1 require File.dirname(__FILE__) + '/../test_helper'
3 class UserControllerTest < ActionController::TestCase
7 # test all routes which lead to this controller
10 { :path => "/api/0.6/user/1", :method => :get },
11 { :controller => "user", :action => "api_read", :id => "1" }
14 { :path => "/api/0.6/user/details", :method => :get },
15 { :controller => "user", :action => "api_details" }
18 { :path => "/api/0.6/user/gpx_files", :method => :get },
19 { :controller => "user", :action => "api_gpx_files" }
23 { :path => "/login", :method => :get },
24 { :controller => "user", :action => "login" }
27 { :path => "/login", :method => :post },
28 { :controller => "user", :action => "login" }
31 { :controller => "user", :action => "login", :format => "html" },
32 { :path => "/login.html", :method => :get }
36 { :path => "/logout", :method => :get },
37 { :controller => "user", :action => "logout" }
40 { :path => "/logout", :method => :post },
41 { :controller => "user", :action => "logout" }
44 { :controller => "user", :action => "logout", :format => "html" },
45 { :path => "/logout.html", :method => :get }
49 { :path => "/user/new", :method => :get },
50 { :controller => "user", :action => "new" }
53 { :controller => "user", :action => "new" },
54 { :path => "/create-account.html", :method => :get }
58 { :path => "/user/new", :method => :post },
59 { :controller => "user", :action => "create" }
63 { :path => "/user/terms", :method => :get },
64 { :controller => "user", :action => "terms" }
68 { :path => "/user/save", :method => :post },
69 { :controller => "user", :action => "save" }
73 { :path => "/user/username/confirm", :method => :get },
74 { :controller => "user", :action => "confirm", :display_name => "username" }
77 { :path => "/user/username/confirm", :method => :post },
78 { :controller => "user", :action => "confirm", :display_name => "username" }
81 { :path => "/user/username/confirm/resend", :method => :get },
82 { :controller => "user", :action => "confirm_resend", :display_name => "username" }
86 { :path => "/user/confirm", :method => :get },
87 { :controller => "user", :action => "confirm" }
90 { :path => "/user/confirm", :method => :post },
91 { :controller => "user", :action => "confirm" }
94 { :path => "/user/confirm-email", :method => :get },
95 { :controller => "user", :action => "confirm_email" }
98 { :path => "/user/confirm-email", :method => :post },
99 { :controller => "user", :action => "confirm_email" }
103 { :path => "/user/go_public", :method => :post },
104 { :controller => "user", :action => "go_public" }
108 { :path => "/user/forgot-password", :method => :get },
109 { :controller => "user", :action => "lost_password" }
112 { :path => "/user/forgot-password", :method => :post },
113 { :controller => "user", :action => "lost_password" }
116 { :controller => "user", :action => "lost_password" },
117 { :path => "/forgot-password.html", :method => :get }
120 { :path => "/user/reset-password", :method => :get },
121 { :controller => "user", :action => "reset_password" }
124 { :path => "/user/reset-password", :method => :post },
125 { :controller => "user", :action => "reset_password" }
129 { :path => "/user/suspended", :method => :get },
130 { :controller => "user", :action => "suspended" }
134 { :path => "/user/username", :method => :get },
135 { :controller => "user", :action => "view", :display_name => "username" }
139 { :path => "/user/username/account", :method => :get },
140 { :controller => "user", :action => "account", :display_name => "username" }
143 { :path => "/user/username/account", :method => :post },
144 { :controller => "user", :action => "account", :display_name => "username" }
148 { :path => "/user/username/make_friend", :method => :get },
149 { :controller => "user", :action => "make_friend", :display_name => "username" }
152 { :path => "/user/username/make_friend", :method => :post },
153 { :controller => "user", :action => "make_friend", :display_name => "username" }
156 { :path => "/user/username/remove_friend", :method => :get },
157 { :controller => "user", :action => "remove_friend", :display_name => "username" }
160 { :path => "/user/username/remove_friend", :method => :post },
