barkest_core 1.5.3.0

data/test/integration/reports_test.rb

@@ -0,0 +1,53 @@
+require 'test_helper'
+require 'digest/sha1'
+
+class ReportsTest < ActionDispatch::IntegrationTest
+
+  access_tests_for :index,
+                   url_helper: 'barkest_core_test_report_path',
+                   allow_anon: false,
+                   allow_any_user: false,
+                   allow_admin: true
+
+  def setup
+    @admin = users(:admin)
+  end
+
+  # CSV is easy, it's content won't change.
+  test 'should get csv' do
+    log_in_as @admin
+    get barkest_core_test_report_path(format: :csv)
+
+    assert_equal 'text/csv', response.content_type.to_s
+
+    valid_csv = "Code,Name,Email,Date of Birth,Hire Date,Pay Rate,Hours\nSMIJOH,John Smith,j.smith@example.com,01/01/1980,05/01/2010,15.5,2260\n"
+    assert_equal valid_csv, response.body
+  end
+
+  # PDF is a bit more complex, but we try our damnedest to make it consistent, even going so far as forging the creation_date.
+  # The SHA1 should match up.
+  test 'should get pdf' do
+    log_in_as @admin
+    get barkest_core_test_report_path(format: :pdf)
+
+    assert_equal 'application/pdf', response.content_type.to_s
+
+    valid_sha1 = '5aba48603c5e93674e67022b38524dd5d1a953c4'
+    computed_sha1 = Digest::SHA1.hexdigest(response.body)
+    assert_equal valid_sha1, computed_sha1
+  end
+
+  # XLSX is the same as PDF as far as testing goes.
+  test 'should get xlsx' do
+    log_in_as @admin
+    get barkest_core_test_report_path(format: :xlsx)
+
+    assert_equal 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', response.content_type.to_s
+
+    valid_sha1 = 'e6292ab2ea16a209ccd985a00d823d15c6c6a947'
+    computed_sha1 = Digest::SHA1.hexdigest(response.body)
+    assert_equal valid_sha1, computed_sha1
+  end
+
+
+end

data/test/integration/status_access_test.rb

@@ -0,0 +1,27 @@
+require 'test_helper'
+
+class StatusAccessTest < ActionDispatch::IntegrationTest
+
+  access_tests_for :first,
+                   controller: 'status',
+                   url_helper: 'status_first_path',
+                   allow_anon: false,
+                   allow_any_user: false,
+                   allow_admin: true
+
+  access_tests_for :more,
+                   controller: 'status',
+                   url_helper: 'status_more_path',
+                   allow_anon: false,
+                   allow_any_user: false,
+                   allow_admin: true
+
+  access_tests_for :current,
+                   controller: 'status',
+                   url_helper: 'status_current_path',
+                   allow_anon: false,
+                   allow_any_user: false,
+                   allow_admin: true
+
+
+end

data/test/integration/system_config_access_test.rb

@@ -0,0 +1,24 @@
+require 'test_helper'
+
+class SystemConfigAccessTest < ActionDispatch::IntegrationTest
+
+  COMMON_ACCESS = {
+      controller: 'system_config',
+      allow_anon: false,
+      allow_any_user: false,
+      allow_admin: true
+  }
+
+  access_tests_for :index, COMMON_ACCESS.merge(url_helper: 'system_config_path')
+
+  access_tests_for :restart, COMMON_ACCESS.merge(url_helper: 'system_config_restart_path', success: 'system_config_url', method: :post)
+
+  access_tests_for :show_auth, COMMON_ACCESS.merge(url_helper: 'system_config_auth_path')
+
+  access_tests_for :show_database, COMMON_ACCESS.merge(url_helper: 'system_config_database_path(\'test-123\')')
+
+  access_tests_for :show_email, COMMON_ACCESS.merge(url_helper: 'system_config_email_path')
+
+  access_tests_for :show_self_update, COMMON_ACCESS.merge(url_helper: 'system_config_self_update_path')
+
+end

