Chris@1295: # Redmine - project management software Chris@1295: # Copyright (C) 2006-2012 Jean-Philippe Lang Chris@1295: # Chris@1295: # This program is free software; you can redistribute it and/or Chris@1295: # modify it under the terms of the GNU General Public License Chris@1295: # as published by the Free Software Foundation; either version 2 Chris@1295: # of the License, or (at your option) any later version. Chris@1295: # Chris@1295: # This program is distributed in the hope that it will be useful, Chris@1295: # but WITHOUT ANY WARRANTY; without even the implied warranty of Chris@1295: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Chris@1295: # GNU General Public License for more details. Chris@1295: # Chris@1295: # You should have received a copy of the GNU General Public License Chris@1295: # along with this program; if not, write to the Free Software Chris@1295: # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Chris@1295: Chris@1295: require File.expand_path('../../test_helper', __FILE__) Chris@1295: require 'account_controller' Chris@1295: Chris@1295: # Re-raise errors caught by the controller. Chris@1295: class AccountController; def rescue_action(e) raise e end; end Chris@1295: Chris@1295: class AccountControllerTest < ActionController::TestCase Chris@1295: fixtures :users, :roles Chris@1295: Chris@1295: def setup Chris@1295: @controller = AccountController.new Chris@1295: @request = ActionController::TestRequest.new Chris@1295: @response = ActionController::TestResponse.new Chris@1295: User.current = nil Chris@1295: end Chris@1295: Chris@1295: def test_get_login Chris@1295: get :login Chris@1295: assert_response :success Chris@1295: assert_template 'login' Chris@1295: Chris@1295: assert_select 'input[name=username]' Chris@1295: assert_select 'input[name=password]' Chris@1295: end Chris@1295: Chris@1295: def test_login_should_redirect_to_back_url_param Chris@1295: # request.uri is "test.host" in test environment Chris@1295: post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.host/issues/show/1' Chris@1295: assert_redirected_to '/issues/show/1' Chris@1295: end Chris@1295: Chris@1295: def test_login_should_not_redirect_to_another_host Chris@1295: post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.foo/fake' Chris@1295: assert_redirected_to '/my/page' Chris@1295: end Chris@1295: Chris@1295: def test_login_with_wrong_password Chris@1295: post :login, :username => 'admin', :password => 'bad' Chris@1295: assert_response :success Chris@1295: assert_template 'login' Chris@1295: Chris@1295: assert_select 'div.flash.error', :text => /Invalid user or password/ Chris@1295: assert_select 'input[name=username][value=admin]' Chris@1295: assert_select 'input[name=password]' Chris@1295: assert_select 'input[name=password][value]', 0 Chris@1295: end Chris@1295: Chris@1295: def test_login_should_rescue_auth_source_exception Chris@1295: source = AuthSource.create!(:name => 'Test') Chris@1295: User.find(2).update_attribute :auth_source_id, source.id Chris@1295: AuthSource.any_instance.stubs(:authenticate).raises(AuthSourceException.new("Something wrong")) Chris@1295: Chris@1295: post :login, :username => 'jsmith', :password => 'jsmith' Chris@1295: assert_response 500 Chris@1295: assert_error_tag :content => /Something wrong/ Chris@1295: end Chris@1295: Chris@1295: def test_login_should_reset_session Chris@1295: @controller.expects(:reset_session).once Chris@1295: Chris@1295: post :login, :username => 'jsmith', :password => 'jsmith' Chris@1295: assert_response 302 Chris@1295: end Chris@1295: Chris@1295: def test_logout Chris@1295: @request.session[:user_id] = 2 Chris@1295: get :logout Chris@1295: assert_redirected_to '/' Chris@1295: assert_nil @request.session[:user_id] Chris@1295: end Chris@1295: Chris@1295: def test_logout_should_reset_session Chris@1295: @controller.expects(:reset_session).once Chris@1295: Chris@1295: @request.session[:user_id] = 2 Chris@1295: get :logout Chris@1295: assert_response 302 Chris@1295: end Chris@1295: Chris@1295: def test_get_register_with_registration_on Chris@1295: with_settings :self_registration => '3' do Chris@1295: get :register Chris@1295: assert_response :success Chris@1295: assert_template 'register' Chris@1295: assert_not_nil assigns(:user) Chris@1295: Chris@1295: assert_tag 'input', :attributes => {:name => 'user[password]'} Chris@1295: assert_tag 'input', :attributes => {:name => 'user[password_confirmation]'} Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: def test_get_register_with_registration_off_should_redirect Chris@1295: with_settings :self_registration => '0' do Chris@1295: get :register Chris@1295: assert_redirected_to '/' Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: # See integration/account_test.rb for the full test Chris@1295: def test_post_register_with_registration_on Chris@1295: with_settings :self_registration => '3' do Chris@1295: assert_difference 'User.count' do Chris@1295: post :register, :user => { Chris@1295: :login => 'register', Chris@1295: :password => 'secret123', Chris@1295: :password_confirmation => 'secret123', Chris@1295: :firstname => 'John', Chris@1295: :lastname => 'Doe', Chris@1295: :mail => 'register@example.com' Chris@1295: } Chris@1295: assert_redirected_to '/my/account' Chris@1295: end Chris@1295: user = User.first(:order => 'id DESC') Chris@1295: assert_equal 'register', user.login Chris@1295: assert_equal 'John', user.firstname Chris@1295: assert_equal 'Doe', user.lastname Chris@1295: assert_equal 'register@example.com', user.mail Chris@1295: assert user.check_password?