From: Tom Hughes Date: Mon, 2 Mar 2015 21:20:01 +0000 (+0000) Subject: Yet more tests... X-Git-Tag: live~4163 X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/15b550182cd893468d4f12f89e94dedc95097e0c Yet more tests... --- diff --git a/app/controllers/diary_entry_controller.rb b/app/controllers/diary_entry_controller.rb index ee998ba8a..c0b6ece38 100644 --- a/app/controllers/diary_entry_controller.rb +++ b/app/controllers/diary_entry_controller.rb @@ -205,12 +205,6 @@ class DiaryEntryController < ApplicationController end end - ## - # is this list user specific? - def user_specific_list? - params[:friends] || params[:nearby] - end - ## # decide on a location for the diary entry map def set_map_location diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 7c20c5111..79b411e24 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -329,7 +329,7 @@ class UserController < ApplicationController Notifier.signup_confirm(user, user.tokens.create).deliver_now flash[:notice] = t "user.confirm_resend.success", :email => user.email else - flash[:notice] = t "user.confirm_resend.failure", :name => params[:display_name] + flash[:error] = t "user.confirm_resend.failure", :name => params[:display_name] end redirect_to :action => "login" @@ -351,26 +351,32 @@ class UserController < ApplicationController token.destroy session[:user] = @user.id redirect_to :action => "account", :display_name => @user.display_name - else + elsif token flash[:error] = t "user.confirm_email.failure" - redirect_to :action => "account", :display_name => @user.display_name + redirect_to :action => "account", :display_name => token.user.display_name + else + flash[:error] = t "user.confirm_email.unknown_token" end end end def api_read - render :text => "", :status => :gone unless @this_user.visible? + if @this_user.visible? + render :action => :api_read, :content_type => "text/xml" + else + render :text => "", :status => :gone + end end def api_details @this_user = @user - render :action => :api_read + render :action => :api_read, :content_type => "text/xml" end def api_gpx_files doc = OSM::API.new.get_xml_doc - @user.traces.each do |trace| - doc.root << trace.to_xml_node if trace.public? || trace.user == @user + @user.traces.reload.each do |trace| + doc.root << trace.to_xml_node end render :text => doc.to_s, :content_type => "text/xml" end diff --git a/config/locales/en.yml b/config/locales/en.yml index 65b7f3639..30fae4945 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -1897,6 +1897,7 @@ en: Confirm your account by clicking on the link in the email and you'll be able to start mapping. press confirm button: "Press the confirm button below to activate your account." button: Confirm + success: "Confirmed your account, thanks for signing up!" already active: "This account has already been confirmed." unknown token: "That confirmation code has expired or does not exist." reconfirm_html: "If you need us to resend the confirmation email, click here." @@ -1907,8 +1908,9 @@ en: heading: Confirm a change of email address press confirm button: "Press the confirm button below to confirm your new email address." button: Confirm - success: "Confirmed your email address, thanks for signing up!" + success: "Confirmed your change of email address!" failure: "An email address has already been confirmed with this token." + unknown_token: "That confirmation code has expired or does not exist." set_home: flash success: "Home location saved successfully" go_public: diff --git a/test/controllers/diary_entry_controller_test.rb b/test/controllers/diary_entry_controller_test.rb index 62589a65b..b953edd7c 100644 --- a/test/controllers/diary_entry_controller_test.rb +++ b/test/controllers/diary_entry_controller_test.rb @@ -85,53 +85,93 @@ class DiaryEntryControllerTest < ActionController::TestCase ) end - def test_showing_new_diary_entry + def test_new + # Make sure that you are redirected to the login page when you + # are not logged in get :new assert_response :redirect - assert_redirected_to :controller => :user, :action => "login", :referer => "/diary/new" - # Now pretend to login by using the session hash, with the - # id of the person we want to login as through session(:user)=user.id - get(:new, nil, "user" => users(:normal_user).id) - assert_response :success - # print @response.body + assert_redirected_to :controller => :user, :action => :login, :referer => "/diary/new" - # print @response.to_yaml + # Now try again when logged in + get :new, {}, { :user => users(:normal_user).id } + assert_response :success assert_select "title", :text => /New Diary Entry/, :count => 1 assert_select "div.content-heading", :count => 1 do - assert_select "h1", :text => "New Diary Entry", :count => 1 + assert_select "h1", :text => /New Diary Entry/, :count => 1 end assert_select "div#content", :count => 1 do - # We don't care about the layout, we just care about the form fields - # that are available - assert_select "form[action='/diary/new']", :count => 1 do - assert_select "input[id=diary_entry_title][name='diary_entry[title]']", :count => 1 - assert_select "textarea#diary_entry_body[name='diary_entry[body]']", :count => 1 - assert_select "input#latitude[name='diary_entry[latitude]'][type=text]", :count => 1 - assert_select "input#longitude[name='diary_entry[longitude]'][type=text]", :count => 1 + assert_select "form[action='/diary/new'][method=post]", :count => 1 do + assert_select "input#diary_entry_title[name='diary_entry[title]']", :count => 1 + assert_select "textarea#diary_entry_body[name='diary_entry[body]']", :text => "", :count => 1 + assert_select "select#diary_entry_language_code", :count => 1 + assert_select "input#latitude[name='diary_entry[latitude]']", :count => 1 + assert_select "input#longitude[name='diary_entry[longitude]']", :count => 1 assert_select "input[name=commit][type=submit][value=Save]", :count => 1 + assert_select "input[name=commit][type=submit][value=Edit]", :count => 1 + assert_select "input[name=commit][type=submit][value=Preview]", :count => 1 + assert_select "input", :count => 7 end end + + new_title = "New Title" + new_body = "This is a new body for the diary entry" + new_latitude = "1.1" + new_longitude = "2.2" + new_language_code = "en" + + # Now try creating a invalid diary entry with an empty body + assert_no_difference "DiaryEntry.count" do + post :new, { :commit => "save", + :diary_entry => { :title => new_title, :body => "", :latitude => new_latitude, + :longitude => new_longitude, :language_code => new_language_code } }, + { :user => users(:normal_user).id } + end + assert_response :success + assert_template :edit + + # Now try creating a diary entry + assert_difference "DiaryEntry.count", 1 do + post :new, { :commit => "save", + :diary_entry => { :title => new_title, :body => new_body, :latitude => new_latitude, + :longitude => new_longitude, :language_code => new_language_code } }, + { :user => users(:normal_user).id } + end + assert_response :redirect + assert_redirected_to :action => :list, :display_name => users(:normal_user).display_name + entry = DiaryEntry.order(:id).last + assert_equal users(:normal_user).id, entry.user_id + assert_equal new_title, entry.title + assert_equal new_body, entry.body + assert_equal new_latitude.to_f, entry.latitude + assert_equal new_longitude.to_f, entry.longitude + assert_equal new_language_code, entry.language_code end - def test_editing_diary_entry + def test_edit entry = diary_entries(:normal_user_entry_1) # Make sure that you are redirected to the login page when you are # not logged in, without and with the id of the entry you want to edit get :edit, :display_name => entry.user.display_name, :id => entry.id assert_response :redirect - assert_redirected_to :controller => :user, :action => "login", :referer => "/user/#{entry.user.display_name}/diary/#{entry.id}/edit" + assert_redirected_to :controller => :user, :action => :login, :referer => "/user/#{entry.user.display_name}/diary/#{entry.id}/edit" # Verify that you get a not found error, when you pass a bogus id - get(:edit, { :display_name => entry.user.display_name, :id => 9999 }, { "user" => entry.user.id }) + get :edit, { :display_name => entry.user.display_name, :id => 9999 }, { :user => entry.user.id } assert_response :not_found assert_select "div.content-heading", :count => 1 do assert_select "h2", :text => "No entry with the id: 9999", :count => 1 end + # Verify that you get redirected to view if you are not the user + # that created the entry + get :edit, { :display_name => entry.user.display_name, :id => entry.id }, { :user => users(:public_user).id } + assert_response :redirect + assert_redirected_to :action => :view, :display_name => entry.user.display_name, :id => entry.id + # Now pass the id, and check that you can edit it, when using the same # user as the person who created the entry - get(:edit, { :display_name => entry.user.display_name, :id => entry.id }, { "user" => entry.user.id }) + get :edit, { :display_name => entry.user.display_name, :id => entry.id }, { :user => entry.user.id } assert_response :success assert_select "title", :text => /Edit diary entry/, :count => 1 assert_select "div.content-heading", :count => 1 do @@ -157,15 +197,15 @@ class DiaryEntryControllerTest < ActionController::TestCase new_latitude = "1.1" new_longitude = "2.2" new_language_code = "en" - post(:edit, { :display_name => entry.user.display_name, :id => entry.id, "commit" => "save", - "diary_entry" => { "title" => new_title, "body" => new_body, "latitude" => new_latitude, - "longitude" => new_longitude, "language_code" => new_language_code } }, - { "user" => entry.user.id }) + post :edit, { :display_name => entry.user.display_name, :id => entry.id, :commit => "save", + :diary_entry => { :title => new_title, :body => new_body, :latitude => new_latitude, + :longitude => new_longitude, :language_code => new_language_code } }, + { :user => entry.user.id } assert_response :redirect assert_redirected_to :action => :view, :display_name => entry.user.display_name, :id => entry.id # Now check that the new data is rendered, when logged in - get :view, { :display_name => entry.user.display_name, :id => entry.id }, { "user" => entry.user.id } + get :view, { :display_name => entry.user.display_name, :id => entry.id }, { :user => entry.user.id } assert_response :success assert_template "diary_entry/view" assert_select "title", :text => /Users' diaries | /, :count => 1 @@ -184,7 +224,7 @@ class DiaryEntryControllerTest < ActionController::TestCase end # and when not logged in as the user who wrote the entry - get :view, { :display_name => entry.user.display_name, :id => entry.id }, { "user" => entry.user.id } + get :view, { :display_name => entry.user.display_name, :id => entry.id }, { :user => entry.user.id } assert_response :success assert_template "diary_entry/view" assert_select "title", :text => /Users' diaries | /, :count => 1 @@ -204,64 +244,13 @@ class DiaryEntryControllerTest < ActionController::TestCase end end - def test_edit_diary_entry_i18n - get :edit, { :display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_entry_1).id }, { "user" => users(:normal_user).id } + def test_edit_i18n + get :edit, { :display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_entry_1).id }, { :user => users(:normal_user).id } assert_response :success assert_select "span[class=translation_missing]", false, "Missing translation in edit diary entry" end - def test_create_diary_entry - # Make sure that you are redirected to the login page when you - # are not logged in - get :new - assert_response :redirect - assert_redirected_to :controller => :user, :action => :login, :referer => "/diary/new" - - # Now try again when logged in - get :new, {}, { :user => users(:normal_user).id } - assert_response :success - assert_select "title", :text => /New Diary Entry/, :count => 1 - assert_select "div.content-heading", :count => 1 do - assert_select "h1", :text => /New Diary Entry/, :count => 1 - end - assert_select "div#content", :count => 1 do - assert_select "form[action='/diary/new'][method=post]", :count => 1 do - assert_select "input#diary_entry_title[name='diary_entry[title]']", :count => 1 - assert_select "textarea#diary_entry_body[name='diary_entry[body]']", :text => "", :count => 1 - assert_select "select#diary_entry_language_code", :count => 1 - assert_select "input#latitude[name='diary_entry[latitude]']", :count => 1 - assert_select "input#longitude[name='diary_entry[longitude]']", :count => 1 - assert_select "input[name=commit][type=submit][value=Save]", :count => 1 - assert_select "input[name=commit][type=submit][value=Edit]", :count => 1 - assert_select "input[name=commit][type=submit][value=Preview]", :count => 1 - assert_select "input", :count => 7 - end - end - - # Now try creating a diary entry - new_title = "New Title" - new_body = "This is a new body for the diary entry" - new_latitude = "1.1" - new_longitude = "2.2" - new_language_code = "en" - assert_difference "DiaryEntry.count", 1 do - post(:new, { "commit" => "save", - "diary_entry" => { "title" => new_title, "body" => new_body, "latitude" => new_latitude, - "longitude" => new_longitude, "language_code" => new_language_code } }, - { :user => users(:normal_user).id }) - end - assert_response :redirect - assert_redirected_to :action => :list, :display_name => users(:normal_user).display_name - entry = DiaryEntry.find(6) - assert_equal users(:normal_user).id, entry.user_id - assert_equal new_title, entry.title - assert_equal new_body, entry.body - assert_equal new_latitude.to_f, entry.latitude - assert_equal new_longitude.to_f, entry.longitude - assert_equal new_language_code, entry.language_code - end - - def test_creating_diary_comment + def test_comment entry = diary_entries(:normal_user_entry_1) # Make sure that you are denied when you are not logged in @@ -275,6 +264,15 @@ class DiaryEntryControllerTest < ActionController::TestCase assert_select "h2", :text => "No entry with the id: 9999", :count => 1 end + # Now try an invalid comment with an empty body + assert_no_difference "ActionMailer::Base.deliveries.size" do + assert_no_difference "DiaryComment.count" do + post :comment, { :display_name => entry.user.display_name, :id => entry.id, :diary_comment => { :body => "" } }, { :user => users(:public_user).id } + end + end + assert_response :success + assert_template :view + # Now try again with the right id assert_difference "ActionMailer::Base.deliveries.size", 1 do assert_difference "DiaryComment.count", 1 do @@ -305,19 +303,61 @@ class DiaryEntryControllerTest < ActionController::TestCase end end - # Check that you can get the expected response and template for all available languages - # Should test that there are no - def test_listing_diary_entries + def test_list_all + # Try a list of all diary entries get :list - assert_response :success, "Should be able to list the diary entries in locale" - assert_template "list", "Should use the list template in locale" - assert_select "span[class=translation_missing]", false, "Missing translation in list of diary entries" + check_diary_list :normal_user_entry_1, :normal_user_geo_entry, :public_user_entry_1 + end - # Now try to find a specific user's diary entry + def test_list_user + # Try a list of diary entries for a valid user get :list, :display_name => users(:normal_user).display_name - assert_response :success, "Should be able to list the diary entries for a user in locale" - assert_template "list", "Should use the list template for a user in locale" - assert_no_missing_translations + check_diary_list :normal_user_entry_1, :normal_user_geo_entry + + # Try a list of diary entries for an invalid user + get :list, :display_name => "No Such User" + assert_response :not_found + assert_template "user/no_such_user" + end + + def test_list_friends + # Try a list of diary entries for your friends when not logged in + get :list, :friends => true + assert_response :redirect + assert_redirected_to :controller => :user, :action => :login, :referer => "/diary/friends" + + # Try a list of diary entries for your friends when logged in + get :list, { :friends => true }, { :user => users(:normal_user).id } + check_diary_list :public_user_entry_1 + get :list, { :friends => true }, { :user => users(:public_user).id } + check_diary_list + end + + def test_list_nearby + # Try a list of diary entries for nearby users when not logged in + get :list, :nearby => true + assert_response :redirect + assert_redirected_to :controller => :user, :action => :login, :referer => "/diary/nearby" + + # Try a list of diary entries for nearby users when logged in + get :list, { :nearby => true }, { :user => users(:german_user).id } + check_diary_list :public_user_entry_1 + get :list, { :nearby => true }, { :user => users(:public_user).id } + check_diary_list + end + + def test_list_language + # Try a list of diary entries in english + get :list, :language => "en" + check_diary_list :normal_user_entry_1, :public_user_entry_1 + + # Try a list of diary entries in german + get :list, :language => "de" + check_diary_list :normal_user_geo_entry + + # Try a list of diary entries in slovenian + get :list, :language => "sl" + check_diary_list end def test_rss @@ -327,7 +367,7 @@ class DiaryEntryControllerTest < ActionController::TestCase assert_select "channel", :count => 1 do assert_select "channel>title", :count => 1 assert_select "image", :count => 1 - assert_select "channel>item", :count => 2 + assert_select "channel>item", :count => 3 end end end @@ -335,7 +375,7 @@ class DiaryEntryControllerTest < ActionController::TestCase def test_rss_language get :rss, :language => diary_entries(:normal_user_entry_1).language_code, :format => :rss assert_response :success, "Should be able to get a specific language diary RSS" - assert_select "rss>channel>item", :count => 1 # , "Diary entries should be filtered by language" + assert_select "rss>channel>item", :count => 2 # , "Diary entries should be filtered by language" end # def