Chris@1295: # Redmine - project management software Chris@1295: # Copyright (C) 2006-2012 Jean-Philippe Lang Chris@1295: # Chris@1295: # This program is free software; you can redistribute it and/or Chris@1295: # modify it under the terms of the GNU General Public License Chris@1295: # as published by the Free Software Foundation; either version 2 Chris@1295: # of the License, or (at your option) any later version. Chris@1295: # Chris@1295: # This program is distributed in the hope that it will be useful, Chris@1295: # but WITHOUT ANY WARRANTY; without even the implied warranty of Chris@1295: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Chris@1295: # GNU General Public License for more details. Chris@1295: # Chris@1295: # You should have received a copy of the GNU General Public License Chris@1295: # along with this program; if not, write to the Free Software Chris@1295: # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Chris@1295: Chris@1295: require File.expand_path('../../test_helper', __FILE__) Chris@1295: Chris@1295: class UserTest < ActiveSupport::TestCase Chris@1295: fixtures :users, :members, :projects, :roles, :member_roles, :auth_sources, Chris@1295: :trackers, :issue_statuses, Chris@1295: :projects_trackers, Chris@1295: :watchers, Chris@1295: :issue_categories, :enumerations, :issues, Chris@1295: :journals, :journal_details, Chris@1295: :groups_users, Chris@1295: :enabled_modules, Chris@1295: :workflows Chris@1295: Chris@1295: def setup Chris@1295: @admin = User.find(1) Chris@1295: @jsmith = User.find(2) Chris@1295: @dlopper = User.find(3) Chris@1295: end Chris@1295: Chris@1295: def test_generate Chris@1295: User.generate!(:firstname => 'Testing connection') Chris@1295: User.generate!(:firstname => 'Testing connection') Chris@1295: assert_equal 2, User.count(:all, :conditions => {:firstname => 'Testing connection'}) Chris@1295: end Chris@1295: Chris@1295: def test_truth Chris@1295: assert_kind_of User, @jsmith Chris@1295: end Chris@1295: Chris@1295: def test_mail_should_be_stripped Chris@1295: u = User.new Chris@1295: u.mail = " foo@bar.com " Chris@1295: assert_equal "foo@bar.com", u.mail Chris@1295: end Chris@1295: Chris@1295: def test_mail_validation Chris@1295: u = User.new Chris@1295: u.mail = '' Chris@1295: assert !u.valid? Chris@1295: assert_include I18n.translate('activerecord.errors.messages.blank'), u.errors[:mail] Chris@1295: end Chris@1295: Chris@1295: def test_login_length_validation Chris@1295: user = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo") Chris@1295: user.login = "x" * (User::LOGIN_LENGTH_LIMIT+1) Chris@1295: assert !user.valid? Chris@1295: Chris@1295: user.login = "x" * (User::LOGIN_LENGTH_LIMIT) Chris@1295: assert user.valid? Chris@1295: assert user.save Chris@1295: end Chris@1295: Chris@1295: def test_create Chris@1295: user = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo") Chris@1295: Chris@1295: user.login = "jsmith" Chris@1295: user.password, user.password_confirmation = "password", "password" Chris@1295: # login uniqueness Chris@1295: assert !user.save Chris@1295: assert_equal 1, user.errors.count Chris@1295: Chris@1295: user.login = "newuser" Chris@1295: user.password, user.password_confirmation = "password", "pass" Chris@1295: # password confirmation Chris@1295: assert !user.save Chris@1295: assert_equal 1, user.errors.count Chris@1295: Chris@1295: user.password, user.password_confirmation = "password", "password" Chris@1295: assert user.save Chris@1295: end Chris@1295: Chris@1295: def test_user_before_create_should_set_the_mail_notification_to_the_default_setting Chris@1295: @user1 = User.generate! Chris@1295: assert_equal 'only_my_events', @user1.mail_notification Chris@1295: with_settings :default_notification_option => 'all' do Chris@1295: @user2 = User.generate! Chris@1295: assert_equal 'all', @user2.mail_notification Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: def test_user_login_should_be_case_insensitive Chris@1295: u = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo") Chris@1295: u.login = 'newuser' Chris@1295: u.password, u.password_confirmation = "password", "password" Chris@1295: assert u.save Chris@1295: u = User.new(:firstname => "Similar", :lastname => "User", :mail => "similaruser@somenet.foo") Chris@1295: u.login = 'NewUser' Chris@1295: u.password, u.password_confirmation = "password", "password" Chris@1295: assert !u.save Chris@1295: assert_include I18n.translate('activerecord.errors.messages.taken'), u.errors[:login] Chris@1295: end Chris@1295: Chris@1295: def test_mail_uniqueness_should_not_be_case_sensitive Chris@1295: u = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo") Chris@1295: u.login = 'newuser1' Chris@1295: u.password, u.password_confirmation = "password", "password" Chris@1295: assert u.save Chris@1295: Chris@1295: u = User.new(:firstname => "new", :lastname => "user", :mail => "newUser@Somenet.foo") Chris@1295: u.login = 'newuser2' Chris@1295: u.password, u.password_confirmation = "password", "password" Chris@1295: assert !u.save Chris@1295: assert_include I18n.translate('activerecord.errors.messages.taken'), u.errors[:mail] Chris@1295: end Chris@1295: Chris@1295: def test_update Chris@1295: assert_equal "admin", @admin.login Chris@1295: @admin.login = "john" Chris@1295: assert @admin.save, @admin.errors.full_messages.join("; ") Chris@1295: @admin.reload Chris@1295: assert_equal "john", @admin.login Chris@1295: end