diff options
Diffstat (limited to 'users')
| -rw-r--r-- | users/app/controllers/email_aliases_controller.rb | 12 | ||||
| -rw-r--r-- | users/app/controllers/sessions_controller.rb | 10 | ||||
| -rw-r--r-- | users/app/controllers/v1/users_controller.rb | 1 | ||||
| -rw-r--r-- | users/config/routes.rb | 1 | ||||
| -rw-r--r-- | users/test/functional/sessions_controller_test.rb | 21 | ||||
| -rw-r--r-- | users/test/integration/browser/account_test.rb | 25 |
6 files changed, 19 insertions, 51 deletions
diff --git a/users/app/controllers/email_aliases_controller.rb b/users/app/controllers/email_aliases_controller.rb deleted file mode 100644 index c90432f..0000000 --- a/users/app/controllers/email_aliases_controller.rb +++ /dev/null @@ -1,12 +0,0 @@ -class EmailAliasesController < UsersBaseController - before_filter :fetch_user - - def destroy - @alias = @user.email_aliases.delete(params[:id]) - if @user.save - flash[:notice] = t(:email_alias_destroyed_successfully, :alias => bold(@alias)) - end - redirect_to edit_user_email_settings_path(@user) #TODO: this path doesn't exist. will want to add path for identities controller - end - -end diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index d6c455b..0494b51 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -8,16 +8,6 @@ class SessionsController < ApplicationController end end - def create - logout if logged_in? - authenticate! - end - - def update - authenticate! - render :json => session.delete(:handshake) - end - def destroy logout redirect_to root_path diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb index f380c19..4f82572 100644 --- a/users/app/controllers/v1/users_controller.rb +++ b/users/app/controllers/v1/users_controller.rb @@ -8,6 +8,7 @@ module V1 respond_to :json + # used for autocomplete for admins in the web ui def index if params[:query] @users = User.by_login.startkey(params[:query]).endkey(params[:query].succ) diff --git a/users/config/routes.rb b/users/config/routes.rb index d4d5933..ccecfd5 100644 --- a/users/config/routes.rb +++ b/users/config/routes.rb @@ -10,7 +10,6 @@ Rails.application.routes.draw do get "login" => "sessions#new", :as => "login" delete "logout" => "sessions#destroy", :as => "logout" - resources :sessions, :only => [:new, :create, :update] get "signup" => "users#new", :as => "signup" resources :users, :except => [:create, :update] do diff --git a/users/test/functional/sessions_controller_test.rb b/users/test/functional/sessions_controller_test.rb index b22c3a3..a630e6e 100644 --- a/users/test/functional/sessions_controller_test.rb +++ b/users/test/functional/sessions_controller_test.rb @@ -41,27 +41,6 @@ class SessionsControllerTest < ActionController::TestCase assert_json_error :login => I18n.t(:all_strategies_failed) end - # Warden takes care of parsing the params and - # rendering the response. So not much to test here. - test "should perform handshake" do - request.env['warden'].expects(:authenticate!) - # make sure we don't get a template missing error: - @controller.stubs(:render) - post :create, :login => @user.login, 'A' => @client_hex - end - - test "should authorize" do - request.env['warden'].expects(:authenticate!) - handshake = stub(:to_json => "JSON") - session[:handshake] = handshake - - post :update, :id => @user.login, :client_auth => @client_hex - - assert_nil session[:handshake] - assert_response :success - assert_json_response handshake - end - test "logout should reset warden user" do expect_warden_logout delete :destroy diff --git a/users/test/integration/browser/account_test.rb b/users/test/integration/browser/account_test.rb index b412980..f3a78ed 100644 --- a/users/test/integration/browser/account_test.rb +++ b/users/test/integration/browser/account_test.rb @@ -7,13 +7,7 @@ class AccountTest < BrowserIntegrationTest end test "normal account workflow" do - username = "test_#{SecureRandom.urlsafe_base64}".downcase - password = SecureRandom.base64 - visit '/users/new' - fill_in 'Username', with: username - fill_in 'Password', with: password - fill_in 'Password confirmation', with: password - click_on 'Sign Up' + username, password = submit_signup assert page.has_content?("Welcome #{username}") click_on 'Logout' assert page.has_content?("Sign Up") @@ -32,6 +26,23 @@ class AccountTest < BrowserIntegrationTest assert page.has_no_content?("Welcome") end + test "reports internal server errors" do + V1::UsersController.any_instance.stubs(:create).raises + submit_signup + assert page.has_content?("server failed") + end + + def submit_signup + username = "test_#{SecureRandom.urlsafe_base64}".downcase + password = SecureRandom.base64 + visit '/users/new' + fill_in 'Username', with: username + fill_in 'Password', with: password + fill_in 'Password confirmation', with: password + click_on 'Sign Up' + return username, password + end + def inject_malicious_js page.execute_script <<-EOJS var calc = new srp.Calculate(); |