summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorsimon <simon@zagal.(none)>2009-02-08 23:15:11 +0100
committerhukl <hukl@eight.local>2009-02-15 20:22:01 +0100
commit9f94a70c3e3d9bf766cb9663b0a904d30a190d85 (patch)
tree4b4bbf567ec60a939d024b083b478d72476700a5 /test
parent48ffd4eb446bcaeba7651758ec3002f342702249 (diff)
* initial commit of the stripped restful-authentication
* http basic auth and login from cookie have been removed * no it does not work yet, it's so f*cking secure, it won't even let legitimate users login
Diffstat (limited to 'test')
-rw-r--r--test/fixtures/users.yml27
-rw-r--r--test/functional/sessions_controller_test.rb82
-rw-r--r--test/unit/user_test.rb64
3 files changed, 158 insertions, 15 deletions
diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml
index 74fafbd..3abe206 100644
--- a/test/fixtures/users.yml
+++ b/test/fixtures/users.yml
@@ -1,13 +1,18 @@
1# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
2 1
3one: 2quentin:
4 login: MyString 3 id: 1
5 email: MyString 4 login: quentin
6 crypted_password: MyString 5 email: quentin@example.com
7 salt: MyString 6 salt: 356a192b7913b04c54574d18c28d46e6395428ab # SHA1('0')
7 crypted_password: 89e27e324f2dee0fb72034631aa1bc3ca28ea574 # 'monkey'
8 created_at: <%= 5.days.ago.to_s :db %>
9
10aaron:
11 id: 2
12 login: aaron
13 email: aaron@example.com
14 salt: da4b9237bacccdf19c0760cab7aec4a8359010b0 # SHA1('1')
15 crypted_password: cf39f8e6972c25ac72ccc801cab755ef15bca09b # 'monkey'
16 created_at: <%= 1.days.ago.to_s :db %>
17
8 18
9two:
10 login: MyString
11 email: MyString
12 crypted_password: MyString
13 salt: MyString
diff --git a/test/functional/sessions_controller_test.rb b/test/functional/sessions_controller_test.rb
new file mode 100644
index 0000000..e53bcd8
--- /dev/null
+++ b/test/functional/sessions_controller_test.rb
@@ -0,0 +1,82 @@
1require File.dirname(__FILE__) + '/../test_helper'
2require 'sessions_controller'
3
4# Re-raise errors caught by the controller.
5class SessionsController; def rescue_action(e) raise e end; end
6
7class SessionsControllerTest < ActionController::TestCase
8 # Be sure to include AuthenticatedTestHelper in test/test_helper.rb instead
9 # Then, you can remove it from this and the units test.
10 include AuthenticatedTestHelper
11
12 fixtures :users
13
14 def test_should_login_and_redirect
15 post :create, :login => 'quentin', :password => 'monkey'
16 assert session[:user_id]
17 assert_response :redirect
18 end
19
20 def test_should_fail_login_and_not_redirect
21 post :create, :login => 'quentin', :password => 'bad password'
22 assert_nil session[:user_id]
23 assert_response :success
24 end
25
26 def test_should_logout
27 login_as :quentin
28 get :destroy
29 assert_nil session[:user_id]
30 assert_response :redirect
31 end
32
33 def test_should_remember_me
34 @request.cookies["auth_token"] = nil
35 post :create, :login => 'quentin', :password => 'monkey', :remember_me => "1"
36 assert_not_nil @response.cookies["auth_token"]
37 end
38
39 def test_should_not_remember_me
40 @request.cookies["auth_token"] = nil
41 post :create, :login => 'quentin', :password => 'monkey', :remember_me => "0"
42 puts @response.cookies["auth_token"]
43 assert @response.cookies["auth_token"].blank?
44 end
45
46 def test_should_delete_token_on_logout
47 login_as :quentin
48 get :destroy
49 assert @response.cookies["auth_token"].blank?
50 end
51
52 def test_should_login_with_cookie
53 users(:quentin).remember_me
54 @request.cookies["auth_token"] = cookie_for(:quentin)
55 get :new
56 assert @controller.send(:logged_in?)
57 end
58
59 def test_should_fail_expired_cookie_login
60 users(:quentin).remember_me
61 users(:quentin).update_attribute :remember_token_expires_at, 5.minutes.ago
62 @request.cookies["auth_token"] = cookie_for(:quentin)
63 get :new
64 assert !@controller.send(:logged_in?)
65 end
66
67 def test_should_fail_cookie_login
68 users(:quentin).remember_me
69 @request.cookies["auth_token"] = auth_token('invalid_auth_token')
70 get :new
71 assert !@controller.send(:logged_in?)
72 end
73
74 protected
75 def auth_token(token)
76 CGI::Cookie.new('name' => 'auth_token', 'value' => token)
77 end
78
79 def cookie_for(user)
80 auth_token users(user).remember_token
81 end
82end
diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb
index a64d2d3..47e3129 100644
--- a/test/unit/user_test.rb
+++ b/test/unit/user_test.rb
@@ -1,8 +1,64 @@
1require 'test_helper' 1require File.dirname(__FILE__) + '/../test_helper'
2 2
3class UserTest < ActiveSupport::TestCase 3class UserTest < ActiveSupport::TestCase
4 # Replace this with your real tests. 4 # Be sure to include AuthenticatedTestHelper in test/test_helper.rb instead.
5 test "the truth" do 5 # Then, you can remove it from this and the functional test.
6 assert true 6 include AuthenticatedTestHelper
7 fixtures :users
8
9 def test_should_create_user
10 assert_difference 'User.count' do
11 user = create_user
12 assert !user.new_record?, "#{user.errors.full_messages.to_sentence}"
13 end
14 end
15
16 def test_should_require_login
17 assert_no_difference 'User.count' do
18 u = create_user(:login => nil)
19 assert u.errors.on(:login)
20 end
21 end
22
23 def test_should_require_password
24 assert_no_difference 'User.count' do
25 u = create_user(:password => nil)
26 assert u.errors.on(:password)
27 end
28 end
29
30 def test_should_require_password_confirmation
31 assert_no_difference 'User.count' do
32 u = create_user(:password_confirmation => nil)
33 assert u.errors.on(:password_confirmation)
34 end
35 end
36
37 def test_should_require_email
38 assert_no_difference 'User.count' do
39 u = create_user(:email => nil)
40 assert u.errors.on(:email)
41 end
42 end
43
44 def test_should_reset_password
45 users(:quentin).update_attributes(:password => 'new password', :password_confirmation => 'new password')
46 assert_equal users(:quentin), User.authenticate('quentin', 'new password')
47 end
48
49 def test_should_not_rehash_password
50 users(:quentin).update_attributes(:login => 'quentin2')
51 assert_equal users(:quentin), User.authenticate('quentin2', 'monkey')
52 end
53
54 def test_should_authenticate_user
55 assert_equal users(:quentin), User.authenticate('quentin', 'monkey')
56 end
57
58protected
59 def create_user(options = {})
60 record = User.new({ :login => 'quire', :email => 'quire@example.com', :password => 'quire69', :password_confirmation => 'quire69' }.merge(options))
61 record.save
62 record
7 end 63 end
8end 64end