if Settings.status != "database_offline"
can [:index, :feed], Changeset
can :index, ChangesetComment
+ can [:confirm, :confirm_resend, :confirm_email], :confirmation
can [:index, :rss, :show, :comments], DiaryEntry
can [:index], Note
+ can [:lost_password, :reset_password], :password
can [:index, :show], Redaction
can [:new, :create, :destroy], :session
can [:index, :show, :data, :georss, :picture, :icon], Trace
- can [:terms, :new, :create, :save, :confirm, :confirm_resend, :confirm_email, :lost_password, :reset_password, :show, :auth_success, :auth_failure], User
+ can [:terms, :new, :create, :save, :show, :auth_success, :auth_failure], User
can [:index, :show, :blocks_on, :blocks_by], UserBlock
can [:index, :show], Node
can [:index, :show, :full, :ways_for_node], Way
def unconfirmed_login(user)
session[:token] = user.tokens.create.token
- redirect_to :controller => "users", :action => "confirm", :display_name => user.display_name
+ redirect_to :controller => "confirmations", :action => "confirm", :display_name => user.display_name
session.delete(:remember_me)
session.delete(:referer)
--- /dev/null
+class ConfirmationsController < ApplicationController
+ include SessionMethods
+
+ layout "site"
+
+ before_action :authorize_web
+ before_action :set_locale
+ before_action :check_database_readable
+
+ authorize_resource :class => false
+
+ before_action :check_database_writable, :only => [:confirm, :confirm_email]
+ before_action :require_cookies, :only => [:confirm]
+
+ def confirm
+ if request.post?
+ token = UserToken.find_by(:token => params[:confirm_string])
+ if token&.user&.active?
+ flash[:error] = t("confirmations.confirm.already active")
+ redirect_to login_path
+ elsif !token || token.expired?
+ flash[:error] = t("confirmations.confirm.unknown token")
+ redirect_to :action => "confirm"
+ elsif !token.user.visible?
+ render_unknown_user token.user.display_name
+ else
+ user = token.user
+ user.status = "active"
+ user.email_valid = true
+ flash[:notice] = gravatar_status_message(user) if gravatar_enable(user)
+ user.save!
+ referer = safe_referer(token.referer) if token.referer
+ token.destroy
+
+ if session[:token]
+ token = UserToken.find_by(:token => session[:token])
+ session.delete(:token)
+ else
+ token = nil
+ end
+
+ if token.nil? || token.user != user
+ flash[:notice] = t("confirmations.confirm.success")
+ redirect_to login_path(:referer => referer)
+ else
+ token.destroy
+
+ session[:user] = user.id
+ session[:fingerprint] = user.fingerprint
+
+ redirect_to referer || welcome_path
+ end
+ end
+ else
+ user = User.visible.find_by(:display_name => params[:display_name])
+
+ redirect_to root_path if user.nil? || user.active?
+ end
+ end
+
+ def confirm_resend
+ user = User.visible.find_by(:display_name => params[:display_name])
+ token = UserToken.find_by(:token => session[:token])
+
+ if user.nil? || token.nil? || token.user != user
+ flash[:error] = t "confirmations.confirm_resend.failure", :name => params[:display_name]
+ else
+ UserMailer.signup_confirm(user, user.tokens.create).deliver_later
+ flash[:notice] = t "confirmations.confirm_resend.success_html", :email => user.email, :sender => Settings.support_email
+ end
+
+ redirect_to login_path
+ end
+
+ def confirm_email
+ if request.post?
+ token = UserToken.find_by(:token => params[:confirm_string])
+ if token&.user&.new_email?
+ self.current_user = token.user
+ current_user.email = current_user.new_email
+ current_user.new_email = nil
+ current_user.email_valid = true
+ gravatar_enabled = gravatar_enable(current_user)
+ if current_user.save
+ flash[:notice] = if gravatar_enabled
+ "#{t('confirmations.confirm_email.success')} #{gravatar_status_message(current_user)}"
+ else
+ t("confirmations.confirm_email.success")
+ end
+ else
+ flash[:errors] = current_user.errors
+ end
+ current_user.tokens.delete_all
+ session[:user] = current_user.id
+ session[:fingerprint] = current_user.fingerprint
+ redirect_to :controller => :users, :action => :account, :display_name => current_user.display_name
+ elsif token
+ flash[:error] = t "confirmations.confirm_email.failure"
+ redirect_to :controller => :users, :action => :account, :display_name => token.user.display_name
+ else
+ flash[:error] = t "confirmations.confirm_email.unknown_token"
+ end
+ end
+ end
+
+ private
+
+ ##
+ # check if this user has a gravatar and set the user pref is true
+ def gravatar_enable(user)
+ # code from example https://en.gravatar.com/site/implement/images/ruby/
+ return false if user.avatar.attached?
+
+ begin
+ hash = Digest::MD5.hexdigest(user.email.downcase)
+ url = "https://www.gravatar.com/avatar/#{hash}?d=404" # without d=404 we will always get an image back
+ response = OSM.http_client.get(URI.parse(url))
+ available = response.success?
+ rescue StandardError
+ available = false
+ end
+
+ oldsetting = user.image_use_gravatar
+ user.image_use_gravatar = available
+ oldsetting != user.image_use_gravatar
+ end
+
+ ##
+ # display a message about th current status of the gravatar setting
+ def gravatar_status_message(user)
+ if user.image_use_gravatar
+ t "users.account.gravatar.enabled"
+ else
+ t "users.account.gravatar.disabled"
+ end
+ end
+end
--- /dev/null
+class PasswordsController < ApplicationController
+ include SessionMethods
+
+ layout "site"
+
+ before_action :authorize_web
+ before_action :set_locale
+ before_action :check_database_readable
+
+ authorize_resource :class => false
+
+ before_action :check_database_writable, :only => [:lost_password, :reset_password]
+
+ def lost_password
+ @title = t "passwords.lost_password.title"
+
+ if request.post?
+ user = User.visible.find_by(:email => params[:email])
+
+ if user.nil?
