parlement 0.1

data/vendor/plugins/login_engine/test/functional/user_controller_test.rb

@@ -0,0 +1,533 @@
+require File.dirname(__FILE__) + '/../test_helper'
+require_dependency 'user_controller'
+require 'breakpoint'
+
+
+# Raise errors beyond the default web-based presentation
+class UserController; def rescue_action(e) raise e end; end
+
+class UserControllerTest < Test::Unit::TestCase
+  
+  fixtures LoginEngine.config(:user_table).to_sym
+  
+  def setup
+    
+    LoginEngine::CONFIG[:salt] = "test-salt"
+    
+    @controller = UserController.new
+    @request, @response = ActionController::TestRequest.new, ActionController::TestResponse.new
+    @request.host = "localhost"
+  end
+
+
+  
+  #==========================================================================
+  #
+  # Login/Logout
+  #
+  #==========================================================================
+
+  def test_home_without_login
+    get :home
+    assert_redirected_to :action => "login"
+  end
+
+  def test_invalid_login
+    post :login, :user => { :login => "bob", :password => "wrong_password" }
+    assert_response :success
+
+    assert_session_has_no :user
+    assert_template "login"
+  end
+ 
+  def test_login
+    @request.session['return-to'] = "/bogus/location"
+
+    post :login, :user => { :login => "bob", :password => "atest" }
+    
+    assert_response 302  # redirect
+    assert_session_has :user
+    assert_equal fixture_object(LoginEngine.config(:user_table).to_sym, :bob), session[:user]
+    
+    assert_redirect_url "http://#{@request.host}/bogus/location"
+  end
+
+  def test_login_logoff
+
+    post :login, :user => { :login => "bob", :password => "atest" }
+    assert_session_has :user
+
+    get :logout
+    assert_session_has_no :user
+
+  end
+
+
+  #==========================================================================
+  #
+  # Signup
+  #
+  #==========================================================================
+
+  def test_signup
+    LoginEngine::CONFIG[:use_email_notification] = true
+
+    ActionMailer::Base.deliveries = []
+
+    @request.session['return-to'] = "/bogus/location"
+
+    assert_equal 5, User.count
+    post :signup, :user => { :login => "newbob", :password => "newpassword", :password_confirmation => "newpassword", :email => "newbob@test.com" }
+    assert_session_has_no :user
+
+    assert_redirect_url(@controller.url_for(:action => "login"))
+    assert_equal 1, ActionMailer::Base.deliveries.size
+    mail = ActionMailer::Base.deliveries[0]
+    assert_equal "newbob@test.com", mail.to_addrs[0].to_s
+    assert_match /login:\s+\w+\n/, mail.encoded
+    assert_match /password:\s+\w+\n/, mail.encoded
+    mail.encoded =~ /key=(.*?)"/
+    key = $1
+
+    user = User.find_by_email("newbob@test.com")
+    assert_not_nil user
+    assert_equal 0, user.verified
+
+    # First past the expiration.
+    Time.advance_by_days = 1
+    get :home, :user=> { "id" => "#{user.id}" }, "key" => "#{key}"
+    Time.advance_by_days = 0
+    user = User.find_by_email("newbob@test.com")
+    assert_equal 0, user.verified
+
+    # Then a bogus key.
+    get :home, :user=> { "id" => "#{user.id}" }, "key" => "boguskey"
+    user = User.find_by_email("newbob@test.com")
+    assert_equal 0, user.verified
+
+    # Now the real one.
+    get :home, :user=> { "id" => "#{user.id}" }, "key" => "#{key}"
+    user = User.find_by_email("newbob@test.com")
+    assert_equal 1, user.verified
+
+    post :login, :user => { :login => "newbob", :password => "newpassword" }
+    assert_session_has :user
+    get :logout
+
+  end
+  
+  def test_signup_bad_password
+    LoginEngine::CONFIG[:use_email_notification] = true
+    ActionMailer::Base.deliveries = []
+
+    @request.session['return-to'] = "/bogus/location"
+    post :signup, :user => { :login => "newbob", :password => "bad", :password_confirmation => "bad", :email => "newbob@test.com" }
+    assert_session_has_no :user
+    assert_invalid_column_on_record "user", "password"
+    assert_success
+    assert_equal 0, ActionMailer::Base.deliveries.size
+  end
+  
+  def test_signup_bad_email
+    LoginEngine::CONFIG[:use_email_notification] = true
+    ActionMailer::Base.deliveries = []
+
+    @request.session['return-to'] = "/bogus/location"
+
+    ActionMailer::Base.inject_one_error = true
+    post :signup, :user => { :login => "newbob", :password => "newpassword", :password_confirmation => "newpassword", :email => "newbob@test.com" }
