TheDude
/
openproject
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
OpenProject is the leading open source project management software.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
19920 Commits
139 Branches
203 Tags
1.2 GiB
 
 
 
 
 
 
Tag: Branch: Tree: 9734dbebdc
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9734dbebdc'
${ noResults }
openproject/test/unit/user_test.rb

555 lines
18 KiB
Raw Blame History

#-- encoding: UTF-8
#-- copyright
# OpenProject is a project management system.
# Copyright (C) 2012-2015 the OpenProject Foundation (OPF)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2013 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# See doc/COPYRIGHT.rdoc for more details.
#++
require File.expand_path('../../test_helper', __FILE__)
class UserTest < ActiveSupport::TestCase
include MiniTest::Assertions # refute
fixtures :all
def setup
super
@admin = User.find(1)
@jsmith = User.find(2)
@dlopper = User.find(3)
end
test 'object_daddy creation' do
User.generate_with_protected!(firstname: 'Testing connection')
User.generate_with_protected!(firstname: 'Testing connection')
assert_equal 2, User.count(:all, conditions: { firstname: 'Testing connection' })
end
def test_truth
assert_kind_of User, @jsmith
end
def test_mail_should_be_stripped
u = User.new
u.mail = ' foo@bar.com '
assert_equal 'foo@bar.com', u.mail
end
def test_create
user = User.new(firstname: 'new', lastname: 'user', mail: 'newuser@somenet.foo')
user.login = 'jsmith'
user.password, user.password_confirmation = 'adminADMIN!', 'adminADMIN!'
# login uniqueness
assert !user.save
assert_equal 1, user.errors.count
user.login = 'newuser'
user.password, user.password_confirmation = 'adminADMIN!', 'NOTadminADMIN!'
# password confirmation
assert !user.save
assert_equal 1, user.errors.count
user.password, user.password_confirmation = 'adminADMIN!', 'adminADMIN!'
assert user.save
end
context 'User#before_create' do
should 'set the mail_notification to the default Setting' do
@user1 = User.generate_with_protected!
assert_equal 'only_my_events', @user1.mail_notification
with_settings default_notification_option: 'all' do
@user2 = User.generate_with_protected!
assert_equal 'all', @user2.mail_notification
end
end
end
context 'User.login' do
should 'be case-insensitive.' do
u = User.new(firstname: 'new', lastname: 'user', mail: 'newuser@somenet.foo')
u.login = 'newuser'
u.password, u.password_confirmation = 'adminADMIN!', 'adminADMIN!'
assert u.save
u = User.new(firstname: 'Similar', lastname: 'User', mail: 'similaruser@somenet.foo')
u.login = 'NewUser'
u.password, u.password_confirmation = 'adminADMIN!', 'adminADMIN!'
assert !u.save
assert_include u.errors[:login], I18n.translate('activerecord.errors.messages.taken')
end
end
def test_mail_uniqueness_should_not_be_case_sensitive
u = User.new(firstname: 'new', lastname: 'user', mail: 'newuser@somenet.foo')
u.login = 'newuser1'
u.password, u.password_confirmation = 'adminADMIN!', 'adminADMIN!'
assert u.save
u = User.new(firstname: 'new', lastname: 'user', mail: 'newUser@Somenet.foo')
u.login = 'newuser2'
u.password, u.password_confirmation = 'adminADMIN!', 'adminADMIN!'
assert !u.save
assert_include u.errors[:mail], I18n.translate('activerecord.errors.messages.taken')
end
def test_update
assert_equal 'admin', @admin.login
@admin.login = 'john'
assert @admin.save, @admin.errors.full_messages.join('; ')
@admin.reload
assert_equal 'john', @admin.login
end
def test_destroy
User.find(2).destroy
assert_nil User.find_by_id(2)
assert Member.find_all_by_user_id(2).empty?
end
def test_validate_login_presence
@admin.login = ''
assert !@admin.save
assert_equal 1, @admin.errors.count
end
def test_validate_mail_notification_inclusion
u = User.new
u.mail_notification = 'foo'
u.save
refute_empty u.errors[:mail_notification]
end
context 'User#try_to_login' do
should 'fall-back to case-insensitive if user login is not found as-typed.' do
user = User.try_to_login('AdMin', 'adminADMIN!')
assert_kind_of User, user
assert_equal 'admin', user.login
end
should 'select the exact matching user first' do
case_sensitive_user = User.generate_with_protected!(login: 'changed', password: 'adminADMIN!', password_confirmation: 'adminADMIN!')
