X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/452879ee03951f017ef356f47bda79a7fc7b3cf4..93fb360a08e388997e402faa6d5804580b11b1c5:/test/integration/user_terms_seen_test.rb

diff --git a/test/integration/user_terms_seen_test.rb b/test/integration/user_terms_seen_test.rb
index f9c266ba0..678492f3c 100644
--- a/test/integration/user_terms_seen_test.rb
+++ b/test/integration/user_terms_seen_test.rb
@@ -1,37 +1,33 @@
-require File.dirname(__FILE__) + '/../test_helper'
+require "test_helper"
 
-class UserTermsSeenTest < ActionController::IntegrationTest
+class UserTermsSeenTest < ActionDispatch::IntegrationTest
   fixtures :users
 
-  def auth_header(user, pass)
-    {"HTTP_AUTHORIZATION" => "Basic %s" % Base64.encode64("#{user}:#{pass}")}
-  end
-
   def test_api_blocked
-    if REQUIRE_TERMS_SEEN
+    with_terms_seen(true) do
       user = users(:terms_not_seen_user)
 
-      get "/api/#{API_VERSION}/user/details", nil, auth_header(user.display_name, "test")
+      get "/api/#{API_VERSION}/user/preferences", nil, auth_header(user.display_name, "test")
       assert_response :forbidden
 
       # touch it so that the user has seen the terms
       user.terms_seen = true
       user.save
 
-      get "/api/#{API_VERSION}/user/details", nil, auth_header(user.display_name, "test")
+      get "/api/#{API_VERSION}/user/preferences", nil, auth_header(user.display_name, "test")
       assert_response :success
     end
   end
 
   def test_terms_presented_at_login
-    if REQUIRE_TERMS_SEEN
+    with_terms_seen(true) do
       user = users(:terms_not_seen_user)
 
       # try to log in
       get_via_redirect "/login"
       assert_response :success
-      assert_template 'user/login'
-      post "/login", {'user[email]' => user.email, 'user[password]' => 'test', :referer => "/"}
+      assert_template "user/login"
+      post "/login", "username" => user.email, "password" => "test", :referer => "/"
       assert_response :redirect
       # but now we need to look at the terms
       assert_redirected_to "controller" => "user", "action" => "terms", :referer => "/"
@@ -39,11 +35,53 @@ class UserTermsSeenTest < ActionController::IntegrationTest
       assert_response :success
 
       # don't agree to the terms, but hit decline
+      post "/user/save", "decline" => "decline", "referer" => "/"
+      assert_redirected_to "/"
+      follow_redirect!
 
-      # should be carried through to a normal login
+      # should be carried through to a normal login with a message
+      assert_response :success
+      assert !flash[:notice].nil?
     end
   end
 
-end
+  def test_terms_cant_be_circumvented
+    with_terms_seen(true) do
+      user = users(:terms_not_seen_user)
 
-    
+      # try to log in
+      get_via_redirect "/login"
+      assert_response :success
+      assert_template "user/login"
+      post "/login", "username" => user.email, "password" => "test", :referer => "/"
+      assert_response :redirect
+      # but now we need to look at the terms
+      assert_redirected_to "controller" => "user", "action" => "terms", :referer => "/"
+      follow_redirect!
+      assert_response :success
+
+      # check that if we go somewhere else now, it redirects
+      # back to the terms page.
+      get "/traces/mine"
+      assert_redirected_to "controller" => "user", "action" => "terms", :referer => "/traces/mine"
+      get "/traces/mine", :referer => "/test"
+      assert_redirected_to "controller" => "user", "action" => "terms", :referer => "/test"
+    end
+  end
+
+  private
+
+  def auth_header(user, pass)
+    { "HTTP_AUTHORIZATION" => format("Basic %s", Base64.encode64("#{user}:#{pass}")) }
+  end
+
+  def with_terms_seen(value)
+    require_terms_seen = Object.send("remove_const", "REQUIRE_TERMS_SEEN")
+    Object.const_set("REQUIRE_TERMS_SEEN", value)
+
+    yield
+
+    Object.send("remove_const", "REQUIRE_TERMS_SEEN")
+    Object.const_set("REQUIRE_TERMS_SEEN", require_terms_seen)
+  end
+end