161 { :controller => "user", :action => "remove_friend", :display_name => "username" }
165 { :path => "/user/username/set_status", :method => :get },
166 { :controller => "user", :action => "set_status", :display_name => "username" }
169 { :path => "/user/username/delete", :method => :get },
170 { :controller => "user", :action => "delete", :display_name => "username" }
174 { :path => "/users", :method => :get },
175 { :controller => "user", :action => "list" }
178 { :path => "/users", :method => :post },
179 { :controller => "user", :action => "list" }
182 { :path => "/users/status", :method => :get },
183 { :controller => "user", :action => "list", :status => "status" }
186 { :path => "/users/status", :method => :post },
187 { :controller => "user", :action => "list", :status => "status" }
191 # The user creation page loads
192 def test_user_create_view
194 assert_response :redirect
195 assert_redirected_to user_new_path(:cookie_test => "true")
197 get :new, { :cookie_test => "true" }, { :cookie_test => true }
198 assert_response :success
200 assert_select "html", :count => 1 do
201 assert_select "head", :count => 1 do
202 assert_select "title", :text => /Sign Up/, :count => 1
204 assert_select "body", :count => 1 do
205 assert_select "div#content", :count => 1 do
206 assert_select "form[action='/user/new'][method=post]", :count => 1 do
207 assert_select "input[id=user_email]", :count => 1
208 assert_select "input[id=user_email_confirmation]", :count => 1
209 assert_select "input[id=user_display_name]", :count => 1
210 assert_select "input[id=user_pass_crypt][type=password]", :count => 1
211 assert_select "input[id=user_pass_crypt_confirmation][type=password]", :count => 1
212 assert_select "input[type=submit][value=Sign Up]", :count => 1
221 user.status = "pending"
222 user.display_name = "new_tester"
223 user.email = "newtester@osm.org"
224 user.email_confirmation = "newtester@osm.org"
225 user.pass_crypt = "testtest"
226 user.pass_crypt_confirmation = "testtest"
230 def test_user_create_success
233 assert_difference('User.count') do
234 assert_difference('ActionMailer::Base.deliveries.size') do
235 post :save, {}, {:new_user => user}
240 register_email = ActionMailer::Base.deliveries.first
242 assert_equal register_email.to[0], user.email
243 assert_match /#{@url}/, register_email.body.to_s
246 assert_redirected_to :action => 'confirm', :display_name => user.display_name
248 ActionMailer::Base.deliveries.clear
251 def test_user_create_submit_duplicate_email
253 user.email = users(:public_user).email
255 assert_no_difference('User.count') do
256 assert_no_difference('ActionMailer::Base.deliveries.size') do
257 post :save, {}, {:new_user => user}
261 assert_response :success
262 assert_template 'new'
263 assert_select "form > fieldset > div.form-row > div.field_with_errors > input#user_email"
266 def test_user_create_submit_duplicate_email_uppercase
268 user.email = users(:public_user).email.upcase
270 assert_no_difference('User.count') do
271 assert_no_difference('ActionMailer::Base.deliveries.size') do
272 post :save, {}, {:new_user => user}
276 assert_response :success
277 assert_template 'new'
278 assert_select "form > fieldset > div.form-row > div.field_with_errors > input#user_email"
281 def test_user_create_submit_duplicate_name
283 user.display_name = users(:public_user).display_name
285 assert_no_difference('User.count') do
286 assert_no_difference('ActionMailer::Base.deliveries.size') do
287 post :save, {}, {:new_user => user}
291 assert_response :success
292 assert_template 'new'
293 assert_select "form > fieldset > div.form-row > div.field_with_errors > input#user_display_name"
296 def test_user_create_submit_duplicate_name_uppercase
298 user.display_name = users(:public_user).display_name.upcase
300 assert_no_difference('User.count') do
301 assert_no_difference('ActionMailer::Base.deliveries.size') do
302 post :save, {}, {:new_user => user}
306 assert_response :success
307 assert_template 'new'
308 assert_select "form > fieldset > div.form-row > div.field_with_errors > input#user_display_name"
311 def test_user_confirm_expired_token
312 user = users(:inactive_user)
313 token = user.tokens.new
314 token.expiry = 1.day.ago
