Project

General

Profile

Download (2.15 KB) Statistics
| Branch: | Tag: | Revision:

foreman/test/functional/application_controller_subclass_test.rb @ cfa4b526

require 'test_helper'

class ::TestableController < ::ApplicationController
def index
render :text => 'dummy', :status => 200
end
end

class TestableControllerTest < ActionController::TestCase
tests ::TestableController

context "when authentication is disabled" do
setup do
User.current = nil
SETTINGS[:login] = false
end

teardown do
SETTINGS[:login] = true
end

it "does not need a username and password" do
get :index
assert_response :success
end
end

context "when authentication is enabled" do
setup do
User.current = nil
SETTINGS[:login] = true
end

it "requires a username and password" do
get :index
assert_response :redirect
end

it "retains original request URI in session" do
get :index
assert_equal '/testable', session[:original_uri]
end

context "and SSO authenticates" do
setup do
@sso = mock('dummy_sso')
@sso.stubs(:authenticated?).returns(true)
@sso.stubs(:user).returns(users(:admin).login)
@controller.stubs(:available_sso).returns(@sso)
end

it "sets the session user" do
get :index
assert_response :success
assert_equal users(:admin).id, session[:user]
end

it "changes the session ID to prevent fixation" do
@controller.expects(:reset_session)
get :index
end

it "doesn't escalate privileges in the old session" do
old_session = session
get :index
refute old_session.keys.include?(:user), "old session contains user"
assert session[:user], "new session doesn't contain user"
end

it "retains taxonomy session attributes in new session" do
get :index, {}, {:location_id => taxonomies(:location1).id,
:organization_id => taxonomies(:organization1).id,
:foo => 'bar'}
assert_equal taxonomies(:location1).id, session[:location_id]
assert_equal taxonomies(:organization1).id, session[:organization_id]
refute session[:foo], "session contains 'foo', but should have been reset"
end
end
end
end
(1-1/42)