+ users = User.visible.where("LOWER(email) = LOWER(?)", params[:email])
+
+ user = users.first if users.count == 1
+ end
+
+ if user
+ token = user.tokens.create
+ UserMailer.lost_password(user, token).deliver_later
+ flash[:notice] = t "passwords.lost_password.notice email on way"
+ redirect_to login_path
+ else
+ flash.now[:error] = t "passwords.lost_password.notice email cannot find"
+ end
+ end
+ end
+
+ def reset_password
+ @title = t "passwords.reset_password.title"
+
+ if params[:token]
+ token = UserToken.find_by(:token => params[:token])
+
+ if token
+ self.current_user = token.user
+
+ if params[:user]
+ current_user.pass_crypt = params[:user][:pass_crypt]
+ current_user.pass_crypt_confirmation = params[:user][:pass_crypt_confirmation]
+ current_user.status = "active" if current_user.status == "pending"
+ current_user.email_valid = true
+
+ if current_user.save
+ token.destroy
+ session[:fingerprint] = current_user.fingerprint
+ flash[:notice] = t "passwords.reset_password.flash changed"
+ successful_login(current_user)
+ end
+ end
+ else
+ flash[:error] = t "passwords.reset_password.flash token bad"
+ redirect_to :action => "lost_password"
+ end
+ else
+ head :bad_request
+ end
+ end
+end
authorize_resource
before_action :require_self, :only => [:account]
- before_action :check_database_writable, :only => [:new, :account, :confirm, :confirm_email, :lost_password, :reset_password, :go_public]
- before_action :require_cookies, :only => [:new, :confirm]
+ before_action :check_database_writable, :only => [:new, :account, :go_public]
+ before_action :require_cookies, :only => [:new]
before_action :lookup_user_by_name, :only => [:set_status, :destroy]
before_action :allow_thirdparty_images, :only => [:show, :account]
else
session[:token] = current_user.tokens.create.token
UserMailer.signup_confirm(current_user, current_user.tokens.create(:referer => referer)).deliver_later
- redirect_to :action => "confirm", :display_name => current_user.display_name
+ redirect_to :controller => :confirmations, :action => :confirm, :display_name => current_user.display_name
end
else
render :action => "new", :referer => params[:referer]
redirect_to :action => "account", :display_name => current_user.display_name
end
- def lost_password
- @title = t "users.lost_password.title"
-
- if request.post?
- user = User.visible.find_by(:email => params[:email])
-
- if user.nil?
- users = User.visible.where("LOWER(email) = LOWER(?)", params[:email])
-
- user = users.first if users.count == 1
- end
-
- if user
- token = user.tokens.create
- UserMailer.lost_password(user, token).deliver_later
- flash[:notice] = t "users.lost_password.notice email on way"
- redirect_to login_path
- else
- flash.now[:error] = t "users.lost_password.notice email cannot find"
- end
- end
- end
-
- def reset_password
- @title = t "users.reset_password.title"
-
- if params[:token]
- token = UserToken.find_by(:token => params[:token])
-
- if token
- self.current_user = token.user
-
- if params[:user]
- current_user.pass_crypt = params[:user][:pass_crypt]
- current_user.pass_crypt_confirmation = params[:user][:pass_crypt_confirmation]
- current_user.status = "active" if current_user.status == "pending"
- current_user.email_valid = true
-
- if current_user.save
- token.destroy
- session[:fingerprint] = current_user.fingerprint
- flash[:notice] = t "users.reset_password.flash changed"
- successful_login(current_user)
- end
- end
- else
- flash[:error] = t "users.reset_password.flash token bad"
- redirect_to :action => "lost_password"
- end
- else
- head :bad_request
- end
- end
-
def new
@title = t "users.new.title"
@referer = if params[:referer]
end
end
- def confirm
- if request.post?
- token = UserToken.find_by(:token => params[:confirm_string])
- if token&.user&.active?
- flash[:error] = t("users.confirm.already active")
- redirect_to login_path
- elsif !token || token.expired?
- flash[:error] = t("users.confirm.unknown token")
- redirect_to :action => "confirm"
- elsif !token.user.visible?
- render_unknown_user token.user.display_name
- else
- user = token.user
- user.status = "active"
- user.email_valid = true
- flash[:notice] = gravatar_status_message(user) if gravatar_enable(user)
- user.save!
- referer = safe_referer(token.referer) if token.referer
- token.destroy
-
- if session[:token]
- token = UserToken.find_by(:token => session[:token])
- session.delete(:token)
- else
- token = nil
- end
-
- if token.nil? || token.user != user
- flash[:notice] = t("users.confirm.success")
- redirect_to login_path(:referer => referer)
- else
- token.destroy
-
- session[:user] = user.id
- session[:fingerprint] = user.fingerprint
-
- redirect_to referer || welcome_path
- end
- end
- else
- user = User.visible.find_by(:display_name => params[:display_name])
-
- redirect_to root_path if user.nil? || user.active?
- end
- end
-
- def confirm_resend
- user = User.visible.find_by(:display_name => params[:display_name])
- token = UserToken.find_by(:token => session[:token])
-
- if user.nil? || token.nil? || token.user != user
- flash[:error] = t "users.confirm_resend.failure", :name => params[:display_name]
- else
- UserMailer.signup_confirm(user, user.tokens.create).deliver_later
- flash[:notice] = t "users.confirm_resend.success_html", :email => user.email, :sender => Settings.support_email
- end
-
- redirect_to login_path
- end
-
- def confirm_email
- if request.post?
- token = UserToken.find_by(:token => params[:confirm_string])
- if token&.user&.new_email?
- self.current_user = token.user
- current_user.email = current_user.new_email
- current_user.new_email = nil
- current_user.email_valid = true
- gravatar_enabled = gravatar_enable(current_user)
- if current_user.save
- flash[:notice] = if gravatar_enabled
- "#{t('users.confirm_email.success')} #{gravatar_status_message(current_user)}"
- else
- t("users.confirm_email.success")
- end
- else
- flash[:errors] = current_user.errors
- end
- current_user.tokens.delete_all
- session[:user] = current_user.id
- session[:fingerprint] = current_user.fingerprint
- redirect_to :action => "account", :display_name => current_user.display_name
- elsif token
- flash[:error] = t "users.confirm_email.failure"
- redirect_to :action => "account", :display_name => token.user.display_name
- else
- flash[:error] = t "users.confirm_email.unknown_token"
- end
- end
- end
-
def show
@user = User.find_by(:display_name => params[:display_name])
dns.getresources(domain, Resolv::DNS::Resource::IN::MX).collect(&:exchange).collect(&:to_s)
end
end
-
- ##
- # check if this user has a gravatar and set the user pref is true
- def gravatar_enable(user)
- # code from example https://en.gravatar.com/site/implement/images/ruby/
- return false if user.avatar.attached?
-
- begin
- hash = Digest::MD5.hexdigest(user.email.downcase)
- url = "https://www.gravatar.com/avatar/#{hash}?d=404" # without d=404 we will always get an image back
- response = OSM.http_client.get(URI.parse(url))
- available = response.success?
- rescue StandardError
- available = false
- end
-
- oldsetting = user.image_use_gravatar
- user.image_use_gravatar = available
- oldsetting != user.image_use_gravatar
- end
-
- ##
- # display a message about th current status of the gravatar setting
- def gravatar_status_message(user)
- if user.image_use_gravatar
- t "users.account.gravatar.enabled"
- else
- t "users.account.gravatar.disabled"
- end
- end
end
def signup_confirm(user, token)
with_recipient_locale user do
- @url = url_for(:controller => "users", :action => "confirm",
+ @url = url_for(:controller => "confirmations", :action => "confirm",
:display_name => user.display_name,
:confirm_string => token.token)
def email_confirm(user, token)
with_recipient_locale user do
@address = user.new_email
- @url = url_for(:controller => "users", :action => "confirm_email",
+ @url = url_for(:controller => "confirmations", :action => "confirm_email",
:confirm_string => token.token)
mail :to => user.new_email,
def lost_password(user, token)
with_recipient_locale user do
- @url = url_for(:controller => "users", :action => "reset_password",
+ @url = url_for(:controller => "passwords", :action => "reset_password",
:token => token.token)
mail :to => user.email,
<%= hidden_field_tag("referer", h(params[:referer])) %>
<%= f.text_field :username, :label => t(".email or username"), :tabindex => 1, :value => params[:username] %>
- <%= f.password_field :password, :label => t(".password"), :tabindex => 2, :value => "", :help => link_to(t(".lost password link"), :controller => "users", :action => "lost_password") %>
+ <%= f.password_field :password, :label => t(".password"), :tabindex => 2, :value => "", :help => link_to(t(".lost password link"), :controller => "passwords", :action => "lost_password") %>
<%= f.form_group do %>
<%= f.check_box :remember_me, { :label => t(".remember"), :tabindex => 3, :checked => (params[:remember_me] == "yes") }, "yes" %>
<% end %>
details_html: "More details about the changeset can be found at %{url}."
unsubscribe: 'To unsubscribe from updates to this changeset, visit %{url} and click "Unsubscribe".'
unsubscribe_html: 'To unsubscribe from updates to this changeset, visit %{url} and click "Unsubscribe".'
