TheDude
/
openproject
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
OpenProject is the leading open source project management software.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
59228 Commits
139 Branches
203 Tags
1.2 GiB
Tag: Branch: Tree: 033eb9e473
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '033eb9e473'
${ noResults }
openproject/spec/controllers/my_controller_spec.rb

297 lines
8.3 KiB
Raw Normal View History Unescape

Add option to prevent former passwords from being reused Squashed from single commits: * Add checks to prevent former passwords from being reused * Make number of banned former passwords configurable Also group settings into fieldsets on the authentication settings page. * Update TestUnit fixtures with UserPasswords * Add migration for creating user passwords * Fix new user password not being immediately used * Add cuke for ban of former passwords * Fix admin info showing whether admin password was changed * Fix password check for user without password and fix tests * Fix password complexity feature after translation changes * Adapt my_controller_spec to UserPasswords * Order UserPasswords by id created_at is not unique within one second, this breaks MySQL tests. id is guaranteed to be unique and monotonically increasing on MySQL and on Postgres(at least as long cache is not set for the sequence). * Rename secure_compare to secure_equals? * Immediately use reduced number of banned former passwords Only check number of former passwords as defined in settings. The number of stored passwords per user is only reduced when a user updates the password. * Add missing copyright notices * Update changelog
12 years ago
#-- copyright
Update copyright notice
5 years ago
# OpenProject is an open source project management software.
update copyright to 2021 (#8925) Updates the copyright to 2021 for all files that have a copyright. Files in our source code without the copyright header still do not receive one automatically. Additionally, backlisted files are also excluded. Previously the copyright of chiliproject which references redmine stated a copyright of redmine up to and including 2017 which is not true for the code we have in here. Because of that I changed that to 2013
4 years ago
# Copyright (C) 2012-2021 the OpenProject GmbH
Add option to prevent former passwords from being reused Squashed from single commits: * Add checks to prevent former passwords from being reused * Make number of banned former passwords configurable Also group settings into fieldsets on the authentication settings page. * Update TestUnit fixtures with UserPasswords * Add migration for creating user passwords * Fix new user password not being immediately used * Add cuke for ban of former passwords * Fix admin info showing whether admin password was changed * Fix password check for user without password and fix tests * Fix password complexity feature after translation changes * Adapt my_controller_spec to UserPasswords * Order UserPasswords by id created_at is not unique within one second, this breaks MySQL tests. id is guaranteed to be unique and monotonically increasing on MySQL and on Postgres(at least as long cache is not set for the sequence). * Rename secure_compare to secure_equals? * Immediately use reduced number of banned former passwords Only check number of former passwords as defined in settings. The number of stored passwords per user is only reduced when a user updates the password. * Add missing copyright notices * Update changelog
12 years ago
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
new copyright header #1903
11 years ago
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
update copyright to 2021 (#8925) Updates the copyright to 2021 for all files that have a copyright. Files in our source code without the copyright header still do not receive one automatically. Additionally, backlisted files are also excluded. Previously the copyright of chiliproject which references redmine stated a copyright of redmine up to and including 2017 which is not true for the code we have in here. Because of that I changed that to 2013
4 years ago
# Copyright (C) 2006-2013 Jean-Philippe Lang
new copyright header #1903
11 years ago
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
Bump copyright to 2018 (#6171) [ci skip]
