From: Tom Hughes <tom@compton.nu>
Date: Mon, 9 Mar 2015 00:58:38 +0000 (+0000)
Subject: More work on user tests
X-Git-Tag: live~4175
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/4607ac2d30806fbfb00969df92823154df4a9a2f?hp=ce3eabc2039daa8420ec6f33a8caf8fb45248297

More work on user tests
---

diff --git a/test/controllers/user_controller_test.rb b/test/controllers/user_controller_test.rb
index 609f3fe67..d39eaec23 100644
--- a/test/controllers/user_controller_test.rb
+++ b/test/controllers/user_controller_test.rb
@@ -209,6 +209,24 @@ class UserControllerTest < ActionController::TestCase
     end
   end
 
+  def test_new_view_logged_in
+    session[:user] = users(:normal_user).id
+
+    get :new
+    assert_response :redirect
+    assert_redirected_to user_new_path(:cookie_test => "true")
+    get :new, :cookie_test => "true"
+    assert_response :redirect
+    assert_redirected_to root_path
+
+    get :new, :referer => "/test"
+    assert_response :redirect
+    assert_redirected_to user_new_path(:referer => "/test", :cookie_test => "true")
+    get :new, :referer => "/test", :cookie_test => "true"
+    assert_response :redirect
+    assert_redirected_to "/test"
+  end
+
   def test_new_success
     user = new_user
 
@@ -332,6 +350,27 @@ class UserControllerTest < ActionController::TestCase
     assert_redirected_to "/test"
   end
 
+  def test_logout_with_token
+    token = users(:normal_user).tokens.create
+
+    session[:token] = token.token
+
+    get :logout
+    assert_response :success
+    assert_template :logout
+    assert_select "input[name=referer][value=?]", ""
+    assert_equal token.token, session[:token]
+    assert_not_nil UserToken.where(:id => token.id).first
+
+    session_id = assert_select("input[name=session]").first["value"]
+
+    get :logout, :session => session_id
+    assert_response :redirect
+    assert_redirected_to root_path
+    assert_nil session[:token]
+    assert_nil UserToken.where(:id => token.id).first
+  end
+
   def test_confirm_get
     user = users(:inactive_user)
     confirm_string = user.tokens.create.token
@@ -505,17 +544,53 @@ class UserControllerTest < ActionController::TestCase
   def test_terms_seen
     user = users(:normal_user)
 
-    get :terms, {}, { :user => user }
+    session[:user] = user.id
+
+    get :terms
+    assert_response :redirect
+    assert_redirected_to :action => :account, :display_name => user.display_name
+  end
+
+  def test_terms_not_seen_without_referer
+    user = users(:terms_not_seen_user)
+
+    session[:user] = user.id
+
+    get :terms
+    assert_response :success
+    assert_template :terms
+
+    post :save, :user => { :consider_pd => true }
     assert_response :redirect
     assert_redirected_to :action => :account, :display_name => user.display_name
+    assert_equal "Thanks for accepting the new contributor terms!", flash[:notice]
+
+    user.reload
+
+    assert_equal true, user.consider_pd
+    assert_not_nil user.terms_agreed
+    assert_equal true, user.terms_seen
   end
 
-  def test_terms_not_seen
+  def test_terms_not_seen_with_referer
     user = users(:terms_not_seen_user)
 
-    get :terms, {}, { :user => user }
+    session[:user] = user.id
+
+    get :terms, :referer => "/test"
     assert_response :success
     assert_template :terms
+
+    post :save, :user => { :consider_pd => true }, :referer => "/test"
+    assert_response :redirect
+    assert_redirected_to "/test"
+    assert_equal "Thanks for accepting the new contributor terms!", flash[:notice]
+
+    user.reload
+
+    assert_equal true, user.consider_pd
+    assert_not_nil user.terms_agreed
+    assert_equal true, user.terms_seen
   end
 
   def test_go_public
@@ -705,6 +780,11 @@ class UserControllerTest < ActionController::TestCase
     assert_select ".notice", /^User information updated successfully/
     assert_select "form#accountForm > fieldset > div.form-row.accountImage input[name=image_action][checked]", false
 
