From 0c79df9874c59fbaa5c845e07d8fa1b4bbc23b9c Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Thu, 11 Oct 2012 17:11:32 +0200
Subject: use ruby-srp 0.1.3 which returns the user on authenticate call

Also removed a few hooks to User.current. Will replace with current_user
---
 users/test/functional/sessions_controller_test.rb | 20 ++++++++------------
 1 file changed, 8 insertions(+), 12 deletions(-)

(limited to 'users/test')

diff --git a/users/test/functional/sessions_controller_test.rb b/users/test/functional/sessions_controller_test.rb
index b6e56a7..47d7052 100644
--- a/users/test/functional/sessions_controller_test.rb
+++ b/users/test/functional/sessions_controller_test.rb
@@ -3,6 +3,7 @@ require 'test_helper'
 class SessionsControllerTest < ActionController::TestCase
 
   def setup
+    @user = stub :login => "me", :id => 123
     @client_hex = 'a123'
     @client_rnd = @client_hex.hex
     @server_hex = 'b123'
@@ -19,14 +20,13 @@ class SessionsControllerTest < ActionController::TestCase
   end
 
   test "should perform handshake" do
-    user = stub :login => "me", :id => 123
-    user.expects(:initialize_auth).
+    @user.expects(:initialize_auth).
       with(@client_rnd).
       returns(@server_handshake)
     @server_handshake.expects(:to_json).
      returns({'B' => @server_hex, 'salt' => @salt}.to_json)
-    User.expects(:find_by_param).with(user.login).returns(user)
-    post :create, :login => user.login, 'A' => @client_hex
+    User.expects(:find_by_param).with(@user.login).returns(@user)
+    post :create, :login => @user.login, 'A' => @client_hex
     assert_equal @server_handshake, session[:handshake]
     assert_response :success
     assert_json_response :B => @server_hex, :salt => @salt
@@ -42,27 +42,23 @@ class SessionsControllerTest < ActionController::TestCase
 
   test "should authorize" do
     session[:handshake] = @server_handshake
-    user = stub :login => "me", :id => 123
     @server_handshake.expects(:authenticate!).
       with(@client_rnd).
-      returns(@server_auth)
+      returns(@user)
     @server_handshake.expects(:to_json).
       returns({:M2 => @server_auth}.to_json)
-    User.expects(:find_by_param).with(user.login).returns(user)
-    post :update, :id => user.login, :client_auth => @client_hex
+    post :update, :id => @user.login, :client_auth => @client_hex
     assert_nil session[:handshake]
     assert_json_response :M2 => @server_auth
-    assert_equal user.id, session[:user_id]
+    assert_equal @user.id, session[:user_id]
   end
 
   test "should report wrong password" do
     session[:handshake] = @server_handshake
-    user = stub :login => "me", :id => 123
     @server_handshake.expects(:authenticate!).
       with(@client_rnd).
       raises(WRONG_PASSWORD)
-    User.expects(:find_by_param).with(user.login).returns(user)
-    post :update, :id => user.login, :client_auth => @client_hex
+    post :update, :id => @user.login, :client_auth => @client_hex
     assert_nil session[:handshake]
     assert_nil session[:user_id]
     assert_json_response :errors => {"password" => ["wrong password"]}
-- 
cgit v1.2.3


From 3e0a1a47c0eafb7f9b79e5f2765ea33ce1ad159b Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Wed, 24 Oct 2012 20:35:52 +0200
Subject: basic admin controller methods and helpers + tests

---
 .../test/functional/application_controller_test.rb | 44 ++++++++++++++++++++
 users/test/functional/helper_methods_test.rb       | 48 ++++++++++++++++++++++
 users/test/support/auth_test_helper.rb             |  7 ++++
 users/test/test_helper.rb                          |  3 ++
 4 files changed, 102 insertions(+)
 create mode 100644 users/test/functional/application_controller_test.rb
 create mode 100644 users/test/functional/helper_methods_test.rb
 create mode 100644 users/test/support/auth_test_helper.rb

(limited to 'users/test')

diff --git a/users/test/functional/application_controller_test.rb b/users/test/functional/application_controller_test.rb
new file mode 100644
index 0000000..d13a354
--- /dev/null
+++ b/users/test/functional/application_controller_test.rb
@@ -0,0 +1,44 @@
+require 'test_helper'
+
+class ApplicationControllerTest < ActionController::TestCase
+
+  def setup
+    @user_id = stub
+    @user = stub
+    session[:user_id] = @user_id
+    # so we can test the effect on the response
+    @controller.response = @response
+  end
+
+  def test_authorize_redirect
+    session[:user_id] = nil
+    @controller.send(:authorize)
+    assert_access_denied
+  end
+
+  def test_current_user_with_caching
+    User.expects(:find).once.with(@user_id).returns(@user)
+    assert_equal @user, @controller.send(:current_user)
+    assert_equal @user, @controller.send(:current_user) # tests caching
+  end
+
+  def test_authorized
+    User.expects(:find).once.with(@user_id).returns(@user)
+    @controller.send(:authorize)
+  end
+
+  def test_admin
+    bool = stub
+    User.expects(:find).once.with(@user_id).returns(@user)
+    @user.expects(:is_admin?).returns(bool)
+    assert_equal bool, @controller.send(:admin?)
+  end
+
+  def test_authorize_admin
+    User.expects(:find).once.with(@user_id).returns(@user)
+    @user.expects(:is_admin?).returns(false)
+    @controller.send(:authorize_admin)
+    assert_access_denied
+  end
+
+end
diff --git a/users/test/functional/helper_methods_test.rb b/users/test/functional/helper_methods_test.rb
new file mode 100644
index 0000000..0d76f63
--- /dev/null
+++ b/users/test/functional/helper_methods_test.rb
@@ -0,0 +1,48 @@
+#
+# Testing and documenting the helper methods available from
+# ApplicationController
+#
+
+require 'test_helper'
+
+class HelperMethodsTest < ActionController::TestCase
+  tests ApplicationController
+
+  # we test them right in here...
+  include ApplicationController._helpers
+
+  # they all reference the controller.
+  def controller
+    @controller
+  end
+
+  def setup
+    @user_id = stub
+    @user = stub
+    session[:user_id] = @user_id
+  end
+
+  def test_current_user_with_caching
+    User.expects(:find).once.with(@user_id).returns(@user)
+    assert_equal @user, current_user
+    assert_equal @user, current_user # tests caching
+  end
+
+  def test_logged_in
+    User.expects(:find).once.with(@user_id).returns(@user)
+    assert logged_in?
+  end
+
+  def test_logged_in
+    User.expects(:find).once.with(@user_id).returns(nil)
+    assert !logged_in?
+  end
+
+  def test_admin
+    bool = stub
+    User.expects(:find).once.with(@user_id).returns(@user)
+    @user.expects(:is_admin?).returns(bool)
+    assert_equal bool, admin?
+  end
+
+end
diff --git a/users/test/support/auth_test_helper.rb b/users/test/support/auth_test_helper.rb
new file mode 100644
index 0000000..c30421f
--- /dev/null
+++ b/users/test/support/auth_test_helper.rb
@@ -0,0 +1,7 @@
+module AuthTestHelper
+
+  def assert_access_denied
+    assert_equal({:alert => "Not authorized"}, flash.to_hash)
+    assert_redirected_to login_path
+  end
+end
diff --git a/users/test/test_helper.rb b/users/test/test_helper.rb
index 08d4d41..ae6a35c 100644
--- a/users/test/test_helper.rb
+++ b/users/test/test_helper.rb
@@ -8,3 +8,6 @@ Rails.backtrace_cleaner.remove_silencers!
 # Load support files
 Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
 
+class ActionController::TestCase
+  include AuthTestHelper
+end
-- 
cgit v1.2.3


From b724d53b36878c96d30676c22ee4e4369dcc37f8 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Wed, 24 Oct 2012 20:41:30 +0200
Subject: Extraction of test support methods

---
 .../test/functional/application_controller_test.rb | 14 ++++++-------
 users/test/functional/helper_methods_test.rb       | 16 +++++----------
 users/test/support/auth_test_helper.rb             | 24 +++++++++++++++++++---
 3 files changed, 32 insertions(+), 22 deletions(-)