data/test/integration/system_update_access_test.rb

@@ -0,0 +1,19 @@
+require 'test_helper'
+
+class SystemUpdateAccessTest < ActionDispatch::IntegrationTest
+
+  access_tests_for :index,
+                   url_helper: 'system_update_path',
+                   allow_anon: false,
+                   allow_any_user: false,
+                   allow_admin: true
+
+  access_tests_for :new,
+                   url_helper: 'system_update_new_path',
+                   allow_anon: false,
+                   allow_any_user: false,
+                   allow_admin: true,
+                   success: 'status_current_url'
+
+
+end

data/test/integration/users_access_test.rb

@@ -0,0 +1,34 @@
+require 'test_helper'
+
+class UsersAccessTest < ActionDispatch::IntegrationTest
+  access_tests_for [ :index, :show ],
+                   controller: 'users',
+                   allow_anon: false,
+                   allow_any_user: !BarkestCore.lock_down_users,
+                   allow_admin: true
+
+  access_tests_for :new,
+                   controller: 'users',
+                   allow_anon: true,
+                   allow_any_user: false,
+                   allow_admin: false
+
+  # the user can edit themselves, however the test should try to get the standard user to edit another user.
+  # that should fail.  the other integration tests should truly test out the editing of one's self.
+  access_tests_for :edit,
+                   controller: 'users',
+                   allow_anon: false,
+                   allow_any_user: false,
+                   allow_admin: true
+
+  access_tests_for :disable,
+                   controller: 'users',
+                   url_helper: 'disable_user_path(users(:one))',
+                   allow_anon: false,
+                   allow_any_user: false,
+                   allow_admin: true
+
+
+
+
+end

