_in_should_redirect_to_back_url_if_present
Chris@1517 37 @request.session[:user_id] = 2
Chris@1517 38 @request.env["HTTP_REFERER"] = 'http://test.host/issues/show/1'
Chris@1517 39
Chris@1517 40 get :login, :back_url => 'http://test.host/issues/show/1'
Chris@1517 41 assert_redirected_to '/issues/show/1'
Chris@1517 42 assert_equal 2, @request.session[:user_id]
Chris@1517 43 end
Chris@1517 44
Chris@1517 45 def test_get_login_while_logged_in_should_redirect_to_referer_without_back_url
Chris@1517 46 @request.session[:user_id] = 2
Chris@1517 47 @request.env["HTTP_REFERER"] = 'http://test.host/issues/show/1'
Chris@1517 48
Chris@1517 49 get :login
Chris@1517 50 assert_redirected_to '/issues/show/1'
Chris@1517 51 assert_equal 2, @request.session[:user_id]
Chris@1517 52 end
Chris@1517 53
Chris@1517 54 def test_get_login_while_logged_in_should_redirect_to_home_by_default
Chris@1517 55 @request.session[:user_id] = 2
Chris@1517 56
Chris@1517 57 get :login
Chris@1517 58 assert_redirected_to '/'
Chris@1517 59 assert_equal 2, @request.session[:user_id]
Chris@1517 60 end
Chris@1517 61
Chris@1517 62 def test_login_should_redirect_to_back_url_param
Chris@1517 63 # request.uri is "test.host" in test environment
Chris@1517 64 back_urls = [
Chris@1517 65 'http://test.host/issues/show/1',
Chris@1517 66 '/'
Chris@1517 67 ]
Chris@1517 68 back_urls.each do |back_url|
Chris@1517 69 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
Chris@1517 70 assert_redirected_to back_url
Chris@1517 71 end
Chris@1517 72 end
Chris@1517 73
Chris@1517 74 def test_login_with_suburi_should_redirect_to_back_url_param
Chris@1517 75 @relative_url_root = ApplicationController.relative_url_root
Chris@1517 76 ApplicationController.relative_url_root = '/redmine'
Chris@1517 77
Chris@1517 78 back_urls = [
Chris@1517 79 'http://test.host/redmine/issues/show/1',
Chris@1517 80 '/redmine'
Chris@1517 81 ]
Chris@1517 82 back_urls.each do |back_url|
Chris@1517 83 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
Chris@1517 84 assert_redirected_to back_url
Chris@1517 85 end
Chris@1517 86 ensure
Chris@1517 87 ApplicationController.relative_url_root = @relative_url_root
Chris@1517 88 end
Chris@1517 89
Chris@1517 90 def test_login_should_not_redirect_to_another_host
Chris@1517 91 back_urls = [
Chris@1517 92 'http://test.foo/fake',
Chris@1517 93 '//test.foo/fake'
Chris@1517 94 ]
Chris@1517 95 back_urls.each do |back_url|
Chris@1517 96 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
Chris@1517 97 assert_redirected_to '/my/page'
Chris@1517 98 end
Chris@1517 99 end
Chris@1517 100
Chris@1517 101 def test_login_with_suburi_should_not_redirect_to_another_suburi
Chris@1517 102 @relative_url_root = ApplicationController.relative_url_root
Chris@1517 103 ApplicationController.relative_url_root = '/redmine'
Chris@1517 104
Chris@1517 105 back_urls = [
Chris@1517 106 'http://test.host/',
Chris@1517 107 'http://test.host/fake',
Chris@1517 108 'http://test.host/fake/issues',
Chris@1517 109 'http://test.host/redmine/../fake',
Chris@1517 110 'http://test.host/redmine/../fake/issues',
Chris@1517 111 'http://test.host/redmine/%2e%2e/fake'
Chris@1517 112 ]
Chris@1517 113 back_urls.each do |back_url|
Chris@1517 114 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
Chris@1517 115 assert_redirected_to '/my/page'
Chris@1517 116 end
Chris@1517 117 ensure
Chris@1517 118 ApplicationController.relative_url_root = @relative_url_root
Chris@1517 119 end
Chris@1517 120
Chris@1517 121 def test_login_with_wrong_password
Chris@1517 122 post :login, :username => 'admin', :password => 'bad'
Chris@1517 123 assert_response :success
Chris@1517 124 assert_template 'login'
Chris@1517 125
Chris@1517 126 assert_select 'div.flash.error', :text => /Invalid user or password/
Chris@1517 127 assert_select 'input[name=username][value=admin]'
Chris@1517 128 assert_select 'input[name=password]'
Chris@1517 129 assert_select 'input[name=password][value]', 0
Chris@1517 130 end