(limited to 'users/test')

diff --git a/users/test/functional/application_controller_test.rb b/users/test/functional/application_controller_test.rb
index d13a354..4397e1d 100644
--- a/users/test/functional/application_controller_test.rb
+++ b/users/test/functional/application_controller_test.rb
@@ -3,39 +3,37 @@ require 'test_helper'
 class ApplicationControllerTest < ActionController::TestCase
 
   def setup
-    @user_id = stub
-    @user = stub
-    session[:user_id] = @user_id
     # so we can test the effect on the response
     @controller.response = @response
   end
 
   def test_authorize_redirect
-    session[:user_id] = nil
+    stub_logged_out
     @controller.send(:authorize)
     assert_access_denied
   end
 
   def test_current_user_with_caching
-    User.expects(:find).once.with(@user_id).returns(@user)
+    @user = stub_logged_in
     assert_equal @user, @controller.send(:current_user)
     assert_equal @user, @controller.send(:current_user) # tests caching
   end
 
   def test_authorized
-    User.expects(:find).once.with(@user_id).returns(@user)
+    @user = stub_logged_in
     @controller.send(:authorize)
+    assert_access_denied(false)
   end
 
   def test_admin
     bool = stub
-    User.expects(:find).once.with(@user_id).returns(@user)
+    @user = stub_logged_in
     @user.expects(:is_admin?).returns(bool)
     assert_equal bool, @controller.send(:admin?)
   end
 
   def test_authorize_admin
-    User.expects(:find).once.with(@user_id).returns(@user)
+    @user = stub_logged_in
     @user.expects(:is_admin?).returns(false)
     @controller.send(:authorize_admin)
     assert_access_denied
diff --git a/users/test/functional/helper_methods_test.rb b/users/test/functional/helper_methods_test.rb
index 0d76f63..c0eaf61 100644
--- a/users/test/functional/helper_methods_test.rb
+++ b/users/test/functional/helper_methods_test.rb
@@ -16,31 +16,25 @@ class HelperMethodsTest < ActionController::TestCase
     @controller
   end
 
-  def setup
-    @user_id = stub
-    @user = stub
-    session[:user_id] = @user_id
-  end
-
   def test_current_user_with_caching
-    User.expects(:find).once.with(@user_id).returns(@user)
+    @user = stub_logged_in
     assert_equal @user, current_user
     assert_equal @user, current_user # tests caching
   end
 
   def test_logged_in
-    User.expects(:find).once.with(@user_id).returns(@user)
+    @user = stub_logged_in
     assert logged_in?
   end
 
-  def test_logged_in
-    User.expects(:find).once.with(@user_id).returns(nil)
+  def test_logged_out
+    stub_logged_out
     assert !logged_in?
   end
 
   def test_admin
     bool = stub
-    User.expects(:find).once.with(@user_id).returns(@user)
+    @user = stub_logged_in
     @user.expects(:is_admin?).returns(bool)
     assert_equal bool, admin?
   end
diff --git a/users/test/support/auth_test_helper.rb b/users/test/support/auth_test_helper.rb
index c30421f..d5d52b1 100644
--- a/users/test/support/auth_test_helper.rb
+++ b/users/test/support/auth_test_helper.rb
@@ -1,7 +1,25 @@
 module AuthTestHelper
 
-  def assert_access_denied
-    assert_equal({:alert => "Not authorized"}, flash.to_hash)
-    assert_redirected_to login_path
+  def stub_logged_in
+    @user_id = stub
+    @user = stub
+    session[:user_id] = @user_id
+    User.expects(:find).once.with(@user_id).returns(@user)
+    return @user
+  end
+
+  def stub_logged_out
+    @user_id = stub
+    session[:user_id] = @user_id
+    User.expects(:find).once.with(@user_id).returns(nil)
+  end
+
+  def assert_access_denied(denied = true)
+    if denied
+      assert_equal({:alert => "Not authorized"}, flash.to_hash)
+      assert_redirected_to login_path
+    else
+      assert flash[:alert].blank?
+    end
   end
 end
-- 
cgit v1.2.3


From 2c2a80812818362d0e0c416deefd4aee2787dd9e Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Wed, 24 Oct 2012 20:50:40 +0200
Subject: removing duplicate testing of helper_methods

* once tested as helper
* once tested as @controller.send...
---
 users/test/functional/application_controller_test.rb | 13 -------------
 1 file changed, 13 deletions(-)

(limited to 'users/test')

diff --git a/users/test/functional/application_controller_test.rb b/users/test/functional/application_controller_test.rb
index 4397e1d..69bcb2f 100644
--- a/users/test/functional/application_controller_test.rb
+++ b/users/test/functional/application_controller_test.rb
@@ -13,25 +13,12 @@ class ApplicationControllerTest < ActionController::TestCase
     assert_access_denied
   end
 
-  def test_current_user_with_caching
-    @user = stub_logged_in
-    assert_equal @user, @controller.send(:current_user)
-    assert_equal @user, @controller.send(:current_user) # tests caching
-  end
-
   def test_authorized
     @user = stub_logged_in
     @controller.send(:authorize)
     assert_access_denied(false)
   end
 
-  def test_admin
-    bool = stub
-    @user = stub_logged_in
-    @user.expects(:is_admin?).returns(bool)
-    assert_equal bool, @controller.send(:admin?)
-  end
-
   def test_authorize_admin
     @user = stub_logged_in
     @user.expects(:is_admin?).returns(false)
-- 
cgit v1.2.3


From 5c6395d8b1a8c7cf540dae9fdd37f3e68554215c Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Sun, 4 Nov 2012 16:24:35 +0100
Subject: fixing tests, including support files from all engines

---
 users/test/integration/api/account_flow_test.rb | 2 +-
 users/test/support/auth_test_helper.rb          | 4 ++++
 users/test/test_helper.rb                       | 4 ----
 users/test/unit/user_test.rb                    | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

(limited to 'users/test')

diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index 66de1e5..5800d46 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -39,7 +39,7 @@ class AccountFlowTest < ActionDispatch::IntegrationTest
   end
 
   test "signup response" do
-    assert_json_response @user_params.slice(:login, :password_salt)
+    assert_json_response :login => @login, :ok => true
     assert_response :success
   end
 
diff --git a/users/test/support/auth_test_helper.rb b/users/test/support/auth_test_helper.rb
index d5d52b1..9412058 100644
--- a/users/test/support/auth_test_helper.rb
+++ b/users/test/support/auth_test_helper.rb
@@ -23,3 +23,7 @@ module AuthTestHelper
     end
   end
 end
+
+class ActionController::TestCase
+  include AuthTestHelper
+end
diff --git a/users/test/test_helper.rb b/users/test/test_helper.rb
index ae6a35c..e8f0125 100644
--- a/users/test/test_helper.rb
+++ b/users/test/test_helper.rb
@@ -7,7 +7,3 @@ Rails.backtrace_cleaner.remove_silencers!
 
 # Load support files
 Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
-
-class ActionController::TestCase
-  include AuthTestHelper
-end
diff --git a/users/test/unit/user_test.rb b/users/test/unit/user_test.rb
index 822ef33..f057ca7 100644
--- a/users/test/unit/user_test.rb
+++ b/users/test/unit/user_test.rb
@@ -19,7 +19,7 @@ class UserTest < ActiveSupport::TestCase
   end
 
   test "test require alphanumerical for login" do
-    @user.login = "qwär"
+    @user.login = "qw#r"
     assert !@user.valid?
   end
 
-- 
cgit v1.2.3


From e1fc3f4850ee73e0591bd67a92b104db4f63e4cb Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Sun, 4 Nov 2012 21:01:27 +0100
Subject: stubbing current_user the warden way

---
 .../test/functional/application_controller_test.rb  |  7 +++----
 users/test/functional/helper_methods_test.rb        | 15 ++++++---------
 users/test/integration/api/account_flow_test.rb     |  4 ++--
 users/test/support/auth_test_helper.rb              | 21 +++++++++++----------
 4 files changed, 22 insertions(+), 25 deletions(-)

(limited to 'users/test')

diff --git a/users/test/functional/application_controller_test.rb b/users/test/functional/application_controller_test.rb
index 69bcb2f..857bae5 100644
--- a/users/test/functional/application_controller_test.rb
+++ b/users/test/functional/application_controller_test.rb
@@ -8,20 +8,19 @@ class ApplicationControllerTest < ActionController::TestCase
   end
 
   def test_authorize_redirect
-    stub_logged_out
     @controller.send(:authorize)
     assert_access_denied
   end
 
   def test_authorized
-    @user = stub_logged_in
+    login
     @controller.send(:authorize)
     assert_access_denied(false)
   end
 
   def test_authorize_admin
-    @user = stub_logged_in
-    @user.expects(:is_admin?).returns(false)
+    login
+    @current_user.expects(:is_admin?).returns(false)
     @controller.send(:authorize_admin)
     assert_access_denied
   end
diff --git a/users/test/functional/helper_methods_test.rb b/users/test/functional/helper_methods_test.rb
index c0eaf61..2b2375c 100644
--- a/users/test/functional/helper_methods_test.rb
+++ b/users/test/functional/helper_methods_test.rb
@@ -16,26 +16,23 @@ class HelperMethodsTest < ActionController::TestCase
     @controller
   end
 
