Project

General

Profile

Download (8.4 KB) Statistics
| Branch: | Tag: | Revision:

foreman/test/functional/users_controller_test.rb @ acfbc458

require 'test_helper'

class UsersControllerTest < ActionController::TestCase
def setup
setup_users
Setting::Auth.load_defaults
end

test "should get index" do
get :index, {}, set_session_user
assert_response :success
end

test "should get edit" do
u = User.new :login => "foo", :mail => "foo@bar.com", :auth_source => auth_sources(:one)
assert u.save!
logger.info "************ ID = #{u.id}"
get :edit, {:id => u.id}, set_session_user
assert_response :success
end

test "should create regular user" do
post :create, {
:user => {
:login => "foo",
:mail => "foo@bar.com",
}
}, set_session_user
assert_equal @response.status, 200
end

test "should create admin user" do
post :create, {
:user => {
:login => "foo",
:admin => true,
:mail => "foo@bar.com",
}
}, set_session_user
assert_equal @response.status, 200
end

test "should update user" do
user = User.create :login => "foo", :mail => "foo@bar.com", :auth_source => auth_sources(:one)

put :update, { :id => user.id, :user => {:login => "johnsmith"} }, set_session_user
mod_user = User.find_by_id(user.id)

assert mod_user.login == "johnsmith"
assert_redirected_to users_path
end

def test_one #"should not remove the anonymous role" do
user = User.create :login => "foo", :mail => "foo@bar.com", :auth_source => auth_sources(:one)

assert user.roles =([roles(:anonymous)])

put :update, { :id => user.id, :user => {:login => "johnsmith"} }, set_session_user
mod_user = User.find_by_id(user.id)

assert mod_user.roles =([roles(:anonymous)])
end

test "should set password" do
user = User.new :login => "foo", :mail => "foo@bar.com", :firstname => "john", :lastname => "smith", :auth_source => auth_sources(:internal)
user.password = "changeme"
assert user.save

put :update, {:id => user.id,
:user => {
:login => "johnsmith", :password => "dummy", :password_confirmation => "dummy"
},
}, set_session_user
mod_user = User.find_by_id(user.id)

assert mod_user.matching_password?("dummy")
assert_redirected_to users_path
end

test "should detect password validation mismatches" do
user = User.new :login => "foo", :mail => "foo@bar.com", :firstname => "john", :lastname => "smith", :auth_source => auth_sources(:internal)
user.password = "changeme"
assert user.save

put :update, {:id => user.id,
:user => {
:login => "johnsmith", :password => "dummy", :password_confirmation => "DUMMY"
},
}, set_session_user
mod_user = User.find_by_id(user.id)

assert mod_user.matching_password?("changeme")
assert_template :edit
end

test "should not ask for confirmation if no password is set" do
user = User.new :login => "foo", :mail => "foo@bar.com", :firstname => "john", :lastname => "smith", :auth_source => auth_sources(:internal)
user.password = "changeme"
assert user.save

put :update, {:id => user.id,
:user => { :login => "foobar" },
}, set_session_user

assert_redirected_to users_url
end

test "should delete different user" do
user = users(:one)
delete :destroy, {:id => user}, set_session_user.merge(:user => users(:admin))
assert_redirected_to users_url
assert !User.exists?(user.id)
end

test "should modify session when locale is updated" do
User.current = User.admin
put :update, { :id => User.admin.id, :user => { :locale => "cs" } }, set_session_user
assert_redirected_to users_url
assert_equal "cs", User.admin.locale

put :update, { :id => User.admin.id, :user => { :locale => "" } }, set_session_user
assert_nil User.admin.locale
assert_nil session[:locale]
end

test "should not delete same user" do
return unless SETTINGS[:login]
@request.env['HTTP_REFERER'] = users_path
user = users(:one)
user.update_attribute :admin, true
delete :destroy, {:id => user.id}, set_session_user.merge(:user => user.id)
assert_redirected_to users_url
assert User.exists?(user)
assert @request.flash[:notice] == "You are currently logged in, suicidal?"
end

test 'user with viewer rights should fail to edit a user' do
get :edit, {:id => User.first.id}
assert_response 404
end

test 'user with viewer rights should succeed in viewing users' do
get :index
assert_response :success
end

test "should clear the current user after processing the request" do
get :index, {}, set_session_user
assert User.current.nil?
end

test "should set user as owner of hostgroup children if owner of hostgroup root" do
User.current = User.first
sample_user = users(:one)