317 @request.cookies["_osm_session"] = user.display_name
318 post :confirm, :confirm_string => token.token
320 assert_redirected_to :action => 'confirm'
321 assert_match /expired/, flash[:error]
324 def test_user_already_confirmed
325 user = users(:normal_user)
326 token = user.tokens.create
328 @request.cookies["_osm_session"] = user.display_name
329 post :confirm, :confirm_string => token.token
331 assert_redirected_to :action => 'login'
332 assert_match /confirmed/, flash[:error]
335 def test_user_terms_new_user
336 get :terms, {}, { "new_user" => User.new }
337 assert_response :success
338 assert_template :terms
341 def test_user_terms_seen
342 user = users(:normal_user)
344 # Set the username cookie
345 @request.cookies["_osm_username"] = user.display_name
347 get :terms, {}, { "user" => user }
348 assert_response :redirect
349 assert_redirected_to :action => :account, :display_name => user.display_name
352 def test_user_lost_password
353 # Test fetching the lost password page
355 assert_response :success
356 assert_template :lost_password
357 assert_select "div#notice", false
359 # Test resetting using the address as recorded for a user that has an
360 # address which is duplicated in a different case by another user
361 assert_difference('ActionMailer::Base.deliveries.size', 1) do
362 post :lost_password, :user => { :email => users(:normal_user).email }
364 assert_response :redirect
365 assert_redirected_to :action => :login
366 assert_match /^Sorry you lost it/, flash[:notice]
367 assert_equal users(:normal_user).email, ActionMailer::Base.deliveries.last.to[0]
369 # Test resetting using an address that matches a different user
370 # that has the same address in a different case
371 assert_difference('ActionMailer::Base.deliveries.size', 1) do
372 post :lost_password, :user => { :email => users(:normal_user).email.upcase }
374 assert_response :redirect
375 assert_redirected_to :action => :login
376 assert_match /^Sorry you lost it/, flash[:notice]
377 assert_equal users(:uppercase_user).email, ActionMailer::Base.deliveries.last.to[0]
379 # Test resetting using an address that is a case insensitive match
380 # for more than one user but not an exact match for either
381 assert_difference('ActionMailer::Base.deliveries.size', 0) do
382 post :lost_password, :user => { :email => users(:normal_user).email.titlecase }
384 assert_response :success
385 assert_template :lost_password
386 assert_select "div#error", /^Could not find that email address/
388 # Test resetting using the address as recorded for a user that has an
389 # address which is case insensitively unique
390 assert_difference('ActionMailer::Base.deliveries.size', 1) do
391 post :lost_password, :user => { :email => users(:public_user).email }
393 assert_response :redirect
394 assert_redirected_to :action => :login
395 assert_match /^Sorry you lost it/, flash[:notice]
396 assert_equal users(:public_user).email, ActionMailer::Base.deliveries.last.to[0]
398 # Test resetting using an address that matches a user that has the
399 # same (case insensitively unique) address in a different case
400 assert_difference('ActionMailer::Base.deliveries.size', 1) do
401 post :lost_password, :user => { :email => users(:public_user).email.upcase }
403 assert_response :redirect
404 assert_redirected_to :action => :login
405 assert_match /^Sorry you lost it/, flash[:notice]
406 assert_equal users(:public_user).email, ActionMailer::Base.deliveries.last.to[0]
410 # Get a user to work with - note that this user deliberately
411 # conflicts with uppercase_user in the email and display name
412 # fields to test that we can change other fields without any
413 # validation errors being reported
414 user = users(:normal_user)
416 # Set the username cookie
417 @request.cookies["_osm_username"] = user.display_name
419 # Make sure that you are redirected to the login page when
420 # you are not logged in
421 get :account, { :display_name => user.display_name }
422 assert_response :redirect
423 assert_redirected_to :controller => :user, :action => "login", :referer => "/user/test/account"
425 # Make sure that you are redirected to the login page when
426 # you are not logged in as the right user