-  def test_current_user_with_caching
-    @user = stub_logged_in
-    assert_equal @user, current_user
-    assert_equal @user, current_user # tests caching
+  def test_current_user
+    login
+    assert_equal @current_user, current_user
   end
 
   def test_logged_in
-    @user = stub_logged_in
+    login
     assert logged_in?
   end
 
   def test_logged_out
-    stub_logged_out
     assert !logged_in?
   end
 
   def test_admin
-    bool = stub
-    @user = stub_logged_in
-    @user.expects(:is_admin?).returns(bool)
+    login
+    @current_user.expects(:is_admin?).returns(bool = stub)
     assert_equal bool, admin?
   end
 
diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index 5800d46..69e0599 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -4,7 +4,7 @@ class AccountFlowTest < ActionDispatch::IntegrationTest
 
   # this test wraps the api and implements the interface the ruby-srp client.
   def handshake(login, aa)
-    post "sessions", :login => login, 'A' => aa.to_s(16)
+    post "sessions", :login => login, 'A' => aa.to_s(16), :format => :json
     assert_response :success
     response = JSON.parse(@response.body)
     if response['errors']
@@ -15,7 +15,7 @@ class AccountFlowTest < ActionDispatch::IntegrationTest
   end
 
   def validate(m)
-    put "sessions/" + @login, :client_auth => m.to_s(16)
+    put "sessions/" + @login, :client_auth => m.to_s(16), :format => :json
     assert_response :success
     return JSON.parse(@response.body)
   end
diff --git a/users/test/support/auth_test_helper.rb b/users/test/support/auth_test_helper.rb
index 9412058..f211597 100644
--- a/users/test/support/auth_test_helper.rb
+++ b/users/test/support/auth_test_helper.rb
@@ -1,17 +1,18 @@
 module AuthTestHelper
+  extend ActiveSupport::Concern
 
-  def stub_logged_in
-    @user_id = stub
-    @user = stub
-    session[:user_id] = @user_id
-    User.expects(:find).once.with(@user_id).returns(@user)
-    return @user
+  # Controller will fetch current user from warden.
+  # Make it pick up our current_user
+  included do
+    setup do
+      request.env['warden'] ||= stub :user => nil
+    end
   end
 
-  def stub_logged_out
-    @user_id = stub
-    session[:user_id] = @user_id
-    User.expects(:find).once.with(@user_id).returns(nil)
+  def login(user = nil)
+    @current_user = user || stub
+    request.env['warden'] = stub :user => @current_user
+    return @current_user
   end
 
   def assert_access_denied(denied = true)
-- 
cgit v1.2.3


From ef90c45998b33ba8606c3786875e21496ace4686 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Sun, 4 Nov 2012 22:14:13 +0100
Subject: fixed functional tests

---
 users/test/functional/sessions_controller_test.rb | 85 +++++++++++------------
 users/test/integration/api/account_flow_test.rb   |  7 +-
 2 files changed, 45 insertions(+), 47 deletions(-)

(limited to 'users/test')

diff --git a/users/test/functional/sessions_controller_test.rb b/users/test/functional/sessions_controller_test.rb
index 47d7052..4bad12f 100644
--- a/users/test/functional/sessions_controller_test.rb
+++ b/users/test/functional/sessions_controller_test.rb
@@ -2,74 +2,67 @@ require 'test_helper'
 
 class SessionsControllerTest < ActionController::TestCase
 
-  def setup
+  setup do
     @user = stub :login => "me", :id => 123
     @client_hex = 'a123'
-    @client_rnd = @client_hex.hex
-    @server_hex = 'b123'
-    @server_rnd = @server_hex.hex
-    @server_rnd_exp = 'e123'.hex
-    @salt = 'stub user salt'
-    @server_handshake = stub :aa => @client_rnd, :bb => @server_rnd, :b => @server_rnd_exp
-    @server_auth = 'adfe'
   end
 
   test "should get login screen" do
+    request.env['warden'].expects(:winning_strategy)
     get :new
     assert_response :success
+    assert_equal "text/html", response.content_type
+    assert_template "sessions/new"
   end
 
-  test "should perform handshake" do
-    @user.expects(:initialize_auth).
-      with(@client_rnd).
-      returns(@server_handshake)
-    @server_handshake.expects(:to_json).
-     returns({'B' => @server_hex, 'salt' => @salt}.to_json)
-    User.expects(:find_by_param).with(@user.login).returns(@user)
-    post :create, :login => @user.login, 'A' => @client_hex
-    assert_equal @server_handshake, session[:handshake]
+  test "renders json" do
+    request.env['warden'].expects(:winning_strategy)
+    get :new, :format => :json
     assert_response :success
-    assert_json_response :B => @server_hex, :salt => @salt
+    assert_json_response :errors => nil
   end
 
-  test "should report user not found" do
-    unknown = "login_that_does_not_exist"
-    User.expects(:find_by_param).with(unknown).raises(RECORD_NOT_FOUND)
-    post :create, :login => unknown
+  test "renders warden errors" do
+    strategy = stub :message => "Warden auth did not work"
+    request.env['warden'].expects(:winning_strategy).returns(strategy)
+    get :new, :format => :json
     assert_response :success
-    assert_json_response :errors => {"login" => ["unknown user"]}
+    assert_json_response :errors => strategy.message
   end
 
-  test "should authorize" do
-    session[:handshake] = @server_handshake
-    @server_handshake.expects(:authenticate!).
-      with(@client_rnd).
-      returns(@user)
-    @server_handshake.expects(:to_json).
-      returns({:M2 => @server_auth}.to_json)
-    post :update, :id => @user.login, :client_auth => @client_hex
-    assert_nil session[:handshake]
-    assert_json_response :M2 => @server_auth
-    assert_equal @user.id, session[:user_id]
+  test "should perform handshake" do
+    assert_raises ActionView::MissingTemplate do
+      request.env['warden'].expects(:authenticate!)
+      post :create, :login => @user.login, 'A' => @client_hex
+      assert params['A']
+      assert params['login']
+    end
   end
 
-  test "should report wrong password" do
-    session[:handshake] = @server_handshake
-    @server_handshake.expects(:authenticate!).
-      with(@client_rnd).
-      raises(WRONG_PASSWORD)
-    post :update, :id => @user.login, :client_auth => @client_hex
-    assert_nil session[:handshake]
-    assert_nil session[:user_id]
-    assert_json_response :errors => {"password" => ["wrong password"]}
+  test "should authorize" do
+    assert_raises ActionView::MissingTemplate do
+      request.env['warden'].expects(:authenticate!)
+      session[:handshake] = stub
+      post :update, :id => @user.login, :client_auth => @client_hex
+      assert params['client_auth']
+      assert session[:handshake]
+    end
   end
 
-  test "logout should reset sessions user_id" do
-    session[:user_id] = "set"
+  test "logout should reset warden user" do
+    expect_warden_logout
     delete :destroy
-    assert_nil session[:user_id]
     assert_response :redirect
     assert_redirected_to root_url
   end
 
+  def expect_warden_logout
+    raw = mock('raw session') do
+      expects(:inspect)
+    end
+    request.env['warden'].expects(:raw_session).returns(raw)
+    request.env['warden'].expects(:logout)
+  end
+
+
 end
diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index 69e0599..dc475b5 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -1,6 +1,11 @@
 require 'test_helper'
 
 class AccountFlowTest < ActionDispatch::IntegrationTest
+  include Warden::Test::Helpers
+
+  def teardown
+    Warden.test_reset!
+  end
 
   # this test wraps the api and implements the interface the ruby-srp client.
   def handshake(login, aa)
@@ -52,7 +57,7 @@ class AccountFlowTest < ActionDispatch::IntegrationTest
   test "signup and wrong password login attempt" do
     srp = SRP::Client.new(@login, "wrong password")
     server_auth = srp.authenticate(self)
-    assert_equal ["wrong password"], server_auth["errors"]['password']
+    assert_equal "Could not log in", server_auth["errors"]['password']
     assert_nil server_auth["M2"]
   end
 
-- 
cgit v1.2.3


From da2804c8f8a800851fa1863f579e2b8e9a57b4cc Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Tue, 6 Nov 2012 11:51:10 +0100
Subject: first steps towards warden srp testing

---
 users/test/integration/api/account_flow_test.rb    | 26 ++++++---
 .../warden_strategy_secure_remote_password_test.rb | 61 ++++++++++++++++++++++
 2 files changed, 79 insertions(+), 8 deletions(-)
 create mode 100644 users/test/unit/warden_strategy_secure_remote_password_test.rb

(limited to 'users/test')

diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index dc475b5..4dcca24 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -1,7 +1,16 @@
 require 'test_helper'
 
