--- /dev/null
+require File.dirname(__FILE__) + '/../test_helper'
+require_dependency 'user_controller'
+
+
+# Raise errors beyond the default web-based presentation
+class UserController; def rescue_action(e) raise e end; end
+
+class UserControllerTest < Test::Unit::TestCase
+
+ # load the fixture into the developer-specified table using the custom
+ # 'fixture' method.
+ fixture :users, :table_name => LoginEngine.config(:user_table), :class_name => "User"
+
+ def setup
+
+ LoginEngine::CONFIG[:salt] = "test-salt"
+
+ @controller = UserController.new
+ @request, @response = ActionController::TestRequest.new, ActionController::TestResponse.new
+ @request.host = "localhost"
+ end
+
+
+
+ #==========================================================================
+ #
+ # Login/Logout
+ #
+ #==========================================================================
+
+ def test_home_without_login
+ get :home
+ assert_redirected_to :action => "login"
+ end
+
+ def test_invalid_login
+ post :login, :user => { :login => "bob", :password => "wrong_password" }
+ assert_response :success
+
+ assert_session_has_no :user
+ assert_template "login"
+ end
+
+ def test_login
+ @request.session['return-to'] = "/bogus/location"
+
+ post :login, :user => { :login => "bob", :password => "atest" }
+
+ assert_response 302 # redirect
+ assert_session_has :user
+ assert_equal users(:bob), session[:user]
+
+ assert_redirect_url "http://#{@request.host}/bogus/location"
+ end
+
+ def test_login_logoff
+
+ post :login, :user => { :login => "bob", :password => "atest" }
+ assert_session_has :user
+
+ get :logout
+ assert_session_has_no :user
+
+ end
+
+
+ #==========================================================================
+ #
+ # Signup
+ #
+ #==========================================================================
+
+ def test_signup
+ LoginEngine::CONFIG[:use_email_notification] = true
+
+ ActionMailer::Base.deliveries = []
+
+ @request.session['return-to'] = "/bogus/location"
+
+ assert_equal 5, User.count
+ post :signup, :user => { :login => "newbob", :password => "newpassword", :password_confirmation => "newpassword", :email => "newbob@test.com" }
+ assert_session_has_no :user
+
+ assert_redirect_url(@controller.url_for(:action => "login"))
+ assert_equal 1, ActionMailer::Base.deliveries.size
+ mail = ActionMailer::Base.deliveries[0]
+ assert_equal "newbob@test.com", mail.to_addrs[0].to_s
+ assert_match /login:\s+\w+\n/, mail.encoded
+ assert_match /password:\s+\w+\n/, mail.encoded
+ #mail.encoded =~ /user_id=(.*?)&key=(.*?)"/
+ user_id = /user_id=(\d+)/.match(mail.encoded)[1]
+ key = /key=([a-z0-9]+)/.match(mail.encoded)[1]
+
+ assert_not_nil user_id
+ assert_not_nil key
+
+ user = User.find_by_email("newbob@test.com")
+ assert_not_nil user
+ assert_equal 0, user.verified
+
+ # First past the expiration.
+ Time.advance_by_days = 1
+ get :home, :user_id => "#{user_id}", :key => "#{key}"
+ Time.advance_by_days = 0
+ user = User.find_by_email("newbob@test.com")
+ assert_equal 0, user.verified
+
+ # Then a bogus key.
+ get :home, :user_id => "#{user_id}", :key => "boguskey"
+ user = User.find_by_email("newbob@test.com")
+ assert_equal 0, user.verified
+
+ # Now the real one.
