2010-03-26 10:27:19 +00:00
|
|
|
require 'test_helper'
|
2009-12-30 17:19:33 +00:00
|
|
|
|
|
|
|
|
class LockTest < ActionController::IntegrationTest
|
2011-01-16 12:20:19 +00:00
|
|
|
|
2009-12-30 17:19:33 +00:00
|
|
|
def visit_user_unlock_with_token(unlock_token)
|
|
|
|
|
visit user_unlock_path(:unlock_token => unlock_token)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test 'user should be able to request a new unlock token' do
|
|
|
|
|
user = create_user(:locked => true)
|
|
|
|
|
ActionMailer::Base.deliveries.clear
|
|
|
|
|
|
|
|
|
|
visit new_user_session_path
|
2010-03-30 18:06:56 +00:00
|
|
|
click_link "Didn't receive unlock instructions?"
|
2009-12-30 17:19:33 +00:00
|
|
|
|
|
|
|
|
fill_in 'email', :with => user.email
|
|
|
|
|
click_button 'Resend unlock instructions'
|
|
|
|
|
|
|
|
|
|
assert_template 'sessions/new'
|
|
|
|
|
assert_contain 'You will receive an email with instructions about how to unlock your account in a few minutes'
|
|
|
|
|
assert_equal 1, ActionMailer::Base.deliveries.size
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test 'unlocked user should not be able to request a unlock token' do
|
|
|
|
|
user = create_user(:locked => false)
|
|
|
|
|
ActionMailer::Base.deliveries.clear
|
|
|
|
|
|
|
|
|
|
visit new_user_session_path
|
2010-03-30 18:06:56 +00:00
|
|
|
click_link "Didn't receive unlock instructions?"
|
2009-12-30 17:19:33 +00:00
|
|
|
|
|
|
|
|
fill_in 'email', :with => user.email
|
|
|
|
|
click_button 'Resend unlock instructions'
|
|
|
|
|
|
|
|
|
|
assert_template 'unlocks/new'
|
|
|
|
|
assert_contain 'not locked'
|
|
|
|
|
assert_equal 0, ActionMailer::Base.deliveries.size
|
|
|
|
|
end
|
|
|
|
|
|
2010-03-28 21:09:28 +00:00
|
|
|
test 'unlocked pages should not be available if email strategy is disabled' do
|
2011-05-04 17:23:40 +00:00
|
|
|
visit "/admin_area/sign_in"
|
2010-04-15 06:40:15 +00:00
|
|
|
|
2010-07-12 05:24:21 +00:00
|
|
|
assert_raise Webrat::NotFoundError do
|
|
|
|
|
click_link "Didn't receive unlock instructions?"
|
|
|
|
|
end
|
2010-04-15 06:40:15 +00:00
|
|
|
|
2010-07-12 05:24:21 +00:00
|
|
|
assert_raise NameError do
|
|
|
|
|
visit new_admin_unlock_path
|
2010-03-28 21:09:28 +00:00
|
|
|
end
|
2010-07-12 05:24:21 +00:00
|
|
|
|
2011-05-04 17:23:40 +00:00
|
|
|
assert_raise ActionController::RoutingError do
|
|
|
|
|
visit "/admin_area/unlock/new"
|
|
|
|
|
end
|
2010-03-28 21:09:28 +00:00
|
|
|
end
|
|
|
|
|
|
2009-12-30 17:19:33 +00:00
|
|
|
test 'user with invalid unlock token should not be able to unlock an account' do
|
|
|
|
|
visit_user_unlock_with_token('invalid_token')
|
|
|
|
|
|
|
|
|
|
assert_response :success
|
2010-07-12 05:24:21 +00:00
|
|
|
assert_current_url '/users/unlock?unlock_token=invalid_token'
|
2010-04-13 21:28:13 +00:00
|
|
|
assert_have_selector '#error_explanation'
|
2009-12-30 17:19:33 +00:00
|
|
|
assert_contain /Unlock token(.*)invalid/
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test "locked user should be able to unlock account" do
|
|
|
|
|
user = create_user(:locked => true)
|
2010-03-10 15:13:54 +00:00
|
|
|
assert user.access_locked?
|
2009-12-30 17:19:33 +00:00
|
|
|
|
|
|
|
|
visit_user_unlock_with_token(user.unlock_token)
|
|
|
|
|
|
2010-07-12 05:24:21 +00:00
|
|
|
assert_current_url '/'
|
2009-12-30 17:19:33 +00:00
|
|
|
assert_contain 'Your account was successfully unlocked.'
|
|
|
|
|
|
2010-03-10 15:13:54 +00:00
|
|
|
assert_not user.reload.access_locked?
|
2009-12-30 17:19:33 +00:00
|
|
|
end
|
|
|
|
|
|
2011-08-16 20:06:13 +00:00
|
|
|
test "sign in user automatically after unlocking its account" do
|
2009-12-30 17:19:33 +00:00
|
|
|
user = create_user(:locked => true)
|
|
|
|
|
visit_user_unlock_with_token(user.unlock_token)
|
|
|
|
|
assert warden.authenticated?(:user)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test "user should not be able to sign in when locked" do
|
|
|
|
|
user = sign_in_as_user(:locked => true)
|
|
|
|
|
assert_template 'sessions/new'
|
|
|
|
|
assert_contain 'Your account is locked.'
|
|
|
|
|
assert_not warden.authenticated?(:user)
|
|
|
|
|
end
|
|
|
|
|
|
2010-03-28 21:09:28 +00:00
|
|
|
test "user should not send a new e-mail if already locked" do
|
|
|
|
|
user = create_user(:locked => true)
|
2010-03-29 22:29:57 +00:00
|
|
|
user.failed_attempts = User.maximum_attempts + 1
|
|
|
|
|
user.save!