-class AccountFlowTest < ActionDispatch::IntegrationTest
+CONFIG_RU = (Rails.root + 'config.ru').to_s
+OUTER_APP = Rack::Builder.parse_file(CONFIG_RU).first
+
+class AccountFlowTest < ActiveSupport::TestCase
+  include Rack::Test::Methods
   include Warden::Test::Helpers
+  include LeapWebCore::AssertResponses
+
+  def app
+    OUTER_APP
+  end
 
   def teardown
     Warden.test_reset!
@@ -9,9 +18,9 @@ class AccountFlowTest < ActionDispatch::IntegrationTest
 
   # this test wraps the api and implements the interface the ruby-srp client.
   def handshake(login, aa)
-    post "sessions", :login => login, 'A' => aa.to_s(16), :format => :json
-    assert_response :success
-    response = JSON.parse(@response.body)
+    post "/sessions.json", :login => login, 'A' => aa.to_s(16), :format => :json
+    assert last_response.successful?
+    response = JSON.parse(last_response.body)
     if response['errors']
       raise RECORD_NOT_FOUND.new(response['errors'])
     else
@@ -20,9 +29,10 @@ class AccountFlowTest < ActionDispatch::IntegrationTest
   end
 
   def validate(m)
-    put "sessions/" + @login, :client_auth => m.to_s(16), :format => :json
-    assert_response :success
-    return JSON.parse(@response.body)
+    debugger
+    put "/sessions/" + @login + '.json', :client_auth => m.to_s(16), :format => :json
+    assert last_response.successful?
+    return JSON.parse(last_response.body)
   end
 
   def setup
@@ -45,7 +55,7 @@ class AccountFlowTest < ActionDispatch::IntegrationTest
 
   test "signup response" do
     assert_json_response :login => @login, :ok => true
-    assert_response :success
+    assert last_response.successful?
   end
 
   test "signup and login with srp via api" do
diff --git a/users/test/unit/warden_strategy_secure_remote_password_test.rb b/users/test/unit/warden_strategy_secure_remote_password_test.rb
new file mode 100644
index 0000000..ee68fe7
--- /dev/null
+++ b/users/test/unit/warden_strategy_secure_remote_password_test.rb
@@ -0,0 +1,61 @@
+class WardenStrategySecureRemotePasswordTest < ActiveSupport::TestCase
+
+  setup do
+    @user = stub :login => "me", :id => 123
+    @client_hex = 'a123'
+    @client_rnd = @client_hex.hex
+    @server_hex = 'b123'
+    @server_rnd = @server_hex.hex
+    @server_rnd_exp = 'e123'.hex
+    @salt = 'stub user salt'
+    @server_handshake = stub :aa => @client_rnd, :bb => @server_rnd, :b => @server_rnd_exp
+    @server_auth = 'adfe'
+  end
+
+
+  test "should perform handshake" do
+    @user.expects(:initialize_auth).
+      with(@client_rnd).
+      returns(@server_handshake)
+    @server_handshake.expects(:to_json).
+     returns({'B' => @server_hex, 'salt' => @salt}.to_json)
+    User.expects(:find_by_param).with(@user.login).returns(@user)
+    assert_equal @server_handshake, session[:handshake]
+    assert_response :success
+    assert_json_response :B => @server_hex, :salt => @salt
+  end
+
+  test "should report user not found" do
+    unknown = "login_that_does_not_exist"
+    User.expects(:find_by_param).with(unknown).raises(RECORD_NOT_FOUND)
+    post :create, :login => unknown
+    assert_response :success
+    assert_json_response :errors => {"login" => ["unknown user"]}
+  end
+
+  test "should authorize" do
+    session[:handshake] = @server_handshake
+    @server_handshake.expects(:authenticate!).
+      with(@client_rnd).
+      returns(@user)
+    @server_handshake.expects(:to_json).
+      returns({:M2 => @server_auth}.to_json)
+    post :update, :id => @user.login, :client_auth => @client_hex
+    assert_nil session[:handshake]
+    assert_json_response :M2 => @server_auth
+    assert_equal @user.id, session[:user_id]
+  end
+
+  test "should report wrong password" do
+    session[:handshake] = @server_handshake
+    @server_handshake.expects(:authenticate!).
+      with(@client_rnd).
+      raises(WRONG_PASSWORD)
+    post :update, :id => @user.login, :client_auth => @client_hex
+    assert_nil session[:handshake]
+    assert_nil session[:user_id]
+    assert_json_response :errors => {"password" => ["wrong password"]}
+  end
+
+
+end
-- 
cgit v1.2.3


From 63c5b2cafdefbd9b13297faa57ee2f18a5c07bf5 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Fri, 9 Nov 2012 16:05:22 +0100
Subject: got integration test and login flow to work

---
 users/test/integration/api/account_flow_test.rb | 1 -
 1 file changed, 1 deletion(-)

(limited to 'users/test')

diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index 4dcca24..c9a7109 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -29,7 +29,6 @@ class AccountFlowTest < ActiveSupport::TestCase
   end
 
   def validate(m)
-    debugger
     put "/sessions/" + @login + '.json', :client_auth => m.to_s(16), :format => :json
     assert last_response.successful?
     return JSON.parse(last_response.body)
-- 
cgit v1.2.3


From 5b300b554682c232c0955bdb0dd3d8263dde901e Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Fri, 9 Nov 2012 16:45:54 +0100
Subject: seperated the warden classes from the initializer

also commented the sessions controller test a bit and fixed it
---
 users/test/functional/sessions_controller_test.rb | 29 +++++++++++++----------
 1 file changed, 16 insertions(+), 13 deletions(-)

(limited to 'users/test')

diff --git a/users/test/functional/sessions_controller_test.rb b/users/test/functional/sessions_controller_test.rb
index 4bad12f..8f2d95c 100644
--- a/users/test/functional/sessions_controller_test.rb
+++ b/users/test/functional/sessions_controller_test.rb
@@ -1,5 +1,8 @@
 require 'test_helper'
 
+# This is a simple controller unit test.
+# We're stubbing out both warden and srp.
+# There's an integration test testing the full rack stack and srp
 class SessionsControllerTest < ActionController::TestCase
 
   setup do
@@ -30,23 +33,23 @@ class SessionsControllerTest < ActionController::TestCase
     assert_json_response :errors => strategy.message
   end
 
+  # Warden takes care of parsing the params and
+  # rendering the response. So not much to test here.
   test "should perform handshake" do
-    assert_raises ActionView::MissingTemplate do
-      request.env['warden'].expects(:authenticate!)
-      post :create, :login => @user.login, 'A' => @client_hex
-      assert params['A']
-      assert params['login']
-    end
+    request.env['warden'].expects(:authenticate!)
+    # make sure we don't get a template missing error:
+    @controller.stubs(:render)
+    post :create, :login => @user.login, 'A' => @client_hex
   end
 
   test "should authorize" do
-    assert_raises ActionView::MissingTemplate do
-      request.env['warden'].expects(:authenticate!)
-      session[:handshake] = stub
-      post :update, :id => @user.login, :client_auth => @client_hex
-      assert params['client_auth']
-      assert session[:handshake]
-    end
+    request.env['warden'].expects(:authenticate!)
+    handshake = stub(:to_json => "JSON")
+    session[:handshake] = handshake
+    post :update, :id => @user.login, :client_auth => @client_hex
+    assert_nil session[:handshake]
+    assert_response :success
+    assert_equal handshake.to_json, @response.body
   end
 
   test "logout should reset warden user" do
-- 
cgit v1.2.3


From 8bb19e57c5d7a40d7319c70b191d4e3145a172ce Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Mon, 12 Nov 2012 19:19:49 +0100
Subject: commented out an unfinished test

---
 users/test/unit/warden_strategy_secure_remote_password_test.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'users/test')

diff --git a/users/test/unit/warden_strategy_secure_remote_password_test.rb b/users/test/unit/warden_strategy_secure_remote_password_test.rb
index ee68fe7..79480f0 100644
--- a/users/test/unit/warden_strategy_secure_remote_password_test.rb
+++ b/users/test/unit/warden_strategy_secure_remote_password_test.rb
@@ -1,5 +1,7 @@
 class WardenStrategySecureRemotePasswordTest < ActiveSupport::TestCase
 
+# TODO : turn this into sth. real
+=begin
   setup do
     @user = stub :login => "me", :id => 123
     @client_hex = 'a123'
@@ -57,5 +59,5 @@ class WardenStrategySecureRemotePasswordTest < ActiveSupport::TestCase
     assert_json_response :errors => {"password" => ["wrong password"]}
   end
 
