summaryrefslogtreecommitdiff
path: root/users/test/integration/browser/account_test.rb
diff options
context:
space:
mode:
authorazul <azul@riseup.net>2014-04-17 10:12:05 +0200
committerazul <azul@riseup.net>2014-04-17 10:12:05 +0200
commit3513ad74f950b113af1ba1e3d06bc6a55c48fde5 (patch)
treedb49ebd4428053d5c8d720275b77594a531a1ad1 /users/test/integration/browser/account_test.rb
parentcb6442c344d6bdaf52c3878b2de2fcf4d85f2648 (diff)
parent3d3688647fab7049e5b531c45b85c1e46a1d528f (diff)
Merge pull request #146 from azul/refactor/engines
Refactor/engines
Diffstat (limited to 'users/test/integration/browser/account_test.rb')
-rw-r--r--users/test/integration/browser/account_test.rb147
1 files changed, 0 insertions, 147 deletions
diff --git a/users/test/integration/browser/account_test.rb b/users/test/integration/browser/account_test.rb
deleted file mode 100644
index a5677ad..0000000
--- a/users/test/integration/browser/account_test.rb
+++ /dev/null
@@ -1,147 +0,0 @@
-require 'test_helper'
-
-class AccountTest < BrowserIntegrationTest
-
- teardown do
- Identity.destroy_all_disabled
- end
-
- test "normal account workflow" do
- username, password = submit_signup
- assert page.has_content?("Welcome #{username}")
- click_on 'Logout'
- assert page.has_content?("Log In")
- assert_equal '/', current_path
- assert user = User.find_by_login(username)
- user.account.destroy
- end
-
- test "successful login" do
- username, password = submit_signup
- click_on 'Logout'
- attempt_login(username, password)
- assert page.has_content?("Welcome #{username}")
- within('.sidenav li.active') do
- assert page.has_content?("Overview")
- end
- User.find_by_login(username).account.destroy
- end
-
- test "failed login" do
- visit '/'
- attempt_login("username", "wrong password")
- assert_invalid_login(page)
- end
-
- test "account destruction" do
- username, password = submit_signup
- click_on I18n.t('account_settings')
- click_on I18n.t('destroy_my_account')
- assert page.has_content?(I18n.t('account_destroyed'))
- attempt_login(username, password)
- assert_invalid_login(page)
- end
-
- test "handle blocked after account destruction" do
- username, password = submit_signup
- click_on I18n.t('account_settings')
- click_on I18n.t('destroy_my_account')
- submit_signup(username)
- assert page.has_content?('has already been taken')
- end
-
- test "default user actions" do
- username, password = submit_signup
- click_on "Account Settings"
- assert page.has_content? I18n.t('destroy_my_account')
- assert page.has_no_css? '#update_login_and_password'
- assert page.has_no_css? '#update_pgp_key'
- end
-
- test "default admin actions" do
- username, password = submit_signup
- with_config admins: [username] do
- click_on "Account Settings"
- assert page.has_content? I18n.t('destroy_my_account')
- assert page.has_no_css? '#update_login_and_password'
- assert page.has_css? '#update_pgp_key'
- end
- end
-
- test "change password" do
- with_config user_actions: ['change_password'] do
- username, password = submit_signup
- click_on "Account Settings"
- within('#update_login_and_password') do
- fill_in 'Password', with: "other password"
- fill_in 'Password confirmation', with: "other password"
- click_on 'Save'
- end
- click_on 'Logout'
- attempt_login(username, "other password")
- assert page.has_content?("Welcome #{username}")
- User.find_by_login(username).account.destroy
- end
- end
-
- test "change pgp key" do
- with_config user_actions: ['change_pgp_key'] do
- pgp_key = FactoryGirl.build :pgp_key
- username, password = submit_signup
- click_on "Account Settings"
- within('#update_pgp_key') do
- fill_in 'Public key', with: pgp_key
- click_on 'Save'
- end
- page.assert_selector 'input[value="Saving..."]'
- # at some point we're done:
- page.assert_no_selector 'input[value="Saving..."]'
- assert page.has_field? 'Public key', with: pgp_key.to_s
- user = User.find_by_login(username)
- assert_equal pgp_key, user.public_key
- user.account.destroy
- end
- end
-
-
- # trying to seed an invalid A for srp login
- test "detects attempt to circumvent SRP" do
- user = FactoryGirl.create :user
- visit '/login'
- fill_in 'Username', with: user.login
- fill_in 'Password', with: "password"
- inject_malicious_js
- click_on 'Log In'
- assert page.has_content?("Invalid random key")
- assert page.has_no_content?("Welcome")
- user.destroy
- end
-
- test "reports internal server errors" do
- V1::UsersController.any_instance.stubs(:create).raises
- submit_signup
- assert page.has_content?("server failed")
- end
-
- def attempt_login(username, password)
- click_on 'Log In'
- fill_in 'Username', with: username
- fill_in 'Password', with: password
- click_on 'Log In'
- end
-
- def assert_invalid_login(page)
- assert page.has_selector? 'input.btn-primary.disabled'
- assert page.has_content? I18n.t(:invalid_user_pass)
- assert page.has_no_selector? 'input.btn-primary.disabled'
- end
-
- def inject_malicious_js
- page.execute_script <<-EOJS
- var calc = new srp.Calculate();
- calc.A = function(_a) {return "00";};
- calc.S = calc.A;
- srp.session = new srp.Session(null, calc);
- EOJS
- end
-end