Chris@1517: # Redmine - project management software Chris@1517: # Copyright (C) 2006-2014 Jean-Philippe Lang Chris@1517: # Chris@1517: # This program is free software; you can redistribute it and/or Chris@1517: # modify it under the terms of the GNU General Public License Chris@1517: # as published by the Free Software Foundation; either version 2 Chris@1517: # of the License, or (at your option) any later version. Chris@1517: # Chris@1517: # This program is distributed in the hope that it will be useful, Chris@1517: # but WITHOUT ANY WARRANTY; without even the implied warranty of Chris@1517: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Chris@1517: # GNU General Public License for more details. Chris@1517: # Chris@1517: # You should have received a copy of the GNU General Public License Chris@1517: # along with this program; if not, write to the Free Software Chris@1517: # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Chris@1517: Chris@1517: require File.expand_path('../../test_helper', __FILE__) Chris@1517: Chris@1517: class AccountControllerTest < ActionController::TestCase Chris@1517: fixtures :users, :roles Chris@1517: Chris@1517: def setup Chris@1517: User.current = nil Chris@1517: end Chris@1517: Chris@1517: def test_get_login Chris@1517: get :login Chris@1517: assert_response :success Chris@1517: assert_template 'login' Chris@1517: Chris@1517: assert_select 'input[name=username]' Chris@1517: assert_select 'input[name=password]' Chris@1517: end Chris@1517: Chris@1517: def test_get_login_while_logged_in_should_redirect_to_back_url_if_present Chris@1517: @request.session[:user_id] = 2 Chris@1517: @request.env["HTTP_REFERER"] = 'http://test.host/issues/show/1' Chris@1517: Chris@1517: get :login, :back_url => 'http://test.host/issues/show/1' Chris@1517: assert_redirected_to '/issues/show/1' Chris@1517: assert_equal 2, @request.session[:user_id] Chris@1517: end Chris@1517: Chris@1517: def test_get_login_while_logged_in_should_redirect_to_referer_without_back_url Chris@1517: @request.session[:user_id] = 2 Chris@1517: @request.env["HTTP_REFERER"] = 'http://test.host/issues/show/1' Chris@1517: Chris@1517: get :login Chris@1517: assert_redirected_to '/issues/show/1' Chris@1517: assert_equal 2, @request.session[:user_id] Chris@1517: end Chris@1517: Chris@1517: def test_get_login_while_logged_in_should_redirect_to_home_by_default Chris@1517: @request.session[:user_id] = 2 Chris@1517: Chris@1517: get :login Chris@1517: assert_redirected_to '/' Chris@1517: assert_equal 2, @request.session[:user_id] Chris@1517: end Chris@1517: Chris@1517: def test_login_should_redirect_to_back_url_param Chris@1517: # request.uri is "test.host" in test environment Chris@1517: back_urls = [ Chris@1517: 'http://test.host/issues/show/1', Chris@1517: '/' Chris@1517: ] Chris@1517: back_urls.each do |back_url| Chris@1517: post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url Chris@1517: assert_redirected_to back_url Chris@1517: end Chris@1517: end Chris@1517: Chris@1517: def test_login_with_suburi_should_redirect_to_back_url_param Chris@1517: @relative_url_root = ApplicationController.relative_url_root Chris@1517: ApplicationController.relative_url_root = '/redmine' Chris@1517: Chris@1517: back_urls = [ Chris@1517: 'http://test.host/redmine/issues/show/1', Chris@1517: '/redmine' Chris@1517: ] Chris@1517: back_urls.each do |back_url| Chris@1517: post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url Chris@1517: assert_redirected_to back_url Chris@1517: end Chris@1517: ensure Chris@1517: ApplicationController.relative_url_root = @relative_url_root Chris@1517: end Chris@1517: Chris@1517: def test_login_should_not_redirect_to_another_host Chris@1517: back_urls = [ Chris@1517: 'http://test.foo/fake', Chris@1517: '//test.foo/fake' Chris@1517: ] Chris@1517: back_urls.each do |back_url| Chris@1517: post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url Chris@1517: assert_redirected_to '/my/page' Chris@1517: end Chris@1517: end Chris@1517: Chris@1517: def test_login_with_suburi_should_not_redirect_to_another_suburi Chris@1517: @relative_url_root = ApplicationController.relative_url_root