-
+=end
 end
-- 
cgit v1.2.3


From 78475cb1b3d4f18a5c0a0fb326e6465b92a5f0e7 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Tue, 13 Nov 2012 12:00:01 +0100
Subject: testing against current staging server

---
 users/test/integration/api/python/flow_with_srp.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'users/test')

diff --git a/users/test/integration/api/python/flow_with_srp.py b/users/test/integration/api/python/flow_with_srp.py
index 0a11aec..b599252 100755
--- a/users/test/integration/api/python/flow_with_srp.py
+++ b/users/test/integration/api/python/flow_with_srp.py
@@ -16,7 +16,7 @@ def id_generator(size=6, chars=string.ascii_uppercase + string.digits):
   return ''.join(random.choice(chars) for x in range(size))
 
 # using globals for a start
-server = 'http://springbok/1/'
+server = 'http://springbok.leap.se/1/'
 login = id_generator()
 password = id_generator() + id_generator()
 
-- 
cgit v1.2.3


From 9810d5b66ca7f81df402e9b05957466a947bdf9b Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Mon, 19 Nov 2012 14:46:40 +0100
Subject: use latest mocha version without monkey patching :)

---
 users/test/test_helper.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'users/test')

diff --git a/users/test/test_helper.rb b/users/test/test_helper.rb
index e8f0125..52dff53 100644
--- a/users/test/test_helper.rb
+++ b/users/test/test_helper.rb
@@ -1,7 +1,7 @@
 ENV["RAILS_ENV"] = "test"
 require File.expand_path('../../../test/dummy/config/environment', __FILE__)
 require 'rails/test_help'
-require 'mocha'
+require 'mocha/setup'
 
 Rails.backtrace_cleaner.remove_silencers!
 
-- 
cgit v1.2.3


From ec87ccfa185a4c063386d385de7af15f993b77d8 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Thu, 22 Nov 2012 16:22:18 +0100
Subject: fixed tests

---
 users/test/functional/sessions_controller_test.rb |  9 +++---
 users/test/integration/api/account_flow_test.rb   | 39 ++++++++++++-----------
 2 files changed, 25 insertions(+), 23 deletions(-)

(limited to 'users/test')

diff --git a/users/test/functional/sessions_controller_test.rb b/users/test/functional/sessions_controller_test.rb
index 8f2d95c..93cc032 100644
--- a/users/test/functional/sessions_controller_test.rb
+++ b/users/test/functional/sessions_controller_test.rb
@@ -26,11 +26,12 @@ class SessionsControllerTest < ActionController::TestCase
   end
 
   test "renders warden errors" do
-    strategy = stub :message => "Warden auth did not work"
-    request.env['warden'].expects(:winning_strategy).returns(strategy)
+    strategy = stub :message => {:field => :translate_me}
+    request.env['warden'].stubs(:winning_strategy).returns(strategy)
+    I18n.expects(:t).with(:translate_me).at_least_once.returns("translation stub")
     get :new, :format => :json
-    assert_response :success
-    assert_json_response :errors => strategy.message
+    assert_response 422
+    assert_json_response :errors => {"field" => "translation stub"}
   end
 
   # Warden takes care of parsing the params and
diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index c9a7109..4135485 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -16,24 +16,6 @@ class AccountFlowTest < ActiveSupport::TestCase
     Warden.test_reset!
   end
 
-  # this test wraps the api and implements the interface the ruby-srp client.
-  def handshake(login, aa)
-    post "/sessions.json", :login => login, 'A' => aa.to_s(16), :format => :json
-    assert last_response.successful?
-    response = JSON.parse(last_response.body)
-    if response['errors']
-      raise RECORD_NOT_FOUND.new(response['errors'])
-    else
-      return response['B'].hex
-    end
-  end
-
-  def validate(m)
-    put "/sessions/" + @login + '.json', :client_auth => m.to_s(16), :format => :json
-    assert last_response.successful?
-    return JSON.parse(last_response.body)
-  end
-
   def setup
     @login = "integration_test_user"
     User.find_by_login(@login).tap{|u| u.destroy if u}
@@ -52,6 +34,22 @@ class AccountFlowTest < ActiveSupport::TestCase
     @user.destroy if @user # make sure we can run this test again
   end
 
+  # this test wraps the api and implements the interface the ruby-srp client.
+  def handshake(login, aa)
+    post "/sessions.json", :login => login, 'A' => aa.to_s(16), :format => :json
+    response = JSON.parse(last_response.body)
+    if response['errors']
+      raise RECORD_NOT_FOUND.new(response['errors'])
+    else
+      return response['B'].hex
+    end
+  end
+
+  def validate(m)
+    put "/sessions/" + @login + '.json', :client_auth => m.to_s(16), :format => :json
+    return JSON.parse(last_response.body)
+  end
+
   test "signup response" do
     assert_json_response :login => @login, :ok => true
     assert last_response.successful?
@@ -59,6 +57,7 @@ class AccountFlowTest < ActiveSupport::TestCase
 
   test "signup and login with srp via api" do
     server_auth = @srp.authenticate(self)
+    assert last_response.successful?
     assert_nil server_auth["errors"]
     assert server_auth["M2"]
   end
@@ -66,7 +65,8 @@ class AccountFlowTest < ActiveSupport::TestCase
   test "signup and wrong password login attempt" do
     srp = SRP::Client.new(@login, "wrong password")
     server_auth = srp.authenticate(self)
-    assert_equal "Could not log in", server_auth["errors"]['password']
+    assert !last_response.successful?
+    assert_equal "wrong password", server_auth["errors"]['password']
     assert_nil server_auth["M2"]
   end
 
@@ -76,6 +76,7 @@ class AccountFlowTest < ActiveSupport::TestCase
     assert_raises RECORD_NOT_FOUND do
       server_auth = srp.authenticate(self)
     end
+    assert !last_response.successful?
     assert_nil server_auth
   end
 
-- 
cgit v1.2.3


From 3ce5a25afef3b938c2bbbe8ce481f2af9e0c24dc Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Fri, 23 Nov 2012 10:24:46 +0100
Subject: test editing user settings

---
 users/test/functional/users_controller_test.rb | 31 ++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

(limited to 'users/test')

diff --git a/users/test/functional/users_controller_test.rb b/users/test/functional/users_controller_test.rb
index 1cb28a6..feae2dd 100644
--- a/users/test/functional/users_controller_test.rb
+++ b/users/test/functional/users_controller_test.rb
@@ -30,4 +30,35 @@ class UsersControllerTest < ActionController::TestCase
     assert_redirected_to new_user_path
   end
 
+  test "should get edit view" do
+    params = User.valid_attributes_hash
+    user = stub params.merge(:id => 123, :class => User, :to_key => ['123'], :new_record? => false, :persisted? => :true)
+    login user
+    get :edit, :id => user.id
+    assert_equal user, assigns[:user]
+  end
+
+  test "should process updated params" do
+    params = User.valid_attributes_hash
+    user = stub params.merge(:id => 123)
+    params.stringify_keys!
+    user.expects(:update).with(params).returns(user)
+    login user
+    post :update, :user => params, :id => user.id
+    assert_equal user, assigns[:user]
+    assert_response :redirect
+    assert_redirected_to edit_user_path(user)
+  end
+
+  test "should validate updated params" do
+    params = User.valid_attributes_hash
+    user = stub params.merge(:id => 123)
+    params.stringify_keys!
+    user.expects(:update).with(params).returns(user)
+    login user
+    post :update, :user => params, :id => user.id
+    assert_equal user, assigns[:user]
+  end
+
+
 end
-- 
cgit v1.2.3


From 46c0140a8eab632c783d309a7afd87cb7aad4280 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Fri, 23 Nov 2012 10:55:49 +0100
Subject: refactored creation of record stubs

---
 users/test/functional/users_controller_test.rb | 33 +++++++-------------------
 users/test/support/auth_test_helper.rb         |  3 +++
 users/test/support/stub_record_helper.rb       | 18 ++++++++++++++
 3 files changed, 30 insertions(+), 24 deletions(-)
 create mode 100644 users/test/support/stub_record_helper.rb

