1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2019 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
require File.expand_path('../../test_helper', __FILE__)
class SessionsTest < Redmine::IntegrationTest
fixtures :users, :email_addresses, :roles
def setup
Rails.application.config.redmine_verify_sessions = true
end
def teardown
Rails.application.config.redmine_verify_sessions = false
end
def test_change_password_kills_sessions
log_user('jsmith', 'jsmith')
jsmith = User.find(2)
jsmith.password = "somenewpassword"
jsmith.save!
get '/my/account'
assert_response 302
assert flash[:error].match(/Your session has expired/)
end
def test_lock_user_kills_sessions
log_user('jsmith', 'jsmith')
jsmith = User.find(2)
assert jsmith.lock!
assert jsmith.activate!
get '/my/account'
assert_response 302
assert flash[:error].match(/Your session has expired/)
end
def test_update_user_does_not_kill_sessions
log_user('jsmith', 'jsmith')
jsmith = User.find(2)
jsmith.firstname = 'Robert'
jsmith.save!
get '/my/account'
assert_response 200
end
def test_change_password_generates_a_new_token_for_current_session
log_user('jsmith', 'jsmith')
assert_not_nil token = session[:tk]
get '/my/password'
assert_response 200
post '/my/password', :params => {
:password => 'jsmith',
:new_password => 'secret123',
:new_password_confirmation => 'secret123'
}
assert_response 302
assert_not_equal token, session[:tk]
get '/my/account'
assert_response 200
end
def test_simultaneous_sessions_should_be_valid
first = open_session do |session|
session.post "/login", :params => {:username => 'jsmith', :password => 'jsmith'}
end
other = open_session do |session|
session.post "/login", :params => {:username => 'jsmith', :password => 'jsmith'}
end
first.get '/my/account'
assert_equal 200, first.response.response_code
first.post '/logout'
other.get '/my/account'
assert_equal 200, other.response.response_code
end
end
|
