pasaporte 0.0.1

data/test/test_openid.rb

@@ -0,0 +1,363 @@
+$:.reject! { |e| e.include? 'TextMate' }
+require File.dirname(__FILE__) + '/helper'
+require 'fileutils'
+require File.dirname(__FILE__) + '/testable_openid_fetcher'
+require 'openid/store/memory'
+require 'openid/extensions/sreg'
+
+class Object
+  def own_methods
+    raise (methods - Object.instance_methods).inspect
+  end
+end
+
+class TestOpenid < Pasaporte::WebTest
+  # We have to open up because it's the Fecther that's going
+  # to make requests
+  attr_reader :request, :response
+  fixtures :pasaporte_profiles
+
+  def setup
+    super
+    @fetcher = TestableOpenidFetcher.new(self)
+    
+    OpenID.fetcher = @fetcher
+    OpenID::Util.logger = Pasaporte::LOGGER
+    
+    @store = OpenID::Store::Memory.new
+    @openid_session = {}
+    init_consumer
+    
+    @request.domain = 'test.host'
+    
+    @trust_root = 'http://tativille.fr/wiki'
+    @return_to = 'http://tativille.fr/wiki/signup'
+    @hulot = Profile.find(1)
+  end
+  
+  def teardown
+    # Delete all the associations created during the test case
+    JulikState::State.delete_all; Association.delete_all; Approval.delete_all; Throttle.delete_all
+    # Delete the store
+    FileUtils.rm_rf('openid-consumer-store')
+    # Call super for flexmock a.o.
+    super
+  end
+  
+  def test_default_discovery_page_sports_right_server_url
+    get '/monsieur-hulot'
+    assert_response :success
+    assert_select 'link[rel=openid.server]', true do | s |
+      s = s.pop
+      assert_equal "http://test.host/pasaporte/monsieur-hulot/openid", s.attributes["href"],
+        "Should contain the delegate address for Monsieur Hulot"
+    end
+    assert_select 'link[rel=openid.delegate]', true do | s |
+      s = s.pop
+      assert_equal "http://test.host/pasaporte/monsieur-hulot/openid", s.attributes["href"],
+        "Should contain the endpoint address for Monsieur Hulot"
+    end
+  end
+  
+  def test_in_which_tativille_begins_association_and_gets_a_proper_next_step_url
+    assert_equal 'test.host', @request['SERVER_NAME']
+    
+    req = @consumer.begin("http://test.host/pasaporte/monsieur-hulot")
+    assert_kind_of OpenID::Consumer::CheckIDRequest, req
+    assert_kind_of OpenID::OpenIDServiceEndpoint, req.endpoint
+    assert_equal "http://test.host/pasaporte/monsieur-hulot/openid", req.endpoint.server_url
+    assert_equal "http://test.host/pasaporte/monsieur-hulot", req.endpoint.claimed_id
+    
+    # In this test we only get a next step URL
+    next_step_url = req.redirect_url(@trust_root, @return_to, immediate=false)
+    assert_nothing_raised("The URL received from the server should be parseable") do
+      next_step_url = URI.parse(next_step_url)
+    end
+    
+    assert_equal "http", next_step_url.scheme
+    assert_equal "test.host", next_step_url.host
+    
+    response_params = decode_qs(next_step_url.query)
+
+    assert_match(/#{Regexp.escape(@return_to + '?openid1_claimed_id=')}(.+)#{Regexp.escape('&rp_nonce=')}(.+)/, 
+      response_params["openid.return_to"],
+      "The return_to should be the one of the signup with a nonce")
+    assert_equal "http://test.host/pasaporte/monsieur-hulot/openid",
+      response_params["openid.identity"], "The identity is the server URL in this case"
+    assert_equal "checkid_setup", response_params['openid.mode'], 
+      "The current mode is checkid_setup"
+  end
+  
+  def test_in_which_monsieur_hulot_is_not_logged_in_and_asked_for_login_after_setup
+    req = @consumer.begin("http://test.host/pasaporte/monsieur-hulot")
+    assert_kind_of OpenID::Consumer::CheckIDRequest, req
+    assert_nothing_raised { get_with_verbatim_url req.redirect_url(@trust_root, @return_to) }
+    assert_response :redirect
+    assert_redirected_to '/monsieur-hulot/signon'
+    assert_not_nil @state.pending_openid, "A pending OpenID request should have been "+
+      "placed in the session"
+    assert_kind_of OpenID::Server::CheckIDRequest, @state.pending_openid
+  end
+  
+  def test_in_which_monsieur_hulot_is_asked_for_setup_decisions_after_logging_in
+    req = @consumer.begin("http://test.host/pasaporte/monsieur-hulot")
+    assert_nothing_raised { get_with_verbatim_url req.redirect_url(@trust_root, @return_to) }
+    assert_response :redirect
+    assert_redirected_to '/monsieur-hulot/signon', "Monsieur should be asked to login"
+    
+    prelogin!