(limited to 'users/test')

diff --git a/users/test/functional/users_controller_test.rb b/users/test/functional/users_controller_test.rb
index feae2dd..4318928 100644
--- a/users/test/functional/users_controller_test.rb
+++ b/users/test/functional/users_controller_test.rb
@@ -1,6 +1,8 @@
 require 'test_helper'
 
 class UsersControllerTest < ActionController::TestCase
+  include StubRecordHelper
+
   test "should get new" do
     get :new
     assert_equal User, assigns(:user).class
@@ -8,11 +10,9 @@ class UsersControllerTest < ActionController::TestCase
   end
 
   test "should create new user" do
-    params = User.valid_attributes_hash
-    user = stub params.merge(:id => 123)
-    params.stringify_keys!
-    User.expects(:create!).with(params).returns(user)
-    post :create, :user => params
+    user = stub_record User
+    User.expects(:create!).with(user.params).returns(user)
+    post :create, :user => user.params
     assert_nil session[:user_id]
     assert_response :redirect
     assert_redirected_to root_url
@@ -31,34 +31,19 @@ class UsersControllerTest < ActionController::TestCase
   end
 
   test "should get edit view" do
-    params = User.valid_attributes_hash
-    user = stub params.merge(:id => 123, :class => User, :to_key => ['123'], :new_record? => false, :persisted? => :true)
+    user = stub_record User
     login user
     get :edit, :id => user.id
     assert_equal user, assigns[:user]
   end
 
   test "should process updated params" do
-    params = User.valid_attributes_hash
-    user = stub params.merge(:id => 123)
-    params.stringify_keys!
-    user.expects(:update).with(params).returns(user)
+    user = stub_record User
+    user.expects(:update).with(user.params).returns(user)
     login user
-    post :update, :user => params, :id => user.id
+    post :update, :user => user.params, :id => user.id
     assert_equal user, assigns[:user]
     assert_response :redirect
     assert_redirected_to edit_user_path(user)
   end
-
-  test "should validate updated params" do
-    params = User.valid_attributes_hash
-    user = stub params.merge(:id => 123)
-    params.stringify_keys!
-    user.expects(:update).with(params).returns(user)
-    login user
-    post :update, :user => params, :id => user.id
-    assert_equal user, assigns[:user]
-  end
-
-
 end
diff --git a/users/test/support/auth_test_helper.rb b/users/test/support/auth_test_helper.rb
index f211597..0b73f5f 100644
--- a/users/test/support/auth_test_helper.rb
+++ b/users/test/support/auth_test_helper.rb
@@ -11,6 +11,9 @@ module AuthTestHelper
 
   def login(user = nil)
     @current_user = user || stub
+    unless @current_user.respond_to? :is_admin?
+      @current_user.stubs(:is_admin?).returns(false)
+    end
     request.env['warden'] = stub :user => @current_user
     return @current_user
   end
diff --git a/users/test/support/stub_record_helper.rb b/users/test/support/stub_record_helper.rb
new file mode 100644
index 0000000..95b9d63
--- /dev/null
+++ b/users/test/support/stub_record_helper.rb
@@ -0,0 +1,18 @@
+module StubRecordHelper
+
+  # Create a stub that has the usual functions of a database record.
+  # It won't fail on rendering a form for example.
+  def stub_record(klass, params = {}, persisted = true)
+    if klass.respond_to?(:valid_attributes_hash)
+      params.reverse_merge!(klass.valid_attributes_hash)
+    end
+    params[:params] = params.stringify_keys
+    params.reverse_merge! :id => 123,
+      :class => klass,
+      :to_key => ['123'],
+      :new_record? => !persisted,
+      :persisted? => persisted
+    stub params
+  end
+
+end
-- 
cgit v1.2.3


From ee3c9146e4bbe93ec1f00ee45386a82ec4363c4d Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Fri, 23 Nov 2012 12:11:11 +0100
Subject: identify user by id so rerendering the form does not use new invalid
 login

---
 users/test/functional/users_controller_test.rb | 4 +++-
 users/test/unit/user_test.rb                   | 8 ++++----
 2 files changed, 7 insertions(+), 5 deletions(-)

(limited to 'users/test')

diff --git a/users/test/functional/users_controller_test.rb b/users/test/functional/users_controller_test.rb
index 4318928..e39869f 100644
--- a/users/test/functional/users_controller_test.rb
+++ b/users/test/functional/users_controller_test.rb
@@ -32,6 +32,7 @@ class UsersControllerTest < ActionController::TestCase
 
   test "should get edit view" do
     user = stub_record User
+    User.expects(:find_by_param).with(user.id.to_s).returns(user)
     login user
     get :edit, :id => user.id
     assert_equal user, assigns[:user]
@@ -39,7 +40,8 @@ class UsersControllerTest < ActionController::TestCase
 
   test "should process updated params" do
     user = stub_record User
-    user.expects(:update).with(user.params).returns(user)
+    user.expects(:update_attributes).with(user.params).returns(true)
+    User.expects(:find_by_param).with(user.id.to_s).returns(user)
     login user
     post :update, :user => user.params, :id => user.id
     assert_equal user, assigns[:user]
diff --git a/users/test/unit/user_test.rb b/users/test/unit/user_test.rb
index f057ca7..92c1463 100644
--- a/users/test/unit/user_test.rb
+++ b/users/test/unit/user_test.rb
@@ -23,14 +23,14 @@ class UserTest < ActiveSupport::TestCase
     assert !@user.valid?
   end
 
-  test "find_by_param gets User by login" do
+  test "find_by_param gets User by id" do
     @user.save
-    assert_equal @user, User.find_by_param(@user.login)
+    assert_equal @user, User.find_by_param(@user.id)
     @user.destroy
   end
 
-  test "to_param gives user login" do
-    assert_equal @user.login, @user.to_param
+  test "to_param gives user id" do
+    assert_equal @user.id, @user.to_param
   end
 
   test "verifier returns number for the hex in password_verifier" do
-- 
cgit v1.2.3


From 595518684b9c4364f96c97a84cc481b5ae0da981 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Mon, 26 Nov 2012 11:54:11 +0100
Subject: simplified controller and adjusted tests

Also added #assert_json_error to tests.
---
 users/test/functional/sessions_controller_test.rb  |  4 ++--
 users/test/functional/users_controller_test.rb     | 25 +++++++++++-----------
 users/test/support/stub_record_helper.rb           |  1 +
 users/test/unit/user_test.rb                       |  1 +
 .../warden_strategy_secure_remote_password_test.rb |  4 ++--
 5 files changed, 18 insertions(+), 17 deletions(-)

(limited to 'users/test')

diff --git a/users/test/functional/sessions_controller_test.rb b/users/test/functional/sessions_controller_test.rb
index 93cc032..9df4455 100644
--- a/users/test/functional/sessions_controller_test.rb
+++ b/users/test/functional/sessions_controller_test.rb
@@ -22,7 +22,7 @@ class SessionsControllerTest < ActionController::TestCase
     request.env['warden'].expects(:winning_strategy)
     get :new, :format => :json
     assert_response :success
-    assert_json_response :errors => nil
+    assert_json_error nil
   end
 
   test "renders warden errors" do
@@ -31,7 +31,7 @@ class SessionsControllerTest < ActionController::TestCase
     I18n.expects(:t).with(:translate_me).at_least_once.returns("translation stub")
     get :new, :format => :json
     assert_response 422
-    assert_json_response :errors => {"field" => "translation stub"}
+    assert_json_error :field => "translation stub"
   end
 
   # Warden takes care of parsing the params and
diff --git a/users/test/functional/users_controller_test.rb b/users/test/functional/users_controller_test.rb
index e39869f..ced8ee9 100644
--- a/users/test/functional/users_controller_test.rb
+++ b/users/test/functional/users_controller_test.rb
@@ -11,23 +11,22 @@ class UsersControllerTest < ActionController::TestCase
 
   test "should create new user" do
     user = stub_record User
-    User.expects(:create!).with(user.params).returns(user)
-    post :create, :user => user.params
+    User.expects(:create).with(user.params).returns(user)
+    post :create, :user => user.params, :format => :json
     assert_nil session[:user_id]
-    assert_response :redirect
-    assert_redirected_to root_url
+    assert_json_response user
+    assert_response :success
   end
 
   test "should redirect to signup form on failed attempt" do
     params = User.valid_attributes_hash.slice(:login)
     user = User.new(params)
     params.stringify_keys!
-    User.expects(:create!).with(params).raises(VALIDATION_FAILED.new(user))
-    post :create, :user => params
-    assert_nil session[:user_id]
-    assert_equal user, assigns[:user]
-    assert_response :redirect
-    assert_redirected_to new_user_path
+    assert !user.valid?
+    User.expects(:create).with(params).returns(user)
+    post :create, :user => params, :format => :json
+    assert_json_error user.errors.messages
+    assert_response 422
   end
 
