split up integration account test

AccountLivecycleTest -> CRUD accounts
SecurityTest -> security specific tests
AdminTest -> admin specific tests

3 files changed, 71 insertions, 63 deletions

diff --git a/test/integration/browser/account_test.rb b/test/integration/browser/account_livecycle_test.rb
index 50adb23..604f456 100644
--- a/test/integration/browser/account_test.rb
+++ b/test/integration/browser/account_livecycle_test.rb
@@ -1,6 +1,6 @@
 require 'test_helper'
 
-class AccountTest < BrowserIntegrationTest
+class AccountLivecycleTest < BrowserIntegrationTest
 
   teardown do
     Identity.destroy_all_orphaned
@@ -80,24 +80,6 @@ class AccountTest < BrowserIntegrationTest
     assert page.has_content?('has already been taken')
   end
 
-  test "default user actions" do
-    login
-    click_on "Account Settings"
-    assert page.has_content? I18n.t('destroy_my_account')
-    assert page.has_no_css? '#update_login_and_password'
-    assert page.has_no_css? '#update_pgp_key'
-  end
-
-  test "default admin actions" do
-    login
-    with_config admins: [@user.login] do
-      click_on "Account Settings"
-      assert page.has_content? I18n.t('destroy_my_account')
-      assert page.has_no_css? '#update_login_and_password'
-      assert page.has_css? '#update_pgp_key'
-    end
-  end
-
   test "change pgp key" do
     with_config user_actions: ['change_pgp_key'] do
       pgp_key = FactoryGirl.build :pgp_key
@@ -116,42 +98,6 @@ class AccountTest < BrowserIntegrationTest
     end
   end
 
-
-  # trying to seed an invalid A for srp login
-  test "detects attempt to circumvent SRP" do
-    InviteCodeValidator.any_instance.stubs(:validate)
-
-    user = FactoryGirl.create :user
-    visit '/login'
-    fill_in 'Username', with: user.login
-    fill_in 'Password', with: "password"
-    inject_malicious_js
-    click_on 'Log In'
-    assert page.has_content?("Invalid random key")
-    assert page.has_no_content?("Welcome")
-    user.destroy
-  end
-
-  test "reports internal server errors" do
-    V1::UsersController.any_instance.stubs(:create).raises
-    submit_signup
-    assert page.has_content?("server failed")
-  end
-
-  test "does not render signup form without js" do
-    Capybara.current_driver = :rack_test # no js
-    visit '/signup'
-    assert page.has_no_content?("Username")
-    assert page.has_no_content?("Password")
-  end
-
-  test "does not render login form without js" do
-    Capybara.current_driver = :rack_test # no js
-    visit '/login'
-    assert page.has_no_content?("Username")
-    assert page.has_no_content?("Password")
-  end
-
   def attempt_login(username, password)
     click_on 'Log In'
     fill_in 'Username', with: username
@@ -165,12 +111,4 @@ class AccountTest < BrowserIntegrationTest
     assert page.has_no_selector? '.btn-primary.disabled'
   end
 
-  def inject_malicious_js
-    page.execute_script <<-EOJS
-      var calc = new srp.Calculate();
-      calc.A = function(_a) {return "00";};
-      calc.S = calc.A;
-      srp.session = new srp.Session(null, calc);
-    EOJS
-  end
 end
diff --git a/test/integration/browser/admin_test.rb b/test/integration/browser/admin_test.rb
index 902c981..0b43c29 100644
--- a/test/integration/browser/admin_test.rb
+++ b/test/integration/browser/admin_test.rb
@@ -2,6 +2,24 @@ require 'test_helper'
 
 class AdminTest < BrowserIntegrationTest
 
+  test "default user actions" do
+    login
+    click_on "Account Settings"
+    assert page.has_content? I18n.t('destroy_my_account')
+    assert page.has_no_css? '#update_login_and_password'
+    assert page.has_no_css? '#update_pgp_key'
+  end
+
+  test "default admin actions" do
+    login
+    with_config admins: [@user.login] do
+      click_on "Account Settings"
+      assert page.has_content? I18n.t('destroy_my_account')
+      assert page.has_no_css? '#update_login_and_password'
+      assert page.has_css? '#update_pgp_key'
+    end
+  end
+
   test "clear blocked handle" do
     id = FactoryGirl.create :identity
     submit_signup(id.login)
diff --git a/test/integration/browser/security_test.rb b/test/integration/browser/security_test.rb
new file mode 100644
index 0000000..c13acd8
--- /dev/null
+++ b/test/integration/browser/security_test.rb
@@ -0,0 +1,52 @@
+require 'test_helper'
+
+class SecurityTest < BrowserIntegrationTest
+
+  teardown do
+    Identity.destroy_all_orphaned
+  end
+
+  # trying to seed an invalid A for srp login
+  test "detects attempt to circumvent SRP" do
+    InviteCodeValidator.any_instance.stubs(:validate)
+
+    user = FactoryGirl.create :user
+    visit '/login'
+    fill_in 'Username', with: user.login
+    fill_in 'Password', with: "password"
+    inject_malicious_js
+    click_on 'Log In'
+    assert page.has_content?("Invalid random key")
+    assert page.has_no_content?("Welcome")
+    user.destroy
+  end
+
+  test "reports internal server errors" do
+    V1::UsersController.any_instance.stubs(:create).raises
+    submit_signup
+    assert page.has_content?("server failed")
+  end
+
+  test "does not render signup form without js" do
+    Capybara.current_driver = :rack_test # no js
+    visit '/signup'
+    assert page.has_no_content?("Username")
+    assert page.has_no_content?("Password")
+  end
+
+  test "does not render login form without js" do
+    Capybara.current_driver = :rack_test # no js
+    visit '/login'
+    assert page.has_no_content?("Username")
+    assert page.has_no_content?("Password")
+  end
+
+  def inject_malicious_js
+    page.execute_script <<-EOJS
+      var calc = new srp.Calculate();
+      calc.A = function(_a) {return "00";};
+      calc.S = calc.A;
+      srp.session = new srp.Session(null, calc);
+    EOJS
+  end
+end