comparison .svn/pristine/c5/c5174ec087843933ec7faabc4ea89143a776e91a.svn-base @ 1517:dffacf8a6908 redmine-2.5

Update to Redmine SVN revision 13367 on 2.5-stable branch
author Chris Cannam
date Tue, 09 Sep 2014 09:29:00 +0100
parents
children
comparison
equal deleted inserted replaced
1516:b450a9d58aed 1517:dffacf8a6908
1 # Redmine - project management software
2 # Copyright (C) 2006-2014 Jean-Philippe Lang
3 #
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
18 require File.expand_path('../../test_helper', __FILE__)
19
20 class AccountControllerTest < ActionController::TestCase
21 fixtures :users, :roles
22
23 def setup
24 User.current = nil
25 end
26
27 def test_get_login
28 get :login
29 assert_response :success
30 assert_template 'login'
31
32 assert_select 'input[name=username]'
33 assert_select 'input[name=password]'
34 end
35
36 def test_get_login_while_logged_in_should_redirect_to_back_url_if_present
37 @request.session[:user_id] = 2
38 @request.env["HTTP_REFERER"] = 'http://test.host/issues/show/1'
39
40 get :login, :back_url => 'http://test.host/issues/show/1'
41 assert_redirected_to '/issues/show/1'
42 assert_equal 2, @request.session[:user_id]
43 end
44
45 def test_get_login_while_logged_in_should_redirect_to_referer_without_back_url
46 @request.session[:user_id] = 2
47 @request.env["HTTP_REFERER"] = 'http://test.host/issues/show/1'
48
49 get :login
50 assert_redirected_to '/issues/show/1'
51 assert_equal 2, @request.session[:user_id]
52 end
53
54 def test_get_login_while_logged_in_should_redirect_to_home_by_default
55 @request.session[:user_id] = 2
56
57 get :login
58 assert_redirected_to '/'
59 assert_equal 2, @request.session[:user_id]
60 end
61
62 def test_login_should_redirect_to_back_url_param
63 # request.uri is "test.host" in test environment
64 back_urls = [
65 'http://test.host/issues/show/1',
66 '/'
67 ]
68 back_urls.each do |back_url|
69 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
70 assert_redirected_to back_url
71 end
72 end
73
74 def test_login_with_suburi_should_redirect_to_back_url_param
75 @relative_url_root = ApplicationController.relative_url_root
76 ApplicationController.relative_url_root = '/redmine'
77
78 back_urls = [
79 'http://test.host/redmine/issues/show/1',
80 '/redmine'
81 ]
82 back_urls.each do |back_url|
83 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
84 assert_redirected_to back_url
85 end
86 ensure
87 ApplicationController.relative_url_root = @relative_url_root
88 end
89
90 def test_login_should_not_redirect_to_another_host
91 back_urls = [
92 'http://test.foo/fake',
93 '//test.foo/fake'
94 ]
95 back_urls.each do |back_url|
96 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
97 assert_redirected_to '/my/page'
98 end
99 end
100
101 def test_login_with_suburi_should_not_redirect_to_another_suburi
102 @relative_url_root = ApplicationController.relative_url_root
103 ApplicationController.relative_url_root = '/redmine'
104
105 back_urls = [
106 'http://test.host/',
107 'http://test.host/fake',
108 'http://test.host/fake/issues',
109 'http://test.host/redmine/../fake',
110 'http://test.host/redmine/../fake/issues',
111 'http://test.host/redmine/%2e%2e/fake'
112 ]
113 back_urls.each do |back_url|
114 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url
115 assert_redirected_to '/my/page'
116 end
117 ensure
118 ApplicationController.relative_url_root = @relative_url_root
119 end
120
121 def test_login_with_wrong_password
122 post :login, :username => 'admin', :password => 'bad'
123 assert_response :success
124 assert_template 'login'
125
126 assert_select 'div.flash.error', :text => /Invalid user or password/
127 assert_select 'input[name=username][value=admin]'
128 assert_select 'input[name=password]'
129 assert_select 'input[name=password][value]', 0
130 end
131
132 def test_login_with_locked_account_should_fail
133 User.find(2).update_attribute :status, User::STATUS_LOCKED
134
135 post :login, :username => 'jsmith', :password => 'jsmith'