data/test/integration/users_edit_test.rb

@@ -0,0 +1,178 @@
+require 'test_helper'
+
+class UsersEditTest < ActionDispatch::IntegrationTest
+
+  def setup
+    @user = users(:standard)
+    @other_user = users(:user_3)
+    @admin = users(:admin)
+    @disabled_user = users(:disabled)
+    @recent_user = users(:recently_disabled)
+  end
+
+  test 'should redirect edit when not logged in' do
+    get edit_user_path(@user)
+    assert_not flash.empty?
+    assert_redirected_to login_url
+  end
+
+  test 'should redirect update when not logged in' do
+    patch user_path(@user), user: { name: @user.name, email: @user.email }
+    assert_not flash.empty?
+    assert_redirected_to login_url
+  end
+
+  test 'should redirect edit when logged in as wrong user' do
+    log_in_as @other_user
+    get edit_user_path(@user)
+    assert flash.empty?
+    assert_redirected_to root_url
+  end
+
+  test 'should redirect update when logged in as wrong user' do
+    log_in_as @other_user
+    patch user_path(@user), user: { name: @user.name, email: @user.email }
+    assert flash.empty?
+    assert_redirected_to root_url
+  end
+
+  test 'should redirect destroy when not logged in' do
+    assert_no_difference 'User.count' do
+      delete user_path(@disabled_user)
+    end
+    assert_redirected_to login_url
+  end
+
+  test 'should redirect destroy when logged in as non-admin' do
+    log_in_as @other_user
+    assert_no_difference 'User.count' do
+      delete user_path(@disabled_user)
+    end
+    assert_redirected_to root_url
+  end
+
+  test 'should allow destroy when logged in as admin' do
+    log_in_as @admin
+    assert_difference 'User.count', -1 do
+      delete user_path(@disabled_user)
+    end
+    assert_redirected_to users_url
+  end
+
+  test 'should not destroy recently disabled users' do
+    log_in_as @admin
+    assert_no_difference 'User.count' do
+      delete user_path(@recent_user)
+    end
+    assert_redirected_to users_url
+  end
+
+  test 'should not destroy active users' do
+    log_in_as @admin
+    assert_no_difference 'User.count' do
+      delete user_path(@user)
+    end
+    assert_redirected_to users_url
+  end
+
+  test 'should not allow the admin attribute to be edited via web' do
+    log_in_as @other_user
+    assert_not @other_user.system_admin?
+    patch user_path(@other_user), user: { password: 'password', password_confirmation: 'password', system_admin: '1' }
+    assert_not @other_user.reload.system_admin?
+  end
+
+  test 'should redirect disable when not logged in' do
+    assert_no_difference 'User.enabled.count' do
+      get disable_user_path(@user)
+    end
+    assert_redirected_to login_url
+    assert_no_difference 'User.enabled.count' do
+      patch disable_user_path(@user)
+    end
+    assert_redirected_to login_url
+  end
+
+  test 'should redirect disable when logged in as non-admin' do
+    log_in_as @other_user
+    assert_no_difference 'User.enabled.count' do
+      get disable_user_path(@user)
+    end
+    assert_redirected_to root_url
+    assert_no_difference 'User.enabled.count' do
+      patch disable_user_path(@user)
+    end
+    assert_redirected_to root_url
+  end
+
+  test 'should redirect enable when not logged in' do
+    assert_no_difference 'User.enabled.count' do
+      patch enable_user_path(@disabled_user)
+    end
+    assert_redirected_to login_url
+  end
+
+  test 'should redirect enable when logged in as non-admin' do
+    log_in_as @other_user
+    assert_no_difference 'User.enabled.count' do
+      patch enable_user_path(@disabled_user)
+    end
+    assert_redirected_to root_url
+  end
+
+  test 'should disable user for admins' do
+    log_in_as @admin
+    assert_no_difference 'User.enabled.count' do
+      get disable_user_path(@other_user)
+    end
+    assert_template 'users/disable_confirm'
+    assert_difference 'User.enabled.count', -1 do
+      patch disable_user_path(@other_user), disable_user: { reason: 'As a test' }
+    end
+    assert_redirected_to users_url
+  end
+
+  test 'should enable user for admins' do
+    log_in_as @admin
+    assert_difference 'User.enabled.count', 1 do
+      patch enable_user_path(@disabled_user)
+    end
+    assert_redirected_to users_url
+  end
+
+  test 'unsuccessful edit' do
+    get edit_user_path(@user)
+    assert_redirected_to login_url
+    log_in_as(@user)
+    get edit_user_path(@user)
+    assert_template 'users/edit'
+    patch user_path(@user), user: { name: '', email: 'foo@invalid', password: 'foo', password_confirmation: 'baz' }
+    assert_template 'users/edit'
+    assert_select 'div#error_explanation'
+  end
+
+  test 'successful edit with friendly forwarding' do
+    get edit_user_path(@user)
+    assert_redirected_to login_url
+    log_in_as(@user)
+    assert_redirected_to edit_user_path(@user)
+    name = 'Foo Bar'
+    email = 'foo@bar.com'
+    pwd = ''
+    patch user_path(@user), user: { name: name, email: email, password: pwd, password_confirmation: pwd }
+    assert_not flash.empty?
+    assert_redirected_to @user
+    @user.reload
+    assert_equal name, @user.name
+    assert_equal email, @user.email
+    pwd = 'new-password'
+    patch user_path(@user), user: { name: name, email: email, password: pwd, password_confirmation: pwd }
+    assert_not flash.empty?
+    assert_redirected_to @user
+    @user.reload
+    assert @user.authenticate(pwd)
+  end
+
+
+end
+