test_rss_nonexisting_language @@ -369,7 +409,7 @@ class DiaryEntryControllerTest < ActionController::TestCase assert_response :not_found, "Should not be able to get a deleted users diary RSS" end - def test_viewing_diary_entry + def test_view # Try a normal entry that should work get :view, :display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_entry_1).id assert_response :success @@ -388,7 +428,7 @@ class DiaryEntryControllerTest < ActionController::TestCase assert_response :not_found end - def test_viewing_hidden_comments + def test_view_hidden_comments # Get a diary entry that has hidden comments get :view, :display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_geo_entry).id assert_response :success @@ -464,4 +504,18 @@ class DiaryEntryControllerTest < ActionController::TestCase get :comments, :display_name => users(:deleted_user).display_name assert_response :not_found end + + private + + def check_diary_list(*entries) + assert_response :success + assert_template "list" + assert_no_missing_translations + assert_select "div.diary_post", entries.count + + entries.each do |entry| + entry = diary_entries(entry) + assert_select "a[href=?]", "/user/#{entry.user.display_name}/diary/#{entry.id}" + end + end end diff --git a/test/controllers/user_controller_test.rb b/test/controllers/user_controller_test.rb index 4bc52f8d4..8072f895b 100644 --- a/test/controllers/user_controller_test.rb +++ b/test/controllers/user_controller_test.rb @@ -2,7 +2,7 @@ require "test_helper" class UserControllerTest < ActionController::TestCase api_fixtures - fixtures :user_blocks, :messages, :friends + fixtures :messages, :friends ## # test all routes which lead to this controller @@ -182,7 +182,7 @@ class UserControllerTest < ActionController::TestCase end # The user creation page loads - def test_user_create_view + def test_new_view get :new assert_response :redirect assert_redirected_to user_new_path(:cookie_test => "true") @@ -209,22 +209,11 @@ class UserControllerTest < ActionController::TestCase end end - def new_user - user = User.new - user.status = "pending" - user.display_name = "new_tester" - user.email = "newtester@osm.org" - user.email_confirmation = "newtester@osm.org" - user.pass_crypt = "testtest" - user.pass_crypt_confirmation = "testtest" - user - end - - def test_user_create_success + def test_new_success user = new_user - assert_difference("User.count", 1) do - assert_difference("ActionMailer::Base.deliveries.size", 1) do + assert_difference "User.count", 1 do + assert_difference "ActionMailer::Base.deliveries.size", 1 do post :save, {}, { :new_user => user } end end @@ -241,12 +230,12 @@ class UserControllerTest < ActionController::TestCase ActionMailer::Base.deliveries.clear end - def test_user_create_submit_duplicate_email + def test_new_duplicate_email user = new_user user.email = users(:public_user).email - assert_no_difference("User.count") do - assert_no_difference("ActionMailer::Base.deliveries.size") do + assert_no_difference "User.count" do + assert_no_difference "ActionMailer::Base.deliveries.size" do post :save, {}, { :new_user => user } end end @@ -256,12 +245,12 @@ class UserControllerTest < ActionController::TestCase assert_select "form > fieldset > div.form-row > input.field_with_errors#user_email" end - def test_user_create_submit_duplicate_email_uppercase + def test_new_duplicate_email_uppercase user = new_user user.email = users(:public_user).email.upcase - assert_no_difference("User.count") do - assert_no_difference("ActionMailer::Base.deliveries.size") do + assert_no_difference "User.count" do + assert_no_difference "ActionMailer::Base.deliveries.size" do post :save, {}, { :new_user => user } end end @@ -271,12 +260,12 @@ class UserControllerTest < ActionController::TestCase assert_select "form > fieldset > div.form-row > input.field_with_errors#user_email" end - def test_user_create_submit_duplicate_name + def test_new_duplicate_name user = new_user user.display_name = users(:public_user).display_name - assert_no_difference("User.count") do - assert_no_difference("ActionMailer::Base.deliveries.size") do + assert_no_difference "User.count" do + assert_no_difference "ActionMailer::Base.deliveries.size" do post :save, {}, { :new_user => user } end end @@ -286,12 +275,12 @@ class UserControllerTest < ActionController::TestCase assert_select "form > fieldset > div.form-row > input.field_with_errors#user_display_name" end - def test_user_create_submit_duplicate_name_uppercase + def test_new_duplicate_name_uppercase user = new_user user.display_name = users(:public_user).display_name.upcase - assert_no_difference("User.count") do - assert_no_difference("ActionMailer::Base.deliveries.size") do + assert_no_difference "User.count" do + assert_no_difference "ActionMailer::Base.deliveries.size" do post :save, {}, { :new_user => user } end end @@ -301,11 +290,11 @@ class UserControllerTest < ActionController::TestCase assert_select "form > fieldset > div.form-row > input.field_with_errors#user_display_name" end - def test_user_save_referer_params + def test_save_referer_params user = new_user - assert_difference("User.count", 1) do - assert_difference("ActionMailer::Base.deliveries.size", 1) do + assert_difference "User.count", 1 do + assert_difference "ActionMailer::Base.deliveries.size", 1 do post :save, {}, { :new_user => user, :referer => "/edit?editor=id#map=1/2/3" } end @@ -317,52 +306,226 @@ class UserControllerTest < ActionController::TestCase ActionMailer::Base.deliveries.clear end - def test_user_confirm_expired_token + def test_logout_without_referer + get :logout + assert_response :success + assert_template :logout + assert_select "input[name=referer][value=?]", "" + + session_id = assert_select("input[name=session]").first["value"] + + get :logout, :session => session_id + assert_response :redirect + assert_redirected_to root_path + end + + def test_logout_with_referer + get :logout, :referer => "/test" + assert_response :success + assert_template :logout + assert_select "input[name=referer][value=?]", "/test" + + session_id = assert_select("input[name=session]").first["value"] + + get :logout, :session => session_id, :referer => "/test" + assert_response :redirect + assert_redirected_to "/test" + end + + def test_confirm_get user = users(:inactive_user) - token = user.tokens.new - token.expiry = 1.day.ago - token.save! + confirm_string = user.tokens.create.token @request.cookies["_osm_session"] = user.display_name - post :confirm, :confirm_string => token.token + get :confirm, :display_name => user.display_name, :confirm_string => confirm_string + assert_response :success + assert_template :confirm + end + + def test_confirm_get_already_confirmed + user = users(:normal_user) + confirm_string = user.tokens.create.token + + @request.cookies["_osm_session"] = user.display_name + get :confirm, :display_name => user.display_name, :confirm_string => confirm_string + assert_response :redirect + assert_redirected_to root_path + end + + def test_confirm_success_no_token_no_referer + user = users(:inactive_user) + confirm_string = user.tokens.create.token + + @request.cookies["_osm_session"] = user.display_name + post :confirm, :display_name => user.display_name, :confirm_string => confirm_string + assert_redirected_to login_path + assert_match /Confirmed your account/, flash[:notice] + end + def test_confirm_success_good_token_no_referer + user = users(:inactive_user) + confirm_string = user.tokens.create.token + token = user.tokens.create.token + + @request.cookies["_osm_session"] = user.display_name + post :confirm, { :display_name => user.display_name, :confirm_string => confirm_string }, { :token => token } + assert_redirected_to welcome_path + end + + def test_confirm_success_bad_token_no_referer + user = users(:inactive_user) + confirm_string = user.tokens.create.token + token = users(:normal_user).tokens.create.token + + @request.cookies["_osm_session"] = user.display_name + post :confirm, { :display_name => user.display_name, :confirm_string => confirm_string }, { :token => token } + assert_redirected_to login_path + assert_match /Confirmed your account/, flash[:notice] + end + + def test_confirm_success_no_token_with_referer + user = users(:inactive_user) + confirm_string = user.tokens.create(:referer => diary_new_path).token + + @request.cookies["_osm_session"] = user.display_name + post :confirm, :display_name => user.display_name, :confirm_string => confirm_string + assert_redirected_to login_path(:referer => diary_new_path) + assert_match /Confirmed your account/, flash[:notice] + end + + def test_confirm_success_good_token_with_referer + user = users(:inactive_user) + confirm_string = user.tokens.create(:referer => diary_new_path).token + token = user.tokens.create.token + + @request.cookies["_osm_session"] = user.display_name + post :confirm, { :display_name => user.display_name, :confirm_string => confirm_string }, { :token => token } + assert_redirected_to diary_new_path + end + + def test_confirm_success_bad_token_with_referer + user = users(:inactive_user) + confirm_string = user.tokens.create(:referer => diary_new_path).token + token = users(:normal_user).tokens.create.token + + @request.cookies["_osm_session"] = user.display_name + post :confirm, { :display_name => user.display_name, :confirm_string => confirm_string }, { :token => token } + assert_redirected_to login_path(:referer => diary_new_path) + assert_match /Confirmed your account/, flash[:notice] + end + + def test_confirm_expired_token + user = users(:inactive_user) + confirm_string = user.tokens.create(:expiry => 1.day.ago).token + + @request.cookies["_osm_session"] = user.display_name + post :confirm, :display_name => user.display_name, :confirm_string => confirm_string assert_redirected_to :action => "confirm" - assert_match /expired/, flash[:error] + assert_match /confirmation code has expired/, flash[:error] end - def test_user_already_confirmed + def test_confirm_already_confirmed user = users(:normal_user) - token = user.tokens.create + confirm_string = user.tokens.create(:referer => diary_new_path).token @request.cookies["_osm_session"] = user.display_name - post :confirm, :confirm_string => token.token - + post :confirm, :display_name => user.display_name, :confirm_string => confirm_string assert_redirected_to :action => "login" - assert_match /confirmed/, flash[:error] + assert_match /already been confirmed/, flash[:error] + end + + def test_confirm_resend_success + assert_difference "ActionMailer::Base.deliveries.size", 1 do + get :confirm_resend, :display_name => users(:inactive_user).display_name + end + + assert_response :redirect + assert_redirected_to login_path + assert_match /sent a new confirmation/, flash[:notice] + + email = ActionMailer::Base.deliveries.last + + assert_equal users(:inactive_user).email, email.to.first + + ActionMailer::Base.deliveries.clear + end + + def test_confirm_resend_failure + assert_no_difference "ActionMailer::Base.deliveries.size" do + get :confirm_resend, :display_name => "No Such User" + end + + assert_response :redirect + assert_redirected_to login_path + assert_match "User No Such User not found.", flash[:error] + end + + def test_confirm_email_get + user = users(:normal_user) + confirm_string = user.tokens.create.token + + get :confirm_email, :confirm_string => confirm_string + assert_response :success + assert_template :confirm_email + end + + def test_confirm_email_success + user = users(:second_public_user) + confirm_string = user.tokens.create.token + + post :confirm_email, :confirm_string => confirm_string + assert_response :redirect + assert_redirected_to :action => :account, :display_name => user.display_name + assert_match /Confirmed your change of email address/, flash[:notice] + end + + def test_confirm_email_already_confirmed + user = users(:normal_user) + confirm_string = user.tokens.create.token + + post :confirm_email, :confirm_string => confirm_string + assert_response :redirect + assert_redirected_to :action => :account, :display_name => user.display_name + assert_match /already been confirmed/, flash[:error] + end + + def test_confirm_email_bad_token + post :confirm_email, :confirm_string => "XXXXX" + assert_response :success + assert_template :confirm_email + assert_match /confirmation code has expired or does not exist/, flash[:error] end - def test_user_terms_new_user - get :terms, {}, { "new_user" => User.new } + def test_terms_new_user + get :terms, {}, { :new_user => User.new } assert_response :success assert_template :terms end - def test_user_terms_seen + def test_terms_seen user = users(:normal_user) - get :terms, {}, { "user" => user } + get :terms, {}, { :user => user } assert_response :redirect assert_redirected_to :action => :account, :display_name => user.display_name end - def test_user_go_public + def test_terms_not_seen + user = users(:terms_not_seen_user) + + get :terms, {}, { :user => user } + assert_response :success + assert_template :terms + end + + def test_go_public post :go_public, {}, { :user => users(:normal_user) } assert_response :redirect assert_redirected_to :action => :account, :display_name => users(:normal_user).display_name assert_equal true, User.find(users(:normal_user).id).data_public end - def test_user_lost_password + def test_lost_password # Test fetching the lost password page get :lost_password assert_response :success @@ -371,7 +534,7 @@ class UserControllerTest < ActionController::TestCase # Test resetting using the address as recorded for a user that has an # address which is duplicated in a different case by another user - assert_difference("ActionMailer::Base.deliveries.size", 1) do + assert_difference "ActionMailer::Base.deliveries.size", 1 do post :lost_password, :user => { :email => users(:normal_user).email } end assert_response :redirect @@ -384,7 +547,7 @@ class UserControllerTest < ActionController::TestCase # Test resetting using an address that matches a different user # that has the same address in a different case - assert_difference("ActionMailer::Base.deliveries.size", 1) do + assert_difference "ActionMailer::Base.deliveries.size", 1 do post :lost_password, :user => { :email => users(:normal_user).email.upcase } end assert_response :redirect @@ -397,7 +560,7 @@ class UserControllerTest < ActionController::TestCase # Test resetting using an address that is a case insensitive match # for more than one user but not an exact match for either - assert_difference("ActionMailer::Base.deliveries.size", 0) do + assert_no_difference "ActionMailer::Base.deliveries.size" do post :lost_password, :user => { :email => users(:normal_user).email.titlecase } end assert_response :success @@ -406,7 +569,7 @@ class UserControllerTest < ActionController::TestCase # Test resetting using the address as recorded for a user that has an # address which is case insensitively unique - assert_difference("ActionMailer::Base.deliveries.size", 1) do + assert_difference "ActionMailer::Base.deliveries.size", 1 do post :lost_password, :user => { :email => users(:public_user).email } end assert_response :redirect @@ -419,7 +582,7 @@ class UserControllerTest < ActionController::TestCase # Test resetting using an address that matches a user that has the # same (case insensitively unique) address in a different case - assert_difference("ActionMailer::Base.deliveries.size", 1) do + assert_difference "ActionMailer::Base.deliveries.size", 1 do post :lost_password, :user => { :email => users(:public_user).email.upcase } end assert_response :redirect @@ -459,7 +622,7 @@ class UserControllerTest < ActionController::TestCase assert_equal user, User.authenticate(:username => "inactive@openstreetmap.org", :password => "new_password") end - def test_user_update + def test_account # Get a user to work with - note that this user deliberately # conflicts with uppercase_user in the email and display name # fields to test that we can change other fields without any @@ -522,7 +685,7 @@ class UserControllerTest < ActionController::TestCase # Changing email to one that exists should fail user.new_email = users(:public_user).email - assert_no_difference("ActionMailer::Base.deliveries.size") do + assert_no_difference "ActionMailer::Base.deliveries.size" do post :account, { :display_name => user.display_name, :user => user.attributes }, { "user" => user.id } end assert_response :success @@ -533,7 +696,7 @@ class UserControllerTest < ActionController::TestCase # Changing email to one that exists should fail, regardless of case user.new_email = users(:public_user).email.upcase - assert_no_difference("ActionMailer::Base.deliveries.size") do + assert_no_difference "ActionMailer::Base.deliveries.size" do post :account, { :display_name => user.display_name, :user => user.attributes }, { "user" => user.id } end assert_response :success @@ -544,7 +707,7 @@ class UserControllerTest < ActionController::TestCase # Changing email to one that doesn't exist should work user.new_email = "new_tester@example.com" - assert_difference("ActionMailer::Base.deliveries.size", 1) do + assert_difference "ActionMailer::Base.deliveries.size", 1 do post :account, { :display_name => user.display_name, :user => user.attributes }, { "user" => user.id } end assert_response :success @@ -560,7 +723,7 @@ class UserControllerTest < ActionController::TestCase # Check that the user account page will display and contains some relevant # information for the user - def test_user_view_account + def test_view # Test a non-existent user get :view, :display_name => "unknown" assert_response :not_found @@ -642,10 +805,11 @@ class UserControllerTest < ActionController::TestCase end end - def test_user_api_read + def test_api_read # check that a visible user is returned properly get :api_read, :id => users(:normal_user).id assert_response :success + assert_equal "text/xml", response.content_type # check the data that is returned assert_select "description", :count => 1, :text => "test" @@ -688,7 +852,7 @@ class UserControllerTest < ActionController::TestCase