Mercurial > hg > soundsoftware-site
comparison .svn/pristine/c5/c5174ec087843933ec7faabc4ea89143a776e91a.svn-base @ 1517:dffacf8a6908 redmine-2.5
Update to Redmine SVN revision 13367 on 2.5-stable branch
author | Chris Cannam |
---|---|
date | Tue, 09 Sep 2014 09:29:00 +0100 |
parents | |
children |
comparison
equal
deleted
inserted
replaced
1516:b450a9d58aed | 1517:dffacf8a6908 |
---|---|
1 # Redmine - project management software | |
2 # Copyright (C) 2006-2014 Jean-Philippe Lang | |
3 # | |
4 # This program is free software; you can redistribute it and/or | |
5 # modify it under the terms of the GNU General Public License | |
6 # as published by the Free Software Foundation; either version 2 | |
7 # of the License, or (at your option) any later version. | |
8 # | |
9 # This program is distributed in the hope that it will be useful, | |
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
12 # GNU General Public License for more details. | |
13 # | |
14 # You should have received a copy of the GNU General Public License | |
15 # along with this program; if not, write to the Free Software | |
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |
17 | |
18 require File.expand_path('../../test_helper', __FILE__) | |
19 | |
20 class AccountControllerTest < ActionController::TestCase | |
21 fixtures :users, :roles | |
22 | |
23 def setup | |
24 User.current = nil | |
25 end | |
26 | |
27 def test_get_login | |
28 get :login | |
29 assert_response :success | |
30 assert_template 'login' | |
31 | |
32 assert_select 'input[name=username]' | |
33 assert_select 'input[name=password]' | |
34 end | |
35 | |
36 def test_get_login_while_logged_in_should_redirect_to_back_url_if_present | |
37 @request.session[:user_id] = 2 | |
38 @request.env["HTTP_REFERER"] = 'http://test.host/issues/show/1' | |
39 | |
40 get :login, :back_url => 'http://test.host/issues/show/1' | |
41 assert_redirected_to '/issues/show/1' | |
42 assert_equal 2, @request.session[:user_id] | |
43 end | |
44 | |
45 def test_get_login_while_logged_in_should_redirect_to_referer_without_back_url | |
46 @request.session[:user_id] = 2 | |
47 @request.env["HTTP_REFERER"] = 'http://test.host/issues/show/1' | |
48 | |
49 get :login | |
50 assert_redirected_to '/issues/show/1' | |
51 assert_equal 2, @request.session[:user_id] | |
52 end | |
53 | |
54 def test_get_login_while_logged_in_should_redirect_to_home_by_default | |
55 @request.session[:user_id] = 2 | |
56 | |
57 get :login | |
58 assert_redirected_to '/' | |
59 assert_equal 2, @request.session[:user_id] | |
60 end | |
61 | |
62 def test_login_should_redirect_to_back_url_param | |
63 # request.uri is "test.host" in test environment | |
64 back_urls = [ | |
65 'http://test.host/issues/show/1', | |
66 '/' | |
67 ] | |
68 back_urls.each do |back_url| | |
69 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url | |
70 assert_redirected_to back_url | |
71 end | |
72 end | |
73 | |
74 def test_login_with_suburi_should_redirect_to_back_url_param | |
75 @relative_url_root = ApplicationController.relative_url_root | |
76 ApplicationController.relative_url_root = '/redmine' | |
77 | |
78 back_urls = [ | |
79 'http://test.host/redmine/issues/show/1', | |
80 '/redmine' | |
81 ] | |
82 back_urls.each do |back_url| | |
83 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url | |
84 assert_redirected_to back_url | |
85 end | |
86 ensure | |
87 ApplicationController.relative_url_root = @relative_url_root | |
88 end | |
89 | |
90 def test_login_should_not_redirect_to_another_host | |
91 back_urls = [ | |
92 'http://test.foo/fake', | |
93 '//test.foo/fake' | |
94 ] | |
95 back_urls.each do |back_url| | |
96 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url | |
97 assert_redirected_to '/my/page' | |
