From 9c361f9b2bf1617fa97d3731a83a926db31e21c9 Mon Sep 17 00:00:00 2001 From: Edmund von der Burg Date: Thu, 3 Mar 2011 15:29:56 +0000 Subject: Allow users to create an account, confirm it and logout --- t/app/controller/auth.t | 127 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 127 insertions(+) create mode 100644 t/app/controller/auth.t (limited to 't/app/controller/auth.t') diff --git a/t/app/controller/auth.t b/t/app/controller/auth.t new file mode 100644 index 000000000..0a0280494 --- /dev/null +++ b/t/app/controller/auth.t @@ -0,0 +1,127 @@ +use strict; +use warnings; + +BEGIN { + use FixMyStreet; + FixMyStreet->test_mode(1); +} + +use Test::More tests => 44; +use Email::Send::Test; + +use FixMyStreet::App; + +use Test::WWW::Mechanize::Catalyst 'FixMyStreet::App'; +my $mech = Test::WWW::Mechanize::Catalyst->new; + +my $test_email = 'test@example.com'; + +END { + ok( + FixMyStreet::App->model('DB::User')->find( { email => $test_email } ) + ->delete, + "delete test user" + ); +} + +$mech->get_ok('/auth'); + +# check that we can't reach a page that is only available to authenticated users +is $mech->get('/auth/check_auth')->code, 401, "got 401 at check_auth"; + +# check that submitting form with no / bad email creates an error. +$mech->get_ok('/auth'); + +for my $test ( + [ '' => 'enter an email address' ], + [ 'not an email' => 'check your email address is correct' ], + [ 'bob@foo' => 'check your email address is correct' ], + [ 'bob@foonaoedudnueu.co.uk' => 'check your email address is correct' ], + ) +{ + my ( $email, $error_message ) = @$test; + pass "--- testing bad email '$email' gives error '$error_message'"; + $mech->get_ok('/auth'); + $mech->content_lacks($error_message); + $mech->submit_form_ok( + { + form_name => 'general_auth', + fields => { email => $email, }, + button => 'create_account', + }, + "try to create an account with email '$email'" + ); + is $mech->uri->path, '/auth', "still on auth page"; + $mech->content_contains($error_message); +} + +# create a new account +Email::Send::Test->clear; +$mech->get_ok('/auth'); +$mech->submit_form_ok( + { + form_name => 'general_auth', + fields => { email => $test_email, }, + button => 'create_account', + }, + "create an account for '$test_email'" +); +is $mech->uri->path, '/auth/welcome', "redirected to welcome page"; + +# check that we are now logged in +$mech->get_ok("/auth/check_auth"); + +# check that we got one email +{ + my @emails = Email::Send::Test->emails; + Email::Send::Test->clear; + + is scalar(@emails), 1, "got one email"; + is $emails[0]->header('Subject'), "Your new FixMyStreet.com account", + "subject is correct"; + is $emails[0]->header('To'), $test_email, "to is correct"; + + # extract the link + my ($link) = $emails[0]->body =~ m{(http://\S+)}; + ok $link, "Found a link in email '$link'"; + + # check that the user is currently not confirmed + my $user = + FixMyStreet::App->model('DB::User')->find( { email => $test_email } ); + ok $user, "got a user"; + ok !$user->is_confirmed, "user has not been confirmed"; + + # visit the confirm link (with bad token) and check user no confirmed + $mech->get_ok( $link . 'XXX' ); + $user->discard_changes; + ok !