136 assert_redirected_to '/login'
137 assert_include 'locked', flash[:error]
138 assert_nil @request.session[:user_id]
139 end
140
141 def test_login_as_registered_user_with_manual_activation_should_inform_user
142 User.find(2).update_attribute :status, User::STATUS_REGISTERED
143
144 with_settings :self_registration => '2', :default_language => 'en' do
145 post :login, :username => 'jsmith', :password => 'jsmith'
146 assert_redirected_to '/login'
147 assert_include 'pending administrator approval', flash[:error]
148 end
149 end
150
151 def test_login_as_registered_user_with_email_activation_should_propose_new_activation_email
152 User.find(2).update_attribute :status, User::STATUS_REGISTERED
153
154 with_settings :self_registration => '1', :default_language => 'en' do
155 post :login, :username => 'jsmith', :password => 'jsmith'
156 assert_redirected_to '/login'
157 assert_equal 2, @request.session[:registered_user_id]
158 assert_include 'new activation email', flash[:error]
159 end
160 end
161
162 def test_login_should_rescue_auth_source_exception
163 source = AuthSource.create!(:name => 'Test')
164 User.find(2).update_attribute :auth_source_id, source.id
165 AuthSource.any_instance.stubs(:authenticate).raises(AuthSourceException.new("Something wrong"))
166
167 post :login, :username => 'jsmith', :password => 'jsmith'
168 assert_response 500
169 assert_error_tag :content => /Something wrong/
170 end
171
172 def test_login_should_reset_session
173 @controller.expects(:reset_session).once
174
175 post :login, :username => 'jsmith', :password => 'jsmith'
176 assert_response 302
177 end
178
179 def test_get_logout_should_not_logout
180 @request.session[:user_id] = 2
181 get :logout
182 assert_response :success
183 assert_template 'logout'
184
185 assert_equal 2, @request.session[:user_id]
186 end
187
188 def test_get_logout_with_anonymous_should_redirect
189 get :logout
190 assert_redirected_to '/'
191 end
192
193 def test_logout
194 @request.session[:user_id] = 2
195 post :logout
196 assert_redirected_to '/'
197 assert_nil @request.session[:user_id]
198 end
199
200 def test_logout_should_reset_session
201 @controller.expects(:reset_session).once
202
203 @request.session[:user_id] = 2
204 post :logout
205 assert_response 302
206 end
207
208 def test_get_register_with_registration_on
209 with_settings :self_registration => '3' do
210 get :register
211 assert_response :success
212 assert_template 'register'
213 assert_not_nil assigns(:user)
214
215 assert_select 'input[name=?]', 'user[password]'
216 assert_select 'input[name=?]', 'user[password_confirmation]'
217 end
218 end
219
220 def test_get_register_should_detect_user_language
221 with_settings :self_registration => '3' do
222 @request.env['HTTP_ACCEPT_LANGUAGE'] = 'fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3'
223 get :register
224 assert_response :success
225 assert_not_nil assigns(:user)
226 assert_equal 'fr', assigns(:user).language
227 assert_select 'select[name=?]', 'user[language]' do
228 assert_select 'option[value=fr][selected=selected]'
229 end
230 end
231 end
232
233 def test_get_register_with_registration_off_should_redirect
234 with_settings :self_registration => '0' do
235 get :register
236 assert_redirected_to '/'
237 end
238 end
239
240 # See integration/account_test.rb for the full test
241 def test_post_register_with_registration_on
242 with_settings :self_registration => '3' do
243 assert_difference 'User.count' do
244 post :register, :user => {
245 :login => 'register',
246 :password => 'secret123',
247 :password_confirmation => 'secret123',
248 :firstname => 'John',
249 :lastname => 'Doe',
250 :mail => 'register@example.com'
251 }
252 assert_redirected_to '/my/account'
253 end
254 user = User.order('id DESC').first
255 assert_equal 'register', user.login
256 assert_equal 'John', user.firstname
257 assert_equal 'Doe', user.lastname
258 assert_equal 'register@example.com', user.mail
259 assert user.check_password?('secret123')
260 assert user.active?