+ confirmations:
+ confirm:
+ heading: Check your email!
+ introduction_1: |
+ We sent you a confirmation email.
+ introduction_2: |
+ Confirm your account by clicking on the link in the email and you'll be able to start mapping.
+ press confirm button: "Press the confirm button below to activate your account."
+ button: Confirm
+ success: "Confirmed your account, thanks for signing up!"
+ already active: "This account has already been confirmed."
+ unknown token: "That confirmation code has expired or does not exist."
+ reconfirm_html: "If you need us to resend the confirmation email, <a href=\"%{reconfirm}\">click here</a>."
+ confirm_resend:
+ success_html: "We've sent a new confirmation note to %{email} and as soon as you confirm your account you'll be able to get mapping.<br /><br />If you use an antispam system which sends confirmation requests then please make sure you whitelist %{sender} as we are unable to reply to any confirmation requests."
+ failure: "User %{name} not found."
+ confirm_email:
+ heading: Confirm a change of email address
+ press confirm button: "Press the confirm button below to confirm your new email address."
+ button: Confirm
+ success: "Confirmed your change of email address!"
+ failure: "An email address has already been confirmed with this token."
+ unknown_token: "That confirmation code has expired or does not exist."
messages:
inbox:
title: "Inbox"
as_unread: "Message marked as unread"
destroy:
destroyed: "Message deleted"
+ passwords:
+ lost_password:
+ title: "Lost password"
+ heading: "Forgotten Password?"
+ email address: "Email Address:"
+ new password button: "Reset password"
+ help_text: "Enter the email address you used to sign up, we will send a link to it that you can use to reset your password."
+ notice email on way: "Sorry you lost it :-( but an email is on its way so you can reset it soon."
+ notice email cannot find: "Could not find that email address, sorry."
+ reset_password:
+ title: "Reset password"
+ heading: "Reset Password for %{user}"
+ reset: "Reset Password"
+ flash changed: "Your password has been changed."
+ flash token bad: "Did not find that token, check the URL maybe?"
sessions:
new:
title: "Login"
destroy:
flash: "Destroyed the client application registration"
users:
- lost_password:
- title: "Lost password"
- heading: "Forgotten Password?"
- email address: "Email Address:"
- new password button: "Reset password"
- help_text: "Enter the email address you used to sign up, we will send a link to it that you can use to reset your password."
- notice email on way: "Sorry you lost it :-( but an email is on its way so you can reset it soon."
- notice email cannot find: "Could not find that email address, sorry."
- reset_password:
- title: "Reset password"
- heading: "Reset Password for %{user}"
- reset: "Reset Password"
- flash changed: "Your password has been changed."
- flash token bad: "Did not find that token, check the URL maybe?"
new:
title: "Sign Up"
no_auto_account_create: "Unfortunately we are not currently able to create an account for you automatically."
return to profile: Return to profile
flash update success confirm needed: "User information updated successfully. Check your email for a note to confirm your new email address."
flash update success: "User information updated successfully."
- confirm:
- heading: Check your email!
- introduction_1: |
- We sent you a confirmation email.
- introduction_2: |
- Confirm your account by clicking on the link in the email and you'll be able to start mapping.
- press confirm button: "Press the confirm button below to activate your account."
- button: Confirm
- success: "Confirmed your account, thanks for signing up!"
- already active: "This account has already been confirmed."
- unknown token: "That confirmation code has expired or does not exist."
- reconfirm_html: "If you need us to resend the confirmation email, <a href=\"%{reconfirm}\">click here</a>."
- confirm_resend:
- success_html: "We've sent a new confirmation note to %{email} and as soon as you confirm your account you'll be able to get mapping.<br /><br />If you use an antispam system which sends confirmation requests then please make sure you whitelist %{sender} as we are unable to reply to any confirmation requests."
- failure: "User %{name} not found."
- confirm_email:
- heading: Confirm a change of email address
- press confirm button: "Press the confirm button below to confirm your new email address."
- button: Confirm
- success: "Confirmed your change of email address!"
- failure: "An email address has already been confirmed with this token."
- unknown_token: "That confirmation code has expired or does not exist."