+    assert_response :redirect
+    assert_redirected_to '/monsieur-hulot/openid',
+      "The redirection should be to the continuation of the OpenID procedure"
+    
+    assert_nothing_raised { follow_redirect }
+    assert_response :redirect
+    
+    assert_redirected_to '/monsieur-hulot/decide',
+      "Should send Monsieur Hulot to the page where he will confirm himself trusting the Tativille"
+    assert_not_nil @state.pending_openid,
+      "The state should contain the OpenID request to be processed"
+  end
+  
+  def test_in_which_monsieur_hulot_blindly_trusts_tativille
+    req = @consumer.begin("http://test.host/pasaporte/monsieur-hulot")
+    assert_nothing_raised { get_with_verbatim_url req.redirect_url(@trust_root, @return_to) }
+    prelogin!
+    
+    follow_redirect # back to openid
+    assert_redirected_to '/monsieur-hulot/decide', "Should send Monsieur Hulot to the page " +
+      "where he will confirm himself trusting the Tativille"
+    follow_redirect # to decide
+    
+    assert_select 'h2' do | e |
+      assert_equal "<h2>Please approve <b>http://tativille.fr/wiki</b></h2>", e.to_s
+    end
+    
+    post '/monsieur-hulot/decide'
+    assert_redirected_to '/monsieur-hulot/openid',
+      "Monsieur Hulot should be redirected back to the openid workflow page after approving"
+    
+    @hulot.reload
+    approval = @hulot.approvals[0]
+    assert_kind_of Approval, approval, "An approval should have been made"
+    assert_equal @trust_root, approval.trust_root, "The approval approves tativille"
+  end
+  
+  def test_in_which_monsieur_hulot_decides_not_to_trust_tativille
+    prelogin!
+    
+    req = @consumer.begin("http://test.host/pasaporte/monsieur-hulot")
+    assert_nothing_raised { get_with_verbatim_url req.redirect_url(@trust_root, @return_to) }
+    
+    assert_redirected_to '/monsieur-hulot/decide',
+      "Should send Monsieur Hulot to the page where he will confirm himself trusting the Tativille"
+    follow_redirect # to decide
+    
+    assert_select 'h2' do | e |
+      assert_equal "<h2>Please approve <b>http://tativille.fr/wiki</b></h2>", e.to_s
+    end
+    
+    post '/monsieur-hulot/decide', :nope => "Oh Non!"
+    red, path, qs = redirect_url_path_and_params
+    
+    assert_equal '/wiki/signup', path, 
+      "The taken decision should immediately send Monsieur Hulot back to the signup page"
+    assert_equal 0, Approval.count, "No Approvals should have been issued"
+    assert_kind_of OpenID::Consumer::CancelResponse, @consumer.complete(qs, red), "The response is negative"
+  end
+  
+  def test_in_which_monsieur_hulot_already_approved_tativille_and_is_logged_in
+    prelogin!; preapprove!
+    
+    req = @consumer.begin("http://test.host/pasaporte/monsieur-hulot", immediate = false)
+    assert_nothing_raised { get_with_verbatim_url req.redirect_url(@trust_root, @return_to) }
+    
+    redir_url, path, qs = redirect_url_path_and_params
+    
+    assert_kind_of OpenID::Consumer::SuccessResponse, @consumer.complete(qs, redir_url), "The response is positive"
+    assert_equal '/wiki/signup', path, "This should be the path to the wiki signup"
+  end
+  
+  def test_in_which_monsieur_hulot_uses_immediate_mode_and_the_mode_totally_works
+    prelogin!; preapprove!
