TheDude
/
openproject
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
OpenProject is the leading open source project management software.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
58374 Commits
139 Branches
203 Tags
1.2 GiB
Tag: Branch: Tree: 2de9166070
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2de9166070'
${ noResults }
openproject/spec/controllers/account_controller_spec.rb

1074 lines
32 KiB
Raw Normal View History Unescape

Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
#-- copyright
Update copyright notice
5 years ago
# OpenProject is an open source project management software.
update copyright to 2021 (#8925) Updates the copyright to 2021 for all files that have a copyright. Files in our source code without the copyright header still do not receive one automatically. Additionally, backlisted files are also excluded. Previously the copyright of chiliproject which references redmine stated a copyright of redmine up to and including 2017 which is not true for the code we have in here. Because of that I changed that to 2013
4 years ago
# Copyright (C) 2012-2021 the OpenProject GmbH
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
new copyright header #1903
11 years ago
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
update copyright to 2021 (#8925) Updates the copyright to 2021 for all files that have a copyright. Files in our source code without the copyright header still do not receive one automatically. Additionally, backlisted files are also excluded. Previously the copyright of chiliproject which references redmine stated a copyright of redmine up to and including 2017 which is not true for the code we have in here. Because of that I changed that to 2013
4 years ago
# Copyright (C) 2006-2013 Jean-Philippe Lang
new copyright header #1903
11 years ago
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
Bump copyright to 2018 (#6171) [ci skip]
7 years ago
# See docs/COPYRIGHT.rdoc for more details.
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
#++
require 'spec_helper'
Use 1.9+ Hash syntax in specs Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
describe AccountController, type: :controller do
added hooks for user registration and first login
5 years ago
class UserHook < Redmine::Hook::ViewListener
attr_reader :registered_user
attr_reader :first_login_user
def user_registered(context)
@registered_user = context[:user]
end
def user_first_login(context)
@first_login_user = context[:user]
end
def reset!
@registered_user = nil
@first_login_user = nil
end
end
let(:hook) { UserHook.instance }
before do
hook.reset!
end
FactoryGirl => FactoryBot Removes the deprecation
7 years ago
let(:user) { FactoryBot.build_stubbed(:user) }
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
Replace legacy account controller spec
7 years ago
context 'GET #login' do
Fix/back url when already logged in (#6166) * use the provided back url when already logged in But check the validity of the back_url to not be used maliciously to redirect users to pages outside our host * minor coding style improvements [ci skip]
7 years ago
let(:setup) {}
let(:params) { {} }
before do
setup
get :login, params: params
end
Replace legacy account controller spec
7 years ago
it 'renders the view' do
expect(response).to render_template 'login'
Replace deprecated controller success? with succesful?
6 years ago
expect(response).to be_successful
Replace legacy account controller spec
7 years ago
end
Fix/back url when already logged in (#6166) * use the provided back url when already logged in But check the validity of the back_url to not be used maliciously to redirect users to pages outside our host * minor coding style improvements [ci skip]
7 years ago
context 'user already logged in' do
let(:setup) { login_as user }
it 'redirects to home' do
expect(response)
.to redirect_to my_page_path
end
end
context 'user already logged in and back url present' do
let(:setup) { login_as user }
let(:params) { { back_url: "/projects" } }
it 'redirects to back_url value' do
expect(response)
.to redirect_to projects_path
end
end
context 'user already logged in and invalid back url present' do
let(:setup) { login_as user }
let(:params) { { back_url: 'http://test.foo/work_packages/show/1' } }
it 'redirects to home' do
expect(response).to redirect_to my_page_path
end
end
Replace legacy account controller spec
7 years ago
end
linted AccountControllerSpec
11 years ago
context 'POST #login' do
Use AnyFixtures to generate fixtures from factories (#7230) Uses FactoryBot to keep and maintain specific records in a special transaction that does not get removed after each spec. They automatically are created whenever first hitting them. This makes an excellent time saver for items that are commonly used, such as an admin user account
5 years ago
using_shared_fixtures :admin
Rewrote login unit tests into specs
11 years ago
Replace legacy account controller spec
7 years ago
describe 'wrong password' do
it 'redirects back to login' do
post :login, params: { username: 'admin', password: 'bad' }
Replace deprecated controller success? with succesful?
6 years ago
expect(response).to be_successful
Replace legacy account controller spec
7 years ago
expect(response).to render_template 'login'
expect(flash[:error]).to include 'Invalid user or password'
end
end
added hooks for user registration and first login
5 years ago
context 'with first login' do
before do
admin.update first_login: true
post :login, params: { username: admin.login, password: 'adminADMIN!' }
end
it 'redirect to default path with ?first_time_user=true' do
expect(response).to redirect_to "/?first_time_user=true"
end
it 'calls the user_first_login hook' do
expect(hook.first_login_user).to eq admin
end
end
context 'without first login' do
before do
post :login, params: { username: admin.login, password: 'adminADMIN!' }
end
it 'redirect to the my page' do
expect(response).to redirect_to "/my/page"
end
it 'does not call the user_first_login hook' do
expect(hook.first_login_user).to be_nil
end
end
linted AccountControllerSpec
11 years ago
describe 'User logging in with back_url' do
it 'should redirect to a relative path' do
Fix params deprecation Fixes in spec/controllers: ``` DEPRECATION WARNING: ActionController::TestCase HTTP request methods will accept only keyword arguments in future Rails versions. ```
8 years ago
post :login,
params: { username: admin.login, password: 'adminADMIN!', back_url: '/' }
AccountController spec: Use route helpers for MyController
11 years ago
expect(response).to redirect_to root_path
convert tests to specs to be able to disable them in plugins
11 years ago
end
linted AccountControllerSpec
11 years ago
it 'should redirect to an absolute path given the same host' do
convert tests to specs to be able to disable them in plugins
11 years ago
# note: test.host is the hostname during tests
Fix params deprecation Fixes in spec/controllers: ``` DEPRECATION WARNING: ActionController::TestCase HTTP request methods will accept only keyword arguments in future Rails versions. ```
8 years ago
post :login,
params: {
username: admin.login,
password: 'adminADMIN!',
back_url: 'http://test.host/work_packages/show/1'
}
Rewrote login unit tests into specs
11 years ago
expect(response).to redirect_to '/work_packages/show/1'
end
linted AccountControllerSpec
11 years ago
it 'should not redirect to another host' do
Fix params deprecation Fixes in spec/controllers: ``` DEPRECATION WARNING: ActionController::TestCase HTTP request methods will accept only keyword arguments in future Rails versions. ```
8 years ago
post :login,
params: {
username: admin.login,
password: 'adminADMIN!',
back_url: 'http://test.foo/work_packages/show/1'
}
AccountController spec: Use route helpers for MyController
11 years ago
expect(response).to redirect_to my_page_path
convert tests to specs to be able to disable them in plugins
11 years ago
end
linted AccountControllerSpec
11 years ago
it 'should not redirect to another host with a protocol relative url' do
Fix params deprecation Fixes in spec/controllers: ``` DEPRECATION WARNING: ActionController::TestCase HTTP request methods will accept only keyword arguments in future Rails versions. ```
8 years ago
post :login,
params: {
username: admin.login,
password: 'adminADMIN!',
back_url: '//test.foo/fake'
}
AccountController spec: Use route helpers for MyController
11 years ago
expect(response).to redirect_to my_page_path
Rewrote login unit tests into specs
11 years ago
end
another logout back URL spec for good measure
10 years ago
it 'should not redirect to logout' do
Fix params deprecation Fixes in spec/controllers: ``` DEPRECATION WARNING: ActionController::TestCase HTTP request methods will accept only keyword arguments in future Rails versions. ```
8 years ago
post :login,
params: {
username: admin.login,
password: 'adminADMIN!',
back_url: '/logout'
}
another logout back URL spec for good measure
10 years ago
expect(response).to redirect_to my_page_path
end
linted AccountControllerSpec
11 years ago
it 'should create users on the fly' do
Fix order-dependent failure in account_controller_spec
8 years ago
allow(Setting).to receive(:self_registration).and_return('0')
allow(Setting).to receive(:self_registration?).and_return(false)
linted AccountControllerSpec
11 years ago
allow(AuthSource).to receive(:authenticate).and_return(login: 'foo',
firstname: 'Foo',
lastname: 'Smith',
mail: 'foo@bar.com',
auth_source_id: 66)
Fix params deprecation Fixes in spec/controllers: ``` DEPRECATION WARNING: ActionController::TestCase HTTP request methods will accept only keyword arguments in future Rails versions. ```
8 years ago
post :login, params: { username: 'foo', password: 'bar' }
Rewrite account test into a spec
11 years ago
[22987] [Onboarding] Getting started video screen (2) (#4464) * enable foundation.js * built foundation-apps.js using webpack * Add onboarding modal on button click * Fix specs and little bugs * Add show behavior for modal * Pass template data from Rails to zf-modal * Add closing cross and fix style bugs * Re-add onboarding menu * Change ID to class * Fix styling and avatar problems * Fix broken specs caused by foundation && improve implementation * Require openproject-global.css and fix tests
9 years ago
expect(response).to redirect_to home_url(first_time_user: true)
Rewrite account test into a spec
11 years ago
user = User.find_by_login('foo')
Convert specs to RSpec 2.14.8 syntax with Transpec This conversion is done by Transpec 1.10.4 with the following command: transpec * 1414 conversions from: obj.should to: expect(obj).to * 646 conversions from: == expected to: eq(expected) * 376 conversions from: obj.stub(:message) to: allow(obj).to receive(:message) * 107 conversions from: obj.should_not to: expect(obj).not_to * 70 conversions from: obj.should_receive(:message) to: expect(obj).to receive(:message) * 45 conversions from: =~ [1, 2] to: match_array([1, 2]) * 27 conversions from: lambda { }.should to: expect { }.to * 13 conversions from: Klass.any_instance.stub(:message) to: allow_any_instance_of(Klass).to receive(:message) * 8 conversions from: === expected to: be === expected * 7 conversions from: expect { }.not_to raise_error(SpecificErrorClass) to: expect { }.not_to raise_error * 6 conversions from: =~ /pattern/ to: match(/pattern/) * 2 conversions from: obj.should_not_receive(:message) to: expect(obj).not_to receive(:message) * 1 conversion from: < expected to: be < expected * 1 conversion from: obj.stub!(:message) to: allow(obj).to receive(:message) * 1 conversion from: stub('something') to: double('something')
11 years ago
expect(user).to be_an_instance_of User
expect(user.auth_source_id).to eq(66)
expect(user.current_password).to be_nil
Rewrite account test into a spec
11 years ago
end
given openproject runs in a subdirectory we cannot allow redirecting to a different subdirectory. also tries to catch shenanigans to circumvent the check like ".." in the path.
