123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470 |
- # frozen_string_literal: true
-
- # Redmine - project management software
- # Copyright (C) 2006-2019 Jean-Philippe Lang
- #
- # This program is free software; you can redistribute it and/or
- # modify it under the terms of the GNU General Public License
- # as published by the Free Software Foundation; either version 2
- # of the License, or (at your option) any later version.
- #
- # This program is distributed in the hope that it will be useful,
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
- # along with this program; if not, write to the Free Software
- # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-
- require File.expand_path('../../test_helper', __FILE__)
-
- class AccountTest < Redmine::IntegrationTest
- fixtures :users, :email_addresses, :roles
-
- def test_login
- get "/my/page"
- assert_redirected_to "/login?back_url=http%3A%2F%2Fwww.example.com%2Fmy%2Fpage"
- log_user('jsmith', 'jsmith')
-
- get "/my/account"
- assert_response :success
- end
-
- def test_login_should_set_session_token
- assert_difference 'Token.count' do
- log_user('jsmith', 'jsmith')
-
- assert_equal 2, session[:user_id]
- assert_not_nil session[:tk]
- end
- end
-
- def test_autologin
- user = User.find(1)
- Token.delete_all
-
- with_settings :autologin => '7' do
- assert_difference 'Token.count', 2 do
- # User logs in with 'autologin' checked
- post '/login', :params => {
- :username => user.login,
- :password => 'admin',
- :autologin => 1
- }
- assert_redirected_to '/my/page'
- end
- token = Token.where(:action => 'autologin').order(:id => :desc).first
- assert_not_nil token
- assert_equal user, token.user
- assert_equal 'autologin', token.action
- assert_equal user.id, session[:user_id]
- assert_equal token.value, cookies['autologin']
-
- # Session is cleared
- reset!
- User.current = nil
- # Clears user's last login timestamp
- user.update_attribute :last_login_on, nil
- assert_nil user.reload.last_login_on
-
- # User comes back with user's autologin cookie
- cookies[:autologin] = token.value
- get '/my/page'
- assert_response :success
- assert_equal user.id, session[:user_id]
- assert_not_nil user.reload.last_login_on
- end
- end
-
- def test_autologin_should_use_autologin_cookie_name
- Token.delete_all
- Redmine::Configuration.stubs(:[]).with('autologin_cookie_name').returns('custom_autologin')
- Redmine::Configuration.stubs(:[]).with('autologin_cookie_path').returns('/')
- Redmine::Configuration.stubs(:[]).with('autologin_cookie_secure').returns(false)
- Redmine::Configuration.stubs(:[]).with('sudo_mode_timeout').returns(15)
-
- with_settings :autologin => '7' do
- assert_difference 'Token.count', 2 do
- post '/login', :params => {
- :username => 'admin',
- :password => 'admin',
- :autologin => 1
- }
- assert_response 302
- end
- assert cookies['custom_autologin'].present?
- token = cookies['custom_autologin']
-
- # Session is cleared
- reset!
- cookies['custom_autologin'] = token
- get '/my/page'
- assert_response :success
-
- assert_difference 'Token.count', -2 do
- post '/logout'
- end
- assert cookies['custom_autologin'].blank?
- end
- end
-
- def test_lost_password
- Token.delete_all
-
- get "/account/lost_password"
- assert_response :success
- assert_select 'input[name=mail]'
-
- post "/account/lost_password", :params => {
- :mail => 'jSmith@somenet.foo'
- }
- assert_redirected_to "/login"
-
- token = Token.first
- assert_equal 'recovery', token.action
- assert_equal 'jsmith@somenet.foo', token.user.mail
- assert !token.expired?
-
- get "/account/lost_password", :params => {
- :token => token.value
- }
- assert_redirected_to '/account/lost_password'
-
- follow_redirect!
- assert_response :success
- assert_select 'input[type=hidden][name=token][value=?]', token.value
- assert_select 'input[name=new_password]'
- assert_select 'input[name=new_password_confirmation]'
-
- post "/account/lost_password", :params => {
- :token => token.value, :new_password => 'newpass123',
- :new_password_confirmation => 'newpass123'
- }
- assert_redirected_to "/login"
- assert_equal 'Password was successfully updated.', flash[:notice]
-
- log_user('jsmith', 'newpass123')
- assert_equal false, Token.exists?(token.id), "Password recovery token was not deleted"
- end
-
- def test_lost_password_expired_token
- Token.delete_all
-
- get "/account/lost_password"
- assert_response :success
- assert_select 'input[name=mail]'
-
- post "/account/lost_password", :params => {
- :mail => 'jSmith@somenet.foo'
- }
- assert_redirected_to "/login"
-
- token = Token.first
- assert_equal 'recovery', token.action
- assert_equal 'jsmith@somenet.foo', token.user.mail
- refute token.expired?
