summaryrefslogtreecommitdiff
path: root/users/test/functional
diff options
context:
space:
mode:
Diffstat (limited to 'users/test/functional')
-rw-r--r--users/test/functional/application_controller_test.rb28
-rw-r--r--users/test/functional/helper_methods_test.rb39
-rw-r--r--users/test/functional/sessions_controller_test.rb95
-rw-r--r--users/test/functional/users_controller_test.rb121
4 files changed, 221 insertions, 62 deletions
diff --git a/users/test/functional/application_controller_test.rb b/users/test/functional/application_controller_test.rb
new file mode 100644
index 0000000..857bae5
--- /dev/null
+++ b/users/test/functional/application_controller_test.rb
@@ -0,0 +1,28 @@
+require 'test_helper'
+
+class ApplicationControllerTest < ActionController::TestCase
+
+ def setup
+ # so we can test the effect on the response
+ @controller.response = @response
+ end
+
+ def test_authorize_redirect
+ @controller.send(:authorize)
+ assert_access_denied
+ end
+
+ def test_authorized
+ login
+ @controller.send(:authorize)
+ assert_access_denied(false)
+ end
+
+ def test_authorize_admin
+ login
+ @current_user.expects(:is_admin?).returns(false)
+ @controller.send(:authorize_admin)
+ assert_access_denied
+ end
+
+end
diff --git a/users/test/functional/helper_methods_test.rb b/users/test/functional/helper_methods_test.rb
new file mode 100644
index 0000000..2b2375c
--- /dev/null
+++ b/users/test/functional/helper_methods_test.rb
@@ -0,0 +1,39 @@
+#
+# Testing and documenting the helper methods available from
+# ApplicationController
+#
+
+require 'test_helper'
+
+class HelperMethodsTest < ActionController::TestCase
+ tests ApplicationController
+
+ # we test them right in here...
+ include ApplicationController._helpers
+
+ # they all reference the controller.
+ def controller
+ @controller
+ end
+
+ def test_current_user
+ login
+ assert_equal @current_user, current_user
+ end
+
+ def test_logged_in
+ login
+ assert logged_in?
+ end
+
+ def test_logged_out
+ assert !logged_in?
+ end
+
+ def test_admin
+ login
+ @current_user.expects(:is_admin?).returns(bool = stub)
+ assert_equal bool, admin?
+ end
+
+end
diff --git a/users/test/functional/sessions_controller_test.rb b/users/test/functional/sessions_controller_test.rb
index b6e56a7..9df4455 100644
--- a/users/test/functional/sessions_controller_test.rb
+++ b/users/test/functional/sessions_controller_test.rb
@@ -1,79 +1,72 @@
require 'test_helper'
+# This is a simple controller unit test.
+# We're stubbing out both warden and srp.
+# There's an integration test testing the full rack stack and srp
class SessionsControllerTest < ActionController::TestCase
- def setup
+ setup do
+ @user = stub :login => "me", :id => 123
@client_hex = 'a123'
- @client_rnd = @client_hex.hex
- @server_hex = 'b123'
- @server_rnd = @server_hex.hex
- @server_rnd_exp = 'e123'.hex
- @salt = 'stub user salt'
- @server_handshake = stub :aa => @client_rnd, :bb => @server_rnd, :b => @server_rnd_exp
- @server_auth = 'adfe'
end
test "should get login screen" do
+ request.env['warden'].expects(:winning_strategy)
get :new
assert_response :success
+ assert_equal "text/html", response.content_type
+ assert_template "sessions/new"
end
- test "should perform handshake" do
- user = stub :login => "me", :id => 123
- user.expects(:initialize_auth).
- with(@client_rnd).
- returns(@server_handshake)
- @server_handshake.expects(:to_json).
- returns({'B' => @server_hex, 'salt' => @salt}.to_json)
- User.expects(:find_by_param).with(user.login).returns(user)
- post :create, :login => user.login, 'A' => @client_hex
- assert_equal @server_handshake, session[:handshake]
+ test "renders json" do
+ request.env['warden'].expects(:winning_strategy)
+ get :new, :format => :json
assert_response :success
- assert_json_response :B => @server_hex, :salt => @salt
+ assert_json_error nil
end
- test "should report user not found" do
- unknown = "login_that_does_not_exist"
- User.expects(:find_by_param).with(unknown).raises(RECORD_NOT_FOUND)
- post :create, :login => unknown
- assert_response :success
- assert_json_response :errors => {"login" => ["unknown user"]}
+ test "renders warden errors" do
+ strategy = stub :message => {:field => :translate_me}
+ request.env['warden'].stubs(:winning_strategy).returns(strategy)
+ I18n.expects(:t).with(:translate_me).at_least_once.returns("translation stub")
+ get :new, :format => :json
+ assert_response 422
+ assert_json_error :field => "translation stub"
end
- test "should authorize" do
- session[:handshake] = @server_handshake
- user = stub :login => "me", :id => 123
- @server_handshake.expects(:authenticate!).
- with(@client_rnd).
- returns(@server_auth)
- @server_handshake.expects(:to_json).
- returns({:M2 => @server_auth}.to_json)
- User.expects(:find_by_param).with(user.login).returns(user)
- post :update, :id => user.login, :client_auth => @client_hex
- assert_nil session[:handshake]
- assert_json_response :M2 => @server_auth
- assert_equal user.id, session[:user_id]
+ # Warden takes care of parsing the params and
+ # rendering the response. So not much to test here.