Chris@1517 131
Chris@1517 132 def test_login_with_locked_account_should_fail
Chris@1517 133 User.find(2).update_attribute :status, User::STATUS_LOCKED
Chris@1517 134
Chris@1517 135 post :login, :username => 'jsmith', :password => 'jsmith'
Chris@1517 136 assert_redirected_to '/login'
Chris@1517 137 assert_include 'locked', flash[:error]
Chris@1517 138 assert_nil @request.session[:user_id]
Chris@1517 139 end
Chris@1517 140
Chris@1517 141 def test_login_as_registered_user_with_manual_activation_should_inform_user
Chris@1517 142 User.find(2).update_attribute :status, User::STATUS_REGISTERED
Chris@1517 143
Chris@1517 144 with_settings :self_registration => '2', :default_language => 'en' do
Chris@1517 145 post :login, :username => 'jsmith', :password => 'jsmith'
Chris@1517 146 assert_redirected_to '/login'
Chris@1517 147 assert_include 'pending administrator approval', flash[:error]
Chris@1517 148 end
Chris@1517 149 end
Chris@1517 150
Chris@1517 151 def test_login_as_registered_user_with_email_activation_should_propose_new_activation_email
Chris@1517 152 User.find(2).update_attribute :status, User::STATUS_REGISTERED
Chris@1517 153
Chris@1517 154 with_settings :self_registration => '1', :default_language => 'en' do
Chris@1517 155 post :login, :username => 'jsmith', :password => 'jsmith'
Chris@1517 156 assert_redirected_to '/login'
Chris@1517 157 assert_equal 2, @request.session[:registered_user_id]
Chris@1517 158 assert_include 'new activation email', flash[:error]
Chris@1517 159 end
Chris@1517 160 end
Chris@1517 161
Chris@1517 162 def test_login_should_rescue_auth_source_exception
Chris@1517 163 source = AuthSource.create!(:name => 'Test')
Chris@1517 164 User.find(2).update_attribute :auth_source_id, source.id
Chris@1517 165 AuthSource.any_instance.stubs(:authenticate).raises(AuthSourceException.new("Something wrong"))
Chris@1517 166
Chris@1517 167 post :login, :username => 'jsmith', :password => 'jsmith'
Chris@1517 168 assert_response 500
Chris@1517 169 assert_error_tag :content => /Something wrong/
Chris@1517 170 end
Chris@1517 171
Chris@1517 172 def test_login_should_reset_session
Chris@1517 173 @controller.expects(:reset_session).once
Chris@1517 174
Chris@1517 175 post :login, :username => 'jsmith', :password => 'jsmith'
Chris@1517 176 assert_response 302
Chris@1517 177 end
Chris@1517 178
Chris@1517 179 def test_get_logout_should_not_logout
Chris@1517 180 @request.session[:user_id] = 2
Chris@1517 181 get :logout
Chris@1517 182 assert_response :success
Chris@1517 183 assert_template 'logout'
Chris@1517 184
Chris@1517 185 assert_equal 2, @request.session[:user_id]
Chris@1517 186 end
Chris@1517 187
Chris@1517 188 def test_get_logout_with_anonymous_should_redirect
Chris@1517 189 get :logout
Chris@1517 190 assert_redirected_to '/'
Chris@1517 191 end
Chris@1517 192
Chris@1517 193 def test_logout
Chris@1517 194 @request.session[:user_id] = 2
Chris@1517 195 post :logout
Chris@1517 196 assert_redirected_to '/'
Chris@1517 197 assert_nil @request.session[:user_id]
Chris@1517 198 end
Chris@1517 199
Chris@1517 200 def test_logout_should_reset_session
Chris@1517 201 @controller.expects(:reset_session).once
Chris@1517 202
Chris@1517 203 @request.session[:user_id] = 2
Chris@1517 204 post :logout
Chris@1517 205 assert_response 302
Chris@1517 206 end
Chris@1517 207
Chris@1517 208 def test_get_register_with_registration_on
Chris@1517 209 with_settings :self_registration => '3' do
Chris@1517 210 get :register
Chris@1517 211 assert_response :success
Chris@1517 212 assert_template 'register'
Chris@1517 213 assert_not_nil assigns(:user)
Chris@1517 214
Chris@1517 215 assert_select 'input[name=?]', 'user[password]'
Chris@1517 216 assert_select 'input[name=?]', 'user[password_confirmation]'
Chris@1517 217 end
Chris@1517 218 end
Chris@1517 219
Chris@1517 220 def test_get_register_should_detect_user_language
Chris@1517 221 with_settings :self_registration => '3' do