11 years ago
context 'with a relative url root' do
before do
Fix redirect vulnerability `redirect_back_or_default` was vulnerable to some of the URLs found to be vulnerable in redmine, such as `@test.foo`. This commit extracts the whole functionality into a policy and alters the constraints with a path check to avoid these cases. Thanks to @marutosi for pointing this out. http://www.redmine.org/projects/redmine/repository/revisions/14560
9 years ago
@old_relative_url_root = OpenProject::Configuration['rails_relative_url_root']
OpenProject::Configuration['rails_relative_url_root'] = '/openproject'
given openproject runs in a subdirectory we cannot allow redirecting to a different subdirectory. also tries to catch shenanigans to circumvent the check like ".." in the path.
11 years ago
end
after do
Fix redirect vulnerability `redirect_back_or_default` was vulnerable to some of the URLs found to be vulnerable in redmine, such as `@test.foo`. This commit extracts the whole functionality into a policy and alters the constraints with a path check to avoid these cases. Thanks to @marutosi for pointing this out. http://www.redmine.org/projects/redmine/repository/revisions/14560
9 years ago
OpenProject::Configuration['rails_relative_url_root'] = @old_relative_url_root
given openproject runs in a subdirectory we cannot allow redirecting to a different subdirectory. also tries to catch shenanigans to circumvent the check like ".." in the path.
11 years ago
end
linted AccountControllerSpec
11 years ago
it 'should redirect to the same subdirectory with an absolute path' do
Fix params deprecation Fixes in spec/controllers: ``` DEPRECATION WARNING: ActionController::TestCase HTTP request methods will accept only keyword arguments in future Rails versions. ```
8 years ago
post :login,
params: {
username: admin.login,
password: 'adminADMIN!',
back_url: 'http://test.host/openproject/work_packages/show/1'
}
given openproject runs in a subdirectory we cannot allow redirecting to a different subdirectory. also tries to catch shenanigans to circumvent the check like ".." in the path.
11 years ago
expect(response).to redirect_to '/openproject/work_packages/show/1'
end
linted AccountControllerSpec
11 years ago
it 'should redirect to the same subdirectory with a relative path' do
Fix params deprecation Fixes in spec/controllers: ``` DEPRECATION WARNING: ActionController::TestCase HTTP request methods will accept only keyword arguments in future Rails versions. ```
8 years ago
post :login,
params: {
username: admin.login,
password: 'adminADMIN!',
back_url: '/openproject/work_packages/show/1'
}
given openproject runs in a subdirectory we cannot allow redirecting to a different subdirectory. also tries to catch shenanigans to circumvent the check like ".." in the path.
11 years ago
expect(response).to redirect_to '/openproject/work_packages/show/1'
end
linted AccountControllerSpec
11 years ago
it 'should not redirect to another subdirectory with an absolute path' do
Fix params deprecation Fixes in spec/controllers: ``` DEPRECATION WARNING: ActionController::TestCase HTTP request methods will accept only keyword arguments in future Rails versions. ```
8 years ago
post :login,
params: {
username: admin.login,
password: 'adminADMIN!',
back_url: 'http://test.host/foo/work_packages/show/1'
}
AccountController spec: Use route helpers for MyController
11 years ago
expect(response).to redirect_to my_page_path
given openproject runs in a subdirectory we cannot allow redirecting to a different subdirectory. also tries to catch shenanigans to circumvent the check like ".." in the path.
11 years ago
end
linted AccountControllerSpec
11 years ago
it 'should not redirect to another subdirectory with a relative path' do
Fix params deprecation Fixes in spec/controllers: ``` DEPRECATION WARNING: ActionController::TestCase HTTP request methods will accept only keyword arguments in future Rails versions. ```
8 years ago
post :login,
params: {
username: admin.login,
password: 'adminADMIN!',
back_url: '/foo/work_packages/show/1'
}
AccountController spec: Use route helpers for MyController
11 years ago
expect(response).to redirect_to my_page_path
given openproject runs in a subdirectory we cannot allow redirecting to a different subdirectory. also tries to catch shenanigans to circumvent the check like ".." in the path.
11 years ago
end
linted AccountControllerSpec
11 years ago
it 'should not redirect to another subdirectory by going up the path hierarchy' do
Fix params deprecation Fixes in spec/controllers: ``` DEPRECATION WARNING: ActionController::TestCase HTTP request methods will accept only keyword arguments in future Rails versions. ```
8 years ago
post :login,
params: {
username: admin.login,
password: 'adminADMIN!',
back_url: 'http://test.host/openproject/../foo/work_packages/show/1'
}
AccountController spec: Use route helpers for MyController
11 years ago
expect(response).to redirect_to my_page_path
given openproject runs in a subdirectory we cannot allow redirecting to a different subdirectory. also tries to catch shenanigans to circumvent the check like ".." in the path.
11 years ago
end
linted AccountControllerSpec
11 years ago
it 'should not redirect to another subdirectory with a protocol relative path' do
Fix params deprecation Fixes in spec/controllers: ``` DEPRECATION WARNING: ActionController::TestCase HTTP request methods will accept only keyword arguments in future Rails versions. ```
8 years ago
post :login,
params: {
username: admin.login,
password: 'adminADMIN!',
back_url: '//test.host/foo/work_packages/show/1'
}
AccountController spec: Use route helpers for MyController
11 years ago
expect(response).to redirect_to my_page_path
given openproject runs in a subdirectory we cannot allow redirecting to a different subdirectory. also tries to catch shenanigans to circumvent the check like ".." in the path.