7 years ago
# See docs/COPYRIGHT.rdoc for more details.
Add option to prevent former passwords from being reused Squashed from single commits: * Add checks to prevent former passwords from being reused * Make number of banned former passwords configurable Also group settings into fieldsets on the authentication settings page. * Update TestUnit fixtures with UserPasswords * Add migration for creating user passwords * Fix new user password not being immediately used * Add cuke for ban of former passwords * Fix admin info showing whether admin password was changed * Fix password check for user without password and fix tests * Fix password complexity feature after translation changes * Adapt my_controller_spec to UserPasswords * Order UserPasswords by id created_at is not unique within one second, this breaks MySQL tests. id is guaranteed to be unique and monotonically increasing on MySQL and on Postgres(at least as long cache is not set for the sequence). * Rename secure_compare to secure_equals? * Immediately use reduced number of banned former passwords Only check number of former passwords as defined in settings. The number of stored passwords per user is only reduced when a user updates the password. * Add missing copyright notices * Update changelog
12 years ago
#++
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
require 'spec_helper'
Use 1.9+ Hash syntax in specs Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
describe MyController, type: :controller do
FactoryGirl => FactoryBot Removes the deprecation
7 years ago
let(:user) { FactoryBot.create(:user) }
Use flash info
6 years ago
Rewrote a test to a spec so it can be disabled by the profile_surveys plugin
11 years ago
before(:each) do
Use login_as helper method throughout all specs
9 years ago
login_as(user)
Rewrote a test to a spec so it can be disabled by the profile_surveys plugin
11 years ago
end
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
describe 'password change' do
Use #describe, #context with String arg not symbol The semantics of `describe` have changed in RSpec 3: passing a symbol rather than a string will change the value of the described object. See discussion here: https://github.com/rspec/rspec-core/issues/1114 Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
describe '#password' do
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
before do
get :password
end
it 'should render the password template' do
assert_template 'password'
assert_response :success
end
end
spec: don't show "change password" menu entry
10 years ago
describe 'with disabled password login' do
before do
Convert specs to RSpec 2.99.0 syntax with Transpec This conversion is done by Transpec 2.3.6 with the following command: transpec -f * 66 conversions from: it { should ... } to: it { is_expected.to ... } * 53 conversions from: obj.stub(:message) to: allow(obj).to receive(:message) * 20 conversions from: == expected to: eq(expected) * 19 conversions from: obj.should to: expect(obj).to * 7 conversions from: describe 'some request' { } to: describe 'some request', :type => :request { } * 7 conversions from: describe 'some routing' { } to: describe 'some routing', :type => :routing { } * 7 conversions from: its(:attr) { } to: describe '#attr' do subject { super().attr }; it { } end * 5 conversions from: obj.should_not to: expect(obj).not_to * 4 conversions from: describe 'some view' { } to: describe 'some view', :type => :view { } * 3 conversions from: be_true to: be_truthy * 2 conversions from: describe 'some model' { } to: describe 'some model', :type => :model { } * 2 conversions from: its([:key]) { } to: describe '[:key]' do subject { super()[:key] }; it { } end * 2 conversions from: obj.should_receive(:message) to: expect(obj).to receive(:message) * 1 conversion from: be_false to: be_falsey * 1 conversion from: describe 'some controller' { } to: describe 'some controller', :type => :controller { } * 1 conversion from: describe 'some feature' { } to: describe 'some feature', :type => :feature { } * 1 conversion from: it { should_not ... } to: it { is_expected.not_to ... } For more details: https://github.com/yujinakayama/transpec#supported-conversions
10 years ago
allow(OpenProject::Configuration).to receive(:disable_password_login?).and_return(true)
spec: don't show "change password" menu entry
10 years ago
post :change_password
end
it 'is not found' do
expect(response.status).to eq 404
end
end
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
describe 'with wrong confirmation' do
before do
Fix params deprecation Fixes in spec/controllers: ``` DEPRECATION WARNING: ActionController::TestCase HTTP request methods will accept only keyword arguments in future Rails versions. ```
8 years ago
post :change_password,
params: {
password: 'adminADMIN!',
new_password: 'adminADMIN!New',
new_password_confirmation: 'adminADMIN!Other'
}
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
end
it 'should show an error message' do
assert_response :success
assert_template 'password'