427 get :account, { :display_name => user.display_name }, { "user" => users(:public_user).id }
428 assert_response :redirect
429 assert_redirected_to :controller => :user, :action => "login", :referer => "/user/test/account"
431 # Make sure we get the page when we are logged in as the right user
432 get :account, { :display_name => user.display_name }, { "user" => user }
433 assert_response :success
434 assert_template :account
436 # Updating the description should work
437 user.description = "new description"
438 post :account, { :display_name => user.display_name, :user => user.attributes }, { "user" => user.id }
439 assert_response :success
440 assert_template :account
441 assert_select "div#errorExplanation", false
442 assert_select "div#notice", /^User information updated successfully/
443 assert_select "form#accountForm > fieldset > div.form-row > div#user_description_container > div#user_description_content > textarea#user_description", user.description
445 # Changing name to one that exists should fail
446 user.display_name = users(:public_user).display_name
447 post :account, { :display_name => user.display_name, :user => user.attributes }, { "user" => user.id }
448 assert_response :success
449 assert_template :account
450 assert_select "div#notice", false
451 assert_select "div#errorExplanation"
452 assert_select "form#accountForm > fieldset > div.form-row > div.field_with_errors > input#user_display_name"
454 # Changing name to one that exists should fail, regardless of case
455 user.display_name = users(:public_user).display_name.upcase
456 post :account, { :display_name => user.display_name, :user => user.attributes }, { "user" => user.id }
457 assert_response :success
458 assert_template :account
459 assert_select "div#notice", false
460 assert_select "div#errorExplanation"
461 assert_select "form#accountForm > fieldset > div.form-row > div.field_with_errors > input#user_display_name"
463 # Changing name to one that doesn't exist should work
464 user.display_name = "new tester"
465 post :account, { :display_name => user.display_name, :user => user.attributes }, { "user" => user.id }
466 assert_response :success
467 assert_template :account
468 assert_select "div#errorExplanation", false
469 assert_select "div#notice", /^User information updated successfully/
470 assert_select "form#accountForm > fieldset > div.form-row > input#user_display_name[value=?]", user.display_name
472 # Need to update cookies now to stay valid
473 @request.cookies["_osm_username"] = user.display_name
475 # Changing email to one that exists should fail
476 user.new_email = users(:public_user).email
477 post :account, { :display_name => user.display_name, :user => user.attributes }, { "user" => user.id }
478 assert_response :success
479 assert_template :account
480 assert_select "div#notice", false
481 assert_select "div#errorExplanation"
482 assert_select "form#accountForm > fieldset > div.form-row > div.field_with_errors > input#user_new_email"
484 # Changing email to one that exists should fail, regardless of case
485 user.new_email = users(:public_user).email.upcase
486 post :account, { :display_name => user.display_name, :user => user.attributes }, { "user" => user.id }
487 assert_response :success
488 assert_template :account
489 assert_select "div#notice", false
490 assert_select "div#errorExplanation"
491 assert_select "form#accountForm > fieldset > div.form-row > div.field_with_errors > input#user_new_email"
493 # Changing email to one that doesn't exist should work
494 user.new_email = "new_tester@example.com"
495 post :account, { :display_name => user.display_name, :user => user.attributes }, { "user" => user.id }
496 assert_response :success
497 assert_template :account
498 assert_select "div#errorExplanation", false
499 assert_select "div#notice", /^User information updated successfully/
500 assert_select "form#accountForm > fieldset > div.form-row > input#user_new_email[value=?]", user.new_email
503 # Check that the user account page will display and contains some relevant
504 # information for the user
505 def test_user_view_account
506 # Test a non-existent user
507 get :view, {:display_name => "unknown"}
508 assert_response :not_found
511 get :view, {:display_name => "test"}