+ test "should perform handshake" do
+ request.env['warden'].expects(:authenticate!)
+ # make sure we don't get a template missing error:
+ @controller.stubs(:render)
+ post :create, :login => @user.login, 'A' => @client_hex
end
- test "should report wrong password" do
- session[:handshake] = @server_handshake
- user = stub :login => "me", :id => 123
- @server_handshake.expects(:authenticate!).
- with(@client_rnd).
- raises(WRONG_PASSWORD)
- User.expects(:find_by_param).with(user.login).returns(user)
- post :update, :id => user.login, :client_auth => @client_hex
+ test "should authorize" do
+ request.env['warden'].expects(:authenticate!)
+ handshake = stub(:to_json => "JSON")
+ session[:handshake] = handshake
+ post :update, :id => @user.login, :client_auth => @client_hex
assert_nil session[:handshake]
- assert_nil session[:user_id]
- assert_json_response :errors => {"password" => ["wrong password"]}
+ assert_response :success
+ assert_equal handshake.to_json, @response.body
end
- test "logout should reset sessions user_id" do
- session[:user_id] = "set"
+ test "logout should reset warden user" do
+ expect_warden_logout
delete :destroy
- assert_nil session[:user_id]
assert_response :redirect
assert_redirected_to root_url
end
+ def expect_warden_logout
+ raw = mock('raw session') do
+ expects(:inspect)
+ end
+ request.env['warden'].expects(:raw_session).returns(raw)
+ request.env['warden'].expects(:logout)
+ end
+
+
end
diff --git a/users/test/functional/users_controller_test.rb b/users/test/functional/users_controller_test.rb
index 1cb28a6..939d105 100644
--- a/users/test/functional/users_controller_test.rb
+++ b/users/test/functional/users_controller_test.rb
@@ -1,33 +1,132 @@
require 'test_helper'
class UsersControllerTest < ActionController::TestCase
+ include StubRecordHelper
+
test "should get new" do
get :new
+
assert_equal User, assigns(:user).class
assert_response :success
end
test "should create new user" do
- params = User.valid_attributes_hash
- user = stub params.merge(:id => 123)
- params.stringify_keys!
- User.expects(:create!).with(params).returns(user)
- post :create, :user => params
+ user = stub_record User
+ User.expects(:create).with(user.params).returns(user)
+
+ post :create, :user => user.params, :format => :json
+
assert_nil session[:user_id]
- assert_response :redirect
- assert_redirected_to root_url
+ assert_json_response user
+ assert_response :success
end
test "should redirect to signup form on failed attempt" do
params = User.valid_attributes_hash.slice(:login)
user = User.new(params)
params.stringify_keys!
- User.expects(:create!).with(params).raises(VALIDATION_FAILED.new(user))
- post :create, :user => params
- assert_nil session[:user_id]
+ assert !user.valid?
+ User.expects(:create).with(params).returns(user)
+
+ post :create, :user => params, :format => :json
+
+ assert_json_error user.errors.messages
+ assert_response 422
+ end
+
+ test "should get edit view" do
+ user = find_record User
+
+ login user
+ get :edit, :id => user.id
+
assert_equal user, assigns[:user]
+ end
+
+ test "should process updated params" do
+ user = find_record User
+ user.expects(:update_attributes).with(user.params).returns(true)
+
+ login user
+ put :update, :user => user.params, :id => user.id, :format => :json
+
+ assert_equal user, assigns[:user]
+ assert_response 204
+ assert_equal " ", @response.body
+ end
+
+ test "admin can update user" do
+ user = find_record User
+ user.expects(:update_attributes).with(user.params).returns(true)
+
+ login :is_admin? => true
+ put :update, :user => user.params, :id => user.id, :format => :json
+
+ assert_equal user, assigns[:user]
+ assert_response 204
+ assert_equal " ", @response.body
+ end
+
+ test "admin can destroy user" do
+ user = find_record User
+ user.expects(:destroy)
+
+ login :is_admin? => true
+ delete :destroy, :id => user.id
+
+ assert_response :redirect
+ assert_redirected_to users_path
+ end
+
+ test "user can cancel account" do
+ user = find_record User
+ user.expects(:destroy)
+
+ login user
+ delete :destroy, :id => @current_user.id
+
assert_response :redirect
- assert_redirected_to new_user_path
+ assert_redirected_to login_path
+ end
+
+ test "non-admin can't destroy user" do
+ user = stub_record User
+
+ login
+ delete :destroy, :id => user.id
+
+ assert_access_denied
+ end
+
+ test "admin can list users" do
+ login :is_admin? => true
+ get :index
+
+ assert_response :success
+ assert assigns(:users)
+ end
+
+ test "non-admin can't list users" do
+ login
+ get :index
+
+ assert_access_denied
+ end
+
+ test "admin can autocomplete users" do
+ login :is_admin? => true
+ get :index, :format => :json
+
+ assert_response :success
+ assert assigns(:users)
+ end
+
+ test "admin can search users" do
+ login :is_admin? => true
+ get :index, :query => "a"
+
+ assert_response :success
+ assert assigns(:users)
end
end