diff options
| author | Edmund von der Burg <evdb@mysociety.org> | 2011-03-04 11:08:07 +0000 |
|---|---|---|
| committer | Edmund von der Burg <evdb@mysociety.org> | 2011-03-04 11:08:07 +0000 |
| commit | 770ffd1d8fb1f023e78df876a29dc36022246692 (patch) | |
| tree | 3ab4571d487c4e50c19fcece42983764fbab3b5c /t/app/controller | |
| parent | e18bf78e0513d4f1ebf0413d60691525cdcc2f5d (diff) | |
Completed auth section (main parts at least)
Diffstat (limited to 't/app/controller')
| -rw-r--r-- | t/app/controller/auth.t | 169 |
1 files changed, 134 insertions, 35 deletions
diff --git a/t/app/controller/auth.t b/t/app/controller/auth.t index 0a0280494..43f83db13 100644 --- a/t/app/controller/auth.t +++ b/t/app/controller/auth.t @@ -6,7 +6,7 @@ BEGIN { FixMyStreet->test_mode(1); } -use Test::More tests => 44; +use Test::More tests => 90; use Email::Send::Test; use FixMyStreet::App; @@ -14,14 +14,13 @@ use FixMyStreet::App; use Test::WWW::Mechanize::Catalyst 'FixMyStreet::App'; my $mech = Test::WWW::Mechanize::Catalyst->new; -my $test_email = 'test@example.com'; +my $test_email = 'test@example.com'; +my $test_password = 'foobar'; END { - ok( - FixMyStreet::App->model('DB::User')->find( { email => $test_email } ) - ->delete, - "delete test user" - ); + ok( FixMyStreet::App->model('DB::User')->find( { email => $_ } )->delete, + "delete test user '$_'" ) + for ($test_email); } $mech->get_ok('/auth'); @@ -47,7 +46,7 @@ for my $test ( { form_name => 'general_auth', fields => { email => $email, }, - button => 'create_account', + button => 'email_login', }, "try to create an account with email '$email'" ); @@ -62,14 +61,14 @@ $mech->submit_form_ok( { form_name => 'general_auth', fields => { email => $test_email, }, - button => 'create_account', + button => 'email_login', }, "create an account for '$test_email'" ); -is $mech->uri->path, '/auth/welcome', "redirected to welcome page"; +is $mech->uri->path, '/auth/token', "redirected to welcome page"; -# check that we are now logged in -$mech->get_ok("/auth/check_auth"); +# check that we are not logged in yet +is $mech->get('/auth/check_auth')->code, 401, "got 401 at check_auth"; # check that we got one email { @@ -77,7 +76,7 @@ $mech->get_ok("/auth/check_auth"); Email::Send::Test->clear; is scalar(@emails), 1, "got one email"; - is $emails[0]->header('Subject'), "Your new FixMyStreet.com account", + is $emails[0]->header('Subject'), "Your FixMyStreet.com account details", "subject is correct"; is $emails[0]->header('To'), $test_email, "to is correct"; @@ -85,43 +84,143 @@ $mech->get_ok("/auth/check_auth"); my ($link) = $emails[0]->body =~ m{(http://\S+)}; ok $link, "Found a link in email '$link'"; - # check that the user is currently not confirmed - my $user = - FixMyStreet::App->model('DB::User')->find( { email => $test_email } ); - ok $user, "got a user"; - ok !$user->is_confirmed, "user has not been confirmed"; + # check that the user does not exist + sub get_user { + FixMyStreet::App->model('DB::User')->find( { email => $test_email } ); + } + ok !get_user(), "no user exists"; # visit the confirm link (with bad token) and check user no confirmed $mech->get_ok( $link . 'XXX' ); - $user->discard_changes; - ok !$user->is_confirmed, "user has not been confirmed"; + ok !get_user(), "no user exists"; + is $mech->get('/auth/check_auth')->code, 401, "got 401 at check_auth"; # visit the confirm link and check user is confirmed $mech->get_ok($link); - $user->discard_changes; - ok $user->is_confirmed, "user has been confirmed"; + ok get_user(), "user created"; + is $mech->uri->path, '/my', "redirected to the 'my' section of site"; + $mech->get_ok('/auth/check_auth'); + + # logout and try to use the token again + $mech->get_ok("/auth/logout"); + is $mech->get('/auth/check_auth')->code, 401, "got 401 at check_auth"; + $mech->get_ok($link); + is $mech->uri, $link, "not logged