diff options
| author | simon <simon@zagal.(none)> | 2009-02-08 23:15:11 +0100 |
|---|---|---|
| committer | hukl <hukl@eight.local> | 2009-02-15 20:22:01 +0100 |
| commit | 9f94a70c3e3d9bf766cb9663b0a904d30a190d85 (patch) | |
| tree | 4b4bbf567ec60a939d024b083b478d72476700a5 /test | |
| parent | 48ffd4eb446bcaeba7651758ec3002f342702249 (diff) | |
* initial commit of the stripped restful-authentication
* http basic auth and login from cookie have been removed
* no it does not work yet, it's so f*cking secure, it won't even let legitimate users login
Diffstat (limited to 'test')
| -rw-r--r-- | test/fixtures/users.yml | 27 | ||||
| -rw-r--r-- | test/functional/sessions_controller_test.rb | 82 | ||||
| -rw-r--r-- | test/unit/user_test.rb | 64 |
3 files changed, 158 insertions, 15 deletions
diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml index 74fafbd..3abe206 100644 --- a/test/fixtures/users.yml +++ b/test/fixtures/users.yml | |||
| @@ -1,13 +1,18 @@ | |||
| 1 | # Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html | ||
| 2 | 1 | ||
| 3 | one: | 2 | quentin: |
| 4 | login: MyString | 3 | id: 1 |
| 5 | email: MyString | 4 | login: quentin |
| 6 | crypted_password: MyString | 5 | email: quentin@example.com |
| 7 | salt: MyString | 6 | salt: 356a192b7913b04c54574d18c28d46e6395428ab # SHA1('0') |
| 7 | crypted_password: 89e27e324f2dee0fb72034631aa1bc3ca28ea574 # 'monkey' | ||
| 8 | created_at: <%= 5.days.ago.to_s :db %> | ||
| 9 | |||
| 10 | aaron: | ||
| 11 | id: 2 | ||
| 12 | login: aaron | ||
| 13 | email: aaron@example.com | ||
| 14 | salt: da4b9237bacccdf19c0760cab7aec4a8359010b0 # SHA1('1') | ||
| 15 | crypted_password: cf39f8e6972c25ac72ccc801cab755ef15bca09b # 'monkey' | ||
| 16 | created_at: <%= 1.days.ago.to_s :db %> | ||
| 17 | |||
| 8 | 18 | ||
| 9 | two: | ||
| 10 | login: MyString | ||
| 11 | email: MyString | ||
| 12 | crypted_password: MyString | ||
| 13 | salt: MyString | ||
diff --git a/test/functional/sessions_controller_test.rb b/test/functional/sessions_controller_test.rb new file mode 100644 index 0000000..e53bcd8 --- /dev/null +++ b/test/functional/sessions_controller_test.rb | |||
| @@ -0,0 +1,82 @@ | |||
| 1 | require File.dirname(__FILE__) + '/../test_helper' | ||
| 2 | require 'sessions_controller' | ||
| 3 | |||
| 4 | # Re-raise errors caught by the controller. | ||
| 5 | class SessionsController; def rescue_action(e) raise e end; end | ||
| 6 | |||
| 7 | class SessionsControllerTest < ActionController::TestCase | ||
| 8 | # Be sure to include AuthenticatedTestHelper in test/test_helper.rb instead | ||
| 9 | # Then, you can remove it from this and the units test. | ||
| 10 | include AuthenticatedTestHelper | ||
| 11 | |||
| 12 | fixtures :users | ||
| 13 | |||
| 14 | def test_should_login_and_redirect | ||
| 15 | post :create, :login => 'quentin', :password => 'monkey' | ||
| 16 | assert session[:user_id] | ||
| 17 | assert_response :redirect | ||
| 18 | end | ||
| 19 | |||
| 20 | def test_should_fail_login_and_not_redirect | ||
| 21 | post :create, :login => 'quentin', :password => 'bad password' | ||
| 22 | assert_nil session[:user_id] | ||
| 23 | assert_response :success | ||
| 24 | end | ||
| 25 | |||
| 26 | def test_should_logout | ||
| 27 | login_as :quentin | ||
| 28 | get :destroy | ||
| 29 | assert_nil session[:user_id] | ||
| 30 | assert_response :redirect | ||
| 31 | end | ||
| 32 | |||
| 33 | def test_should_remember_me | ||
| 34 | @request.cookies["auth_token"] = nil | ||
| 35 | post :create, :login => 'quentin', :password => 'monkey', :remember_me => "1" | ||
| 36 | assert_not_nil @response.cookies["auth_token"] | ||
| 37 | end | ||
| 38 | |||
| 39 | def test_should_not_remember_me | ||
| 40 | @request.cookies["auth_token"] = nil | ||
| 41 | post :create, :login => 'quentin', :password => 'monkey', :remember_me => "0" | ||
| 42 | puts @response.cookies["auth_token"] | ||
| 43 | assert @response.cookies["auth_token"].blank? | ||
| 44 | end | ||
| 45 | |||
| 46 | def test_should_delete_token_on_logout | ||
| 47 | login_as :quentin | ||