   test "should get edit view" do
@@ -43,9 +42,9 @@ class UsersControllerTest < ActionController::TestCase
     user.expects(:update_attributes).with(user.params).returns(true)
     User.expects(:find_by_param).with(user.id.to_s).returns(user)
     login user
-    post :update, :user => user.params, :id => user.id
+    put :update, :user => user.params, :id => user.id, :format => :json
     assert_equal user, assigns[:user]
-    assert_response :redirect
-    assert_redirected_to edit_user_path(user)
+    assert_equal " ", @response.body
+    assert_response 204
   end
 end
diff --git a/users/test/support/stub_record_helper.rb b/users/test/support/stub_record_helper.rb
index 95b9d63..e744ad7 100644
--- a/users/test/support/stub_record_helper.rb
+++ b/users/test/support/stub_record_helper.rb
@@ -10,6 +10,7 @@ module StubRecordHelper
     params.reverse_merge! :id => 123,
       :class => klass,
       :to_key => ['123'],
+      :to_json => %Q({"stub":"#{klass.name}"}),
       :new_record? => !persisted,
       :persisted? => persisted
     stub params
diff --git a/users/test/unit/user_test.rb b/users/test/unit/user_test.rb
index 92c1463..cce11c2 100644
--- a/users/test/unit/user_test.rb
+++ b/users/test/unit/user_test.rb
@@ -5,6 +5,7 @@ class UserTest < ActiveSupport::TestCase
   include SRP::Util
   setup do
     @attribs = User.valid_attributes_hash
+    User.find_by_login(@attribs[:login]).try(:destroy)
     @user = User.new(@attribs)
   end
 
diff --git a/users/test/unit/warden_strategy_secure_remote_password_test.rb b/users/test/unit/warden_strategy_secure_remote_password_test.rb
index 79480f0..319809a 100644
--- a/users/test/unit/warden_strategy_secure_remote_password_test.rb
+++ b/users/test/unit/warden_strategy_secure_remote_password_test.rb
@@ -32,7 +32,7 @@ class WardenStrategySecureRemotePasswordTest < ActiveSupport::TestCase
     User.expects(:find_by_param).with(unknown).raises(RECORD_NOT_FOUND)
     post :create, :login => unknown
     assert_response :success
-    assert_json_response :errors => {"login" => ["unknown user"]}
+    assert_json_error "login" => ["unknown user"]
   end
 
   test "should authorize" do
@@ -56,7 +56,7 @@ class WardenStrategySecureRemotePasswordTest < ActiveSupport::TestCase
     post :update, :id => @user.login, :client_auth => @client_hex
     assert_nil session[:handshake]
     assert_nil session[:user_id]
-    assert_json_response :errors => {"password" => ["wrong password"]}
+    assert_json_error "password" => ["wrong password"]
   end
 
 =end
-- 
cgit v1.2.3


From cdda8f095d49cdda94c3527ecb92cb15c300327b Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Mon, 26 Nov 2012 12:15:54 +0100
Subject: fixed login error message on wrong username

---
 users/test/integration/api/account_flow_test.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'users/test')

diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index 4135485..add12fe 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -65,8 +65,8 @@ class AccountFlowTest < ActiveSupport::TestCase
   test "signup and wrong password login attempt" do
     srp = SRP::Client.new(@login, "wrong password")
     server_auth = srp.authenticate(self)
+    assert_json_error :password => "wrong password"
     assert !last_response.successful?
-    assert_equal "wrong password", server_auth["errors"]['password']
     assert_nil server_auth["M2"]
   end
 
@@ -76,6 +76,7 @@ class AccountFlowTest < ActiveSupport::TestCase
     assert_raises RECORD_NOT_FOUND do
       server_auth = srp.authenticate(self)
     end
+    assert_json_error :login => "could not be found"
     assert !last_response.successful?
     assert_nil server_auth
   end
-- 
cgit v1.2.3


From 277b9f98bfbe2ef0217dfd17c8d9d6597369b903 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Wed, 28 Nov 2012 15:13:47 +0100
Subject: admins can destroy users

I changed the permissions a little to be more consistent.

Now:
* admins can edit users
* users can destroy themselves.

There's no ui for either of them but theoretically they could. Not sure this is what we want though.
---
 users/test/functional/users_controller_test.rb | 45 ++++++++++++++++++++++++++
 users/test/support/auth_test_helper.rb         | 19 +++++++++--
 2 files changed, 62 insertions(+), 2 deletions(-)

(limited to 'users/test')

diff --git a/users/test/functional/users_controller_test.rb b/users/test/functional/users_controller_test.rb
index ced8ee9..ab29845 100644
--- a/users/test/functional/users_controller_test.rb
+++ b/users/test/functional/users_controller_test.rb
@@ -47,4 +47,49 @@ class UsersControllerTest < ActionController::TestCase
     assert_equal " ", @response.body
     assert_response 204
   end
+
+  test "admin can destroy user" do
+    login :is_admin? => true
+    user = stub_record User
+    user.expects(:destroy)
+    User.expects(:find_by_param).with(user.id.to_s).returns(user)
+    delete :destroy, :id => user.id
+    assert_response :redirect
+    # assert_redirected_to users_path
+  end
+
+  test "non-admin can't destroy user" do
+    login
+    user = stub_record User
+    delete :destroy, :id => user.id
+    assert_access_denied
+  end
+
+  test "admin can list users" do
+    login :is_admin? => true
+    get :index
+    assert_response :success
+    assert assigns(:users)
+  end
+
+  test "non-admin can't list users" do
+    login
+    get :index
+    assert_access_denied
+  end
+
+  test "admin can autocomplete users" do
+    login :is_admin? => true
+    get :index, :format => :json
+    assert_response :success
+    assert assigns(:users)
+  end
+
+  test "admin can search users" do
+    login :is_admin? => true
+    get :index, :query => "a"
+    assert_response :success
+    assert assigns(:users)
+  end
+
 end
diff --git a/users/test/support/auth_test_helper.rb b/users/test/support/auth_test_helper.rb
index 0b73f5f..e0b673a 100644
--- a/users/test/support/auth_test_helper.rb
+++ b/users/test/support/auth_test_helper.rb
@@ -1,4 +1,5 @@
 module AuthTestHelper
+  include StubRecordHelper
   extend ActiveSupport::Concern
 
   # Controller will fetch current user from warden.
@@ -9,8 +10,8 @@ module AuthTestHelper
     end
   end
 
-  def login(user = nil)
-    @current_user = user || stub
+  def login(user_or_method_hash = nil)
+    @current_user = stub_user(user_or_method_hash)
     unless @current_user.respond_to? :is_admin?
       @current_user.stubs(:is_admin?).returns(false)
     end
@@ -26,6 +27,20 @@ module AuthTestHelper
       assert flash[:alert].blank?
     end
   end
+
+  protected
+
+  # Will create a stub user for logging in from either
+  # * a hash of methods to stub
+  # * a user record
+  # * nil -> create a user record stub
+  def stub_user(user_or_method_hash)
+    if user_or_method_hash.is_a?(Hash)
+      stub_record User, user_or_method_hash
+    else
+      user_or_method_hash || stub_record(User)
+    end
+  end
 end
 
 class ActionController::TestCase
-- 
cgit v1.2.3


From 0b23df922336289b6f8062653b4d3e852ed927ec Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Mon, 3 Dec 2012 08:55:49 +0100
Subject: make tests pass on an empty db

---
 users/test/support/stub_record_helper.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'users/test')

diff --git a/users/test/support/stub_record_helper.rb b/users/test/support/stub_record_helper.rb
index e744ad7..ede21cf 100644
--- a/users/test/support/stub_record_helper.rb
+++ b/users/test/support/stub_record_helper.rb
@@ -7,7 +7,7 @@ module StubRecordHelper
       params.reverse_merge!(klass.valid_attributes_hash)
     end
     params[:params] = params.stringify_keys
-    params.reverse_merge! :id => 123,
+    params.reverse_merge! :id => "A123",
       :class => klass,
       :to_key => ['123'],
       :to_json => %Q({"stub":"#{klass.name}"}),
-- 
cgit v1.2.3


From 1de597b338f0622a7732676907365de673c34dfb Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Mon, 3 Dec 2012 10:24:49 +0100
Subject: enable admin to edit users

---
 users/test/functional/users_controller_test.rb | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'users/test')

diff --git a/users/test/functional/users_controller_test.rb b/users/test/functional/users_controller_test.rb
index ab29845..f008cda 100644
--- a/users/test/functional/users_controller_test.rb
+++ b/users/test/functional/users_controller_test.rb
@@ -44,8 +44,19 @@ class UsersControllerTest < ActionController::TestCase
     login user
     put :update, :user => user.params, :id => user.id, :format => :json
     assert_equal user, assigns[:user]
+    assert_response 204
     assert_equal " ", @response.body
+  end
+
+  test "admin can edit user" do
+    user = stub_record User
+    user.expects(:update_attributes).with(user.params).returns(true)
+    User.expects(:find_by_param).with(user.id.to_s).returns(user)
+    login :is_admin? => true
+    put :update, :user => user.params, :id => user.id, :format => :json
+    assert_equal user, assigns[:user]
     assert_response 204
+    assert_equal " ", @response.body
   end
 
   test "admin can destroy user" do
-- 
cgit v1.2.3


From 2a928455f9dcefa465b80b79768ba1d1a423e6e9 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Mon, 3 Dec 2012 10:52:01 +0100
Subject: enable users to cancel their account