Chris@1295: Chris@1295: def test_update_should_not_fail_for_legacy_user_with_different_case_logins Chris@1295: u1 = User.new(:firstname => "new", :lastname => "user", :mail => "newuser1@somenet.foo") Chris@1295: u1.login = 'newuser1' Chris@1295: assert u1.save Chris@1295: Chris@1295: u2 = User.new(:firstname => "new", :lastname => "user", :mail => "newuser2@somenet.foo") Chris@1295: u2.login = 'newuser1' Chris@1295: assert u2.save(:validate => false) Chris@1295: Chris@1295: user = User.find(u2.id) Chris@1295: user.firstname = "firstname" Chris@1295: assert user.save, "Save failed" Chris@1295: end Chris@1295: Chris@1295: def test_destroy_should_delete_members_and_roles Chris@1295: members = Member.find_all_by_user_id(2) Chris@1295: ms = members.size Chris@1295: rs = members.collect(&:roles).flatten.size Chris@1295: Chris@1295: assert_difference 'Member.count', - ms do Chris@1295: assert_difference 'MemberRole.count', - rs do Chris@1295: User.find(2).destroy Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: assert_nil User.find_by_id(2) Chris@1295: assert Member.find_all_by_user_id(2).empty? Chris@1295: end Chris@1295: Chris@1295: def test_destroy_should_update_attachments Chris@1295: attachment = Attachment.create!(:container => Project.find(1), Chris@1295: :file => uploaded_test_file("testfile.txt", "text/plain"), Chris@1295: :author_id => 2) Chris@1295: Chris@1295: User.find(2).destroy Chris@1295: assert_nil User.find_by_id(2) Chris@1295: assert_equal User.anonymous, attachment.reload.author Chris@1295: end Chris@1295: Chris@1295: def test_destroy_should_update_comments Chris@1295: comment = Comment.create!( Chris@1295: :commented => News.create!(:project_id => 1, :author_id => 1, :title => 'foo', :description => 'foo'), Chris@1295: :author => User.find(2), Chris@1295: :comments => 'foo' Chris@1295: ) Chris@1295: Chris@1295: User.find(2).destroy Chris@1295: assert_nil User.find_by_id(2) Chris@1295: assert_equal User.anonymous, comment.reload.author Chris@1295: end Chris@1295: Chris@1295: def test_destroy_should_update_issues Chris@1295: issue = Issue.create!(:project_id => 1, :author_id => 2, :tracker_id => 1, :subject => 'foo') Chris@1295: Chris@1295: User.find(2).destroy Chris@1295: assert_nil User.find_by_id(2) Chris@1295: assert_equal User.anonymous, issue.reload.author Chris@1295: end Chris@1295: Chris@1295: def test_destroy_should_unassign_issues Chris@1295: issue = Issue.create!(:project_id => 1, :author_id => 1, :tracker_id => 1, :subject => 'foo', :assigned_to_id => 2) Chris@1295: Chris@1295: User.find(2).destroy Chris@1295: assert_nil User.find_by_id(2) Chris@1295: assert_nil issue.reload.assigned_to Chris@1295: end Chris@1295: Chris@1295: def test_destroy_should_update_journals Chris@1295: issue = Issue.create!(:project_id => 1, :author_id => 2, :tracker_id => 1, :subject => 'foo') Chris@1295: issue.init_journal(User.find(2), "update") Chris@1295: issue.save! Chris@1295: Chris@1295: User.find(2).destroy Chris@1295: assert_nil User.find_by_id(2) Chris@1295: assert_equal User.anonymous, issue.journals.first.reload.user Chris@1295: end Chris@1295: Chris@1295: def test_destroy_should_update_journal_details_old_value Chris@1295: issue = Issue.create!(:project_id => 1, :author_id => 1, :tracker_id => 1, :subject => 'foo', :assigned_to_id => 2) Chris@1295: issue.init_journal(User.find(1), "update") Chris@1295: issue.assigned_to_id = nil Chris@1295: assert_difference 'JournalDetail.count' do Chris@1295: issue.save! Chris@1295: end Chris@1295: journal_detail = JournalDetail.first(:order => 'id DESC') Chris@1295: assert_equal '2', journal_detail.old_value Chris@1295: Chris@1295: User.find(2).destroy Chris@1295: assert_nil User.find_by_id(2) Chris@1295: assert_equal User.anonymous.id.to_s, journal_detail.reload.old_value Chris@1295: end Chris@1295: Chris@1295: def test_destroy_should_update_journal_details_value Chris@1295: issue = Issue.create!(:project_id => 1, :author_id => 1, :tracker_id => 1, :subject => 'foo') Chris@1295: issue.init_journal(User.find(1), "update") Chris@1295: issue.assigned_to_id = 2 Chris@1295: assert_difference 'JournalDetail.count' do Chris@1295: issue.save! Chris@1295: end Chris@1295: journal_detail = JournalDetail.first(:order => 'id DESC') Chris@1295: assert_equal '2', journal_detail.value Chris@1295: Chris@1295: User.find(2).destroy Chris@1295: assert_nil User.find_by_id(2) Chris@1295: assert_equal User.anonymous.id.to_s, journal_detail.reload.value Chris@1295: end Chris@1295: Chris@1295: def test_destroy_should_update_messages Chris@1295: board = Board.create!(:project_id => 1, :name => 'Board', :description => 'Board') Chris@1295: message = Message.create!(:board_id => board.id, :author_id => 2, :subject => 'foo', :content => 'foo') Chris@1295: Chris@1295: User.find(2).destroy Chris@1295: assert_nil User.find_by_id(2) Chris@1295: assert_equal User.anonymous, message.reload.author Chris@1295: end Chris@1295: Chris@1295: def test_destroy_should_update_news Chris@1295: news = News.create!