Mercurial > hg > soundsoftware-site

annotate test/functional/account_controller_test.rb @ 1628:9c5f8e24dadc live tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Quieten this cron script
author Chris Cannam
date Tue, 25 Aug 2020 11:38:49 +0100
parents dffacf8a6908
children
rev   line source
Chris@909 1 # Redmine - project management software
Chris@1494 2 # Copyright (C) 2006-2014 Jean-Philippe Lang
Chris@0 3 #
Chris@0 4 # This program is free software; you can redistribute it and/or
Chris@0 5 # modify it under the terms of the GNU General Public License
Chris@0 6 # as published by the Free Software Foundation; either version 2
Chris@0 7 # of the License, or (at your option) any later version.
Chris@909 8 #
Chris@0 9 # This program is distributed in the hope that it will be useful,
Chris@0 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
Chris@0 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
Chris@0 12 # GNU General Public License for more details.
Chris@909 13 #
Chris@0 14 # You should have received a copy of the GNU General Public License
Chris@0 15 # along with this program; if not, write to the Free Software
Chris@0 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
Chris@0 17
Chris@119 18 require File.expand_path('../../test_helper', __FILE__)
Chris@0 19
Chris@0 20 class AccountControllerTest < ActionController::TestCase
Chris@0 21 fixtures :users, :roles
Chris@909 22
Chris@0 23 def setup
Chris@0 24 User.current = nil
Chris@0 25 end
Chris@909 26
Chris@1115 27 def test_get_login
Chris@1115 28 get :login
Chris@1115 29 assert_response :success
Chris@1115 30 assert_template 'login'
Chris@1115 31
Chris@1115 32 assert_select 'input[name=username]'
Chris@1115 33 assert_select 'input[name=password]'
Chris@1115 34 end
Chris@1115 35
Chris@1517 36 def test_get_login_while_logged_in_should_redirect_to_back_url_if_present
Chris@1517 37 @request.session[:user_id] = 2
Chris@1517 38 @request.env["HTTP_REFERER"] = 'http://test.host/issues/show/1'
Chris@1517 39
Chris@1517 40 get :login, :back_url => 'http://test.host/issues/show/1'
Chris@1517 41 assert_redirected_to '/issues/show/1'
Chris@1517 42 assert_equal 2, @request.session[:user_id]
Chris@1517 43 end
Chris@1517 44
Chris@1517 45 def test_get_login_while_logged_in_should_redirect_to_referer_without_back_url
Chris@1517 46 @request.session[:user_id] = 2
Chris@1517 47 @request.env["HTTP_REFERER"] = 'http://test.host/issues/show/1'
Chris@1517 48
Chris@1517 49 get :login
Chris@1517 50 assert_redirected_to '/issues/show/1'
Chris@1517 51 assert_equal 2, @request.session[:user_id]
Chris@1517 52 end
Chris@1517 53
Chris@1517 54 def test_get_login_while_logged_in_should_redirect_to_home_by_default
Chris@1464 55 @request.session[:user_id] = 2
Chris@1464 56
Chris@1464 57 get :login
Chris@1464 58 assert_redirected_to '/'
Chris@1464 59 assert_equal 2, @request.session[:user_id]
Chris@1464 60 end
Chris@1464 61
Chris@0 62 def test_login_should_redirect_to_back_url_param
Chris@0 63 # request.uri is "test.host" in test environment
Chris@1516 64 back_urls = [
Chris@1516 65 'http://test.host/issues/show/1',
Chris@1516 66 '/'
Chris@1516 67 ]
Chris@1516 68 back_urls.each do |back_url|
Chris@1516 69 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
Chris@1516 70 assert_redirected_to back_url
Chris@1516 71 end
Chris@1516 72 end
Chris@1516 73
Chris@1516 74 def test_login_with_suburi_should_redirect_to_back_url_param
Chris@1516 75 @relative_url_root = ApplicationController.relative_url_root
Chris@1516 76 ApplicationController.relative_url_root = '/redmine'
Chris@1516 77
Chris@1516 78 back_urls = [
Chris@1516 79 'http://test.host/redmine/issues/show/1',
Chris@1516 80 '/redmine'
Chris@1516 81 ]
Chris@1516 82 back_urls.each do |back_url|