512 assert_response :success
513 assert_select "div#userinformation" do
514 assert_select "a[href=/user/test/edits]", 1
515 assert_select "a[href=/user/test/traces]", 1
516 assert_select "a[href=/user/test/diary]", 1
517 assert_select "a[href=/user/test/diary/comments]", 1
518 assert_select "a[href=/user/test/account]", 0
519 assert_select "a[href=/user/test/blocks]", 0
520 assert_select "a[href=/user/test/blocks_by]", 0
521 assert_select "a[href=/blocks/new/test]", 0
524 # Test a user who has been blocked
525 get :view, {:display_name => "blocked"}
526 assert_response :success
527 assert_select "div#userinformation" do
528 assert_select "a[href=/user/blocked/edits]", 1
529 assert_select "a[href=/user/blocked/traces]", 1
530 assert_select "a[href=/user/blocked/diary]", 1
531 assert_select "a[href=/user/blocked/diary/comments]", 1
532 assert_select "a[href=/user/blocked/account]", 0
533 assert_select "a[href=/user/blocked/blocks]", 1
534 assert_select "a[href=/user/blocked/blocks_by]", 0
535 assert_select "a[href=/blocks/new/blocked]", 0
538 # Test a moderator who has applied blocks
539 get :view, {:display_name => "moderator"}
540 assert_response :success
541 assert_select "div#userinformation" do
542 assert_select "a[href=/user/moderator/edits]", 1
543 assert_select "a[href=/user/moderator/traces]", 1
544 assert_select "a[href=/user/moderator/diary]", 1
545 assert_select "a[href=/user/moderator/diary/comments]", 1
546 assert_select "a[href=/user/moderator/account]", 0
547 assert_select "a[href=/user/moderator/blocks]", 0
548 assert_select "a[href=/user/moderator/blocks_by]", 1
549 assert_select "a[href=/blocks/new/moderator]", 0
552 # Login as a normal user
553 session[:user] = users(:normal_user).id
554 cookies["_osm_username"] = users(:normal_user).display_name
556 # Test the normal user
557 get :view, {:display_name => "test"}
558 assert_response :success
559 assert_select "div#userinformation" do
560 assert_select "a[href=/user/test/edits]", 1
561 assert_select "a[href=/traces/mine]", 1
562 assert_select "a[href=/user/test/diary]", 1
563 assert_select "a[href=/user/test/diary/comments]", 1
564 assert_select "a[href=/user/test/account]", 1
565 assert_select "a[href=/user/test/blocks]", 0
566 assert_select "a[href=/user/test/blocks_by]", 0
567 assert_select "a[href=/blocks/new/test]", 0
570 # Login as a moderator
571 session[:user] = users(:moderator_user).id
572 cookies["_osm_username"] = users(:moderator_user).display_name
574 # Test the normal user
575 get :view, {:display_name => "test"}
576 assert_response :success
577 assert_select "div#userinformation" do
578 assert_select "a[href=/user/test/edits]", 1
579 assert_select "a[href=/user/test/traces]", 1
580 assert_select "a[href=/user/test/diary]", 1
581 assert_select "a[href=/user/test/diary/comments]", 1
582 assert_select "a[href=/user/test/account]", 0
583 assert_select "a[href=/user/test/blocks]", 0
584 assert_select "a[href=/user/test/blocks_by]", 0
585 assert_select "a[href=/blocks/new/test]", 1
589 def test_user_api_read
590 # check that a visible user is returned properly
591 get :api_read, :id => users(:normal_user).id
592 assert_response :success
594 # check that we aren't revealing private information
595 assert_select "contributor-terms[pd]", false
596 assert_select "home", false
597 assert_select "languages", false
599 # check that a suspended user is not returned
600 get :api_read, :id => users(:suspended_user).id
601 assert_response :gone
603 # check that a deleted user is not returned
604 get :api_read, :id => users(:deleted_user).id
605 assert_response :gone
607 # check that a non-existent user is not returned
608 get :api_read, :id => 0
609 assert_response :not_found
612 def test_user_api_details
614 assert_response :unauthorized
616 basic_authorization(users(:normal_user).email, "test")
618 assert_response :success
621 def test_user_make_friend
622 # Get users to work with
623 user = users(:normal_user)
624 friend = users(:second_public_user)
626 # Check that the users aren't already friends
627 assert_nil Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
629 # Set the username cookie
630 @request.cookies["_osm_username"] = user.display_name
