Chris@909: # Redmine - project management software Chris@1295: # Copyright (C) 2006-2013 Jean-Philippe Lang Chris@0: # Chris@0: # This program is free software; you can redistribute it and/or Chris@0: # modify it under the terms of the GNU General Public License Chris@0: # as published by the Free Software Foundation; either version 2 Chris@0: # of the License, or (at your option) any later version. Chris@909: # Chris@0: # This program is distributed in the hope that it will be useful, Chris@0: # but WITHOUT ANY WARRANTY; without even the implied warranty of Chris@0: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Chris@0: # GNU General Public License for more details. Chris@909: # Chris@0: # You should have received a copy of the GNU General Public License Chris@0: # along with this program; if not, write to the Free Software Chris@0: # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Chris@0: Chris@119: require File.expand_path('../../test_helper', __FILE__) Chris@0: Chris@0: class AccountControllerTest < ActionController::TestCase Chris@0: fixtures :users, :roles Chris@909: Chris@0: def setup Chris@0: User.current = nil Chris@0: end Chris@909: Chris@1115: def test_get_login Chris@1115: get :login Chris@1115: assert_response :success Chris@1115: assert_template 'login' Chris@1115: Chris@1115: assert_select 'input[name=username]' Chris@1115: assert_select 'input[name=password]' Chris@1115: end Chris@1115: Chris@1295: def test_get_login_while_logged_in_should_redirect_to_home Chris@1295: @request.session[:user_id] = 2 Chris@1295: Chris@1295: get :login Chris@1295: assert_redirected_to '/' Chris@1295: assert_equal 2, @request.session[:user_id] Chris@1295: end Chris@1295: Chris@0: def test_login_should_redirect_to_back_url_param Chris@0: # request.uri is "test.host" in test environment Chris@1115: post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.host/issues/show/1' Chris@0: assert_redirected_to '/issues/show/1' Chris@0: end Chris@909: Chris@0: def test_login_should_not_redirect_to_another_host Chris@1115: post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.foo/fake' Chris@0: assert_redirected_to '/my/page' Chris@0: end Chris@0: Chris@0: def test_login_with_wrong_password Chris@0: post :login, :username => 'admin', :password => 'bad' Chris@0: assert_response :success Chris@0: assert_template 'login' Chris@1115: Chris@1115: assert_select 'div.flash.error', :text => /Invalid user or password/ Chris@1115: assert_select 'input[name=username][value=admin]' Chris@1115: assert_select 'input[name=password]' Chris@1115: assert_select 'input[name=password][value]', 0 Chris@0: end Chris@909: Chris@1115: def test_login_should_rescue_auth_source_exception Chris@1115: source = AuthSource.create!(:name => 'Test') Chris@1115: User.find(2).update_attribute :auth_source_id, source.id Chris@1115: AuthSource.any_instance.stubs(:authenticate).raises(AuthSourceException.new("Something wrong")) Chris@909: Chris@1115: post :login, :username => 'jsmith', :password => 'jsmith' Chris@1115: assert_response 500 Chris@1115: assert_error_tag :content => /Something wrong/ Chris@0: end Chris@0: Chris@1115: def test_login_should_reset_session Chris@1115: @controller.expects(:reset_session).once Chris@909: Chris@1115: post :login, :username => 'jsmith', :password => 'jsmith' Chris@1115: assert_response 302 Chris@0: end Chris@909: Chris@1295: def test_get_logout_should_not_logout Chris@1295: @request.session[:user_id] = 2 Chris@1295: get :logout Chris@1295: assert_response :success Chris@1295: assert_template 'logout' Chris@1295: Chris@1295: assert_equal 2, @request.session[:user_id] Chris@1295: end Chris@1295: Chris@0: def test_logout Chris@0: @request.session[:user_id] = 2 Chris@1295: post :logout chris@37: assert_redirected_to '/' Chris@0: assert_nil @request.session[:user_id] Chris@0: end Chris@14: Chris@1115: def test_logout_should_reset_session Chris@1115: @controller.expects(:reset_session).once Chris@909: Chris@1115: @request.session[:user_id] = 2 Chris@1295: post :logout Chris@1115: assert_response 302 Chris@1115: end Chris@1115: Chris@1115: def test_get_register_with_registration_on Chris@1115: with_settings :self_registration => '3' do Chris@1115: get :register Chris@1115: assert_response :success Chris@1115: assert_template 'register' Chris@1115: assert_not_nil assigns(:user) Chris@1115: Chris@1295: assert_select 'input[name=?]', 'user[password]' Chris@1295: assert_select 'input[name=?]', 'user[password_confirmation]' Chris@1295: end Chris@1295: end Chris@1295: Chris@1295: def test_get_register_should_detect_user_language Chris@1295: with_settings :self_registration => '3' do Chris@1295: @request.env['HTTP_ACCEPT_LANGUAGE'] = 'fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3' Chris@1295: get :register Chris@1295: assert_response :success Chris@1295: assert_not_nil assigns(:user) Chris@1295: assert_equal 'fr', assigns(:user).language Chris@1295: assert_select 'select[name=?]', 'user[language]' do Chris@1295: assert_select 'option[value=fr][selected=selected]' Chris@1295: end Chris@14: end Chris@1115: end Chris@909: Chris@1115: def test_get_register_with_registration_off_should_redirect Chris@1115: with_settings :self_registration => '0' do Chris@1115: get :register Chris@1115: assert_redirected_to '/' Chris@14: end Chris@14: end Chris@14: Chris@14: # See integration/account_test.rb for the full test Chris@1115: def test_post_register_with_registration_on Chris@1115: with_settings :self_registration => '3' do Chris@1115: assert_difference 'User.count' do Chris@1115: post :register, :user => { Chris@1115: :login => 'register', Chris@1115: :password => 'secret123', Chris@1115: :password_confirmation => 'secret123', Chris@1115: :firstname => 'John', Chris@1115: :lastname => 'Doe', Chris@1115: :mail => 'register@example.com' Chris@1115: } Chris@1115: assert_redirected_to '/my/account' Chris@1115: end Chris@1115: user = User.first(:order => 'id DESC') Chris@1115: assert_equal 'register', user.login Chris@1115: assert_equal 'John', user.firstname Chris@1115: assert_equal 'Doe', user.lastname Chris@1115: assert_equal 'register@example.com', user.mail Chris@1115: assert user.check_password?