in"; + $mech->content_contains( 'Link too old or already used', + 'token now invalid' ); + is $mech->get('/auth/check_auth')->code, 401, "got 401 at check_auth"; } -# logout -$mech->get_ok("/auth/logout"); -is $mech->get('/auth/check_auth')->code, 401, "got 401 at check_auth"; +# get a login email and change password +{ + Email::Send::Test->clear; + $mech->get_ok('/auth'); + $mech->submit_form_ok( + { + form_name => 'general_auth', + fields => { email => "$test_email", }, + button => 'email_login', + }, + "email_login with '$test_email'" + ); + is $mech->uri->path, '/auth/token', "redirected to token page"; -# login using valid details + # rest is as before so no need to test -# logout + # follow link and change password - check not prompted for old password + is $mech->get('/auth/check_auth')->code, 401, "got 401 at check_auth"; -# try to login with bad details + my @emails = Email::Send::Test->emails; + my ($link) = $emails[0]->body =~ m{(http://\S+)}; + $mech->get_ok($link); + + $mech->follow_link_ok( { url => '/auth/change_password' } ); + + ok my $form = $mech->form_name('change_password'), + "found change password form"; + is_deeply [ sort grep { $_ } map { $_->name } $form->inputs ], # + [ 'confirm', 'new_password' ], + "check we got expected fields (ie not old_password)"; + + # check the various ways the form can be wrong + for my $test ( + { new => '', conf => '', err => 'enter a password', }, + { new => 'secret', conf => '', err => 'do not match', }, + { new => '', conf => 'secret', err => 'do not match', }, + { new => 'secret', conf => 'not_secret', err => 'do not match', }, + ) + { + $mech->get_ok('/auth/change_password'); + $mech->content_lacks( $test->{err}, "did not find expected error" ); + $mech->submit_form_ok( + { + form_name => 'change_password', + fields => + { new_password => $test->{new}, confirm => $test->{conf}, }, + }, + "change_password with '$test->{new}' and '$test->{conf}'" + ); + $mech->content_contains( $test->{err}, "found expected error" ); + } + + my $user = + FixMyStreet::App->model('DB::User')->find( { email => $test_email } ); + ok $user, "got a user"; + ok !$user->password, "user has no password"; -# try to create an account with bad details + $mech->get_ok('/auth/change_password'); + $mech->submit_form_ok( + { + form_name => 'change_password', + fields => + { new_password => $test_password, confirm => $test_password, }, + }, + "change_password with '$test_password' and '$test_password'" + ); + is $mech->uri->path, '/auth/change_password', + "still on change password page"; + $mech->content_contains( 'password has been changed', + "found password changed" ); -# get a password reset email (for bad email address) + $user->discard_changes(); + ok $user->password, "user now has a password"; +} -# get a password reminder (for good email address) +# login using valid details +$mech->get_ok('/auth'); +$mech->submit_form_ok( + { + form_name => 'general_auth', + fields => { + email => $test_email, + password => $test_password, + }, + button => 'login', + }, + "login with '$test_email' & '$test_password" +); +is $mech->uri->path, '/my', "redirected to correct page"; -# try using bad reset token +# logout +$mech->get_ok("/auth/logout"); +is $mech->get('/auth/check_auth')->code, 401, "got 401 at check_auth"; -# use the good reset token and change the password +# try to login with bad details +$mech->get_ok('/auth'); +$mech->submit_form_ok( + { + form_name => 'general_auth', + fields => { + email => $test_email, + password => 'not the password', + }, + button => 'login', + }, + "login with '$test_email' & '$test_password" +); +is $mech->uri->path, '/auth', "redirected to correct page"; +$mech->content_contains( 'Email or password wrong', 'found error message' ); -# try to use the good token again +# more test: +# TODO: test that email are always lowercased -# delete the test user |