Chris@1517: ApplicationController.relative_url_root = '/redmine' Chris@1517: Chris@1517: back_urls = [ Chris@1517: 'http://test.host/', Chris@1517: 'http://test.host/fake', Chris@1517: 'http://test.host/fake/issues', Chris@1517: 'http://test.host/redmine/../fake', Chris@1517: 'http://test.host/redmine/../fake/issues', Chris@1517: 'http://test.host/redmine/%2e%2e/fake' Chris@1517: ] Chris@1517: back_urls.each do |back_url| Chris@1517: post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url Chris@1517: assert_redirected_to '/my/page' Chris@1517: end Chris@1517: ensure Chris@1517: ApplicationController.relative_url_root = @relative_url_root Chris@1517: end Chris@1517: Chris@1517: def test_login_with_wrong_password Chris@1517: post :login, :username => 'admin', :password => 'bad' Chris@1517: assert_response :success Chris@1517: assert_template 'login' Chris@1517: Chris@1517: assert_select 'div.flash.error', :text => /Invalid user or password/ Chris@1517: assert_select 'input[name=username][value=admin]' Chris@1517: assert_select 'input[name=password]' Chris@1517: assert_select 'input[name=password][value]', 0 Chris@1517: end Chris@1517: Chris@1517: def test_login_with_locked_account_should_fail Chris@1517: User.find(2).update_attribute :status, User::STATUS_LOCKED Chris@1517: Chris@1517: post :login, :username => 'jsmith', :password => 'jsmith' Chris@1517: assert_redirected_to '/login' Chris@1517: assert_include 'locked', flash[:error] Chris@1517: assert_nil @request.session[:user_id] Chris@1517: end Chris@1517: Chris@1517: def test_login_as_registered_user_with_manual_activation_should_inform_user Chris@1517: User.find(2).update_attribute :status, User::STATUS_REGISTERED Chris@1517: Chris@1517: with_settings :self_registration => '2', :default_language => 'en' do Chris@1517: post :login, :username => 'jsmith', :password => 'jsmith' Chris@1517: assert_redirected_to '/login' Chris@1517: assert_include 'pending administrator approval', flash[:error] Chris@1517: end Chris@1517: end Chris@1517: Chris@1517: def test_login_as_registered_user_with_email_activation_should_propose_new_activation_email Chris@1517: User.find(2).update_attribute :status, User::STATUS_REGISTERED Chris@1517: Chris@1517: with_settings :self_registration => '1', :default_language => 'en' do Chris@1517: post :login, :username => 'jsmith', :password => 'jsmith' Chris@1517: assert_redirected_to '/login' Chris@1517: assert_equal 2, @request.session[:registered_user_id] Chris@1517: assert_include 'new activation email', flash[:error] Chris@1517: end Chris@1517: end Chris@1517: Chris@1517: def test_login_should_rescue_auth_source_exception Chris@1517: source = AuthSource.create!(:name => 'Test') Chris@1517: User.find(2).update_attribute :auth_source_id, source.id Chris@1517: AuthSource.any_instance.stubs(:authenticate).raises(AuthSourceException.new("Something wrong")) Chris@1517: Chris@1517: post :login, :username => 'jsmith', :password => 'jsmith' Chris@1517: assert_response 500 Chris@1517: assert_error_tag :content => /Something wrong/ Chris@1517: end Chris@1517: Chris@1517: def test_login_should_reset_session Chris@1517: @controller.expects(:reset_session).once Chris@1517: Chris@1517: post :login, :username => 'jsmith', :password => 'jsmith' Chris@1517: assert_response 302 Chris@1517: end Chris@1517: Chris@1517: def test_get_logout_should_not_logout Chris@1517: @request.session[:user_id] = 2 Chris@1517: get :logout Chris@1517: assert_response :success Chris@1517: assert_template 'logout' Chris@1517: Chris@1517: assert_equal 2, @request.session[:user_id] Chris@1517: end Chris@1517: Chris@1517: def test_get_logout_with_anonymous_should_redirect Chris@1517: get :logout Chris@1517: assert_redirected_to '/' Chris@1517: end Chris@1517: Chris@1517: def test_logout Chris@1517: @request.session[:user_id] = 2 Chris@1517: post :logout Chris@1517: assert_redirected_to '/' Chris@1517: assert_nil @request.session[:user_id] Chris@1517: end Chris@1517: Chris@1517: def test_logout_should_reset_session Chris@1517: @controller.expects(:reset_session).once Chris@1517: Chris@1517: @request.session[:user_id] = 2 Chris@1517: post :logout Chris@1517: assert_response 302 Chris@1517: end Chris@1517: Chris@1517: def test_get_register_with_registration_on Chris@1517: with_settings :self_registration => '3' do Chris@1517: get :register Chris@1517: assert_response :success Chris@1517: assert_template 'register' Chris@1517: assert_not_nil assigns(:user) Chris@1517: Chris@1517: assert_select 'input[name=?]', 'user[password]' Chris@1517: assert_select 'input[name=?]', 'user[password_confirmation]' Chris@1517: end Chris@1517: end Chris@1517: Chris@1517: def test_get_register_should_detect_user_language Chris@1517: with_settings :self_registration => '3' do Chris@1517: @request.env['HTTP_ACCEPT_LANGUAGE'] = 'fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3' Chris@1517: get :register Chris@1517: assert_response :success Chris@1517: assert_not_nil assigns(:user) Chris@1517: assert_equal 'fr', assigns(:user).language Chris@1517: assert_select 'select[name=?]', 'user[language]' do Chris@1517: assert_select 'option[value=fr][selected=selected]' Chris@1517: end Chris@1517: end Chris@1517: end Chris@1517: Chris@1517: def test_get_register_with_registration_off_should_redirect Chris@1517: with_settings :self_registration => '0' do Chris@1517: get :register Chris@1517: assert_redirected_to '/' Chris@1517: end Chris@1517: end Chris@1517: Chris@1517: # See integration/account_test.rb for the full test Chris@1517: def test_post_register_with_registration_on Chris@1517: with_settings :self_registration => '3' do Chris@1517: assert_difference 'User.count' do Chris@1517: post :register, :user => { Chris@1517: :login => 'register', Chris@1517: :password => 'secret123', Chris@1517: :password_confirmation => 'secret123', Chris@1517: :firstname => 'John', Chris@1517: :lastname => 'Doe', Chris@1517: :mail => 'register@example.com' Chris@1517: } Chris@1517: assert_redirected_to '/my/account' Chris@1517: end Chris@1517: user = User.order('id DESC').first Chris@1517: assert_equal 'register', user.login Chris@1517: assert_equal 'John', user.firstname Chris@1517: assert_equal 'Doe', user.lastname Chris@1517: assert_equal 'register@example.com', user.mail Chris@1517: assert user.check_password?('secret123') Chris@1517: assert user.active? Chris@1517: end Chris@1517: end Chris@1517: Chris@1517: def test_post_register_with_registration_off_should_redirect Chris@1517: with_settings :self_registration => '0' do Chris@1517: assert_no_difference 'User.count' do Chris@1517: post :register, :user => { Chris@1517: :login => 'register', Chris@1517: :password => 'test', Chris@1517: :password_confirmation => 'test', Chris@1517: :firstname => 'John', Chris@1517: :lastname => 'Doe', Chris@1517: :mail => 'register@example.com' Chris@1517: } Chris@1517: assert_redirected_to '/' Chris@1517: end Chris@1517: end Chris@1517: end Chris@1517: Chris@1517: def test_get_lost_password_should_display_lost_password_form Chris@1517: get :lost_password Chris@1517: assert_response :success Chris@1517: assert_select 'input[name=mail]' Chris@1517: end Chris@1517: Chris@1517: def test_lost_password_for_active_user_should_create_a_token Chris@1517: Token.delete_all Chris@1517: ActionMailer::Base.deliveries.clear Chris@1517: assert_difference 'ActionMailer::Base.deliveries.size' do Chris@1517: assert_difference 'Token.count' do Chris@1517: with_settings :host_name => 'mydomain.foo', :protocol => 'http' do Chris@1517: post :lost_password, :mail => 'JSmith@somenet.foo' Chris@1517: assert_redirected_to '/login' Chris@1517: end Chris@1517: end Chris@1517: end Chris@1517: Chris@1517: token = Token.order('id DESC').first Chris@1517: assert_equal User.find(2), token.user Chris@1517: assert_equal 'recovery', token.action Chris@1517: Chris@1517: assert_select_email do Chris@1517: assert_select "a[href=?]", "http://mydomain.foo/account/lost_password?token=#{token.value}" Chris@1517: end Chris@1517: end Chris@1517: Chris@1517: def test_lost_password_for_unknown_user_should_fail Chris@1517: Token.delete_all Chris@1517: assert_no_difference 'Token.count' do Chris@1517: post :lost_password, :mail => 'invalid@somenet.foo' Chris@1517: assert_response :success Chris@1517: end Chris@1517: end Chris@1517: Chris@1517: def test_lost_password_for_non_active_user_should_fail Chris@1517: Token.delete_all Chris@1517: assert User.find(2).lock! Chris@1517: Chris@1517: assert_no_difference 'Token.count' do Chris@1517: post :lost_password, :mail => 'JSmith@somenet.foo' Chris@1517: assert_redirected_to '/account/lost_password' Chris@1517: end Chris@1517: end Chris@1517: Chris@1517: def test_lost_password_for_user_who_cannot_change_password_should_fail Chris@1517: User.any_instance.stubs(:change_password_allowed?).returns(false) Chris@1517: Chris@1517: assert_no_difference 'Token.count' do Chris@1517: post :lost_password, :mail => 'JSmith@somenet.foo' Chris@1517: assert_response :success Chris@1517: end Chris@1517: end Chris@1517: Chris@1517: def test_get_lost_password_with_token_should_display_the_password_recovery_form Chris@1517: user = User.find(2) Chris@1517: token = Token.create!(:action => 'recovery', :user => user) Chris@1517: Chris@1517: get :lost_password, :token => token.value Chris@1517: assert_response :success Chris@1517: assert_template 'password_recovery' Chris@1517: Chris@1517: assert_select 'input[type=hidden][name=token][value=?]', token.value Chris@1517: end Chris@1517: Chris@1517: def test_get_lost_password_with_invalid_token_should_redirect Chris@1517: get :lost_password, :token => "abcdef" Chris@1517: assert_redirected_to '/' Chris@1517: end Chris@1517: Chris@1517: def test_post_lost_password_with_token_should_change_the_user_password Chris@1517: user = User.find(2) Chris@1517: token = Token.create!(:action => 'recovery', :user => user) Chris@1517: Chris@1517: post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123' Chris@1517: assert_redirected_to '/login' Chris@1517: user.reload Chris@1517: assert user.check_password?('newpass123') Chris@1517: assert_nil Token.find_by_id(token.id), "Token was not deleted" Chris@1517: end Chris@1517: Chris@1517: def test_post_lost_password_with_token_for_non_active_user_should_fail Chris@1517: user = User.find(2) Chris@1517: token = Token.create!(:action => 'recovery', :user => user) Chris@1517: user.lock! Chris@1517: Chris@1517: post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123' Chris@1517: assert_redirected_to '/' Chris@1517: assert ! user.check_password?('newpass123') Chris@1517: end Chris@1517: Chris@1517: def test_post_lost_password_with_token_and_password_confirmation_failure_should_redisplay_the_form Chris@1517: user = User.find(2) Chris@1517: token = Token.create!(:action => 'recovery', :user => user) Chris@1517: Chris@1517: post :lost_password, :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'wrongpass' Chris@1517: assert_response :success Chris@1517: assert_template 'password_recovery' Chris@1517: assert_not_nil Token.find_by_id(token.id), "Token was deleted" Chris@1517: Chris@1517: assert_select 'input[type=hidden][name=token][value=?]', token.value Chris@1517: end Chris@1517: Chris@1517: def test_post_lost_password_with_invalid_token_should_redirect Chris@1517: post :lost_password, :token => "abcdef", :new_password => 'newpass', :new_password_confirmation => 'newpass' Chris@1517: assert_redirected_to '/' Chris@1517: end Chris@1517: Chris@1517: def test_activation_email_should_send_an_activation_email Chris@1517: User.find(2).update_attribute :status, User::STATUS_REGISTERED Chris@1517: @request.session[:registered_user_id] = 2 Chris@1517: Chris@1517: with_settings :self_registration => '1' do Chris@1517: assert_difference 'ActionMailer::Base.deliveries.size' do Chris@1517: get :activation_email Chris@1517: assert_redirected_to '/login' Chris@1517: end Chris@1517: end Chris@1517: end Chris@1517: Chris@1517: def test_activation_email_without_session_data_should_fail Chris@1517: User.find(2).update_attribute :status, User::STATUS_REGISTERED Chris@1517: Chris@1517: with_settings :self_registration => '1' do Chris@1517: assert_no_difference 'ActionMailer::Base.deliveries.size' do Chris@1517: get :activation_email Chris@1517: assert_redirected_to '/' Chris@1517: end Chris@1517: end Chris@1517: end Chris@1517: end