('secret123') Chris@1115: assert user.active? Chris@1115: end Chris@1115: end Chris@1115: Chris@1115: def test_post_register_with_registration_off_should_redirect Chris@1115: with_settings :self_registration => '0' do Chris@1115: assert_no_difference 'User.count' do Chris@14: post :register, :user => { Chris@14: :login => 'register', Chris@14: :password => 'test', Chris@14: :password_confirmation => 'test', Chris@14: :firstname => 'John', Chris@14: :lastname => 'Doe', Chris@14: :mail => 'register@example.com' Chris@14: } Chris@1115: assert_redirected_to '/' Chris@14: end Chris@1115: end Chris@1115: end Chris@909: Chris@1115: def test_get_lost_password_should_display_lost_password_form Chris@1115: get :lost_password Chris@1115: assert_response :success Chris@1115: assert_select 'input[name=mail]' Chris@1115: end Chris@14: Chris@1115: def test_lost_password_for_active_user_should_create_a_token Chris@1115: Token.delete_all Chris@1115: ActionMailer::Base.deliveries.clear Chris@1115: assert_difference 'ActionMailer::Base.deliveries.size' do Chris@1115: assert_difference 'Token.count' do Chris@1115: with_settings :host_name => 'mydomain.foo', :protocol => 'http' do Chris@1115: post :lost_password, :mail => 'JSmith@somenet.foo' Chris@1115: assert_redirected_to '/login' Chris@1115: end Chris@14: end Chris@14: end Chris@909: Chris@1115: token = Token.order('id DESC').first Chris@1115: assert_equal User.find(2), token.user Chris@1115: assert_equal 'recovery', token.action Chris@14: Chris@1115: assert_select_email do Chris@1115: assert_select "a[href=?]", "http://mydomain.foo/account/lost_password?token=#{token.value}" Chris@14: end Chris@14: end Chris@1115: Chris@1115: def test_lost_password_for_unknown_user_should_fail Chris@1115: Token.delete_all Chris@1115: assert_no_difference 'Token.count' do Chris@1115: post :lost_password, :mail => 'invalid@somenet.foo' Chris@1115: assert_response :success Chris@1115: end Chris@1115: end Chris@1115: Chris@1115: def test_lost_password_for_non_active_user_should_fail Chris@1115: Token.delete_all Chris@1115: assert User.find(2).lock! Chris@1115: Chris@1115: assert_no_difference 'Token.count' do Chris@1115: post :lost_password, :mail => 'JSmith@somenet.foo' Chris@1115: assert_response :success Chris@1115: end Chris@1115: end Chris@1115: Chris@1115: def test_get_lost_password_with_token_should_display_the_password_recovery_form Chris@1115: user = User.find(2) Chris@1115: token = Token.create!(:action => 'recovery', :user => user) Chris@1115: Chris@1115: get :lost_password, :token => token.value Chris@1115: assert_response :success Chris@1115: assert_template 'password_recovery' Chris@1115: Chris@1115: assert_select 'input[type=hidden][name=token][value=?]', token.value Chris@1115: end Chris@1115: Chris@1115: def test_get_lost_password_with_invalid_token_should_redirect Chris@1115: get :lost_password, :token => "abcdef" Chris@1115: assert_redirected_to '/' Chris@1115: end Chris@1115: Chris@1115: def test_post_lost_password_with_token_should_change_the_user_password Chris@1115: user = User.find(2) Chris@1115: token = Token.create!(:action => 'recovery', :user => user) Chris@1115: Chris@1115: post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123' Chris@1115: assert_redirected_to '/login' Chris@1115: user.reload Chris@1115: assert user.check_password?('newpass123') Chris@1115: assert_nil Token.find_by_id(token.id), "Token was not deleted" Chris@1115: end Chris@1115: Chris@1115: def test_post_lost_password_with_token_for_non_active_user_should_fail Chris@1115: user = User.find(2) Chris@1115: token = Token.create!(:action => 'recovery', :user => user) Chris@1115: user.lock! Chris@1115: Chris@1115: post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123' Chris@1115: assert_redirected_to '/' Chris@1115: assert ! user.check_password?('newpass123') Chris@1115: end Chris@1115: Chris@1115: def test_post_lost_password_with_token_and_password_confirmation_failure_should_redisplay_the_form Chris@1115: user = User.find(2) Chris@1115: token = Token.create!(:action => 'recovery', :user => user) Chris@1115: Chris@1115: post :lost_password, :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'wrongpass' Chris@1115: assert_response :success Chris@1115: assert_template 'password_recovery' Chris@1115: assert_not_nil Token.find_by_id(token.id), "Token was deleted" Chris@1115: Chris@1115: assert_select 'input[type=hidden][name=token][value=?]', token.value Chris@1115: end Chris@1115: Chris@1115: def test_post_lost_password_with_invalid_token_should_redirect Chris@1115: post :lost_password, :token => "abcdef", :new_password => 'newpass', :new_password_confirmation => 'newpass' Chris@1115: assert_redirected_to '/' Chris@1115: end Chris@0: end