diff options
| author | simon <simon@zagal.(none)> | 2009-02-08 23:15:11 +0100 |
|---|---|---|
| committer | hukl <hukl@eight.local> | 2009-02-15 20:22:01 +0100 |
| commit | 9f94a70c3e3d9bf766cb9663b0a904d30a190d85 (patch) | |
| tree | 4b4bbf567ec60a939d024b083b478d72476700a5 /test/functional | |
| parent | 48ffd4eb446bcaeba7651758ec3002f342702249 (diff) | |
* initial commit of the stripped restful-authentication
* http basic auth and login from cookie have been removed
* no it does not work yet, it's so f*cking secure, it won't even let legitimate users login
Diffstat (limited to 'test/functional')
| -rw-r--r-- | test/functional/sessions_controller_test.rb | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/test/functional/sessions_controller_test.rb b/test/functional/sessions_controller_test.rb new file mode 100644 index 0000000..e53bcd8 --- /dev/null +++ b/test/functional/sessions_controller_test.rb | |||
| @@ -0,0 +1,82 @@ | |||
| 1 | require File.dirname(__FILE__) + '/../test_helper' | ||
| 2 | require 'sessions_controller' | ||
| 3 | |||
| 4 | # Re-raise errors caught by the controller. | ||
| 5 | class SessionsController; def rescue_action(e) raise e end; end | ||
| 6 | |||
| 7 | class SessionsControllerTest < ActionController::TestCase | ||
| 8 | # Be sure to include AuthenticatedTestHelper in test/test_helper.rb instead | ||
| 9 | # Then, you can remove it from this and the units test. | ||
| 10 | include AuthenticatedTestHelper | ||
| 11 | |||
| 12 | fixtures :users | ||
| 13 | |||
| 14 | def test_should_login_and_redirect | ||
| 15 | post :create, :login => 'quentin', :password => 'monkey' | ||
| 16 | assert session[:user_id] | ||
| 17 | assert_response :redirect | ||
| 18 | end | ||
| 19 | |||
| 20 | def test_should_fail_login_and_not_redirect | ||
| 21 | post :create, :login => 'quentin', :password => 'bad password' | ||
| 22 | assert_nil session[:user_id] | ||
| 23 | assert_response :success | ||
| 24 | end | ||
| 25 | |||
| 26 | def test_should_logout | ||
| 27 | login_as :quentin | ||
| 28 | get :destroy | ||
| 29 | assert_nil session[:user_id] | ||
| 30 | assert_response :redirect | ||
| 31 | end | ||
| 32 | |||
| 33 | def test_should_remember_me | ||
| 34 | @request.cookies["auth_token"] = nil | ||
| 35 | post :create, :login => 'quentin', :password => 'monkey', :remember_me => "1" | ||
| 36 | assert_not_nil @response.cookies["auth_token"] | ||
| 37 | end | ||
| 38 | |||
| 39 | def test_should_not_remember_me | ||
| 40 | @request.cookies["auth_token"] = nil | ||
| 41 | post :create, :login => 'quentin', :password => 'monkey', :remember_me => "0" | ||
| 42 | puts @response.cookies["auth_token"] | ||
| 43 | assert @response.cookies["auth_token"].blank? | ||
| 44 | end | ||
| 45 | |||
| 46 | def test_should_delete_token_on_logout | ||
| 47 | login_as :quentin | ||
| 48 | get :destroy | ||
| 49 | assert @response.cookies["auth_token"].blank? | ||
| 50 | end | ||
| 51 | |||
| 52 | def test_should_login_with_cookie | ||
| 53 | users(:quentin).remember_me | ||
| 54 | @request.cookies["auth_token"] = cookie_for(:quentin) | ||
| 55 | get :new | ||
| 56 | assert @controller.send(:logged_in?) | ||
| 57 | end | ||
| 58 | |||
| 59 | def test_should_fail_expired_cookie_login | ||
| 60 | users(:quentin).remember_me | ||
| 61 | users(:quentin).update_attribute :remember_token_expires_at, 5.minutes.ago | ||
| 62 | @request.cookies["auth_token"] = cookie_for(:quentin) | ||
| 63 | get :new | ||
| 64 | assert !@controller.send(:logged_in?) | ||
| 65 | end | ||
| 66 | |||
| 67 | def test_should_fail_cookie_login | ||
| 68 | users(:quentin).remember_me | ||
| 69 | @request.cookies["auth_token"] = auth_token('invalid_auth_token') | ||
| 70 | get :new | ||
| 71 | assert !@controller.send(:logged_in?) | ||
| 72 | end | ||
| 73 | |||
| 74 | protected | ||
| 75 | def auth_token(token) | ||
| 76 | CGI::Cookie.new('name' => 'auth_token', 'value' => token) | ||
| 77 | end | ||
| 78 | |||
| 79 | def cookie_for(user) | ||
| 80 | auth_token users(user).remember_token | ||
| 81 | end | ||
| 82 | end | ||
