diff options
Diffstat (limited to 'users/test/functional')
-rw-r--r-- | users/test/functional/application_controller_test.rb | 28 | ||||
-rw-r--r-- | users/test/functional/helper_methods_test.rb | 39 | ||||
-rw-r--r-- | users/test/functional/sessions_controller_test.rb | 95 | ||||
-rw-r--r-- | users/test/functional/users_controller_test.rb | 121 |
4 files changed, 221 insertions, 62 deletions
diff --git a/users/test/functional/application_controller_test.rb b/users/test/functional/application_controller_test.rb new file mode 100644 index 0000000..857bae5 --- /dev/null +++ b/users/test/functional/application_controller_test.rb @@ -0,0 +1,28 @@ +require 'test_helper' + +class ApplicationControllerTest < ActionController::TestCase + + def setup + # so we can test the effect on the response + @controller.response = @response + end + + def test_authorize_redirect + @controller.send(:authorize) + assert_access_denied + end + + def test_authorized + login + @controller.send(:authorize) + assert_access_denied(false) + end + + def test_authorize_admin + login + @current_user.expects(:is_admin?).returns(false) + @controller.send(:authorize_admin) + assert_access_denied + end + +end diff --git a/users/test/functional/helper_methods_test.rb b/users/test/functional/helper_methods_test.rb new file mode 100644 index 0000000..2b2375c --- /dev/null +++ b/users/test/functional/helper_methods_test.rb @@ -0,0 +1,39 @@ +# +# Testing and documenting the helper methods available from +# ApplicationController +# + +require 'test_helper' + +class HelperMethodsTest < ActionController::TestCase + tests ApplicationController + + # we test them right in here... + include ApplicationController._helpers + + # they all reference the controller. + def controller + @controller + end + + def test_current_user + login + assert_equal @current_user, current_user + end + + def test_logged_in + login + assert logged_in? + end + + def test_logged_out + assert !logged_in? + end + + def test_admin + login + @current_user.expects(:is_admin?).returns(bool = stub) + assert_equal bool, admin? + end + +end diff --git a/users/test/functional/sessions_controller_test.rb b/users/test/functional/sessions_controller_test.rb index b6e56a7..9df4455 100644 --- a/users/test/functional/sessions_controller_test.rb +++ b/users/test/functional/sessions_controller_test.rb @@ -1,79 +1,72 @@ require 'test_helper' +# This is a simple controller unit test. +# We're stubbing out both warden and srp. +# There's an integration test testing the full rack stack and srp class SessionsControllerTest < ActionController::TestCase - def setup + setup do + @user = stub :login => "me", :id => 123 @client_hex = 'a123' - @client_rnd = @client_hex.hex - @server_hex = 'b123' - @server_rnd = @server_hex.hex - @server_rnd_exp = 'e123'.hex - @salt = 'stub user salt' - @server_handshake = stub :aa => @client_rnd, :bb => @server_rnd, :b => @server_rnd_exp - @server_auth = 'adfe' end test "should get login screen" do + request.env['warden'].expects(:winning_strategy) get :new assert_response :success + assert_equal "text/html", response.content_type + assert_template "sessions/new" end - test "should perform handshake" do - user = stub :login => "me", :id => 123 - user.expects(:initialize_auth). - with(@client_rnd). - returns(@server_handshake) - @server_handshake.expects(:to_json). - returns({'B' => @server_hex, 'salt' => @salt}.to_json) - User.expects(:find_by_param).with(user.login).returns(user) - post :create, :login => user.login, 'A' => @client_hex - assert_equal @server_handshake, session[:handshake] + test "renders json" do + request.env['warden'].expects(:winning_strategy) + get :new, :format => :json assert_response :success - assert_json_response :B => @server_hex, :salt => @salt + assert_json_error nil end - test "should report user not found" do - unknown = "login_that_does_not_exist" - User.expects(:find_by_param).with(unknown).raises(RECORD_NOT_FOUND) - post :create, :login => unknown - assert_response :success - assert_json_response :errors => {"login" => ["unknown user"]} + test "renders warden errors" do + strategy = stub :message => {:field => :translate_me} + request.env['warden'].stubs(:winning_strategy).returns(strategy) + I18n.expects(:t).with(:translate_me).at_least_once.returns("translation stub") + get :new, :format => :json + assert_response 422 + assert_json_error :field => "translation stub" end - test "should authorize" do - session[:handshake] = @server_handshake - user = stub :login => "me", :id => 123 - @server_handshake.expects(:authenticate!). - with(@client_rnd). - returns(@server_auth) - @server_handshake.expects(:to_json). - returns({:M2 => @server_auth}.to_json) - User.expects(:find_by_param).with(user.login).returns(user) - post :update, :id => user.login, :client_auth => @client_hex - assert_nil session[:handshake] - assert_json_response :M2 => @server_auth - assert_equal user.id, session[:user_id] + # Warden takes