+    # Adding external authentication should redirect to the auth provider
+    post :account, { :display_name => user.display_name, :user => user.attributes.merge(:auth_provider => "openid", :auth_uid => "gmail.com") }, { :user => user.id }
+    assert_response :redirect
+    assert_redirected_to auth_path(:provider => "openid", :openid_url => "https://www.google.com/accounts/o8/id", :origin => "/user/#{user.display_name}/account")
+
     # Changing name to one that exists should fail
     new_attributes = user.attributes.dup.merge(:display_name => users(:public_user).display_name)
     post :account, { :display_name => user.display_name, :user => new_attributes }, { :user => user.id }
diff --git a/test/integration/user_login_test.rb b/test/integration/user_login_test.rb
index 131742a27..80a83afea 100644
--- a/test/integration/user_login_test.rb
+++ b/test/integration/user_login_test.rb
@@ -285,6 +285,72 @@ class UserLoginTest < ActionDispatch::IntegrationTest
     assert_select "div.flash.error", /your account has been suspended/
   end
 
+  def test_login_email_password_blocked
+    user = users(:blocked_user)
+
+    get "/login"
+    assert_response :redirect
+    assert_redirected_to :controller => :user, :action => :login, :cookie_test => true
+    follow_redirect!
+    assert_response :success
+
+    post "/login", :username => user.email, :password => "wrong", :referer => "/history"
+    assert_response :redirect
+    follow_redirect!
+    assert_response :success
+    assert_template "login"
+
+    post "/login", :username => user.email, :password => "test", :referer => "/history"
+    assert_response :redirect
+    follow_redirect!
+    assert_response :success
+    assert_template "user_blocks/show"
+  end
+
+  def test_login_email_password_blocked_upcase
+    user = users(:blocked_user)
+
+    get "/login"
+    assert_response :redirect
+    assert_redirected_to :controller => :user, :action => :login, :cookie_test => true
+    follow_redirect!
+    assert_response :success
+
+    post "/login", :username => user.email.upcase, :password => "wrong", :referer => "/history"
+    assert_response :redirect
+    follow_redirect!
+    assert_response :success
+    assert_template "login"
+
+    post "/login", :username => user.email.upcase, :password => "test", :referer => "/history"
+    assert_response :redirect
+    follow_redirect!
+    assert_response :success
+    assert_template "user_blocks/show"
+  end
+
+  def test_login_email_password_blocked_titlecase
+    user = users(:blocked_user)
+
+    get "/login"
+    assert_response :redirect
+    assert_redirected_to :controller => :user, :action => :login, :cookie_test => true
+    follow_redirect!
+    assert_response :success
+
+    post "/login", :username => user.email.titlecase, :password => "wrong", :referer => "/history"
+    assert_response :redirect
+    follow_redirect!
+    assert_response :success
+    assert_template "login"
+
+    post "/login", :username => user.email.titlecase, :password => "test", :referer => "/history"
+    assert_response :redirect
+    follow_redirect!
+    assert_response :success
+    assert_template "user_blocks/show"
+  end
+
   def test_login_username_password_normal
     user = users(:normal_user)
 
@@ -558,6 +624,72 @@ class UserLoginTest < ActionDispatch::IntegrationTest
     assert_select "div.flash.error", /your account has been suspended/
   end
 
