diff options
author | Azul <azul@riseup.net> | 2017-08-04 11:06:20 +0200 |
---|---|---|
committer | Azul <azul@riseup.net> | 2017-08-04 11:06:20 +0200 |
commit | 36ef16fb01865552e3fcc14c81819cbbead49169 (patch) | |
tree | e9b2091b1c9933192648038893d08163294abf96 /test/integration | |
parent | 38ce3a14652aca9b3b8d8ad42f9968cfbcc44478 (diff) |
feat: remove signup link from landing pagefeat/drop-signup
We are deprecating webapp based signup. It leads to an
inconsistent state for mail providers and offers no useful
interactions for vpn providers either.
Instead of trying to deal with the halve way signup through
the webapp we require signup through bitmask app which can
also create the pgp keys for email and download and use the
cert for vpn.
In addition this reduces the attack surface for js injection,
phishing and other browser based attacks.
For now we still keep the signup form in case providers link
to it directly. We also keep all the tests based on it. Cleanup
will happen right after 0.10.0 release.
Diffstat (limited to 'test/integration')
-rw-r--r-- | test/integration/browser/account_livecycle_test.rb.orig | 153 |
1 files changed, 0 insertions, 153 deletions
diff --git a/test/integration/browser/account_livecycle_test.rb.orig b/test/integration/browser/account_livecycle_test.rb.orig deleted file mode 100644 index d1f800b..0000000 --- a/test/integration/browser/account_livecycle_test.rb.orig +++ /dev/null @@ -1,153 +0,0 @@ -require 'test_helper' - -class AccountLivecycleTest < BrowserIntegrationTest - - teardown do - Identity.destroy_all_orphaned - end - - test "signup successfully when invited" do - username, password = submit_signup - assert page.has_content?("Welcome #{username}") - click_on 'Log Out' - assert page.has_content?("Log In") - assert_equal '/', current_path - assert user = User.find_by_login(username) - user.account.destroy - end - - test "signup successfully without invitation" do - with_config invite_required: false do - - username ||= "test_#{SecureRandom.urlsafe_base64}".downcase - password ||= SecureRandom.base64 - - visit '/users/new' - fill_in 'Username', with: username - fill_in 'Password', with: password - fill_in 'Password confirmation', with: password - click_on 'Sign Up' - - assert page.has_content?("Welcome #{username}") - end - end - - test "signup with username ending in dot json" do - username = Faker::Internet.user_name + '.json' - submit_signup username - assert page.has_content?("Welcome #{username}") - end - - test "signup with reserved username" do - username = 'certmaster' - submit_signup username - assert page.has_content?("is reserved.") - end - - test "successful login" do - username, password = submit_signup - click_on 'Log Out' - attempt_login(username, password) - assert page.has_content?("Welcome #{username}") - within('.sidenav li.active') do - assert page.has_content?("Overview") - end - User.find_by_login(username).account.destroy - end - - test "failed login" do - visit '/' - attempt_login("username", "wrong password") - assert_invalid_login(page) - end - - test "account destruction" do - username, password = submit_signup - - click_on I18n.t('account_settings') - click_on I18n.t('destroy_my_account') - assert page.has_content?(I18n.t('account_destroyed')) - assert_equal 1, Identity.by_address.key("#{username}@test.me").count - attempt_login(username, password) - assert_invalid_login(page) - end - - test "handle blocked after account destruction" do - username, password = submit_signup - click_on I18n.t('account_settings') - click_on I18n.t('destroy_my_account') - submit_signup(username) - assert page.has_content?('has already been taken') - end - - test "change pgp key" do - with_config user_actions: ['change_pgp_key'] do - pgp_key = FactoryGirl.build :pgp_key - login - click_on "Account Settings" - within('#update_pgp_key') do - fill_in 'Public key', with: pgp_key - click_on 'Save' - end - page.assert_selector 'input[value="Saving..."]' - # at some point we're done: - page.assert_no_selector 'input[value="Saving..."]' - assert page.has_field? 'Public key', with: pgp_key.to_s - @user.reload - assert_equal pgp_key, @user.public_key - end - end - -<<<<<<< HEAD:test/integration/browser/account_livecycle_test.rb -======= - - # trying to seed an invalid A for srp login - test "detects attempt to circumvent SRP" do - InviteCodeValidator.any_instance.stubs(:validate) - - user = FactoryGirl.create :user - visit '/login' - fill_in 'Username', with: user.login - fill_in 'Password', with: "password" - inject_malicious_js - click_on 'Log In' - assert page.has_content?("Invalid random key") - assert page.has_no_content?("Welcome") - user.destroy - end - - test "reports internal server errors" do - Api::UsersController.any_instance.stubs(:create).raises - submit_signup - assert page.has_content?("server failed") - end - - test "does not render signup form without js" do - Capybara.current_driver = :rack_test # no js - visit '/signup' - assert page.has_no_content?("Username") - assert page.has_no_content?("Password") - end - - test "does not render login form without js" do - Capybara.current_driver = :rack_test # no js - visit '/login' - assert page.has_no_content?("Username") - assert page.has_no_content?("Password") - end - ->>>>>>> api: allow version bumping - bump to 2:test/integration/browser/account_test.rb - def attempt_login(username, password) - click_on 'Log In' - fill_in 'Username', with: username - fill_in 'Password', with: password - click_on 'Log In' - end - - def assert_invalid_login(page) - assert page.has_selector? '.btn-primary.disabled' - assert page.has_content? I18n.t(:invalid_user_pass) - assert page.has_no_selector? '.btn-primary.disabled' - end - -end |