[35507] Allow global permission to add and edit users (#8937) * Add global permission for add_user * Rename fieldset for global roles to "Global" * Add permission to admin actions * Add index action to add_user permission * Redirect to first admin item if only one * Hide status action for non admins * Break down user form into partials for easier rendering * Disable some user form tabs for non-admins * Make users API and services conformant with endpoints * Fix references to DeleteService#deletion_allowed? * Authorize add_user on show as well * Only show invite user toolbar item with permission * Fix Delete Service spec * Fix the way user prefs are handled in service * Ensure session_id is treated as string This causes a cast error otherwise as it passes rack session locally * Fix service call on onboarding controller * Fix service call on users controller * Add delete spec for global user * Hide login attribute again when adding a new user * Render auth source correctly in simple form * Fix creating invited users through service The invitation requires the mail attribute to be present. Previously, there was a manual error added to the mail. As the errors are now determined by the contract + model, we now end up with all missing properties as errors. * Properly constraint attributes for non-admins * Add specs for global user * Start working on how to update password from UsersController that code is a mess... * Change permitted_params spec to include non-admin params * Fix create user service spec * Remove mail_notification param from users controller It's not part of the contract/params passed to user * Remove todos * Extend docs * Correct the way backlogs patches into the user settings * Remove superfluous UpdateUserService * Rewrite duplicated update service examples into common shared example * Remove duplicate password writable check * Base Users::DeleteContract on base delete contract * Move checks for active users into the UserAllowedService * Restore password writable check as it is not an attribute * Fix menus for global user * Allow global users to add custom fields * Allow global user add permission to reinvite user * Fix changed var name in update service spec * Ensure also invited or registered users can be authroized This ensure that e.g., invited users can also be set as watchers * fix typo Co-authored-by: ulferts <jens.ulferts@googlemail.com>
4 years ago
expect(user.errors.attribute_names).to eq([:password_confirmation])
expect(user.errors.map(&:message).flatten.join('')).to include("doesn't match")
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
end
end
describe 'with wrong password' do
render_views
before do
Add option to prevent former passwords from being reused Squashed from single commits: * Add checks to prevent former passwords from being reused * Make number of banned former passwords configurable Also group settings into fieldsets on the authentication settings page. * Update TestUnit fixtures with UserPasswords * Add migration for creating user passwords * Fix new user password not being immediately used * Add cuke for ban of former passwords * Fix admin info showing whether admin password was changed * Fix password check for user without password and fix tests * Fix password complexity feature after translation changes * Adapt my_controller_spec to UserPasswords * Order UserPasswords by id created_at is not unique within one second, this breaks MySQL tests. id is guaranteed to be unique and monotonically increasing on MySQL and on Postgres(at least as long cache is not set for the sequence). * Rename secure_compare to secure_equals? * Immediately use reduced number of banned former passwords Only check number of former passwords as defined in settings. The number of stored passwords per user is only reduced when a user updates the password. * Add missing copyright notices * Update changelog
12 years ago
@current_password = user.current_password.id
Fix params deprecation Fixes in spec/controllers: ``` DEPRECATION WARNING: ActionController::TestCase HTTP request methods will accept only keyword arguments in future Rails versions. ```
8 years ago
post :change_password,
params: {
password: 'wrongpassword',
new_password: 'adminADMIN!New',
new_password_confirmation: 'adminADMIN!New'
}
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
end
it 'should show an error message' do
assert_response :success
assert_template 'password'
Convert specs to RSpec 2.14.8 syntax with Transpec This conversion is done by Transpec 1.10.4 with the following command: transpec * 1414 conversions from: obj.should to: expect(obj).to * 646 conversions from: == expected to: eq(expected) * 376 conversions from: obj.stub(:message) to: allow(obj).to receive(:message) * 107 conversions from: obj.should_not to: expect(obj).not_to * 70 conversions from: obj.should_receive(:message) to: expect(obj).to receive(:message) * 45 conversions from: =~ [1, 2] to: match_array([1, 2]) * 27 conversions from: lambda { }.should to: expect { }.to * 13 conversions from: Klass.any_instance.stub(:message) to: allow_any_instance_of(Klass).to receive(:message) * 8 conversions from: === expected to: be === expected * 7 conversions from: expect { }.not_to raise_error(SpecificErrorClass) to: expect { }.not_to raise_error * 6 conversions from: =~ /pattern/ to: match(/pattern/) * 2 conversions from: obj.should_not_receive(:message) to: expect(obj).not_to receive(:message) * 1 conversion from: < expected to: be < expected * 1 conversion from: obj.stub!(:message) to: allow(obj).to receive(:message) * 1 conversion from: stub('something') to: double('something')