|
|
|
|
|
|
2010-03-28 21:09:28 +00:00
|
|
|
ActionMailer::Base.deliveries.clear
|
|
|
|
|
|
|
|
|
|
sign_in_as_user(:password => "invalid")
|
2010-03-29 21:44:47 +00:00
|
|
|
assert_contain 'Your account is locked.'
|
2010-03-28 21:09:28 +00:00
|
|
|
assert ActionMailer::Base.deliveries.empty?
|
|
|
|
|
end
|
|
|
|
|
|
2009-12-30 17:19:33 +00:00
|
|
|
test 'error message is configurable by resource name' do
|
|
|
|
|
store_translations :en, :devise => {
|
2010-04-03 11:11:45 +00:00
|
|
|
:failure => { :user => { :locked => "You are locked!" } }
|
2009-12-30 17:19:33 +00:00
|
|
|
} do
|
2010-04-03 09:43:31 +00:00
|
|
|
user = sign_in_as_user(:locked => true)
|
2009-12-30 17:19:33 +00:00
|
|
|
assert_contain 'You are locked!'
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2011-01-16 12:20:19 +00:00
|
|
|
test 'user should be able to request a new unlock token via XML request' do
|
|
|
|
|
user = create_user(:locked => true)
|
|
|
|
|
ActionMailer::Base.deliveries.clear
|
|
|
|
|
|
|
|
|
|
post user_unlock_path(:format => 'xml'), :user => {:email => user.email}
|
|
|
|
|
assert_response :success
|
2011-06-23 02:04:55 +00:00
|
|
|
assert_equal response.body, {}.to_xml
|
2011-01-16 12:20:19 +00:00
|
|
|
assert_equal 1, ActionMailer::Base.deliveries.size
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test 'unlocked user should not be able to request a unlock token via XML request' do
|
|
|
|
|
user = create_user(:locked => false)
|
|
|
|
|
ActionMailer::Base.deliveries.clear
|
|
|
|
|
|
|
|
|
|
post user_unlock_path(:format => 'xml'), :user => {:email => user.email}
|
|
|
|
|
assert_response :unprocessable_entity
|
|
|
|
|
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
|
|
|
|
|
assert_equal 0, ActionMailer::Base.deliveries.size
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test 'user with valid unlock token should be able to unlock account via XML request' do
|
|
|
|
|
user = create_user(:locked => true)
|
|
|
|
|
assert user.access_locked?
|
|
|
|
|
get user_unlock_path(:format => 'xml', :unlock_token => user.unlock_token)
|
|
|
|
|
assert_response :success
|
|
|
|
|
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
test 'user with invalid unlock token should not be able to unlock the account via XML request' do
|
|
|
|
|
get user_unlock_path(:format => 'xml', :unlock_token => 'invalid_token')
|
|
|
|
|
assert_response :unprocessable_entity
|
|
|
|
|
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
|
|
|
|
|
end
|
2011-06-21 02:01:43 +00:00
|
|
|
|
2011-06-23 02:00:15 +00:00
|
|
|
test "when using json to ask a unlock request, should not return the user" do
|
|
|
|
|
user = create_user(:locked => true)
|
|
|
|
|
post user_unlock_path(:format => "json", :user => {:email => user.email})
|
|
|
|
|
assert_response :success
|
|
|
|
|
assert_equal response.body, {}.to_json
|
|
|
|
|
end
|
|
|
|
|
|
2011-06-21 02:01:43 +00:00
|
|
|
test "in paranoid mode, when trying to unlock an user that exists it should not say that it exists if it is locked" do
|
|
|
|
|
swap Devise, :paranoid => true do
|
|
|
|
|
user = create_user(:locked => true)
|
|
|
|
|
|
|
|
|
|
visit new_user_session_path
|
|
|
|
|
click_link "Didn't receive unlock instructions?"
|
|
|
|
|
|
|
|
|
|
fill_in 'email', :with => user.email
|
|
|
|
|
click_button 'Resend unlock instructions'
|
|
|
|
|
|
|
|
|
|
assert_current_url "/users/unlock"
|
|
|
|
|
|
|
|
|
|
assert_contain "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test "in paranoid mode, when trying to unlock an user that exists it should not say that it exists if it is not locked" do
|
|
|
|
|
swap Devise, :paranoid => true do
|
|
|
|
|
user = create_user(:locked => false)
|
|
|
|
|
|
|
|
|
|
visit new_user_session_path
|
|
|
|
|
click_link "Didn't receive unlock instructions?"
|
|
|
|
|
|
|
|
|
|
fill_in 'email', :with => user.email
|
|
|
|
|
click_button 'Resend unlock instructions'
|
|
|
|
|
|
|
|
|
|
assert_current_url "/users/unlock"
|
|
|
|
|
|
|
|
|
|
assert_contain "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test "in paranoid mode, when trying to unlock an user that does not exists it should not say that it does not exists" do
|
|
|
|
|
swap Devise, :paranoid => true do
|
|
|
|
|
visit new_user_session_path
|
|
|
|
|
click_link "Didn't receive unlock instructions?"
|
|
|
|
|
|
|
|
|
|
fill_in 'email', :with => "arandomemail@hotmail.com"
|
|
|
|
|
click_button 'Resend unlock instructions'
|
|
|
|
|
|
|
|
|
|
assert_not_contain "1 error prohibited this user from being saved:"
|
|
|
|
|
assert_not_contain "Email not found"
|
|
|
|
|
assert_current_url "/users/unlock"
|
|
|
|
|
|
|
|
|
|
assert_contain "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
|
|
|
|
|
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2009-12-30 17:19:33 +00:00
|
|
|
end
|