+    req = @consumer.begin("http://test.host/pasaporte/monsieur-hulot")
+    assert_nothing_raised do 
+      get_with_verbatim_url req.redirect_url(@trust_root, @return_to, true)
+    end
+    red, path, qs = redirect_url_path_and_params
+    
+    openid_resp = @consumer.complete(qs, red)
+    assert_kind_of OpenID::Consumer::SuccessResponse, openid_resp
+  end
+  
+  def test_in_which_monsieur_hulot_uses_immediate_mode_but_needs_to_login_first
+    preapprove!
+    req = @consumer.begin("http://test.host/pasaporte/monsieur-hulot")
+    assert_nothing_raised do 
+      get_with_verbatim_url req.redirect_url(@trust_root, @return_to, true)
+    end
+    red, path, qs = redirect_url_path_and_params
+    openid_resp = @consumer.complete(qs, red)
+    
+    assert_kind_of OpenID::Consumer::SetupNeededResponse, openid_resp, "Setup is needed for this action"
+    assert_not_nil qs["openid.user_setup_url"], "The setup URL should be passed"
+    
+    setup_path, setup_qs = redirect_path_and_params(qs["openid.user_setup_url"])
+    assert_equal "/pasaporte/monsieur-hulot/signon", setup_path, "The setup path is the signon"
+    
+    post '/monsieur-hulot/signon', {:pass => 'monsieur-hulot'.reverse}.merge(setup_qs)
+    assert_response :redirect
+    assert_redirected_to "/monsieur-hulot/openid",
+      "Monsieur is now out of the immediate mode so we continue on to the openid process"
+    follow_redirect
+    red, path, qs = redirect_url_path_and_params
+    
+    assert_kind_of OpenID::Consumer::SuccessResponse, @consumer.complete(qs, red),
+      "Monsieur has now authorized Tativille, albeit not immediately"
+  end
+  
+  def test_in_which_monsieur_hulot_uses_immediate_mode_but_needs_to_approve_first
+    prelogin!
+    req = @consumer.begin("http://test.host/pasaporte/monsieur-hulot")
+    assert_nothing_raised do 
+      get_with_verbatim_url req.redirect_url(@trust_root, @return_to, true)
+    end
+    redir, path, qs = redirect_url_path_and_params
+    openid_resp = @consumer.complete(qs, redir)
+    
+    assert_kind_of OpenID::Consumer::SetupNeededResponse, openid_resp, "Setup is needed for this action"
+    assert_not_nil qs["openid.user_setup_url"], "The setup URL should be passed"
+    
+    setup_url, setup_path, setup_qs = redirect_url_path_and_params(qs["openid.user_setup_url"])
+    assert_equal "/pasaporte/monsieur-hulot/decide", setup_path, 
+      "The setup path is /decide because Hulot never logged in with Tativille before"
+    
+    get '/monsieur-hulot/decide', setup_qs
+    assert_response :success
+    post '/monsieur-hulot/decide'
+    assert_response :redirect
+    assert_redirected_to '/monsieur-hulot/openid'
+    follow_redirect
+    
+    redir, path, qs = redirect_url_path_and_params
+    
+    assert_kind_of OpenID::Consumer::SuccessResponse, @consumer.complete(qs, redir),
+      "Monsieur has now authorized Tativille, albeit not immediately"
+  end
+  
+  def test_in_which_monsieur_hulot_forgets_his_password_and_tativille_gets_a_refusal_after_the_last_failed_attempt
+    req = @consumer.begin("http://test.host/pasaporte/monsieur-hulot")
+    assert_nothing_raised { get_with_verbatim_url req.redirect_url(@trust_root, @return_to) }
+    assert_redirected_to '/monsieur-hulot/signon'
+    (Pasaporte::MAX_FAILED_LOGIN_ATTEMPTS).times do
+      post '/monsieur-hulot/signon', :pass => 'cartouche'
+    end
+    
+    assert_response :redirect
+    redir, path, qs = redirect_url_path_and_params
+    
+    assert_kind_of OpenID::Consumer::CancelResponse, @consumer.complete(qs, redir),
+      "Monsieur Hulot is denied authorization with Tativille after failing so miserably"
+  end
+  
+  def test_in_which_monsieur_hulot_has_delegated
+    d = "http://leopenid.fr/endpoint"
+    
+    @hulot.update_attributes :openid_delegate => d, :openid_server => d
+      
+    err = assert_raise(OpenID::KVPostNetworkError, "Should go out looking for openid") do
+      @consumer.begin("http://test.host/pasaporte/monsieur-hulot")
+    end
+    assert_match /Called out to external resource/, err.message, "The external resource exception should bubble up" 
+  end
+  
+  def test_in_which_monsieur_hulot_is_throttled_and_gets_rejected_at_once
+    Throttle.set!(@request.to_hash)
+    req = @consumer.begin("http://test.host/pasaporte/monsieur-hulot")
+    assert_nothing_raised { get_with_verbatim_url req.redirect_url(@trust_root, @return_to) }
+    assert_response :redirect
+    path, qs = redirect_path_and_params
+    assert_kind_of OpenID::Consumer::CancelResponse, @consumer.complete(qs, path),
+      "Monsieur Hulot is instantly denied authorization with Tativille because he is throttled"
+    assert_nil @state.pending_openid, "No OpenID request should be left dangling at this point"
+  end
+  
+  def test_in_which_tativille_uses_dumb_mode
+    prelogin!; preapprove!