+ get :home, :user_id => "#{user_id}", :key => "#{key}"
+ user = User.find_by_email("newbob@test.com")
+ assert_equal 1, user.verified
+
+ post :login, :user => { :login => "newbob", :password => "newpassword" }
+ assert_session_has :user
+ get :logout
+
+ end
+
+ def test_signup_bad_password
+ LoginEngine::CONFIG[:use_email_notification] = true
+ ActionMailer::Base.deliveries = []
+
+ @request.session['return-to'] = "/bogus/location"
+ post :signup, :user => { :login => "newbob", :password => "bad", :password_confirmation => "bad", :email => "newbob@test.com" }
+ assert_session_has_no :user
+ assert_invalid_column_on_record "user", "password"
+ assert_success
+ assert_equal 0, ActionMailer::Base.deliveries.size
+ end
+
+ def test_signup_bad_email
+ LoginEngine::CONFIG[:use_email_notification] = true
+ ActionMailer::Base.deliveries = []
+
+ @request.session['return-to'] = "/bogus/location"
+
+ ActionMailer::Base.inject_one_error = true
+ post :signup, :user => { :login => "newbob", :password => "newpassword", :password_confirmation => "newpassword", :email => "newbob@test.com" }
+ assert_session_has_no :user
+ assert_equal 0, ActionMailer::Base.deliveries.size
+ end
+
+ def test_signup_without_email
+ LoginEngine::CONFIG[:use_email_notification] = false
+
+ @request.session['return-to'] = "/bogus/location"
+
+ post :signup, :user => { :login => "newbob", :password => "newpassword", :password_confirmation => "newpassword", :email => "newbob@test.com" }
+
+ assert_redirect_url(@controller.url_for(:action => "login"))
+ assert_session_has_no :user
+ assert_match /Signup successful/, flash[:notice]
+
+ assert_not_nil User.find_by_login("newbob")
+
+ user = User.find_by_email("newbob@test.com")
+ assert_not_nil user
+
+ post :login, :user => { :login => "newbob", :password => "newpassword" }
+ assert_session_has :user
+ get :logout
+ end
+
+ def test_signup_bad_details
+ @request.session['return-to'] = "/bogus/location"
+
+ # mismatched password
+ post :signup, :user => { :login => "newbob", :password => "newpassword", :password_confirmation => "wrong" }
+ assert_invalid_column_on_record "user", "password"
+ assert_success
+
+ # login not long enough
+ post :signup, :user => { :login => "yo", :password => "newpassword", :password_confirmation => "newpassword" }
+ assert_invalid_column_on_record "user", "login"
+ assert_success
+
+ # both
+ post :signup, :user => { :login => "yo", :password => "newpassword", :password_confirmation => "wrong" }
+ assert_invalid_column_on_record "user", ["login", "password"]
+ assert_success
+
+ # existing user
+ post :signup, :user => { :login => "bob", :password => "doesnt_matter", :password_confirmation => "doesnt_matter" }
+ assert_invalid_column_on_record "user", "login"
+ assert_success
+
+ # existing email
+ post :signup, :user => { :login => "newbob", :email => "longbob@test.com", :password => "doesnt_matter", :password_confirmation => "doesnt_matter" }
+ assert_invalid_column_on_record "user", "email"
+ assert_success
+
+ end
+
+
+ #==========================================================================
+ #
+ # Edit
+ #
+ #==========================================================================
+
+ def test_edit
+ post :login, :user => { :login => "bob", :password => "atest" }
+ assert_session_has :user
+
+ post :edit, :user => { "firstname" => "Bob", "form" => "edit" }
+ assert_equal @response.session[:user].firstname, "Bob"
+
+ post :edit, :user => { "firstname" => "", "form" => "edit" }
+ assert_equal @response.session[:user].firstname, ""
+
+ get :logout
+ end
+
+
+
+ #==========================================================================
+ #
+ # Delete
+ #
+ #==========================================================================
+
+ def test_delete
+ LoginEngine::CONFIG[:use_email_notification] = true
+ # Immediate delete
+ post :login, :user => { :login => "deletebob1", :password => "alongtest" }
+ assert_session_has :user
+
+ LoginEngine.config :delayed_delete, false, :force
+ post :delete
+ assert_equal 1, ActionMailer::Base.deliveries.size
+ assert_session_has_no :user
+
+ # try and login in again, we should fail.
+ post :login, :user => { :login => "deletebob1", :password => "alongtest" }
+ assert_session_has_no :user
+ assert_template_has "login"
+
+
+ # Now try delayed delete
+ ActionMailer::Base.deliveries = []
+
+ post :login, :user => { :login => "deletebob2", :password => "alongtest" }
+ assert_session_has :user
+
+ LoginEngine.config :delayed_delete, true, :force
+ post :delete
+ assert_equal 1, ActionMailer::Base.deliveries.size
+ mail = ActionMailer::Base.deliveries[0]
+ user_id = /user_id=(\d+)/.match(mail.encoded)[1]
+ key = /key=([a-z0-9]+)/.match(mail.encoded)[1]
+
+ post :restore_deleted, :user_id => "#{user_id}", "key" => "badkey"
+ assert_session_has_no :user
+
+ # Advance the time past the delete date
+ Time.advance_by_days = LoginEngine.config :delayed_delete_days
+ post :restore_deleted, :user_id => "#{user_id}", "key" => "#{key}"
+ assert_session_has_no :user
+ Time.advance_by_days = 0
+
+ post :restore_deleted, :user_id => "#{user_id}", "key" => "#{key}"
+ assert_session_has :user
+ end
+
+ def test_delete_without_email
+ LoginEngine::CONFIG[:use_email_notification] = false
+ ActionMailer::Base.deliveries = []
+
+ # Immediate delete
+ post :login, :user => { :login => "deletebob1", :password => "alongtest" }
+ assert_session_has :user
+
+ LoginEngine.config :delayed_delete, false, :force
+ post :delete
+ assert_session_has_no :user
+ assert_nil User.find_by_login("deletebob1")
+
+ # try and login in again, we should fail.