Chris@1516 83 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
Chris@1516 84 assert_redirected_to back_url
Chris@1516 85 end
Chris@1516 86 ensure
Chris@1516 87 ApplicationController.relative_url_root = @relative_url_root
Chris@0 88 end
Chris@909 89
Chris@0 90 def test_login_should_not_redirect_to_another_host
Chris@1516 91 back_urls = [
Chris@1516 92 'http://test.foo/fake',
Chris@1516 93 '//test.foo/fake'
Chris@1516 94 ]
Chris@1516 95 back_urls.each do |back_url|
Chris@1516 96 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
Chris@1516 97 assert_redirected_to '/my/page'
Chris@1516 98 end
Chris@1516 99 end
Chris@1516 100
Chris@1516 101 def test_login_with_suburi_should_not_redirect_to_another_suburi
Chris@1516 102 @relative_url_root = ApplicationController.relative_url_root
Chris@1516 103 ApplicationController.relative_url_root = '/redmine'
Chris@1516 104
Chris@1516 105 back_urls = [
Chris@1516 106 'http://test.host/',
Chris@1516 107 'http://test.host/fake',
Chris@1516 108 'http://test.host/fake/issues',
Chris@1516 109 'http://test.host/redmine/../fake',
Chris@1516 110 'http://test.host/redmine/../fake/issues',
Chris@1516 111 'http://test.host/redmine/%2e%2e/fake'
Chris@1516 112 ]
Chris@1516 113 back_urls.each do |back_url|
Chris@1516 114 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
Chris@1516 115 assert_redirected_to '/my/page'
Chris@1516 116 end
Chris@1516 117 ensure
Chris@1516 118 ApplicationController.relative_url_root = @relative_url_root
Chris@0 119 end
Chris@0 120
Chris@0 121 def test_login_with_wrong_password
Chris@0 122 post :login, :username => 'admin', :password => 'bad'
Chris@0 123 assert_response :success
Chris@0 124 assert_template 'login'
Chris@1115 125
Chris@1115 126 assert_select 'div.flash.error', :text => /Invalid user or password/
Chris@1115 127 assert_select 'input[name=username][value=admin]'
Chris@1115 128 assert_select 'input[name=password]'
Chris@1115 129 assert_select 'input[name=password][value]', 0
Chris@0 130 end
Chris@909 131
Chris@1464 132 def test_login_with_locked_account_should_fail
Chris@1464 133 User.find(2).update_attribute :status, User::STATUS_LOCKED
Chris@1464 134
Chris@1464 135 post :login, :username => 'jsmith', :password => 'jsmith'
Chris@1464 136 assert_redirected_to '/login'
Chris@1464 137 assert_include 'locked', flash[:error]
Chris@1464 138 assert_nil @request.session[:user_id]
Chris@1464 139 end
Chris@1464 140
Chris@1464 141 def test_login_as_registered_user_with_manual_activation_should_inform_user
Chris@1464 142 User.find(2).update_attribute :status, User::STATUS_REGISTERED
Chris@1464 143
Chris@1464 144 with_settings :self_registration => '2', :default_language => 'en' do
Chris@1464 145 post :login, :username => 'jsmith', :password => 'jsmith'
Chris@1464 146 assert_redirected_to '/login'
Chris@1464 147 assert_include 'pending administrator approval', flash[:error]
Chris@1464 148 end
Chris@1464 149 end
Chris@1464 150
Chris@1464 151 def test_login_as_registered_user_with_email_activation_should_propose_new_activation_email
Chris@1464 152 User.find(2).update_attribute :status, User::STATUS_REGISTERED
Chris@1464 153
Chris@1464 154 with_settings :self_registration => '1', :default_language => 'en' do
Chris@1464 155 post :login, :username => 'jsmith', :password => 'jsmith'
Chris@1464 156 assert_redirected_to '/login'
Chris@1464 157 assert_equal 2, @request.session[:registered_user_id]
Chris@1464 158 assert_include 'new activation email', flash[:error]
Chris@1464 159 end
Chris@1464 160 end
Chris@1464 161
Chris@1115 162 def test_login_should_rescue_auth_source_exception
Chris@1115 163 source = AuthSource.create!(:name => 'Test')
Chris@1115 164 User.find(2).update_attribute :auth_source_id, source.id
Chris@1115 165 AuthSource.any_instance.stubs(:authenticate).raises(AuthSourceException.new("Something wrong"))