Chris@1517 222 @request.env['HTTP_ACCEPT_LANGUAGE'] = 'fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3'
Chris@1517 223 get :register
Chris@1517 224 assert_response :success
Chris@1517 225 assert_not_nil assigns(:user)
Chris@1517 226 assert_equal 'fr', assigns(:user).language
Chris@1517 227 assert_select 'select[name=?]', 'user[language]' do
Chris@1517 228 assert_select 'option[value=fr][selected=selected]'
Chris@1517 229 end
Chris@1517 230 end
Chris@1517 231 end
Chris@1517 232
Chris@1517 233 def test_get_register_with_registration_off_should_redirect
Chris@1517 234 with_settings :self_registration => '0' do
Chris@1517 235 get :register
Chris@1517 236 assert_redirected_to '/'
Chris@1517 237 end
Chris@1517 238 end
Chris@1517 239
Chris@1517 240 # See integration/account_test.rb for the full test
Chris@1517 241 def test_post_register_with_registration_on
Chris@1517 242 with_settings :self_registration => '3' do
Chris@1517 243 assert_difference 'User.count' do
Chris@1517 244 post :register, :user => {
Chris@1517 245 :login => 'register',
Chris@1517 246 :password => 'secret123',
Chris@1517 247 :password_confirmation => 'secret123',
Chris@1517 248 :firstname => 'John',
Chris@1517 249 :lastname => 'Doe',
Chris@1517 250 :mail => 'register@example.com'
Chris@1517 251 }
Chris@1517 252 assert_redirected_to '/my/account'
Chris@1517 253 end
Chris@1517 254 user = User.order('id DESC').first
Chris@1517 255 assert_equal 'register', user.login
Chris@1517 256 assert_equal 'John', user.firstname
Chris@1517 257 assert_equal 'Doe', user.lastname
Chris@1517 258 assert_equal 'register@example.com', user.mail
Chris@1517 259 assert user.check_password?('secret123')
Chris@1517 260 assert user.active?
Chris@1517 261 end
Chris@1517 262 end
Chris@1517 263
Chris@1517 264 def test_post_register_with_registration_off_should_redirect
Chris@1517 265 with_settings :self_registration => '0' do
Chris@1517 266 assert_no_difference 'User.count' do
Chris@1517 267 post :register, :user => {
Chris@1517 268 :login => 'register',
Chris@1517 269 :password => 'test',
Chris@1517 270 :password_confirmation => 'test',
Chris@1517 271 :firstname => 'John',
Chris@1517 272 :lastname => 'Doe',
Chris@1517 273 :mail => 'register@example.com'
Chris@1517 274 }
Chris@1517 275 assert_redirected_to '/'
Chris@1517 276 end
Chris@1517 277 end
Chris@1517 278 end
Chris@1517 279
Chris@1517 280 def test_get_lost_password_should_display_lost_password_form
Chris@1517 281 get :lost_password
Chris@1517 282 assert_response :success
Chris@1517 283 assert_select 'input[name=mail]'
Chris@1517 284 end
Chris@1517 285
Chris@1517 286 def test_lost_password_for_active_user_should_create_a_token
Chris@1517 287 Token.delete_all
Chris@1517 288 ActionMailer::Base.deliveries.clear
Chris@1517 289 assert_difference 'ActionMailer::Base.deliveries.size' do
Chris@1517 290 assert_difference 'Token.count' do
Chris@1517 291 with_settings :host_name => 'mydomain.foo', :protocol => 'http' do
Chris@1517 292 post :lost_password, :mail => 'JSmith@somenet.foo'
Chris@1517 293 assert_redirected_to '/login'
Chris@1517 294 end
Chris@1517 295 end
Chris@1517 296 end
Chris@1517 297
Chris@1517 298 token = Token.order('id DESC').first
Chris@1517 299 assert_equal User.find(2), token.user
Chris@1517 300 assert_equal 'recovery', token.action
Chris@1517 301
Chris@1517 302 assert_select_email do
Chris@1517 303 assert_select "a[href=?]", "http://mydomain.foo/account/lost_password?token=#{token.value}"
Chris@1517 304 end
Chris@1517 305 end
Chris@1517 306
Chris@1517 307 def test_lost_password_for_unknown_user_should_fail
Chris@1517 308 Token.delete_all
Chris@1517 309 assert_no_difference 'Token.count' do
Chris@1517 310 post :lost_password, :mail => 'invalid@somenet.foo'
Chris@1517 311 assert_response :success
Chris@1517 312 end
Chris@1517 313 end
Chris@1517 314
Chris@1517 315 def test_lost_password_for_non_active_user_should_fail
Chris@1517 316 Token.delete_all
Chris@1517 317 assert User.find(2).lock!