11 years ago
end
end
Rewrote login unit tests into specs
11 years ago
end
CSRF Protection: Prevent login CSRF
11 years ago
Replace legacy account controller spec
7 years ago
context 'GET #logout' do
Use AnyFixtures to generate fixtures from factories (#7230) Uses FactoryBot to keep and maintain specific records in a special transaction that does not get removed after each spec. They automatically are created whenever first hitting them. This makes an excellent time saver for items that are commonly used, such as an admin user account
5 years ago
using_shared_fixtures :admin
Replace legacy account controller spec
7 years ago
it 'calls reset_session' do
expect(@controller).to receive(:reset_session).once
login_as admin
get :logout
expect(response).to be_redirect
end
Add test that slo callback is being called
4 years ago
context 'with a user with an SSO provider attached' do
let(:user) { FactoryBot.build_stubbed :user, login: 'bob', identity_url: 'saml:foo' }
let(:slo_callback) { nil }
let(:sso_provider) do
{ name: 'saml', single_sign_out_callback: slo_callback }
end
before do
Move provider finder into auth plugin
4 years ago
allow(::OpenProject::Plugins::AuthPlugin)
Add test that slo callback is being called
4 years ago
.to(receive(:login_provider_for))
.and_return(sso_provider)
login_as user
end
context 'with no provider' do
it 'will redirect to default' do
get :logout
expect(response).to redirect_to home_path
end
end
context 'with a redirecting callback' do
let(:slo_callback) do
Proc.new do |prev_session, prev_user|
if prev_session[:foo] && prev_user[:login] = 'bob'
redirect_to '/login'
end
end
end
Add spec for direct login case
4 years ago
context 'with direct login and redirecting callback',
with_settings: { login_required?: true },
with_config: { omniauth_direct_login_provider: 'foo' } do
it 'will still call the callback' do
# Set the previous session
session[:foo] = 'bar'
get :logout
expect(response).to redirect_to '/login'
# Expect session to be cleared
expect(session[:foo]).to eq nil
end
end
Add test that slo callback is being called
4 years ago
it 'will call the callback' do
# Set the previous session
session[:foo] = 'bar'
get :logout
expect(response).to redirect_to '/login'
# Expect session to be cleared
expect(session[:foo]).to eq nil
end
end
context 'with a no-op callback' do
it 'will redirect to default if the callback does nothing' do
was_called = false
sso_provider[:single_sign_out_callback] = Proc.new {
was_called = true
}
get :logout
expect(was_called).to eq true
expect(response).to redirect_to home_path
end
end
context 'with a provider that does not have slo_callback' do
let(:slo_callback) { nil }
it 'will redirect to default if the callback does nothing' do
get :logout
expect(response).to redirect_to home_path
end
end
end
Replace legacy account controller spec
7 years ago
end
CSRF Protection: Prevent login CSRF
11 years ago
describe 'for a user trying to log in via an API request' do
before do
Fix params deprecation Fixes in spec/controllers: ``` DEPRECATION WARNING: ActionController::TestCase HTTP request methods will accept only keyword arguments in future Rails versions. ```
8 years ago
post :login,
params: {
username: admin.login,
password: 'adminADMIN!'
},
format: :json
CSRF Protection: Prevent login CSRF
11 years ago
end
it 'should return a 410' do
expect(response.code.to_s).to eql('410')
end
it 'should not login the user' do
Convert specs to RSpec 2.99.0 syntax with Transpec This conversion is done by Transpec 1.12.0 with the following command: transpec * 100 conversions from: it { should ... } to: it { is_expected.to ... } * 17 conversions from: expect(collection).to have(n).items to: expect(collection.size).to eq(n) * 10 conversions from: obj.stub(:message) to: allow(obj).to receive(:message) * 9 conversions from: be_true to: be_truthy * 9 conversions from: expect(obj).to have(n).errors_on(...) to: expect(obj.errors_on(...).size).to eq(n) * 8 conversions from: obj.should to: expect(obj).to * 4 conversions from: Klass.any_instance.stub(:message) to: allow_any_instance_of(Klass).to receive(:message) * 2 conversions from: be_false to: be_falsey * 2 conversions from: expect(obj).to have(n).error_on(...) to: expect(obj.error_on(...).size).to eq(n) * 2 conversions from: pending 'is an example' { } to: skip 'is an example' { } * 1 conversion from: before { example } to: before { |example| example } * 1 conversion from: expect(collection).to have_at_least(n).items to: expect(collection.size).to be >= n * 1 conversion from: obj.unstub(:message) to: allow(obj).to receive(:message).and_call_original * 1 conversion from: pending to: skip
11 years ago
expect(@controller.send(:current_user).anonymous?).to be_truthy
CSRF Protection: Prevent login CSRF
11 years ago
end
end
spec: post login with disabled password login
10 years ago
context 'with disabled password login' do
before do
Convert specs to RSpec 2.99.0 syntax with Transpec This conversion is done by Transpec 2.3.6 with the following command: transpec -f * 66 conversions from: it { should ... } to: it { is_expected.to ... } * 53 conversions from: obj.stub(:message) to: allow(obj).to receive(:message) * 20 conversions from: == expected to: eq(expected) * 19 conversions from: obj.should to: expect(obj).to * 7 conversions from: describe 'some request' { } to: describe 'some request', :type => :request { } * 7 conversions from: describe 'some routing' { } to: describe 'some routing', :type => :routing { } * 7 conversions from: its(:attr) { } to: describe '#attr' do subject { super().attr }; it { } end * 5 conversions from: obj.should_not to: expect(obj).not_to * 4 conversions from: describe 'some view' { } to: describe 'some view', :type => :view { } * 3 conversions from: be_true to: be_truthy * 2 conversions from: describe 'some model' { } to: describe 'some model', :type => :model { } * 2 conversions from: its([:key]) { } to: describe '[:key]' do subject { super()[:key] }; it { } end * 2 conversions from: obj.should_receive(:message) to: expect(obj).to receive(:message) * 1 conversion from: be_false to: be_falsey * 1 conversion from: describe 'some controller' { } to: describe 'some controller', :type => :controller { } * 1 conversion from: describe 'some feature' { } to: describe 'some feature', :type => :feature { } * 1 conversion from: it { should_not ... } to: it { is_expected.not_to ... } For more details: https://github.com/yujinakayama/transpec#supported-conversions
10 years ago
allow(OpenProject::Configuration).to receive(:disable_password_login?).and_return(true)
spec: post login with disabled password login
10 years ago
post :login
end
it 'is not found' do
expect(response.status).to eq 404
end
end
LDAP/OmniAuth on-the-fly registration user limits
6 years ago
context 'with an auth source' do
let(:auth_source_id) { 42 }
let(:user_attributes) do
{
login: 's.scallywag',
firstname: 'Scarlet',
lastname: 'Scallywag',
mail: 's.scallywag@openproject.com',
auth_source_id: auth_source_id
}
end
let(:authenticate) { true }
before do
allow(Setting).to receive(:self_registration).and_return('0')
allow(Setting).to receive(:self_registration?).and_return(false)
allow(AuthSource).to receive(:authenticate).and_return(authenticate ? user_attributes : nil)
Merge branch 'release/7.4' into dev
6 years ago
LDAP/OmniAuth on-the-fly registration user limits
6 years ago
# required so that the register view can be rendered
allow_any_instance_of(User).to receive(:change_password_allowed?).and_return(false)
end
context 'with user limit reached' do
render_views
before do
allow(OpenProject::Enterprise).to receive(:user_limit_reached?).and_return(true)
post :login, params: { username: 'foo', password: 'bar' }
end
it 'shows the user limit error' do
expect(response.body).to have_text "user limit reached"
end
it 'renders the register form' do
expect(response.body).to include "/account/register"
end
end
end
Rewrote login unit tests into specs
11 years ago
end
Add proper configuration checks for omniauth Fixes the specs by overriding the configuration value, not the concern. Also adds helpers for Setting and OpenProject::Configuration to override their hashes for accessing values. `:with_config`, `:with_settings`.
9 years ago
describe '#login with omniauth_direct_login enabled',
with_config: { omniauth_direct_login_provider: 'some_provider' } do
also disable login per post
10 years ago
describe 'GET' do
it 'redirects to some_provider' do
get :login
expect(response).to redirect_to '/auth/some_provider'
end
end
describe 'POST' do
it 'redirects to some_provider' do
Fix params deprecation Fixes in spec/controllers: ``` DEPRECATION WARNING: ActionController::TestCase HTTP request methods will accept only keyword arguments in future Rails versions. ```
8 years ago
post :login, params: { username: 'foo', password: 'bar' }
also disable login per post
10 years ago
expect(response).to redirect_to '/auth/some_provider'
end
end
end
add omniauth failure callback and specs for omniauth login/registration
11 years ago
linted AccountControllerSpec
11 years ago
describe 'Login for user with forced password change' do
FactoryGirl => FactoryBot Removes the deprecation
7 years ago
let(:admin) { FactoryBot.create(:admin, force_password_change: true) }
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
before do
Fix AccountController spec No idea what I did back then.
