summaryrefslogtreecommitdiff
path: root/test/integration
AgeCommit message (Collapse)Author
2017-10-24fix: sanity checks on user paramsAzul
fixes #8801 Includes a test reproducing 500 on lynx We now make use of ActionController::Parameters require and permit methods.
2017-10-16fix: login error message with locale setAzul
On a failed login the warden failure app gets called. Some of the params are changed accordingly but controller and action remain. set_locale would detect there was no locale in the path and thus attempt to redirect. However the params still belong to the previous request which was a POST to Api::SessionsController. This route does not respond to get requests and so it would trigger a 404 in production and a 500 in development. This commit prevents set_locale to act upon warden failure app controller calls by adding /new to the list of `NON_LOCALE_PATHS`. (The path is updated by warden to the name of the action called in the failure app). A test is included in this commit that tries to login with an invalid username, password combination and a german locale set. fixes #8805
2017-08-15remove merge cruftelijah
2017-08-15use i18n for login testelijah
2017-04-20fix: set token in forms correctlyAzul
We now use the hash of the token for comparison and as the id. In order to use it you need the original token though. So forms and thus the session should have token.to_s rather than token.id.
2017-04-03feature: delete user clearing usernameAzul
2017-03-27upgrade: simple_form to bootstrap 3Azul
* reran the simple form initializer. * wrapped submit buttons are now broken and need a fix. * disabled confirmation validation in client side validations as the error message always is attached to the wrong field.
2017-03-23bugfix: handle couch 404sAzul
our special error handler for json requests would turn all exceptions into 500s - removed it. now the rescue_responses can do their thing again.
2017-03-20fix: 404 for missing pages template - fixes #9Azul
2017-03-20test: 404 response for missing keyAzul
enable testing error responses on the full rack stack.
2017-03-20bugfix: format: html for home rootsAzul
That's the only thing the controller handles meaningful. Before the route would also catch anything that started with a . interpreting it as a format string. This lead to lots of false positives in our security scanner.
2017-03-10Adds recovery code to user accountThais Siqueira
Related with https://github.com/pixelated/pixelated-user-agent/issues/924 With @aarni
2016-08-19respond_to on a per controller basisAzul
If you inherit respond to and call it again in your controller it will not overwrite the previous but add to it. Since we always have some exceptions from the rules it's probably easiest to be explicit in the controllers that require it themselves.
2016-07-14[feature] restrict is_admin in the user api, to only allow queryingNavaL
for him/herself So that it we do not expose the is_admin property to anyone else including other admins.
2016-07-14Merge branch 'develop' of https://github.com/leapcode/leap_web into ↵NavaL
feature/expose_admin_in_api
2016-06-22[feature] expose is_admin in the user apiNavaL
So that whoever consumes the API can use this attribute to determine if admin functionalities should be made available to the current user.
2016-05-23move signup from users to account_controllerAzul
There was a lot of special case handling going on in the users_controller for this. Lot simpler this way.
2016-05-21tests: reset I18n.locale after locale_path_testAzul
Otherwise this will mess up other tests.
2016-05-20include engine tests in default testAzul
2016-05-18api: allow version bumping - bump to 2Azul
2016-05-02upgrade: unique test namesAzul
Rails 4.2 runs all tests mixed together. So unit tests and integration tests may not have conflicting names.
2016-05-02split up integration account testAzul
AccountLivecycleTest -> CRUD accounts SecurityTest -> security specific tests AdminTest -> admin specific tests
2016-03-28api: added get(:show) to identities and users, allow monitors to ↵elijah
create/delete test & tmp users.
2016-03-28api tokens - clarify terms: "monitors" are admins that authenticated via api ↵elijah
token, "tmp" users are users that exist only in tmp db, "test" users are either tmp users or users named "test_user_x"
2016-03-28api tokens: allow for special api tokens that work like session tokens but ↵elijah
are configured in the static config, to be used for infrastructure monitoring.
2016-02-10allow user accounts to be re-enabled, and for associated identities to also ↵elijah
get re-enabled.
2015-09-28Make invite code configurableankonym
Through the config param 'invite_required', providers can decide whether users need to provide an invite code upon signup. The default setting is false.
2015-09-28Fix the remaining failures/errors in our testsankonym
Handing freshly generated invite codes to Factory Girl to make the tests pass
2015-09-28Fix several test failures by stubbing invite code validationankonym
2015-09-28Remove change password browser testankonym
Remove the change password test because the change password functionality is currently unused - however, it breaks with the new invite code field in the signup form.
2015-09-28Added an 'invite code' to all the tests for the sign-up form so we have a ↵Aya Jaff
valid user for the tests again
2015-07-14fix i18n testselijah
2015-03-17Better error message when a database is missing (very useful for nagios tests)elijah
2015-03-17add support for rotating tokens and sessions databases, and for a special ↵elijah
tmp db for test users.
2015-01-28client certificates: allow for time units to be specified in ↵elijah
client_cert_lifespan config option.
2014-07-17clean up error assertions in testsAzul
We're not testing the redirects anymore. But the error messages should be pretty clear already. We can start testing redirects again once we redirect to different places for different actions.
2014-07-14clean up and simplify error responses and test codeAzul
2014-07-12fix tests and simplify time calculationsAzul
2014-07-09list identities based on search onlyAzul
2014-07-05Enable unblocking handles in identities tabAzul
There's an identities tab now for admins that will allow unblocking blocked handles. It should be easy to expand for aliases and forwards and other types of actions such as editing.
2014-05-30Merge pull request #167 from azul/feature/i18n-for-ticket-system0.5.2-rcazul
Feature/i18n for ticket system
2014-05-29clearify identity validationsAzul
Identity.new.valid? should not crash. So validate presence where needed and skip the other validations if the value is absent.
2014-05-28ensure identity is cleared on user.reload - fixes testAzul
2014-05-28use Identity for testing login availabilityAzul
We create an identity alongside each user. Make sure the identity is valid when creating the user. This also ensures that the login picked is available because otherwise the identities address would not be available anymore.
2014-05-26sorting translation keys someAzul
2014-05-26Merge pull request #163 from azul/feature/3398-save-hashed-tokenazul
hash token with sha512 against timing attacs #3398
2014-05-26hash token with sha512 against timing attacs #3398Azul
2014-05-26change from GET to POST for certsAzul
We create them. let's reflect that in the verb.
2014-05-19store fingerprints with timestampAzul
Only storing the date as that should suffice for normal expiry and is less useful for identifying users by timestamps
2014-05-19store cert fingerprint with main user identityAzul