(:project_id => 1, :author_id => 2, :title => 'foo', :description => 'foo') Chris@1295: Chris@1295: User.find(2).destroy Chris@1295: assert_nil User.find_by_id(2) Chris@1295: assert_equal User.anonymous, news.reload.author Chris@1295: end Chris@1295: Chris@1295: def test_destroy_should_delete_private_queries Chris@1295: query = Query.new(:name => 'foo', :is_public => false) Chris@1295: query.project_id = 1 Chris@1295: query.user_id = 2 Chris@1295: query.save! Chris@1295: Chris@1295: User.find(2).destroy Chris@1295: assert_nil User.find_by_id(2) Chris@1295: assert_nil Query.find_by_id(query.id) Chris@1295: end Chris@1295: Chris@1295: def test_destroy_should_update_public_queries Chris@1295: query = Query.new(:name => 'foo', :is_public => true) Chris@1295: query.project_id = 1 Chris@1295: query.user_id = 2 Chris@1295: query.save! Chris@1295: Chris@1295: User.find(2).destroy Chris@1295: assert_nil User.find_by_id(2) Chris@1295: assert_equal User.anonymous, query.reload.user Chris@1295: end Chris@1295: Chris@1295: def test_destroy_should_update_time_entries Chris@1295: entry = TimeEntry.new(:hours => '2', :spent_on => Date.today, :activity => TimeEntryActivity.create!(:name => 'foo')) Chris@1295: entry.project_id = 1 Chris@1295: entry.user_id = 2 Chris@1295: entry.save! Chris@1295: Chris@1295: User.find(2).destroy Chris@1295: assert_nil User.find_by_id(2) Chris@1295: assert_equal User.anonymous, entry.reload.user Chris@1295: end Chris@1295: Chris@1295: def test_destroy_should_delete_tokens Chris@1295: token = Token.create!(:user_id => 2, :value => 'foo') Chris@1295: Chris@1295: User.find(2).destroy Chris@1295: assert_nil User.find_by_id(2) Chris@1295: assert_nil Token.find_by_id(token.id) Chris@1295: end Chris@1295: Chris@1295: def test_destroy_should_delete_watchers Chris@1295: issue = Issue.create!(:project_id => 1, :author_id => 1, :tracker_id => 1, :subject => 'foo') Chris@1295: watcher = Watcher.create!(:user_id => 2, :watchable => issue) Chris@1295: Chris@1295: User.find(2).destroy Chris@1295: assert_nil User.find_by_id(2) Chris@1295: assert_nil Watcher.find_by_id(watcher.id) Chris@1295: end Chris@1295: Chris@1295: def test_destroy_should_update_wiki_contents Chris@1295: wiki_content = WikiContent.create!( Chris@1295: :text => 'foo', Chris@1295: :author_id => 2, Chris@1295: :page => WikiPage.create!(:title => 'Foo', :wiki => Wiki.create!(:project_id => 1, :start_page => 'Start')) Chris@1295: ) Chris@1295: wiki_content.text = 'bar' Chris@1295: assert_difference 'WikiContent::Version.count' do Chris@1295: wiki_content.save! Chris@1295: end Chris@1295: Chris@1295: User.find(2).destroy Chris@1295: assert_nil User.find_by_id(2) Chris@1295: assert_equal User.anonymous, wiki_content.reload.author Chris@1295: wiki_content.versions.each do |version| Chris@1295: assert_equal User.anonymous, version.reload.author Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: def test_destroy_should_nullify_issue_categories Chris@1295: category = IssueCategory.create!(:project_id => 1, :assigned_to_id => 2, :name => 'foo') Chris@1295: Chris@1295: User.find(2).destroy Chris@1295: assert_nil User.find_by_id(2) Chris@1295: assert_nil category.reload.assigned_to_id Chris@1295: end Chris@1295: Chris@1295: def test_destroy_should_nullify_changesets Chris@1295: changeset = Changeset.create!( Chris@1295: :repository => Repository::Subversion.create!( Chris@1295: :project_id => 1, Chris@1295: :url => 'file:///tmp', Chris@1295: :identifier => 'tmp' Chris@1295: ), Chris@1295: :revision => '12', Chris@1295: :committed_on => Time.now, Chris@1295: :committer => 'jsmith' Chris@1295: ) Chris@1295: assert_equal 2, changeset.user_id Chris@1295: Chris@1295: User.find(2).destroy Chris@1295: assert_nil User.find_by_id(2) Chris@1295: assert_nil changeset.reload.user_id Chris@1295: end Chris@1295: Chris@1295: def test_anonymous_user_should_not_be_destroyable Chris@1295: assert_no_difference 'User.count' do Chris@1295: assert_equal false, User.anonymous.destroy Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: def test_validate_login_presence Chris@1295: @admin.login = "" Chris@1295: assert !@admin.save Chris@1295: assert_equal 1, @admin.errors.count Chris@1295: end Chris@1295: Chris@1295: def test_validate_mail_notification_inclusion Chris@1295: u = User.new Chris@1295: u.mail_notification = 'foo' Chris@1295: u.save Chris@1295: assert_not_nil u.errors[:mail_notification] Chris@1295: end Chris@1295: Chris@1295: context "User#try_to_login" do Chris@1295: should "fall-back to case-insensitive if user login is not found as-typed." do Chris@1295: user = User.try_to_login("AdMin", "admin") Chris@1295: assert_kind_of User, user Chris@1295: assert_equal "admin", user.login Chris@1295: end Chris@1295: Chris@1295: should "select the exact matching user first" do Chris@1295: case_sensitive_user = User.generate! do |user| Chris@1295: user.password = "admin123" Chris@1295: end Chris@1295: # bypass validations to make it appear like existing data Chris@1295: case_sensitive_user.update_attribute(:login, 'ADMIN') Chris@1295: Chris@1295: user = User.try_to_login("ADMIN", "admin123") Chris@1295: assert_kind_of User, user Chris@1295: assert_equal "ADMIN", user.login Chris@1295: Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: def test_password Chris@1295: user = User.try_to_login("admin", "admin") Chris@1295: assert_kind_of User, user Chris@1295: assert_equal "admin", user.login Chris@1295: user.password = "hello123" Chris@1295: assert user.save Chris@1295: Chris@1295: user = User.try_to_login("admin", "hello123") Chris@1295: assert_kind_of User, user Chris@1295: assert_equal "admin", user.login Chris@1295: end Chris@1295: Chris@1295: def test_validate_password_length Chris@1295: with_settings :password_min_length => '100' do Chris@1295: user = User.new(:firstname => "new100", :lastname => "user100", :mail => "newuser100@somenet.foo") Chris@1295: user.login = "newuser100" Chris@1295: user.password, user.password_confirmation = "password100", "password100" Chris@1295: assert !user.save Chris@1295: assert_equal 1, user.errors.count Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: def test_name_format Chris@1295: assert_equal 'John S.', @jsmith.name(:firstname_lastinitial) Chris@1295: assert_equal 'Smith, John', @jsmith.name(:lastname_coma_firstname) Chris@1295: with_settings :user_format => :firstname_lastname do Chris@1295: assert_equal 'John Smith', @jsmith.reload.name Chris@1295: end Chris@1295: with_settings :user_format => :username do Chris@1295: assert_equal 'jsmith', @jsmith.reload.name Chris@1295: end Chris@1295: with_settings :user_format => :lastname do Chris@1295: assert_equal 'Smith', @jsmith.reload.name Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: def test_today_should_return_the_day_according_to_user_time_zone Chris@1295: preference = User.find(1).pref Chris@1295: date = Date.new(2012, 05, 15) Chris@1295: time = Time.gm(2012, 05, 15, 23, 30).utc # 2012-05-15 23:30 UTC Chris@1295: Date.stubs(:today).returns(date) Chris@1295: Time.stubs(:now).returns(time) Chris@1295: Chris@1295: preference.update_attribute :time_zone, 'Baku' # UTC+4 Chris@1295: assert_equal '2012-05-16', User.find(1).today.to_s Chris@1295: Chris@1295: preference.update_attribute :time_zone, 'La Paz' # UTC-4 Chris@1295: assert_equal '2012-05-15', User.find(1).today.to_s Chris@1295: Chris@1295: preference.update_attribute :time_zone, '' Chris@1295: assert_equal '2012-05-15', User.find(1).today.to_s Chris@1295: end Chris@1295: Chris@1295: def test_time_to_date_should_return_the_date_according_to_user_time_zone Chris@1295: preference = User.find(1).pref Chris@1295: time = Time.gm(2012, 05, 15, 23, 30).utc # 2012-05-15 23:30 UTC Chris@1295: Chris@1295: preference.update_attribute :time_zone, 'Baku' # UTC+4 Chris@1295: assert_equal '2012-05-16', User.find(1).time_to_date(time).to_s Chris@1295: Chris@1295: preference.update_attribute :time_zone, 'La Paz' # UTC-4 Chris@1295: assert_equal '2012-05-15', User.find(1).time_to_date(time).to_s Chris@1295: Chris@1295: preference.update_attribute :time_zone, '' Chris@1295: assert_equal '2012-05-15', User.find(1).time_to_date(time).to_s Chris@1295: end Chris@1295: Chris@1295: def test_fields_for_order_statement_should_return_fields_according_user_format_setting Chris@1295: with_settings :user_format => 'lastname_coma_firstname' do Chris@1295: assert_equal ['users.lastname', 'users.firstname', 'users.id'], User.fields_for_order_statement Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: def test_fields_for_order_statement_width_table_name_should_prepend_table_name Chris@1295: with_settings :user_format => 'lastname_firstname' do Chris@1295: assert_equal ['authors.lastname', 'authors.firstname', 'authors.id'], User.fields_for_order_statement('authors') Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: def test_fields_for_order_statement_with_blank_format_should_return_default Chris@1295: with_settings :user_format => '' do Chris@1295: assert_equal ['users.firstname', 'users.lastname', 'users.id'], User.fields_for_order_statement Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: def test_fields_for_order_statement_with_invalid_format_should_return_default Chris@1295: with_settings :user_format => 'foo' do Chris@1295: assert_equal ['users.firstname', 'users.lastname', 'users.id'], User.fields_for_order_statement Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: def test_lock Chris@1295: user = User.try_to_login("jsmith", "jsmith") Chris@1295: assert_equal @jsmith, user Chris@1295: Chris@1295: @jsmith.status = User::STATUS_LOCKED Chris@1295: assert @jsmith.save Chris@1295: Chris@1295: user = User.try_to_login("jsmith", "jsmith") Chris@1295: assert_equal nil, user Chris@1295: end Chris@1295: Chris@1295: context ".try_to_login" do Chris@1295: context "with good credentials" do Chris@1295: should "return the user" do Chris@1295: user = User.try_to_login("admin", "admin") Chris@1295: assert_kind_of User, user Chris@1295: assert_equal "admin", user.login Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: context "with wrong credentials" do Chris@1295: should "return nil" do Chris@1295: assert_nil User.try_to_login("admin", "foo") Chris@1295: end Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: if ldap_configured? Chris@1295: context "#try_to_login using LDAP" do Chris@1295: context "with failed connection to the LDAP server" do Chris@1295: should "return nil" do Chris@1295: @auth_source = AuthSourceLdap.find(1) Chris@1295: AuthSource.any_instance.stubs(:initialize_ldap_con).raises(Net::LDAP::LdapError, 'Cannot connect') Chris@1295: Chris@1295: assert_equal nil, User.try_to_login('edavis', 'wrong') Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: context "with an unsuccessful authentication" do Chris@1295: should "return nil" do Chris@1295: assert_equal nil, User.try_to_login('edavis', 'wrong') Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: context "binding with user's account" do Chris@1295: setup do Chris@1295: @auth_source = AuthSourceLdap.find(1) Chris@1295: @auth_source.account = "uid=$login,ou=Person,dc=redmine,dc=org" Chris@1295: @auth_source.account_password = '' Chris@1295: @auth_source.save! Chris@1295: Chris@1295: @ldap_user = User.new(:mail => 'example1@redmine.org', :firstname => 'LDAP', :lastname => 'user', :auth_source_id => 1) Chris@1295: @ldap_user.login = 'example1' Chris@1295: @ldap_user.save! Chris@1295: end Chris@1295: Chris@1295: context "with a successful authentication" do Chris@1295: should "return the user" do Chris@1295: assert_equal @ldap_user, User.try_to_login('example1', '123456') Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: context "with an unsuccessful authentication" do Chris@1295: should "return nil" do Chris@1295: assert_nil User.try_to_login('example1', '11111') Chris@1295: end Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: context "on the fly registration" do Chris@1295: setup do Chris@1295: @auth_source = AuthSourceLdap.find(1) Chris@1295: @auth_source.update_attribute :onthefly_register, true Chris@1295: end Chris@1295: Chris@1295: context "with a successful authentication" do Chris@1295: should "create a new user account if it doesn't exist" do Chris@1295: assert_difference('User.count') do Chris@1295: user = User.try_to_login('edavis', '123456') Chris@1295: assert !user.admin? Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: should "retrieve existing user" do Chris@1295: user = User.try_to_login('edavis', '123456') Chris@1295: user.admin = true Chris@1295: user.save! Chris@1295: Chris@1295: assert_no_difference('User.count') do Chris@1295: user = User.try_to_login('edavis', '123456') Chris@1295: assert user.admin? Chris@1295: end Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: context "binding with user's account" do Chris@1295: setup do Chris@1295: @auth_source = AuthSourceLdap.find(1) Chris@1295: @auth_source.account = "uid=$login,ou=Person,dc=redmine,dc=org" Chris@1295: @auth_source.account_password = '' Chris@1295: @auth_source.save! Chris@1295: end Chris@1295: Chris@1295: context "with a successful authentication" do Chris@1295: should "create a new user account if it doesn't exist" do Chris@1295: assert_difference('User.count') do Chris@1295: user = User.try_to_login('example1', '123456') Chris@1295: assert_kind_of User, user Chris@1295: end Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: context "with an unsuccessful authentication" do Chris@1295: should "return nil" do Chris@1295: assert_nil User.try_to_login('example1', '11111') Chris@1295: end Chris@1295: end Chris@1295: end Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: else Chris@1295: puts "Skipping LDAP tests." Chris@1295: end Chris@1295: Chris@1295: def test_create_anonymous Chris@1295: AnonymousUser.delete_all Chris@1295: anon = User.anonymous Chris@1295: assert !anon.new_record? Chris@1295: assert_kind_of AnonymousUser, anon Chris@1295: end Chris@1295: Chris@1295: def test_ensure_single_anonymous_user Chris@1295: AnonymousUser.delete_all Chris@1295: anon1 = User.anonymous Chris@1295: assert !anon1.new_record? Chris@1295: assert_kind_of AnonymousUser, anon1 Chris@1295: anon2 = AnonymousUser.create( Chris@1295: :lastname => 'Anonymous', :firstname => '', Chris@1295: :mail => '', :login => '', :status => 0) Chris@1295: assert_equal 1, anon2.errors.count Chris@1295: end Chris@1295: Chris@1295: def test_rss_key Chris@1295: assert_nil @jsmith.rss_token Chris@1295: key = @jsmith.rss_key Chris@1295: assert_equal 40, key.length Chris@1295: Chris@1295: @jsmith.reload Chris@1295: assert_equal key, @jsmith.rss_key Chris@1295: end Chris@1295: Chris@1295: def test_rss_key_should_not_be_generated_twice Chris@1295: assert_difference 'Token.count', 1 do Chris@1295: key1 = @jsmith.rss_key Chris@1295: key2 = @jsmith.rss_key Chris@1295: assert_equal key1, key2 Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: def test_api_key_should_not_be_generated_twice Chris@1295: assert_difference 'Token.count', 1 do Chris@1295: key1 = @jsmith.api_key Chris@1295: key2 = @jsmith.api_key Chris@1295: assert_equal key1, key2 Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: context "User#api_key" do Chris@1295: should "generate a new one if the user doesn't have one" do Chris@1295: user = User.generate!(:api_token => nil) Chris@1295: assert_nil user.api_token Chris@1295: Chris@1295: key = user.api_key Chris@1295: assert_equal 40, key.length Chris@1295: user.reload Chris@1295: assert_equal key, user.api_key Chris@1295: end Chris@1295: Chris@1295: should "return the existing api token value" do Chris@1295: user = User.generate! Chris@1295: token = Token.create!(:action => 'api') Chris@1295: user.api_token = token Chris@1295: assert user.save Chris@1295: Chris@1295: assert_equal token.value, user.api_key Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: context "User#find_by_api_key" do Chris@1295: should "return nil if no matching key is found" do Chris@1295: assert_nil User.find_by_api_key('zzzzzzzzz') Chris@1295: end Chris@1295: Chris@1295: should "return nil if the key is found for an inactive user" do Chris@1295: user = User.generate! Chris@1295: user.status = User::STATUS_LOCKED Chris@1295: token = Token.create!(:action => 'api') Chris@1295: user.api_token = token Chris@1295: user.save Chris@1295: Chris@1295: assert_nil User.find_by_api_key(token.value) Chris@1295: end Chris@1295: Chris@1295: should "return the user if the key is found for an active user" do Chris@1295: user = User.generate! Chris@1295: token = Token.create!