summaryrefslogtreecommitdiff
path: root/test/functional
diff options
context:
space:
mode:
authorsimon <simon@zagal.(none)>2009-02-08 23:15:11 +0100
committerhukl <hukl@eight.local>2009-02-15 20:22:01 +0100
commit9f94a70c3e3d9bf766cb9663b0a904d30a190d85 (patch)
tree4b4bbf567ec60a939d024b083b478d72476700a5 /test/functional
parent48ffd4eb446bcaeba7651758ec3002f342702249 (diff)
* initial commit of the stripped restful-authentication
* http basic auth and login from cookie have been removed * no it does not work yet, it's so f*cking secure, it won't even let legitimate users login
Diffstat (limited to 'test/functional')
-rw-r--r--test/functional/sessions_controller_test.rb82
1 files changed, 82 insertions, 0 deletions
diff --git a/test/functional/sessions_controller_test.rb b/test/functional/sessions_controller_test.rb
new file mode 100644
index 0000000..e53bcd8
--- /dev/null
+++ b/test/functional/sessions_controller_test.rb
@@ -0,0 +1,82 @@
1require File.dirname(__FILE__) + '/../test_helper'
2require 'sessions_controller'
3
4# Re-raise errors caught by the controller.
5class SessionsController; def rescue_action(e) raise e end; end
6
7class SessionsControllerTest < ActionController::TestCase
8 # Be sure to include AuthenticatedTestHelper in test/test_helper.rb instead
9 # Then, you can remove it from this and the units test.
10 include AuthenticatedTestHelper
11
12 fixtures :users
13
14 def test_should_login_and_redirect
15 post :create, :login => 'quentin', :password => 'monkey'
16 assert session[:user_id]
17 assert_response :redirect
18 end
19
20 def test_should_fail_login_and_not_redirect
21 post :create, :login => 'quentin', :password => 'bad password'
22 assert_nil session[:user_id]
23 assert_response :success
24 end
25
26 def test_should_logout
27 login_as :quentin
28 get :destroy
29 assert_nil session[:user_id]
30 assert_response :redirect
31 end
32
33 def test_should_remember_me
34 @request.cookies["auth_token"] = nil
35 post :create, :login => 'quentin', :password => 'monkey', :remember_me => "1"
36 assert_not_nil @response.cookies["auth_token"]
37 end
38
39 def test_should_not_remember_me
40 @request.cookies["auth_token"] = nil
41 post :create, :login => 'quentin', :password => 'monkey', :remember_me => "0"
42 puts @response.cookies["auth_token"]
43 assert @response.cookies["auth_token"].blank?
44 end
45
46 def test_should_delete_token_on_logout
47 login_as :quentin
48 get :destroy
49 assert @response.cookies["auth_token"].blank?
50 end
51
52 def test_should_login_with_cookie
53 users(:quentin).remember_me
54 @request.cookies["auth_token"] = cookie_for(:quentin)
55 get :new
56 assert @controller.send(:logged_in?)
57 end
58
59 def test_should_fail_expired_cookie_login
60 users(:quentin).remember_me
61 users(:quentin).update_attribute :remember_token_expires_at, 5.minutes.ago
62 @request.cookies["auth_token"] = cookie_for(:quentin)
63 get :new
64 assert !@controller.send(:logged_in?)
65 end
66
67 def test_should_fail_cookie_login
68 users(:quentin).remember_me
69 @request.cookies["auth_token"] = auth_token('invalid_auth_token')
70 get :new
71 assert !@controller.send(:logged_in?)
72 end
73
74 protected
75 def auth_token(token)
76 CGI::Cookie.new('name' => 'auth_token', 'value' => token)
77 end
78
79 def cookie_for(user)
80 auth_token users(user).remember_token
81 end
82end