+    assert_session_has_no :user
+    assert_equal 0, ActionMailer::Base.deliveries.size
+  end
+
+  def test_signup_without_email
+    LoginEngine::CONFIG[:use_email_notification] = false
+    
+    @request.session['return-to'] = "/bogus/location"
+
+    post :signup, :user => { :login => "newbob", :password => "newpassword", :password_confirmation => "newpassword", :email => "newbob@test.com" }
+
+    assert_redirect_url(@controller.url_for(:action => "login"))    
+    assert_session_has_no :user
+    assert_match /Signup successful/, flash[:notice]
+    
+    assert_not_nil User.find_by_login("newbob")
+    
+    user = User.find_by_email("newbob@test.com")
+    assert_not_nil user
+    
+    post :login, :user => { :login => "newbob", :password => "newpassword" }
+    assert_session_has :user
+    get :logout    
+  end
+
+  def test_signup_bad_details
+    @request.session['return-to'] = "/bogus/location"
+
+    # mismatched password
+    post :signup, :user => { :login => "newbob", :password => "newpassword", :password_confirmation => "wrong" }
+    assert_invalid_column_on_record "user", "password"
+    assert_success
+    
+    # login not long enough
+    post :signup, :user => { :login => "yo", :password => "newpassword", :password_confirmation => "newpassword" }
+    assert_invalid_column_on_record "user", "login"
+    assert_success
+
+    # both
+    post :signup, :user => { :login => "yo", :password => "newpassword", :password_confirmation => "wrong" }
+    assert_invalid_column_on_record "user", ["login", "password"]
+    assert_success
+    
+    # existing user
+    post :signup, :user => { :login => "bob", :password => "doesnt_matter", :password_confirmation => "doesnt_matter" }
+    assert_invalid_column_on_record "user", "login"
+    assert_success
+
+    # existing email
+    post :signup, :user => { :login => "newbob", :email => "longbob@test.com", :password => "doesnt_matter", :password_confirmation => "doesnt_matter" }
+    assert_invalid_column_on_record "user", "email"
+    assert_success
+
+  end
+  
+
+  #==========================================================================
+  #
+  # Edit
+  #
+  #==========================================================================
+  
+  def test_edit
+    post :login, :user => { :login => "bob", :password => "atest" }
+    assert_session_has :user
+
+    post :edit, :user => { "firstname" => "Bob", "form" => "edit" }
+    assert_equal @response.session[:user].firstname, "Bob"
+
+    post :edit, :user => { "firstname" => "", "form" => "edit" }
+    assert_equal @response.session[:user].firstname, ""
+
+    get :logout
+  end
+
+
+
+  #==========================================================================
+  #
+  # Delete
+  #
+  #==========================================================================
+
+  def test_delete
+    LoginEngine::CONFIG[:use_email_notification] = true
+    # Immediate delete
+    post :login, :user => { :login => "deletebob1", :password => "alongtest" }
+    assert_session_has :user
+
+    LoginEngine.config :delayed_delete, false, :force
+    post :delete
+    assert_equal 1, ActionMailer::Base.deliveries.size
+    assert_session_has_no :user
+    
+    # try and login in again, we should fail.
+    post :login, :user => { :login => "deletebob1", :password => "alongtest" }
+    assert_session_has_no :user
+    assert_template_has "login"
+    
+
+    # Now try delayed delete
+    ActionMailer::Base.deliveries = []
+
+    post :login, :user => { :login => "deletebob2", :password => "alongtest" }
+    assert_session_has :user
+
+    LoginEngine.config :delayed_delete, true, :force
+    post :delete
+    assert_equal 1, ActionMailer::Base.deliveries.size
+    mail = ActionMailer::Base.deliveries[0]
+    mail.encoded =~ /user\[id\]=(.*?)&key=(.*?)"/
+    id = $1
+    key = $2
+    
+    post :restore_deleted, :user => { "id" => "#{id}" }, "key" => "badkey"
+    assert_session_has_no :user
+
+    # Advance the time past the delete date
+    Time.advance_by_days = LoginEngine.config :delayed_delete_days
+    post :restore_deleted, :user => { "id" => "#{id}" }, "key" => "#{key}"
+    assert_session_has_no :user
+    Time.advance_by_days = 0
+
+    post :restore_deleted, :user => { "id" => "#{id}" }, "key" => "#{key}"
+    assert_session_has :user      
+  end
+  
+  def test_delete_without_email
+    LoginEngine::CONFIG[:use_email_notification] = false
+    ActionMailer::Base.deliveries = []
+