11 years ago
allow_any_instance_of(User).to receive(:change_password_allowed?).and_return(false)
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
end
Invalidate session,s extract passwords flow into services
6 years ago
describe "Missing flash data for user initiated password change" do
before do
post 'change_password',
flash: {
_password_change_user_id: nil
},
params: {
username: admin.login,
password: 'whatever',
new_password: 'whatever',
new_password_confirmation: 'whatever2'
}
end
it 'should render 404' do
expect(response.status).to eq 404
end
end
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
describe "User who is not allowed to change password can't login" do
before do
Fix params deprecation Fixes in spec/controllers: ``` DEPRECATION WARNING: ActionController::TestCase HTTP request methods will accept only keyword arguments in future Rails versions. ```
8 years ago
post 'change_password',
params: {
[32178] Don't use flash in rendering change password form https://community.openproject.com/wp/32178
5 years ago
password_change_user_id: admin.id,
Fix params deprecation Fixes in spec/controllers: ``` DEPRECATION WARNING: ActionController::TestCase HTTP request methods will accept only keyword arguments in future Rails versions. ```
8 years ago
username: admin.login,
password: 'adminADMIN!',
new_password: 'adminADMIN!New',
new_password_confirmation: 'adminADMIN!New'
}
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
end
linted AccountControllerSpec
11 years ago
it 'should redirect to the login page' do
Migrate unit tests to rspec (to be able to disable them in self-registration per mail).
11 years ago
expect(response).to redirect_to '/login'
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
end
end
linted AccountControllerSpec
11 years ago
describe 'User who is not allowed to change password, is not redirected to the login page' do
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
before do
Fix params deprecation Fixes in spec/controllers: ``` DEPRECATION WARNING: ActionController::TestCase HTTP request methods will accept only keyword arguments in future Rails versions. ```
8 years ago
post 'login', params: { username: admin.login, password: 'adminADMIN!' }
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
end
linted AccountControllerSpec
11 years ago
it 'should redirect ot the login page' do
Migrate unit tests to rspec (to be able to disable them in self-registration per mail).
11 years ago
expect(response).to redirect_to '/login'
end
end
end
spec: don't show "change password" menu entry
10 years ago
describe 'POST #change_password' do
context 'with disabled password login' do
before do
Convert specs to RSpec 2.99.0 syntax with Transpec This conversion is done by Transpec 2.3.6 with the following command: transpec -f * 66 conversions from: it { should ... } to: it { is_expected.to ... } * 53 conversions from: obj.stub(:message) to: allow(obj).to receive(:message) * 20 conversions from: == expected to: eq(expected) * 19 conversions from: obj.should to: expect(obj).to * 7 conversions from: describe 'some request' { } to: describe 'some request', :type => :request { } * 7 conversions from: describe 'some routing' { } to: describe 'some routing', :type => :routing { } * 7 conversions from: its(:attr) { } to: describe '#attr' do subject { super().attr }; it { } end * 5 conversions from: obj.should_not to: expect(obj).not_to * 4 conversions from: describe 'some view' { } to: describe 'some view', :type => :view { } * 3 conversions from: be_true to: be_truthy * 2 conversions from: describe 'some model' { } to: describe 'some model', :type => :model { } * 2 conversions from: its([:key]) { } to: describe '[:key]' do subject { super()[:key] }; it { } end * 2 conversions from: obj.should_receive(:message) to: expect(obj).to receive(:message) * 1 conversion from: be_false to: be_falsey * 1 conversion from: describe 'some controller' { } to: describe 'some controller', :type => :controller { } * 1 conversion from: describe 'some feature' { } to: describe 'some feature', :type => :feature { } * 1 conversion from: it { should_not ... } to: it { is_expected.not_to ... } For more details: https://github.com/yujinakayama/transpec#supported-conversions
10 years ago
allow(OpenProject::Configuration).to receive(:disable_password_login?).and_return(true)
spec: don't show "change password" menu entry
10 years ago
post :change_password
end
it 'is not found' do
expect(response.status).to eq 404
end
end
end
spec registration with disabled password login
10 years ago
shared_examples 'registration disabled' do
it 'redirects to back the login page' do
expect(response).to redirect_to signin_path
end
it 'informs the user that registration is disabled' do
expect(flash[:error]).to eq(I18n.t('account.error_self_registration_disabled'))
end
added hooks for user registration and first login
5 years ago
it 'does not call the user_registered callback' do
expect(hook.registered_user).to be_nil
end
spec registration with disabled password login
10 years ago
end
linted AccountControllerSpec
11 years ago
context 'GET #register' do
context 'with self registration on' do
Migrate unit tests to rspec (to be able to disable them in self-registration per mail).
11 years ago
before do
linted AccountControllerSpec
11 years ago
allow(Setting).to receive(:self_registration).and_return('3')
Migrate unit tests to rspec (to be able to disable them in self-registration per mail).
11 years ago
end
spec registration with disabled password login
10 years ago
context 'and password login enabled' do
before do
get :register
end
it 'is successful' do
Merge branch 'dev' into feature/rspec-299 Signed-off-by: Alex Coles <alex@alexbcoles.com> Conflicts: spec/controllers/account_controller_spec.rb spec/controllers/versions_controller_spec.rb spec/models/project/copy_spec.rb spec/representers/work_package_representer_spec.rb
10 years ago
is_expected.to respond_with :success
spec registration with disabled password login
10 years ago
expect(response).to render_template :register
expect(assigns[:user]).not_to be_nil
end
end
context 'and password login disabled' do
before do
Convert specs to RSpec 2.99.0 syntax with Transpec This conversion is done by Transpec 2.3.6 with the following command: transpec -f * 66 conversions from: it { should ... } to: it { is_expected.to ... } * 53 conversions from: obj.stub(:message) to: allow(obj).to receive(:message) * 20 conversions from: == expected to: eq(expected) * 19 conversions from: obj.should to: expect(obj).to * 7 conversions from: describe 'some request' { } to: describe 'some request', :type => :request { } * 7 conversions from: describe 'some routing' { } to: describe 'some routing', :type => :routing { } * 7 conversions from: its(:attr) { } to: describe '#attr' do subject { super().attr }; it { } end * 5 conversions from: obj.should_not to: expect(obj).not_to * 4 conversions from: describe 'some view' { } to: describe 'some view', :type => :view { } * 3 conversions from: be_true to: be_truthy * 2 conversions from: describe 'some model' { } to: describe 'some model', :type => :model { } * 2 conversions from: its([:key]) { } to: describe '[:key]' do subject { super()[:key] }; it { } end * 2 conversions from: obj.should_receive(:message) to: expect(obj).to receive(:message) * 1 conversion from: be_false to: be_falsey * 1 conversion from: describe 'some controller' { } to: describe 'some controller', :type => :controller { } * 1 conversion from: describe 'some feature' { } to: describe 'some feature', :type => :feature { } * 1 conversion from: it { should_not ... } to: it { is_expected.not_to ... } For more details: https://github.com/yujinakayama/transpec#supported-conversions
10 years ago
allow(OpenProject::Configuration).to receive(:disable_password_login?).and_return(true)
spec registration with disabled password login
10 years ago
get :register
end
it_behaves_like 'registration disabled'
Migrate unit tests to rspec (to be able to disable them in self-registration per mail).
11 years ago
end
end
linted AccountControllerSpec
11 years ago
context 'with self registration off' do
Migrate unit tests to rspec (to be able to disable them in self-registration per mail).
11 years ago
before do
linted AccountControllerSpec
11 years ago
allow(Setting).to receive(:self_registration).and_return('0')
Convert specs to RSpec 2.14.8 syntax with Transpec This conversion is done by Transpec 1.10.4 with the following command: transpec * 1414 conversions from: obj.should to: expect(obj).to * 646 conversions from: == expected to: eq(expected) * 376 conversions from: obj.stub(:message) to: allow(obj).to receive(:message) * 107 conversions from: obj.should_not to: expect(obj).not_to * 70 conversions from: obj.should_receive(:message) to: expect(obj).to receive(:message) * 45 conversions from: =~ [1, 2] to: match_array([1, 2]) * 27 conversions from: lambda { }.should to: expect { }.to * 13 conversions from: Klass.any_instance.stub(:message) to: allow_any_instance_of(Klass).to receive(:message) * 8 conversions from: === expected to: be === expected * 7 conversions from: expect { }.not_to raise_error(SpecificErrorClass) to: expect { }.not_to raise_error * 6 conversions from: =~ /pattern/ to: match(/pattern/) * 2 conversions from: obj.should_not_receive(:message) to: expect(obj).not_to receive(:message) * 1 conversion from: < expected to: be < expected * 1 conversion from: obj.stub!(:message) to: allow(obj).to receive(:message) * 1 conversion from: stub('something') to: double('something')
11 years ago
allow(Setting).to receive(:self_registration?).and_return(false)
Migrate unit tests to rspec (to be able to disable them in self-registration per mail).