98 end | |
99 end | |
100 | |
101 def test_login_with_suburi_should_not_redirect_to_another_suburi | |
102 @relative_url_root = ApplicationController.relative_url_root | |
103 ApplicationController.relative_url_root = '/redmine' | |
104 | |
105 back_urls = [ | |
106 'http://test.host/', | |
107 'http://test.host/fake', | |
108 'http://test.host/fake/issues', | |
109 'http://test.host/redmine/../fake', | |
110 'http://test.host/redmine/../fake/issues', | |
111 'http://test.host/redmine/%2e%2e/fake' | |
112 ] | |
113 back_urls.each do |back_url| | |
114 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url | |
115 assert_redirected_to '/my/page' | |
116 end | |
117 ensure | |
118 ApplicationController.relative_url_root = @relative_url_root | |
119 end | |
120 | |
121 def test_login_with_wrong_password | |
122 post :login, :username => 'admin', :password => 'bad' | |
123 assert_response :success | |
124 assert_template 'login' | |
125 | |
126 assert_select 'div.flash.error', :text => /Invalid user or password/ | |
127 assert_select 'input[name=username][value=admin]' | |
128 assert_select 'input[name=password]' | |
129 assert_select 'input[name=password][value]', 0 | |
130 end | |
131 | |
132 def test_login_with_locked_account_should_fail | |
133 User.find(2).update_attribute :status, User::STATUS_LOCKED | |
134 | |
135 post :login, :username => 'jsmith', :password => 'jsmith' | |
136 assert_redirected_to '/login' | |
137 assert_include 'locked', flash[:error] | |
138 assert_nil @request.session[:user_id] | |
139 end | |
140 | |
141 def test_login_as_registered_user_with_manual_activation_should_inform_user | |
142 User.find(2).update_attribute :status, User::STATUS_REGISTERED | |
143 | |
144 with_settings :self_registration => '2', :default_language => 'en' do | |
145 post :login, :username => 'jsmith', :password => 'jsmith' | |
146 assert_redirected_to '/login' | |
147 assert_include 'pending administrator approval', flash[:error] | |
148 end | |
149 end | |
150 | |
151 def test_login_as_registered_user_with_email_activation_should_propose_new_activation_email | |
152 User.find(2).update_attribute :status, User::STATUS_REGISTERED | |
153 | |
154 with_settings :self_registration => '1', :default_language => 'en' do | |
155 post :login, :username => 'jsmith', :password => 'jsmith' | |
156 assert_redirected_to '/login' | |
157 assert_equal 2, @request.session[:registered_user_id] | |
158 assert_include 'new activation email', flash[:error] | |
159 end | |
160 end | |
161 | |
162 def test_login_should_rescue_auth_source_exception | |
163 source = AuthSource.create!(:name => 'Test') | |
164 User.find(2).update_attribute :auth_source_id, source.id | |
165 AuthSource.any_instance.stubs(:authenticate).raises(AuthSourceException.new("Something wrong")) | |
166 | |
167 post :login, :username => 'jsmith', :password => 'jsmith' | |
168 assert_response 500 | |
169 assert_error_tag :content => /Something wrong/ | |
170 end | |
171 | |
172 def test_login_should_reset_session | |
173 @controller.expects(:reset_session).once | |
174 | |
175 post :login, :username => 'jsmith', :password => 'jsmith' | |
176 assert_response 302 | |
177 end | |
178 | |
179 def test_get_logout_should_not_logout | |
180 @request.session[:user_id] = 2 | |
181 get :logout | |
182 assert_response :success | |
183 assert_template 'logout' | |
184 | |
185 assert_equal 2, @request.session[:user_id] | |
186 end | |
187 | |
188 def test_get_logout_with_anonymous_should_redirect | |
189 get :logout | |
190 assert_redirected_to '/' | |
191 end | |
192 | |
193 def test_logout | |
194 @request.session[:user_id] = 2 | |
195 post :logout | |
196 assert_redirected_to '/' | |
197 assert_nil @request.session[:user_id] | |
198 end | |
199 | |