+    # Immediate delete
+    post :login, :user => { :login => "deletebob1", :password => "alongtest" }
+    assert_session_has :user
+
+    LoginEngine.config :delayed_delete, false, :force
+    post :delete
+    assert_session_has_no :user
+    assert_nil User.find_by_login("deletebob1")
+    
+    # try and login in again, we should fail.
+    post :login, :user => { :login => "deletebob1", :password => "alongtest" }
+    assert_session_has_no :user
+    assert_template_has "login"
+    
+
+    # Now try delayed delete
+    ActionMailer::Base.deliveries = []
+
+    post :login, :user => { :login => "deletebob2", :password => "alongtest" }
+    assert_session_has :user
+
+    # delayed delete is not really relevant currently without email.
+    LoginEngine.config :delayed_delete, true, :force
+    post :delete
+    assert_equal 1, User.find_by_login("deletebob2").deleted
+  end
+
+
+
+  #==========================================================================
+  #
+  # Change Password
+  #
+  #==========================================================================
+
+  def test_change_valid_password
+    
+    LoginEngine::CONFIG[:use_email_notification] = true
+    
+    ActionMailer::Base.deliveries = []
+
+    post :login, :user => { :login => "bob", :password => "atest" }
+    assert_session_has :user
+
+    post :change_password, :user => { :password => "changed_password", :password_confirmation => "changed_password" }
+    
+    assert_equal 1, ActionMailer::Base.deliveries.size
+    mail = ActionMailer::Base.deliveries[0]
+    assert_equal "bob@test.com", mail.to_addrs[0].to_s
+    assert_match /login:\s+\w+\n/, mail.encoded
+    assert_match /password:\s+\w+\n/, mail.encoded
+
+    post :login, :user => { :login => "bob", :password => "changed_password" }
+    assert_session_has :user
+    post :change_password, :user => { :password => "atest", :password_confirmation => "atest" }
+    get :logout
+
+    post :login, :user => { :login => "bob", :password => "atest" }
+    assert_session_has :user
+
+    get :logout
+  end
+
+  def test_change_valid_password_without_email
+    
+    LoginEngine::CONFIG[:use_email_notification] = false
+    
+    ActionMailer::Base.deliveries = []
+
+    post :login, :user => { :login => "bob", :password => "atest" }
+    assert_session_has :user
+
+    post :change_password, :user => { :password => "changed_password", :password_confirmation => "changed_password" }
+    
+    assert_success
+
+    post :login, :user => { :login => "bob", :password => "changed_password" }
+    assert_session_has :user
+    post :change_password, :user => { :password => "atest", :password_confirmation => "atest" }
+    get :logout
+
+    post :login, :user => { :login => "bob", :password => "atest" }
+    assert_session_has :user
+
+    get :logout
+  end
+
+  def test_change_short_password
+    LoginEngine::CONFIG[:use_email_notification] = true
+    ActionMailer::Base.deliveries = []
+
+    post :login, :user => { :login => "bob", :password => "atest" }
+    assert_session_has :user
+
+    post :change_password, :user => { :password => "bad", :password_confirmation => "bad" }
+    assert_invalid_column_on_record "user", "password"
+    assert_success
+    assert_equal 0, ActionMailer::Base.deliveries.size    
+
+    post :login, :user => { :login => "bob", :password => "atest" }
+    assert_session_has :user
+
+    get :logout
+  end
+  
+  def test_change_short_password_without_email
+    LoginEngine::CONFIG[:use_email_notification] = false
+    post :login, :user => { :login => "bob", :password => "atest" }
+    assert_session_has :user
+
+    post :change_password, :user => { :password => "bad", :password_confirmation => "bad" }
+    assert_invalid_column_on_record "user", "password"
+    assert_success
+
+    post :login, :user => { :login => "bob", :password => "atest" }
+    assert_session_has :user
+
+    get :logout
+  end
+
+
+  def test_change_password_with_bad_email
+    LoginEngine::CONFIG[:use_email_notification] = true
+    ActionMailer::Base.deliveries = []
+    
+    # log in
+    post :login, :user => { :login => "bob", :password => "atest" }
+    assert_session_has :user
+
+    # change the password, but the email delivery will fail
+    ActionMailer::Base.inject_one_error = true
+    post :change_password, :user => { :password => "changed_password", :password_confirmation => "changed_password" }
+    assert_equal 0, ActionMailer::Base.deliveries.size