11 years ago
expect(flash[:error]).to eq('Wrong password')
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
end
it 'should not change the password' do
Convert specs to RSpec 2.14.8 syntax with Transpec This conversion is done by Transpec 1.10.4 with the following command: transpec * 1414 conversions from: obj.should to: expect(obj).to * 646 conversions from: == expected to: eq(expected) * 376 conversions from: obj.stub(:message) to: allow(obj).to receive(:message) * 107 conversions from: obj.should_not to: expect(obj).not_to * 70 conversions from: obj.should_receive(:message) to: expect(obj).to receive(:message) * 45 conversions from: =~ [1, 2] to: match_array([1, 2]) * 27 conversions from: lambda { }.should to: expect { }.to * 13 conversions from: Klass.any_instance.stub(:message) to: allow_any_instance_of(Klass).to receive(:message) * 8 conversions from: === expected to: be === expected * 7 conversions from: expect { }.not_to raise_error(SpecificErrorClass) to: expect { }.not_to raise_error * 6 conversions from: =~ /pattern/ to: match(/pattern/) * 2 conversions from: obj.should_not_receive(:message) to: expect(obj).not_to receive(:message) * 1 conversion from: < expected to: be < expected * 1 conversion from: obj.stub!(:message) to: allow(obj).to receive(:message) * 1 conversion from: stub('something') to: double('something')
11 years ago
expect(user.current_password.id).to eq(@current_password)
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
end
end
describe 'with good password and good confirmation' do
before do
Fix params deprecation Fixes in spec/controllers: ``` DEPRECATION WARNING: ActionController::TestCase HTTP request methods will accept only keyword arguments in future Rails versions. ```
8 years ago
post :change_password,
params: {
password: 'adminADMIN!',
new_password: 'adminADMIN!New',
new_password_confirmation: 'adminADMIN!New'
}
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
end
Adjust spec to new menu structure
9 years ago
it 'should redirect to the my password page' do
expect(response).to redirect_to('/my/password')
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
end
it 'should allow the user to login with the new password' do
assert User.try_to_login(user.login, 'adminADMIN!New')
end
end
end
Rewrote a test to a spec so it can be disabled by the profile_surveys plugin
11 years ago
Fix syntax (w/Rubocop) in specs Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
describe 'account' do
FactoryGirl => FactoryBot Removes the deprecation
7 years ago
let(:custom_field) { FactoryBot.create :text_user_custom_field }
Rewrote a test to a spec so it can be disabled by the profile_surveys plugin
11 years ago
before do
custom_field
as_logged_in_user user do
get :account
end
end
Fix syntax (w/Rubocop) in specs Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
it 'responds with success' do
Replace deprecated controller success? with succesful?
6 years ago
expect(response).to be_successful
Rewrote a test to a spec so it can be disabled by the profile_surveys plugin
11 years ago
end
Fix syntax (w/Rubocop) in specs Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
it 'renders the account template' do
Rewrote a test to a spec so it can be disabled by the profile_surveys plugin
11 years ago
expect(response).to render_template 'account'
end
Fix syntax (w/Rubocop) in specs Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
it 'assigns @user' do
Rewrote a test to a spec so it can be disabled by the profile_surveys plugin
11 years ago
expect(assigns(:user)).to eq(user)
end
Fix syntax (w/Rubocop) in specs Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
context 'with render_views' do
Rewrote a test to a spec so it can be disabled by the profile_surveys plugin
11 years ago
render_views
Fix syntax (w/Rubocop) in specs Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
it 'renders editable custom fields' do
Fixed direct use of custom field name
11 years ago
expect(response.body).to have_content(custom_field.name)
Rewrote a test to a spec so it can be disabled by the profile_surveys plugin
11 years ago
end
spec: don't show "change password" menu entry
10 years ago
it "renders the 'Change password' menu entry" do
expect(response.body).to have_selector('#menu-sidebar li a', text: 'Change password')
end
end
end
reremove line accidentally readded by merge dc3337a
9 years ago
describe 'settings' do
context 'PATCH' do
before do
as_logged_in_user user do
user.pref.self_notified = false