+    @consumer = OpenID::Consumer.new(@openid_session, nil)
+    
+    req = @consumer.begin("http://test.host/pasaporte/monsieur-hulot")
+    assert_nothing_raised { get_with_verbatim_url req.redirect_url(@trust_root, @return_to) }
+    redir, path, qs = redirect_url_path_and_params
+    assert_equal '/wiki/signup', path, "This should be the path to the wiki signup"
+    assert_kind_of OpenID::Consumer::SuccessResponse, @consumer.complete(qs, redir), "The response is positive"
+  end
+  
+  def test_in_which_tativille_requests_sreg
+    prelogin!; preapprove!
+    
+    req = @consumer.begin("http://test.host/pasaporte/monsieur-hulot")
+    sreg_request = OpenID::SReg::Request.new
+    sreg_request.request_fields(['email', 'dob'], true) # required
+    sreg_request.request_fields(['nickname', 'fullname'], false) # optional
+    req.add_extension(sreg_request)
+    
+    assert_nothing_raised { get_with_verbatim_url req.redirect_url(@trust_root, @return_to) }
+    
+    red, path, qs = redirect_url_path_and_params
+    openid_resp = @consumer.complete(qs, red)
+    
+    assert_kind_of OpenID::Consumer::SuccessResponse, openid_resp, "Should complete succesfully"
+    
+    sreg_response = OpenID::SReg::Response.from_success_response(openid_resp)
+    assert_equal 'monsieur-hulot', sreg_response['nickname']
+    assert_equal "1953-01-12", sreg_response['dob']
+    assert_equal "Monsieur Hulot", sreg_response['fullname']
+  end
+  
+  private
+    # Prelogins Monsieur Hulot into Pasaporte
+    def prelogin!
+      post '/monsieur-hulot/signon', :pass => 'monsieur-hulot'.reverse
+    end
+
+    # Preapproves tativille.fr as a site Monsieur Hulot trusts
+    def preapprove!
