summaryrefslogtreecommitdiff
path: root/users/test
AgeCommit message (Collapse)Author
2013-09-05Test of failing to add non-local email address as an identity's address.jessib
2013-09-03Merge pull request #73 from azul/bugfix/3623-teardown-test-data-properlyjessib
Bugfix/3623 teardown test data properly
2013-09-03Merge pull request #75 from azul/feature/token-expiryjessib
Token expiry
2013-09-03Merge pull request #76 from azul/feature/3600-visual-feedback-on-failed-signupjessib
Ensure json requests get json error response on failure
2013-09-03Cleanup sessions controller - webapp logs in through the api.Azul
So the #create and #update actions were not needed anymore. Also removed the tests
2013-09-03Account: Composition to handle User and its identitiesAzul
We have a lot of things that act upon a user record and one or more of it's identities at the same time: * Sing up: Create a user and it's initial identity * Rename: Change the username and create a new identity, turn old into an alias * Cancel Account: Remove user and all their identities. In order to keep the User and Identity behaviour isolated but still have a this logic represented in a sinle place the Account model deals with all these things. We could have overwritten the User#create, User#update and User#destroy methods instead. But then we would always create identities, even if we only need a user (for example in tests).
2013-09-03cleanup records after running user integration testsAzul
2013-09-03simplify users_controller_testAzul
2013-09-03don't leave id records behind when unit testingAzul
2013-09-03expire token according to config setting auth:token_expires_afterAzul
2013-09-03use Token#authenticate for authenticationAzul
This will return the user. But we can add timestamp validations and updates here.
2013-09-03integration test for displaying internal server error during signupAzul
2013-08-30there's no need for User#find_by_param. clean it upAzul
2013-08-27refactor: Changing the py test to use less globals and session only locally.Azul
2013-08-27use token to update user passwordAzul
2013-08-27separate different tests for showing non existant userAzul
This way the failed stubbing errors were more telling
2013-08-27token.user will get you the right userAzul
This way we can stub the token to return the user directly. Stubbing User.find_by_param is not a good idea as it will make all calls to User#find_by_param with a different id fail.
2013-08-27make sure find_record still works with real recordsAzul
2013-08-27clear token on logout with testAzul
2013-08-27basic testing for token based auth in testsAzul
2013-08-27first steps towards enabling token based authAzul
2013-08-27minor: remove puts lineAzul
2013-08-22Merge pull request #69 from azul/bugfix/update_user_password_through_apijessib
Test updating user password through api
2013-08-21use the same login validations on sessions and usersAzul
The session ones were outdated so valid usernames could not login if they contained a '.' Refactored so both models use the same module for this validation to ensure consistency.
2013-08-21also test updating the user password in python against dev.bmAzul
2013-08-21integration test updating users passwordAzul
2013-08-08Merge pull request #64 from azul/feature/identity-rewritejessib
Feature/identity rewrite
2013-08-08close srp vulnerability and report error in webappAzul
2013-08-07integration test exploiting srp vulnerabilityAzul
2013-07-24also destroy the identity for a test user during teardownAzul
2013-07-24keeping the pgp_key accessors for User so views still workAzul
2013-07-24separate signup and settings service objects for userAzul
2013-07-24setter for keys for dirty tracking, more robust testsAzul
Just altering identity.keys did not mark identities as changed. Also we now have a sane default for keys.
2013-07-24test user validates uniqueness of login amongst aliasesAzul
2013-07-24support deprecated API to set users main identity pgp keyAzul
We'll want to get rid of the #public_key and #public_key= functions but they are still used from the users controller. We'll probably have an identity controller instead at some point.
2013-07-24remove email aliases test - we'll move them to identitiesAzul
2013-07-24add keys to identityAzul
2013-07-24allow available and unique forwards onlyAzul
2013-07-24validations of email format and local domain moved overAzul
2013-07-24local email adds domain if neededAzul
2013-07-24testing all versions of emial identities, emails are now stringsAzul
2013-07-24move identity creation into user classAzul
It's always based on a user and most default values are based on user properties.
2013-07-24first take on identity model - still brokenAzul
2013-07-16adapt srp account_flow test for the api to new ruby_srp APIAzul
2013-07-16ensure the page has been reloaded before testing current_pathAzul
This test would fail sometimes on assert_equal '/', current_path I believe it was a timing issue. page.has_content? will wait for the content to show up. So afterwards the current_path should always be correct.
2013-07-15require test_helper from account test so it can be run in isolationAzul
2013-07-14make sure capybara runs the whole rack appAzul
We use port 3003 for the integration test server. This test takes a few seconds (~8) now. Most of this is startup time of the server. A second run still takes 2 seconds like before.
2013-07-14we do not expose M2 in srp.js anymore.Azul
So there is no way to print it. This message used to be correct but there are also other things that can cause this to fail now. So let's just remove it.
2013-07-14js integration test for signup, login, logoutAzul
2013-07-12remove test for duplicate login - we'll prevent that on the client sideAzul
SRP happens in two steps: * handshake * validation During the validation we delete the handshake data from the session. So a second validation does not really work. It could build upon the first one but it would not be able to send M2 to the client. So instead of trying to do sth. usefull when two validation requests are send we require the client to only send one.