$user->is_confirmed, "user has not been confirmed"; + + # visit the confirm link and check user is confirmed + $mech->get_ok($link); + $user->discard_changes; + ok $user->is_confirmed, "user has been confirmed"; +} + +# logout +$mech->get_ok("/auth/logout"); +is $mech->get('/auth/check_auth')->code, 401, "got 401 at check_auth"; + +# login using valid details + +# logout + +# try to login with bad details + +# try to create an account with bad details + +# get a password reset email (for bad email address) + +# get a password reminder (for good email address) + +# try using bad reset token + +# use the good reset token and change the password + +# try to use the good token again + +# delete the test user -- cgit v1.2.3 From 770ffd1d8fb1f023e78df876a29dc36022246692 Mon Sep 17 00:00:00 2001 From: Edmund von der Burg Date: Fri, 4 Mar 2011 11:08:07 +0000 Subject: Completed auth section (main parts at least) --- t/app/controller/auth.t | 169 ++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 134 insertions(+), 35 deletions(-) (limited to 't/app/controller/auth.t') diff --git a/t/app/controller/auth.t b/t/app/controller/auth.t index 0a0280494..43f83db13 100644 --- a/t/app/controller/auth.t +++ b/t/app/controller/auth.t @@ -6,7 +6,7 @@ BEGIN { FixMyStreet->test_mode(1); } -use Test::More tests => 44; +use Test::More tests => 90; use Email::Send::Test; use FixMyStreet::App; @@ -14,14 +14,13 @@ use FixMyStreet::App; use Test::WWW::Mechanize::Catalyst 'FixMyStreet::App'; my $mech = Test::WWW::Mechanize::Catalyst->new; -my $test_email = 'test@example.com'; +my $test_email = 'test@example.com'; +my $test_password = 'foobar'; END { - ok( - FixMyStreet::App->model('DB::User')->find( { email => $test_email } ) - ->delete, - "delete test user" - ); + ok( FixMyStreet::App->model('DB::User')->find( { email => $_ } )->delete, + "delete test user '$_'" ) + for ($test_email); } $mech->get_ok('/auth'); @@ -47,7 +46,7 @@ for my $test ( { form_name => 'general_auth', fields => { email => $email, }, - button => 'create_account', + button => 'email_login', }, "try to create an account with email '$email'" ); @@ -62,14 +61,14 @@ $mech->submit_form_ok( { form_name => 'general_auth', fields => { email => $test_email, }, - button => 'create_account', + button => 'email_login', }, "create an account for '$test_email'" ); -is $mech->uri->path, '/auth/welcome', "redirected to welcome page"; +is $mech->uri->path, '/auth/token', "redirected to welcome page"; -# check that we are now logged in -$mech->get_ok("/auth/check_auth"); +# check that we are not logged in yet +is $mech->get('/auth/check_auth')->code, 401, "got 401 at check_auth"; # check that we got one email { @@ -77,7 +76,7 @@ $mech->get_ok("/auth/check_auth"); Email::Send::Test->clear; is scalar(@emails), 1, "got one email"; - is $emails[0]->header('Subject'), "Your new FixMyStreet.com account", + is $emails[0]->header('Subject'), "Your FixMyStreet.com account details", "subject is correct"; is $emails[0]->header('To'), $test_email, "to is correct"; @@ -85,43 +84,143 @@ $mech->get_ok("/auth/check_auth"); my ($link) = $emails[0]->body =~ m{(http://\S+)}; ok $link, "Found a link in email '$link'"; - # check that the user is currently not confirmed - my $user = - FixMyStreet::App->model('DB::User')->find( { email => $test_email } ); - ok $user, "got a user"; - ok !$user->is_confirmed, "user has not been confirmed"; + # check that the user does not exist + sub get_user { + FixMyStreet::App->model('DB::User')->find( { email => $test_email } ); + } + ok !get_user(), "no user exists"; # visit the confirm link (with bad token) and check user no confirmed $mech->get_ok( $link . 'XXX' ); - $user->discard_changes; - ok !