Hostgroup.new(:name => "root").save
Hostgroup.new(:name => "first" , :parent_id => Hostgroup.find_by_name("root").id).save
Hostgroup.new(:name => "second", :parent_id => Hostgroup.find_by_name("first").id).save

update_hash = {"user"=>{ "login" => sample_user.login,
"hostgroup_ids" => ["", Hostgroup.find_by_name("root").id.to_s] },
"id" => sample_user.id }

put :update, update_hash , set_session_user

assert_equal Hostgroup.find_by_name("first").users.first , sample_user
assert_equal Hostgroup.find_by_name("second").users.first, sample_user
end

test "should not be able to remove the admin flag from the admin account" do
user = User.create :login => "foo", :mail => "foo@bar.com", :auth_source => auth_sources(:one)
user.admin = true
user.save!

target = users(:admin)
update_hash = {"user"=>{
"login" => target.login,
"admin" => false},
"id" => target.id}
put :update, update_hash, set_session_user.merge(:user => user.id)

assert User.find_by_login(:admin).admin
assert_template :edit
end

test "should be able to create user without mail and update the mail later" do
user = User.create :login => "mailess", :mail=> nil, :auth_source => auth_sources(:one)
user.admin = true
user.save!(:validate => false)

update_hash = {"user"=>{
"login" => user.login,
"mail" => "you@have.mail"},
"id" => user.id}
put :update, update_hash, set_session_user.merge(:user => user.id)

assert !User.find_by_login(user.login).mail.blank?
end

test "should login external user" do
Setting['authorize_login_delegation'] = true
Setting['authorize_login_delegation_auth_source_user_autocreate'] = 'apache'
@request.env['REMOTE_USER'] = 'admin'
get :extlogin, {}, {}
assert_redirected_to hosts_path
end

test "should login external user preserving uri" do
Setting['authorize_login_delegation'] = true
Setting['authorize_login_delegation_auth_source_user_autocreate'] = 'apache'
@request.env['REMOTE_USER'] = 'admin'
get :extlogin, {}, {:original_uri => '/test'}
assert_redirected_to '/test'
end

test "should create and login external user" do
Setting['authorize_login_delegation'] = true
Setting['authorize_login_delegation_auth_source_user_autocreate'] = 'apache_mod'
@request.env['REMOTE_USER'] = 'ares'
get :extlogin, {}, {}
assert_redirected_to edit_user_path(User.find_by_login('ares'))
end

test 'non admin user should edit itself' do
User.current = users(:one)
get :edit, { :id => User.current.id }
assert_response :success
end

test 'non admin user should be able to update itself' do
User.current = users(:one)
put :update, { :id => users(:one).id, :user => { :firstname => 'test' } }
assert_response :redirect
end

test 'user without edit permission should not be able to edit another user' do
User.current = users(:one)
get :edit, { :id => users(:two) }
assert_response 404
end

test 'user with edit permission should be able to edit another user' do
setup_user 'edit', 'users'
get :edit, { :id => users(:two) }
assert_response :success
end

test 'user without edit permission should not be able to update another user' do
User.current = users(:one)
put :update, { :id => users(:two).id, :user => { :firstname => 'test' } }
assert_response 403
end

test 'user with update permission should be able to update another user' do
setup_user 'edit', 'users'
put :update, { :id => users(:two).id, :user => { :firstname => 'test' } }

assert_response :redirect
end

end
(41-41/41)