set_home:
flash success: "Home location saved successfully"
go_public:
post "/user/new" => "users#create"
get "/user/terms" => "users#terms"
post "/user/save" => "users#save"
- get "/user/:display_name/confirm/resend" => "users#confirm_resend", :as => :user_confirm_resend
- match "/user/:display_name/confirm" => "users#confirm", :via => [:get, :post]
- match "/user/confirm" => "users#confirm", :via => [:get, :post]
- match "/user/confirm-email" => "users#confirm_email", :via => [:get, :post]
+ get "/user/:display_name/confirm/resend" => "confirmations#confirm_resend", :as => :user_confirm_resend
+ match "/user/:display_name/confirm" => "confirmations#confirm", :via => [:get, :post]
+ match "/user/confirm" => "confirmations#confirm", :via => [:get, :post]
+ match "/user/confirm-email" => "confirmations#confirm_email", :via => [:get, :post]
post "/user/go_public" => "users#go_public"
- match "/user/reset-password" => "users#reset_password", :via => [:get, :post]
- match "/user/forgot-password" => "users#lost_password", :via => [:get, :post]
+ match "/user/reset-password" => "passwords#reset_password", :via => [:get, :post], :as => :user_reset_password
+ match "/user/forgot-password" => "passwords#lost_password", :via => [:get, :post], :as => :user_forgot_password
get "/user/suspended" => "users#suspended"
get "/index.html", :to => redirect(:path => "/")
--- /dev/null
+require "test_helper"
+
+class UsersControllerTest < ActionDispatch::IntegrationTest
+ ##
+ # test all routes which lead to this controller
+ def test_routes
+ assert_routing(
+ { :path => "/user/username/confirm", :method => :get },
+ { :controller => "confirmations", :action => "confirm", :display_name => "username" }
+ )
+ assert_routing(
+ { :path => "/user/username/confirm", :method => :post },
+ { :controller => "confirmations", :action => "confirm", :display_name => "username" }
+ )
+ assert_routing(
+ { :path => "/user/username/confirm/resend", :method => :get },
+ { :controller => "confirmations", :action => "confirm_resend", :display_name => "username" }
+ )
+
+ assert_routing(
+ { :path => "/user/confirm", :method => :get },
+ { :controller => "confirmations", :action => "confirm" }
+ )
+ assert_routing(
+ { :path => "/user/confirm", :method => :post },
+ { :controller => "confirmations", :action => "confirm" }
+ )
+ assert_routing(
+ { :path => "/user/confirm-email", :method => :get },
+ { :controller => "confirmations", :action => "confirm_email" }
+ )
+ assert_routing(
+ { :path => "/user/confirm-email", :method => :post },
+ { :controller => "confirmations", :action => "confirm_email" }
+ )
+ end
+
+ def test_confirm_get
+ user = build(:user, :pending)
+ post user_new_path, :params => { :user => user.attributes }
+ post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
+ confirm_string = User.find_by(:email => user.email).tokens.create.token
+
+ get user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
+ assert_response :success
+ assert_template :confirm
+ end
+
+ def test_confirm_get_already_confirmed
+ user = build(:user, :pending)
+ stub_gravatar_request(user.email)
+ post user_new_path, :params => { :user => user.attributes }
+ post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
+ confirm_string = User.find_by(:email => user.email).tokens.create.token
+
+ # Get the confirmation page
+ get user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
+ assert_response :success
+ assert_template :confirm
+
+ # Confirm the user
+ post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
+ assert_redirected_to welcome_path
+
+ # Now try to get the confirmation page again
+ get user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
+ assert_response :redirect
+ assert_redirected_to root_path
+ end
+
+ def test_confirm_success_no_token_no_referer
+ user = build(:user, :pending)
+ stub_gravatar_request(user.email)
+ post user_new_path, :params => { :user => user.attributes }
+ post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
+ confirm_string = User.find_by(:email => user.email).tokens.create.token
+
+ post logout_path
+
+ post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
+ assert_redirected_to login_path
+ assert_match(/Confirmed your account/, flash[:notice])
+ end
+
+ def test_confirm_success_good_token_no_referer
+ user = build(:user, :pending)
+ stub_gravatar_request(user.email)
+ post user_new_path, :params => { :user => user.attributes }
+ post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
+ confirm_string = User.find_by(:email => user.email).tokens.create.token
+
+ post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
+ assert_redirected_to welcome_path
+ end
+
+ def test_confirm_success_bad_token_no_referer
+ user = build(:user, :pending)
+ stub_gravatar_request(user.email)
+ post user_new_path, :params => { :user => user.attributes }
+ post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
+ confirm_string = User.find_by(:email => user.email).tokens.create.token
+
+ post logout_path
+ session_for(create(:user))
+
+ post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
+ assert_redirected_to login_path
+ assert_match(/Confirmed your account/, flash[:notice])
+ end
+
+ def test_confirm_success_no_token_with_referer
+ user = build(:user, :pending)
+ stub_gravatar_request(user.email)
+ post user_new_path, :params => { :user => user.attributes }
+ post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
+ confirm_string = User.find_by(:email => user.email).tokens.create(:referer => new_diary_entry_path).token
+
+ post logout_path
+
+ post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
+ assert_redirected_to login_path(:referer => new_diary_entry_path)
+ assert_match(/Confirmed your account/, flash[:notice])
+ end
+
+ def test_confirm_success_good_token_with_referer
+ user = build(:user, :pending)
+ stub_gravatar_request(user.email)
+ post user_new_path, :params => { :user => user.attributes }
+ post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
+ confirm_string = User.find_by(:email => user.email).tokens.create(:referer => new_diary_entry_path).token
+
+ post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
+ assert_redirected_to new_diary_entry_path
+ end
+
+ def test_confirm_success_bad_token_with_referer
+ user = build(:user, :pending)
+ stub_gravatar_request(user.email)
+ post user_new_path, :params => { :user => user.attributes }
+ post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
+ confirm_string = User.find_by(:email => user.email).tokens.create(:referer => new_diary_entry_path).token
+
+ post logout_path
+ session_for(create(:user))
+
+ post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
+ assert_redirected_to login_path(:referer => new_diary_entry_path)
+ assert_match(/Confirmed your account/, flash[:notice])
+ end
+
+ def test_confirm_expired_token
+ user = build(:user, :pending)
+ stub_gravatar_request(user.email)
+ post user_new_path, :params => { :user => user.attributes }
+ post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
+ confirm_string = User.find_by(:email => user.email).tokens.create(:expiry => 1.day.ago).token
+
+ post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
+ assert_redirected_to :action => "confirm"
+ assert_match(/confirmation code has expired/, flash[:error])
+ end
+
+ def test_confirm_already_confirmed
+ user = build(:user, :pending)
+ stub_gravatar_request(user.email)
+ post user_new_path, :params => { :user => user.attributes }
+ post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
+ confirm_string = User.find_by(:email => user.email).tokens.create(:referer => new_diary_entry_path).token
+
+ post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
+ assert_redirected_to new_diary_entry_path
+
+ post logout_path
+
+ confirm_string = User.find_by(:email => user.email).tokens.create(:referer => new_diary_entry_path).token
+ post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
+ assert_redirected_to login_path
+ assert_match(/already been confirmed/, flash[:error])
+ end
+
+ def test_confirm_deleted
+ user = build(:user, :pending)
+ stub_gravatar_request(user.email)
+ post user_new_path, :params => { :user => user.attributes }
+ post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
