From 9f94a70c3e3d9bf766cb9663b0a904d30a190d85 Mon Sep 17 00:00:00 2001 From: simon Date: Sun, 8 Feb 2009 23:15:11 +0100 Subject: * initial commit of the stripped restful-authentication * http basic auth and login from cookie have been removed * no it does not work yet, it's so f*cking secure, it won't even let legitimate users login --- test/fixtures/users.yml | 27 ++++++---- test/functional/sessions_controller_test.rb | 82 +++++++++++++++++++++++++++++ test/unit/user_test.rb | 64 ++++++++++++++++++++-- 3 files changed, 158 insertions(+), 15 deletions(-) create mode 100644 test/functional/sessions_controller_test.rb (limited to 'test') diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml index 74fafbd..3abe206 100644 --- a/test/fixtures/users.yml +++ b/test/fixtures/users.yml @@ -1,13 +1,18 @@ -# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html -one: - login: MyString - email: MyString - crypted_password: MyString - salt: MyString +quentin: + id: 1 + login: quentin + email: quentin@example.com + salt: 356a192b7913b04c54574d18c28d46e6395428ab # SHA1('0') + crypted_password: 89e27e324f2dee0fb72034631aa1bc3ca28ea574 # 'monkey' + created_at: <%= 5.days.ago.to_s :db %> + +aaron: + id: 2 + login: aaron + email: aaron@example.com + salt: da4b9237bacccdf19c0760cab7aec4a8359010b0 # SHA1('1') + crypted_password: cf39f8e6972c25ac72ccc801cab755ef15bca09b # 'monkey' + created_at: <%= 1.days.ago.to_s :db %> + -two: - login: MyString - email: MyString - crypted_password: MyString - salt: MyString diff --git a/test/functional/sessions_controller_test.rb b/test/functional/sessions_controller_test.rb new file mode 100644 index 0000000..e53bcd8 --- /dev/null +++ b/test/functional/sessions_controller_test.rb @@ -0,0 +1,82 @@ +require File.dirname(__FILE__) + '/../test_helper' +require 'sessions_controller' + +# Re-raise errors caught by the controller. +class SessionsController; def rescue_action(e) raise e end; end + +class SessionsControllerTest < ActionController::TestCase + # Be sure to include AuthenticatedTestHelper in test/test_helper.rb instead + # Then, you can remove it from this and the units test. + include AuthenticatedTestHelper + + fixtures :users + + def test_should_login_and_redirect + post :create, :login => 'quentin', :password => 'monkey' + assert session[:user_id] + assert_response :redirect + end + + def test_should_fail_login_and_not_redirect + post :create, :login => 'quentin', :password => 'bad password' + assert_nil session[:user_id] + assert_response :success + end + + def test_should_logout + login_as :quentin + get :destroy + assert_nil session[:user_id] + assert_response :redirect + end + + def test_should_remember_me + @request.cookies["auth_token"] = nil + post :create, :login => 'quentin', :password => 'monkey', :remember_me => "1" + assert_not_nil @response.cookies["auth_token"] + end + + def test_should_not_remember_me + @request.cookies["auth_token"] = nil + post :create, :login => 'quentin', :password => 'monkey', :remember_me => "0" + puts @response.cookies["auth_token"] + assert @response.cookies["auth_token"].blank? + end + + def test_should_delete_token_on_logout + login_as :quentin + get :destroy + assert @response.cookies["auth_token"].blank? + end + + def test_should_login_with_cookie + users(:quentin).remember_me + @request.cookies["auth_token"] = cookie_for(:quentin) + get :new + assert @controller.send(:logged_in?) + end + + def test_should_fail_expired_cookie_login + users(:quentin).remember_me + users(:quentin).update_attribute :remember_token_expires_at, 5.minutes.ago + @request.cookies["auth_token"] = cookie_for(:quentin) + get :new + assert !@controller.send(:logged_in?) + end + + def test_should_fail_cookie_login + users(:quentin).remember_me + @request.cookies["auth_token"] = auth_token('invalid_auth_token') + get :new + assert !@controller.send(:logged_in?) + end + + protected + def auth_token(token) + CGI::Cookie.new('name' => 'auth_token', 'value' => token) + end + + def cookie_for(user) + auth_token users(user).remember_token + end +end diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb index a64d2d3..47e3129 100644 --- a/test/unit/user_test.rb +++ b/test/unit/user_test.rb @@ -1,8 +1,64 @@ -require 'test_helper' +require File.dirname(__FILE__) + '/../test_helper' class UserTest < ActiveSupport::TestCase - # Replace this with your real tests. - test "the truth" do - assert true + # Be sure to include AuthenticatedTestHelper in test/test_helper.rb instead. + # Then, you can remove it from this and the functional test. + include AuthenticatedTestHelper + fixtures :users + + def test_should_create_user + assert_difference 'User.count' do + user = create_user + assert !user.new_record?, "#{user.errors.full_messages.to_sentence}" + end + end + + def test_should_require_login + assert_no_difference 'User.count' do + u = create_user(:login => nil) + assert u.errors.on(:login) + end + end + + def test_should_require_password + assert_no_difference 'User.count' do + u = create_user(:password => nil) + assert u.errors.on(:password) + end + end + + def test_should_require_password_confirmation + assert_no_difference 'User.count' do + u = create_user(:password_confirmation => nil) + assert u.errors.on(:password_confirmation) + end + end + + def test_should_require_email + assert_no_difference 'User.count' do + u = create_user(:email => nil) + assert u.errors.on(:email) + end + end + + def test_should_reset_password + users(:quentin).update_attributes(:password => 'new password', :password_confirmation => 'new password') + assert_equal users(:quentin), User.authenticate('quentin', 'new password') + end + + def test_should_not_rehash_password + users(:quentin).update_attributes(:login => 'quentin2') + assert_equal users(:quentin), User.authenticate('quentin2', 'monkey') + end + + def test_should_authenticate_user + assert_equal users(:quentin), User.authenticate('quentin', 'monkey') + end + +protected + def create_user(options = {}) + record = User.new({ :login => 'quire', :email => 'quire@example.com', :password => 'quire69', :password_confirmation => 'quire69' }.merge(options)) + record.save + record end end -- cgit v1.3