Chris@909: # Redmine - project management software Chris@1494: # Copyright (C) 2006-2014 Jean-Philippe Lang Chris@0: # Chris@0: # This program is free software; you can redistribute it and/or Chris@0: # modify it under the terms of the GNU General Public License Chris@0: # as published by the Free Software Foundation; either version 2 Chris@0: # of the License, or (at your option) any later version. Chris@909: # Chris@0: # This program is distributed in the hope that it will be useful, Chris@0: # but WITHOUT ANY WARRANTY; without even the implied warranty of Chris@0: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Chris@0: # GNU General Public License for more details. Chris@909: # Chris@0: # You should have received a copy of the GNU General Public License Chris@0: # along with this program; if not, write to the Free Software Chris@0: # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Chris@0: Chris@119: require File.expand_path('../../test_helper', __FILE__) Chris@0: Chris@0: begin Chris@1464: require 'mocha/setup' Chris@0: rescue Chris@0: # Won't run some tests Chris@0: end Chris@0: Chris@0: class AccountTest < ActionController::IntegrationTest Chris@0: fixtures :users, :roles Chris@0: Chris@0: # Replace this with your real tests. Chris@0: def test_login Chris@0: get "my/page" Chris@0: assert_redirected_to "/login?back_url=http%3A%2F%2Fwww.example.com%2Fmy%2Fpage" Chris@0: log_user('jsmith', 'jsmith') Chris@909: Chris@0: get "my/account" Chris@0: assert_response :success Chris@909: assert_template "my/account" Chris@0: end Chris@909: Chris@0: def test_autologin Chris@0: user = User.find(1) Chris@0: Setting.autologin = "7" Chris@0: Token.delete_all Chris@909: Chris@0: # User logs in with 'autologin' checked Chris@0: post '/login', :username => user.login, :password => 'admin', :autologin => 1 chris@37: assert_redirected_to '/my/page' Chris@1464: token = Token.first Chris@0: assert_not_nil token Chris@0: assert_equal user, token.user Chris@0: assert_equal 'autologin', token.action Chris@0: assert_equal user.id, session[:user_id] Chris@0: assert_equal token.value, cookies['autologin'] Chris@909: Chris@0: # Session is cleared Chris@0: reset! Chris@0: User.current = nil Chris@0: # Clears user's last login timestamp Chris@0: user.update_attribute :last_login_on, nil Chris@0: assert_nil user.reload.last_login_on Chris@909: Chris@1464: # User comes back with user's autologin cookie Chris@0: cookies[:autologin] = token.value Chris@0: get '/my/page' Chris@0: assert_response :success Chris@0: assert_template 'my/page' Chris@0: assert_equal user.id, session[:user_id] Chris@0: assert_not_nil user.reload.last_login_on Chris@0: end Chris@909: Chris@1464: def test_autologin_should_use_autologin_cookie_name Chris@1464: Token.delete_all Chris@1464: Redmine::Configuration.stubs(:[]).with('autologin_cookie_name').returns('custom_autologin') Chris@1464: Redmine::Configuration.stubs(:[]).with('autologin_cookie_path').returns('/') Chris@1464: Redmine::Configuration.stubs(:[]).with('autologin_cookie_secure').returns(false) Chris@1464: Chris@1464: with_settings :autologin => '7' do Chris@1464: assert_difference 'Token.count' do Chris@1464: post '/login', :username => 'admin', :password => 'admin', :autologin => 1 Chris@1464: end Chris@1464: assert_response 302 Chris@1464: assert cookies['custom_autologin'].present? Chris@1464: token = cookies['custom_autologin'] Chris@1464: Chris@1464: # Session is cleared Chris@1464: reset! Chris@1464: cookies['custom_autologin'] = token Chris@1464: get '/my/page' Chris@1464: assert_response :success Chris@1464: Chris@1464: assert_difference 'Token.count', -1 do Chris@1464: post '/logout' Chris@1464: end Chris@1464: assert cookies['custom_autologin'].blank? Chris@1464: end Chris@1464: end Chris@1464: Chris@0: def test_lost_password Chris@0: Token.delete_all Chris@909: Chris@0: get "account/lost_password" Chris@0: assert_response :success Chris@0: assert_template "account/lost_password" Chris@1115: assert_select 'input[name=mail]' Chris@909: Chris@0: post "account/lost_password", :mail => 'jSmith@somenet.foo' Chris@0: assert_redirected_to "/login" Chris@909: Chris@1464: token = Token.first Chris@0: assert_equal 'recovery', token.action Chris@0: assert_equal 'jsmith@somenet.foo', token.user.mail Chris@0: assert !token.expired? Chris@909: Chris@0: get "account/lost_password", :token => token.value Chris@0: assert_response :success Chris@0: assert_template "account/password_recovery" Chris@1115: assert_select 'input[type=hidden][name=token][value=?]', token.value Chris@1115: assert_select 'input[name=new_password]' Chris@1115: assert_select 'input[name=new_password_confirmation]' Chris@909: Chris@1464: post "account/lost_password", Chris@1464: :token => token.value, :new_password => 'newpass123', Chris@1464: :new_password_confirmation => 'newpass123' Chris@0: assert_redirected_to "/login" Chris@0: assert_equal 'Password was successfully updated.', flash[:notice] Chris@909: Chris@1115: log_user('jsmith', 'newpass123') Chris@909: assert_equal 0, Token.count Chris@0: end Chris@909: Chris@1464: def test_user_with_must_change_passwd_should_be_forced_to_change_its_password Chris@1464: User.find_by_login('jsmith').update_attribute :must_change_passwd, true Chris@1464: Chris@1464: post '/login', :username => 'jsmith', :password => 'jsmith' Chris@1464: assert_redirected_to '/my/page' Chris@1464: follow_redirect! Chris@1464: assert_redirected_to '/my/password' Chris@1464: Chris@1464: get '/issues' Chris@1464: assert_redirected_to '/my/password' Chris@1464: end Chris@1464: Chris@1464: def test_user_with_must_change_passwd_should_be_able_to_change_its_password Chris@1464: User.find_by_login('jsmith').update_attribute :must_change_passwd, true Chris@1464: Chris@1464: post '/login', :username => 'jsmith', :password => 'jsmith' Chris@1464: assert_redirected_to '/my/page' Chris@1464: follow_redirect! Chris@1464: assert_redirected_to '/my/password' Chris@1464: follow_redirect! Chris@1464: assert_response :success Chris@1464: post '/my/password', :password => 'jsmith', :new_password => 'newpassword', :new_password_confirmation => 'newpassword' Chris@1464: assert_redirected_to '/my/account' Chris@1464: follow_redirect! Chris@1464: assert_response :success Chris@1464: Chris@1464: assert_equal false, User.find_by_login('jsmith').must_change_passwd? Chris@1464: end Chris@1464: Chris@0: def test_register_with_automatic_activation Chris@0: Setting.self_registration = '3' Chris@909: Chris@0: get 'account/register' Chris@0: assert_response :success Chris@0: assert_template 'account/register' Chris@909: Chris@1464: post 'account/register', Chris@1464: :user => {:login => "newuser", :language => "en", Chris@1464: :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar", Chris@1464: :password => "newpass123", :password_confirmation => "newpass123"} chris@37: assert_redirected_to '/my/account' Chris@0: follow_redirect! Chris@0: assert_response :success Chris@0: assert_template 'my/account' Chris@909: Chris@0: user = User.find_by_login('newuser') Chris@0: assert_not_nil user Chris@0: assert user.active? Chris@0: assert_not_nil user.last_login_on Chris@0: end Chris@909: Chris@0: def test_register_with_manual_activation Chris@0: Setting.self_registration = '2' Chris@909: Chris@1464: post 'account/register', Chris@1464: :user => {:login => "newuser", :language => "en", Chris@1464: :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar", Chris@1464: :password => "newpass123", :password_confirmation => "newpass123"} Chris@0: assert_redirected_to '/login' Chris@0: assert !User.find_by_login('newuser').active? Chris@0: end Chris@909: Chris@0: def test_register_with_email_activation Chris@0: Setting.self_registration = '1' Chris@0: Token.delete_all Chris@909: Chris@1464: post 'account/register', Chris@1464: :user => {:login => "newuser", :language => "en", Chris@1464: :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar", Chris@1464: :password => "newpass123", :password_confirmation => "newpass123"} Chris@0: assert_redirected_to '/login' Chris@0: assert !User.find_by_login('newuser').active? Chris@909: Chris@1464: token = Token.first Chris@0: assert_equal 'register', token.action Chris@0: assert_equal 'newuser@foo.bar', token.user.mail Chris@0: assert !token.expired? Chris@909: Chris@0: get 'account/activate', :token => token.value Chris@0: assert_redirected_to '/login' Chris@1115: log_user('newuser', 'newpass123') Chris@0: end Chris@909: Chris@0: def test_onthefly_registration Chris@0: # disable registration Chris@0: Setting.self_registration = '0' Chris@1464: AuthSource.expects(:authenticate).returns( Chris@1464: {:login => 'foo', :firstname => 'Foo', :lastname => 'Smith', Chris@1464: :mail => 'foo@bar.com', :auth_source_id => 66}) Chris@909: Chris@1115: post '/login', :username => 'foo', :password => 'bar' chris@37: assert_redirected_to '/my/page' Chris@909: Chris@0: user = User.find_by_login('foo') Chris@0: assert user.is_a?(User) Chris@0: assert_equal 66, user.auth_source_id Chris@0: assert user.hashed_password.blank? Chris@0: end Chris@909: Chris@0: def test_onthefly_registration_with_invalid_attributes Chris@0: # disable registration Chris@0: Setting.self_registration = '0' Chris@1464: AuthSource.expects(:authenticate).returns( Chris@1464: {:login => 'foo', :lastname => 'Smith', :auth_source_id => 66}) Chris@909: Chris@1115: post '/login', :username => 'foo', :password => 'bar' Chris@0: assert_response :success Chris@0: assert_template 'account/register' Chris@0: assert_tag :input, :attributes => { :name => 'user[firstname]', :value => '' } Chris@0: assert_tag :input, :attributes => { :name => 'user[lastname]', :value => 'Smith' } Chris@0: assert_no_tag :input, :attributes => { :name => 'user[login]' } Chris@0: assert_no_tag :input, :attributes => { :name => 'user[password]' } Chris@909: Chris@1464: post 'account/register', Chris@1464: :user => {:firstname => 'Foo', :lastname => 'Smith', :mail => 'foo@bar.com'} Chris@0: assert_redirected_to '/my/account' Chris@909: Chris@0: user = User.find_by_login('foo') Chris@0: assert user.is_a?(User) Chris@0: assert_equal 66, user.auth_source_id Chris@0: assert user.hashed_password.blank? Chris@0: end Chris@1464: Chris@1464: def test_registered_user_should_be_able_to_get_a_new_activation_email Chris@1464: Token.delete_all Chris@1464: Chris@1464: with_settings :self_registration => '1', :default_language => 'en' do Chris@1464: # register a new account Chris@1464: assert_difference 'User.count' do Chris@1464: assert_difference 'Token.count' do Chris@1464: post 'account/register', Chris@1464: :user => {:login => "newuser", :language => "en", Chris@1464: :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar", Chris@1464: :password => "newpass123", :password_confirmation => "newpass123"} Chris@1464: end Chris@1464: end Chris@1464: user = User.order('id desc').first Chris@1464: assert_equal User::STATUS_REGISTERED, user.status Chris@1464: reset! Chris@1464: Chris@1464: # try to use "lost password" Chris@1464: assert_no_difference 'ActionMailer::Base.deliveries.size' do Chris@1464: post '/account/lost_password', :mail => 'newuser@foo.bar' Chris@1464: end Chris@1464: assert_redirected_to '/account/lost_password' Chris@1464: follow_redirect! Chris@1464: assert_response :success Chris@1464: assert_select 'div.flash', :text => /new activation email/ Chris@1464: assert_select 'div.flash a[href=/account/activation_email]' Chris@1464: Chris@1464: # request a new action activation email Chris@1464: assert_difference 'ActionMailer::Base.deliveries.size' do Chris@1464: get '/account/activation_email' Chris@1464: end Chris@1464: assert_redirected_to '/login' Chris@1464: token = Token.order('id desc').first Chris@1464: activation_path = "/account/activate?token=#{token.value}" Chris@1464: assert_include activation_path, mail_body(ActionMailer::Base.deliveries.last) Chris@1464: Chris@1464: # activate the account Chris@1464: get activation_path Chris@1464: assert_redirected_to '/login' Chris@1464: Chris@1464: post '/login', :username => 'newuser', :password => 'newpass123' Chris@1464: assert_redirected_to '/my/page' Chris@1464: end Chris@1464: end Chris@0: end