200 def test_logout_should_reset_session | |
201 @controller.expects(:reset_session).once | |
202 | |
203 @request.session[:user_id] = 2 | |
204 post :logout | |
205 assert_response 302 | |
206 end | |
207 | |
208 def test_get_register_with_registration_on | |
209 with_settings :self_registration => '3' do | |
210 get :register | |
211 assert_response :success | |
212 assert_template 'register' | |
213 assert_not_nil assigns(:user) | |
214 | |
215 assert_select 'input[name=?]', 'user[password]' | |
216 assert_select 'input[name=?]', 'user[password_confirmation]' | |
217 end | |
218 end | |
219 | |
220 def test_get_register_should_detect_user_language | |
221 with_settings :self_registration => '3' do | |
222 @request.env['HTTP_ACCEPT_LANGUAGE'] = 'fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3' | |
223 get :register | |
224 assert_response :success | |
225 assert_not_nil assigns(:user) | |
226 assert_equal 'fr', assigns(:user).language | |
227 assert_select 'select[name=?]', 'user[language]' do | |
228 assert_select 'option[value=fr][selected=selected]' | |
229 end | |
230 end | |
231 end | |
232 | |
233 def test_get_register_with_registration_off_should_redirect | |
234 with_settings :self_registration => '0' do | |
235 get :register | |
236 assert_redirected_to '/' | |
237 end | |
238 end | |
239 | |
240 # See integration/account_test.rb for the full test | |
241 def test_post_register_with_registration_on | |
242 with_settings :self_registration => '3' do | |
243 assert_difference 'User.count' do | |
244 post :register, :user => { | |
245 :login => 'register', | |
246 :password => 'secret123', | |
247 :password_confirmation => 'secret123', | |
248 :firstname => 'John', | |
249 :lastname => 'Doe', | |
250 :mail => 'register@example.com' | |
251 } | |
252 assert_redirected_to '/my/account' | |
253 end | |
254 user = User.order('id DESC').first | |
255 assert_equal 'register', user.login | |
256 assert_equal 'John', user.firstname | |
257 assert_equal 'Doe', user.lastname | |
258 assert_equal 'register@example.com', user.mail | |
259 assert user.check_password?('secret123') | |
260 assert user.active? | |
261 end | |
262 end | |
263 | |
264 def test_post_register_with_registration_off_should_redirect | |
265 with_settings :self_registration => '0' do | |
266 assert_no_difference 'User.count' do | |
267 post :register, :user => { | |
268 :login => 'register', | |
269 :password => 'test', | |
270 :password_confirmation => 'test', | |
271 :firstname => 'John', | |
272 :lastname => 'Doe', | |
273 :mail => 'register@example.com' | |
274 } | |
275 assert_redirected_to '/' | |
276 end | |
277 end | |
278 end | |
279 | |
280 def test_get_lost_password_should_display_lost_password_form | |
281 get :lost_password | |
282 assert_response :success | |
283 assert_select 'input[name=mail]' | |
284 end | |
285 | |
286 def test_lost_password_for_active_user_should_create_a_token | |
287 Token.delete_all | |
288 ActionMailer::Base.deliveries.clear | |
289 assert_difference 'ActionMailer::Base.deliveries.size' do | |
290 assert_difference 'Token.count' do | |
291 with_settings :host_name => 'mydomain.foo', :protocol => 'http' do | |
292 post :lost_password, :mail => 'JSmith@somenet.foo' | |
293 assert_redirected_to '/login' | |
294 end | |
295 end | |
296 end | |
297 | |
298 token = Token.order('id DESC').first | |
299 assert_equal User.find(2), token.user | |
300 assert_equal 'recovery', token.action | |
301 | |
302 assert_select_email do | |
303 assert_select "a[href=?]", "http://mydomain.foo/account/lost_password?token=#{token.value}" | |
304 end | |
305 end | |
306 | |
307 def test_lost_password_for_unknown_user_should_fail | |
308 Token.delete_all | |
309 assert_no_difference 'Token.count' do | |
