From 9f94a70c3e3d9bf766cb9663b0a904d30a190d85 Mon Sep 17 00:00:00 2001 From: simon Date: Sun, 8 Feb 2009 23:15:11 +0100 Subject: * initial commit of the stripped restful-authentication * http basic auth and login from cookie have been removed * no it does not work yet, it's so f*cking secure, it won't even let legitimate users login --- test/functional/sessions_controller_test.rb | 82 +++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 test/functional/sessions_controller_test.rb (limited to 'test/functional') diff --git a/test/functional/sessions_controller_test.rb b/test/functional/sessions_controller_test.rb new file mode 100644 index 0000000..e53bcd8 --- /dev/null +++ b/test/functional/sessions_controller_test.rb @@ -0,0 +1,82 @@ +require File.dirname(__FILE__) + '/../test_helper' +require 'sessions_controller' + +# Re-raise errors caught by the controller. +class SessionsController; def rescue_action(e) raise e end; end + +class SessionsControllerTest < ActionController::TestCase + # Be sure to include AuthenticatedTestHelper in test/test_helper.rb instead + # Then, you can remove it from this and the units test. + include AuthenticatedTestHelper + + fixtures :users + + def test_should_login_and_redirect + post :create, :login => 'quentin', :password => 'monkey' + assert session[:user_id] + assert_response :redirect + end + + def test_should_fail_login_and_not_redirect + post :create, :login => 'quentin', :password => 'bad password' + assert_nil session[:user_id] + assert_response :success + end + + def test_should_logout + login_as :quentin + get :destroy + assert_nil session[:user_id] + assert_response :redirect + end + + def test_should_remember_me + @request.cookies["auth_token"] = nil + post :create, :login => 'quentin', :password => 'monkey', :remember_me => "1" + assert_not_nil @response.cookies["auth_token"] + end + + def test_should_not_remember_me + @request.cookies["auth_token"] = nil + post :create, :login => 'quentin', :password => 'monkey', :remember_me => "0" + puts @response.cookies["auth_token"] + assert @response.cookies["auth_token"].blank? + end + + def test_should_delete_token_on_logout + login_as :quentin + get :destroy + assert @response.cookies["auth_token"].blank? + end + + def test_should_login_with_cookie + users(:quentin).remember_me + @request.cookies["auth_token"] = cookie_for(:quentin) + get :new + assert @controller.send(:logged_in?) + end + + def test_should_fail_expired_cookie_login + users(:quentin).remember_me + users(:quentin).update_attribute :remember_token_expires_at, 5.minutes.ago + @request.cookies["auth_token"] = cookie_for(:quentin) + get :new + assert !@controller.send(:logged_in?) + end + + def test_should_fail_cookie_login + users(:quentin).remember_me + @request.cookies["auth_token"] = auth_token('invalid_auth_token') + get :new + assert !@controller.send(:logged_in?) + end + + protected + def auth_token(token) + CGI::Cookie.new('name' => 'auth_token', 'value' => token) + end + + def cookie_for(user) + auth_token users(user).remember_token + end +end -- cgit v1.3