11 years ago
get :register
end
spec registration with disabled password login
10 years ago
it_behaves_like 'registration disabled'
Migrate unit tests to rspec (to be able to disable them in self-registration per mail).
11 years ago
end
allow registration for invited users as it is no *self* registration (#5599) * allow registration for invited users as it is no *self* registration * allow post too [ci skip]
8 years ago
context 'with self registration off but an ongoing invitation activation' do
FactoryGirl => FactoryBot Removes the deprecation
7 years ago
let(:token) { FactoryBot.create :invitation_token }
allow registration for invited users as it is no *self* registration (#5599) * allow registration for invited users as it is no *self* registration * allow post too [ci skip]
8 years ago
before do
allow(Setting).to receive(:self_registration).and_return('0')
allow(Setting).to receive(:self_registration?).and_return(false)
session[:invitation_token] = token.value
get :register
end
it 'is successful' do
is_expected.to respond_with :success
expect(response).to render_template :register
expect(assigns[:user]).not_to be_nil
end
end
Migrate unit tests to rspec (to be able to disable them in self-registration per mail).
11 years ago
end
# See integration/account_test.rb for the full test
linted AccountControllerSpec
11 years ago
context 'POST #register' do
context 'with self registration on automatic' do
Migrate unit tests to rspec (to be able to disable them in self-registration per mail).
11 years ago
before do
make sure registration is not disabled
9 years ago
allow(OpenProject::Configuration).to receive(:disable_password_login?).and_return(false)
linted AccountControllerSpec
11 years ago
allow(Setting).to receive(:self_registration).and_return('3')
Migrate unit tests to rspec (to be able to disable them in self-registration per mail).
11 years ago
end
spec registration with disabled password login
10 years ago
context 'with password login enabled' do
drop my first_login; redirect to work packages if possible
9 years ago
# expects `redirect_to_path`
shared_examples 'automatic self registration succeeds' do
before do
Fix params deprecation Fixes in spec/controllers: ``` DEPRECATION WARNING: ActionController::TestCase HTTP request methods will accept only keyword arguments in future Rails versions. ```
8 years ago
post :register,
params: {
user: {
login: 'register',
password: 'adminADMIN!',
password_confirmation: 'adminADMIN!',
firstname: 'John',
lastname: 'Doe',
mail: 'register@example.com'
}
}
drop my first_login; redirect to work packages if possible
9 years ago
end
added hooks for user registration and first login
5 years ago
it 'redirects to the expected path' do
drop my first_login; redirect to work packages if possible
9 years ago
is_expected.to respond_with :redirect
expect(assigns[:user]).not_to be_nil
is_expected.to redirect_to(redirect_to_path)
expect(User.where(login: 'register').last).not_to be_nil
end
it 'set the user status to active' do
user = User.where(login: 'register').last
expect(user).not_to be_nil
expect(user.status).to eq(User::STATUSES[:active])
end
added hooks for user registration and first login
5 years ago
it 'calls the user_registered callback' do
user = hook.registered_user
expect(user.mail).to eq "register@example.com"
expect(user).to be_active
end
end
it_behaves_like 'automatic self registration succeeds' do
let(:redirect_to_path) { "/?first_time_user=true" }
it "calls the user_first_login callback" do
user = hook.first_login_user
expect(user.mail).to eq "register@example.com"
end
spec registration with disabled password login
10 years ago
end
user limits for enterprise edition
7 years ago
context "with user limit reached" do
Merge branch 'release/7.4' into dev
6 years ago
let!(:admin) { FactoryBot.create :admin }
notify admins if user could not activate due to the user limit
6 years ago
let(:params) do
{
user: {
login: 'register',
password: 'adminADMIN!',
password_confirmation: 'adminADMIN!',
firstname: 'John',
lastname: 'Doe',
mail: 'register@example.com'
}
}
end
user limits for enterprise edition
7 years ago
before do
allow(OpenProject::Enterprise).to receive(:user_limit_reached?).and_return(true)
notify admins if user could not activate due to the user limit
6 years ago
Merge branch 'release/7.4' into dev
6 years ago
post :register, params: params
user limits for enterprise edition
7 years ago
end
it "fails" do
is_expected.to redirect_to(signin_path)
expect(flash[:error]).to match /user limit reached/
end
notify admins if user could not activate due to the user limit
6 years ago
it "notifies the admins about the issue" do
delay all jobs
5 years ago
perform_enqueued_jobs
Use AnyFixtures to generate fixtures from factories (#7230) Uses FactoryBot to keep and maintain specific records in a special transaction that does not get removed after each spec. They automatically are created whenever first hitting them. This makes an excellent time saver for items that are commonly used, such as an admin user account
5 years ago
mail = ActionMailer::Base.deliveries.detect { |mail| mail.to.first == admin.mail }
expect(mail).to be_present
notify admins if user could not activate due to the user limit
6 years ago
expect(mail.subject).to match /limit reached/
expect(mail.body.parts.first.to_s).to match /new user \(#{params[:user][:mail]}\)/
end
added hooks for user registration and first login
5 years ago
it 'does not call the user_registered callback' do
expect(hook.registered_user).to be_nil
end
user limits for enterprise edition
7 years ago
end
Migrate unit tests to rspec (to be able to disable them in self-registration per mail).
11 years ago
end
spec registration with disabled password login
10 years ago
context 'with password login disabled' do
before do
Convert specs to RSpec 2.99.0 syntax with Transpec This conversion is done by Transpec 2.3.6 with the following command: transpec -f * 66 conversions from: it { should ... } to: it { is_expected.to ... } * 53 conversions from: obj.stub(:message) to: allow(obj).to receive(:message) * 20 conversions from: == expected to: eq(expected) * 19 conversions from: obj.should to: expect(obj).to * 7 conversions from: describe 'some request' { } to: describe 'some request', :type => :request { } * 7 conversions from: describe 'some routing' { } to: describe 'some routing', :type => :routing { } * 7 conversions from: its(:attr) { } to: describe '#attr' do subject { super().attr }; it { } end * 5 conversions from: obj.should_not to: expect(obj).not_to * 4 conversions from: describe 'some view' { } to: describe 'some view', :type => :view { } * 3 conversions from: be_true to: be_truthy * 2 conversions from: describe 'some model' { } to: describe 'some model', :type => :model { } * 2 conversions from: its([:key]) { } to: describe '[:key]' do subject { super()[:key] }; it { } end * 2 conversions from: obj.should_receive(:message) to: expect(obj).to receive(:message) * 1 conversion from: be_false to: be_falsey * 1 conversion from: describe 'some controller' { } to: describe 'some controller', :type => :controller { } * 1 conversion from: describe 'some feature' { } to: describe 'some feature', :type => :feature { } * 1 conversion from: it { should_not ... } to: it { is_expected.not_to ... } For more details: https://github.com/yujinakayama/transpec#supported-conversions
10 years ago
allow(OpenProject::Configuration).to receive(:disable_password_login?).and_return(true)
spec registration with disabled password login
10 years ago
post :register
end
it_behaves_like 'registration disabled'
Migrate unit tests to rspec (to be able to disable them in self-registration per mail).
11 years ago
end
end
linted AccountControllerSpec
11 years ago
context 'with self registration by email' do
Rewrite unit tests as specs so they can be disabled by plugins.
11 years ago
before do
linted AccountControllerSpec
11 years ago
allow(Setting).to receive(:self_registration).and_return('1')
Rewrite unit tests as specs so they can be disabled by plugins.