310 post :lost_password, :mail => 'invalid@somenet.foo' | |
311 assert_response :success | |
312 end | |
313 end | |
314 | |
315 def test_lost_password_for_non_active_user_should_fail | |
316 Token.delete_all | |
317 assert User.find(2).lock! | |
318 | |
319 assert_no_difference 'Token.count' do | |
320 post :lost_password, :mail => 'JSmith@somenet.foo' | |
321 assert_redirected_to '/account/lost_password' | |
322 end | |
323 end | |
324 | |
325 def test_lost_password_for_user_who_cannot_change_password_should_fail | |
326 User.any_instance.stubs(:change_password_allowed?).returns(false) | |
327 | |
328 assert_no_difference 'Token.count' do | |
329 post :lost_password, :mail => 'JSmith@somenet.foo' | |
330 assert_response :success | |
331 end | |
332 end | |
333 | |
334 def test_get_lost_password_with_token_should_display_the_password_recovery_form | |
335 user = User.find(2) | |
336 token = Token.create!(:action => 'recovery', :user => user) | |
337 | |
338 get :lost_password, :token => token.value | |
339 assert_response :success | |
340 assert_template 'password_recovery' | |
341 | |
342 assert_select 'input[type=hidden][name=token][value=?]', token.value | |
343 end | |
344 | |
345 def test_get_lost_password_with_invalid_token_should_redirect | |
346 get :lost_password, :token => "abcdef" | |
347 assert_redirected_to '/' | |
348 end | |
349 | |
350 def test_post_lost_password_with_token_should_change_the_user_password | |
351 user = User.find(2) | |
352 token = Token.create!(:action => 'recovery', :user => user) | |
353 | |
354 post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123' | |
355 assert_redirected_to '/login' | |
356 user.reload | |
357 assert user.check_password?('newpass123') | |
358 assert_nil Token.find_by_id(token.id), "Token was not deleted" | |
359 end | |
360 | |
361 def test_post_lost_password_with_token_for_non_active_user_should_fail | |
362 user = User.find(2) | |
363 token = Token.create!(:action => 'recovery', :user => user) | |
364 user.lock! | |
365 | |
366 post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123' | |
367 assert_redirected_to '/' | |
368 assert ! user.check_password?('newpass123') | |
369 end | |
370 | |
371 def test_post_lost_password_with_token_and_password_confirmation_failure_should_redisplay_the_form | |
372 user = User.find(2) | |
373 token = Token.create!(:action => 'recovery', :user => user) | |
374 | |
375 post :lost_password, :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'wrongpass' | |
376 assert_response :success | |
377 assert_template 'password_recovery' | |
378 assert_not_nil Token.find_by_id(token.id), "Token was deleted" | |
379 | |
380 assert_select 'input[type=hidden][name=token][value=?]', token.value | |
381 end | |
382 | |
383 def test_post_lost_password_with_invalid_token_should_redirect | |
384 post :lost_password, :token => "abcdef", :new_password => 'newpass', :new_password_confirmation => 'newpass' | |
385 assert_redirected_to '/' | |
386 end | |
387 | |
388 def test_activation_email_should_send_an_activation_email | |
389 User.find(2).update_attribute :status, User::STATUS_REGISTERED | |
390 @request.session[:registered_user_id] = 2 | |
391 | |
392 with_settings :self_registration => '1' do | |
393 assert_difference 'ActionMailer::Base.deliveries.size' do | |
394 get :activation_email | |
395 assert_redirected_to '/login' | |
396 end | |
397 end | |
398 end | |
399 | |
400 def test_activation_email_without_session_data_should_fail | |
401 User.find(2).update_attribute :status, User::STATUS_REGISTERED | |
402 | |
403 with_settings :self_registration => '1' do | |
404 assert_no_difference 'ActionMailer::Base.deliveries.size' do | |
405 get :activation_email | |
406 assert_redirected_to '/' | |
407 end | |
408 end | |
409 end | |
410 end |