[35507] Allow global permission to add and edit users (#8937) * Add global permission for add_user * Rename fieldset for global roles to "Global" * Add permission to admin actions * Add index action to add_user permission * Redirect to first admin item if only one * Hide status action for non admins * Break down user form into partials for easier rendering * Disable some user form tabs for non-admins * Make users API and services conformant with endpoints * Fix references to DeleteService#deletion_allowed? * Authorize add_user on show as well * Only show invite user toolbar item with permission * Fix Delete Service spec * Fix the way user prefs are handled in service * Ensure session_id is treated as string This causes a cast error otherwise as it passes rack session locally * Fix service call on onboarding controller * Fix service call on users controller * Add delete spec for global user * Hide login attribute again when adding a new user * Render auth source correctly in simple form * Fix creating invited users through service The invitation requires the mail attribute to be present. Previously, there was a manual error added to the mail. As the errors are now determined by the contract + model, we now end up with all missing properties as errors. * Properly constraint attributes for non-admins * Add specs for global user * Start working on how to update password from UsersController that code is a mess... * Change permitted_params spec to include non-admin params * Fix create user service spec * Remove mail_notification param from users controller It's not part of the contract/params passed to user * Remove todos * Extend docs * Correct the way backlogs patches into the user settings * Remove superfluous UpdateUserService * Rewrite duplicated update service examples into common shared example * Remove duplicate password writable check * Base Users::DeleteContract on base delete contract * Move checks for active users into the UserAllowedService * Restore password writable check as it is not an attribute * Fix menus for global user * Allow global users to add custom fields * Allow global user add permission to reinvite user * Fix changed var name in update service spec * Ensure also invited or registered users can be authroized This ensure that e.g., invited users can also be set as watchers * fix typo Co-authored-by: ulferts <jens.ulferts@googlemail.com>
4 years ago
user.pref.auto_hide_popups = true
reremove line accidentally readded by merge dc3337a
9 years ago
[35507] Allow global permission to add and edit users (#8937) * Add global permission for add_user * Rename fieldset for global roles to "Global" * Add permission to admin actions * Add index action to add_user permission * Redirect to first admin item if only one * Hide status action for non admins * Break down user form into partials for easier rendering * Disable some user form tabs for non-admins * Make users API and services conformant with endpoints * Fix references to DeleteService#deletion_allowed? * Authorize add_user on show as well * Only show invite user toolbar item with permission * Fix Delete Service spec * Fix the way user prefs are handled in service * Ensure session_id is treated as string This causes a cast error otherwise as it passes rack session locally * Fix service call on onboarding controller * Fix service call on users controller * Add delete spec for global user * Hide login attribute again when adding a new user * Render auth source correctly in simple form * Fix creating invited users through service The invitation requires the mail attribute to be present. Previously, there was a manual error added to the mail. As the errors are now determined by the contract + model, we now end up with all missing properties as errors. * Properly constraint attributes for non-admins * Add specs for global user * Start working on how to update password from UsersController that code is a mess... * Change permitted_params spec to include non-admin params * Fix create user service spec * Remove mail_notification param from users controller It's not part of the contract/params passed to user * Remove todos * Extend docs * Correct the way backlogs patches into the user settings * Remove superfluous UpdateUserService * Rewrite duplicated update service examples into common shared example * Remove duplicate password writable check * Base Users::DeleteContract on base delete contract * Move checks for active users into the UserAllowedService * Restore password writable check as it is not an attribute * Fix menus for global user * Allow global users to add custom fields * Allow global user add permission to reinvite user * Fix changed var name in update service spec * Ensure also invited or registered users can be authroized This ensure that e.g., invited users can also be set as watchers * fix typo Co-authored-by: ulferts <jens.ulferts@googlemail.com>
4 years ago
patch :update_settings, params: { user: { language: 'en' }, pref: { auto_hide_popups: 0 } }
reremove line accidentally readded by merge dc3337a
9 years ago
end
end