11 years ago
end
spec registration with disabled password login
10 years ago
context 'with password login enabled' do
before do
Implement HashedToken (ExtendedToken from MOTP) in Core
7 years ago
Token::Invitation.delete_all
Fix params deprecation Fixes in spec/controllers: ``` DEPRECATION WARNING: ActionController::TestCase HTTP request methods will accept only keyword arguments in future Rails versions. ```
8 years ago
post :register,
params: {
user: {
login: 'register',
password: 'adminADMIN!',
password_confirmation: 'adminADMIN!',
firstname: 'John',
lastname: 'Doe',
mail: 'register@example.com'
}
}
spec registration with disabled password login
10 years ago
end
it 'redirects to the login page' do
Merge branch 'dev' into feature/rspec-299 Signed-off-by: Alex Coles <alex@alexbcoles.com> Conflicts: spec/controllers/account_controller_spec.rb spec/controllers/versions_controller_spec.rb spec/models/project/copy_spec.rb spec/representers/work_package_representer_spec.rb
10 years ago
is_expected.to redirect_to '/login'
spec registration with disabled password login
10 years ago
end
it "doesn't activate the user but sends out a token instead" do
expect(User.find_by_login('register')).not_to be_active
Fix API token usage and specs
7 years ago
token = Token::Invitation.last
spec registration with disabled password login
10 years ago
expect(token.user.mail).to eq('register@example.com')
expect(token).not_to be_expired
end
added hooks for user registration and first login
5 years ago
it 'calls the user_registered callback' do
user = hook.registered_user
expect(user.mail).to eq "register@example.com"
expect(user).to be_registered
end
Rewrite unit tests as specs so they can be disabled by plugins.
11 years ago
end
spec registration with disabled password login
10 years ago
context 'with password login disabled' do
before do
Convert specs to RSpec 2.99.0 syntax with Transpec This conversion is done by Transpec 2.3.6 with the following command: transpec -f * 66 conversions from: it { should ... } to: it { is_expected.to ... } * 53 conversions from: obj.stub(:message) to: allow(obj).to receive(:message) * 20 conversions from: == expected to: eq(expected) * 19 conversions from: obj.should to: expect(obj).to * 7 conversions from: describe 'some request' { } to: describe 'some request', :type => :request { } * 7 conversions from: describe 'some routing' { } to: describe 'some routing', :type => :routing { } * 7 conversions from: its(:attr) { } to: describe '#attr' do subject { super().attr }; it { } end * 5 conversions from: obj.should_not to: expect(obj).not_to * 4 conversions from: describe 'some view' { } to: describe 'some view', :type => :view { } * 3 conversions from: be_true to: be_truthy * 2 conversions from: describe 'some model' { } to: describe 'some model', :type => :model { } * 2 conversions from: its([:key]) { } to: describe '[:key]' do subject { super()[:key] }; it { } end * 2 conversions from: obj.should_receive(:message) to: expect(obj).to receive(:message) * 1 conversion from: be_false to: be_falsey * 1 conversion from: describe 'some controller' { } to: describe 'some controller', :type => :controller { } * 1 conversion from: describe 'some feature' { } to: describe 'some feature', :type => :feature { } * 1 conversion from: it { should_not ... } to: it { is_expected.not_to ... } For more details: https://github.com/yujinakayama/transpec#supported-conversions
10 years ago
allow(OpenProject::Configuration).to receive(:disable_password_login?).and_return(true)
spec registration with disabled password login
10 years ago
post :register
end
it_behaves_like 'registration disabled'
Rewrite unit tests as specs so they can be disabled by plugins.
11 years ago
end
end
linted AccountControllerSpec
11 years ago
context 'with manual activation' do
Register: Add spec testing back_url is preserved on manual activation
11 years ago
let(:user_hash) do
Use 1.9+ Hash syntax in specs Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
{ login: 'register',
password: 'adminADMIN!',
password_confirmation: 'adminADMIN!',
firstname: 'John',
lastname: 'Doe',
mail: 'register@example.com' }
Rewrite unit tests as specs so they can be disabled by plugins.
11 years ago
end
Register: Add spec testing back_url is preserved on manual activation
11 years ago
before do
linted AccountControllerSpec
11 years ago
allow(Setting).to receive(:self_registration).and_return('2')
Rewrite unit tests as specs so they can be disabled by plugins.
11 years ago
end
linted AccountControllerSpec
11 years ago
context 'without back_url' do
Register: Add spec testing back_url is preserved on manual activation
11 years ago
before do
Fix params deprecation Fixes in spec/controllers: ``` DEPRECATION WARNING: ActionController::TestCase HTTP request methods will accept only keyword arguments in future Rails versions. ```
8 years ago
post :register, params: { user: user_hash }
Register: Add spec testing back_url is preserved on manual activation
11 years ago
end
linted AccountControllerSpec
11 years ago
it 'redirects to the login page' do
Register: Add spec testing back_url is preserved on manual activation
11 years ago
expect(response).to redirect_to '/login'
end
it "doesn't activate the user" do
expect(User.find_by_login('register')).not_to be_active
end
added hooks for user registration and first login
5 years ago
it 'calls the user_registered callback' do
user = hook.registered_user
expect(user.mail).to eq "register@example.com"
expect(user).to be_registered
end
Register: Add spec testing back_url is preserved on manual activation
11 years ago
end
linted AccountControllerSpec
11 years ago
context 'with back_url' do
Register: Add spec testing back_url is preserved on manual activation
11 years ago
before do
Fix params deprecation Fixes in spec/controllers: ``` DEPRECATION WARNING: ActionController::TestCase HTTP request methods will accept only keyword arguments in future Rails versions. ```
8 years ago
post :register, params: { user: user_hash, back_url: 'https://example.net/some_back_url' }
Register: Add spec testing back_url is preserved on manual activation
11 years ago
end
it 'preserves the back url' do
expect(response).to redirect_to(
'/login?back_url=https%3A%2F%2Fexample.net%2Fsome_back_url')
end
added hooks for user registration and first login
5 years ago
it 'calls the user_registered callback' do
user = hook.registered_user
expect(user.mail).to eq "register@example.com"
expect(user).to be_registered
end
Rewrite unit tests as specs so they can be disabled by plugins.
11 years ago
end
spec registration with disabled password login
10 years ago
context 'with password login disabled' do
before do
Convert specs to RSpec 2.99.0 syntax with Transpec This conversion is done by Transpec 2.3.6 with the following command: transpec -f * 66 conversions from: it { should ... } to: it { is_expected.to ... } * 53 conversions from: obj.stub(:message) to: allow(obj).to receive(:message) * 20 conversions from: == expected to: eq(expected) * 19 conversions from: obj.should to: expect(obj).to * 7 conversions from: describe 'some request' { } to: describe 'some request', :type => :request { } * 7 conversions from: describe 'some routing' { } to: describe 'some routing', :type => :routing { } * 7 conversions from: its(:attr) { } to: describe '#attr' do subject { super().attr }; it { } end * 5 conversions from: obj.should_not to: expect(obj).not_to * 4 conversions from: describe 'some view' { } to: describe 'some view', :type => :view { } * 3 conversions from: be_true to: be_truthy * 2 conversions from: describe 'some model' { } to: describe 'some model', :type => :model { } * 2 conversions from: its([:key]) { } to: describe '[:key]' do subject { super()[:key] }; it { } end * 2 conversions from: obj.should_receive(:message) to: expect(obj).to receive(:message) * 1 conversion from: be_false to: be_falsey * 1 conversion from: describe 'some controller' { } to: describe 'some controller', :type => :controller { } * 1 conversion from: describe 'some feature' { } to: describe 'some feature', :type => :feature { } * 1 conversion from: it { should_not ... } to: it { is_expected.not_to ... } For more details: https://github.com/yujinakayama/transpec#supported-conversions
10 years ago
allow(OpenProject::Configuration).to receive(:disable_password_login?).and_return(true)
spec registration with disabled password login
10 years ago
post :register
end
it_behaves_like 'registration disabled'
end
Rewrite unit tests as specs so they can be disabled by plugins.
11 years ago
end
linted AccountControllerSpec
11 years ago
context 'with self registration off' do
Migrate unit tests to rspec (to be able to disable them in self-registration per mail).
11 years ago
before do
linted AccountControllerSpec
11 years ago
allow(Setting).to receive(:self_registration).and_return('0')
Convert specs to RSpec 2.14.8 syntax with Transpec This conversion is done by Transpec 1.10.4 with the following command: transpec * 1414 conversions from: obj.should to: expect(obj).to * 646 conversions from: == expected to: eq(expected) * 376 conversions from: obj.stub(:message) to: allow(obj).to receive(:message) * 107 conversions from: obj.should_not to: expect(obj).not_to * 70 conversions from: obj.should_receive(:message) to: expect(obj).to receive(:message) * 45 conversions from: =~ [1, 2] to: match_array([1, 2]) * 27 conversions from: lambda { }.should to: expect { }.to * 13 conversions from: Klass.any_instance.stub(:message) to: allow_any_instance_of(Klass).to receive(:message) * 8 conversions from: === expected to: be === expected * 7 conversions from: expect { }.not_to raise_error(SpecificErrorClass) to: expect { }.not_to raise_error * 6 conversions from: =~ /pattern/ to: match(/pattern/) * 2 conversions from: obj.should_not_receive(:message) to: expect(obj).not_to receive(:message) * 1 conversion from: < expected to: be < expected * 1 conversion from: obj.stub!(:message) to: allow(obj).to receive(:message) * 1 conversion from: stub('something') to: double('something')
11 years ago
allow(Setting).to receive(:self_registration?).and_return(false)
Fix params deprecation Fixes in spec/controllers: ``` DEPRECATION WARNING: ActionController::TestCase HTTP request methods will accept only keyword arguments in future Rails versions. ```
8 years ago
post :register,
params: {
user: {
login: 'register',
password: 'adminADMIN!',
password_confirmation: 'adminADMIN!',
firstname: 'John',
lastname: 'Doe',
mail: 'register@example.com'
}
}
Migrate unit tests to rspec (to be able to disable them in self-registration per mail).