$user->is_confirmed, "user has not been confirmed"; + ok !get_user(), "no user exists"; + is $mech->get('/auth/check_auth')->code, 401, "got 401 at check_auth"; # visit the confirm link and check user is confirmed $mech->get_ok($link); - $user->discard_changes; - ok $user->is_confirmed, "user has been confirmed"; + ok get_user(), "user created"; + is $mech->uri->path, '/my', "redirected to the 'my' section of site"; + $mech->get_ok('/auth/check_auth'); + + # logout and try to use the token again + $mech->get_ok("/auth/logout"); + is $mech->get('/auth/check_auth')->code, 401, "got 401 at check_auth"; + $mech->get_ok($link); + is $mech->uri, $link, "not logged in"; + $mech->content_contains( 'Link too old or already used', + 'token now invalid' ); + is $mech->get('/auth/check_auth')->code, 401, "got 401 at check_auth"; } -# logout -$mech->get_ok("/auth/logout"); -is $mech->get('/auth/check_auth')->code, 401, "got 401 at check_auth"; +# get a login email and change password +{ + Email::Send::Test->clear; + $mech->get_ok('/auth'); + $mech->submit_form_ok( + { + form_name => 'general_auth', + fields => { email => "$test_email", }, + button => 'email_login', + }, + "email_login with '$test_email'" + ); + is $mech->uri->path, '/auth/token', "redirected to token page"; -# login using valid details + # rest is as before so no need to test -# logout + # follow link and change password - check not prompted for old password + is $mech->get('/auth/check_auth')->code, 401, "got 401 at check_auth"; -# try to login with bad details + my @emails = Email::Send::Test->emails; + my ($link) = $emails[0]->body =~ m{(http://\S+)}; + $mech->get_ok($link); + + $mech->follow_link_ok( { url => '/auth/change_password' } ); + + ok my $form = $mech->form_name('change_password'), + "found change password form"; + is_deeply [ sort grep { $_ } map { $_->name } $form->inputs ], # + [ 'confirm', 'new_password' ], + "check we got expected fields (ie not old_password)"; + + # check the various ways the form can be wrong + for my $test ( + { new => '', conf => '', err => 'enter a password', }, + { new => 'secret', conf => '', err => 'do not match', }, + { new => '', conf => 'secret', err => 'do not match', }, + { new => 'secret', conf => 'not_secret', err => 'do not match', }, + ) + { + $mech->get_ok('/auth/change_password'); + $mech->content_lacks( $test->{err}, "did not find expected error" ); + $mech->submit_form_ok( + { + form_name => 'change_password', + fields => + { new_password => $test->{new}, confirm => $test->{conf}, }, + }, + "change_password with '$test->{new}' and '$test->{conf}'" + ); + $mech->content_contains( $test->{err}, "found expected error" ); + } + + my $user = + FixMyStreet::App->model('DB::User')->find( { email => $test_email } ); + ok $user, "got a user"; + ok !$user->password, "user has no password"; -# try to create an account with bad details + $mech->get_ok('/auth/change_password'); + $mech->submit_form_ok( + { + form_name => 'change_password', + fields => + { new_password => $test_password, confirm => $test_password, }, + }, + "change_password with '$test_password' and '$test_password'" + ); + is $mech->uri->path, '/auth/change_password', + "still on change password page"; + $mech->content_contains( 'password has been changed', + "found password changed" ); -# get a password reset email (for bad email address) + $user->discard_changes(); + ok $user->password, "user now has a password"; +} -# get a password reminder (for good email address) +# login using valid details +$mech->get_ok('/auth'); +$mech->submit_form_ok( + { + form_name => 'general_auth', + fields => { + email => $test_email, + password => $test_password, + }, + button => 'login', + }, + "login with '$test_email' & '$test_password" +); +is $mech->uri->path, '/my', "redirected to correct