# bypass validations to make it appear like existing data
case_sensitive_user.update_attribute(:login, 'ADMIN')
user = User.try_to_login('ADMIN', 'adminADMIN!')
assert_kind_of User, user
assert_equal 'ADMIN', user.login
end
end
def test_password
user = User.try_to_login('admin', 'adminADMIN!')
assert_kind_of User, user
assert_equal 'admin', user.login
user.password = 'newpassPASS!'
assert user.save
user = User.try_to_login('admin', 'newpassPASS!')
assert_kind_of User, user
assert_equal 'admin', user.login
end
def test_name_format
assert_equal 'Smith, John', @jsmith.name(:lastname_coma_firstname)
Setting.user_format = :firstname_lastname
assert_equal 'John Smith', @jsmith.reload.name
Setting.user_format = :username
assert_equal 'jsmith', @jsmith.reload.name
end
def test_lock
user = User.try_to_login('jsmith', 'jsmith')
assert_equal @jsmith, user
@jsmith.status = User::STATUSES[:locked]
assert @jsmith.save
user = User.try_to_login('jsmith', 'jsmith')
assert_equal nil, user
end
context '.try_to_login' do
context 'with good credentials' do
should 'return the user' do
user = User.try_to_login('admin', 'adminADMIN!')
assert_kind_of User, user
assert_equal 'admin', user.login
end
end
context 'with wrong credentials' do
should 'return nil' do
assert_nil User.try_to_login('admin', 'foo')
end
end
end
if ldap_configured?
context '#try_to_login using LDAP' do
context 'with failed connection to the LDAP server' do
should 'return nil' do
@auth_source = LdapAuthSource.find(1)
AuthSource.any_instance.stub(:initialize_ldap_con).and_raise(Net::LDAP::LdapError, 'Cannot connect')
assert_equal nil, User.try_to_login('edavis', 'wrong')
end
end
context 'with an unsuccessful authentication' do
should 'return nil' do
assert_equal nil, User.try_to_login('edavis', 'wrong')
end
end
context 'on the fly registration' do
setup do
@auth_source = LdapAuthSource.find(1)
end
context 'with a successful authentication' do
should "create a new user account if it doesn't exist" do
assert_difference('User.count') do
user = User.try_to_login('edavis', '123456')
assert !user.admin?
end
end
should 'retrieve existing user' do
user = User.try_to_login('edavis', '123456')
user.admin = true
user.save!
assert_no_difference('User.count') do
user = User.try_to_login('edavis', '123456')
assert user.admin?
end
end
end
end
end
else
puts 'Skipping LDAP tests.'
end
def test_create_anonymous
AnonymousUser.delete_all
anon = User.anonymous
assert !anon.new_record?
assert_kind_of AnonymousUser, anon
end
should have_one :rss_token
def test_rss_key
assert_nil @jsmith.rss_token
key = @jsmith.rss_key
assert_equal 40, key.length
@jsmith.reload
assert_equal key, @jsmith.rss_key
end
should have_one :api_token
context 'User#api_key' do
should "generate a new one if the user doesn't have one" do
user = User.generate_with_protected!(api_token: nil)
assert_nil user.api_token
key = user.api_key
assert_equal 40, key.length
user.reload
assert_equal key, user.api_key
end
should 'return the existing api token value' do
user = User.generate_with_protected!