---
 users/test/functional/users_controller_test.rb | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

(limited to 'users/test')

diff --git a/users/test/functional/users_controller_test.rb b/users/test/functional/users_controller_test.rb
index f008cda..44b6768 100644
--- a/users/test/functional/users_controller_test.rb
+++ b/users/test/functional/users_controller_test.rb
@@ -63,10 +63,19 @@ class UsersControllerTest < ActionController::TestCase
     login :is_admin? => true
     user = stub_record User
     user.expects(:destroy)
-    User.expects(:find_by_param).with(user.id.to_s).returns(user)
+    User.expects(:find_by_param).with(user.id).returns(user)
     delete :destroy, :id => user.id
     assert_response :redirect
-    # assert_redirected_to users_path
+    assert_redirected_to users_path
+  end
+
+  test "user can cancel account" do
+    login
+    @current_user.expects(:destroy)
+    User.expects(:find_by_param).with(@current_user.id).returns(@current_user)
+    delete :destroy, :id => @current_user.id
+    assert_response :redirect
+    assert_redirected_to login_path
   end
 
   test "non-admin can't destroy user" do
-- 
cgit v1.2.3


From 1b411de39f38eb0925cf255e941545933f227759 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Mon, 3 Dec 2012 14:02:16 +0100
Subject: refactored tests with new find_record helper

find_record User will return a stubbed user record and make sure User.find_by_id(user.id) returns the same so it can be used in controllers.
---
 users/test/functional/users_controller_test.rb | 45 ++++++++++++++++++--------
 users/test/support/auth_test_helper.rb         | 17 ++--------
 users/test/support/stub_record_helper.rb       | 26 +++++++++++++--
 3 files changed, 57 insertions(+), 31 deletions(-)

(limited to 'users/test')

diff --git a/users/test/functional/users_controller_test.rb b/users/test/functional/users_controller_test.rb
index 44b6768..939d105 100644
--- a/users/test/functional/users_controller_test.rb
+++ b/users/test/functional/users_controller_test.rb
@@ -5,6 +5,7 @@ class UsersControllerTest < ActionController::TestCase
 
   test "should get new" do
     get :new
+
     assert_equal User, assigns(:user).class
     assert_response :success
   end
@@ -12,7 +13,9 @@ class UsersControllerTest < ActionController::TestCase
   test "should create new user" do
     user = stub_record User
     User.expects(:create).with(user.params).returns(user)
+
     post :create, :user => user.params, :format => :json
+
     assert_nil session[:user_id]
     assert_json_response user
     assert_response :success
@@ -24,70 +27,81 @@ class UsersControllerTest < ActionController::TestCase
     params.stringify_keys!
     assert !user.valid?
     User.expects(:create).with(params).returns(user)
+
     post :create, :user => params, :format => :json
+
     assert_json_error user.errors.messages
     assert_response 422
   end
 
   test "should get edit view" do
-    user = stub_record User
-    User.expects(:find_by_param).with(user.id.to_s).returns(user)
+    user = find_record User
+
     login user
     get :edit, :id => user.id
+
     assert_equal user, assigns[:user]
   end
 
   test "should process updated params" do
-    user = stub_record User
+    user = find_record User
     user.expects(:update_attributes).with(user.params).returns(true)
-    User.expects(:find_by_param).with(user.id.to_s).returns(user)
+
     login user
     put :update, :user => user.params, :id => user.id, :format => :json
+
     assert_equal user, assigns[:user]
     assert_response 204
     assert_equal " ", @response.body
   end
 
-  test "admin can edit user" do
-    user = stub_record User
+  test "admin can update user" do
+    user = find_record User
     user.expects(:update_attributes).with(user.params).returns(true)
-    User.expects(:find_by_param).with(user.id.to_s).returns(user)
+
     login :is_admin? => true
     put :update, :user => user.params, :id => user.id, :format => :json
+
     assert_equal user, assigns[:user]
     assert_response 204
     assert_equal " ", @response.body
   end
 
   test "admin can destroy user" do
-    login :is_admin? => true
-    user = stub_record User
+    user = find_record User
     user.expects(:destroy)
-    User.expects(:find_by_param).with(user.id).returns(user)
+
+    login :is_admin? => true
     delete :destroy, :id => user.id
+
     assert_response :redirect
     assert_redirected_to users_path
   end
 
   test "user can cancel account" do
-    login
-    @current_user.expects(:destroy)
-    User.expects(:find_by_param).with(@current_user.id).returns(@current_user)
+    user = find_record User
+    user.expects(:destroy)
+
+    login user
     delete :destroy, :id => @current_user.id
+
     assert_response :redirect
     assert_redirected_to login_path
   end
 
   test "non-admin can't destroy user" do
-    login
     user = stub_record User
+
+    login
     delete :destroy, :id => user.id
+
     assert_access_denied
   end
 
   test "admin can list users" do
     login :is_admin? => true
     get :index
+
     assert_response :success
     assert assigns(:users)
   end
@@ -95,12 +109,14 @@ class UsersControllerTest < ActionController::TestCase
   test "non-admin can't list users" do
     login
     get :index
+
     assert_access_denied
   end
 
   test "admin can autocomplete users" do
     login :is_admin? => true
     get :index, :format => :json
+
     assert_response :success
     assert assigns(:users)
   end
@@ -108,6 +124,7 @@ class UsersControllerTest < ActionController::TestCase
   test "admin can search users" do
     login :is_admin? => true
     get :index, :query => "a"
+
     assert_response :success
     assert assigns(:users)
   end
diff --git a/users/test/support/auth_test_helper.rb b/users/test/support/auth_test_helper.rb
index e0b673a..f3506ae 100644
--- a/users/test/support/auth_test_helper.rb
+++ b/users/test/support/auth_test_helper.rb
@@ -10,8 +10,8 @@ module AuthTestHelper
     end
   end
 
-  def login(user_or_method_hash = nil)
-    @current_user = stub_user(user_or_method_hash)
+  def login(user_or_method_hash = {})
+    @current_user = stub_record(User, user_or_method_hash)
     unless @current_user.respond_to? :is_admin?
       @current_user.stubs(:is_admin?).returns(false)
     end
@@ -28,19 +28,6 @@ module AuthTestHelper
     end
   end
 
-  protected
-
-  # Will create a stub user for logging in from either
-  # * a hash of methods to stub
-  # * a user record
-  # * nil -> create a user record stub
-  def stub_user(user_or_method_hash)
-    if user_or_method_hash.is_a?(Hash)
-      stub_record User, user_or_method_hash
-    else
-      user_or_method_hash || stub_record(User)
-    end
-  end
 end
 
 class ActionController::TestCase
diff --git a/users/test/support/stub_record_helper.rb b/users/test/support/stub_record_helper.rb
index ede21cf..2e1a533 100644
--- a/users/test/support/stub_record_helper.rb
+++ b/users/test/support/stub_record_helper.rb
@@ -1,19 +1,41 @@
 module StubRecordHelper
 
+  # Will expect find_by_param or find_by_id to be called on klass and
+  # return the record given.
+  # If no record is given but a hash or nil will create a stub based on
+  # that instead and returns the stub.
+  def find_record(klass, record_or_method_hash = {})
+    record = stub_record(klass, record_or_method_hash)
+    finder = klass.respond_to?(:find_by_param) ? :find_by_param : :find_by_id
+    klass.expects(finder).with(record.to_param).returns(record)
+    return record
+  end
+
   # Create a stub that has the usual functions of a database record.
   # It won't fail on rendering a form for example.
-  def stub_record(klass, params = {}, persisted = true)
+  #
+  # If the second parameter is a record we return the record itself.
+  # This way you can build functions that either take a record or a
+  # method hash to stub from. See find_record for an example.
+  def stub_record(klass, record_or_method_hash = {}, persisted = true)
+    if record_or_method_hash && !record_or_method_hash.is_a?(Hash)
+      return record_or_method_hash
+    end
+    stub record_params_for(klass, record_or_method_hash, persisted)
+  end
+
+  def record_params_for(klass, params = {}, persisted = true)
     if klass.respond_to?(:valid_attributes_hash)
       params.reverse_merge!(klass.valid_attributes_hash)
     end
     params[:params] = params.stringify_keys
     params.reverse_merge! :id => "A123",
+      :to_param => "A123",
       :class => klass,
       :to_key => ['123'],
       :to_json => %Q({"stub":"#{klass.name}"}),
       :new_record? => !persisted,
       :persisted? => persisted
-    stub params
   end
 
 end
-- 
cgit v1.2.3