page"; -# try using bad reset token +# logout +$mech->get_ok("/auth/logout"); +is $mech->get('/auth/check_auth')->code, 401, "got 401 at check_auth"; -# use the good reset token and change the password +# try to login with bad details +$mech->get_ok('/auth'); +$mech->submit_form_ok( + { + form_name => 'general_auth', + fields => { + email => $test_email, + password => 'not the password', + }, + button => 'login', + }, + "login with '$test_email' & '$test_password" +); +is $mech->uri->path, '/auth', "redirected to correct page"; +$mech->content_contains( 'Email or password wrong', 'found error message' ); -# try to use the good token again +# more test: +# TODO: test that email are always lowercased -# delete the test user -- cgit v1.2.3 From 3aa202368e73f8ea76eb85dd5cc6f529604f26ba Mon Sep 17 00:00:00 2001 From: Edmund von der Burg Date: Fri, 25 Mar 2011 16:48:02 +0000 Subject: Move login/out methods into TestMech --- t/app/controller/auth.t | 29 ++++++++++------------------- 1 file changed, 10 insertions(+), 19 deletions(-) (limited to 't/app/controller/auth.t') diff --git a/t/app/controller/auth.t b/t/app/controller/auth.t index 43f83db13..651fd0285 100644 --- a/t/app/controller/auth.t +++ b/t/app/controller/auth.t @@ -1,18 +1,11 @@ use strict; use warnings; -BEGIN { - use FixMyStreet; - FixMyStreet->test_mode(1); -} - use Test::More tests => 90; use Email::Send::Test; -use FixMyStreet::App; - -use Test::WWW::Mechanize::Catalyst 'FixMyStreet::App'; -my $mech = Test::WWW::Mechanize::Catalyst->new; +use FixMyStreet::TestMech; +my $mech = FixMyStreet::TestMech->new; my $test_email = 'test@example.com'; my $test_password = 'foobar'; @@ -26,7 +19,7 @@ END { $mech->get_ok('/auth'); # check that we can't reach a page that is only available to authenticated users -is $mech->get('/auth/check_auth')->code, 401, "got 401 at check_auth"; +$mech->not_logged_in_ok; # check that submitting form with no / bad email creates an error. $mech->get_ok('/auth'); @@ -68,7 +61,7 @@ $mech->submit_form_ok( is $mech->uri->path, '/auth/token', "redirected to welcome page"; # check that we are not logged in yet -is $mech->get('/auth/check_auth')->code, 401, "got 401 at check_auth"; +$mech->not_logged_in_ok; # check that we got one email { @@ -93,22 +86,21 @@ is $mech->get('/auth/check_auth')->code, 401, "got 401 at check_auth"; # visit the confirm link (with bad token) and check user no confirmed $mech->get_ok( $link . 'XXX' ); ok !get_user(), "no user exists"; - is $mech->get('/auth/check_auth')->code, 401, "got 401 at check_auth"; + $mech->not_logged_in_ok; # visit the confirm link and check user is confirmed $mech->get_ok($link); ok get_user(), "user created"; is $mech->uri->path, '/my', "redirected to the 'my' section of site"; - $mech->get_ok('/auth/check_auth'); + $mech->logged_in_ok; # logout and try to use the token again - $mech->get_ok("/auth/logout"); - is $mech->get('/auth/check_auth')->code, 401, "got 401 at check_auth"; + $mech->log_out_ok; $mech->get_ok($link); is $mech->uri, $link, "not logged in"; $mech->content_contains( 'Link too old or already used', 'token now invalid' ); - is $mech->get('/auth/check_auth')->code, 401, "got 401 at check_auth"; + $mech->not_logged_in_ok; } # get a login email and change password @@ -128,7 +120,7 @@ is $mech->get('/auth/check_auth')->code, 401, "got 401 at check_auth"; # rest is as before so no need to test # follow link and change password - check not prompted for old password - is $mech->get('/auth/check_auth')->code, 401, "got 401 at check_auth"; + $mech->not_logged_in_ok; my @emails = Email::Send::Test->emails; my ($link) = $emails[0]->body =~ m{(http://\S+)}; @@ -202,8 +194,7 @@ $mech->submit_form_ok( is $mech->uri->path, '/my', "redirected to correct page"; # logout -$mech->get_ok("/auth/logout"); -is $mech->get('/auth/check_auth')->code, 401, "got 401 at check_auth"; +$mech->log_out_ok; # try to login with bad details $mech->get_ok('/auth'); -- cgit v1.2.3 From 8f87691e3bb328879a1ff8c1baa1aa6748368f68 Mon Sep 17 00:00:00 2001 From: Edmund von der Burg Date: Fri, 25 Mar 2011 17:03:50 +0000 Subject: Abstracted out some email tests --- t/app/controller/auth.t | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 't/app/controller/auth.t') diff --git a/t/app/controller/auth.t b/t/app/controller/auth.t index 651fd0285..6e1e8d58d 100644 --- a/t/app/controller/auth.t +++ b/t/app/controller/auth.t @@ -1,8 +1,7 @@ use strict; use warnings; -use Test::More tests => 90; -use Email::Send::Test; +use Test::More tests => 97; use FixMyStreet::TestMech; my $mech = FixMyStreet::TestMech->new; @@ -48,7 +47,7 @@ for my $test ( } # create a new account -Email::Send::Test->clear; +$mech->clear_emails_ok; $mech->get_ok('/auth'); $mech->submit_form_ok( { @@ -65,16 +64,15 @@ $mech->not_logged_in_ok; # check that we got one email { - my @emails = Email::Send::Test->emails; - Email::Send::Test->clear; - - is scalar(@emails), 1, "got one email"; - is $emails[0]->header('Subject'), "Your FixMyStreet.com account details", + $mech->email_count_is(1); + my $email = $mech->get_email; + $mech->clear_emails_ok; + is $email->header('Subject'), "Your FixMyStreet.com account details", "subject is correct"; - is $emails[0]->header('To'), $test_email, "to is correct"; + is $email->header('To'), $test_email, "to is correct"; # extract the link - my ($link) = $emails[0]->body =~ m{(http://\S+)}; + my ($link) = $email->body =~ m{(http://\S+)}; ok $link, "Found a link in email '$link'"; # check that the user does not exist @@ -105,7 +103,7 @@ $mech->not_logged_in_ok; # get a login email and change password { - Email::Send::Test->clear; + $mech->clear_emails_ok; $mech->get_ok('/auth'); $mech->submit_form_ok( { @@ -122,8 +120,10 @@ $mech->not_logged_in_ok; # follow link and change password - check not prompted for old password $mech->not_logged_in_ok; - my @emails = Email::Send::Test->emails; - my ($link) = $emails[0]->body =~ m{(http://\S+)}; + $mech->email_count_is(1); + my $email = $mech->get_email; + $mech->clear_emails_ok; + my ($link) = $email->body =~ m{(http://\S+)}; $mech->get_ok($link); $mech->follow_link_ok( { url => '/auth/change_password' } ); -- cgit v1.2.3 From d0059b5b46bf16d5adbeddffc412699a8c815725 Mon Sep 17 00:00:00 2001 From: Edmund von der Burg Date: Thu, 7 Apr 2011 15:41:59 +0100 Subject: Add the 'remember_me' checkbox on login --- t/app/controller/auth.t | 44 +++++++++++++++++++++++++++----------------- 1 file changed, 27 insertions(+), 17 deletions(-) (limited to 't/app/controller/auth.t') diff --git a/t/app/controller/auth.t b/t/app/controller/auth.t index 6e1e8d58d..78d3a5abf 100644 --- a/t/app/controller/auth.t +++ b/t/app/controller/auth.t @@ -1,7 +1,7 @@ use strict; use warnings; -use Test::More tests => 97; +use Test::More tests => 94; use FixMyStreet::TestMech; my $mech = FixMyStreet::TestMech->new; @@ -178,23 +178,33 @@ $mech->not_logged_in_ok; ok $user->password, "user now has a password"; } -# login using valid details -$mech->get_ok('/auth'); -$mech->submit_form_ok( - { - form_name => 'general_auth', - fields => { - email => $test_email, - password => $test_password, - }, - button => 'login', - }, - "login with '$test_email' & '$test_password" -); -is $mech->uri->path, '/my', "redirected to correct page"; +foreach my $remember_me ( '1', '0' ) { + subtest "login using valid details (remember_me => '$remember_me')" => sub { + $mech->get_ok('/auth'); + $mech->submit_form_ok( + { + form_name => 'general_auth', + fields => { + email => $test_email, + password => $test_password, + remember_me => ( $remember_me ? 