openproject/spec/models/user_spec.rb

#-- copyright
# OpenProject is a project management system.
# Copyright (C) 2012-2014 the OpenProject Foundation (OPF)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2013 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
#
# See doc/COPYRIGHT.rdoc for more details.
#++

require 'spec_helper'

describe User do
  let(:user) { FactoryGirl.build(:user) }
  let(:project) { FactoryGirl.create(:project_with_types) }
  let(:role) { FactoryGirl.create(:role, :permissions => [:view_work_packages]) }
  let(:member) { FactoryGirl.build(:member, :project => project,
                                        :roles => [role],
                                        :principal => user) }
  let(:status) { FactoryGirl.create(:status) }
  let(:issue) { FactoryGirl.build(:work_package, :type => project.types.first,
                                      :author => user,
                                      :project => project,
                                      :status => status) }


  describe 'a user with a long login (<= 256 chars)' do
    it 'is valid' do
      user.login = 'a' * 256
      user.should be_valid
    end

    it 'may be stored in the database' do
      user.login = 'a' * 256
      user.save.should be_true
    end

    it 'may be loaded from the database' do
      user.login = 'a' * 256
      user.save

      User.find_by_login('a' * 256).should == user
    end
  end

  describe 'a user with and overly long login (> 256 chars)' do
    it 'is invalid' do
      user.login = 'a' * 257
      user.should_not be_valid
    end

    it 'may not be stored in the database' do
      user.login = 'a' * 257
      user.save.should be_false
    end

  end


  describe :assigned_issues do
    before do
      user.save!
    end

    describe "WHEN the user has an issue assigned" do
      before do
        member.save!

        issue.assigned_to = user
        issue.save!
      end

      it { user.assigned_issues.should == [issue] }
    end

    describe "WHEN the user has no issue assigned" do
      before do
        member.save!

        issue.save!
      end

      it { user.assigned_issues.should == [] }
    end
  end

  describe :blocked do
    let!(:blocked_user) do
      FactoryGirl.create(:user,
                         :failed_login_count => 3,
                         :last_failed_login_on => Time.now)
    end

    before do
      user.save!
      Setting.stub(:brute_force_block_after_failed_logins).and_return(3)
      Setting.stub(:brute_force_block_minutes).and_return(30)
    end

    it 'should return the single blocked user' do
      User.blocked.length.should == 1
      User.blocked.first.id.should == blocked_user.id
    end
  end

  describe :watches do
    before do
      user.save!
    end

    describe "WHEN the user is watching" do
      let(:watcher) { Watcher.new(:watchable => issue,
                                  :user => user) }

      before do
        issue.save!
        member.save!
        user.reload # the user object needs to know of its membership for the watcher to be valid
        watcher.save!
      end

      it { user.watches.should == [watcher] }
    end

    describe "WHEN the user isn't watching" do
      before do
        issue.save!
      end

      it { user.watches.should == [] }
    end
  end

  describe 'user create with empty password' do
    before do
      @u = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
      @u.login = "new_user"
      @u.password, @u.password_confirmation = "", ""
      @u.save
    end

    it { @u.valid?.should be_false }
    it { @u.errors[:password].should include I18n.t('activerecord.errors.messages.too_short', :count => Setting.password_min_length.to_i) }
  end

  describe '#random_password' do
    before do
      @u = User.new
      @u.password.should be_nil
      @u.password_confirmation.should be_nil
      @u.random_password!
    end

    it { @u.password.should_not be_blank }
    it { @u.password_confirmation.should_not be_blank }
    it { @u.force_password_change.should be_true}
  end

  describe :try_authentication_for_existing_user do
    def build_user_double_with_expired_password(is_expired)
      user_double = double('User')
      user_double.stub(:check_password?) { true }
      user_double.stub(:active?) { true }
      user_double.stub(:auth_source) { nil }
      user_double.stub(:force_password_change) { false }

      # check for expired password should always happen
      user_double.should_receive(:password_expired?) { is_expired }

      user_double
    end

    it 'should not allow login with an expired password' do
      user_double = build_user_double_with_expired_password(true)

      # use !! to ensure value is boolean
      (!!User.try_authentication_for_existing_user(user_double, 'anypassword')).should \
        == false
    end
    it 'should allow login with a not expired password' do
      user_double = build_user_double_with_expired_password(false)