assert_response :not_found end - def test_user_api_details + def test_api_details # check that nothing is returned when not logged in get :api_details assert_response :unauthorized @@ -697,6 +861,7 @@ class UserControllerTest < ActionController::TestCase basic_authorization(users(:normal_user).email, "test") get :api_details assert_response :success + assert_equal "text/xml", response.content_type # check the data that is returned assert_select "description", :count => 1, :text => "test" @@ -735,7 +900,27 @@ class UserControllerTest < ActionController::TestCase end end - def test_user_make_friend + def test_api_gpx_files + # check that nothing is returned when not logged in + get :api_gpx_files + assert_response :unauthorized + + # check that we get a response when logged in + basic_authorization(users(:normal_user).email, "test") + get :api_gpx_files + assert_response :success + assert_equal "text/xml", response.content_type + + # check the data that is returned + assert_select "gpx_file[id='1']", 1 do + assert_select "tag", "London" + end + assert_select "gpx_file[id='4']", 1 do + assert_select "tag", "Birmingham" + end + end + + def test_make_friend # Get users to work with user = users(:normal_user) friend = users(:second_public_user) @@ -753,7 +938,7 @@ class UserControllerTest < ActionController::TestCase assert_nil Friend.where(:user_id => user.id, :friend_user_id => friend.id).first # When logged in a GET should get a confirmation page - get :make_friend, { :display_name => friend.display_name }, { "user" => user } + get :make_friend, { :display_name => friend.display_name }, { :user => user.id } assert_response :success assert_template :make_friend assert_select "form" do @@ -762,8 +947,37 @@ class UserControllerTest < ActionController::TestCase end assert_nil Friend.where(:user_id => user.id, :friend_user_id => friend.id).first + # When logged in a POST should add the friendship + assert_difference "ActionMailer::Base.deliveries.size", 1 do + post :make_friend, { :display_name => friend.display_name }, { :user => user.id } + end + assert_redirected_to user_path(:display_name => friend.display_name) + assert_match /is now your friend/, flash[:notice] + assert Friend.where(:user_id => user.id, :friend_user_id => friend.id).first + email = ActionMailer::Base.deliveries.first + assert_equal 1, email.to.count + assert_equal friend.email, email.to.first + ActionMailer::Base.deliveries.clear + + # A second POST should report that the friendship already exists + assert_no_difference "ActionMailer::Base.deliveries.size" do + post :make_friend, { :display_name => friend.display_name }, { :user => user.id } + end + assert_redirected_to user_path(:display_name => friend.display_name) + assert_match /You are already friends with/, flash[:warning] + assert Friend.where(:user_id => user.id, :friend_user_id => friend.id).first + end + + def test_make_friend_with_referer + # Get users to work with + user = users(:normal_user) + friend = users(:second_public_user) + + # Check that the users aren't already friends + assert_nil Friend.where(:user_id => user.id, :friend_user_id => friend.id).first + # The GET should preserve any referer - get :make_friend, { :display_name => friend.display_name, :referer => "/test" }, { "user" => user } + get :make_friend, { :display_name => friend.display_name, :referer => "/test" }, { :user => user.id } assert_response :success assert_template :make_friend assert_select "form" do @@ -772,28 +986,27 @@ class UserControllerTest < ActionController::TestCase end assert_nil Friend.where(:user_id => user.id, :friend_user_id => friend.id).first - # When logged in a POST should add the friendship - assert_difference("ActionMailer::Base.deliveries.size", 1) do - post :make_friend, { :display_name => friend.display_name }, { "user" => user } + # When logged in a POST should add the friendship and refer us + assert_difference "ActionMailer::Base.deliveries.size", 1 do + post :make_friend, { :display_name => friend.display_name, :referer => "/test" }, { :user => user.id } end - assert_redirected_to user_path(:display_name => friend.display_name) + assert_redirected_to "/test" assert_match /is now your friend/, flash[:notice] assert Friend.where(:user_id => user.id, :friend_user_id => friend.id).first email = ActionMailer::Base.deliveries.first assert_equal 1, email.to.count assert_equal friend.email, email.to.first ActionMailer::Base.deliveries.clear + end - # A second POST should report that the friendship already exists - assert_no_difference("ActionMailer::Base.deliveries.size") do - post :make_friend, { :display_name => friend.display_name }, { "user" => user } - end - assert_redirected_to user_path(:display_name => friend.display_name) - assert_match /You are already friends with/, flash[:warning] - assert Friend.where(:user_id => user.id, :friend_user_id => friend.id).first + def test_make_friend_unkown_user + # Should error when a bogus user is specified + get :make_friend, { :display_name => "No Such User" }, { :user => users(:normal_user).id } + assert_response :not_found + assert_template :no_such_user end - def test_user_remove_friend + def test_remove_friend # Get users to work with user = users(:normal_user) friend = users(:public_user) @@ -811,7 +1024,7 @@ class UserControllerTest < ActionController::TestCase assert Friend.where(:user_id => user.id, :friend_user_id => friend.id).first # When logged in a GET should get a confirmation page - get :remove_friend, { :display_name => friend.display_name }, { "user" => user } + get :remove_friend, { :display_name => friend.display_name }, { :user => user.id } assert_response :success assert_template :remove_friend assert_select "form" do @@ -820,8 +1033,29 @@ class UserControllerTest < ActionController::TestCase end assert Friend.where(:user_id => user.id, :friend_user_id => friend.id).first + # When logged in a POST should remove the friendship + post :remove_friend, { :display_name => friend.display_name }, { :user => user.id } + assert_redirected_to user_path(:display_name => friend.display_name) + assert_match /was removed from your friends/, flash[:notice] + assert_nil Friend.where(:user_id => user.id, :friend_user_id => friend.id).first + + # A second POST should report that the friendship does not exist + post :remove_friend, { :display_name => friend.display_name }, { :user => user.id } + assert_redirected_to user_path(:display_name => friend.display_name) + assert_match /is not one of your friends/, flash[:error] + assert_nil Friend.where(:user_id => user.id, :friend_user_id => friend.id).first + end + + def test_remove_friend_with_referer + # Get users to work with + user = users(:normal_user) + friend = users(:public_user) + + # Check that the users are friends + assert Friend.where(:user_id => user.id, :friend_user_id => friend.id).first + # The GET should preserve any referer - get :remove_friend, { :display_name => friend.display_name, :referer => "/test" }, { "user" => user } + get :remove_friend, { :display_name => friend.display_name, :referer => "/test" }, { :user => user.id } assert_response :success assert_template :remove_friend assert_select "form" do @@ -830,17 +1064,18 @@ class UserControllerTest < ActionController::TestCase end assert Friend.where(:user_id => user.id, :friend_user_id => friend.id).first - # When logged in a POST should remove the friendship - post :remove_friend, { :display_name => friend.display_name }, { "user" => user } - assert_redirected_to user_path(:display_name => friend.display_name) + # When logged in a POST should remove the friendship and refer + post :remove_friend, { :display_name => friend.display_name, :referer => "/test" }, { :user => user.id } + assert_redirected_to "/test" assert_match /was removed from your friends/, flash[:notice] assert_nil Friend.where(:user_id => user.id, :friend_user_id => friend.id).first + end - # A second POST should report that the friendship does not exist - post :remove_friend, { :display_name => friend.display_name }, { "user" => user } - assert_redirected_to user_path(:display_name => friend.display_name) - assert_match /is not one of your friends/, flash[:error] - assert_nil Friend.where(:user_id => user.id, :friend_user_id => friend.id).first + def test_remove_friend_unkown_user + # Should error when a bogus user is specified + get :remove_friend, { :display_name => "No Such User" }, { :user => users(:normal_user).id } + assert_response :not_found + assert_template :no_such_user end def test_set_status @@ -890,4 +1125,17 @@ class UserControllerTest < ActionController::TestCase assert_nil user.auth_uid assert_equal "deleted", user.status end + + private + + def new_user + user = User.new + user.status = "pending" + user.display_name = "new_tester" + user.email = "newtester@osm.org" + user.email_confirmation = "newtester@osm.org" + user.pass_crypt = "testtest" + user.pass_crypt_confirmation = "testtest" + user + end end diff --git a/test/fixtures/diary_entries.yml b/test/fixtures/diary_entries.yml index 27717302d..6c5c1927d 100644 --- a/test/fixtures/diary_entries.yml +++ b/test/fixtures/diary_entries.yml @@ -57,3 +57,15 @@ entry_by_deleted_user: longitude: language_code: en visible: true + +public_user_entry_1: + id: 6 + user_id: 2 + title: Public User Diary Entry 1 + body: This is the body of diary entry 1. + created_at: "2008-11-07 17:43:34" + updated_at: "2008-11-07 17:43:34" + latitude: + longitude: + language_code: en + visible: true diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml index dbe8fcd50..1b958028f 100644 --- a/test/fixtures/users.yml +++ b/test/fixtures/users.yml @@ -51,6 +51,7 @@ inactive_user: second_public_user: id: 4 email: public@OpenStreetMap.org + new_email: new_public@OpenStreetMap.org status: active pass_crypt: <%= Digest::MD5.hexdigest('test') %> creation_time: "2008-05-01 01:23:45" @@ -238,6 +239,9 @@ german_user: display_name: germanuser data_public: true description: deutsch sprechen + home_lat: 11.9 + home_lon: 12.1 + home_zoom: 12 terms_agreed: "2010-01-01 11:22:33" terms_seen: true languages: de diff --git a/test/models/diary_entry_test.rb b/test/models/diary_entry_test.rb index ab5f45ff2..58e6513a6 100644 --- a/test/models/diary_entry_test.rb +++ b/test/models/diary_entry_test.rb @@ -5,7 +5,7 @@ class DiaryEntryTest < ActiveSupport::TestCase fixtures :diary_entries, :diary_comments, :languages def test_diary_entry_count - assert_equal 5, DiaryEntry.count + assert_equal 6, DiaryEntry.count end def test_diary_entry_validations @@ -25,7 +25,7 @@ class DiaryEntryTest < ActiveSupport::TestCase end def test_diary_entry_visible - assert_equal 4, DiaryEntry.visible.count + assert_equal 5, DiaryEntry.visible.count assert_raise ActiveRecord::RecordNotFound do DiaryEntry.visible.find(diary_entries(:deleted_entry).id) end diff --git a/test/models/user_test.rb b/test/models/user_test.rb index 32d810583..59445aee4 100644 --- a/test/models/user_test.rb +++ b/test/models/user_test.rb @@ -116,9 +116,9 @@ class UserTest < ActiveSupport::TestCase def test_users_nearby # second user has their data public and is close by normal user - assert_equal [users(:public_user)], users(:normal_user).nearby + assert_equal [users(:public_user), users(:german_user)], users(:normal_user).nearby # second_user has normal user nearby, but normal user has their data private - assert_equal [], users(:public_user).nearby + assert_equal [users(:german_user)], users(:public_user).nearby # inactive_user has no user nearby assert_equal [], users(:inactive_user).nearby # north_pole_user has no user nearby, and doesn't throw exception @@ -137,8 +137,8 @@ class UserTest < ActiveSupport::TestCase # friend.befriender = norm # friend.befriendee = sec # friend.save - assert_equal [sec], norm.nearby - assert_equal 1, norm.nearby.size + assert_equal [sec], norm.friend_users + assert_equal 1, norm.friend_users.size assert_equal 1, Friend.count assert norm.is_friends_with?(sec) assert !sec.is_friends_with?(norm)