Mercurial > hg > soundsoftware-site

comparison test/functional/account_controller_test.rb @ 1516:b450a9d58aed redmine-2.4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to Redmine SVN revision 13356 on 2.4-stable branch
author Chris Cannam
date Tue, 09 Sep 2014 09:28:31 +0100
parents e248c7af89ec
children dffacf8a6908
comparison
equal deleted inserted replaced
1494:e248c7af89ec 1516:b450a9d58aed
41 assert_equal 2, @request.session[:user_id] 41 assert_equal 2, @request.session[:user_id]
42 end 42 end
43 43
44 def test_login_should_redirect_to_back_url_param 44 def test_login_should_redirect_to_back_url_param
45 # request.uri is "test.host" in test environment 45 # request.uri is "test.host" in test environment
46 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.host/issues/show/1' 46 back_urls = [
47 assert_redirected_to '/issues/show/1' 47 'http://test.host/issues/show/1',
48 '/'
49 ]
50 back_urls.each do |back_url|
51 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
52 assert_redirected_to back_url
53 end
54 end
55
56 def test_login_with_suburi_should_redirect_to_back_url_param
57 @relative_url_root = ApplicationController.relative_url_root
58 ApplicationController.relative_url_root = '/redmine'
59
60 back_urls = [
61 'http://test.host/redmine/issues/show/1',
62 '/redmine'
63 ]
64 back_urls.each do |back_url|
65 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
66 assert_redirected_to back_url
67 end
68 ensure
69 ApplicationController.relative_url_root = @relative_url_root
48 end 70 end
49 71
50 def test_login_should_not_redirect_to_another_host 72 def test_login_should_not_redirect_to_another_host
51 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.foo/fake' 73 back_urls = [
52 assert_redirected_to '/my/page' 74 'http://test.foo/fake',
75 '//test.foo/fake'
76 ]
77 back_urls.each do |back_url|
78 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
79 assert_redirected_to '/my/page'
80 end
81 end
82
83 def test_login_with_suburi_should_not_redirect_to_another_suburi
84 @relative_url_root = ApplicationController.relative_url_root
85 ApplicationController.relative_url_root = '/redmine'
86
87 back_urls = [
88 'http://test.host/',
89 'http://test.host/fake',
90 'http://test.host/fake/issues',
91 'http://test.host/redmine/../fake',
92 'http://test.host/redmine/../fake/issues',
93 'http://test.host/redmine/%2e%2e/fake'
94 ]
95 back_urls.each do |back_url|
96 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
97 assert_redirected_to '/my/page'
98 end
99 ensure
100 ApplicationController.relative_url_root = @relative_url_root
53 end 101 end
54 102
55 def test_login_with_wrong_password 103 def test_login_with_wrong_password
56 post :login, :username => 'admin', :password => 'bad' 104 post :login, :username => 'admin', :password => 'bad'
57 assert_response :success 105 assert_response :success