+ post :login, :user => { :login => "deletebob1", :password => "alongtest" }
+ assert_session_has_no :user
+ assert_template_has "login"
+
+
+ # Now try delayed delete
+ ActionMailer::Base.deliveries = []
+
+ post :login, :user => { :login => "deletebob2", :password => "alongtest" }
+ assert_session_has :user
+
+ # delayed delete is not really relevant currently without email.
+ LoginEngine.config :delayed_delete, true, :force
+ post :delete
+ assert_equal 1, User.find_by_login("deletebob2").deleted
+ end
+
+
+
+ #==========================================================================
+ #
+ # Change Password
+ #
+ #==========================================================================
+
+ def test_change_valid_password
+
+ LoginEngine::CONFIG[:use_email_notification] = true
+
+ ActionMailer::Base.deliveries = []
+
+ post :login, :user => { :login => "bob", :password => "atest" }
+ assert_session_has :user
+
+ post :change_password, :user => { :password => "changed_password", :password_confirmation => "changed_password" }
+
+ assert_equal 1, ActionMailer::Base.deliveries.size
+ mail = ActionMailer::Base.deliveries[0]
+ assert_equal "bob@test.com", mail.to_addrs[0].to_s
+ assert_match /login:\s+\w+\n/, mail.encoded
+ assert_match /password:\s+\w+\n/, mail.encoded
+
+ post :login, :user => { :login => "bob", :password => "changed_password" }
+ assert_session_has :user
+ post :change_password, :user => { :password => "atest", :password_confirmation => "atest" }
+ get :logout
+
+ post :login, :user => { :login => "bob", :password => "atest" }
+ assert_session_has :user
+
+ get :logout
+ end
+
+ def test_change_valid_password_without_email
+
+ LoginEngine::CONFIG[:use_email_notification] = false
+
+ ActionMailer::Base.deliveries = []
+
+ post :login, :user => { :login => "bob", :password => "atest" }
+ assert_session_has :user
+
+ post :change_password, :user => { :password => "changed_password", :password_confirmation => "changed_password" }
+
+ assert_redirected_to :action => "change_password"
+
+ post :login, :user => { :login => "bob", :password => "changed_password" }
+ assert_session_has :user
+ post :change_password, :user => { :password => "atest", :password_confirmation => "atest" }
+ get :logout
+
+ post :login, :user => { :login => "bob", :password => "atest" }
+ assert_session_has :user
+
+ get :logout
+ end
+
+ def test_change_short_password
+ LoginEngine::CONFIG[:use_email_notification] = true
+ ActionMailer::Base.deliveries = []
+
+ post :login, :user => { :login => "bob", :password => "atest" }
+ assert_session_has :user
+
+ post :change_password, :user => { :password => "bad", :password_confirmation => "bad" }
+ assert_invalid_column_on_record "user", "password"
+ assert_success
+ assert_equal 0, ActionMailer::Base.deliveries.size
+
+ post :login, :user => { :login => "bob", :password => "atest" }
+ assert_session_has :user
+
+ get :logout
+ end
+
+ def test_change_short_password_without_email
+ LoginEngine::CONFIG[:use_email_notification] = false
+ post :login, :user => { :login => "bob", :password => "atest" }
+ assert_session_has :user
+
+ post :change_password, :user => { :password => "bad", :password_confirmation => "bad" }
+ assert_invalid_column_on_record "user", "password"
+ assert_success
+
+ post :login, :user => { :login => "bob", :password => "atest" }
+ assert_session_has :user
+
+ get :logout
+ end
+
+
+ def test_change_password_with_bad_email
+ LoginEngine::CONFIG[:use_email_notification] = true
+ ActionMailer::Base.deliveries = []
+
+ # log in
+ post :login, :user => { :login => "bob", :password => "atest" }
+ assert_session_has :user
+
+ # change the password, but the email delivery will fail
+ ActionMailer::Base.inject_one_error = true
+ post :change_password, :user => { :password => "changed_password", :password_confirmation => "changed_password" }
+ assert_equal 0, ActionMailer::Base.deliveries.size
+ assert_match /Password could not be changed/, flash[:warning]
+
+ # logout
+ get :logout
+ assert_session_has_no :user
+
+ # ensure we can log in with our original password
+ # TODO: WHY DOES THIS FAIL!! It looks like the transaction stuff in UserController#change_password isn't actually rolling back changes.