+ confirm_string = User.find_by(:email => user.email).tokens.create.token
+
+ User.find_by(:display_name => user.display_name).update(:status => "deleted")
+
+ # Get the confirmation page
+ get user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
+ assert_response :redirect
+ assert_redirected_to root_path
+
+ # Confirm the user
+ post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
+ assert_response :not_found
+ assert_template :no_such_user
+ end
+
+ def test_confirm_resend_success
+ user = build(:user, :pending)
+ post user_new_path, :params => { :user => user.attributes }
+ post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
+
+ assert_difference "ActionMailer::Base.deliveries.size", 1 do
+ perform_enqueued_jobs do
+ get user_confirm_resend_path(user)
+ end
+ end
+
+ assert_response :redirect
+ assert_redirected_to login_path
+ assert_match(/sent a new confirmation/, flash[:notice])
+
+ email = ActionMailer::Base.deliveries.last
+
+ assert_equal user.email, email.to.first
+
+ ActionMailer::Base.deliveries.clear
+ end
+
+ def test_confirm_resend_no_token
+ user = build(:user, :pending)
+ # only complete first half of registration
+ post user_new_path, :params => { :user => user.attributes }
+
+ assert_no_difference "ActionMailer::Base.deliveries.size" do
+ perform_enqueued_jobs do
+ get user_confirm_resend_path(user)
+ end
+ end
+
+ assert_response :redirect
+ assert_redirected_to login_path
+ assert_match "User #{user.display_name} not found.", flash[:error]
+ end
+
+ def test_confirm_resend_deleted
+ user = build(:user, :pending)
+ post user_new_path, :params => { :user => user.attributes }
+ post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
+
+ User.find_by(:display_name => user.display_name).update(:status => "deleted")
+
+ assert_no_difference "ActionMailer::Base.deliveries.size" do
+ perform_enqueued_jobs do
+ get user_confirm_resend_path(user)
+ end
+ end
+
+ assert_response :redirect
+ assert_redirected_to login_path
+ assert_match "User #{user.display_name} not found.", flash[:error]
+ end
+
+ def test_confirm_resend_unknown_user
+ assert_no_difference "ActionMailer::Base.deliveries.size" do
+ perform_enqueued_jobs do
+ get user_confirm_resend_path(:display_name => "No Such User")
+ end
+ end
+
+ assert_response :redirect
+ assert_redirected_to login_path
+ assert_match "User No Such User not found.", flash[:error]
+ end
+
+ def test_confirm_email_get
+ user = create(:user)
+ confirm_string = user.tokens.create.token
+
+ get user_confirm_email_path, :params => { :confirm_string => confirm_string }
+ assert_response :success
+ assert_template :confirm_email
+ end
+
+ def test_confirm_email_success
+ user = create(:user, :new_email => "test-new@example.com")
+ stub_gravatar_request(user.new_email)
+ confirm_string = user.tokens.create.token
+
+ post user_confirm_email_path, :params => { :confirm_string => confirm_string }
+ assert_response :redirect
+ assert_redirected_to :controller => :users, :action => :account, :display_name => user.display_name
+ assert_match(/Confirmed your change of email address/, flash[:notice])
+ end
+
+ def test_confirm_email_already_confirmed
+ user = create(:user)
+ confirm_string = user.tokens.create.token
+
+ post user_confirm_email_path, :params => { :confirm_string => confirm_string }
+ assert_response :redirect
+ assert_redirected_to :controller => :users, :action => :account, :display_name => user.display_name
+ assert_match(/already been confirmed/, flash[:error])
+ end
+
+ def test_confirm_email_bad_token
+ post user_confirm_email_path, :params => { :confirm_string => "XXXXX" }
+ assert_response :success
+ assert_template :confirm_email
+ assert_match(/confirmation code has expired or does not exist/, flash[:error])
+ end
+
+ ##
+ # test if testing for a gravatar works
+ # this happens when the email is actually changed
+ # which is triggered by the confirmation mail
+ def test_gravatar_auto_enable
+ # switch to email that has a gravatar
+ user = create(:user, :new_email => "test-new@example.com")
+ stub_gravatar_request(user.new_email, 200)
+ confirm_string = user.tokens.create.token
+ # precondition gravatar should be turned off
+ assert_not user.image_use_gravatar
+ post user_confirm_email_path, :params => { :confirm_string => confirm_string }
+ assert_response :redirect
+ assert_redirected_to :controller => :users, :action => :account, :display_name => user.display_name
+ assert_match(/Confirmed your change of email address/, flash[:notice])
+ # gravatar use should now be enabled
+ assert User.find(user.id).image_use_gravatar
+ end
+
+ def test_gravatar_auto_disable
+ # switch to email without a gravatar
+ user = create(:user, :new_email => "test-new@example.com", :image_use_gravatar => true)
+ stub_gravatar_request(user.new_email, 404)
+ confirm_string = user.tokens.create.token
+ # precondition gravatar should be turned on
+ assert user.image_use_gravatar
+ post user_confirm_email_path, :params => { :confirm_string => confirm_string }
+ assert_response :redirect
+ assert_redirected_to :controller => :users, :action => :account, :display_name => user.display_name
+ assert_match(/Confirmed your change of email address/, flash[:notice])
+ # gravatar use should now be disabled
+ assert_not User.find(user.id).image_use_gravatar
+ end
+end
--- /dev/null
+require "test_helper"
+
+class PasswordsControllerTest < ActionDispatch::IntegrationTest
+ ##
+ # test all routes which lead to this controller
+ def test_routes
+ assert_routing(
+ { :path => "/user/forgot-password", :method => :get },
+ { :controller => "passwords", :action => "lost_password" }
+ )
+ assert_routing(
+ { :path => "/user/forgot-password", :method => :post },
+ { :controller => "passwords", :action => "lost_password" }
+ )
+ assert_routing(
+ { :path => "/user/reset-password", :method => :get },
+ { :controller => "passwords", :action => "reset_password" }
+ )
+ assert_routing(
+ { :path => "/user/reset-password", :method => :post },
+ { :controller => "passwords", :action => "reset_password" }
+ )
+ end
+
+ def test_lost_password
+ # Test fetching the lost password page
+ get user_forgot_password_path
+ assert_response :success
+ assert_template :lost_password
+ assert_select "div#notice", false
+
+ # Test resetting using the address as recorded for a user that has an
+ # address which is duplicated in a different case by another user
+ user = create(:user)
+ uppercase_user = build(:user, :email => user.email.upcase).tap { |u| u.save(:validate => false) }
+
+ # Resetting with GET should fail
+ assert_no_difference "ActionMailer::Base.deliveries.size" do
+ perform_enqueued_jobs do
+ get user_forgot_password_path, :params => { :email => user.email }
+ end
+ end
+ assert_response :success
+ assert_template :lost_password
+
+ # Resetting with POST should work
+ assert_difference "ActionMailer::Base.deliveries.size", 1 do
+ perform_enqueued_jobs do
+ post user_forgot_password_path, :params => { :email => user.email }
+ end
+ end
+ assert_response :redirect
+ assert_redirected_to login_path
+ assert_match(/^Sorry you lost it/, flash[:notice])
+ email = ActionMailer::Base.deliveries.first
+ assert_equal 1, email.to.count
+ assert_equal user.email, email.to.first
+ ActionMailer::Base.deliveries.clear
+
+ # Test resetting using an address that matches a different user
+ # that has the same address in a different case
+ assert_difference "ActionMailer::Base.deliveries.size", 1 do
+ perform_enqueued_jobs do
+ post user_forgot_password_path, :params => { :email => user.email.upcase }
+ end
+ end
+ assert_response :redirect
+ assert_redirected_to login_path
+ assert_match(/^Sorry you lost it/, flash[:notice])
+ email = ActionMailer::Base.deliveries.first
+ assert_equal 1, email.to.count
+ assert_equal uppercase_user.email, email.to.first
+ ActionMailer::Base.deliveries.clear
+
+ # Test resetting using an address that is a case insensitive match
+ # for more than one user but not an exact match for either
+ assert_no_difference "ActionMailer::Base.deliveries.size" do
+ perform_enqueued_jobs do
+ post user_forgot_password_path, :params => { :email => user.email.titlecase }
+ end
+ end
+ assert_response :success
+ assert_template :lost_password
+ assert_select ".error", /^Could not find that email address/
