1
0
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2022-11-09 12:18:31 -05:00
heartcombo--devise/test/integration/trackable_test.rb
Rafael Mendonça França d699b80254 Do not use a local network ip as HTTP_X_FORWARDED_FOR header
If HTTP_X_FORWARDED_FOR is a local network IP the HTTP_CLIENT_IP
need to be set
2012-01-10 11:43:15 -03:00

92 lines
2.3 KiB
Ruby

require 'test_helper'
class TrackableHooksTest < ActionController::IntegrationTest
test "current and last sign in timestamps are updated on each sign in" do
user = create_user
assert_nil user.current_sign_in_at
assert_nil user.last_sign_in_at
sign_in_as_user
user.reload
assert_kind_of Time, user.current_sign_in_at
assert_kind_of Time, user.last_sign_in_at
assert_equal user.current_sign_in_at, user.last_sign_in_at
assert user.current_sign_in_at >= user.created_at
visit destroy_user_session_path
new_time = 2.seconds.from_now
Time.stubs(:now).returns(new_time)
sign_in_as_user
user.reload
assert user.current_sign_in_at > user.last_sign_in_at
end
test "current and last sign in remote ip are updated on each sign in" do
user = create_user
assert_nil user.current_sign_in_ip
assert_nil user.last_sign_in_ip
sign_in_as_user
user.reload
assert_equal "127.0.0.1", user.current_sign_in_ip
assert_equal "127.0.0.1", user.last_sign_in_ip
end
test "current remote ip returns original ip behind a non transparent proxy" do
user = create_user
arbitrary_ip = '200.121.1.69'
sign_in_as_user do
header 'HTTP_X_FORWARDED_FOR', arbitrary_ip
end
user.reload
assert_equal arbitrary_ip, user.current_sign_in_ip
end
test "increase sign in count" do
user = create_user
assert_equal 0, user.sign_in_count
sign_in_as_user
user.reload
assert_equal 1, user.sign_in_count
visit destroy_user_session_path
sign_in_as_user
user.reload
assert_equal 2, user.sign_in_count
end
test "does not update anything if user has signed out along the way" do
swap Devise, :allow_unconfirmed_access_for => 0 do
user = create_user(:confirm => false)
sign_in_as_user
user.reload
assert_nil user.current_sign_in_at
assert_nil user.last_sign_in_at
end
end
test "do not track if devise.skip_trackable is set" do
user = create_user
sign_in_as_user do
header 'devise.skip_trackable', '1'
end
user.reload
assert_equal 0, user.sign_in_count
visit destroy_user_session_path
sign_in_as_user do
header 'devise.skip_trackable', false
end
user.reload
assert_equal 1, user.sign_in_count
end
end