token = Token.generate!(action: 'api')
user.api_token = token
assert user.save
assert_equal token.value, user.api_key
end
end
context 'User#find_by_api_key' do
should 'return nil if no matching key is found' do
assert_nil User.find_by_api_key('zzzzzzzzz')
end
should 'return nil if the key is found for an inactive user' do
user = User.generate_with_protected!(status: User::STATUSES[:locked])
token = Token.generate!(action: 'api')
user.api_token = token
user.save
assert_nil User.find_by_api_key(token.value)
end
should 'return the user if the key is found for an active user' do
user = User.generate_with_protected!(status: User::STATUSES[:active])
token = Token.generate!(action: 'api')
user.api_token = token
user.save
assert_equal user, User.find_by_api_key(token.value)
end
end
def test_roles_for_project
# user with a role
roles = @jsmith.roles_for_project(Project.find(1))
assert_kind_of Role, roles.first
assert_equal 'Manager', roles.first.name
# user with no role
assert_nil @dlopper.roles_for_project(Project.find(2)).detect(&:member?)
end
def test_projects_by_role_for_user_with_role
user = User.find(2)
assert_kind_of Hash, user.projects_by_role
assert_equal 2, user.projects_by_role.size
assert_equal [1, 5], user.projects_by_role[Role.find(1)].collect(&:id).sort
assert_equal [2], user.projects_by_role[Role.find(2)].collect(&:id).sort
end
def test_projects_by_role_for_user_with_no_role
user = User.generate!
assert_equal({}, user.projects_by_role)
end
def test_projects_by_role_for_anonymous
assert_equal({}, User.anonymous.projects_by_role)
end
def test_valid_notification_options
# without memberships
assert_equal 5, User.find(7).valid_notification_options.size
# with memberships
assert_equal 6, User.find(2).valid_notification_options.size
end
def test_valid_notification_options_class_method
assert_equal 5, User.valid_notification_options.size
assert_equal 5, User.valid_notification_options(User.find(7)).size
assert_equal 6, User.valid_notification_options(User.find(2)).size
end
def test_mail_notification_all
@jsmith.mail_notification = 'all'
@jsmith.notified_project_ids = []
@jsmith.save
@jsmith.reload
assert @jsmith.projects.first.recipients.include?(@jsmith.mail)
end
def test_mail_notification_selected
@jsmith.mail_notification = 'selected'
@jsmith.notified_project_ids = [1]
@jsmith.save
@jsmith.reload
assert Project.find(1).recipients.include?(@jsmith.mail)
end
def test_mail_notification_only_my_events
@jsmith.mail_notification = 'only_my_events'
@jsmith.notified_project_ids = []
@jsmith.save
@jsmith.reload
assert !@jsmith.projects.first.recipients.include?(@jsmith.mail)
end
def test_comments_sorting_preference
assert !@jsmith.wants_comments_in_reverse_order?
@jsmith.pref.comments_sorting = 'asc'
assert !@jsmith.wants_comments_in_reverse_order?
@jsmith.pref.comments_sorting = 'desc'
assert @jsmith.wants_comments_in_reverse_order?
end
def test_find_by_mail_should_be_case_insensitive
u = User.find_by_mail('JSmith@somenet.foo')
assert_not_nil u
assert_equal 'jsmith@somenet.foo', u.mail
end
context '#allowed_to?' do
context 'with a unique project' do
should 'return false if project is archived' do
project = Project.find(1)
Project.any_instance.stub(:status).and_return(Project::STATUS_ARCHIVED)
assert ! @admin.allowed_to?(:view_work_packages, Project.find(1))
end
should 'return false if related module is disabled' do
project = Project.find(1)
project.enabled_module_names = ['work_package_tracking']
assert @admin.allowed_to?(:add_work_packages, project)
assert ! @admin.allowed_to?(:view_wiki_pages, project)
end
should 'authorize nearly everything for admin users' do
project = Project.find(1)
project.enabled_module_names = ['work_package_tracking', 'news', 'wiki', 'repository']
assert ! @admin.member_of?(project)
%w(edit_work_packages delete_work_packages manage_news manage_repository manage_wiki).each do |p|
assert @admin.allowed_to?(p.to_sym, project)
end
end
should 'authorize normal users depending on their roles' do
project = Project.find(1)
project.enabled_module_names = ['boards']
assert @jsmith.allowed_to?(:delete_messages, project) # Manager
assert ! @dlopper.allowed_to?(:delete_messages, project) # Developper
end
should 'only managers are allowed to export tickets' do
project = Project.find(1)
project.enabled_module_names = ['work_package_tracking']
assert @jsmith.allowed_to?(:export_work_packages, project) # Manager
assert ! @dlopper.allowed_to?(:export_work_packages, project) # Developper
end
end
context 'with multiple projects' do
should 'return false if array is empty' do
assert ! @admin.allowed_to?(:view_project, [])
end
should 'return true only if user has permission on all these projects' do
Project.all.each do |project|
project.enabled_module_names = ['work_package_tracking']
project.save!
