1
0
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2022-11-09 12:18:31 -05:00
heartcombo--devise/test/integration/lockable_test.rb

225 lines
7.4 KiB
Ruby
Raw Normal View History

require 'test_helper'
2009-12-30 12:19:33 -05:00
class LockTest < ActionController::IntegrationTest
2009-12-30 12:19:33 -05:00
def visit_user_unlock_with_token(unlock_token)
visit user_unlock_path(:unlock_token => unlock_token)
end
def send_unlock_request
2009-12-30 12:19:33 -05:00
user = create_user(:locked => true)
ActionMailer::Base.deliveries.clear
visit new_user_session_path
click_link "Didn't receive unlock instructions?"
2009-12-30 12:19:33 -05:00
fill_in 'email', :with => user.email
click_button 'Resend unlock instructions'
end
test 'user should be able to request a new unlock token' do
send_unlock_request
2009-12-30 12:19:33 -05:00
assert_template 'sessions/new'
assert_contain 'You will receive an email with instructions about how to unlock your account in a few minutes'
assert_equal 1, ActionMailer::Base.deliveries.size
assert_equal ['please-change-me@config-initializers-devise.com'], ActionMailer::Base.deliveries.first.from
end
test 'user should receive the instructions from a custom mailer' do
User.any_instance.stubs(:devise_mailer).returns(Users::Mailer)
send_unlock_request
assert_equal ['custom@example.com'], ActionMailer::Base.deliveries.first.from
2009-12-30 12:19:33 -05:00
end
test 'unlocked user should not be able to request a unlock token' do
user = create_user(:locked => false)
ActionMailer::Base.deliveries.clear
visit new_user_session_path
click_link "Didn't receive unlock instructions?"
2009-12-30 12:19:33 -05:00
fill_in 'email', :with => user.email
click_button 'Resend unlock instructions'
assert_template 'unlocks/new'
assert_contain 'not locked'
assert_equal 0, ActionMailer::Base.deliveries.size
end
2010-03-28 17:09:28 -04:00
test 'unlocked pages should not be available if email strategy is disabled' do
2011-05-04 13:23:40 -04:00
visit "/admin_area/sign_in"
assert_raise Webrat::NotFoundError do
click_link "Didn't receive unlock instructions?"
end
assert_raise NameError do
visit new_admin_unlock_path
2010-03-28 17:09:28 -04:00
end
2011-05-04 13:23:40 -04:00
assert_raise ActionController::RoutingError do
visit "/admin_area/unlock/new"
end
2010-03-28 17:09:28 -04:00
end
2009-12-30 12:19:33 -05:00
test 'user with invalid unlock token should not be able to unlock an account' do
visit_user_unlock_with_token('invalid_token')
assert_response :success
assert_current_url '/users/unlock?unlock_token=invalid_token'
2010-04-13 17:28:13 -04:00
assert_have_selector '#error_explanation'
2009-12-30 12:19:33 -05:00
assert_contain /Unlock token(.*)invalid/
end
test "locked user should be able to unlock account" do
user = create_user(:locked => true)
assert user.access_locked?
2009-12-30 12:19:33 -05:00
visit_user_unlock_with_token(user.unlock_token)
assert_current_url "/users/sign_in"
2012-01-23 06:20:05 -05:00
assert_contain 'Your account has been unlocked successfully. Please sign in to continue.'
2009-12-30 12:19:33 -05:00
assert_not user.reload.access_locked?
2009-12-30 12:19:33 -05:00
end
test "redirect user to sign in page after unlocking its account" do
2009-12-30 12:19:33 -05:00
user = create_user(:locked => true)
visit_user_unlock_with_token(user.unlock_token)
assert_not warden.authenticated?(:user)
2009-12-30 12:19:33 -05:00
end
2010-03-28 17:09:28 -04:00
test "user should not send a new e-mail if already locked" do
user = create_user(:locked => true)
2010-03-29 18:29:57 -04:00
user.failed_attempts = User.maximum_attempts + 1
user.save!