Chris@1517 318
Chris@1517 319 assert_no_difference 'Token.count' do
Chris@1517 320 post :lost_password, :mail => 'JSmith@somenet.foo'
Chris@1517 321 assert_redirected_to '/account/lost_password'
Chris@1517 322 end
Chris@1517 323 end
Chris@1517 324
Chris@1517 325 def test_lost_password_for_user_who_cannot_change_password_should_fail
Chris@1517 326 User.any_instance.stubs(:change_password_allowed?).returns(false)
Chris@1517 327
Chris@1517 328 assert_no_difference 'Token.count' do
Chris@1517 329 post :lost_password, :mail => 'JSmith@somenet.foo'
Chris@1517 330 assert_response :success
Chris@1517 331 end
Chris@1517 332 end
Chris@1517 333
Chris@1517 334 def test_get_lost_password_with_token_should_display_the_password_recovery_form
Chris@1517 335 user = User.find(2)
Chris@1517 336 token = Token.create!(:action => 'recovery', :user => user)
Chris@1517 337
Chris@1517 338 get :lost_password, :token => token.value
Chris@1517 339 assert_response :success
Chris@1517 340 assert_template 'password_recovery'
Chris@1517 341
Chris@1517 342 assert_select 'input[type=hidden][name=token][value=?]', token.value
Chris@1517 343 end
Chris@1517 344
Chris@1517 345 def test_get_lost_password_with_invalid_token_should_redirect
Chris@1517 346 get :lost_password, :token => "abcdef"
Chris@1517 347 assert_redirected_to '/'
Chris@1517 348 end
Chris@1517 349
Chris@1517 350 def test_post_lost_password_with_token_should_change_the_user_password
Chris@1517 351 user = User.find(2)
Chris@1517 352 token = Token.create!(:action => 'recovery', :user => user)
Chris@1517 353
Chris@1517 354 post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123'
Chris@1517 355 assert_redirected_to '/login'
Chris@1517 356 user.reload
Chris@1517 357 assert user.check_password?('newpass123')
Chris@1517 358 assert_nil Token.find_by_id(token.id), "Token was not deleted"
Chris@1517 359 end
Chris@1517 360
Chris@1517 361 def test_post_lost_password_with_token_for_non_active_user_should_fail
Chris@1517 362 user = User.find(2)
Chris@1517 363 token = Token.create!(:action => 'recovery', :user => user)
Chris@1517 364 user.lock!
Chris@1517 365
Chris@1517 366 post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123'
Chris@1517 367 assert_redirected_to '/'
Chris@1517 368 assert ! user.check_password?('newpass123')
Chris@1517 369 end
Chris@1517 370
Chris@1517 371 def test_post_lost_password_with_token_and_password_confirmation_failure_should_redisplay_the_form
Chris@1517 372 user = User.find(2)
Chris@1517 373 token = Token.create!(:action => 'recovery', :user => user)
Chris@1517 374
Chris@1517 375 post :lost_password, :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'wrongpass'
Chris@1517 376 assert_response :success
Chris@1517 377 assert_template 'password_recovery'
Chris@1517 378 assert_not_nil Token.find_by_id(token.id), "Token was deleted"
Chris@1517 379
Chris@1517 380 assert_select 'input[type=hidden][name=token][value=?]', token.value
Chris@1517 381 end
Chris@1517 382
Chris@1517 383 def test_post_lost_password_with_invalid_token_should_redirect
Chris@1517 384 post :lost_password, :token => "abcdef", :new_password => 'newpass', :new_password_confirmation => 'newpass'
Chris@1517 385 assert_redirected_to '/'
Chris@1517 386 end
Chris@1517 387
Chris@1517 388 def test_activation_email_should_send_an_activation_email
Chris@1517 389 User.find(2).update_attribute :status, User::STATUS_REGISTERED
Chris@1517 390 @request.session[:registered_user_id] = 2
Chris@1517 391
Chris@1517 392 with_settings :self_registration => '1' do
Chris@1517 393 assert_difference 'ActionMailer::Base.deliveries.size' do
Chris@1517 394 get :activation_email
Chris@1517 395 assert_redirected_to '/login'
Chris@1517 396 end
Chris@1517 397 end
Chris@1517 398 end
Chris@1517 399
Chris@1517 400 def test_activation_email_without_session_data_should_fail
Chris@1517 401 User.find(2).update_attribute :status, User::STATUS_REGISTERED
Chris@1517 402
Chris@1517 403 with_settings :self_registration => '1' do
Chris@1517 404 assert_no_difference 'ActionMailer::Base.deliveries.size' do
Chris@1517 405 get :activation_email
Chris@1517 406 assert_redirected_to '/'
Chris@1517 407 end
Chris@1517 408 end
Chris@1517 409 end
Chris@1517 410 end