Chris@909 166
Chris@1115 167 post :login, :username => 'jsmith', :password => 'jsmith'
Chris@1115 168 assert_response 500
Chris@1115 169 assert_error_tag :content => /Something wrong/
Chris@0 170 end
Chris@0 171
Chris@1115 172 def test_login_should_reset_session
Chris@1115 173 @controller.expects(:reset_session).once
Chris@909 174
Chris@1115 175 post :login, :username => 'jsmith', :password => 'jsmith'
Chris@1115 176 assert_response 302
Chris@0 177 end
Chris@909 178
Chris@1464 179 def test_get_logout_should_not_logout
Chris@1464 180 @request.session[:user_id] = 2
Chris@1464 181 get :logout
Chris@1464 182 assert_response :success
Chris@1464 183 assert_template 'logout'
Chris@1464 184
Chris@1464 185 assert_equal 2, @request.session[:user_id]
Chris@1464 186 end
Chris@1464 187
Chris@1464 188 def test_get_logout_with_anonymous_should_redirect
Chris@1464 189 get :logout
Chris@1464 190 assert_redirected_to '/'
Chris@1464 191 end
Chris@1464 192
Chris@0 193 def test_logout
Chris@0 194 @request.session[:user_id] = 2
Chris@1464 195 post :logout
chris@37 196 assert_redirected_to '/'
Chris@0 197 assert_nil @request.session[:user_id]
Chris@0 198 end
Chris@14 199
Chris@1115 200 def test_logout_should_reset_session
Chris@1115 201 @controller.expects(:reset_session).once
Chris@909 202
Chris@1115 203 @request.session[:user_id] = 2
Chris@1464 204 post :logout
Chris@1115 205 assert_response 302
Chris@1115 206 end
Chris@1115 207
Chris@1115 208 def test_get_register_with_registration_on
Chris@1115 209 with_settings :self_registration => '3' do
Chris@1115 210 get :register
Chris@1115 211 assert_response :success
Chris@1115 212 assert_template 'register'
Chris@1115 213 assert_not_nil assigns(:user)
Chris@1115 214
Chris@1464 215 assert_select 'input[name=?]', 'user[password]'
Chris@1464 216 assert_select 'input[name=?]', 'user[password_confirmation]'
Chris@1464 217 end
Chris@1464 218 end
Chris@1464 219
Chris@1464 220 def test_get_register_should_detect_user_language
Chris@1464 221 with_settings :self_registration => '3' do
Chris@1464 222 @request.env['HTTP_ACCEPT_LANGUAGE'] = 'fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3'
Chris@1464 223 get :register
Chris@1464 224 assert_response :success
Chris@1464 225 assert_not_nil assigns(:user)
Chris@1464 226 assert_equal 'fr', assigns(:user).language
Chris@1464 227 assert_select 'select[name=?]', 'user[language]' do
Chris@1464 228 assert_select 'option[value=fr][selected=selected]'
Chris@1464 229 end
Chris@14 230 end
Chris@1115 231 end
Chris@909 232
Chris@1115 233 def test_get_register_with_registration_off_should_redirect
Chris@1115 234 with_settings :self_registration => '0' do
Chris@1115 235 get :register
Chris@1115 236 assert_redirected_to '/'
Chris@14 237 end
Chris@14 238 end
Chris@14 239
Chris@14 240 # See integration/account_test.rb for the full test
Chris@1115 241 def test_post_register_with_registration_on
Chris@1115 242 with_settings :self_registration => '3' do
Chris@1115 243 assert_difference 'User.count' do
Chris@1115 244 post :register, :user => {
Chris@1115 245 :login => 'register',
Chris@1115 246 :password => 'secret123',
Chris@1115 247 :password_confirmation => 'secret123',
Chris@1115 248 :firstname => 'John',
Chris@1115 249 :lastname => 'Doe',
Chris@1115 250 :mail => 'register@example.com'
Chris@1115 251 }
Chris@1115 252 assert_redirected_to '/my/account'
Chris@1115 253 end
Chris@1517 254 user = User.order('id DESC').first
Chris@1115 255 assert_equal 'register', user.login
Chris@1115 256 assert_equal 'John', user.firstname
Chris@1115 257 assert_equal 'Doe', user.lastname
Chris@1115 258 assert_equal 'register@example.com', user.mail
Chris@1115 259 assert user.check_password?('secret123')
Chris@1115 260 assert user.active?
