Mercurial > hg > soundsoftware-site
diff test/functional/account_controller_test.rb @ 1526:404aa68d4227
Merge from live branch
| author | Chris Cannam |
|---|---|
| date | Thu, 11 Sep 2014 12:46:20 +0100 |
| parents | dffacf8a6908 |
| children |
line wrap: on
line diff
--- a/test/functional/account_controller_test.rb Mon Mar 17 08:57:04 2014 +0000 +++ b/test/functional/account_controller_test.rb Thu Sep 11 12:46:20 2014 +0100 @@ -1,5 +1,5 @@ # Redmine - project management software -# Copyright (C) 2006-2012 Jean-Philippe Lang +# Copyright (C) 2006-2014 Jean-Philippe Lang # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -16,18 +16,11 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. require File.expand_path('../../test_helper', __FILE__) -require 'account_controller' - -# Re-raise errors caught by the controller. -class AccountController; def rescue_action(e) raise e end; end class AccountControllerTest < ActionController::TestCase fixtures :users, :roles def setup - @controller = AccountController.new - @request = ActionController::TestRequest.new - @response = ActionController::TestResponse.new User.current = nil end @@ -40,15 +33,89 @@ assert_select 'input[name=password]' end + def test_get_login_while_logged_in_should_redirect_to_back_url_if_present + @request.session[:user_id] = 2 + @request.env["HTTP_REFERER"] = 'http://test.host/issues/show/1' + + get :login, :back_url => 'http://test.host/issues/show/1' + assert_redirected_to '/issues/show/1' + assert_equal 2, @request.session[:user_id] + end + + def test_get_login_while_logged_in_should_redirect_to_referer_without_back_url + @request.session[:user_id] = 2 + @request.env["HTTP_REFERER"] = 'http://test.host/issues/show/1' + + get :login + assert_redirected_to '/issues/show/1' + assert_equal 2, @request.session[:user_id] + end + + def test_get_login_while_logged_in_should_redirect_to_home_by_default + @request.session[:user_id] = 2 + + get :login + assert_redirected_to '/' + assert_equal 2, @request.session[:user_id] + end + def test_login_should_redirect_to_back_url_param # request.uri is "test.host" in test environment - post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.host/issues/show/1' - assert_redirected_to '/issues/show/1' + back_urls = [ + 'http://test.host/issues/show/1', + '/' + ] + back_urls.each do |back_url| + post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url + assert_redirected_to back_url + end + end + + def test_login_with_suburi_should_redirect_to_back_url_param + @relative_url_root = ApplicationController.relative_url_root + ApplicationController.relative_url_root = '/redmine' + + back_urls = [ + 'http://test.host/redmine/issues/show/1', + '/redmine' + ] + back_urls.each do |back_url| + post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url + assert_redirected_to back_url + end + ensure + ApplicationController.relative_url_root = @relative_url_root end def test_login_should_not_redirect_to_another_host - post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.foo/fake' - assert_redirected_to '/my/page' + back_urls = [ + 'http://test.foo/fake', + '//test.foo/fake' + ] + back_urls.each do |back_url| + post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url + assert_redirected_to '/my/page' + end + end + + def test_login_with_suburi_should_not_redirect_to_another_suburi + @relative_url_root = ApplicationController.relative_url_root + ApplicationController.relative_url_root = '/redmine' + + back_urls = [ + 'http://test.host/', + 'http://test.host/fake', + 'http://test.host/fake/issues', + 'http://test.host/redmine/../fake', + 'http://test.host/redmine/../fake/issues', + 'http://test.host/redmine/%2e%2e/fake' + ] + back_urls.each do |back_url| + post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url + assert_redirected_to '/my/page' + end + ensure + ApplicationController.relative_url_root = @relative_url_root end def test_login_with_wrong_password @@ -62,6 +129,36 @@ assert_select 'input[name=password][value]', 0 end + def test_login_with_locked_account_should_fail + User.find(2).update_attribute :status, User::STATUS_LOCKED + + post :login, :username => 'jsmith', :password => 'jsmith' + assert_redirected_to '/login' + assert_include 'locked', flash[:error] + assert_nil @request.session[:user_id] + end + + def test_login_as_registered_user_with_manual_activation_should_inform_user + User.find(2).update_attribute :status, User::STATUS_REGISTERED + + with_settings :self_registration => '2', :default_language => 'en' do + post :login, :username => 'jsmith', :password => 'jsmith' + assert_redirected_to '/login' + assert_include 'pending administrator approval', flash[:error] + end + end + + def test_login_as_registered_user_with_email_activation_should_propose_new_activation_email + User.find(2).update_attribute :status, User::STATUS_REGISTERED + + with_settings :self_registration => '1', :default_language => 'en' do + post :login, :username => 'jsmith', :password => 'jsmith' + assert_redirected_to '/login' + assert_equal 2, @request.session[:registered_user_id] + assert_include 'new activation email', flash[:error] + end + end + def test_login_should_rescue_auth_source_exception source = AuthSource.create!(:name => 'Test') User.find(2).update_attribute :auth_source_id, source.id @@ -79,9 +176,23 @@ assert_response 302 end + def test_get_logout_should_not_logout + @request.session[:user_id] = 2 + get :logout + assert_response :success + assert_template 'logout' + + assert_equal 2, @request.session[:user_id] + end + + def test_get_logout_with_anonymous_should_redirect + get :logout + assert_redirected_to '/' + end + def test_logout @request.session[:user_id] = 2 - get :logout + post :logout assert_redirected_to '/' assert_nil @request.session[:user_id] end @@ -90,7 +201,7 @@ @controller.expects(:reset_session).once @request.session[:user_id] = 2 - get :logout + post :logout assert_response 302 end @@ -101,8 +212,21 @@ assert_template 'register' assert_not_nil assigns(:user) - assert_tag 'input', :attributes => {:name => 'user[password]'} - assert_tag 'input', :attributes => {:name => 'user[password_confirmation]'} + assert_select 'input[name=?]', 'user[password]' + assert_select 'input[name=?]', 'user[password_confirmation]' + end + end + + def test_get_register_should_detect_user_language + with_settings :self_registration => '3' do + @request.env['HTTP_ACCEPT_LANGUAGE'] = 'fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3' + get :register + assert_response :success + assert_not_nil assigns(:user) + assert_equal 'fr', assigns(:user).language + assert_select 'select[name=?]', 'user[language]' do + assert_select 'option[value=fr][selected=selected]' + end end end @@ -127,7 +251,7 @@ } assert_redirected_to '/my/account' end - user = User.first(:order => 'id DESC') + user = User.order('id DESC').first assert_equal 'register', user.login assert_equal 'John', user.firstname assert_equal 'Doe', user.lastname @@ -194,6 +318,15 @@ assert_no_difference 'Token.count' do post :lost_password, :mail => 'JSmith@somenet.foo' + assert_redirected_to '/account/lost_password' + end + end + + def test_lost_password_for_user_who_cannot_change_password_should_fail + User.any_instance.stubs(:change_password_allowed?).returns(false) + + assert_no_difference 'Token.count' do + post :lost_password, :mail => 'JSmith@somenet.foo' assert_response :success end end @@ -251,4 +384,27 @@ post :lost_password, :token => "abcdef", :new_password => 'newpass', :new_password_confirmation => 'newpass' assert_redirected_to '/' end + + def test_activation_email_should_send_an_activation_email + User.find(2).update_attribute :status, User::STATUS_REGISTERED + @request.session[:registered_user_id] = 2 + + with_settings :self_registration => '1' do + assert_difference 'ActionMailer::Base.deliveries.size' do + get :activation_email + assert_redirected_to '/login' + end + end + end + + def test_activation_email_without_session_data_should_fail + User.find(2).update_attribute :status, User::STATUS_REGISTERED + + with_settings :self_registration => '1' do + assert_no_difference 'ActionMailer::Base.deliveries.size' do + get :activation_email + assert_redirected_to '/' + end + end + end end