+
+ # Test resetting using the address as recorded for a user that has an
+ # address which is case insensitively unique
+ third_user = create(:user)
+ assert_difference "ActionMailer::Base.deliveries.size", 1 do
+ perform_enqueued_jobs do
+ post user_forgot_password_path, :params => { :email => third_user.email }
+ end
+ end
+ assert_response :redirect
+ assert_redirected_to login_path
+ assert_match(/^Sorry you lost it/, flash[:notice])
+ email = ActionMailer::Base.deliveries.first
+ assert_equal 1, email.to.count
+ assert_equal third_user.email, email.to.first
+ ActionMailer::Base.deliveries.clear
+
+ # Test resetting using an address that matches a user that has the
+ # same (case insensitively unique) address in a different case
+ assert_difference "ActionMailer::Base.deliveries.size", 1 do
+ perform_enqueued_jobs do
+ post user_forgot_password_path, :params => { :email => third_user.email.upcase }
+ end
+ end
+ assert_response :redirect
+ assert_redirected_to login_path
+ assert_match(/^Sorry you lost it/, flash[:notice])
+ email = ActionMailer::Base.deliveries.first
+ assert_equal 1, email.to.count
+ assert_equal third_user.email, email.to.first
+ ActionMailer::Base.deliveries.clear
+ end
+
+ def test_reset_password
+ user = create(:user, :pending)
+ # Test a request with no token
+ get user_reset_password_path
+ assert_response :bad_request
+
+ # Test a request with a bogus token
+ get user_reset_password_path, :params => { :token => "made_up_token" }
+ assert_response :redirect
+ assert_redirected_to :action => :lost_password
+
+ # Create a valid token for a user
+ token = user.tokens.create
+
+ # Test a request with a valid token
+ get user_reset_password_path, :params => { :token => token.token }
+ assert_response :success
+ assert_template :reset_password
+
+ # Test that errors are reported for erroneous submissions
+ post user_reset_password_path, :params => { :token => token.token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "different_password" } }
+ assert_response :success
+ assert_template :reset_password
+ assert_select "div.invalid-feedback"
+
+ # Test setting a new password
+ post user_reset_password_path, :params => { :token => token.token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "new_password" } }
+ assert_response :redirect
+ assert_redirected_to root_path
+ assert_equal user.id, session[:user]
+ user.reload
+ assert_equal "active", user.status
+ assert user.email_valid
+ assert_equal user, User.authenticate(:username => user.email, :password => "new_password")
+ end
+end
{ :controller => "users", :action => "save" }
)
- assert_routing(
- { :path => "/user/username/confirm", :method => :get },
- { :controller => "users", :action => "confirm", :display_name => "username" }
- )
- assert_routing(
- { :path => "/user/username/confirm", :method => :post },
- { :controller => "users", :action => "confirm", :display_name => "username" }
- )
- assert_routing(
- { :path => "/user/username/confirm/resend", :method => :get },
- { :controller => "users", :action => "confirm_resend", :display_name => "username" }
- )
-
- assert_routing(
- { :path => "/user/confirm", :method => :get },
- { :controller => "users", :action => "confirm" }
- )
- assert_routing(
- { :path => "/user/confirm", :method => :post },
- { :controller => "users", :action => "confirm" }
- )
- assert_routing(
- { :path => "/user/confirm-email", :method => :get },
- { :controller => "users", :action => "confirm_email" }
- )
- assert_routing(
- { :path => "/user/confirm-email", :method => :post },
- { :controller => "users", :action => "confirm_email" }
- )
-
assert_routing(
{ :path => "/user/go_public", :method => :post },
{ :controller => "users", :action => "go_public" }
)
- assert_routing(
- { :path => "/user/forgot-password", :method => :get },
- { :controller => "users", :action => "lost_password" }
- )
- assert_routing(
- { :path => "/user/forgot-password", :method => :post },
- { :controller => "users", :action => "lost_password" }
- )
- assert_routing(
- { :path => "/user/reset-password", :method => :get },
- { :controller => "users", :action => "reset_password" }
- )
- assert_routing(
- { :path => "/user/reset-password", :method => :post },
- { :controller => "users", :action => "reset_password" }
- )
-
assert_routing(
{ :path => "/user/suspended", :method => :get },
{ :controller => "users", :action => "suspended" }
assert_match(/#{@url}/, register_email.body.to_s)
# Check the page
- assert_redirected_to :action => "confirm", :display_name => user.display_name
+ assert_redirected_to :controller => :confirmations, :action => :confirm, :display_name => user.display_name
ActionMailer::Base.deliveries.clear
end
ActionMailer::Base.deliveries.clear
end
- def test_confirm_get
- user = build(:user, :pending)
- post user_new_path, :params => { :user => user.attributes }
- post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
- confirm_string = User.find_by(:email => user.email).tokens.create.token
-
- get user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
- assert_response :success
- assert_template :confirm
- end
-
- def test_confirm_get_already_confirmed
- user = build(:user, :pending)
- stub_gravatar_request(user.email)
- post user_new_path, :params => { :user => user.attributes }
- post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
- confirm_string = User.find_by(:email => user.email).tokens.create.token
-
- # Get the confirmation page
- get user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
- assert_response :success
- assert_template :confirm
-
- # Confirm the user
- post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
- assert_redirected_to welcome_path
-
- # Now try to get the confirmation page again
- get user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
- assert_response :redirect
- assert_redirected_to root_path
- end
-
- def test_confirm_success_no_token_no_referer
- user = build(:user, :pending)
- stub_gravatar_request(user.email)
- post user_new_path, :params => { :user => user.attributes }
- post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
- confirm_string = User.find_by(:email => user.email).tokens.create.token
-
- post logout_path
-
- post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
- assert_redirected_to login_path
- assert_match(/Confirmed your account/, flash[:notice])
- end
-
- def test_confirm_success_good_token_no_referer
- user = build(:user, :pending)
- stub_gravatar_request(user.email)
- post user_new_path, :params => { :user => user.attributes }
- post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
- confirm_string = User.find_by(:email => user.email).tokens.create.token
-
- post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
- assert_redirected_to welcome_path
- end
-
- def test_confirm_success_bad_token_no_referer
- user = build(:user, :pending)
- stub_gravatar_request(user.email)
- post user_new_path, :params => { :user => user.attributes }
- post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
- confirm_string = User.find_by(:email => user.email).tokens.create.token
-
- post logout_path
- session_for(create(:user))
-
- post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
- assert_redirected_to login_path
- assert_match(/Confirmed your account/, flash[:notice])
- end
-
- def test_confirm_success_no_token_with_referer
- user = build(:user, :pending)
- stub_gravatar_request(user.email)
- post user_new_path, :params => { :user => user.attributes }
- post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
- confirm_string = User.find_by(:email => user.email).tokens.create(:referer => new_diary_entry_path).token
-
- post logout_path
-
- post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
- assert_redirected_to login_path(:referer => new_diary_entry_path)
- assert_match(/Confirmed your account/, flash[:notice])
- end
-
- def test_confirm_success_good_token_with_referer
- user = build(:user, :pending)
- stub_gravatar_request(user.email)
- post user_new_path, :params => { :user => user.attributes }
- post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
- confirm_string = User.find_by(:email => user.email).tokens.create(:referer => new_diary_entry_path).token
-