+      @hulot.approvals.create! :trust_root=>@trust_root
+    end
+    
+    def init_consumer
+      @consumer = OpenID::Consumer.new(@openid_session, @store)
+    end
+    def decode_qs(qs)
+      qs.to_s.split(/\&/).inject({}) do | params, segment |
+        k, v = segment.split(/\=/).map{|s| Camping.un(s)}
+        params[k] = v; params
+      end
+    end
+    def response_to_hash
+      Hash[*@response.body.split(/\n/).map{|p| p.split(/\:/)}.flatten].with_indifferent_access
+    end
+    def redirect_path_and_params(t = nil)
+      # Camping conveniently places a URI object in the location header
+      uri = (t ? URI.parse(t) : @response.headers["Location"])
+      [uri.path, decode_qs(uri.query)]
+    end
+    
+    def redirect_url_path_and_params(t = nil)
+      # Camping conveniently places a URI object in the location header
+      uri = (t ? URI.parse(t) : @response.headers["Location"])
+      uri_with_scheme, qry = uri.to_s.split(/\?/)
+      
+      [uri_with_scheme, uri.path, decode_qs(qry)]
+    end
+    
+    def get_with_verbatim_url(url)
+      get(*recompose(url))
+    end
+    
+    def recompose(url)
+      u = URI.parse(url)
+      [u.path.gsub(/^\/pasaporte/, ''), decode_qs(u.query)]
+    end
+end

data/test/test_pasaporte.rb

@@ -0,0 +1,326 @@
+require File.dirname(__FILE__) + '/helper'
+require File.dirname(__FILE__) + '/testable_openid_fetcher'
+
+require 'flexmock'
+
+class TestProfilePage < Pasaporte::WebTest
+  fixtures :pasaporte_profiles
+
+  def test_user_info_page_for_user_who_never_logged_in
+    get '/unknown-stranger'
+    assert_response :success
+    assert_select "h3", true do | h |
+      assert_equal "<h3>This is <b>unknown-stranger's</b> page</h3>", h.to_s
+    end
+  end
+  
+  def test_user_info_page_for_a_user_who_is_in_hiding
+    get '/julik'
+    assert_response :success
+    assert_select "h3", true do | h |
+      assert_equal "<h3>This is <b>julik's</b> page</h3>", h.to_s
+    end
+  end
+  
+  def test_user_info_page_for_a_user_who_shows_his_profile
+    max = Profile.find(3)
+    assert max.shared?, "Max shares his profile"
+    get '/max'
+    assert_equal max.domain_name, @request.domain
+    assert_response :success
+    assert_not_nil @assigns.profile
+    
+    assert_select "h2", true do | h |
+      assert_equal "<h2>Max Lapshin</h2>", h.to_s
+    end
+    assert_match_body /Promised to/
+  end
+  
+  def test_user_info_depends_on_domain
+    get '/max'
+    assert_response :success
+    assert_not_nil @assigns.profile
+    
+    @request.domain = "trashcan.dot"
+    get '/max'
+    assert_response :success
+    assert_nil @assigns.profile, "A profile page for someone who never logged in does not show any details"
+  end
+  
+  def test_user_info_sets_yadis_headers
+    get '/julik'
+    assert_not_nil @response.headers['X-XRDS-Location']
+    assert_equal "http://test.host/pasaporte/julik/yadis", @response.headers['X-XRDS-Location']
+  end
+end
+
+class TestSignon < Pasaporte::WebTest
+  fixtures :pasaporte_profiles
+  
+  def teardown
+    returning(super) {Throttle.delete_all }
+  end
+  
+  def test_signon_displays_a_password_field
+    get '/julik/signon'
+    assert_response :success
+    assert_select "input[type=password]", true
+  end
+  
+  def test_posting_to_signon_should_call_auth_and_fail
+    flexmock(Pasaporte::AUTH).
+        should_receive(:call).with("julik", "trance", "test.host").
+        at_least.once.and_return(false)
+    
+    post '/julik/signon', :pass => "trance"
+    assert_response :success
+    assert_not_nil @assigns.msg, "Something should be put into msg"
+    assert_nil @state.nickname, "Nickname should not have been set in the session"
+    assert_not_nil @state.failed_logins, "The signon should start counting failed logins" 
+    assert_equal 1, @state.failed_logins, "The signon should have counted 1 failed login" 
+  end
+  
+  def test_posting_false_login_many_times_winds_the_failed_login_counter
+    flexmock(Pasaporte::AUTH).
+        should_receive(:call).with("julik", "trance", "test.host").
+        at_least.twice.and_return(false)
+    post '/julik/signon', :pass => "trance"
+    post '/julik/signon', :pass => "trance"
+    assert_equal 2, @state.failed_logins, "The failed login counter should have been wound" 
+  end
+  
+  def test_past_the_failed_login_threshold_should_trottle
+    flexmock(Pasaporte::AUTH).
+        should_receive(:call).with("julik", "trance", "test.host").at_least.once.and_return(false)
+    
+    Pasaporte::MAX_FAILED_LOGIN_ATTEMPTS.times { post '/julik/signon', :pass => "trance" }
+    assert_response :success
+    assert_match_body /I am stopping you/, "The throttling message should appear"
+    assert_equal 1, Throttle.count, "A throttle should have been made"
+  end
+  
+  def test_post_with_good_auth_shold_fetch_profile_munge_session_and_redirect
+    flexmock(Pasaporte::AUTH).