(:action => 'api') Chris@1295: user.api_token = token Chris@1295: user.save Chris@1295: Chris@1295: assert_equal user, User.find_by_api_key(token.value) Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: def test_default_admin_account_changed_should_return_false_if_account_was_not_changed Chris@1295: user = User.find_by_login("admin") Chris@1295: user.password = "admin" Chris@1295: assert user.save(:validate => false) Chris@1295: Chris@1295: assert_equal false, User.default_admin_account_changed? Chris@1295: end Chris@1295: Chris@1295: def test_default_admin_account_changed_should_return_true_if_password_was_changed Chris@1295: user = User.find_by_login("admin") Chris@1295: user.password = "newpassword" Chris@1295: user.save! Chris@1295: Chris@1295: assert_equal true, User.default_admin_account_changed? Chris@1295: end Chris@1295: Chris@1295: def test_default_admin_account_changed_should_return_true_if_account_is_disabled Chris@1295: user = User.find_by_login("admin") Chris@1295: user.password = "admin" Chris@1295: user.status = User::STATUS_LOCKED Chris@1295: assert user.save(:validate => false) Chris@1295: Chris@1295: assert_equal true, User.default_admin_account_changed? Chris@1295: end Chris@1295: Chris@1295: def test_default_admin_account_changed_should_return_true_if_account_does_not_exist Chris@1295: user = User.find_by_login("admin") Chris@1295: user.destroy Chris@1295: Chris@1295: assert_equal true, User.default_admin_account_changed? Chris@1295: end Chris@1295: Chris@1295: def test_roles_for_project Chris@1295: # user with a role Chris@1295: roles = @jsmith.roles_for_project(Project.find(1)) Chris@1295: assert_kind_of Role, roles.first Chris@1295: assert_equal "Manager", roles.first.name Chris@1295: Chris@1295: # user with no role Chris@1295: assert_nil @dlopper.roles_for_project(Project.find(2)).detect {|role| role.member?} Chris@1295: end Chris@1295: Chris@1295: def test_projects_by_role_for_user_with_role Chris@1295: user = User.find(2) Chris@1295: assert_kind_of Hash, user.projects_by_role Chris@1295: assert_equal 2, user.projects_by_role.size Chris@1295: assert_equal [1,5], user.projects_by_role[Role.find(1)].collect(&:id).sort Chris@1295: assert_equal [2], user.projects_by_role[Role.find(2)].collect(&:id).sort Chris@1295: end Chris@1295: Chris@1295: def test_accessing_projects_by_role_with_no_projects_should_return_an_empty_array Chris@1295: user = User.find(2) Chris@1295: assert_equal [], user.projects_by_role[Role.find(3)] Chris@1295: # should not update the hash Chris@1295: assert_nil user.projects_by_role.values.detect(&:blank?) Chris@1295: end Chris@1295: Chris@1295: def test_projects_by_role_for_user_with_no_role Chris@1295: user = User.generate! Chris@1295: assert_equal({}, user.projects_by_role) Chris@1295: end Chris@1295: Chris@1295: def test_projects_by_role_for_anonymous Chris@1295: assert_equal({}, User.anonymous.projects_by_role) Chris@1295: end Chris@1295: Chris@1295: def test_valid_notification_options Chris@1295: # without memberships Chris@1295: assert_equal 5, User.find(7).valid_notification_options.size Chris@1295: # with memberships Chris@1295: assert_equal 6, User.find(2).valid_notification_options.size Chris@1295: end Chris@1295: Chris@1295: def test_valid_notification_options_class_method Chris@1295: assert_equal 5, User.valid_notification_options.size Chris@1295: assert_equal 5, User.valid_notification_options(User.find(7)).size Chris@1295: assert_equal 6, User.valid_notification_options(User.find(2)).size Chris@1295: end Chris@1295: Chris@1295: def test_mail_notification_all Chris@1295: @jsmith.mail_notification = 'all' Chris@1295: @jsmith.notified_project_ids = [] Chris@1295: @jsmith.save Chris@1295: @jsmith.reload Chris@1295: assert @jsmith.projects.first.recipients.include?(@jsmith.mail) Chris@1295: end Chris@1295: Chris@1295: def test_mail_notification_selected Chris@1295: @jsmith.mail_notification = 'selected' Chris@1295: @jsmith.notified_project_ids = [1] Chris@1295: @jsmith.save Chris@1295: @jsmith.reload Chris@1295: assert Project.find(1).recipients.include?(@jsmith.mail) Chris@1295: end Chris@1295: Chris@1295: def test_mail_notification_only_my_events Chris@1295: @jsmith.mail_notification = 'only_my_events' Chris@1295: @jsmith.notified_project_ids = [] Chris@1295: @jsmith.save Chris@1295: @jsmith.reload Chris@1295: assert !@jsmith.projects.first.recipients.include?(@jsmith.mail) Chris@1295: end Chris@1295: Chris@1295: def test_comments_sorting_preference Chris@1295: assert !@jsmith.wants_comments_in_reverse_order? Chris@1295: @jsmith.pref.comments_sorting = 'asc' Chris@1295: assert !@jsmith.wants_comments_in_reverse_order? Chris@1295: @jsmith.pref.comments_sorting = 'desc' Chris@1295: assert @jsmith.wants_comments_in_reverse_order? Chris@1295: end Chris@1295: Chris@1295: def test_find_by_mail_should_be_case_insensitive Chris@1295: u = User.find_by_mail('JSmith@somenet.foo') Chris@1295: assert_not_nil u Chris@1295: assert_equal 'jsmith@somenet.foo', u.mail Chris@1295: end Chris@1295: Chris@1295: def test_random_password Chris@1295: u = User.new Chris@1295: u.random_password Chris@1295: assert !u.password.blank? Chris@1295: assert !u.password_confirmation.blank? Chris@1295: end Chris@1295: Chris@1295: context "#change_password_allowed?" do Chris@1295: should "be allowed if no auth source is set" do Chris@1295: user = User.generate! Chris@1295: assert user.change_password_allowed? Chris@1295: end Chris@1295: Chris@1295: should "delegate to the auth source" do Chris@1295: user = User.generate! Chris@1295: Chris@1295: allowed_auth_source = AuthSource.generate! Chris@1295: def