+    assert_match /Password could not be changed/, flash[:warning]
+    
+    # logout
+    get :logout
+    assert_session_has_no :user
+
+    # ensure we can log in with our original password
+    # TODO: WHY DOES THIS FAIL!! It looks like the transaction stuff in UserController#change_password isn't actually rolling back changes.
+    post :login, :user => { :login => "bob", :password => "atest" }
+    assert_session_has :user
+
+    get :logout
+  end
+
+
+
+
+  #==========================================================================
+  #
+  # Forgot Password
+  #
+  #==========================================================================
+
+  def test_forgot_password
+    LoginEngine::CONFIG[:use_email_notification] = true
+
+    do_forgot_password(false, false, false)
+    do_forgot_password(false, false, true)
+    do_forgot_password(true, false, false)
+    do_forgot_password(false, true, false)
+  end
+  
+  def do_forgot_password(bad_address, bad_email, logged_in)
+    ActionMailer::Base.deliveries = []
+
+    if logged_in
+      post :login, :user => { :login => "bob", :password => "atest" }
+      assert_session_has :user
+    end
+
+    @request.session['return-to'] = "/bogus/location"
+    if not bad_address and not bad_email
+      post :forgot_password, :user => { :email => "bob@test.com" }
+      password = "anewpassword"
+      if logged_in
+        assert_equal 0, ActionMailer::Base.deliveries.size
+        assert_redirect_url(@controller.url_for(:action => "change_password"))
+        post :change_password, :user => { :password => "#{password}", :password_confirmation => "#{password}" }
+      else
+        assert_equal 1, ActionMailer::Base.deliveries.size
+        mail = ActionMailer::Base.deliveries[0]
+        assert_equal "bob@test.com", mail.to_addrs[0].to_s
+        mail.encoded =~ /user\[id\]=(.*?)&key=(.*?)"/
+        id = $1
+        key = $2
+        post :change_password, :user => { :password => "#{password}", :password_confirmation => "#{password}", :id => "#{id}" }, :key => "#{key}"
+        assert_session_has :user
+        get :logout
+      end
+    elsif bad_address
+      post :forgot_password, :user => { :email => "bademail@test.com" }
+      assert_equal 0, ActionMailer::Base.deliveries.size
+    elsif bad_email
+      ActionMailer::Base.inject_one_error = true
+      post :forgot_password, :user => { :email => "bob@test.com" }
+      assert_equal 0, ActionMailer::Base.deliveries.size
+    else
+      # Invalid test case
+      assert false
+    end
+
+    if not bad_address and not bad_email
+      if logged_in
+        get :logout
+      else
+        assert_redirect_url(@controller.url_for(:action => "login"))
+      end
+      post :login, :user => { :login => "bob", :password => "#{password}" }
+    else
+      # Okay, make sure the database did not get changed
+      if logged_in
+        get :logout
+      end
+      post :login, :user => { :login => "bob", :password => "atest" }
+    end
+
+    assert_session_has :user
+
+    # Put the old settings back
+    if not bad_address and not bad_email
+      post :change_password, :user => { :password => "atest", :password_confirmation => "atest" }
+    end
+    
+    get :logout
+  end
+
+  def test_forgot_password_without_email_and_logged_in
+    LoginEngine::CONFIG[:use_email_notification] = false
+
+    post :login, :user => { :login => "bob", :password => "atest" }
+    assert_session_has :user
+
+    @request.session['return-to'] = "/bogus/location"
+    post :forgot_password, :user => { :email => "bob@test.com" }
+    password = "anewpassword"
+    assert_redirect_url(@controller.url_for(:action => "change_password"))
+    post :change_password, :user => { :password => "#{password}", :password_confirmation => "#{password}" }
+
+    get :logout
+
+    post :login, :user => { :login => "bob", :password => "#{password}" }
+
+    assert_session_has :user
+    
+    get :logout
+  end
+
+  def forgot_password_without_email_and_not_logged_in
+    LoginEngine::CONFIG[:use_email_notification] = false
+
+    @request.session['return-to'] = "/bogus/location"
+    post :forgot_password, :user => { :email => "bob@test.com" }
+    password = "anewpassword"
+
+    # wothout email, you can't retrieve your forgotten password...
+    assert_match /Please contact the system admin/, flash[:message]
+    assert_session_has_no :user
+
+    assert_redirect_url "http://#{@request.host}/bogus/location"
+  end  
+end