      # use !! to ensure value is boolean
      (!!User.try_authentication_for_existing_user(user_double, 'anypassword')).should \
        == true
    end

    context 'with an external auth source' do
      let(:auth_source) { FactoryGirl.build(:auth_source) }
      let(:user_with_external_auth_source) do
        user = FactoryGirl.build(:user, :login => 'user')
        user.stub(:auth_source).and_return(auth_source)
        user
      end

      context 'and successful external authentication' do
        before do
          auth_source.should_receive(:authenticate).with('user', 'password').and_return(true)
        end

        it 'should succeed' do
          User.try_authentication_for_existing_user(user_with_external_auth_source, 'password').
            should == user_with_external_auth_source
        end
      end

      context 'and failing external authentication' do
        before do
          auth_source.should_receive(:authenticate).with('user', 'password').and_return(false)
        end

        it 'should fail when the authentication fails' do
          User.try_authentication_for_existing_user(user_with_external_auth_source, 'password').
            should == nil
        end
      end
    end
  end

  describe '.system' do
    context 'no SystemUser exists' do
      before do
        SystemUser.delete_all
      end

      it 'creates a SystemUser' do
        lambda do
          system_user = User.system
          system_user.new_record?.should be_false
          system_user.is_a?(SystemUser).should be_true
        end.should change(User, :count).by(1)
      end
    end

    context 'a SystemUser exists' do
      before do
        @u = User.system
        SystemUser.first.should == @u
      end

      it 'returns existing SystemUser'  do
        lambda do
          system_user = User.system
          system_user.should == @u
        end.should change(User, :count).by(0)
      end
    end
  end

  describe ".default_admin_account_deleted_or_changed?" do
    let(:default_admin) { FactoryGirl.build(:user, :login => 'admin', :password => 'admin', :password_confirmation => 'admin', :admin => true) }

    before do
      Setting.password_min_length = 5
    end

    context "default admin account exists with default password" do
      before do
        default_admin.save
      end
      it { User.default_admin_account_changed?.should be_false }
    end

    context "default admin account exists with changed password" do
      before do
        default_admin.update_attribute :password, 'dafaultAdminPwd'
        default_admin.update_attribute :password_confirmation, 'dafaultAdminPwd'
        default_admin.save
      end

      it { User.default_admin_account_changed?.should be_true }
    end

    context "default admin account was deleted" do
      before do
        default_admin.save
        default_admin.delete
      end

      it { User.default_admin_account_changed?.should be_true }
    end

    context "default admin account was disabled" do
      before do
        default_admin.status = User::STATUSES[:locked]
        default_admin.save
      end

      it { User.default_admin_account_changed?.should be_true }
    end
  end

  describe ".find_by_rss_key" do
    before do
      @rss_key = user.rss_key
    end

    context "feeds enabled" do
      before do
        Setting.stub(:feeds_enabled?).and_return(true)
      end

      it { User.find_by_rss_key(@rss_key).should == user }
    end

    context "feeds disabled" do
      before do
        Setting.stub(:feeds_enabled?).and_return(false)
      end

      it { User.find_by_rss_key(@rss_key).should == nil }
    end
  end

  describe '#impaired?' do
    let(:anonymous) { FactoryGirl.create(:anonymous)}
    let(:user) { FactoryGirl.create(:user)}

    context 'anonymous user with accessibility mode disabled for anonymous users' do
      before do
        Setting.stub(:accessibility_mode_for_anonymous?).and_return(false)
      end

      it { anonymous.impaired?.should be_false }
    end

    context 'anonymous user with accessibility mode enabled for anonymous users' do
      before do
        Setting.stub(:accessibility_mode_for_anonymous?).and_return(true)
      end

      it { anonymous.impaired?.should be_true }
    end

    context 'not impaired user' do
      it { user.impaired?.should be_false }
    end

    context 'impaired user' do
      before do
        user.pref[:impaired] = true
      end

      it { user.impaired?.should be_true }
    end
  end
end
provide every possible file with a short copyright notice This was done using the rake task: rake copyright:update 12 years ago			`#-- copyright`
			`# OpenProject is a project management system.`
updates copyright headers updates more copyright more copyright headers 11 years ago			`# Copyright (C) 2012-2014 the OpenProject Foundation (OPF)`
provide every possible file with a short copyright notice This was done using the rake task: rake copyright:update 12 years ago			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of the GNU General Public License version 3.`
			`#`
new copyright header #1903 11 years ago			`# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:`
			`# Copyright (C) 2006-2013 Jean-Philippe Lang`
			`# Copyright (C) 2010-2013 the ChiliProject Team`
			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of the GNU General Public License`
			`# as published by the Free Software Foundation; either version 2`
			`# of the License, or (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program; if not, write to the Free Software`
			`# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.`
			`#`
provide every possible file with a short copyright notice This was done using the rake task: rake copyright:update 12 years ago			`# See doc/COPYRIGHT.rdoc for more details.`
			`#++`