-
- get "/account/lost_password", :params => {
- :token => token.value
- }
- assert_redirected_to '/account/lost_password'
-
- follow_redirect!
- assert_response :success
-
- # suppose the user forgets to continue the process and the token expires.
- token.update_column :created_on, 1.week.ago
- assert token.expired?
-
- assert_select 'input[type=hidden][name=token][value=?]', token.value
- assert_select 'input[name=new_password]'
- assert_select 'input[name=new_password_confirmation]'
-
- post "/account/lost_password", :params => {
- :token => token.value, :new_password => 'newpass123',
- :new_password_confirmation => 'newpass123'
- }
-
- assert_redirected_to "/account/lost_password"
- assert_equal 'This password recovery link has expired, please try again.', flash[:error]
- follow_redirect!
- assert_response :success
-
- post "/account/lost_password", :params => {
- :mail => 'jSmith@somenet.foo'
- }
- assert_redirected_to "/login"
-
- # should have a new token now
- token = Token.last
- assert_equal 'recovery', token.action
- assert_equal 'jsmith@somenet.foo', token.user.mail
- refute token.expired?
- end
-
- def test_user_with_must_change_passwd_should_be_forced_to_change_its_password
- User.find_by_login('jsmith').update_attribute :must_change_passwd, true
-
- post '/login', :params => {
- :username => 'jsmith',
- :password => 'jsmith'
- }
- assert_redirected_to '/my/page'
- follow_redirect!
- assert_redirected_to '/my/password'
-
- get '/issues'
- assert_redirected_to '/my/password'
- end
-
- def test_flash_message_should_use_user_language_when_redirecting_user_for_password_change
- user = User.find_by_login('jsmith')
- user.must_change_passwd = true
- user.language = 'it'
- user.save!
-
- post '/login', :params => {
- :username => 'jsmith',
- :password => 'jsmith'
- }
- assert_redirected_to '/my/page'
- follow_redirect!
- assert_redirected_to '/my/password'
- follow_redirect!
-
- assert_select 'div.error', :text => /richiesto che sia cambiata/
- end
-
- def test_user_with_must_change_passwd_should_be_able_to_change_its_password
- User.find_by_login('jsmith').update_attribute :must_change_passwd, true
-
- post '/login', :params => {
- :username => 'jsmith',
- :password => 'jsmith'
- }
- assert_redirected_to '/my/page'
- follow_redirect!
- assert_redirected_to '/my/password'
- follow_redirect!
- assert_response :success
- post '/my/password', :params => {
- :password => 'jsmith',
- :new_password => 'newpassword',
- :new_password_confirmation => 'newpassword'
- }
- assert_redirected_to '/my/account'
- follow_redirect!
- assert_response :success
-
- assert_equal false, User.find_by_login('jsmith').must_change_passwd?
- end
-
- def test_user_with_expired_password_should_be_forced_to_change_its_password
- User.find_by_login('jsmith').update_attribute :passwd_changed_on, 14.days.ago
-
- with_settings :password_max_age => 7 do
- post '/login', :params => {
- :username => 'jsmith',
- :password => 'jsmith'
- }
- assert_redirected_to '/my/page'
- follow_redirect!
- assert_redirected_to '/my/password'
-
- get '/issues'
- assert_redirected_to '/my/password'
- end
- end
-
- def test_user_with_expired_password_should_be_able_to_change_its_password
- User.find_by_login('jsmith').update_attribute :passwd_changed_on, 14.days.ago
-
- with_settings :password_max_age => 7 do
- post '/login', :params => {
- :username => 'jsmith',
- :password => 'jsmith'
- }
- assert_redirected_to '/my/page'
- follow_redirect!
- assert_redirected_to '/my/password'
- follow_redirect!
- assert_response :success
- post '/my/password', :params => {
- :password => 'jsmith',
- :new_password => 'newpassword',
- :new_password_confirmation => 'newpassword'
- }
- assert_redirected_to '/my/account'
- follow_redirect!
- assert_response :success
-
- assert_equal false, User.find_by_login('jsmith').must_change_passwd?
