summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAzul <azul@riseup.net>2017-09-08 09:16:53 +0200
committerAzul <azul@riseup.net>2017-09-08 09:16:53 +0200
commit35b710c968d6e71e4d4210dbc2e00abc6f14f513 (patch)
treeef23e50a234a4a84c8be43b3e91e3ab00fb2a995
parentc09411e976c3a0fcf2b9c83e16ae06385056fa50 (diff)
parentd3bf6146d167755afa33fcf2580e46f83064f005 (diff)
Merge remote-tracking branch 'origin/master' into master
-rw-r--r--Gemfile2
-rw-r--r--Gemfile.lock6
-rw-r--r--test/integration/api/login_test.rb4
-rw-r--r--test/integration/browser/account_livecycle_test.rb4
-rw-r--r--test/integration/browser/account_livecycle_test.rb.orig153
5 files changed, 6 insertions, 163 deletions
diff --git a/Gemfile b/Gemfile
index 744ef5f..596f280 100644
--- a/Gemfile
+++ b/Gemfile
@@ -87,7 +87,7 @@ group :production do
end
group :development do
- gem "better_errors"
+ # gem "better_errors" << currently incompatible with haml
gem "binding_of_caller"
end
diff --git a/Gemfile.lock b/Gemfile.lock
index 0ac293b..8a2abc2 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -65,10 +65,6 @@ GEM
arel (6.0.4)
autoprefixer-rails (7.1.2.4)
execjs
- better_errors (2.3.0)
- coderay (>= 1.0.0)
- erubi (>= 1.0.0)
- rack (>= 0.9.0)
binding_of_caller (0.7.2)
debug_inspector (>= 0.0.1)
bootstrap-sass (3.3.7)
@@ -130,7 +126,6 @@ GEM
domain_name (0.5.20170404)
unf (>= 0.0.5, < 1.0.0)
equalizer (0.0.11)
- erubi (1.6.1)
erubis (2.7.0)
execjs (2.7.0)
factory_girl (4.8.0)
@@ -351,7 +346,6 @@ PLATFORMS
DEPENDENCIES
SyslogLogger (~> 2.0)
- better_errors
binding_of_caller
bootstrap-sass
byebug
diff --git a/test/integration/api/login_test.rb b/test/integration/api/login_test.rb
index 22047bc..97e0ff6 100644
--- a/test/integration/api/login_test.rb
+++ b/test/integration/api/login_test.rb
@@ -22,7 +22,7 @@ class LoginTest < SrpTest
test "wrong password login attempt" do
authenticate password: "wrong password"
- assert_json_error "base" => "Not a valid username/password combination"
+ assert_json_error "base" => I18n.t(:invalid_user_pass)
assert !last_response.successful?
assert_nil server_auth["M2"]
end
@@ -31,7 +31,7 @@ class LoginTest < SrpTest
assert_raises RECORD_NOT_FOUND do
authenticate login: "wrong login"
end
- assert_json_error "base" => "Not a valid username/password combination"
+ assert_json_error "base" => I18n.t(:invalid_user_pass)
assert !last_response.successful?
assert_nil server_auth
end
diff --git a/test/integration/browser/account_livecycle_test.rb b/test/integration/browser/account_livecycle_test.rb
index 694ff9c..cfab444 100644
--- a/test/integration/browser/account_livecycle_test.rb
+++ b/test/integration/browser/account_livecycle_test.rb
@@ -2,6 +2,8 @@ require 'test_helper'
class AccountLivecycleTest < BrowserIntegrationTest
+ include ActionView::Helpers::SanitizeHelper
+
teardown do
Identity.destroy_all_orphaned
end
@@ -115,7 +117,7 @@ class AccountLivecycleTest < BrowserIntegrationTest
def assert_invalid_login(page)
assert page.has_selector? '.btn-primary.disabled'
- assert page.has_content? I18n.t(:invalid_user_pass)
+ assert page.has_content? sanitize(I18n.t(:invalid_user_pass), tags: [])
assert page.has_no_selector? '.btn-primary.disabled'
end
diff --git a/test/integration/browser/account_livecycle_test.rb.orig b/test/integration/browser/account_livecycle_test.rb.orig
deleted file mode 100644
index d1f800b..0000000
--- a/test/integration/browser/account_livecycle_test.rb.orig
+++ /dev/null
@@ -1,153 +0,0 @@
-require 'test_helper'
-
-class AccountLivecycleTest < BrowserIntegrationTest
-
- teardown do
- Identity.destroy_all_orphaned
- end
-
- test "signup successfully when invited" do
- username, password = submit_signup
- assert page.has_content?("Welcome #{username}")
- click_on 'Log Out'
- assert page.has_content?("Log In")
- assert_equal '/', current_path
- assert user = User.find_by_login(username)
- user.account.destroy
- end
-
- test "signup successfully without invitation" do
- with_config invite_required: false do
-
- username ||= "test_#{SecureRandom.urlsafe_base64}".downcase
- password ||= SecureRandom.base64
-
- visit '/users/new'
- fill_in 'Username', with: username
- fill_in 'Password', with: password
- fill_in 'Password confirmation', with: password
- click_on 'Sign Up'
-
- assert page.has_content?("Welcome #{username}")
- end
- end
-
- test "signup with username ending in dot json" do
- username = Faker::Internet.user_name + '.json'
- submit_signup username
- assert page.has_content?("Welcome #{username}")
- end
-
- test "signup with reserved username" do
- username = 'certmaster'
- submit_signup username
- assert page.has_content?("is reserved.")