data/test/integration/users_index_test.rb

@@ -0,0 +1,62 @@
+require 'test_helper'
+
+class UsersIndexTest < ActionDispatch::IntegrationTest
+
+  def setup
+    @user           = users(:standard)
+    @other_user     = users(:basic)
+    @admin          = users(:admin)
+    @can_delete     = users(:disabled)
+    @cannot_delete  = users(:recently_disabled)
+  end
+
+  test 'should redirect index when not logged in' do
+    get users_path
+    assert_redirected_to login_url
+  end
+
+  test 'index including pagination' do
+    log_in_as @user
+    get users_path
+    assert_template 'users/index'
+    assert_select 'div.pagination'
+    User.enabled.sorted.paginate(page: 1).each do |user|
+      assert_select 'a[href=?] i', disable_user_path(user), count: 0
+      assert_select 'a[href=?]', user_path(user), text: user.name
+    end
+    get user_path(@other_user)
+    assert_template 'users/show'
+  end
+
+  test 'index disabled for non-admin' do
+    original = BarkestCore.lock_down_users
+    begin
+      BarkestCore.lock_down_users = true
+      log_in_as @user
+      get users_path
+      assert_redirected_to root_url
+      get user_path(@other_user)
+      assert_redirected_to root_url
+    ensure
+      BarkestCore.lock_down_users = original
+    end
+  end
+
+  test 'index for admin' do
+    log_in_as @admin
+    get users_path
+    User.all.sorted.paginate(page: 1).each do |user|
+      # disabled users should have a delete link
+      assert_select 'a[href=?]>i', user_path(user), count: (user.enabled? ? 0 : 1)
+
+      # enabled users (except the current one) should have a disable link
+      assert_select 'a[href=?]>i', disable_user_path(user), count: ((user.enabled? && !current_user?(user)) ? 1 : 0)
+
+      # all users should have a link to their profile page.
+      assert_select 'a[href=?]', user_path(user), text: user.name
+    end
+  end
+
+
+end
+

data/test/integration/users_login_test.rb

@@ -0,0 +1,67 @@
+require 'test_helper'
+
+class UsersLoginTest < ActionDispatch::IntegrationTest
+
+  def setup
+    @user = users(:admin)
+  end
+
+  access_tests_for :new,
+                   controller: 'sessions',
+                   url_helper: 'login_path',
+                   allow_anon: true,
+                   allow_any_user: false,
+                   allow_admin: false
+
+  test 'login with invalid information' do
+    get login_path
+    assert_template 'sessions/new'
+    post login_path, session: { email: '', password: '' }
+    assert_template 'sessions/new'
+    assert_not flash.empty?
+    get root_path
+    assert flash.empty?
+    assert_select 'a[href=?]', login_path
+    assert_select 'a[href=?]', logout_path, count: 0
+  end
+
+  test 'login with valid information followed by logout' do
+    get login_path
+    post login_path, session: { email: @user.email, password: 'password' }
+    assert is_logged_in?
+    assert_redirected_to @user
+    follow_redirect!
+    assert_template 'users/show'
+    assert_select 'a[href=?]', login_path, count: 0
+    assert_select 'a[href=?]', logout_path
+    assert_select 'a[href=?]', user_path(@user)
+    delete logout_path
+    assert_not is_logged_in?
+    assert_redirected_to root_url
+    # simulate clicking 'log out' a second time.
+    delete logout_path
+    follow_redirect!
+    assert_select 'a[href=?]', login_path
+    assert_select 'a[href=?]', logout_path, count: 0
+    assert_select 'a[href=?]', user_path(@user), count: 0
+  end
+
+  test 'login with disabled account' do
+    @user = users(:disabled)
+    get login_path
+    post login_path, session: { email: @user.email, password: 'password' }
+    assert_template 'sessions/new'
+    assert_not flash.empty?
+  end
+
+  test 'login with remembering' do
+    log_in_as @user, remember_me: '1'
+    assert_not_nil cookies['remember_token']
+    assert_equal assigns(:user).remember_token, cookies['remember_token']
+  end
+
+  test 'login without remembering' do
+    log_in_as @user, remember_me: '0'
+    assert_nil cookies['remember_token']
+  end
+end