mirrors
/
redmine
mirror of https://github.com/redmine/redmine.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 199 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14090 Commits
33 Branches
Tree: 2fdbcd35dd
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2fdbcd35dd'
${ noResults }
redmine/test/functional/sessions_controller_test.rb

sessions_controller_test.rb 5.4KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164 
  1. # Redmine - project management software

  2. # Copyright (C) 2006-2017  Jean-Philippe Lang

  3. #

  4. # This program is free software; you can redistribute it and/or

  5. # modify it under the terms of the GNU General Public License

  6. # as published by the Free Software Foundation; either version 2

  7. # of the License, or (at your option) any later version.

  8. #

  9. # This program is distributed in the hope that it will be useful,

  10. # but WITHOUT ANY WARRANTY; without even the implied warranty of

  11. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  12. # GNU General Public License for more details.

  13. #

  14. # You should have received a copy of the GNU General Public License

  15. # along with this program; if not, write to the Free Software

  16. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  17. 

  18. require File.expand_path('../../test_helper', __FILE__)

  19. 

  20. class SessionsControllerTest < Redmine::ControllerTest

  21.   include Redmine::I18n

  22.   tests WelcomeController

  23. 

  24.   fixtures :users, :email_addresses

  25. 

  26.   def setup

  27.     Rails.application.config.redmine_verify_sessions = true

  28.   end

  29. 

  30.   def teardown

  31.     Rails.application.config.redmine_verify_sessions = false

  32.   end

  33. 

  34.   def test_session_token_should_be_updated

  35.     token = Token.create!(:user_id => 2, :action => 'session', :created_on => 10.hours.ago, :updated_on => 10.hours.ago)

  36.     created = token.reload.created_on

  37. 

  38.     get :index, :session => {

  39.         :user_id => 2,

  40.         :tk => token.value

  41.       }

  42.     assert_response :success

  43.     token.reload

  44.     assert_equal created.to_i, token.created_on.to_i

  45.     assert_not_equal created.to_i, token.updated_on.to_i

  46.     assert token.updated_on > created

  47.   end

  48. 

  49.   def test_user_session_should_not_be_reset_if_lifetime_and_timeout_disabled

  50.     created = 2.years.ago

  51.     token = Token.create!(:user_id => 2, :action => 'session', :created_on => created, :updated_on => created)

  52. 

  53.     with_settings :session_lifetime => '0', :session_timeout => '0' do

  54.       get :index, :session => {

  55.           :user_id => 2,

  56.           :tk => token.value

  57.         }

  58.       assert_response :success

  59.     end

  60.   end

  61. 

  62.   def test_user_session_without_token_should_be_reset

  63.     get :index, :session => {

  64.         :user_id => 2

  65.       }

  66.     assert_redirected_to 'http://test.host/login?back_url=http%3A%2F%2Ftest.host%2F'

  67.   end

  68. 

  69.   def test_expired_user_session_should_be_reset_if_lifetime_enabled

  70.     created = 2.days.ago

  71.     token = Token.create!(:user_id => 2, :action => 'session', :created_on => created, :updated_on => created)

  72. 

  73.     with_settings :session_timeout => '720' do

  74.       get :index, :session => {

  75.           :user_id => 2,

  76.           :tk => token.value

  77.         }

  78.       assert_redirected_to 'http://test.host/login?back_url=http%3A%2F%2Ftest.host%2F'

  79.     end

  80.   end

  81. 

  82.   def test_valid_user_session_should_not_be_reset_if_lifetime_enabled

  83.     created = 3.hours.ago

  84.     token = Token.create!(:user_id => 2, :action => 'session', :created_on => created, :updated_on => created)

  85. 

  86.     with_settings :session_timeout => '720' do

  87.       get :index, :session => {

  88.           :user_id => 2,

  89.           :tk => token.value

  90.         }

  91.       assert_response :success

  92.     end

  93.   end

  94. 

  95.   def test_expired_user_session_should_be_reset_if_timeout_enabled

  96.     created = 4.hours.ago

  97.     token = Token.create!(:user_id => 2, :action => 'session', :created_on => created, :updated_on => created)

  98. 

  99.     with_settings :session_timeout => '60' do

  100.       get :index, :session => {

  101.           :user_id => 2,

  102.           :tk => token.value

  103.         }

  104.       assert_redirected_to 'http://test.host/login?back_url=http%3A%2F%2Ftest.host%2F'

  105.     end

  106.   end

  107. 

  108.   def test_valid_user_session_should_not_be_reset_if_timeout_enabled

  109.     created = 10.minutes.ago

  110.     token = Token.create!(:user_id => 2, :action => 'session', :created_on => created, :updated_on => created)

  111. 

  112.     with_settings :session_timeout => '60' do

  113.       get :index, :session => {

  114.           :user_id => 2,

  115.           :tk => token.value

  116.         }

  117.       assert_response :success

  118.     end

  119.   end

  120. 

  121.   def test_expired_user_session_should_be_restarted_if_autologin

  122.     created = 2.hours.ago

  123.     token = Token.create!(:user_id => 2, :action => 'session', :created_on => created, :updated_on => created)

  124. 

  125.     with_settings :session_lifetime => '720', :session_timeout => '60', :autologin => 7 do

  126.       autologin_token = Token.create!(:user_id => 2, :action => 'autologin', :created_on => 1.day.ago)

  127.       @request.cookies['autologin'] = autologin_token.value

  128. 

  129.       get :index, :session => {

  130.           :user_id => 2,

  131.           :tk => token.value

  132.         }

  133.       assert_equal 2, session[:user_id]

  134.       assert_response :success

  135.       assert_not_equal token.value, session[:tk]

  136.     end

  137.   end

  138. 

  139.   def test_expired_user_session_should_set_locale

  140.     set_language_if_valid 'it'

  141.     user = User.find(2)

  142.     user.language = 'fr'

  143.     user.save!

  144.     created = 4.hours.ago

  145.     token = Token.create!(:user_id => 2, :action => 'session', :created_on => created, :updated_on => created)

  146. 

  147.     with_settings :session_timeout => '60' do

  148.       get :index, :session => {

  149.           :user_id => user.id,

  150.           :tk => token.value

  151.         }

  152.       assert_redirected_to 'http://test.host/login?back_url=http%3A%2F%2Ftest.host%2F'

  153.       assert_include "Veuillez vous reconnecter", flash[:error]

  154.       assert_equal :fr, current_language

  155.     end

  156.   end

  157. 

  158.   def test_anonymous_session_should_not_be_reset

  159.     with_settings :session_lifetime => '720', :session_timeout => '60' do

  160.       get :index

  161.       assert_response :success

  162.     end

  163.   end

  164. end