diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2016-02-05 07:33:24 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2016-02-05 07:33:24 +0000 |
| commit | 5d70fce6ce4c481f058fc1b89d567c1389cb7e54 (patch) | |
| tree | fe7c5a9602d73ef312b544783efb0ff645bc7f1d /test/functional/my_controller_test.rb | |
| parent | 40e6a74d4834f171bd8080dce39c587d84fb86da (diff) | |
| download | redmine-5d70fce6ce4c481f058fc1b89d567c1389cb7e54.tar.gz redmine-5d70fce6ce4c481f058fc1b89d567c1389cb7e54.zip | |
Security notifications when password or email adress is changed (#21421).
Patch by Jan Schulz-Hofen.
git-svn-id: http://svn.redmine.org/redmine/trunk@15145 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'test/functional/my_controller_test.rb')
| -rw-r--r-- | test/functional/my_controller_test.rb | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/test/functional/my_controller_test.rb b/test/functional/my_controller_test.rb index 92ee24781..4f3f2e247 100644 --- a/test/functional/my_controller_test.rb +++ b/test/functional/my_controller_test.rb @@ -117,6 +117,24 @@ class MyControllerTest < ActionController::TestCase assert user.groups.empty? end + def test_update_account_should_send_security_notification + ActionMailer::Base.deliveries.clear + post :account, + :user => { + :mail => 'foobar@example.com' + } + + assert_not_nil (mail = ActionMailer::Base.deliveries.last) + assert_mail_body_match '0.0.0.0', mail + assert_mail_body_match I18n.t(:mail_body_security_notification_change_to, field: I18n.t(:field_mail), value: 'foobar@example.com'), mail + assert_select_email do + assert_select 'a[href^=?]', 'http://localhost:3000/my/account', :text => 'My account' + end + # The old email address should be notified about the change for security purposes + assert [mail.bcc, mail.cc].flatten.include?(User.find(2).mail) + assert [mail.bcc, mail.cc].flatten.include?('foobar@example.com') + end + def test_my_account_should_show_destroy_link get :account assert_select 'a[href="/my/account/destroy"]' @@ -193,6 +211,19 @@ class MyControllerTest < ActionController::TestCase assert_redirected_to '/my/account' end + def test_change_password_should_send_security_notification + ActionMailer::Base.deliveries.clear + post :password, :password => 'jsmith', + :new_password => 'secret123', + :new_password_confirmation => 'secret123' + + assert_not_nil (mail = ActionMailer::Base.deliveries.last) + assert_mail_body_no_match 'secret123', mail # just to be sure: pw should never be sent! + assert_select_email do + assert_select 'a[href^=?]', 'http://localhost:3000/my/password', :text => 'Change password' + end + end + def test_page_layout get :page_layout assert_response :success |