Chris@1115 261 end
Chris@1115 262 end
Chris@1115 263
Chris@1115 264 def test_post_register_with_registration_off_should_redirect
Chris@1115 265 with_settings :self_registration => '0' do
Chris@1115 266 assert_no_difference 'User.count' do
Chris@14 267 post :register, :user => {
Chris@14 268 :login => 'register',
Chris@14 269 :password => 'test',
Chris@14 270 :password_confirmation => 'test',
Chris@14 271 :firstname => 'John',
Chris@14 272 :lastname => 'Doe',
Chris@14 273 :mail => 'register@example.com'
Chris@14 274 }
Chris@1115 275 assert_redirected_to '/'
Chris@14 276 end
Chris@1115 277 end
Chris@1115 278 end
Chris@909 279
Chris@1115 280 def test_get_lost_password_should_display_lost_password_form
Chris@1115 281 get :lost_password
Chris@1115 282 assert_response :success
Chris@1115 283 assert_select 'input[name=mail]'
Chris@1115 284 end
Chris@14 285
Chris@1115 286 def test_lost_password_for_active_user_should_create_a_token
Chris@1115 287 Token.delete_all
Chris@1115 288 ActionMailer::Base.deliveries.clear
Chris@1115 289 assert_difference 'ActionMailer::Base.deliveries.size' do
Chris@1115 290 assert_difference 'Token.count' do
Chris@1115 291 with_settings :host_name => 'mydomain.foo', :protocol => 'http' do
Chris@1115 292 post :lost_password, :mail => 'JSmith@somenet.foo'
Chris@1115 293 assert_redirected_to '/login'
Chris@1115 294 end
Chris@14 295 end
Chris@14 296 end
Chris@909 297
Chris@1115 298 token = Token.order('id DESC').first
Chris@1115 299 assert_equal User.find(2), token.user
Chris@1115 300 assert_equal 'recovery', token.action
Chris@14 301
Chris@1115 302 assert_select_email do
Chris@1115 303 assert_select "a[href=?]", "http://mydomain.foo/account/lost_password?token=#{token.value}"
Chris@14 304 end
Chris@14 305 end
Chris@1115 306
Chris@1115 307 def test_lost_password_for_unknown_user_should_fail
Chris@1115 308 Token.delete_all
Chris@1115 309 assert_no_difference 'Token.count' do
Chris@1115 310 post :lost_password, :mail => 'invalid@somenet.foo'
Chris@1115 311 assert_response :success
Chris@1115 312 end
Chris@1115 313 end
Chris@1115 314
Chris@1115 315 def test_lost_password_for_non_active_user_should_fail
Chris@1115 316 Token.delete_all
Chris@1115 317 assert User.find(2).lock!