data/vendor/plugins/login_engine/test/mocks/mail.rb

@@ -0,0 +1,14 @@
+ActionMailer::Base.class_eval {
+  @@inject_one_error = false
+  cattr_accessor :inject_one_error
+
+  private
+  def perform_delivery_test(mail)
+    if inject_one_error
+      ActionMailer::Base::inject_one_error = false
+      raise "Failed to send email" if raise_delivery_errors
+    else
+      deliveries << mail
+    end
+  end
+}

data/vendor/plugins/login_engine/test/mocks/time.rb

@@ -0,0 +1,19 @@
+require 'time'
+
+Time.class_eval { 
+  if !respond_to? :now_old # somehow this is getting defined many times.
+    @@advance_by_days = 0
+    cattr_accessor :advance_by_days
+
+    class << Time
+      alias now_old now
+      def now
+        if Time.advance_by_days != 0
+          return Time.at(now_old.to_i + Time.advance_by_days * 60 * 60 * 24 + 1)
+        else
+          now_old
+        end
+      end
+    end
+  end
+}

data/vendor/plugins/login_engine/test/test_helper.rb

@@ -0,0 +1,15 @@
+require File.dirname(__FILE__) + '/../../../../test/test_helper' # the default rails helper
+
+require File.dirname(__FILE__) + '/mocks/time'
+require File.dirname(__FILE__) + '/mocks/mail'
+
+# TODO: Add check for database-specific sql files instead
+load(File.dirname(__FILE__) + "/../db/schema.rb")
+
+# set up the fixtures location
+Test::Unit::TestCase.fixture_path = File.dirname(__FILE__)  + "/fixtures/"
+$LOAD_PATH.unshift(Test::Unit::TestCase.fixture_path)
+
+
+# declare mappings between your fixtures templates and the actual table names used.
+Test::Unit::TestCase.set_fixtures_table(:users, LoginEngine.config(:user_table))

data/vendor/plugins/login_engine/test/unit/user_test.rb

@@ -0,0 +1,94 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class UserTest < Test::Unit::TestCase
+  
+  fixtures LoginEngine.config(:user_table).to_sym
+ 
+  def setup
+    LoginEngine::CONFIG[:salt] = "test-salt"
+  end 
+    
+  def test_auth   
+    assert_equal fixture_object(LoginEngine.config(:user_table), :bob), User.authenticate("bob", "atest")    
+    assert_nil User.authenticate("nonbob", "atest")
+  end
+
+
+  def test_passwordchange
+        
+    fixture_object(LoginEngine.config(:user_table), :longbob).change_password("nonbobpasswd")
+    fixture_object(LoginEngine.config(:user_table), :longbob).save
+    assert_equal fixture_object(LoginEngine.config(:user_table), :longbob), User.authenticate("longbob", "nonbobpasswd")
+    assert_nil User.authenticate("longbob", "alongtest")
+    fixture_object(LoginEngine.config(:user_table), :longbob).change_password("alongtest")
+    fixture_object(LoginEngine.config(:user_table), :longbob).save
+    assert_equal fixture_object(LoginEngine.config(:user_table), :longbob), User.authenticate("longbob", "alongtest")
+    assert_nil User.authenticate("longbob", "nonbobpasswd")
+        
+  end
+  
+  def test_disallowed_passwords
+    
+    u = User.new    
+    u.login = "nonbob"
+
+    u.change_password("tiny")
+    assert !u.save     
+    assert u.errors.invalid?('password')
+
+    u.change_password("hugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehugehuge")
+    assert !u.save     
+    assert u.errors.invalid?('password')
+        
+    u.change_password("")
+    assert !u.save    
+    assert u.errors.invalid?('password')
+        
+    u.change_password("bobs_secure_password")
+    assert u.save     
+    assert u.errors.empty?
+        
+  end
+  
+  def test_bad_logins
+
+    u = User.new  
+    u.change_password("bobs_secure_password")
+
+    u.login = "x"
+    assert !u.save     
+    assert u.errors.invalid?('login')
+    
+    u.login = "hugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhugebobhug"
+    assert !u.save     
+    assert u.errors.invalid?('login')
+
+    u.login = ""
+    assert !u.save
+    assert u.errors.invalid?('login')
+
+    u.login = "okbob"
+    assert u.save  
+    assert u.errors.empty?
+      
+  end
+
+
+  def test_collision
+    u = User.new
+    u.login = "existingbob"
+    u.change_password("bobs_secure_password")
+    assert !u.save
+  end
+
+
+  def test_create
+    u = User.new
+    u.login = "nonexistingbob"
+    u.change_password("bobs_secure_password")
+      
+    assert u.save  
+    
+  end
+  
+end