allowed_auth_source.allow_password_changes?; true; end Chris@1295: Chris@1295: denied_auth_source = AuthSource.generate! Chris@1295: def denied_auth_source.allow_password_changes?; false; end Chris@1295: Chris@1295: assert user.change_password_allowed? Chris@1295: Chris@1295: user.auth_source = allowed_auth_source Chris@1295: assert user.change_password_allowed?, "User not allowed to change password, though auth source does" Chris@1295: Chris@1295: user.auth_source = denied_auth_source Chris@1295: assert !user.change_password_allowed?, "User allowed to change password, though auth source does not" Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: def test_own_account_deletable_should_be_true_with_unsubscrive_enabled Chris@1295: with_settings :unsubscribe => '1' do Chris@1295: assert_equal true, User.find(2).own_account_deletable? Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: def test_own_account_deletable_should_be_false_with_unsubscrive_disabled Chris@1295: with_settings :unsubscribe => '0' do Chris@1295: assert_equal false, User.find(2).own_account_deletable? Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: def test_own_account_deletable_should_be_false_for_a_single_admin Chris@1295: User.delete_all(["admin = ? AND id <> ?", true, 1]) Chris@1295: Chris@1295: with_settings :unsubscribe => '1' do Chris@1295: assert_equal false, User.find(1).own_account_deletable? Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: def test_own_account_deletable_should_be_true_for_an_admin_if_other_admin_exists Chris@1295: User.generate! do |user| Chris@1295: user.admin = true Chris@1295: end Chris@1295: Chris@1295: with_settings :unsubscribe => '1' do Chris@1295: assert_equal true, User.find(1).own_account_deletable? Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: context "#allowed_to?" do Chris@1295: context "with a unique project" do Chris@1295: should "return false if project is archived" do Chris@1295: project = Project.find(1) Chris@1295: Project.any_instance.stubs(:status).returns(Project::STATUS_ARCHIVED) Chris@1295: assert_equal false, @admin.allowed_to?(:view_issues, Project.find(1)) Chris@1295: end Chris@1295: Chris@1295: should "return false for write action if project is closed" do Chris@1295: project = Project.find(1) Chris@1295: Project.any_instance.stubs(:status).returns(Project::STATUS_CLOSED) Chris@1295: assert_equal false, @admin.allowed_to?(:edit_project, Project.find(1)) Chris@1295: end Chris@1295: Chris@1295: should "return true for read action if project is closed" do Chris@1295: project = Project.find(1) Chris@1295: Project.any_instance.stubs(:status).returns(Project::STATUS_CLOSED) Chris@1295: assert_equal true, @admin.allowed_to?(:view_project, Project.find(1)) Chris@1295: end Chris@1295: Chris@1295: should "return false if related module is disabled" do Chris@1295: project = Project.find(1) Chris@1295: project.enabled_module_names = ["issue_tracking"] Chris@1295: assert_equal true, @admin.allowed_to?(:add_issues, project) Chris@1295: assert_equal false, @admin.allowed_to?(:view_wiki_pages, project) Chris@1295: end Chris@1295: Chris@1295: should "authorize nearly everything for admin users" do Chris@1295: project = Project.find(1) Chris@1295: assert ! @admin.member_of?(project) Chris@1295: %w(edit_issues delete_issues manage_news manage_documents manage_wiki).each do |p| Chris@1295: assert_equal true, @admin.allowed_to?(p.to_sym, project) Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: should "authorize normal users depending on their roles" do Chris@1295: project = Project.find(1) Chris@1295: assert_equal true, @jsmith.allowed_to?(:delete_messages, project) #Manager Chris@1295: assert_equal false, @dlopper.allowed_to?(:delete_messages, project) #Developper Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: context "with multiple projects" do Chris@1295: should "return false if array is empty" do Chris@1295: assert_equal false, @admin.allowed_to?(:view_project, []) Chris@1295: end Chris@1295: Chris@1295: should "return true only if user has permission on all these projects" do Chris@1295: assert_equal true, @admin.allowed_to?(:view_project, Project.all) Chris@1295: assert_equal false, @dlopper.allowed_to?(:view_project, Project.all) #cannot see Project(2) Chris@1295: assert_equal true, @jsmith.allowed_to?(:edit_issues, @jsmith.projects) #Manager or Developer everywhere Chris@1295: assert_equal false, @jsmith.allowed_to?(:delete_issue_watchers, @jsmith.projects) #Dev cannot delete_issue_watchers Chris@1295: end Chris@1295: Chris@1295: should "behave correctly with arrays of 1 project" do Chris@1295: assert_equal false, User.anonymous.allowed_to?(:delete_issues, [Project.first]) Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: context "with options[:global]" do Chris@1295: should "authorize if user has at least one role that has this permission" do Chris@1295: @dlopper2 = User.find(5) #only Developper on a project, not Manager anywhere Chris@1295: @anonymous = User.find(6) Chris@1295: assert_equal true, @jsmith.allowed_to?(:delete_issue_watchers, nil, :global => true) Chris@1295: assert_equal false, @dlopper2.allowed_to?(:delete_issue_watchers, nil, :global => true) Chris@1295: assert_equal true, @dlopper2.allowed_to?(:add_issues, nil, :global => true) Chris@1295: assert_equal false, @anonymous.allowed_to?(:add_issues, nil, :global => true) Chris@1295: assert_equal true, @anonymous.allowed_to?