261 end
262 end
263
264 def test_post_register_with_registration_off_should_redirect
265 with_settings :self_registration => '0' do
266 assert_no_difference 'User.count' do
267 post :register, :user => {
268 :login => 'register',
269 :password => 'test',
270 :password_confirmation => 'test',
271 :firstname => 'John',
272 :lastname => 'Doe',
273 :mail => 'register@example.com'
274 }
275 assert_redirected_to '/'
276 end
277 end
278 end
279
280 def test_get_lost_password_should_display_lost_password_form
281 get :lost_password
282 assert_response :success
283 assert_select 'input[name=mail]'
284 end
285
286 def test_lost_password_for_active_user_should_create_a_token
287 Token.delete_all
288 ActionMailer::Base.deliveries.clear
289 assert_difference 'ActionMailer::Base.deliveries.size' do
290 assert_difference 'Token.count' do
291 with_settings :host_name => 'mydomain.foo', :protocol => 'http' do
292 post :lost_password, :mail => 'JSmith@somenet.foo'
293 assert_redirected_to '/login'
294 end
295 end
296 end
297
298 token = Token.order('id DESC').first
299 assert_equal User.find(2), token.user
300 assert_equal 'recovery', token.action
301
302 assert_select_email do
303 assert_select "a[href=?]", "http://mydomain.foo/account/lost_password?token=#{token.value}"
304 end
305 end
306
307 def test_lost_password_for_unknown_user_should_fail
308 Token.delete_all
309 assert_no_difference 'Token.count' do
310 post :lost_password, :mail => 'invalid@somenet.foo'
311 assert_response :success
312 end
313 end
314
315 def test_lost_password_for_non_active_user_should_fail
316 Token.delete_all
317 assert User.find(2).lock!
318
319 assert_no_difference 'Token.count' do
320 post :lost_password, :mail => 'JSmith@somenet.foo'
321 assert_redirected_to '/account/lost_password'
322 end
323 end
324
325 def test_lost_password_for_user_who_cannot_change_password_should_fail
326 User.any_instance.stubs(:change_password_allowed?).returns(false)
327
328 assert_no_difference 'Token.count' do
329 post :lost_password, :mail => 'JSmith@somenet.foo'
330 assert_response :success
331 end
332 end
333
334 def test_get_lost_password_with_token_should_display_the_password_recovery_form
335 user = User.find(2)
336 token = Token.create!(:action => 'recovery', :user => user)
337
338 get :lost_password, :token => token.value
339 assert_response :success
340 assert_template 'password_recovery'
341
342 assert_select 'input[type=hidden][name=token][value=?]', token.value
343 end
344
345 def test_get_lost_password_with_invalid_token_should_redirect
346 get :lost_password, :token => "abcdef"
347 assert_redirected_to '/'
348 end
349
350 def test_post_lost_password_with_token_should_change_the_user_password
351 user = User.find(2)
352 token = Token.create!(:action => 'recovery', :user => user)
353
354 post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123'
355 assert_redirected_to '/login'
356 user.reload
357 assert user.check_password?('newpass123')
358 assert_nil Token.find_by_id(token.id), "Token was not deleted"
359 end
360
361 def test_post_lost_password_with_token_for_non_active_user_should_fail
362 user = User.find(2)
363 token = Token.create!(:action => 'recovery', :user => user)
364 user.lock!
365
366 post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123'
367 assert_redirected_to '/'
368 assert ! user.check_password?('newpass123')
369 end
370
371 def test_post_lost_password_with_token_and_password_confirmation_failure_should_redisplay_the_form
372 user = User.find(2)
373 token = Token.create!(:action => 'recovery', :user => user)
374
375 post :lost_password, :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'wrongpass'
376 assert_response :success
377 assert_template 'password_recovery'
378 assert_not_nil Token.find_by_id(token.id), "Token was deleted"
379
380 assert_select 'input[type=hidden][name=token][value=?]', token.value
381 end
382
383 def test_post_lost_password_with_invalid_token_should_redirect
384 post :lost_password, :token => "abcdef", :new_password => 'newpass', :new_password_confirmation => 'newpass'
385 assert_redirected_to '/'
386 end
387
388 def test_activation_email_should_send_an_activation_email
389 User.find(2).update_attribute :status, User::STATUS_REGISTERED
390 @request.session[:registered_user_id] = 2
391
392 with_settings :self_registration => '1' do
393 assert_difference 'ActionMailer::Base.deliveries.size' do
394 get :activation_email
395 assert_redirected_to '/login'
396 end
397 end
398 end
399
400 def test_activation_email_without_session_data_should_fail
401 User.find(2).update_attribute :status, User::STATUS_REGISTERED
402
403 with_settings :self_registration => '1' do
404 assert_no_difference 'ActionMailer::Base.deliveries.size' do
405 get :activation_email
406 assert_redirected_to '/'
407 end
408 end
409 end
410 end