kanbanworkflowstimelinescrumrubyroadmapproject-planningproject-managementopenprojectangularissue-trackerifcgantt-chartganttbug-trackerboardsbcf
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
302 lines
10 KiB
302 lines
10 KiB
#-- copyright
|
|
# OpenProject is a project management system.
|
|
# Copyright (C) 2012-2014 the OpenProject Foundation (OPF)
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU General Public License version 3.
|
|
#
|
|
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
|
|
# Copyright (C) 2006-2013 Jean-Philippe Lang
|
|
# Copyright (C) 2010-2013 the ChiliProject Team
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU General Public License
|
|
# as published by the Free Software Foundation; either version 2
|
|
# of the License, or (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, write to the Free Software
|
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
#
|
|
# See doc/COPYRIGHT.rdoc for more details.
|
|
#++
|
|
|
|
require 'spec_helper'
|
|
|
|
describe AccountController do
|
|
after do
|
|
User.delete_all
|
|
User.current = nil
|
|
end
|
|
|
|
context "POST #login" do
|
|
let(:admin) { FactoryGirl.create(:admin) }
|
|
|
|
describe "User logging in with back_url" do
|
|
|
|
it "should redirect to a relative path" do
|
|
post :login , {:username => admin.login, :password => 'adminADMIN!', :back_url => '/'}
|
|
expect(response).to redirect_to '/'
|
|
end
|
|
|
|
it "should redirect to an absolute path given the same host" do
|
|
# note: test.host is the hostname during tests
|
|
post :login , {:username => admin.login, :password => 'adminADMIN!', :back_url => 'http://test.host/work_packages/show/1'}
|
|
expect(response).to redirect_to '/work_packages/show/1'
|
|
end
|
|
|
|
it "should not redirect to another host" do
|
|
post :login , {:username => admin.login, :password => 'adminADMIN!', :back_url => 'http://test.foo/work_packages/show/1'}
|
|
expect(response).to redirect_to '/my/page'
|
|
end
|
|
|
|
it "should not redirect to another host with a protocol relative url" do
|
|
post :login , {:username => admin.login, :password => 'adminADMIN!', :back_url => '//test.foo/fake'}
|
|
expect(response).to redirect_to '/my/page'
|
|
end
|
|
|
|
it "should create users on the fly" do
|
|
Setting.self_registration = '0'
|
|
AuthSource.stub(:authenticate).and_return({:login => 'foo', :firstname => 'Foo', :lastname => 'Smith', :mail => 'foo@bar.com', :auth_source_id => 66})
|
|
post :login , {:username => 'foo', :password => 'bar'}
|
|
|
|
expect(response).to redirect_to '/my/first_login'
|
|
user = User.find_by_login('foo')
|
|
user.should be_an_instance_of User
|
|
user.auth_source_id.should == 66
|
|
user.current_password.should be_nil
|
|
end
|
|
|
|
context 'with a relative url root' do
|
|
before do
|
|
@old_relative_url_root, ApplicationController.relative_url_root = ApplicationController.relative_url_root, "/openproject"
|
|
end
|
|
|
|
after do
|
|
ApplicationController.relative_url_root = @old_relative_url_root
|
|
end
|
|
|
|
it "should redirect to the same subdirectory with an absolute path" do
|
|
post :login , {:username => admin.login, :password => 'adminADMIN!', :back_url => 'http://test.host/openproject/work_packages/show/1'}
|
|
expect(response).to redirect_to '/openproject/work_packages/show/1'
|
|
end
|
|
|
|
it "should redirect to the same subdirectory with a relative path" do
|
|
post :login , {:username => admin.login, :password => 'adminADMIN!', :back_url => '/openproject/work_packages/show/1'}
|
|
expect(response).to redirect_to '/openproject/work_packages/show/1'
|
|
end
|
|
|
|
it "should not redirect to another subdirectory with an absolute path" do
|
|
post :login , {:username => admin.login, :password => 'adminADMIN!', :back_url => 'http://test.host/foo/work_packages/show/1'}
|
|
expect(response).to redirect_to '/my/page'
|
|
end
|
|
|
|
it "should not redirect to another subdirectory with a relative path" do
|
|
post :login , {:username => admin.login, :password => 'adminADMIN!', :back_url => '/foo/work_packages/show/1'}
|
|
expect(response).to redirect_to '/my/page'
|
|
end
|
|
|
|
it "should not redirect to another subdirectory by going up the path hierarchy" do
|
|
post :login , {:username => admin.login, :password => 'adminADMIN!', :back_url => 'http://test.host/openproject/../foo/work_packages/show/1'}
|
|
expect(response).to redirect_to '/my/page'
|
|
end
|
|
|
|
it "should not redirect to another subdirectory with a protocol relative path" do
|
|
post :login , {:username => admin.login, :password => 'adminADMIN!', :back_url => '//test.host/foo/work_packages/show/1'}
|
|
expect(response).to redirect_to '/my/page'
|
|
end
|
|
end
|
|
|
|
end
|
|
end
|
|
|
|
describe "Login for user with forced password change" do
|
|
let(:user) do
|
|
FactoryGirl.create(:admin, force_password_change: true)
|
|
User.any_instance.stub(:change_password_allowed?).and_return(false)
|
|
end
|
|
|
|
before do
|
|