('secret123') Chris@1295: assert user.active? Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: def test_post_register_with_registration_off_should_redirect Chris@1295: with_settings :self_registration => '0' do Chris@1295: assert_no_difference 'User.count' do Chris@1295: post :register, :user => { Chris@1295: :login => 'register', Chris@1295: :password => 'test', Chris@1295: :password_confirmation => 'test', Chris@1295: :firstname => 'John', Chris@1295: :lastname => 'Doe', Chris@1295: :mail => 'register@example.com' Chris@1295: } Chris@1295: assert_redirected_to '/' Chris@1295: end Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: def test_get_lost_password_should_display_lost_password_form Chris@1295: get :lost_password Chris@1295: assert_response :success Chris@1295: assert_select 'input[name=mail]' Chris@1295: end Chris@1295: Chris@1295: def test_lost_password_for_active_user_should_create_a_token Chris@1295: Token.delete_all Chris@1295: ActionMailer::Base.deliveries.clear Chris@1295: assert_difference 'ActionMailer::Base.deliveries.size' do Chris@1295: assert_difference 'Token.count' do Chris@1295: with_settings :host_name => 'mydomain.foo', :protocol => 'http' do Chris@1295: post :lost_password, :mail => 'JSmith@somenet.foo' Chris@1295: assert_redirected_to '/login' Chris@1295: end Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: token = Token.order('id DESC').first Chris@1295: assert_equal User.find(2), token.user Chris@1295: assert_equal 'recovery', token.action Chris@1295: Chris@1295: assert_select_email do Chris@1295: assert_select "a[href=?]", "http://mydomain.foo/account/lost_password?token=#{token.value}" Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: def test_lost_password_for_unknown_user_should_fail Chris@1295: Token.delete_all Chris@1295: assert_no_difference 'Token.count' do Chris@1295: post :lost_password, :mail => 'invalid@somenet.foo' Chris@1295: assert_response :success Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: def test_lost_password_for_non_active_user_should_fail Chris@1295: Token.delete_all Chris@1295: assert User.find(2).lock! Chris@1295: Chris@1295: assert_no_difference 'Token.count' do Chris@1295: post :lost_password, :mail => 'JSmith@somenet.foo' Chris@1295: assert_response :success Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: def test_get_lost_password_with_token_should_display_the_password_recovery_form Chris@1295: user = User.find(2) Chris@1295: token = Token.create!(:action => 'recovery', :user => user) Chris@1295: Chris@1295: get :lost_password, :token => token.value Chris@1295: assert_response :success Chris@1295: assert_template 'password_recovery' Chris@1295: Chris@1295: assert_select 'input[type=hidden][name=token][value=?]', token.value Chris@1295: end Chris@1295: Chris@1295: def test_get_lost_password_with_invalid_token_should_redirect Chris@1295: get :lost_password, :token => "abcdef" Chris@1295: assert_redirected_to '/' Chris@1295: end Chris@1295: Chris@1295: def test_post_lost_password_with_token_should_change_the_user_password Chris@1295: user = User.find(2) Chris@1295: token = Token.create!(:action => 'recovery', :user => user) Chris@1295: Chris@1295: post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123' Chris@1295: assert_redirected_to '/login' Chris@1295: user.reload Chris@1295: assert user.check_password?('newpass123') Chris@1295: assert_nil Token.find_by_id(token.id), "Token was not deleted" Chris@1295: end Chris@1295: Chris@1295: def test_post_lost_password_with_token_for_non_active_user_should_fail Chris@1295: user = User.find(2) Chris@1295: token = Token.create!(:action => 'recovery', :user => user) Chris@1295: user.lock! Chris@1295: Chris@1295: post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123' Chris@1295: assert_redirected_to '/' Chris@1295: assert ! user.check_password?('newpass123') Chris@1295: end Chris@1295: Chris@1295: def test_post_lost_password_with_token_and_password_confirmation_failure_should_redisplay_the_form Chris@1295: user = User.find(2) Chris@1295: token = Token.create!(:action => 'recovery', :user => user) Chris@1295: Chris@1295: post :lost_password, :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'wrongpass' Chris@1295: assert_response :success Chris@1295: assert_template 'password_recovery' Chris@1295: assert_not_nil Token.find_by_id(token.id), "Token was deleted" Chris@1295: Chris@1295: assert_select 'input[type=hidden][name=token][value=?]', token.value Chris@1295: end Chris@1295: Chris@1295: def test_post_lost_password_with_invalid_token_should_redirect Chris@1295: post :lost_password, :token => "abcdef", :new_password => 'newpass', :new_password_confirmation => 'newpass' Chris@1295: assert_redirected_to '/' Chris@1295: end Chris@1295: end