diff options
-rw-r--r-- | Gemfile | 2 | ||||
-rw-r--r-- | Gemfile.lock | 6 | ||||
-rw-r--r-- | test/integration/api/login_test.rb | 4 | ||||
-rw-r--r-- | test/integration/browser/account_livecycle_test.rb | 4 | ||||
-rw-r--r-- | test/integration/browser/account_livecycle_test.rb.orig | 153 |
5 files changed, 6 insertions, 163 deletions
@@ -87,7 +87,7 @@ group :production do end group :development do - gem "better_errors" + # gem "better_errors" << currently incompatible with haml gem "binding_of_caller" end diff --git a/Gemfile.lock b/Gemfile.lock index 0ac293b..8a2abc2 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -65,10 +65,6 @@ GEM arel (6.0.4) autoprefixer-rails (7.1.2.4) execjs - better_errors (2.3.0) - coderay (>= 1.0.0) - erubi (>= 1.0.0) - rack (>= 0.9.0) binding_of_caller (0.7.2) debug_inspector (>= 0.0.1) bootstrap-sass (3.3.7) @@ -130,7 +126,6 @@ GEM domain_name (0.5.20170404) unf (>= 0.0.5, < 1.0.0) equalizer (0.0.11) - erubi (1.6.1) erubis (2.7.0) execjs (2.7.0) factory_girl (4.8.0) @@ -351,7 +346,6 @@ PLATFORMS DEPENDENCIES SyslogLogger (~> 2.0) - better_errors binding_of_caller bootstrap-sass byebug diff --git a/test/integration/api/login_test.rb b/test/integration/api/login_test.rb index 22047bc..97e0ff6 100644 --- a/test/integration/api/login_test.rb +++ b/test/integration/api/login_test.rb @@ -22,7 +22,7 @@ class LoginTest < SrpTest test "wrong password login attempt" do authenticate password: "wrong password" - assert_json_error "base" => "Not a valid username/password combination" + assert_json_error "base" => I18n.t(:invalid_user_pass) assert !last_response.successful? assert_nil server_auth["M2"] end @@ -31,7 +31,7 @@ class LoginTest < SrpTest assert_raises RECORD_NOT_FOUND do authenticate login: "wrong login" end - assert_json_error "base" => "Not a valid username/password combination" + assert_json_error "base" => I18n.t(:invalid_user_pass) assert !last_response.successful? assert_nil server_auth end diff --git a/test/integration/browser/account_livecycle_test.rb b/test/integration/browser/account_livecycle_test.rb index 694ff9c..cfab444 100644 --- a/test/integration/browser/account_livecycle_test.rb +++ b/test/integration/browser/account_livecycle_test.rb @@ -2,6 +2,8 @@ require 'test_helper' class AccountLivecycleTest < BrowserIntegrationTest + include ActionView::Helpers::SanitizeHelper + teardown do Identity.destroy_all_orphaned end @@ -115,7 +117,7 @@ class AccountLivecycleTest < BrowserIntegrationTest def assert_invalid_login(page) assert page.has_selector? '.btn-primary.disabled' - assert page.has_content? I18n.t(:invalid_user_pass) + assert page.has_content? sanitize(I18n.t(:invalid_user_pass), tags: []) assert page.has_no_selector? '.btn-primary.disabled' end diff --git a/test/integration/browser/account_livecycle_test.rb.orig b/test/integration/browser/account_livecycle_test.rb.orig deleted file mode 100644 index d1f800b..0000000 --- a/test/integration/browser/account_livecycle_test.rb.orig +++ /dev/null @@ -1,153 +0,0 @@ -require 'test_helper' - -class AccountLivecycleTest < BrowserIntegrationTest - - teardown do - Identity.destroy_all_orphaned - end - - test "signup successfully when invited" do - username, password = submit_signup - assert page.has_content?("Welcome #{username}") - click_on 'Log Out' - assert page.has_content?("Log In") - assert_equal '/', current_path - assert user = User.find_by_login(username) - user.account.destroy - end - - test "signup successfully without invitation" do - with_config invite_required: false do - - username ||= "test_#{SecureRandom.urlsafe_base64}".downcase - password ||= SecureRandom.base64 - - visit '/users/new' - fill_in 'Username', with: username - fill_in 'Password', with: password - fill_in 'Password confirmation', with: password - click_on 'Sign Up' - - assert page.has_content?("Welcome #{username}") - end - end - - test "signup with username ending in dot json" do - username = Faker::Internet.user_name + '.json' - submit_signup username - assert page.has_content?("Welcome #{username}") - end - - test "signup with reserved username" do - username = 'certmaster' - submit_signup username - assert page.has_content?("is reserved.") - end - - test "successful login" do - username, password = submit_signup - click_on 'Log Out' - attempt_login(username, password) - assert page.has_content?("Welcome #{username}") - within('.sidenav li.active') do - assert page.has_content?("Overview") - end - User.find_by_login(username).account.destroy - end - - test "failed login" do - visit '/' - attempt_login("username", "wrong password") - assert_invalid_login(page) - end - - test "account destruction" do - username, password = submit_signup - - click_on I18n.t('account_settings') - click_on I18n.t('destroy_my_account') - assert page.has_content?(I18n.t('account_destroyed')) - assert_equal 1, Identity.by_address.key("#{username}@test.me").count - attempt_login(username, password) - assert_invalid_login(page) - end - - test "handle blocked after account destruction" do - username, password = submit_signup - click_on I18n.t('account_settings') - click_on I18n.t('destroy_my_account') - submit_signup(username) - assert page.has_content?('has already been taken') - end - - test "change pgp key" do - with_config user_actions: ['change_pgp_key'] do - pgp_key = FactoryGirl.build :pgp_key - login - click_on "Account Settings" - within('#update_pgp_key') do - fill_in 'Public key', with: pgp_key - click_on 'Save' - end - page.assert_selector 'input[value="Saving..."]' - # at some point we're done: - page.assert_no_selector 'input[value="Saving..."]' - assert page.has_field? 'Public key', with: pgp_key.to_s - @user.reload - assert_equal pgp_key, @user.public_key - end - end - -<<<<<<< HEAD:test/integration/browser/account_livecycle_test.rb -======= - - # trying to seed an invalid A for srp login - test "detects attempt to circumvent SRP" do - InviteCodeValidator.any_instance.stubs(:validate) - - user = FactoryGirl.create :user - visit '/login' - fill_in 'Username', with: user.login - fill_in 'Password', with: "password" - inject_malicious_js - click_on 'Log In' - assert page.has_content?("Invalid random key") - assert page.has_no_content?("Welcome") - user.destroy - end - - test "reports internal server errors" do - Api::UsersController.any_instance.stubs(:create).raises - submit_signup - assert page.has_content?("server failed") - end - - test "does not render signup form without js" do - Capybara.current_driver = :rack_test # no js - visit '/signup' - assert page.has_no_content?("Username") - assert page.has_no_content?("Password") - end - - test "does not render login form without js" do - Capybara.current_driver = :rack_test # no js - visit '/login' - assert page.has_no_content?("Username") - assert page.has_no_content?("Password") - end - ->>>>>>> api: allow version bumping - bump to 2:test/integration/browser/account_test.rb - def attempt_login(username, password) - click_on 'Log In' - fill_in 'Username', with: username - fill_in 'Password', with: password - click_on 'Log In' - end - - def assert_invalid_login(page) - assert page.has_selector? '.btn-primary.disabled' - assert page.has_content? I18n.t(:invalid_user_pass) - assert page.has_no_selector? '.btn-primary.disabled' - end - -end |