OpenProject is the leading open source project management software.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
openproject/features/step_definitions/password_steps.rb

153 lines
5.1 KiB

#-- encoding: UTF-8
#-- copyright
# OpenProject is a project management system.
# Copyright (C) 2012-2017 the OpenProject Foundation (OPF)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2017 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# See doc/COPYRIGHT.rdoc for more details.
#++
def parse_password_rules(str)
str.sub(', and ', ', ').split(', ')
end
Given /^passwords must contain ([0-9]+) of ([a-z, ]+) characters$/ do |minimum_rules, rules|
rules = parse_password_rules(rules)
Setting.password_active_rules = rules
Setting.password_min_adhered_rules = minimum_rules.to_i
end
Given /^passwords have a minimum length of ([0-9]+) characters$/ do |minimum_length|
Setting.password_min_length = minimum_length
end
Given /^users are not allowed to reuse the last ([0-9]+) passwords$/ do |count|
Setting.password_count_former_banned = count
end
def fill_change_password(old_password, new_password, confirmation = new_password)
# use find and set with id to prevent ambiguous match I get with fill_in
find('#password').set(old_password)
fill_in('new_password', with: new_password)
fill_in('new_password_confirmation', with: confirmation)
click_link_or_button 'Save'
@new_password = new_password
end
def change_password(old_password, new_password)
visit '/my/password'
fill_change_password(old_password, new_password)
end
Given /^I try to change my password from "([^\"]+)" to "([^\"]+)"$/ do |old, new|
change_password(old, new)
end
When /^I try to set my new password to "(.+)"$/ do |password|
visit '/my/password'
change_password('adminADMIN!', password)
end
When /^I fill out the change password form$/ do
fill_change_password('adminADMIN!', 'adminADMIN!New')
end
When /^I fill out the change password form with a wrong old password$/ do
fill_change_password('wrong', 'adminADMIN!New')
end
When /^I fill out the change password form with a wrong password confirmation$/ do
fill_change_password('adminADMIN!', 'adminADMIN!New', 'wrong')
end
Then /^the password change should succeed$/ do
find('.notice').should have_content('success')
end
Then /^I should be able to login using the new password$/ do
visit('/logout')
login(@user.login, @new_password)
end
Then /^the password and confirmation fields should be empty$/ do
find('#user_password').value.should be_empty
find('#user_password_confirmation').value.should be_empty
end
Then /^the password and confirmation fields should be disabled$/ do
find('#user_password').should be_disabled
find('#user_password_confirmation').should be_disabled
end
Then /^the force password change field should be checked$/ do
find('#user_force_password_change').should be_checked
end
Then /^the force password change field should be disabled$/ do
find('#user_force_password_change').should be_disabled
end
Given /^I try to log in with user "([^"]*)"$/ do |login|
step 'I go to the logout page'
login(login, @new_password || 'adminADMIN!')
end
Given /^I try to log in with user "([^"]*)" and a wrong password$/ do |login|
step 'I go to the logout page'
login(login, 'Wrong password')
end
Given /^I try to log in with user "([^"]*)" and the password sent via email$/ do |login|
step 'I go to the logout page'
login(login, assigned_password_from_last_email)
end
When /^I activate the ([a-z, ]+) password rules$/ do |rules|
rules = parse_password_rules(rules)
# ensure checkboxes are loaded, 'all' doesn't wait
should have_selector(:xpath, "//input[@id='settings_password_active_rules_' and @value='#{rules.first}']")
all(:xpath, "//input[@id='settings_password_active_rules_']").each do |checkbox|
checkbox.set(false)
end
rules.each do |rule|
find(:xpath, "//input[@id='settings_password_active_rules_' and @value='#{rule}']").set(true)
end
end
def set_user_attribute(login, attribute, value)
user = User.find_by login: login
user.send((attribute.to_s + '=').to_sym, value)
user.save
end
Given /^the user "(.+)" is(not |) forced to change his password$/ do |login, disable|
set_user_attribute(login, :force_password_change, disable != 'not ')
end
Given /^I use the first existing token to request a password reset$/ do
token = Token::Recovery.first
visit account_lost_password_path(token: token.value)
end