+        should_receive(:call).with("julik", "junkman", "test.host").once.and_return(true)
+    
+    post '/julik/signon', :pass => 'junkman'
+    
+    assert_response :redirect
+    assert_redirected_to '/julik/prefs'
+    
+    assert_not_nil @assigns.profile, "The profile should have been hooked up"
+    assert_equal 2, @assigns.profile.id, "This is Julik's profile"
+    assert_equal 'julik', @state.nickname, "The nickname should be set to 'julik' so that the flag is present"
+  end
+  
+  def test_post_with_good_auth_should_create_profiles_if_necessary
+    flexmock(Pasaporte::AUTH).
+        should_receive(:call).with("gemanges", "tairn", "test.host").once.and_return(true)
+    
+    post '/gemanges/signon', :pass => 'tairn'
+    assert_response :redirect
+    
+    assert_not_nil @assigns.profile, "The profile should have been hooked up"
+    assert_equal 'gemanges', @assigns.profile.nickname
+    deny @assigns.profile.new_record?
+  end
+end
+
+class TestSignout < Pasaporte::WebTest
+  def test_signout_should_silently_redirect_unless_signed_in
+    get '/somebody/signout'
+    assert_response :redirect
+    assert_redirected_to '/somebody/signon'
+  end
+  
+  def test_signout_should_erase_session_and_redirect
+    flexmock(Pasaporte::AUTH).
+        should_receive(:call).with("gemanges", "tairn", "test.host").once.and_return(true)
+    post '/gemanges/signon', :pass => 'tairn'
+    assert_response :redirect
+    assert_equal 'gemanges', @state.nickname
+    
+    get '/gemanges/signout'
+    assert_response :redirect
+    assert_redirected_to '/gemanges/signon'
+    assert_kind_of Camping::H, @state, "State should be reset with Camping::H"
+    assert_equal %w( msg ), @state.keys, "State should only contain the message"
+  end
+end
+
+class TestApprovalsPage < Pasaporte::WebTest
+  fixtures :pasaporte_profiles, :pasaporte_approvals
+  def test_approvals_page_requires_login
+    get '/julik/approvals'
+    assert_response :redirect
+  end
+  
+  def test_approvals_page_shows_useful_approvals_when_they_are_present
+    prelogin "julik"
+    
+    get '/julik/approvals'
+    assert_response :success
+    
+    assert_equal Profile.find_by_nickname('julik').approvals, @assigns.approvals
+    assert_match_body /The sites you trust/
+  end
+  
+  def test_approvals_page_does_not_show_empty_lists
+    Profile.find_by_nickname('julik').approvals.destroy_all
+    prelogin 'julik'
+    get '/julik/approvals'
+    assert_redirected_to '/julik/prefs'
+    assert_not_nil @state.msg
+  end
+end
+
+class TestAssets < Pasaporte::WebTest
+  def test_get_nonexistent_url_sets_404
+    get '/assets/habduda'
+    assert_response 404
+  end
+  
+  def test_get_with_dir_traversal
+    ref_path = File.dirname(Pasaporte::PATH) + '/pasaporte/assets/etc/passwd'
+    
+    flexmock(File).should_receive(:exist?).with(ref_path).once.and_return(false)
+    get '/assets/../../../../../etc/passwd'
+    assert_response 404
+  end
+  
+  def test_should_return_stylesheet
+    get '/assets/pasaporte.css'
+    assert_response :success
+    assert_equal 'text/css', @response.headers['Content-Type'], "Should set the content type to text/css"
+    assert_match_body /Superresetthemall/
+  end
+  
+  def test_grabbing_an_asset_sets_magic_headers
+    get '/assets/pasaporte.css'
+    magic_headers = %w( Last-Modified Expires Cache-Control Last-Modified )
+    for h in magic_headers
+      assert_not_nil @response.headers[h], "The header #{h} should be set"
+    end
+  end
+  
+  def test_should_return_304_on_conditional_get
+    @request.headers['HTTP_IF_MODIFIED_SINCE'] = Time.now.to_s(:http)
+    get '/assets/pasaporte.css'
+    assert_response 304
+  end
+end
+
+class TestProfileEditor < Pasaporte::WebTest
+  test 'should require login' do
+    get '/julik/edit'
+    assert_response :redirect
+    assert_redirected_to '/julik/signon'