| 48 | get :destroy | ||
| 49 | assert @response.cookies["auth_token"].blank? | ||
| 50 | end | ||
| 51 | |||
| 52 | def test_should_login_with_cookie | ||
| 53 | users(:quentin).remember_me | ||
| 54 | @request.cookies["auth_token"] = cookie_for(:quentin) | ||
| 55 | get :new | ||
| 56 | assert @controller.send(:logged_in?) | ||
| 57 | end | ||
| 58 | |||
| 59 | def test_should_fail_expired_cookie_login | ||
| 60 | users(:quentin).remember_me | ||
| 61 | users(:quentin).update_attribute :remember_token_expires_at, 5.minutes.ago | ||
| 62 | @request.cookies["auth_token"] = cookie_for(:quentin) | ||
| 63 | get :new | ||
| 64 | assert !@controller.send(:logged_in?) | ||
| 65 | end | ||
| 66 | |||
| 67 | def test_should_fail_cookie_login | ||
| 68 | users(:quentin).remember_me | ||
| 69 | @request.cookies["auth_token"] = auth_token('invalid_auth_token') | ||
| 70 | get :new | ||
| 71 | assert !@controller.send(:logged_in?) | ||
| 72 | end | ||
| 73 | |||
| 74 | protected | ||
| 75 | def auth_token(token) | ||
| 76 | CGI::Cookie.new('name' => 'auth_token', 'value' => token) | ||
| 77 | end | ||
| 78 | |||
| 79 | def cookie_for(user) | ||
| 80 | auth_token users(user).remember_token | ||
| 81 | end | ||
| 82 | end | ||
diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb index a64d2d3..47e3129 100644 --- a/test/unit/user_test.rb +++ b/test/unit/user_test.rb | |||
| @@ -1,8 +1,64 @@ | |||
| 1 | require 'test_helper' | 1 | require File.dirname(__FILE__) + '/../test_helper' |
| 2 | 2 | ||
| 3 | class UserTest < ActiveSupport::TestCase | 3 | class UserTest < ActiveSupport::TestCase |
| 4 | # Replace this with your real tests. | 4 | # Be sure to include AuthenticatedTestHelper in test/test_helper.rb instead. |
| 5 | test "the truth" do | 5 | # Then, you can remove it from this and the functional test. |
| 6 | assert true | 6 | include AuthenticatedTestHelper |
| 7 | fixtures :users | ||
| 8 | |||
| 9 | def test_should_create_user | ||
| 10 | assert_difference 'User.count' do | ||
| 11 | user = create_user | ||
| 12 | assert !user.new_record?, "#{user.errors.full_messages.to_sentence}" | ||
| 13 | end | ||
| 14 | end | ||
| 15 | |||
| 16 | def test_should_require_login | ||
| 17 | assert_no_difference 'User.count' do | ||
| 18 | u = create_user(:login => nil) | ||
| 19 | assert u.errors.on(:login) | ||
| 20 | end | ||
| 21 | end | ||
| 22 | |||
| 23 | def test_should_require_password | ||
| 24 | assert_no_difference 'User.count' do | ||
| 25 | u = create_user(:password => nil) | ||
| 26 | assert u.errors.on(:password) | ||
| 27 | end | ||
| 28 | end | ||
| 29 | |||
| 30 | def test_should_require_password_confirmation | ||
| 31 | assert_no_difference 'User.count' do | ||
| 32 | u = create_user(:password_confirmation => nil) | ||
| 33 | assert u.errors.on(:password_confirmation) | ||
| 34 | end | ||
| 35 | end | ||
| 36 | |||
| 37 | def test_should_require_email | ||
| 38 | assert_no_difference 'User.count' do | ||
| 39 | u = create_user(:email => nil) | ||
| 40 | assert u.errors.on(:email) | ||
| 41 | end | ||
| 42 | end | ||
| 43 | |||
| 44 | def test_should_reset_password | ||
| 45 | users(:quentin).update_attributes(:password => 'new password', :password_confirmation => 'new password') | ||
| 46 | assert_equal users(:quentin), User.authenticate('quentin', 'new password') | ||
| 47 | end | ||
| 48 | |||
| 49 | def test_should_not_rehash_password | ||
| 50 | users(:quentin).update_attributes(:login => 'quentin2') | ||
| 51 | assert_equal users(:quentin), User.authenticate('quentin2', 'monkey') | ||
| 52 | end | ||
| 53 | |||
| 54 | def test_should_authenticate_user | ||
| 55 | assert_equal users(:quentin), User.authenticate('quentin', 'monkey') | ||
| 56 | end | ||
| 57 | |||
| 58 | protected | ||
| 59 | def create_user(options = {}) | ||
| 60 | record = User.new({ :login => 'quire', :email => 'quire@example.com', :password => 'quire69', :password_confirmation => 'quire69' }.merge(options)) | ||
| 61 | record.save | ||
| 62 | record | ||
| 7 | end | 63 | end |
| 8 | end | 64 | end |