Chris@1115 318
Chris@1115 319 assert_no_difference 'Token.count' do
Chris@1115 320 post :lost_password, :mail => 'JSmith@somenet.foo'
Chris@1464 321 assert_redirected_to '/account/lost_password'
Chris@1464 322 end
Chris@1464 323 end
Chris@1464 324
Chris@1464 325 def test_lost_password_for_user_who_cannot_change_password_should_fail
Chris@1464 326 User.any_instance.stubs(:change_password_allowed?).returns(false)
Chris@1464 327
Chris@1464 328 assert_no_difference 'Token.count' do
Chris@1464 329 post :lost_password, :mail => 'JSmith@somenet.foo'
Chris@1115 330 assert_response :success
Chris@1115 331 end
Chris@1115 332 end
Chris@1115 333
Chris@1115 334 def test_get_lost_password_with_token_should_display_the_password_recovery_form
Chris@1115 335 user = User.find(2)
Chris@1115 336 token = Token.create!(:action => 'recovery', :user => user)
Chris@1115 337
Chris@1115 338 get :lost_password, :token => token.value
Chris@1115 339 assert_response :success
Chris@1115 340 assert_template 'password_recovery'
Chris@1115 341
Chris@1115 342 assert_select 'input[type=hidden][name=token][value=?]', token.value
Chris@1115 343 end
Chris@1115 344
Chris@1115 345 def test_get_lost_password_with_invalid_token_should_redirect
Chris@1115 346 get :lost_password, :token => "abcdef"
Chris@1115 347 assert_redirected_to '/'
Chris@1115 348 end
Chris@1115 349
Chris@1115 350 def test_post_lost_password_with_token_should_change_the_user_password
Chris@1115 351 user = User.find(2)
Chris@1115 352 token = Token.create!(:action => 'recovery', :user => user)
Chris@1115 353
Chris@1115 354 post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123'
Chris@1115 355 assert_redirected_to '/login'
Chris@1115 356 user.reload
Chris@1115 357 assert user.check_password?('newpass123')
Chris@1115 358 assert_nil Token.find_by_id(token.id), "Token was not deleted"
Chris@1115 359 end
Chris@1115 360
Chris@1115 361 def test_post_lost_password_with_token_for_non_active_user_should_fail
Chris@1115 362 user = User.find(2)
Chris@1115 363 token = Token.create!(:action => 'recovery', :user => user)
Chris@1115 364 user.lock!
Chris@1115 365
Chris@1115 366 post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123'
Chris@1115 367 assert_redirected_to '/'
Chris@1115 368 assert ! user.check_password?('newpass123')
Chris@1115 369 end
Chris@1115 370
Chris@1115 371 def test_post_lost_password_with_token_and_password_confirmation_failure_should_redisplay_the_form
Chris@1115 372 user = User.find(2)
Chris@1115 373 token = Token.create!(:action => 'recovery', :user => user)
Chris@1115 374
Chris@1115 375 post :lost_password, :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'wrongpass'
Chris@1115 376 assert_response :success
Chris@1115 377 assert_template 'password_recovery'
Chris@1115 378 assert_not_nil Token.find_by_id(token.id), "Token was deleted"
Chris@1115 379
Chris@1115 380 assert_select 'input[type=hidden][name=token][value=?]', token.value
Chris@1115 381 end
Chris@1115 382
Chris@1115 383 def test_post_lost_password_with_invalid_token_should_redirect
Chris@1115 384 post :lost_password, :token => "abcdef", :new_password => 'newpass', :new_password_confirmation => 'newpass'
Chris@1115 385 assert_redirected_to '/'
Chris@1115 386 end
Chris@1464 387
Chris@1464 388 def test_activation_email_should_send_an_activation_email
Chris@1464 389 User.find(2).update_attribute :status, User::STATUS_REGISTERED
Chris@1464 390 @request.session[:registered_user_id] = 2
Chris@1464 391
Chris@1464 392 with_settings :self_registration => '1' do
Chris@1464 393 assert_difference 'ActionMailer::Base.deliveries.size' do
Chris@1464 394 get :activation_email
Chris@1464 395 assert_redirected_to '/login'
Chris@1464 396 end
Chris@1464 397 end
Chris@1464 398 end
Chris@1464 399
Chris@1464 400 def test_activation_email_without_session_data_should_fail
Chris@1464 401 User.find(2).update_attribute :status, User::STATUS_REGISTERED
Chris@1464 402
Chris@1464 403 with_settings :self_registration => '1' do
Chris@1464 404 assert_no_difference 'ActionMailer::Base.deliveries.size' do
Chris@1464 405 get :activation_email
Chris@1464 406 assert_redirected_to '/'
Chris@1464 407 end
Chris@1464 408 end
Chris@1464 409 end
Chris@0 410 end