(:view_issues, nil, :global => true) Chris@1295: end Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: context "User#notify_about?" do Chris@1295: context "Issues" do Chris@1295: setup do Chris@1295: @project = Project.find(1) Chris@1295: @author = User.generate! Chris@1295: @assignee = User.generate! Chris@1295: @issue = Issue.generate!(:project => @project, :assigned_to => @assignee, :author => @author) Chris@1295: end Chris@1295: Chris@1295: should "be true for a user with :all" do Chris@1295: @author.update_attribute(:mail_notification, 'all') Chris@1295: assert @author.notify_about?(@issue) Chris@1295: end Chris@1295: Chris@1295: should "be false for a user with :none" do Chris@1295: @author.update_attribute(:mail_notification, 'none') Chris@1295: assert ! @author.notify_about?(@issue) Chris@1295: end Chris@1295: Chris@1295: should "be false for a user with :only_my_events and isn't an author, creator, or assignee" do Chris@1295: @user = User.generate!(:mail_notification => 'only_my_events') Chris@1295: Member.create!(:user => @user, :project => @project, :role_ids => [1]) Chris@1295: assert ! @user.notify_about?(@issue) Chris@1295: end Chris@1295: Chris@1295: should "be true for a user with :only_my_events and is the author" do Chris@1295: @author.update_attribute(:mail_notification, 'only_my_events') Chris@1295: assert @author.notify_about?(@issue) Chris@1295: end Chris@1295: Chris@1295: should "be true for a user with :only_my_events and is the assignee" do Chris@1295: @assignee.update_attribute(:mail_notification, 'only_my_events') Chris@1295: assert @assignee.notify_about?(@issue) Chris@1295: end Chris@1295: Chris@1295: should "be true for a user with :only_assigned and is the assignee" do Chris@1295: @assignee.update_attribute(:mail_notification, 'only_assigned') Chris@1295: assert @assignee.notify_about?(@issue) Chris@1295: end Chris@1295: Chris@1295: should "be false for a user with :only_assigned and is not the assignee" do Chris@1295: @author.update_attribute(:mail_notification, 'only_assigned') Chris@1295: assert ! @author.notify_about?(@issue) Chris@1295: end Chris@1295: Chris@1295: should "be true for a user with :only_owner and is the author" do Chris@1295: @author.update_attribute(:mail_notification, 'only_owner') Chris@1295: assert @author.notify_about?(@issue) Chris@1295: end Chris@1295: Chris@1295: should "be false for a user with :only_owner and is not the author" do Chris@1295: @assignee.update_attribute(:mail_notification, 'only_owner') Chris@1295: assert ! @assignee.notify_about?(@issue) Chris@1295: end Chris@1295: Chris@1295: should "be true for a user with :selected and is the author" do Chris@1295: @author.update_attribute(:mail_notification, 'selected') Chris@1295: assert @author.notify_about?(@issue) Chris@1295: end Chris@1295: Chris@1295: should "be true for a user with :selected and is the assignee" do Chris@1295: @assignee.update_attribute(:mail_notification, 'selected') Chris@1295: assert @assignee.notify_about?(@issue) Chris@1295: end Chris@1295: Chris@1295: should "be false for a user with :selected and is not the author or assignee" do Chris@1295: @user = User.generate!(:mail_notification => 'selected') Chris@1295: Member.create!(:user => @user, :project => @project, :role_ids => [1]) Chris@1295: assert ! @user.notify_about?(@issue) Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: context "other events" do Chris@1295: should 'be added and tested' Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: def test_salt_unsalted_passwords Chris@1295: # Restore a user with an unsalted password Chris@1295: user = User.find(1) Chris@1295: user.salt = nil Chris@1295: user.hashed_password = User.hash_password("unsalted") Chris@1295: user.save! Chris@1295: Chris@1295: User.salt_unsalted_passwords! Chris@1295: Chris@1295: user.reload Chris@1295: # Salt added Chris@1295: assert !user.salt.blank? Chris@1295: # Password still valid Chris@1295: assert user.check_password?("unsalted") Chris@1295: assert_equal user, User.try_to_login(user.login, "unsalted") Chris@1295: end Chris@1295: Chris@1295: if Object.const_defined?(:OpenID) Chris@1295: Chris@1295: def test_setting_identity_url Chris@1295: normalized_open_id_url = 'http://example.com/' Chris@1295: u = User.new( :identity_url => 'http://example.com/' ) Chris@1295: assert_equal normalized_open_id_url, u.identity_url Chris@1295: end Chris@1295: Chris@1295: def test_setting_identity_url_without_trailing_slash Chris@1295: normalized_open_id_url = 'http://example.com/' Chris@1295: u = User.new( :identity_url => 'http://example.com' ) Chris@1295: assert_equal normalized_open_id_url, u.identity_url Chris@1295: end Chris@1295: Chris@1295: def test_setting_identity_url_without_protocol Chris@1295: normalized_open_id_url = 'http://example.com/' Chris@1295: u = User.new( :identity_url => 'example.com' ) Chris@1295: assert_equal normalized_open_id_url, u.identity_url Chris@1295: end Chris@1295: Chris@1295: def test_setting_blank_identity_url Chris@1295: u = User.new( :identity_url => 'example.com' ) Chris@1295: u.identity_url = '' Chris@1295: assert u.identity_url.blank? Chris@1295: end Chris@1295: Chris@1295: def test_setting_invalid_identity_url Chris@1295: u = User.new( :identity_url => 'this is not an openid url' ) Chris@1295: assert u.identity_url.blank? Chris@1295: end Chris@1295: Chris@1295: else Chris@1295: puts "Skipping openid tests." Chris@1295: end Chris@1295: Chris@1295: end