X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/e6dbf56d43de52513a9e80367d8c2eb4e7bc21a1..a08fe1c2915722e70a695db244479c60157dd2b3:/test/controllers/users_controller_test.rb

diff --git a/test/controllers/users_controller_test.rb b/test/controllers/users_controller_test.rb
index 03657d288..ff87c9466 100644
--- a/test/controllers/users_controller_test.rb
+++ b/test/controllers/users_controller_test.rb
@@ -406,6 +406,25 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
     ActionMailer::Base.deliveries.clear
   end
 
+  def test_login
+    user = create(:user)
+
+    get login_path
+    assert_response :redirect
+    assert_redirected_to login_path(:cookie_test => true)
+    follow_redirect!
+    assert_response :success
+    assert_template "login"
+
+    get login_path, :params => { :username => user.display_name, :password => "test" }
+    assert_response :success
+    assert_template "login"
+
+    post login_path, :params => { :username => user.display_name, :password => "test" }
+    assert_response :redirect
+    assert_redirected_to root_path
+  end
+
   def test_logout_without_referer
     post logout_path
     assert_response :redirect
@@ -583,7 +602,7 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
 
     confirm_string = User.find_by(:email => user.email).tokens.create(:referer => new_diary_entry_path).token
     post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
-    assert_redirected_to :action => "login"
+    assert_redirected_to login_path
     assert_match(/already been confirmed/, flash[:error])
   end
 
@@ -812,13 +831,23 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
     user = create(:user)
     uppercase_user = build(:user, :email => user.email.upcase).tap { |u| u.save(:validate => false) }
 
+    # Resetting with GET should fail
+    assert_no_difference "ActionMailer::Base.deliveries.size" do
+      perform_enqueued_jobs do
+        get user_forgot_password_path, :params => { :email => user.email }
+      end
+    end
+    assert_response :success
+    assert_template :lost_password
+
+    # Resetting with POST should work
     assert_difference "ActionMailer::Base.deliveries.size", 1 do
       perform_enqueued_jobs do
         post user_forgot_password_path, :params => { :email => user.email }
       end
     end
     assert_response :redirect
-    assert_redirected_to :action => :login
+    assert_redirected_to login_path
     assert_match(/^Sorry you lost it/, flash[:notice])
     email = ActionMailer::Base.deliveries.first
     assert_equal 1, email.to.count
@@ -833,7 +862,7 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
       end
     end
     assert_response :redirect
-    assert_redirected_to :action => :login
+    assert_redirected_to login_path
     assert_match(/^Sorry you lost it/, flash[:notice])
     email = ActionMailer::Base.deliveries.first
     assert_equal 1, email.to.count
@@ -860,7 +889,7 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
       end
     end
     assert_response :redirect
-    assert_redirected_to :action => :login
+    assert_redirected_to login_path
     assert_match(/^Sorry you lost it/, flash[:notice])
     email = ActionMailer::Base.deliveries.first
     assert_equal 1, email.to.count
@@ -875,7 +904,7 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
       end
     end
     assert_response :redirect
-    assert_redirected_to :action => :login
+    assert_redirected_to login_path
     assert_match(/^Sorry you lost it/, flash[:notice])
     email = ActionMailer::Base.deliveries.first
     assert_equal 1, email.to.count
@@ -931,7 +960,7 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
     # you are not logged in
     get user_account_path(user)
     assert_response :redirect
-    assert_redirected_to :action => "login", :referer => "/user/#{ERB::Util.u(user.display_name)}/account"
+    assert_redirected_to login_path(:referer => "/user/#{ERB::Util.u(user.display_name)}/account")
 
     # Make sure that you are blocked when not logged in as the right user
     session_for(create(:user))
@@ -949,6 +978,14 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
       assert_equal "/user/#{ERB::Util.u(user.display_name)}/account", form.attr("action").to_s
     end
 
+    # Updating the description using GET should fail
+    user.description = "new description"
+    user.preferred_editor = "default"
+    get user_account_path(user), :params => { :user => user.attributes }
+    assert_response :success
+    assert_template :account
+    assert_not_equal user.description, User.find(user.id).description
+
     # Updating the description should work
     user.description = "new description"
     user.preferred_editor = "default"
@@ -1299,7 +1336,7 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
     # Shouldn't work when not logged in
     get users_path
     assert_response :redirect
-    assert_redirected_to :action => :login, :referer => users_path
+    assert_redirected_to login_path(:referer => users_path)
 
     session_for(user)