632 # When not logged in a GET should ask us to login
633 get :make_friend, {:display_name => friend.display_name}
634 assert_redirected_to :controller => :user, :action => "login", :referer => make_friend_path(:display_name => friend.display_name)
636 # When not logged in a POST should error
637 post :make_friend, {:display_name => friend.display_name}
638 assert_response :forbidden
639 assert_nil Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
641 # When logged in a GET should get a confirmation page
642 get :make_friend, {:display_name => friend.display_name}, {"user" => user}
643 assert_response :success
644 assert_template :make_friend
645 assert_select "form" do
646 assert_select "input[type=hidden][name=referer]", 0
647 assert_select "input[type=submit]", 1
649 assert_nil Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
651 # The GET should preserve any referer
652 get :make_friend, {:display_name => friend.display_name, :referer => "/test"}, {"user" => user}
653 assert_response :success
654 assert_template :make_friend
655 assert_select "form" do
656 assert_select "input[type=hidden][name=referer][value=/test]", 1
657 assert_select "input[type=submit]", 1
659 assert_nil Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
661 # When logged in a POST should add the friendship
662 post :make_friend, {:display_name => friend.display_name}, {"user" => user}
663 assert_redirected_to user_path(:display_name => friend.display_name)
664 assert_match /is now your friend/, flash[:notice]
665 assert Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
667 # A second POST should report that the friendship already exists
668 post :make_friend, {:display_name => friend.display_name}, {"user" => user}
669 assert_redirected_to user_path(:display_name => friend.display_name)
670 assert_match /You are already friends with/, flash[:warning]
671 assert Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
674 def test_user_remove_friend
675 # Get users to work with
676 user = users(:normal_user)
677 friend = users(:public_user)
679 # Check that the users are friends
680 assert Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
682 # Set the username cookie
683 @request.cookies["_osm_username"] = user.display_name
685 # When not logged in a GET should ask us to login
686 get :remove_friend, {:display_name => friend.display_name}
687 assert_redirected_to :controller => :user, :action => "login", :referer => remove_friend_path(:display_name => friend.display_name)
689 # When not logged in a POST should error
690 post :remove_friend, {:display_name => friend.display_name}
691 assert_response :forbidden
692 assert Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
694 # When logged in a GET should get a confirmation page
695 get :remove_friend, {:display_name => friend.display_name}, {"user" => user}
696 assert_response :success
697 assert_template :remove_friend
698 assert_select "form" do
699 assert_select "input[type=hidden][name=referer]", 0
700 assert_select "input[type=submit]", 1
702 assert Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
704 # The GET should preserve any referer
705 get :remove_friend, {:display_name => friend.display_name, :referer => "/test"}, {"user" => user}
706 assert_response :success
707 assert_template :remove_friend
708 assert_select "form" do
709 assert_select "input[type=hidden][name=referer][value=/test]", 1
710 assert_select "input[type=submit]", 1
712 assert Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
714 # When logged in a POST should remove the friendship
715 post :remove_friend, {:display_name => friend.display_name}, {"user" => user}
716 assert_redirected_to user_path(:display_name => friend.display_name)
717 assert_match /was removed from your friends/, flash[:notice]
718 assert_nil Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
720 # A second POST should report that the friendship does not exist
721 post :remove_friend, {:display_name => friend.display_name}, {"user" => user}
722 assert_redirected_to user_path(:display_name => friend.display_name)
723 assert_match /is not one of your friends/, flash[:error]
724 assert_nil Friend.where(:user_id => user.id, :friend_user_id => friend.id).first