[35507] Allow global permission to add and edit users (#8937) * Add global permission for add_user * Rename fieldset for global roles to "Global" * Add permission to admin actions * Add index action to add_user permission * Redirect to first admin item if only one * Hide status action for non admins * Break down user form into partials for easier rendering * Disable some user form tabs for non-admins * Make users API and services conformant with endpoints * Fix references to DeleteService#deletion_allowed? * Authorize add_user on show as well * Only show invite user toolbar item with permission * Fix Delete Service spec * Fix the way user prefs are handled in service * Ensure session_id is treated as string This causes a cast error otherwise as it passes rack session locally * Fix service call on onboarding controller * Fix service call on users controller * Add delete spec for global user * Hide login attribute again when adding a new user * Render auth source correctly in simple form * Fix creating invited users through service The invitation requires the mail attribute to be present. Previously, there was a manual error added to the mail. As the errors are now determined by the contract + model, we now end up with all missing properties as errors. * Properly constraint attributes for non-admins * Add specs for global user * Start working on how to update password from UsersController that code is a mess... * Change permitted_params spec to include non-admin params * Fix create user service spec * Remove mail_notification param from users controller It's not part of the contract/params passed to user * Remove todos * Extend docs * Correct the way backlogs patches into the user settings * Remove superfluous UpdateUserService * Rewrite duplicated update service examples into common shared example * Remove duplicate password writable check * Base Users::DeleteContract on base delete contract * Move checks for active users into the UserAllowedService * Restore password writable check as it is not an attribute * Fix menus for global user * Allow global users to add custom fields * Allow global user add permission to reinvite user * Fix changed var name in update service spec * Ensure also invited or registered users can be authroized This ensure that e.g., invited users can also be set as watchers * fix typo Co-authored-by: ulferts <jens.ulferts@googlemail.com>
4 years ago
it 'updates the settings appropriately', :aggregate_failures do
expect(assigns(:user).language).to eq 'en'
reremove line accidentally readded by merge dc3337a
9 years ago
expect(assigns(:user).pref.self_notified?).to be_falsey
[35507] Allow global permission to add and edit users (#8937) * Add global permission for add_user * Rename fieldset for global roles to "Global" * Add permission to admin actions * Add index action to add_user permission * Redirect to first admin item if only one * Hide status action for non admins * Break down user form into partials for easier rendering * Disable some user form tabs for non-admins * Make users API and services conformant with endpoints * Fix references to DeleteService#deletion_allowed? * Authorize add_user on show as well * Only show invite user toolbar item with permission * Fix Delete Service spec * Fix the way user prefs are handled in service * Ensure session_id is treated as string This causes a cast error otherwise as it passes rack session locally * Fix service call on onboarding controller * Fix service call on users controller * Add delete spec for global user * Hide login attribute again when adding a new user * Render auth source correctly in simple form * Fix creating invited users through service The invitation requires the mail attribute to be present. Previously, there was a manual error added to the mail. As the errors are now determined by the contract + model, we now end up with all missing properties as errors. * Properly constraint attributes for non-admins * Add specs for global user * Start working on how to update password from UsersController that code is a mess... * Change permitted_params spec to include non-admin params * Fix create user service spec * Remove mail_notification param from users controller It's not part of the contract/params passed to user * Remove todos * Extend docs * Correct the way backlogs patches into the user settings * Remove superfluous UpdateUserService * Rewrite duplicated update service examples into common shared example * Remove duplicate password writable check * Base Users::DeleteContract on base delete contract * Move checks for active users into the UserAllowedService * Restore password writable check as it is not an attribute * Fix menus for global user * Allow global users to add custom fields * Allow global user add permission to reinvite user * Fix changed var name in update service spec * Ensure also invited or registered users can be authroized This ensure that e.g., invited users can also be set as watchers * fix typo Co-authored-by: ulferts <jens.ulferts@googlemail.com>
4 years ago
expect(assigns(:user).pref.auto_hide_popups?).to be_falsey
reremove line accidentally readded by merge dc3337a
9 years ago
Handle correct redirecting and minor styling issues
7 years ago
expect(request.path).to eq(my_settings_path)
reremove line accidentally readded by merge dc3337a
9 years ago
expect(flash[:notice]).to eql I18n.t(:notice_account_updated)
end
Show error message when account cannot be updated
5 years ago
context 'when user is invalid' do
let(:user) do
FactoryBot.create(:user).tap do |u|
u.update_column(:mail, 'something invalid')
end
end
it 'shows a flash error' do
expect(flash[:error]).to include 'Email is invalid.'