- end
-
- test "successful login" do
- username, password = submit_signup
- click_on 'Log Out'
- attempt_login(username, password)
- assert page.has_content?("Welcome #{username}")
- within('.sidenav li.active') do
- assert page.has_content?("Overview")
- end
- User.find_by_login(username).account.destroy
- end
-
- test "failed login" do
- visit '/'
- attempt_login("username", "wrong password")
- assert_invalid_login(page)
- end
-
- test "account destruction" do
- username, password = submit_signup
-
- click_on I18n.t('account_settings')
- click_on I18n.t('destroy_my_account')
- assert page.has_content?(I18n.t('account_destroyed'))
- assert_equal 1, Identity.by_address.key("#{username}@test.me").count
- attempt_login(username, password)
- assert_invalid_login(page)
- end
-
- test "handle blocked after account destruction" do
- username, password = submit_signup
- click_on I18n.t('account_settings')
- click_on I18n.t('destroy_my_account')
- submit_signup(username)
- assert page.has_content?('has already been taken')
- end
-
- test "change pgp key" do
- with_config user_actions: ['change_pgp_key'] do
- pgp_key = FactoryGirl.build :pgp_key
- login
- click_on "Account Settings"
- within('#update_pgp_key') do
- fill_in 'Public key', with: pgp_key
- click_on 'Save'
- end
- page.assert_selector 'input[value="Saving..."]'
- # at some point we're done:
- page.assert_no_selector 'input[value="Saving..."]'
- assert page.has_field? 'Public key', with: pgp_key.to_s
- @user.reload
- assert_equal pgp_key, @user.public_key
- end
- end
-
-<<<<<<< HEAD:test/integration/browser/account_livecycle_test.rb
-=======
-
- # trying to seed an invalid A for srp login
- test "detects attempt to circumvent SRP" do
- InviteCodeValidator.any_instance.stubs(:validate)
-
- user = FactoryGirl.create :user
- visit '/login'
- fill_in 'Username', with: user.login
- fill_in 'Password', with: "password"
- inject_malicious_js
- click_on 'Log In'
- assert page.has_content?("Invalid random key")
- assert page.has_no_content?("Welcome")
- user.destroy
- end
-
- test "reports internal server errors" do
- Api::UsersController.any_instance.stubs(:create).raises
- submit_signup
- assert page.has_content?("server failed")
- end
-
- test "does not render signup form without js" do
- Capybara.current_driver = :rack_test # no js
- visit '/signup'
- assert page.has_no_content?("Username")
- assert page.has_no_content?("Password")
- end
-
- test "does not render login form without js" do
- Capybara.current_driver = :rack_test # no js
- visit '/login'
- assert page.has_no_content?("Username")
- assert page.has_no_content?("Password")
- end
-
->>>>>>> api: allow version bumping - bump to 2:test/integration/browser/account_test.rb
- def attempt_login(username, password)
- click_on 'Log In'
- fill_in 'Username', with: username
- fill_in 'Password', with: password
- click_on 'Log In'
- end
-
- def assert_invalid_login(page)
- assert page.has_selector? '.btn-primary.disabled'
- assert page.has_content? I18n.t(:invalid_user_pass)
- assert page.has_no_selector? '.btn-primary.disabled'
- end
-
-end