end
assert @admin.allowed_to?(:view_project, Project.all)
assert ! @dlopper.allowed_to?(:view_project, Project.all) # cannot see Project(2)
assert @jsmith.allowed_to?(:edit_work_packages, @jsmith.projects) # Manager or Developer everywhere
assert ! @jsmith.allowed_to?(:delete_work_package_watchers, @jsmith.projects) # Dev cannot delete_work_package_watchers
end
should 'behave correctly with arrays of 1 project' do
assert !User.anonymous.allowed_to?(:delete_work_packages, [Project.first])
end
end
context 'with options[:global]' do
should 'authorize if user has at least one role that has this permission' do
@dlopper2 = User.find(5) # only Developper on a project, not Manager anywhere
@anonymous = User.find(6)
assert @jsmith.allowed_to?(:delete_work_package_watchers, nil, global: true)
assert ! @dlopper2.allowed_to?(:delete_work_package_watchers, nil, global: true)
assert @dlopper2.allowed_to?(:add_work_packages, nil, global: true)
assert ! @anonymous.allowed_to?(:add_work_packages, nil, global: true)
assert @anonymous.allowed_to?(:view_work_packages, nil, global: true)
end
end
end
context 'User#notify_about?' do
context 'Issues' do
setup do
@project = Project.find(1)
@author = User.generate_with_protected!
@assignee = User.generate_with_protected!
@issue = FactoryGirl.create(:work_package, project: @project, assigned_to: @assignee, author: @author)
end
should 'be true for a user with :all' do
@author.update_attribute(:mail_notification, 'all')
assert @author.notify_about?(@issue)
end
should 'be false for a user with :none' do
@author.update_attribute(:mail_notification, 'none')
assert ! @author.notify_about?(@issue)
end
should "be false for a user with :only_my_events and isn't an author, creator, or assignee" do
@user = User.generate_with_protected!(mail_notification: 'only_my_events')
(Member.new.tap do |m|
m.force_attributes = { user: @user, project: @project, role_ids: [1] }
end).save!
assert ! @user.notify_about?(@issue)
end
should 'be true for a user with :only_my_events and is the author' do
@author.update_attribute(:mail_notification, 'only_my_events')
assert @author.notify_about?(@issue)
end
should 'be true for a user with :only_my_events and is the assignee' do
@assignee.update_attribute(:mail_notification, 'only_my_events')
assert @assignee.notify_about?(@issue)
end
should 'be true for a user with :only_assigned and is the assignee' do
@assignee.update_attribute(:mail_notification, 'only_assigned')
assert @assignee.notify_about?(@issue)
end
should 'be false for a user with :only_assigned and is not the assignee' do
@author.update_attribute(:mail_notification, 'only_assigned')
assert ! @author.notify_about?(@issue)
end
should 'be true for a user with :only_owner and is the author' do
@author.update_attribute(:mail_notification, 'only_owner')
assert @author.notify_about?(@issue)
end
should 'be false for a user with :only_owner and is not the author' do
@assignee.update_attribute(:mail_notification, 'only_owner')
assert ! @assignee.notify_about?(@issue)
end
should 'be true for a user with :selected and is the author' do
@author.update_attribute(:mail_notification, 'selected')
assert @author.notify_about?(@issue)
end
should 'be true for a user with :selected and is the assignee' do
@assignee.update_attribute(:mail_notification, 'selected')
assert @assignee.notify_about?(@issue)
end
should 'be false for a user with :selected and is not the author or assignee' do
@user = User.generate_with_protected!(mail_notification: 'selected')
(Member.new.tap do |m|
m.force_attributes = { user: @user, project: @project, role_ids: [1] }
end).save!
assert ! @user.notify_about?(@issue)
end
end
context 'other events' do
should 'be added and tested'
end
end
end