11 years ago
end
spec registration with disabled password login
10 years ago
it_behaves_like 'registration disabled'
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
end
Rewrite unit tests as specs so they can be disabled by plugins.
11 years ago
linted AccountControllerSpec
11 years ago
context 'with on-the-fly registration' do
Rewrite unit tests as specs so they can be disabled by plugins.
11 years ago
before do
linted AccountControllerSpec
11 years ago
allow(Setting).to receive(:self_registration).and_return('0')
Convert specs to RSpec 2.14.8 syntax with Transpec This conversion is done by Transpec 1.10.4 with the following command: transpec * 1414 conversions from: obj.should to: expect(obj).to * 646 conversions from: == expected to: eq(expected) * 376 conversions from: obj.stub(:message) to: allow(obj).to receive(:message) * 107 conversions from: obj.should_not to: expect(obj).not_to * 70 conversions from: obj.should_receive(:message) to: expect(obj).to receive(:message) * 45 conversions from: =~ [1, 2] to: match_array([1, 2]) * 27 conversions from: lambda { }.should to: expect { }.to * 13 conversions from: Klass.any_instance.stub(:message) to: allow_any_instance_of(Klass).to receive(:message) * 8 conversions from: === expected to: be === expected * 7 conversions from: expect { }.not_to raise_error(SpecificErrorClass) to: expect { }.not_to raise_error * 6 conversions from: =~ /pattern/ to: match(/pattern/) * 2 conversions from: obj.should_not_receive(:message) to: expect(obj).not_to receive(:message) * 1 conversion from: < expected to: be < expected * 1 conversion from: obj.stub!(:message) to: allow(obj).to receive(:message) * 1 conversion from: stub('something') to: double('something')
11 years ago
allow(Setting).to receive(:self_registration?).and_return(false)
Fix failing AccountController#register spec With an OpenProject config containing private plugins this spec will fail with the following Error: ActionView::Template::Error: undefined method `allow_password_changes?' for nil:NilClass ./app/models/user.rb:377:in `change_password_allowed?' This failure was most likely previously obscured because `render_views` was not enabled. Signed-off-by: Alex Coles <alex@alexbcoles.com>
11 years ago
allow_any_instance_of(User).to receive(:change_password_allowed?).and_return(false)
linted AccountControllerSpec
11 years ago
allow(AuthSource).to receive(:authenticate).and_return(login: 'foo',
lastname: 'Smith',
auth_source_id: 66)
spec registration with disabled password login
10 years ago
end
context 'with password login enabled' do
before do
Fix params deprecation Fixes in spec/controllers: ``` DEPRECATION WARNING: ActionController::TestCase HTTP request methods will accept only keyword arguments in future Rails versions. ```
8 years ago
post :login, params: { username: 'foo', password: 'bar' }
spec registration with disabled password login
10 years ago
end
it 'registers the user on-the-fly' do
Convert specs to RSpec 2.99.0 syntax with Transpec This conversion is done by Transpec 2.3.6 with the following command: transpec -f * 66 conversions from: it { should ... } to: it { is_expected.to ... } * 53 conversions from: obj.stub(:message) to: allow(obj).to receive(:message) * 20 conversions from: == expected to: eq(expected) * 19 conversions from: obj.should to: expect(obj).to * 7 conversions from: describe 'some request' { } to: describe 'some request', :type => :request { } * 7 conversions from: describe 'some routing' { } to: describe 'some routing', :type => :routing { } * 7 conversions from: its(:attr) { } to: describe '#attr' do subject { super().attr }; it { } end * 5 conversions from: obj.should_not to: expect(obj).not_to * 4 conversions from: describe 'some view' { } to: describe 'some view', :type => :view { } * 3 conversions from: be_true to: be_truthy * 2 conversions from: describe 'some model' { } to: describe 'some model', :type => :model { } * 2 conversions from: its([:key]) { } to: describe '[:key]' do subject { super()[:key] }; it { } end * 2 conversions from: obj.should_receive(:message) to: expect(obj).to receive(:message) * 1 conversion from: be_false to: be_falsey * 1 conversion from: describe 'some controller' { } to: describe 'some controller', :type => :controller { } * 1 conversion from: describe 'some feature' { } to: describe 'some feature', :type => :feature { } * 1 conversion from: it { should_not ... } to: it { is_expected.not_to ... } For more details: https://github.com/yujinakayama/transpec#supported-conversions
10 years ago
is_expected.to respond_with :success
spec registration with disabled password login
10 years ago
expect(response).to render_template :register
Fix failing AccountController#register spec With an OpenProject config containing private plugins this spec will fail with the following Error: ActionView::Template::Error: undefined method `allow_password_changes?' for nil:NilClass ./app/models/user.rb:377:in `change_password_allowed?' This failure was most likely previously obscured because `render_views` was not enabled. Signed-off-by: Alex Coles <alex@alexbcoles.com>
11 years ago
Fix params deprecation Fixes in spec/controllers: ``` DEPRECATION WARNING: ActionController::TestCase HTTP request methods will accept only keyword arguments in future Rails versions. ```
8 years ago
post :register,
params: {
user: {
firstname: 'Foo',
lastname: 'Smith',
mail: 'foo@bar.com'
}
}
Ensure LDAP users can get activated with any registration setting LDAP users get an auth_source_id attached to them during registration, since they are effectively not self-registrating in the system, the register service should allow them with any self_registration setting. At the same time, the refactoring ensure that even an LDAP user that logs in for the first time is being redirected to home to get the welcome tour.
4 years ago
expect(response).to redirect_to home_path(first_time_user: true)
Fix failing AccountController#register spec With an OpenProject config containing private plugins this spec will fail with the following Error: ActionView::Template::Error: undefined method `allow_password_changes?' for nil:NilClass ./app/models/user.rb:377:in `change_password_allowed?' This failure was most likely previously obscured because `render_views` was not enabled. Signed-off-by: Alex Coles <alex@alexbcoles.com>
11 years ago
spec registration with disabled password login
10 years ago
user = User.find_by_login('foo')
expect(user).to be_an_instance_of(User)
expect(user.auth_source_id).to eql 66
expect(user.current_password).to be_nil
end
Rewrite unit tests as specs so they can be disabled by plugins.
11 years ago
end
spec registration with disabled password login
10 years ago
context 'with password login disabled' do
before do
Convert specs to RSpec 2.99.0 syntax with Transpec This conversion is done by Transpec 2.3.6 with the following command: transpec -f * 66 conversions from: it { should ... } to: it { is_expected.to ... } * 53 conversions from: obj.stub(:message) to: allow(obj).to receive(:message) * 20 conversions from: == expected to: eq(expected) * 19 conversions from: obj.should to: expect(obj).to * 7 conversions from: describe 'some request' { } to: describe 'some request', :type => :request { } * 7 conversions from: describe 'some routing' { } to: describe 'some routing', :type => :routing { } * 7 conversions from: its(:attr) { } to: describe '#attr' do subject { super().attr }; it { } end * 5 conversions from: obj.should_not to: expect(obj).not_to * 4 conversions from: describe 'some view' { } to: describe 'some view', :type => :view { } * 3 conversions from: be_true to: be_truthy * 2 conversions from: describe 'some model' { } to: describe 'some model', :type => :model { } * 2 conversions from: its([:key]) { } to: describe '[:key]' do subject { super()[:key] }; it { } end * 2 conversions from: obj.should_receive(:message) to: expect(obj).to receive(:message) * 1 conversion from: be_false to: be_falsey * 1 conversion from: describe 'some controller' { } to: describe 'some controller', :type => :controller { } * 1 conversion from: describe 'some feature' { } to: describe 'some feature', :type => :feature { } * 1 conversion from: it { should_not ... } to: it { is_expected.not_to ... } For more details: https://github.com/yujinakayama/transpec#supported-conversions
10 years ago
allow(OpenProject::Configuration).to receive(:disable_password_login?).and_return(true)
spec registration with disabled password login
10 years ago
end
Rewrite unit tests as specs so they can be disabled by plugins.