just require 'spec_helper' 12 years ago			`require 'spec_helper'`
migrate specs from core_tests as of revision 2f2aff7 on github remote 12 years ago
			`describe User do`
			`let(:user) { FactoryGirl.build(:user) }`
Renames Tracker into Type. 11 years ago			`let(:project) { FactoryGirl.create(:project_with_types) }`
Adapt references to work package 12 years ago			`let(:role) { FactoryGirl.create(:role, :permissions => [:view_work_packages]) }`
migrate specs from core_tests as of revision 2f2aff7 on github remote 12 years ago			`let(:member) { FactoryGirl.build(:member, :project => project,`
			`:roles => [role],`
			`:principal => user) }`
Renames IssueStatus to Status 11 years ago			`let(:status) { FactoryGirl.create(:status) }`
Removes issue factory. As well as all occurances of Factory.create(:issue) 11 years ago			`let(:issue) { FactoryGirl.build(:work_package, :type => project.types.first,`
migrate specs from core_tests as of revision 2f2aff7 on github remote 12 years ago			`:author => user,`
			`:project => project,`
Renames IssueStatus to Status 11 years ago			`:status => status) }`
migrate specs from core_tests as of revision 2f2aff7 on github remote 12 years ago
migrate longer logins plugin to core 12 years ago

			`describe 'a user with a long login (<= 256 chars)' do`
			`it 'is valid' do`
			`user.login = 'a' * 256`
			`user.should be_valid`
			`end`

			`it 'may be stored in the database' do`
			`user.login = 'a' * 256`
			`user.save.should be_true`
			`end`

			`it 'may be loaded from the database' do`
			`user.login = 'a' * 256`
			`user.save`

			`User.find_by_login('a' * 256).should == user`
			`end`
			`end`

			`describe 'a user with and overly long login (> 256 chars)' do`
			`it 'is invalid' do`
			`user.login = 'a' * 257`
			`user.should_not be_valid`
			`end`

			`it 'may not be stored in the database' do`
			`user.login = 'a' * 257`
			`user.save.should be_false`
			`end`

			`end`


migrate specs from core_tests as of revision 2f2aff7 on github remote 12 years ago			`describe :assigned_issues do`
			`before do`
			`user.save!`
			`end`

			`describe "WHEN the user has an issue assigned" do`
			`before do`
			`member.save!`

			`issue.assigned_to = user`
in tests it's better to fail early and raise an exception when a record is invalid when it shouldn't 12 years ago			`issue.save!`
migrate specs from core_tests as of revision 2f2aff7 on github remote 12 years ago			`end`

			`it { user.assigned_issues.should == [issue] }`
			`end`

			`describe "WHEN the user has no issue assigned" do`
			`before do`
in tests it's better to fail early and raise an exception when a record is invalid when it shouldn't 12 years ago			`member.save!`
migrate specs from core_tests as of revision 2f2aff7 on github remote 12 years ago
in tests it's better to fail early and raise an exception when a record is invalid when it shouldn't 12 years ago			`issue.save!`
migrate specs from core_tests as of revision 2f2aff7 on github remote 12 years ago			`end`

			`it { user.assigned_issues.should == [] }`
			`end`
			`end`

Add spec and cukes 11 years ago			`describe :blocked do`
			`let!(:blocked_user) do`
			`FactoryGirl.create(:user,`
			`:failed_login_count => 3,`
			`:last_failed_login_on => Time.now)`
			`end`

			`before do`
			`user.save!`
replace deprecated stub! with stub 11 years ago			`Setting.stub(:brute_force_block_after_failed_logins).and_return(3)`
			`Setting.stub(:brute_force_block_minutes).and_return(30)`
Add spec and cukes 11 years ago			`end`

			`it 'should return the single blocked user' do`
			`User.blocked.length.should == 1`
			`User.blocked.first.id.should == blocked_user.id`
			`end`
			`end`

migrate specs from core_tests as of revision 2f2aff7 on github remote 12 years ago			`describe :watches do`
			`before do`
			`user.save!`
			`end`

			`describe "WHEN the user is watching" do`
			`let(:watcher) { Watcher.new(:watchable => issue,`
			`:user => user) }`