+  end
+  
+  test 'should preload profile' do
+    prelogin 'julik'
+    get '/julik/edit'
+    assert_response :success
+    assert_kind_of Profile, @assigns.profile
+    deny @assigns.profile.new_record?, "This is a presaved profile"
+    assert_match_body /Your profile/
+  end
+  
+  test 'should show message and not save when posting faulty data' do
+    prelogin 'julik'
+    post '/julik/edit', :profile => {:openid_server => 'xyz'}
+    
+    assert_response :success
+    assert_not_nil @assigns.err, "An error message should be assigned"
+    assert_match /Cannot save/, @assigns.err, "The error message should describe the problem"
+    
+    prof = @assigns.profile
+    prof.reload
+    assert_nil prof.openid_server, "Nothing should have been assigned"
+  end
+  
+  test 'should redirect with success message when changing the profile succeeds' do
+    prelogin 'julik'
+    post '/julik/edit', :profile => {:email => 'trof@groff.com'}
+    assert_response :redirect
+    assert_not_nil @state.msg
+    assert_match /Changed/i, @state.msg
+  end
+  
+  test 'default country should be selected when loading the profile page for the first time' do
+    prelogin 'joe-boss'
+    
+    begin
+      c = Pasaporte::DEFAULT_COUNTRY
+      silence_warnings { Pasaporte.const_set(:DEFAULT_COUNTRY, 'us')}
+      get '/joe-boss/edit'
+      assert_response :success
+      assert_select 'option[value="us"][selected]', true
+    ensure
+      silence_warnings { Pasaporte.const_set(:DEFAULT_COUNTRY, c) }
+    end
+  end
+  
+end
+
+# class TestYadis < Pasaporte::WebTest
+#   attr_reader :request, :response
+#   fixtures :pasaporte_profiles
+#   
+#   def setup
+#     super; NetHTTPFetcher.requestor = self
+#   end
+#   
+#   test 'should return YADIS info with proper URLs' do
+#     get '/julik/yadis'
+#     assert_response :success
+#     assert_equal "application/xrds+xml",  @response.headers["Content-type"]
+#     assert !@response.body.empty?, "Body cannot be empty"
+#   end
+#   
+#   test 'should be usable for yadis discovery' do
+#     assert_nothing_raised { @discovery = YADIS.new('http://test.host/julik/yadis') }
+#     assert_kind_of ServiceEndpoint, @discovery.services[0]
+#     assert_equal "http://test.host/pasaporte/julik/openid", @discovery.services[0].uri
+#   end
+# 
+#   test 'should redirect yadis discovery to the delegate' do
+#     assert_nothing_raised { @discovery = YADIS.new('http://test.host/hans/yadis') }
+#     assert_kind_of ServiceEndpoint, @discovery.services[0]
+#     assert_equal "http://hans.myopenid.com", @discovery.services[0].uri
+#   end
+# end
+
+class TestPublicSignon < Pasaporte::WebTest
+  fixtures :pasaporte_profiles
+  test 'should present a login screen without predefined nickname' do
+    get
+    assert_response :success
+    assert_select 'input[name="login"]', true
+    
+    flexmock(Pasaporte::AUTH).should_receive(:call).with("schtwo", "foo", "test.host").and_return(false)
+    
+    post '/', :login => 'schtwo', :pass => 'foo'
+    assert_response :success
+    assert_nil @state.nickname
+    assert_select 'input[type="hidden"]', true
+      "The response should include a hidden field now instead of a text field"
+  end
+  
+  test 'should redirect to profile page for new users' do
+    flexmock(Pasaporte::AUTH).should_receive(:call).with("unknown", "pfew", "test.host").and_return(true)
+    post '/', :login => "unknown", :pass => "pfew"
+    assert_response :redirect
+    assert_not_nil Profile.find_by_nickname('unknown'), "A profile should have been created during login"
+    assert_redirected_to '/unknown/prefs'
+  end
+  
+end
+
+# A littol auditte
+at_exit do
+  missing = Pasaporte::Controllers.constants.reject do |c|
+    Object.constants.map{|e|e.to_s}.include?("Test#{c}")
+  end
+  puts "\nMissing tests for controllers #{missing.to_sentence}"
+end