11 years ago
spec registration with disabled password login
10 years ago
describe 'login' do
before do
Fix params deprecation Fixes in spec/controllers: ``` DEPRECATION WARNING: ActionController::TestCase HTTP request methods will accept only keyword arguments in future Rails versions. ```
8 years ago
post :login, params: { username: 'foo', password: 'bar' }
spec registration with disabled password login
10 years ago
end
Removal of trailing white spaces
11 years ago
spec registration with disabled password login
10 years ago
it 'is not found' do
expect(response.status).to eq 404
end
end
add omniauth failure callback and specs for omniauth login/registration
11 years ago
spec registration with disabled password login
10 years ago
describe 'registration' do
before do
Fix params deprecation Fixes in spec/controllers: ``` DEPRECATION WARNING: ActionController::TestCase HTTP request methods will accept only keyword arguments in future Rails versions. ```
8 years ago
post :register,
params: {
user: {
firstname: 'Foo',
lastname: 'Smith',
mail: 'foo@bar.com'
}
}
spec registration with disabled password login
10 years ago
end
add omniauth failure callback and specs for omniauth login/registration
11 years ago
spec registration with disabled password login
10 years ago
it_behaves_like 'registration disabled'
end
Rewrite unit tests as specs so they can be disabled by plugins.
11 years ago
end
end
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
end
LDAP Single Sign-on (#5888) * ldap sso * localise sso failure error * code climate * code climate 2 * code climate 3 * added missing login param * make spec work with SSO module prepended to ApplicationController * polish [ci skip]
7 years ago
more user limit specs
7 years ago
context 'POST activate' do
Merge branch 'release/7.4' into dev
6 years ago
let!(:admin) { FactoryBot.create :admin }
fix merge errors
6 years ago
let(:user) { FactoryBot.create :user, status: status }
more user limit specs
7 years ago
let(:status) { -1 }
let(:token) { Token::Invitation.create!(user_id: user.id) }
before do
allow(OpenProject::Enterprise).to receive(:user_limit_reached?).and_return(true)
post :activate, params: { token: token.value }
end
shared_examples "activation is blocked due to user limit" do
it "does not activate the user" do
expect(user.reload).not_to be_active
end
it "redirects back to the login page and shows the user limit error" do
expect(response).to redirect_to(signin_path)
expect(flash[:error]).to match /user limit reached.*contact.*admin/i
end
notify admins if user could not activate due to the user limit
6 years ago
it "notifies the admins about the issue" do
delay all jobs
5 years ago
perform_enqueued_jobs
Use AnyFixtures to generate fixtures from factories (#7230) Uses FactoryBot to keep and maintain specific records in a special transaction that does not get removed after each spec. They automatically are created whenever first hitting them. This makes an excellent time saver for items that are commonly used, such as an admin user account
5 years ago
mail = ActionMailer::Base.deliveries.detect { |mail| mail.to.first == admin.mail }
expect(mail).to be_present
notify admins if user could not activate due to the user limit
6 years ago
expect(mail.subject).to match /limit reached/
end
more user limit specs
7 years ago
end
context 'registered user' do
let(:status) { User::STATUSES[:registered] }
it_behaves_like "activation is blocked due to user limit"
end
context 'invited user' do
let(:status) { User::STATUSES[:invited] }
it_behaves_like "activation is blocked due to user limit"
end
end
LDAP Single Sign-on (#5888) * ldap sso * localise sso failure error * code climate * code climate 2 * code climate 3 * added missing login param * make spec work with SSO module prepended to ApplicationController * polish [ci skip]
7 years ago
describe 'GET #auth_source_sso_failed (/sso)' do
Merge branch 'release/7.4' into dev
6 years ago
render_views
Fix/back url when already logged in (#6166) * use the provided back url when already logged in But check the validity of the back_url to not be used maliciously to redirect users to pages outside our host * minor coding style improvements [ci skip]
7 years ago
LDAP Single Sign-on (#5888) * ldap sso * localise sso failure error * code climate * code climate 2 * code climate 3 * added missing login param * make spec work with SSO module prepended to ApplicationController * polish [ci skip]
7 years ago
let(:failure) do
{
user: user,
login: user.login,
back_url: '/my/account',
ttl: 1
}
end
FactoryGirl => FactoryBot Removes the deprecation
7 years ago
let(:user) { FactoryBot.create :user, status: 2 }
LDAP Single Sign-on (#5888) * ldap sso * localise sso failure error * code climate * code climate 2 * code climate 3 * added missing login param * make spec work with SSO module prepended to ApplicationController * polish [ci skip]
7 years ago
before do
session[:auth_source_sso_failure] = failure
end
context "with a non-active user" do
it "should show the non-active error message" do
get :auth_source_sso_failed
expect(session[:auth_source_sso_failure]).not_to be_present
expect(response.body)
.to have_text "Your account has not yet been activated."
expect(response.body)
.to have_text "Single Sign-On (SSO) for user '#{user.login}' failed"
end
end
context "with an invalid user" do
FactoryGirl => FactoryBot Removes the deprecation
7 years ago
let!(:duplicate) { FactoryBot.create :user, mail: "login@DerpLAP.net" }
LDAP Single Sign-on (#5888) * ldap sso * localise sso failure error * code climate * code climate 2 * code climate 3 * added missing login param * make spec work with SSO module prepended to ApplicationController * polish [ci skip]
7 years ago
let(:user) do
FactoryGirl => FactoryBot Removes the deprecation
7 years ago
FactoryBot.build(:user, mail: duplicate.mail).tap(&:valid?)
LDAP Single Sign-on (#5888) * ldap sso * localise sso failure error * code climate * code climate 2 * code climate 3 * added missing login param * make spec work with SSO module prepended to ApplicationController * polish [ci skip]
7 years ago
end
it "should show the account creation form with an error" do
get :auth_source_sso_failed
expect(session[:auth_source_sso_failure]).not_to be_present
expect(response.body).to have_text "Create a new account"
expect(response.body).to have_text "This field is invalid: Email has already been taken."
end
end
end
handle expired invitation tokens, don't delete them without replacement
7 years ago
describe 'POST #activate' do
shared_examples 'account activation' do
let(:token) { Token::Invitation.create user: user }
let(:activation_params) do
{
token: token.value
}
end
context 'with an expired token' do
before do
token.update_column :expires_on, Date.today - 1.day
post :activate, params: activation_params
end
it 'fails and shows an expiration warning' do
is_expected.to redirect_to('/')
expect(flash[:warning]).to include 'expired'
end
it 'deletes the old token and generates a new one' do
old_token = Token::Invitation.find_by(id: token.id)
new_token = Token::Invitation.find_by(user_id: token.user.id)
expect(old_token).to be_nil
expect(new_token).to be_present
expect(new_token).not_to be_expired
end
it 'sends out a new activation email' do
new_token = Token::Invitation.find_by(user_id: token.user.id)
delay all jobs
5 years ago
perform_enqueued_jobs
mail = ActionMailer::Base.deliveries.last
handle expired invitation tokens, don't delete them without replacement
7 years ago
expect(mail.parts.first.body.raw_source).to include "activate?token=#{new_token.value}"
end
end
end
context 'with an invited user' do
it_behaves_like 'account activation' do
FactoryGirl => FactoryBot Removes the deprecation
7 years ago
let(:user) { FactoryBot.create :user, status: 4 }
handle expired invitation tokens, don't delete them without replacement
7 years ago
end
end
context 'with an registered user' do
it_behaves_like 'account activation' do
FactoryGirl => FactoryBot Removes the deprecation
7 years ago
let(:user) { FactoryBot.create :user, status: 2 }
handle expired invitation tokens, don't delete them without replacement
7 years ago
end
end
end
Add option to force a user to change password on next login * Add force_password_reset field to user * Add force_password_reset field to user edit form Also, reindent the form HTML. * Rename force_password_reset to force_password_change * Force password change: Show form on login, allow change * Remove unused step definitions for setting RAILS_ENV * Fix forced password change, add cuke * Don't reveal whether user exists when not authenticated * Also add spec for testing reaction when user is not allowed to change the password. * Improve force password change code after review * Fix MyController password test and change to spec * Fix AccountController force password change spec
12 years ago
end