care of parsing the params and + # rendering the response. So not much to test here. + test "should perform handshake" do + request.env['warden'].expects(:authenticate!) + # make sure we don't get a template missing error: + @controller.stubs(:render) + post :create, :login => @user.login, 'A' => @client_hex end - test "should report wrong password" do - session[:handshake] = @server_handshake - user = stub :login => "me", :id => 123 - @server_handshake.expects(:authenticate!). - with(@client_rnd). - raises(WRONG_PASSWORD) - User.expects(:find_by_param).with(user.login).returns(user) - post :update, :id => user.login, :client_auth => @client_hex + test "should authorize" do + request.env['warden'].expects(:authenticate!) + handshake = stub(:to_json => "JSON") + session[:handshake] = handshake + post :update, :id => @user.login, :client_auth => @client_hex assert_nil session[:handshake] - assert_nil session[:user_id] - assert_json_response :errors => {"password" => ["wrong password"]} + assert_response :success + assert_equal handshake.to_json, @response.body end - test "logout should reset sessions user_id" do - session[:user_id] = "set" + test "logout should reset warden user" do + expect_warden_logout delete :destroy - assert_nil session[:user_id] assert_response :redirect assert_redirected_to root_url end + def expect_warden_logout + raw = mock('raw session') do + expects(:inspect) + end + request.env['warden'].expects(:raw_session).returns(raw) + request.env['warden'].expects(:logout) + end + + end diff --git a/users/test/functional/users_controller_test.rb b/users/test/functional/users_controller_test.rb index 1cb28a6..939d105 100644 --- a/users/test/functional/users_controller_test.rb +++ b/users/test/functional/users_controller_test.rb @@ -1,33 +1,132 @@ require 'test_helper' class UsersControllerTest < ActionController::TestCase + include StubRecordHelper + test "should get new" do get :new + assert_equal User, assigns(:user).class assert_response :success end test "should create new user" do - params = User.valid_attributes_hash - user = stub params.merge(:id => 123) - params.stringify_keys! - User.expects(:create!).with(params).returns(user) - post :create, :user => params + user = stub_record User + User.expects(:create).with(user.params).returns(user) + + post :create, :user => user.params, :format => :json + assert_nil session[:user_id] - assert_response :redirect - assert_redirected_to root_url + assert_json_response user + assert_response :success end test "should redirect to signup form on failed attempt" do params = User.valid_attributes_hash.slice(:login) user = User.new(params) params.stringify_keys! - User.expects(:create!).with(params).raises(VALIDATION_FAILED.new(user)) - post :create, :user => params - assert_nil session[:user_id] + assert !user.valid? + User.expects(:create).with(params).returns(user) + + post :create, :user => params, :format => :json + + assert_json_error user.errors.messages + assert_response 422 + end + + test "should get edit view" do + user = find_record User + + login user + get :edit, :id => user.id + assert_equal user, assigns[:user] + end + + test "should process updated params" do + user = find_record User + user.expects(:update_attributes).with(user.params).returns(true) + + login user + put :update, :user => user.params, :id => user.id, :format => :json + + assert_equal user, assigns[:user] + assert_response 204 + assert_equal " ", @response.body + end + + test "admin can update user" do + user = find_record User + user.expects(:update_attributes).with(user.params).returns(true) + + login :is_admin? => true + put :update, :user => user.params, :id => user.id, :format => :json + + assert_equal user, assigns[:user] + assert_response 204 + assert_equal " ", @response.body + end + + test "admin can destroy user" do + user = find_record User + user.expects(:destroy) + + login :is_admin? => true + delete :destroy, :id => user.id + + assert_response :redirect + assert_redirected_to users_path + end + + test "user can cancel account" do + user = find_record User + user.expects(:destroy) + + login user + delete :destroy, :id => @current_user.id + assert_response :redirect - assert_redirected_to new_user_path + assert_redirected_to login_path + end + + test "non-admin can't destroy user" do + user = stub_record User + + login + delete :destroy, :id => user.id + + assert_access_denied + end + + test "admin can list users" do + login :is_admin? => true + get :index + + assert_response :success + assert assigns(:users) + end + + test "non-admin can't list users" do + login + get :index + + assert_access_denied + end + + test "admin can autocomplete users" do + login :is_admin? => true + get :index, :format => :json + + assert_response :success + assert assigns(:users) + end + + test "admin can search users" do + login :is_admin? => true + get :index, :query => "a" + + assert_response :success + assert assigns(:users) end end |