summaryrefslogtreecommitdiffstats
path: root/test/unit/token_test.rb
blob: b3004f614ddab2f61e556774df7baf904e1398fe (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
# frozen_string_literal: false

# Redmine - project management software
# Copyright (C) 2006-2017  Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

require File.expand_path('../../test_helper', __FILE__)

class TokenTest < ActiveSupport::TestCase
  fixtures :tokens, :users, :email_addresses

  def setup
    User.current = nil
  end

  def test_create
    token = Token.new
    token.save
    assert_equal 40, token.value.length
    assert !token.expired?
  end

  def test_create_should_remove_existing_tokens
    user = User.find(1)
    t1 = Token.create(:user => user, :action => 'register')
    t2 = Token.create(:user => user, :action => 'register')
    assert_not_equal t1.value, t2.value
    assert !Token.exists?(t1.id)
    assert  Token.exists?(t2.id)
  end

  def test_create_session_or_autologin_token_should_keep_last_10_tokens
    Token.delete_all
    user = User.find(1)

    ["autologin", "session"].each do |action|
      assert_difference 'Token.count', 10 do
        10.times { Token.create!(:user => user, :action => action) }
      end

      assert_no_difference 'Token.count' do
        Token.create!(:user => user, :action => action)
      end
    end
  end

  def test_destroy_expired_should_not_destroy_session_feeds_and_api_tokens
    Token.delete_all

    Token.create!(:user_id => 1, :action => 'api', :created_on => 7.days.ago)
    Token.create!(:user_id => 1, :action => 'feeds', :created_on => 7.days.ago)
    Token.create!(:user_id => 1, :action => 'session', :created_on => 7.days.ago)

    assert_no_difference 'Token.count' do
      assert_equal 0, Token.destroy_expired
    end
  end

  def test_destroy_expired_should_destroy_expired_tokens
    Token.delete_all

    # Expiration of autologin tokens is determined by Setting.autologin
    Setting.autologin = "7"
    Token.create!(:user_id => 2, :action => 'autologin', :created_on => 3.weeks.ago)
    Token.create!(:user_id => 3, :action => 'autologin', :created_on => 3.days.ago)

    # Expiration of register and recovery tokens is determined by Token.validity_time
    Token.create!(:user_id => 1, :action => 'register', :created_on => 7.days.ago)
    Token.create!(:user_id => 3, :action => 'register', :created_on => 7.hours.ago)

    Token.create!(:user_id => 2, :action => 'recovery', :created_on => 3.days.ago)
    Token.create!(:user_id => 3, :action => 'recovery', :created_on => 3.hours.ago)

    # Expiration of tokens with unknown action is determined by Token.validity_time
    Token.create!(:user_id => 2, :action => 'unknown_action', :created_on => 2.days.ago)
    Token.create!(:user_id => 3, :action => 'unknown_action', :created_on => 2.hours.ago)

    assert_difference 'Token.count', -4 do
      assert_equal 4, Token.destroy_expired
    end
  end

  def test_find_active_user_should_return_user
    token = Token.create!(:user_id => 1, :action => 'api')
    assert_equal User.find(1), Token.find_active_user('api', token.value)
  end

  def test_find_active_user_should_return_nil_for_locked_user
    token = Token.create!(:user_id => 1, :action => 'api')
    User.find(1).lock!
    assert_nil Token.find_active_user('api', token.value)
  end

  def test_find_user_should_return_user
    token = Token.create!(:user_id => 1, :action => 'api')
    assert_equal User.find(1), Token.find_user('api', token.value)
  end

  def test_find_user_should_return_locked_user
    token = Token.create!(:user_id => 1, :action => 'api')
    User.find(1).lock!
    assert_equal User.find(1), Token.find_user('api', token.value)
  end

  def test_find_token_should_return_the_token
    token = Token.create!(:user_id => 1, :action => 'api')
    assert_equal token, Token.find_token('api', token.value)
  end

  def test_find_token_should_return_the_token_with_validity
    token = Token.create!(:user_id => 1, :action => 'api', :created_on => 1.hour.ago)
    assert_equal token, Token.find_token('api', token.value, 1)
  end

  def test_find_token_should_return_nil_with_wrong_action
    token = Token.create!(:user_id => 1, :action => 'feeds')
    assert_nil Token.find_token('api', token.value)
  end

  def test_find_token_should_return_nil_without_user
    token = Token.create!(:user_id => 999, :action => 'api')
    assert_nil Token.find_token('api', token.value)
  end

  def test_find_token_should_return_nil_with_validity_expired
    token = Token.create!(:user_id => 999, :action => 'api', :created_on => 2.days.ago)
    assert_nil Token.find_token('api', token.value, 1)
  end
end