			`before do`
in tests it's better to fail early and raise an exception when a record is invalid when it shouldn't 12 years ago			`issue.save!`
fix random failing spec 12 years ago			`member.save!`
Refactor watcher validation of a user's permission to watch 11 years ago			`user.reload # the user object needs to know of its membership for the watcher to be valid`
in tests it's better to fail early and raise an exception when a record is invalid when it shouldn't 12 years ago			`watcher.save!`
migrate specs from core_tests as of revision 2f2aff7 on github remote 12 years ago			`end`

			`it { user.watches.should == [watcher] }`
			`end`

			`describe "WHEN the user isn't watching" do`
			`before do`
in tests it's better to fail early and raise an exception when a record is invalid when it shouldn't 12 years ago			`issue.save!`
migrate specs from core_tests as of revision 2f2aff7 on github remote 12 years ago			`end`

			`it { user.watches.should == [] }`
			`end`
			`end`
fix user create with empty pwd - fixed wrong condition in users pwd validation methode 12 years ago
			`describe 'user create with empty password' do`
			`before do`
			`@u = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")`
			`@u.login = "new_user"`
			`@u.password, @u.password_confirmation = "", ""`
			`@u.save`
			`end`

			`it { @u.valid?.should be_false }`
			`it { @u.errors[:password].should include I18n.t('activerecord.errors.messages.too_short', :count => Setting.password_min_length.to_i) }`
			`end`
changed user#random_password - new random password generation - moved random_password test to spec 12 years ago
			`describe '#random_password' do`
			`before do`
			`@u = User.new`
			`@u.password.should be_nil`
			`@u.password_confirmation.should be_nil`
Improve password complexity requirements Add a new Passwords module, which evaluates and generates passwords. Adapt User to use this module. In addition to checking the length, the module verifies that a password contains a certain number of character classes like uppercase/lowercase. These classes can be configured in the authentication settings. Also increase the default minimum password length from 4 to 10. 12 years ago			`@u.random_password!`
changed user#random_password - new random password generation - moved random_password test to spec 12 years ago			`end`

			`it { @u.password.should_not be_blank }`
			`it { @u.password_confirmation.should_not be_blank }`
User spec: check force password change after random password assignment 11 years ago			`it { @u.force_password_change.should be_true}`
changed user#random_password - new random password generation - moved random_password test to spec 12 years ago			`end`
added SystemUser - sometimes we need an existing user eg. for migrations - it is possible to execute a block in the context of this SystemUser 12 years ago
Add password expiry check Conflicts: doc/CHANGELOG.md 11 years ago			`describe :try_authentication_for_existing_user do`
Improve specs for password expiry 11 years ago			`def build_user_double_with_expired_password(is_expired)`
Add password expiry check Conflicts: doc/CHANGELOG.md 11 years ago			`user_double = double('User')`
Improve specs for password expiry 11 years ago			`user_double.stub(:check_password?) { true }`
Add password expiry check Conflicts: doc/CHANGELOG.md 11 years ago			`user_double.stub(:active?) { true }`
			`user_double.stub(:auth_source) { nil }`
			`user_double.stub(:force_password_change) { false }`

			`# check for expired password should always happen`
Improve specs for password expiry 11 years ago			`user_double.should_receive(:password_expired?) { is_expired }`
Add password expiry check Conflicts: doc/CHANGELOG.md 11 years ago
			`user_double`
			`end`

			`it 'should not allow login with an expired password' do`
			`user_double = build_user_double_with_expired_password(true)`

			`# use !! to ensure value is boolean`
			`(!!User.try_authentication_for_existing_user(user_double, 'anypassword')).should \`
			`== false`
			`end`
			`it 'should allow login with a not expired password' do`
			`user_double = build_user_double_with_expired_password(false)`

			`# use !! to ensure value is boolean`
			`(!!User.try_authentication_for_existing_user(user_double, 'anypassword')).should \`
			`== true`
			`end`
Fix LDAP authentication 11 years ago
			`context 'with an external auth source' do`
			`let(:auth_source) { FactoryGirl.build(:auth_source) }`
			`let(:user_with_external_auth_source) do`
			`user = FactoryGirl.build(:user, :login => 'user')`
			`user.stub(:auth_source).and_return(auth_source)`
			`user`
			`end`

			`context 'and successful external authentication' do`
			`before do`
			`auth_source.should_receive(:authenticate).with('user', 'password').and_return(true)`
			`end`

			`it 'should succeed' do`
			`User.try_authentication_for_existing_user(user_with_external_auth_source, 'password').`
			`should == user_with_external_auth_source`
			`end`
			`end`

