Chris@1494: # Redmine - project management software Chris@1494: # Copyright (C) 2006-2014 Jean-Philippe Lang Chris@1494: # Chris@1494: # This program is free software; you can redistribute it and/or Chris@1494: # modify it under the terms of the GNU General Public License Chris@1494: # as published by the Free Software Foundation; either version 2 Chris@1494: # of the License, or (at your option) any later version. Chris@1494: # Chris@1494: # This program is distributed in the hope that it will be useful, Chris@1494: # but WITHOUT ANY WARRANTY; without even the implied warranty of Chris@1494: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Chris@1494: # GNU General Public License for more details. Chris@1494: # Chris@1494: # You should have received a copy of the GNU General Public License Chris@1494: # along with this program; if not, write to the Free Software Chris@1494: # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Chris@1494: Chris@1494: require File.expand_path('../../test_helper', __FILE__) Chris@1494: Chris@1494: begin Chris@1494: require 'mocha/setup' Chris@1494: rescue Chris@1494: # Won't run some tests Chris@1494: end Chris@1494: Chris@1494: class AccountTest < ActionController::IntegrationTest Chris@1494: fixtures :users, :roles Chris@1494: Chris@1494: # Replace this with your real tests. Chris@1494: def test_login Chris@1494: get "my/page" Chris@1494: assert_redirected_to "/login?back_url=http%3A%2F%2Fwww.example.com%2Fmy%2Fpage" Chris@1494: log_user('jsmith', 'jsmith') Chris@1494: Chris@1494: get "my/account" Chris@1494: assert_response :success Chris@1494: assert_template "my/account" Chris@1494: end Chris@1494: Chris@1494: def test_autologin Chris@1494: user = User.find(1) Chris@1494: Setting.autologin = "7" Chris@1494: Token.delete_all Chris@1494: Chris@1494: # User logs in with 'autologin' checked Chris@1494: post '/login', :username => user.login, :password => 'admin', :autologin => 1 Chris@1494: assert_redirected_to '/my/page' Chris@1494: token = Token.first Chris@1494: assert_not_nil token Chris@1494: assert_equal user, token.user Chris@1494: assert_equal 'autologin', token.action Chris@1494: assert_equal user.id, session[:user_id] Chris@1494: assert_equal token.value, cookies['autologin'] Chris@1494: Chris@1494: # Session is cleared Chris@1494: reset! Chris@1494: User.current = nil Chris@1494: # Clears user's last login timestamp Chris@1494: user.update_attribute :last_login_on, nil Chris@1494: assert_nil user.reload.last_login_on Chris@1494: Chris@1494: # User comes back with user's autologin cookie Chris@1494: cookies[:autologin] = token.value Chris@1494: get '/my/page' Chris@1494: assert_response :success Chris@1494: assert_template 'my/page' Chris@1494: assert_equal user.id, session[:user_id] Chris@1494: assert_not_nil user.reload.last_login_on Chris@1494: end Chris@1494: Chris@1494: def test_autologin_should_use_autologin_cookie_name Chris@1494: Token.delete_all Chris@1494: Redmine::Configuration.stubs(:[]).with('autologin_cookie_name').returns('custom_autologin') Chris@1494: Redmine::Configuration.stubs(:[]).with('autologin_cookie_path').returns('/') Chris@1494: Redmine::Configuration.stubs(:[]).with('autologin_cookie_secure').returns(false) Chris@1494: Chris@1494: with_settings :autologin => '7' do Chris@1494: assert_difference 'Token.count' do Chris@1494: post '/login', :username => 'admin', :password => 'admin', :autologin => 1 Chris@1494: end Chris@1494: assert_response 302 Chris@1494: assert cookies['custom_autologin'].present? Chris@1494: token = cookies['custom_autologin'] Chris@1494: Chris@1494: # Session is cleared Chris@1494: reset! Chris@1494: cookies['custom_autologin'] = token Chris@1494: get '/my/page' Chris@1494: assert_response :success Chris@1494: Chris@1494: assert_difference 'Token.count', -1 do Chris@1494: post '/logout' Chris@1494: end Chris@1494: assert cookies['custom_autologin'].blank? Chris@1494: end Chris@1494: end Chris@1494: Chris@1494: def test_lost_password Chris@1494: Token.delete_all Chris@1494: Chris@1494: get "account/lost_password" Chris@1494: assert_response :success Chris@1494: assert_template "account/lost_password" Chris@1494: assert_select 