Merge branch 'master' into openid
[rails.git] / test / integration / user_blocks_test.rb
1 require File.dirname(__FILE__) + '/../test_helper'
2
3 class UserBlocksTest < ActionController::IntegrationTest
4   fixtures :users, :user_blocks, :user_roles
5
6   def auth_header(user, pass)
7     {"HTTP_AUTHORIZATION" => "Basic %s" % Base64.encode64("#{user}:#{pass}")}
8   end
9
10   def test_api_blocked
11     blocked_user = users(:public_user)
12
13     get "/api/#{API_VERSION}/user/details"
14     assert_response :unauthorized
15
16     get "/api/#{API_VERSION}/user/details", nil, auth_header(blocked_user.display_name, "test")
17     assert_response :success
18
19     # now block the user
20     UserBlock.create(:user_id => blocked_user.id,
21                      :creator_id => users(:moderator_user).id,
22                      :reason => "testing",
23                      :ends_at => Time.now.getutc + 5.minutes)
24     get "/api/#{API_VERSION}/user/details", nil, auth_header(blocked_user.display_name, "test")
25     assert_response :forbidden
26   end
27
28   def test_api_revoke
29     blocked_user = users(:public_user)
30     moderator = users(:moderator_user)
31
32     block = UserBlock.create(:user_id => blocked_user.id,
33                              :creator_id => moderator.id,
34                              :reason => "testing",
35                              :ends_at => Time.now.getutc + 5.minutes)
36     get "/api/#{API_VERSION}/user/details", nil, auth_header(blocked_user.display_name, "test")
37     assert_response :forbidden
38
39     # revoke the ban
40     get '/login'
41     assert_response :redirect
42     assert_redirected_to "controller" => "user", "action" => "login", "cookie_test" => "true"
43     follow_redirect!
44     assert_response :success
45     post '/login', {'username' => moderator.email, 'password' => "test", :referer => "/blocks/#{block.id}/revoke"}
46     assert_response :redirect
47     follow_redirect!
48     assert_response :success
49     assert_template 'user_blocks/revoke'
50     post "/blocks/#{block.id}/revoke", {'confirm' => "yes"}
51     assert_response :redirect
52     follow_redirect!
53     assert_response :success
54     assert_template 'user_blocks/show'
55     reset!
56
57     # access the API again. this time it should work
58     get "/api/#{API_VERSION}/user/details", nil, auth_header(blocked_user.display_name, "test")
59     assert_response :success
60   end
61 end