+  def test_login_username_password_blocked
+    user = users(:blocked_user)
+
+    get "/login"
+    assert_response :redirect
+    assert_redirected_to :controller => :user, :action => :login, :cookie_test => true
+    follow_redirect!
+    assert_response :success
+
+    post "/login", :username => user.display_name, :password => "wrong", :referer => "/history"
+    assert_response :redirect
+    follow_redirect!
+    assert_response :success
+    assert_template "login"
+
+    post "/login", :username => user.display_name, :password => "test", :referer => "/history"
+    assert_response :redirect
+    follow_redirect!
+    assert_response :success
+    assert_template "user_blocks/show"
+  end
+
+  def test_login_username_password_blocked_upcase
+    user = users(:blocked_user)
+
+    get "/login"
+    assert_response :redirect
+    assert_redirected_to :controller => :user, :action => :login, :cookie_test => true
+    follow_redirect!
+    assert_response :success
+
+    post "/login", :username => user.display_name.upcase, :password => "wrong", :referer => "/history"
+    assert_response :redirect
+    follow_redirect!
+    assert_response :success
+    assert_template "login"
+
+    post "/login", :username => user.display_name.upcase, :password => "test", :referer => "/history"
+    assert_response :redirect
+    follow_redirect!
+    assert_response :success
+    assert_template "user_blocks/show"
+  end
+
+  def test_login_username_password_blocked_titlecase
+    user = users(:blocked_user)
+
+    get "/login"
+    assert_response :redirect
+    assert_redirected_to :controller => :user, :action => :login, :cookie_test => true
+    follow_redirect!
+    assert_response :success
+
+    post "/login", :username => user.display_name.titlecase, :password => "wrong", :referer => "/history"
+    assert_response :redirect
+    follow_redirect!
+    assert_response :success
+    assert_template "login"
+
+    post "/login", :username => user.display_name.titlecase, :password => "test", :referer => "/history"
+    assert_response :redirect
+    follow_redirect!
+    assert_response :success
+    assert_template "user_blocks/show"
+  end
+
   def test_login_email_password_remember_me
     user = users(:normal_user)
 
diff --git a/test/integration/user_terms_seen_test.rb b/test/integration/user_terms_seen_test.rb
index 678492f3c..a664feeb0 100644
--- a/test/integration/user_terms_seen_test.rb
+++ b/test/integration/user_terms_seen_test.rb
@@ -27,16 +27,16 @@ class UserTermsSeenTest < ActionDispatch::IntegrationTest
       get_via_redirect "/login"
       assert_response :success
       assert_template "user/login"
-      post "/login", "username" => user.email, "password" => "test", :referer => "/"
+      post "/login", :username => user.email, :password => "test", :referer => "/diary/new"
       assert_response :redirect
       # but now we need to look at the terms
-      assert_redirected_to "controller" => "user", "action" => "terms", :referer => "/"
+      assert_redirected_to :controller => :user, :action => :terms, :referer => "/diary/new"
       follow_redirect!
       assert_response :success
 
       # don't agree to the terms, but hit decline
-      post "/user/save", "decline" => "decline", "referer" => "/"
-      assert_redirected_to "/"
+      post "/user/save", :decline => true, :referer => "/diary/new"
+      assert_redirected_to "/diary/new"
       follow_redirect!
 
       # should be carried through to a normal login with a message
@@ -53,19 +53,17 @@ class UserTermsSeenTest < ActionDispatch::IntegrationTest
       get_via_redirect "/login"
       assert_response :success
       assert_template "user/login"
-      post "/login", "username" => user.email, "password" => "test", :referer => "/"
+      post "/login", :username => user.email, :password => "test", :referer => "/diary/new"
       assert_response :redirect
       # but now we need to look at the terms
-      assert_redirected_to "controller" => "user", "action" => "terms", :referer => "/"
-      follow_redirect!
-      assert_response :success
+      assert_redirected_to :controller => :user, :action => :terms, :referer => "/diary/new"
 
       # check that if we go somewhere else now, it redirects
       # back to the terms page.
       get "/traces/mine"
-      assert_redirected_to "controller" => "user", "action" => "terms", :referer => "/traces/mine"
-      get "/traces/mine", :referer => "/test"
-      assert_redirected_to "controller" => "user", "action" => "terms", :referer => "/test"
+      assert_redirected_to :controller => :user, :action => :terms, :referer => "/traces/mine"
+      get "/traces/mine", :referer => "/diary/new"
+      assert_redirected_to :controller => :user, :action => :terms, :referer => "/diary/new"
     end
   end