- end
-
- end
-
- def test_register_with_automatic_activation
- Setting.self_registration = '3'
-
- get '/account/register'
- assert_response :success
-
- post '/account/register', :params => {
- :user => {
- :login => "newuser", :language => "en",
- :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",
- :password => "newpass123", :password_confirmation => "newpass123"
- }
- }
- assert_redirected_to '/my/account'
- follow_redirect!
- assert_response :success
-
- user = User.find_by_login('newuser')
- assert_not_nil user
- assert user.active?
- assert_not_nil user.last_login_on
- end
-
- def test_register_with_manual_activation
- Setting.self_registration = '2'
-
- post '/account/register', :params => {
- :user => {
- :login => "newuser", :language => "en",
- :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",
- :password => "newpass123", :password_confirmation => "newpass123"
- }
- }
- assert_redirected_to '/login'
- assert !User.find_by_login('newuser').active?
- end
-
- def test_register_with_email_activation
- Setting.self_registration = '1'
- Token.delete_all
-
- post '/account/register', :params => {
- :user => {
- :login => "newuser", :language => "en",
- :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",
- :password => "newpass123", :password_confirmation => "newpass123"
- }
- }
- assert_redirected_to '/login'
- assert !User.find_by_login('newuser').active?
-
- token = Token.first
- assert_equal 'register', token.action
- assert_equal 'newuser@foo.bar', token.user.mail
- assert !token.expired?
-
- get '/account/activate', :params => {
- :token => token.value
- }
- assert_redirected_to '/login'
- log_user('newuser', 'newpass123')
- end
-
- def test_onthefly_registration
- # disable registration
- Setting.self_registration = '0'
- AuthSource.expects(:authenticate).returns(
- {:login => 'foo', :firstname => 'Foo', :lastname => 'Smith',
- :mail => 'foo@bar.com', :auth_source_id => 66})
-
- post '/login', :params => {
- :username => 'foo',
- :password => 'bar'
- }
- assert_redirected_to '/my/page'
-
- user = User.find_by_login('foo')
- assert user.is_a?(User)
- assert_equal 66, user.auth_source_id
- assert user.hashed_password.blank?
- end
-
- def test_onthefly_registration_with_invalid_attributes
- # disable registration
- Setting.self_registration = '0'
- AuthSource.expects(:authenticate).returns(
- {:login => 'foo', :lastname => 'Smith', :auth_source_id => 66})
-
- post '/login', :params => {
- :username => 'foo',
- :password => 'bar'
- }
- assert_response :success
- assert_select 'input[name=?][value=""]', 'user[firstname]'
- assert_select 'input[name=?][value=Smith]', 'user[lastname]'
- assert_select 'input[name=?]', 'user[login]', 0
- assert_select 'input[name=?]', 'user[password]', 0
-
- post '/account/register', :params => {
- :user => {
- :firstname => 'Foo', :lastname => 'Smith', :mail => 'foo@bar.com'
- }
- }
- assert_redirected_to '/my/account'
-
- user = User.find_by_login('foo')
- assert user.is_a?(User)
- assert_equal 66, user.auth_source_id
- assert user.hashed_password.blank?
- end
-
- def test_registered_user_should_be_able_to_get_a_new_activation_email
- Token.delete_all
-
- with_settings :self_registration => '1', :default_language => 'en' do
- # register a new account
- assert_difference 'User.count' do
- assert_difference 'Token.count' do
- post '/account/register', :params => {
- :user => {
- :login => "newuser", :language => "en",
- :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar",
- :password => "newpass123", :password_confirmation => "newpass123"
- }
- }
- end
- end
- user = User.order('id desc').first
- assert_equal User::STATUS_REGISTERED, user.status
- reset!
-
- # try to use "lost password"
- assert_no_difference 'ActionMailer::Base.deliveries.size' do
- post '/account/lost_password', :params => {
- :mail => 'newuser@foo.bar'
- }
- end
- assert_redirected_to '/account/lost_password'
- follow_redirect!
- assert_response :success
- assert_select 'div.flash', :text => /new activation email/
- assert_select 'div.flash a[href="/account/activation_email"]'
-
- # request a new action activation email
- assert_difference 'ActionMailer::Base.deliveries.size' do
- get '/account/activation_email'
- end
- assert_redirected_to '/login'
- token = Token.order('id desc').first
- activation_path = "/account/activate?token=#{token.value}"
- assert_include activation_path, mail_body(ActionMailer::Base.deliveries.last)
-
- # activate the account
- get activation_path
- assert_redirected_to '/login'
-
- post '/login', :params => {
- :username => 'newuser',
- :password => 'newpass123'
- }
- assert_redirected_to '/my/page'
- end
- end
- end
|