2010-03-28 17:09:28 -04:00
ActionMailer::Base.deliveries.clear
sign_in_as_user(:password => "invalid")
assert_contain 'Your account is locked.'
2010-03-28 17:09:28 -04:00
assert ActionMailer::Base.deliveries.empty?
end
2009-12-30 12:19:33 -05:00
test 'error message is configurable by resource name' do
store_translations :en, :devise => {
:failure => {:user => {:locked => "You are locked!"}}
} do
user = create_user(:locked => true)
user.failed_attempts = User.maximum_attempts + 1
user.save!
sign_in_as_user(:password => "invalid")
assert_contain "You are locked!"
end
end
test "user should not be able to sign in when locked" do
store_translations :en, :devise => {
:failure => {:user => {:locked => "You are locked!"}}
2009-12-30 12:19:33 -05:00
} do
user = create_user(:locked => true)
user.failed_attempts = User.maximum_attempts + 1
user.save!
sign_in_as_user(:password => "123456")
assert_contain "You are locked!"
2009-12-30 12:19:33 -05:00
end
end
test 'user should be able to request a new unlock token via XML request' do
user = create_user(:locked => true)
ActionMailer::Base.deliveries.clear
post user_unlock_path(:format => 'xml'), :user => {:email => user.email}
assert_response :success
assert_equal response.body, {}.to_xml
assert_equal 1, ActionMailer::Base.deliveries.size
end
test 'unlocked user should not be able to request a unlock token via XML request' do
user = create_user(:locked => false)
ActionMailer::Base.deliveries.clear
post user_unlock_path(:format => 'xml'), :user => {:email => user.email}
assert_response :unprocessable_entity
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
assert_equal 0, ActionMailer::Base.deliveries.size
end
test 'user with valid unlock token should be able to unlock account via XML request' do
user = create_user(:locked => true)
assert user.access_locked?
get user_unlock_path(:format => 'xml', :unlock_token => user.unlock_token)
assert_response :success
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
end
test 'user with invalid unlock token should not be able to unlock the account via XML request' do
get user_unlock_path(:format => 'xml', :unlock_token => 'invalid_token')
assert_response :unprocessable_entity
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
end
2011-06-20 22:01:43 -04:00
test "when using json to ask a unlock request, should not return the user" do
user = create_user(:locked => true)
post user_unlock_path(:format => "json", :user => {:email => user.email})
assert_response :success
assert_equal response.body, {}.to_json
end
2011-06-20 22:01:43 -04:00
test "in paranoid mode, when trying to unlock an user that exists it should not say that it exists if it is locked" do
swap Devise, :paranoid => true do
user = create_user(:locked => true)
visit new_user_session_path
click_link "Didn't receive unlock instructions?"
fill_in 'email', :with => user.email
click_button 'Resend unlock instructions'
assert_current_url "/users/sign_in"
2011-06-20 22:01:43 -04:00
assert_contain "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
end
end
test "in paranoid mode, when trying to unlock an user that exists it should not say that it exists if it is not locked" do
swap Devise, :paranoid => true do
user = create_user(:locked => false)
visit new_user_session_path
click_link "Didn't receive unlock instructions?"
fill_in 'email', :with => user.email
click_button 'Resend unlock instructions'
assert_current_url "/users/sign_in"
2011-06-20 22:01:43 -04:00
assert_contain "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
end
end
test "in paranoid mode, when trying to unlock an user that does not exists it should not say that it does not exists" do
swap Devise, :paranoid => true do
visit new_user_session_path
click_link "Didn't receive unlock instructions?"
fill_in 'email', :with => "arandomemail@hotmail.com"
click_button 'Resend unlock instructions'
assert_not_contain "1 error prohibited this user from being saved:"
assert_not_contain "Email not found"
assert_current_url "/users/sign_in"
2011-06-20 22:01:43 -04:00
assert_contain "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
end
end
2009-12-30 12:19:33 -05:00
end