User.current = user
|
|
end
|
|
|
|
describe "User who is not allowed to change password can't login" do
|
|
before do
|
|
admin = User.find_by_admin(true)
|
|
|
|
post "change_password", :username => admin.login,
|
|
:password => 'adminADMIN!',
|
|
:new_password => 'adminADMIN!New',
|
|
:new_password_confirmation => 'adminADMIN!New'
|
|
end
|
|
|
|
it "should redirect to the login page" do
|
|
expect(response).to redirect_to '/login'
|
|
end
|
|
end
|
|
|
|
describe "User who is not allowed to change password, is not redirected to the login page" do
|
|
before do
|
|
admin = User.find_by_admin(true)
|
|
post "login", {:username => admin.login, :password => 'adminADMIN!'}
|
|
end
|
|
|
|
it "should redirect ot the login page" do
|
|
expect(response).to redirect_to '/login'
|
|
end
|
|
end
|
|
end
|
|
|
|
context "GET #register" do
|
|
context "with self registration on" do
|
|
before do
|
|
Setting.stub(:self_registration).and_return("3")
|
|
get :register
|
|
end
|
|
|
|
it "is successful" do
|
|
should respond_with :success
|
|
expect(response).to render_template :register
|
|
expect(assigns[:user]).not_to be_nil
|
|
end
|
|
end
|
|
|
|
context "with self registration off" do
|
|
before do
|
|
Setting.stub(:self_registration).and_return("0")
|
|
Setting.stub(:self_registration?).and_return(false)
|
|
get :register
|
|
end
|
|
|
|
it "redirects to home" do
|
|
should redirect_to('/') { home_url }
|
|
end
|
|
end
|
|
end
|
|
|
|
# See integration/account_test.rb for the full test
|
|
context "POST #register" do
|
|
context "with self registration on automatic" do
|
|
before do
|
|
Setting.stub(:self_registration).and_return("3")
|
|
post :register, :user => {
|
|
:login => 'register',
|
|
:password => 'adminADMIN!',
|
|
:password_confirmation => 'adminADMIN!',
|
|
:firstname => 'John',
|
|
:lastname => 'Doe',
|
|
:mail => 'register@example.com'
|
|
}
|
|
end
|
|
|
|
it "redirects to my account page" do
|
|
should respond_with :redirect
|
|
expect(assigns[:user]).not_to be_nil
|
|
should redirect_to('/my/account')
|
|
expect(User.last(:conditions => {:login => 'register'})).not_to be_nil
|
|
end
|
|
|
|
it 'set the user status to active' do
|
|
user = User.last(:conditions => {:login => 'register'})
|
|
expect(user).not_to be_nil
|
|
expect(user.status).to eq(User::STATUSES[:active])
|
|
end
|
|
end
|
|
|
|
context "with self registration by email" do
|
|
before do
|
|
Setting.stub(:self_registration).and_return("1")
|
|
Token.delete_all
|
|
post :register, :user => {
|
|
:login => 'register',
|
|
:password => 'adminADMIN!',
|
|
:password_confirmation => 'adminADMIN!',
|
|
:firstname => 'John',
|
|
:lastname => 'Doe',
|
|
:mail => 'register@example.com'
|
|
}
|
|
end
|
|
|
|
it "redirects to the login page" do
|
|
should redirect_to '/login'
|
|
end
|
|
|
|
it "doesn't activate the user but sends out a token instead" do
|
|
expect(User.find_by_login('register')).not_to be_active
|
|
token = Token.find(:first)
|
|
expect(token.action).to eq('register')
|
|
expect(token.user.mail).to eq('register@example.com')
|
|
expect(token).not_to be_expired
|
|
end
|
|
end
|
|
|
|
context "with manual activation" do
|
|
before do
|
|
Setting.stub(:self_registration).and_return("2")
|
|
post :register, :user => {
|
|
:login => 'register',
|
|
:password => 'adminADMIN!',
|
|
:password_confirmation => 'adminADMIN!',
|
|
:firstname => 'John',
|
|
:lastname => 'Doe',
|
|
:mail => 'register@example.com'
|
|
}
|
|
end
|
|
|
|
it "redirects to the login page" do
|
|
should redirect_to '/login'
|
|
end
|
|
|
|
it "doesn't activate the user" do
|
|
expect(User.find_by_login('register')).not_to be_active
|
|
end
|
|
end
|
|
|
|
context "with self registration off" do
|
|
before do
|
|
Setting.stub(:self_registration).and_return("0")
|
|
Setting.stub(:self_registration?).and_return(false)
|
|
post :register, :user => {
|
|
:login => 'register',
|
|
:password => 'adminADMIN!',
|
|
:password_confirmation => 'adminADMIN!',
|
|
:firstname => 'John',
|
|
:lastname => 'Doe',
|
|
:mail => 'register@example.com'
|
|
}
|
|
end
|
|
|
|
it "redirects to home" do
|
|
should redirect_to('/') { home_url }
|
|
end
|
|
end
|
|
|
|
context "with on-the-fly registration" do
|
|
|
|
before do
|
|
Setting.stub(:self_registration).and_return("0")
|
|
Setting.stub(:self_registration?).and_return(false)
|
|
AuthSource.stub(:authenticate).and_return({:login => 'foo', :lastname => 'Smith', :auth_source_id => 66})
|
|
post :login, :username => 'foo', :password => 'bar'
|
|
end
|
|
|
|
it "registers the user on-the-fly" do
|
|
should respond_with :success
|
|
expect(response).to render_template :register
|
|
|
|
post :register, :user => {:firstname => 'Foo', :lastname => 'Smith', :mail => 'foo@bar.com'}
|
|
should redirect_to '/my/account'
|
|
|
|
user = User.find_by_login('foo')
|
|
assert user.is_a?(User)
|
|
assert_equal 66, user.auth_source_id
|
|
assert user.current_password.nil?
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|