expect(request.path).to eq(my_settings_path)
end
end
reremove line accidentally readded by merge dc3337a
9 years ago
end
end
Auto hide popups. https://community.openproject.com/work_packages/24152
8 years ago
describe 'settings:auto_hide_popups' do
context 'with render_views' do
before do
as_logged_in_user user do
get :settings
end
end
render_views
it 'renders auto hide popups checkbox' do
expect(response.body).to have_selector('#my_account_form #pref_auto_hide_popups')
end
end
context 'PATCH' do
before do
as_logged_in_user user do
user.pref.auto_hide_popups = false
Invalidate session,s extract passwords flow into services
6 years ago
patch :update_settings, params: { user: { language: 'en' } }
Auto hide popups. https://community.openproject.com/work_packages/24152
8 years ago
end
end
end
end
spec: don't show "change password" menu entry
10 years ago
describe 'account with disabled password login' do
before do
Convert specs to RSpec 2.99.0 syntax with Transpec This conversion is done by Transpec 2.3.6 with the following command: transpec -f * 66 conversions from: it { should ... } to: it { is_expected.to ... } * 53 conversions from: obj.stub(:message) to: allow(obj).to receive(:message) * 20 conversions from: == expected to: eq(expected) * 19 conversions from: obj.should to: expect(obj).to * 7 conversions from: describe 'some request' { } to: describe 'some request', :type => :request { } * 7 conversions from: describe 'some routing' { } to: describe 'some routing', :type => :routing { } * 7 conversions from: its(:attr) { } to: describe '#attr' do subject { super().attr }; it { } end * 5 conversions from: obj.should_not to: expect(obj).not_to * 4 conversions from: describe 'some view' { } to: describe 'some view', :type => :view { } * 3 conversions from: be_true to: be_truthy * 2 conversions from: describe 'some model' { } to: describe 'some model', :type => :model { } * 2 conversions from: its([:key]) { } to: describe '[:key]' do subject { super()[:key] }; it { } end * 2 conversions from: obj.should_receive(:message) to: expect(obj).to receive(:message) * 1 conversion from: be_false to: be_falsey * 1 conversion from: describe 'some controller' { } to: describe 'some controller', :type => :controller { } * 1 conversion from: describe 'some feature' { } to: describe 'some feature', :type => :feature { } * 1 conversion from: it { should_not ... } to: it { is_expected.not_to ... } For more details: https://github.com/yujinakayama/transpec#supported-conversions
10 years ago
allow(OpenProject::Configuration).to receive(:disable_password_login?).and_return(true)
spec: don't show "change password" menu entry
10 years ago
as_logged_in_user user do
get :account
end
end
render_views
it "does not render 'Change password' menu entry" do
expect(response.body).not_to have_selector('#menu-sidebar li a', text: 'Change password')
Rewrote a test to a spec so it can be disabled by the profile_surveys plugin
11 years ago
end
end
spec display of number of reported work packages
11 years ago
Implement HashedToken (ExtendedToken from MOTP) in Core
7 years ago
describe 'access_tokens' do
describe 'rss' do
it 'creates a key' do
expect(user.rss_token).to eq(nil)
post :generate_rss_key
expect(user.reload.rss_token).to be_present
Use flash info
6 years ago
expect(flash[:info]).to be_present
Implement HashedToken (ExtendedToken from MOTP) in Core
7 years ago
expect(flash[:error]).not_to be_present
expect(response).to redirect_to action: :access_token
end
context 'with existing key' do
rename and inflect according to zeitwerk
5 years ago
let!(:key) { ::Token::RSS.create user: user }
Implement HashedToken (ExtendedToken from MOTP) in Core
7 years ago
it 'replaces the key' do
expect(user.rss_token).to eq(key)
post :generate_rss_key
new_token = user.reload.rss_token
expect(new_token).not_to eq(key)
expect(new_token.value).not_to eq(key.value)
expect(new_token.value).to eq(user.rss_key)
Use flash info
6 years ago
expect(flash[:info]).to be_present
Implement HashedToken (ExtendedToken from MOTP) in Core
7 years ago
expect(flash[:error]).not_to be_present
expect(response).to redirect_to action: :access_token
end
end
end
describe 'api' do
context 'with no existing key' do
it 'creates a key' do
expect(user.api_token).to eq(nil)
post :generate_api_key
new_token = user.reload.api_token
expect(new_token).to be_present
Use flash info
6 years ago
expect(flash[:info]).to be_present
Implement HashedToken (ExtendedToken from MOTP) in Core
7 years ago
expect(flash[:error]).not_to be_present
expect(response).to redirect_to action: :access_token
end
end
context 'with existing key' do
rename and inflect according to zeitwerk
5 years ago
let!(:key) { ::Token::API.create user: user }
Implement HashedToken (ExtendedToken from MOTP) in Core
7 years ago
it 'replaces the key' do
expect(user.reload.api_token).to eq(key)
post :generate_api_key
new_token = user.reload.api_token
expect(new_token).not_to eq(key)
expect(new_token.value).not_to eq(key.value)
Use flash info
6 years ago
expect(flash[:info]).to be_present
Implement HashedToken (ExtendedToken from MOTP) in Core
7 years ago
expect(flash[:error]).not_to be_present
expect(response).to redirect_to action: :access_token
end
end
end
end
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
end