- post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
- assert_redirected_to new_diary_entry_path
- end
-
- def test_confirm_success_bad_token_with_referer
- user = build(:user, :pending)
- stub_gravatar_request(user.email)
- post user_new_path, :params => { :user => user.attributes }
- post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
- confirm_string = User.find_by(:email => user.email).tokens.create(:referer => new_diary_entry_path).token
-
- post logout_path
- session_for(create(:user))
-
- post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
- assert_redirected_to login_path(:referer => new_diary_entry_path)
- assert_match(/Confirmed your account/, flash[:notice])
- end
-
- def test_confirm_expired_token
- user = build(:user, :pending)
- stub_gravatar_request(user.email)
- post user_new_path, :params => { :user => user.attributes }
- post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
- confirm_string = User.find_by(:email => user.email).tokens.create(:expiry => 1.day.ago).token
-
- post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
- assert_redirected_to :action => "confirm"
- assert_match(/confirmation code has expired/, flash[:error])
- end
-
- def test_confirm_already_confirmed
- user = build(:user, :pending)
- stub_gravatar_request(user.email)
- post user_new_path, :params => { :user => user.attributes }
- post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
- confirm_string = User.find_by(:email => user.email).tokens.create(:referer => new_diary_entry_path).token
-
- post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
- assert_redirected_to new_diary_entry_path
-
- post logout_path
-
- confirm_string = User.find_by(:email => user.email).tokens.create(:referer => new_diary_entry_path).token
- post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
- assert_redirected_to login_path
- assert_match(/already been confirmed/, flash[:error])
- end
-
- def test_confirm_deleted
- user = build(:user, :pending)
- stub_gravatar_request(user.email)
- post user_new_path, :params => { :user => user.attributes }
- post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
- confirm_string = User.find_by(:email => user.email).tokens.create.token
-
- User.find_by(:display_name => user.display_name).update(:status => "deleted")
-
- # Get the confirmation page
- get user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
- assert_response :redirect
- assert_redirected_to root_path
-
- # Confirm the user
- post user_confirm_path, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
- assert_response :not_found
- assert_template :no_such_user
- end
-
- def test_confirm_resend_success
- user = build(:user, :pending)
- post user_new_path, :params => { :user => user.attributes }
- post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
-
- assert_difference "ActionMailer::Base.deliveries.size", 1 do
- perform_enqueued_jobs do
- get user_confirm_resend_path(user)
- end
- end
-
- assert_response :redirect
- assert_redirected_to login_path
- assert_match(/sent a new confirmation/, flash[:notice])
-
- email = ActionMailer::Base.deliveries.last
-
- assert_equal user.email, email.to.first
-
- ActionMailer::Base.deliveries.clear
- end
-
- def test_confirm_resend_no_token
- user = build(:user, :pending)
- # only complete first half of registration
- post user_new_path, :params => { :user => user.attributes }
-
- assert_no_difference "ActionMailer::Base.deliveries.size" do
- perform_enqueued_jobs do
- get user_confirm_resend_path(user)
- end
- end
-
- assert_response :redirect
- assert_redirected_to login_path
- assert_match "User #{user.display_name} not found.", flash[:error]
- end
-
- def test_confirm_resend_deleted
- user = build(:user, :pending)
- post user_new_path, :params => { :user => user.attributes }
- post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
-
- User.find_by(:display_name => user.display_name).update(:status => "deleted")
-
- assert_no_difference "ActionMailer::Base.deliveries.size" do
- perform_enqueued_jobs do
- get user_confirm_resend_path(user)
- end
- end
-
- assert_response :redirect
- assert_redirected_to login_path
- assert_match "User #{user.display_name} not found.", flash[:error]
- end
-
- def test_confirm_resend_unknown_user
- assert_no_difference "ActionMailer::Base.deliveries.size" do
- perform_enqueued_jobs do
- get user_confirm_resend_path(:display_name => "No Such User")
- end
- end
-
- assert_response :redirect
- assert_redirected_to login_path
- assert_match "User No Such User not found.", flash[:error]
- end
-
- def test_confirm_email_get
- user = create(:user)
- confirm_string = user.tokens.create.token
-
- get user_confirm_email_path, :params => { :confirm_string => confirm_string }
- assert_response :success
- assert_template :confirm_email
- end
-
- def test_confirm_email_success
- user = create(:user, :new_email => "test-new@example.com")
- stub_gravatar_request(user.new_email)
- confirm_string = user.tokens.create.token
-
- post user_confirm_email_path, :params => { :confirm_string => confirm_string }
- assert_response :redirect
- assert_redirected_to :action => :account, :display_name => user.display_name
- assert_match(/Confirmed your change of email address/, flash[:notice])
- end
-
- def test_confirm_email_already_confirmed
- user = create(:user)
- confirm_string = user.tokens.create.token
-
- post user_confirm_email_path, :params => { :confirm_string => confirm_string }
- assert_response :redirect
- assert_redirected_to :action => :account, :display_name => user.display_name
- assert_match(/already been confirmed/, flash[:error])
- end
-
- def test_confirm_email_bad_token
- post user_confirm_email_path, :params => { :confirm_string => "XXXXX" }
- assert_response :success
- assert_template :confirm_email
- assert_match(/confirmation code has expired or does not exist/, flash[:error])
- end
-
- ##
- # test if testing for a gravatar works
- # this happens when the email is actually changed
- # which is triggered by the confirmation mail
- def test_gravatar_auto_enable
- # switch to email that has a gravatar
- user = create(:user, :new_email => "test-new@example.com")
- stub_gravatar_request(user.new_email, 200)
- confirm_string = user.tokens.create.token
- # precondition gravatar should be turned off
- assert_not user.image_use_gravatar
- post user_confirm_email_path, :params => { :confirm_string => confirm_string }
- assert_response :redirect
- assert_redirected_to :action => :account, :display_name => user.display_name
- assert_match(/Confirmed your change of email address/, flash[:notice])
- # gravatar use should now be enabled
- assert User.find(user.id).image_use_gravatar
- end
-
- def test_gravatar_auto_disable
- # switch to email without a gravatar
- user = create(:user, :new_email => "test-new@example.com", :image_use_gravatar => true)
- stub_gravatar_request(user.new_email, 404)
- confirm_string = user.tokens.create.token
- # precondition gravatar should be turned on
- assert user.image_use_gravatar
- post user_confirm_email_path, :params => { :confirm_string => confirm_string }
- assert_response :redirect
- assert_redirected_to :action => :account, :display_name => user.display_name
- assert_match(/Confirmed your change of email address/, flash[:notice])
- # gravatar use should now be disabled
- assert_not User.find(user.id).image_use_gravatar
- end
-
def test_terms_new_user
user = build(:user, :pending)
assert User.find(user.id).data_public
end
- def test_lost_password
- # Test fetching the lost password page
- get user_forgot_password_path
- assert_response :success
- assert_template :lost_password
- assert_select "div#notice", false
-
- # Test resetting using the address as recorded for a user that has an
- # address which is duplicated in a different case by another user
- user = create(:user)
- uppercase_user = build(:user, :email => user.email.upcase).tap { |u| u.save(:validate => false) }
-
- # Resetting with GET should fail
- assert_no_difference "ActionMailer::Base.deliveries.size" do
- perform_enqueued_jobs do
- get user_forgot_password_path, :params => { :email => user.email }
- end
- end
- assert_response :success
- assert_template :lost_password
-
- # Resetting with POST should work