'input[name=mail]' Chris@1494: Chris@1494: post "account/lost_password", :mail => 'jSmith@somenet.foo' Chris@1494: assert_redirected_to "/login" Chris@1494: Chris@1494: token = Token.first Chris@1494: assert_equal 'recovery', token.action Chris@1494: assert_equal 'jsmith@somenet.foo', token.user.mail Chris@1494: assert !token.expired? Chris@1494: Chris@1494: get "account/lost_password", :token => token.value Chris@1494: assert_response :success Chris@1494: assert_template "account/password_recovery" Chris@1494: assert_select 'input[type=hidden][name=token][value=?]', token.value Chris@1494: assert_select 'input[name=new_password]' Chris@1494: assert_select 'input[name=new_password_confirmation]' Chris@1494: Chris@1494: post "account/lost_password", Chris@1494: :token => token.value, :new_password => 'newpass123', Chris@1494: :new_password_confirmation => 'newpass123' Chris@1494: assert_redirected_to "/login" Chris@1494: assert_equal 'Password was successfully updated.', flash[:notice] Chris@1494: Chris@1494: log_user('jsmith', 'newpass123') Chris@1494: assert_equal 0, Token.count Chris@1494: end Chris@1494: Chris@1494: def test_user_with_must_change_passwd_should_be_forced_to_change_its_password Chris@1494: User.find_by_login('jsmith').update_attribute :must_change_passwd, true Chris@1494: Chris@1494: post '/login', :username => 'jsmith', :password => 'jsmith' Chris@1494: assert_redirected_to '/my/page' Chris@1494: follow_redirect! Chris@1494: assert_redirected_to '/my/password' Chris@1494: Chris@1494: get '/issues' Chris@1494: assert_redirected_to '/my/password' Chris@1494: end Chris@1494: Chris@1494: def test_user_with_must_change_passwd_should_be_able_to_change_its_password Chris@1494: User.find_by_login('jsmith').update_attribute :must_change_passwd, true Chris@1494: Chris@1494: post '/login', :username => 'jsmith', :password => 'jsmith' Chris@1494: assert_redirected_to '/my/page' Chris@1494: follow_redirect! Chris@1494: assert_redirected_to '/my/password' Chris@1494: follow_redirect! Chris@1494: assert_response :success Chris@1494: post '/my/password', :password => 'jsmith', :new_password => 'newpassword', :new_password_confirmation => 'newpassword' Chris@1494: assert_redirected_to '/my/account' Chris@1494: follow_redirect! Chris@1494: assert_response :success Chris@1494: Chris@1494: assert_equal false, User.find_by_login('jsmith').must_change_passwd? Chris@1494: end Chris@1494: Chris@1494: def test_register_with_automatic_activation Chris@1494: Setting.self_registration = '3' Chris@1494: Chris@1494: get 'account/register' Chris@1494: assert_response :success Chris@1494: assert_template 'account/register' Chris@1494: Chris@1494: post 'account/register', Chris@1494: :user => {:login => "newuser", :language => "en", Chris@1494: :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar", Chris@1494: :password => "newpass123", :password_confirmation => "newpass123"} Chris@1494: assert_redirected_to '/my/account' Chris@1494: follow_redirect! Chris@1494: assert_response :success Chris@1494: assert_template 'my/account' Chris@1494: Chris@1494: user = User.find_by_login('newuser') Chris@1494: assert_not_nil user Chris@1494: assert user.active? Chris@1494: assert_not_nil user.last_login_on Chris@1494: end Chris@1494: Chris@1494: def test_register_with_manual_activation Chris@1494: Setting.self_registration = '2' Chris@1494: Chris@1494: post 'account/register', Chris@1494: :user => {:login => "newuser", :language => "en", Chris@1494: :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar", Chris@1494: :password => "newpass123", :password_confirmation => "newpass123"} Chris@1494: assert_redirected_to '/login' Chris@1494: assert !User.find_by_login('newuser').active? Chris@1494: end Chris@1494: Chris@1494: def test_register_with_email_activation Chris@1494: Setting.self_registration = '1' Chris@1494: Token.delete_all Chris@1494: Chris@1494: post 'account/register', Chris@1494: :user => {:login => "newuser", :language => "en", Chris@1494: :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar", Chris@1494: :password => "newpass123", :password_confirmation => "newpass123"} Chris@1494: assert_redirected_to '/login' Chris@1494: assert !User.find_by_login('newuser').active? Chris@1494: Chris@1494: token = Token.first Chris@1494: assert_equal 'register', token.action Chris@1494: assert_equal 'newuser@foo.bar', token.user.mail Chris@1494: assert !token.expired? Chris@1494: Chris@1494: get 'account/activate', :token => token.value Chris@1494: assert_redirected_to '/login' Chris@1494: log_user('newuser', 'newpass123') Chris@1494: end Chris@1494: Chris@1494: def test_onthefly_registration Chris@1494: # disable registration Chris@1494: Setting.self_registration = '0' Chris@1494: AuthSource.expects(:authenticate).returns( Chris@1494: {:login => 'foo', :firstname => 'Foo', :lastname => 'Smith', Chris@1494: :mail => 'foo@bar.com', :auth_source_id => 66}) Chris@1494: Chris@1494: post '/login', :username => 'foo', :password => 'bar' Chris@1494: assert_redirected_to '/my/page' Chris@1494: Chris@1494: user = User.find_by_login('foo') Chris@1494: assert user.is_a?(User) Chris@1494: assert_equal 66, user.auth_source_id Chris@1494: assert user.hashed_password.blank? Chris@1494: end Chris@1494: Chris@1494: def test_onthefly_registration_with_invalid_attributes Chris@1494: # disable registration Chris@1494: Setting.self_registration = '0' Chris@1494: AuthSource.expects(:authenticate).returns( Chris@1494: {:login => 'foo', :lastname => 'Smith', :auth_source_id => 66}) Chris@1494: Chris@1494: post '/login', :username => 'foo', :password => 'bar' Chris@1494: assert_response :success Chris@1494: assert_template 'account/register' Chris@1494: assert_tag :input, :attributes => { :name => 'user[firstname]', :value => '' } Chris@1494: assert_tag :input, :attributes => { :name => 'user[lastname]', :value => 'Smith' } Chris@1494: assert_no_tag :input, :attributes => { :name => 'user[login]' } Chris@1494: assert_no_tag :input, :attributes => { :name => 'user[password]' } Chris@1494: Chris@1494: post 'account/register', Chris@1494: :user => {:firstname => 'Foo', :lastname => 'Smith', :mail => 'foo@bar.com'} Chris@1494: assert_redirected_to '/my/account' Chris@1494: Chris@1494: user = User.find_by_login('foo') Chris@1494: assert user.is_a?(User) Chris@1494: assert_equal 66, user.auth_source_id Chris@1494: assert user.hashed_password.blank? Chris@1494: end Chris@1494: Chris@1494: def test_registered_user_should_be_able_to_get_a_new_activation_email Chris@1494: Token.delete_all Chris@1494: Chris@1494: with_settings :self_registration => '1', :default_language => 'en' do Chris@1494: # register a new account Chris@1494: assert_difference 'User.count' do Chris@1494: assert_difference 'Token.count' do Chris@1494: post 'account/register', Chris@1494: :user => {:login => "newuser", :language => "en", Chris@1494: :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar", Chris@1494: :password => "newpass123", :password_confirmation => "newpass123"} Chris@1494: end Chris@1494: end Chris@1494: user = User.order('id desc').first Chris@1494: assert_equal User::STATUS_REGISTERED, user.status Chris@1494: reset! Chris@1494: Chris@1494: # try to use "lost password" Chris@1494: assert_no_difference 'ActionMailer::Base.deliveries.size' do Chris@1494: post '/account/lost_password', :mail => 'newuser@foo.bar' Chris@1494: end Chris@1494: assert_redirected_to '/account/lost_password' Chris@1494: follow_redirect! Chris@1494: assert_response :success Chris@1494: assert_select 'div.flash', :text => /new activation email/ Chris@1494: assert_select 'div.flash a[href=/account/activation_email]' Chris@1494: Chris@1494: # request a new action activation email Chris@1494: assert_difference 'ActionMailer::Base.deliveries.size' do Chris@1494: get '/account/activation_email' Chris@1494: end Chris@1494: assert_redirected_to '/login' Chris@1494: token = Token.order('id desc').first Chris@1494: activation_path = "/account/activate?token=#{token.value}" Chris@1494: assert_include activation_path, mail_body(ActionMailer::Base.deliveries.last) Chris@1494: Chris@1494: # activate the account Chris@1494: get activation_path Chris@1494: assert_redirected_to '/login' Chris@1494: Chris@1494: post '/login', :username => 'newuser', :password => 'newpass123' Chris@1494: assert_redirected_to '/my/page' Chris@1494: end Chris@1494: end Chris@1494: end