+ post :login, :user => { :login => "bob", :password => "atest" }
+ assert_session_has :user
+
+ get :logout
+ end
+
+
+
+
+ #==========================================================================
+ #
+ # Forgot Password
+ #
+ #==========================================================================
+
+ def test_forgot_password
+ LoginEngine::CONFIG[:use_email_notification] = true
+
+ do_forgot_password(false, false, false)
+ do_forgot_password(false, false, true)
+ do_forgot_password(true, false, false)
+ do_forgot_password(false, true, false)
+ end
+
+ def do_forgot_password(bad_address, bad_email, logged_in)
+ ActionMailer::Base.deliveries = []
+
+ if logged_in
+ post :login, :user => { :login => "bob", :password => "atest" }
+ assert_session_has :user
+ end
+
+ @request.session['return-to'] = "/bogus/location"
+ if not bad_address and not bad_email
+ post :forgot_password, :user => { :email => "bob@test.com" }
+ password = "anewpassword"
+ if logged_in
+ assert_equal 0, ActionMailer::Base.deliveries.size
+ assert_redirect_url(@controller.url_for(:action => "change_password"))
+ post :change_password, :user => { :password => "#{password}", :password_confirmation => "#{password}" }
+ else
+ assert_equal 1, ActionMailer::Base.deliveries.size
+ mail = ActionMailer::Base.deliveries[0]
+ assert_equal "bob@test.com", mail.to_addrs[0].to_s
+ user_id = /user_id=(\d+)/.match(mail.encoded)[1]
+ key = /key=([a-z0-9]+)/.match(mail.encoded)[1]
+ post :change_password, :user => { :password => "#{password}", :password_confirmation => "#{password}"}, :user_id => "#{user_id}", :key => "#{key}"
+ assert_session_has :user
+ get :logout
+ end
+ elsif bad_address
+ post :forgot_password, :user => { :email => "bademail@test.com" }
+ assert_equal 0, ActionMailer::Base.deliveries.size
+ elsif bad_email
+ ActionMailer::Base.inject_one_error = true
+ post :forgot_password, :user => { :email => "bob@test.com" }
+ assert_equal 0, ActionMailer::Base.deliveries.size
+ else
+ # Invalid test case
+ assert false
+ end
+
+ if not bad_address and not bad_email
+ if logged_in
+ get :logout
+ else
+ assert_redirect_url(@controller.url_for(:action => "login"))
+ end
+ post :login, :user => { :login => "bob", :password => "#{password}" }
+ else
+ # Okay, make sure the database did not get changed
+ if logged_in
+ get :logout
+ end
+ post :login, :user => { :login => "bob", :password => "atest" }
+ end
+
+ assert_session_has :user
+
+ # Put the old settings back
+ if not bad_address and not bad_email
+ post :change_password, :user => { :password => "atest", :password_confirmation => "atest" }
+ end
+
+ get :logout
+ end
+
+ def test_forgot_password_without_email_and_logged_in
+ LoginEngine::CONFIG[:use_email_notification] = false
+
+ post :login, :user => { :login => "bob", :password => "atest" }
+ assert_session_has :user
+
+ @request.session['return-to'] = "/bogus/location"
+ post :forgot_password, :user => { :email => "bob@test.com" }
+ password = "anewpassword"
+ assert_redirect_url(@controller.url_for(:action => "change_password"))
+ post :change_password, :user => { :password => "#{password}", :password_confirmation => "#{password}" }
+
+ get :logout
+
+ post :login, :user => { :login => "bob", :password => "#{password}" }
+
+ assert_session_has :user
+
+ get :logout
+ end
+
+ def forgot_password_without_email_and_not_logged_in
+ LoginEngine::CONFIG[:use_email_notification] = false
+
+ @request.session['return-to'] = "/bogus/location"
+ post :forgot_password, :user => { :email => "bob@test.com" }
+ password = "anewpassword"
+
+ # wothout email, you can't retrieve your forgotten password...
+ assert_match /Please contact the system admin/, flash[:message]
+ assert_session_has_no :user
+
+ assert_redirect_url "http://#{@request.host}/bogus/location"
+ end
+end
projects / selectricity-live / blobdiff