			`context 'and failing external authentication' do`
			`before do`
			`auth_source.should_receive(:authenticate).with('user', 'password').and_return(false)`
			`end`

			`it 'should fail when the authentication fails' do`
			`User.try_authentication_for_existing_user(user_with_external_auth_source, 'password').`
			`should == nil`
			`end`
			`end`
			`end`
Add password expiry check Conflicts: doc/CHANGELOG.md 11 years ago			`end`

added SystemUser - sometimes we need an existing user eg. for migrations - it is possible to execute a block in the context of this SystemUser 12 years ago			`describe '.system' do`
			`context 'no SystemUser exists' do`
			`before do`
			`SystemUser.delete_all`
			`end`

			`it 'creates a SystemUser' do`
			`lambda do`
			`system_user = User.system`
			`system_user.new_record?.should be_false`
			`system_user.is_a?(SystemUser).should be_true`
			`end.should change(User, :count).by(1)`
			`end`
			`end`

			`context 'a SystemUser exists' do`
			`before do`
			`@u = User.system`
			`SystemUser.first.should == @u`
			`end`

			`it 'returns existing SystemUser' do`
			`lambda do`
			`system_user = User.system`
			`system_user.should == @u`
			`end.should change(User, :count).by(0)`
			`end`
			`end`
			`end`
changed check for default admin account - works now with deleted default admin user - with disabled default admin user - added specs 11 years ago
			`describe ".default_admin_account_deleted_or_changed?" do`
			`let(:default_admin) { FactoryGirl.build(:user, :login => 'admin', :password => 'admin', :password_confirmation => 'admin', :admin => true) }`

			`before do`
			`Setting.password_min_length = 5`
			`end`

			`context "default admin account exists with default password" do`
			`before do`
			`default_admin.save`
			`end`
			`it { User.default_admin_account_changed?.should be_false }`
			`end`

			`context "default admin account exists with changed password" do`
			`before do`
			`default_admin.update_attribute :password, 'dafaultAdminPwd'`
			`default_admin.update_attribute :password_confirmation, 'dafaultAdminPwd'`
			`default_admin.save`
			`end`

			`it { User.default_admin_account_changed?.should be_true }`
			`end`

			`context "default admin account was deleted" do`
			`before do`
			`default_admin.save`
			`default_admin.delete`
			`end`

			`it { User.default_admin_account_changed?.should be_true }`
			`end`

			`context "default admin account was disabled" do`
			`before do`
			`default_admin.status = User::STATUSES[:locked]`
			`default_admin.save`
			`end`

			`it { User.default_admin_account_changed?.should be_true }`
			`end`
			`end`
added test for disabled atom feeds 11 years ago
			`describe ".find_by_rss_key" do`
			`before do`
			`@rss_key = user.rss_key`
			`end`

			`context "feeds enabled" do`
			`before do`
changed feed setting to enabled instead of disabled 11 years ago			`Setting.stub(:feeds_enabled?).and_return(true)`
added test for disabled atom feeds 11 years ago			`end`

			`it { User.find_by_rss_key(@rss_key).should == user }`
			`end`

			`context "feeds disabled" do`
			`before do`
changed feed setting to enabled instead of disabled 11 years ago			`Setting.stub(:feeds_enabled?).and_return(false)`
added test for disabled atom feeds 11 years ago			`end`

			`it { User.find_by_rss_key(@rss_key).should == nil }`
			`end`
			`end`
Reactivate accessibility css - Added setting to turn accessibility mode on/off for not logged in users 11 years ago
			`describe '#impaired?' do`
			`let(:anonymous) { FactoryGirl.create(:anonymous)}`
			`let(:user) { FactoryGirl.create(:user)}`

			`context 'anonymous user with accessibility mode disabled for anonymous users' do`
			`before do`
			`Setting.stub(:accessibility_mode_for_anonymous?).and_return(false)`
			`end`

			`it { anonymous.impaired?.should be_false }`
			`end`

			`context 'anonymous user with accessibility mode enabled for anonymous users' do`
			`before do`
			`Setting.stub(:accessibility_mode_for_anonymous?).and_return(true)`
			`end`

			`it { anonymous.impaired?.should be_true }`
			`end`

			`context 'not impaired user' do`
			`it { user.impaired?.should be_false }`
			`end`

			`context 'impaired user' do`
			`before do`
			`user.pref[:impaired] = true`
			`end`

			`it { user.impaired?.should be_true }`
			`end`
			`end`
migrate specs from core_tests as of revision 2f2aff7 on github remote 12 years ago			`end`