- assert_difference "ActionMailer::Base.deliveries.size", 1 do
- perform_enqueued_jobs do
- post user_forgot_password_path, :params => { :email => user.email }
- end
- end
- assert_response :redirect
- assert_redirected_to login_path
- assert_match(/^Sorry you lost it/, flash[:notice])
- email = ActionMailer::Base.deliveries.first
- assert_equal 1, email.to.count
- assert_equal user.email, email.to.first
- ActionMailer::Base.deliveries.clear
-
- # Test resetting using an address that matches a different user
- # that has the same address in a different case
- assert_difference "ActionMailer::Base.deliveries.size", 1 do
- perform_enqueued_jobs do
- post user_forgot_password_path, :params => { :email => user.email.upcase }
- end
- end
- assert_response :redirect
- assert_redirected_to login_path
- assert_match(/^Sorry you lost it/, flash[:notice])
- email = ActionMailer::Base.deliveries.first
- assert_equal 1, email.to.count
- assert_equal uppercase_user.email, email.to.first
- ActionMailer::Base.deliveries.clear
-
- # Test resetting using an address that is a case insensitive match
- # for more than one user but not an exact match for either
- assert_no_difference "ActionMailer::Base.deliveries.size" do
- perform_enqueued_jobs do
- post user_forgot_password_path, :params => { :email => user.email.titlecase }
- end
- end
- assert_response :success
- assert_template :lost_password
- assert_select ".error", /^Could not find that email address/
-
- # Test resetting using the address as recorded for a user that has an
- # address which is case insensitively unique
- third_user = create(:user)
- assert_difference "ActionMailer::Base.deliveries.size", 1 do
- perform_enqueued_jobs do
- post user_forgot_password_path, :params => { :email => third_user.email }
- end
- end
- assert_response :redirect
- assert_redirected_to login_path
- assert_match(/^Sorry you lost it/, flash[:notice])
- email = ActionMailer::Base.deliveries.first
- assert_equal 1, email.to.count
- assert_equal third_user.email, email.to.first
- ActionMailer::Base.deliveries.clear
-
- # Test resetting using an address that matches a user that has the
- # same (case insensitively unique) address in a different case
- assert_difference "ActionMailer::Base.deliveries.size", 1 do
- perform_enqueued_jobs do
- post user_forgot_password_path, :params => { :email => third_user.email.upcase }
- end
- end
- assert_response :redirect
- assert_redirected_to login_path
- assert_match(/^Sorry you lost it/, flash[:notice])
- email = ActionMailer::Base.deliveries.first
- assert_equal 1, email.to.count
- assert_equal third_user.email, email.to.first
- ActionMailer::Base.deliveries.clear
- end
-
- def test_reset_password
- user = create(:user, :pending)
- # Test a request with no token
- get user_reset_password_path
- assert_response :bad_request
-
- # Test a request with a bogus token
- get user_reset_password_path, :params => { :token => "made_up_token" }
- assert_response :redirect
- assert_redirected_to :action => :lost_password
-
- # Create a valid token for a user
- token = user.tokens.create
-
- # Test a request with a valid token
- get user_reset_password_path, :params => { :token => token.token }
- assert_response :success
- assert_template :reset_password
-
- # Test that errors are reported for erroneous submissions
- post user_reset_password_path, :params => { :token => token.token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "different_password" } }
- assert_response :success
- assert_template :reset_password
- assert_select "div.invalid-feedback"
-
- # Test setting a new password
- post user_reset_password_path, :params => { :token => token.token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "new_password" } }
- assert_response :redirect
- assert_redirected_to root_path
- assert_equal user.id, session[:user]
- user.reload
- assert_equal "active", user.status
- assert user.email_valid
- assert_equal user, User.authenticate(:username => user.email, :password => "new_password")
- end
-
def test_account
# Get a user to work with - note that this user deliberately
# conflicts with uppercase_user in the email and display name
# Check the page
assert_response :success
- assert_template "users/confirm"
+ assert_template "confirmations/confirm"
ActionMailer::Base.deliveries.clear
end
# Check the page
assert_response :success
- assert_template "users/confirm"
+ assert_template "confirmations/confirm"
ActionMailer::Base.deliveries.clear
# Go to the confirmation page
get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
assert_response :success
- assert_template "users/confirm"
+ assert_template "confirmations/confirm"
post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
assert_response :redirect
# Check the page
assert_response :success
- assert_template "users/confirm"
+ assert_template "confirmations/confirm"
ActionMailer::Base.deliveries.clear
end
# Check the page
assert_response :success
- assert_template "users/confirm"
+ assert_template "confirmations/confirm"
ActionMailer::Base.deliveries.clear
# Go to the confirmation page
get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
assert_response :success
- assert_template "users/confirm"
+ assert_template "confirmations/confirm"
post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
assert_response :redirect
# Check the page
assert_response :success
- assert_template "users/confirm"
+ assert_template "confirmations/confirm"
ActionMailer::Base.deliveries.clear
end
# Check the page
assert_response :success
- assert_template "users/confirm"
+ assert_template "confirmations/confirm"
ActionMailer::Base.deliveries.clear
# Go to the confirmation page
get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
assert_response :success
- assert_template "users/confirm"
+ assert_template "confirmations/confirm"
post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
assert_response :redirect
# Check the page
assert_response :success
- assert_template "users/confirm"
+ assert_template "confirmations/confirm"
ActionMailer::Base.deliveries.clear
end
# Check the page
assert_response :success
- assert_template "users/confirm"
+ assert_template "confirmations/confirm"
ActionMailer::Base.deliveries.clear
# Go to the confirmation page
get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
assert_response :success
- assert_template "users/confirm"
+ assert_template "confirmations/confirm"
post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
assert_response :redirect
# Check the page
assert_response :success
- assert_template "users/confirm"
+ assert_template "confirmations/confirm"
ActionMailer::Base.deliveries.clear
end
# Check the page
assert_response :success
- assert_template "users/confirm"
+ assert_template "confirmations/confirm"
ActionMailer::Base.deliveries.clear
# Go to the confirmation page
get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
assert_response :success
- assert_template "users/confirm"
+ assert_template "confirmations/confirm"
post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
assert_response :redirect
# Check the page
assert_response :success
- assert_template "users/confirm"
+ assert_template "confirmations/confirm"
ActionMailer::Base.deliveries.clear
end
# Check the page
assert_response :success
- assert_template "users/confirm"
+ assert_template "confirmations/confirm"
ActionMailer::Base.deliveries.clear
# Go to the confirmation page
get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
assert_response :success
- assert_template "users/confirm"
+ assert_template "confirmations/confirm"
post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
assert_response :redirect
# Check the page
assert_response :success
- assert_template "users/confirm"
+ assert_template "confirmations/confirm"
ActionMailer::Base.deliveries.clear
end
# Check the page
assert_response :success
- assert_template "users/confirm"
+ assert_template "confirmations/confirm"
ActionMailer::Base.deliveries.clear
# Go to the confirmation page
get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
assert_response :success
- assert_template "users/confirm"
+ assert_template "confirmations/confirm"
post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
assert_response :redirect
projects / rails.git / commitdiff