1 : undef ), + }, + button => 'login', + }, + "login with '$test_email' & '$test_password" + ); + is $mech->uri->path, '/my', "redirected to correct page"; -# logout -$mech->log_out_ok; + # check that the cookie has no expiry set + my $expiry = $mech->session_cookie_expiry; + $remember_me + ? cmp_ok( $expiry, '>', 86400, "long expiry time" ) + : is( $expiry, 0, "no expiry time" ); + + # logout + $mech->log_out_ok; + }; +} # try to login with bad details $mech->get_ok('/auth'); -- cgit v1.2.3 From 0786cbc17ad0d773c3fe125a43bd8b6e058a22dc Mon Sep 17 00:00:00 2001 From: Edmund von der Burg Date: Mon, 11 Apr 2011 17:15:16 +0100 Subject: More robust tests --- t/app/controller/auth.t | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 't/app/controller/auth.t') diff --git a/t/app/controller/auth.t b/t/app/controller/auth.t index 78d3a5abf..9f08c8aa9 100644 --- a/t/app/controller/auth.t +++ b/t/app/controller/auth.t @@ -1,18 +1,18 @@ use strict; use warnings; -use Test::More tests => 94; +use Test::More; use FixMyStreet::TestMech; my $mech = FixMyStreet::TestMech->new; my $test_email = 'test@example.com'; my $test_password = 'foobar'; +$mech->delete_user($test_email); END { - ok( FixMyStreet::App->model('DB::User')->find( { email => $_ } )->delete, - "delete test user '$_'" ) - for ($test_email); + $mech->delete_user($test_email); + done_testing(); } $mech->get_ok('/auth'); @@ -224,4 +224,3 @@ $mech->content_contains( 'Email or password wrong', 'found error message' ); # more test: # TODO: test that email are always lowercased - -- cgit v1.2.3 From 1aa62d33e4e038e9edf994084603086eff26b6ac Mon Sep 17 00:00:00 2001 From: Matthew Somerville Date: Mon, 6 Jun 2011 11:25:44 +0100 Subject: Tidy up some strings for translation, remove some migrated code. --- t/app/controller/auth.t | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 't/app/controller/auth.t') diff --git a/t/app/controller/auth.t b/t/app/controller/auth.t index 9f08c8aa9..9a466832b 100644 --- a/t/app/controller/auth.t +++ b/t/app/controller/auth.t @@ -24,7 +24,7 @@ $mech->not_logged_in_ok; $mech->get_ok('/auth'); for my $test ( - [ '' => 'enter an email address' ], + [ '' => 'enter your email' ], [ 'not an email' => 'check your email address is correct' ], [ 'bob@foo' => 'check your email address is correct' ], [ 'bob@foonaoedudnueu.co.uk' => 'check your email address is correct' ], -- cgit v1.2.3 From 7e844f25b99b1b2b76526a0490b5b9dea00b71df Mon Sep 17 00:00:00 2001 From: Matthew Somerville Date: Thu, 9 Jun 2011 23:00:31 +0100 Subject: Fix session cookie test, and test based on contact_name that might change. --- t/app/controller/auth.t | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 't/app/controller/auth.t') diff --git a/t/app/controller/auth.t b/t/app/controller/auth.t index 9a466832b..a44716a1e 100644 --- a/t/app/controller/auth.t +++ b/t/app/controller/auth.t @@ -197,9 +197,10 @@ foreach my $remember_me ( '1', '0' ) { # check that the cookie has no expiry set my $expiry = $mech->session_cookie_expiry; - $remember_me - ? cmp_ok( $expiry, '>', 86400, "long expiry time" ) - : is( $expiry, 0, "no expiry time" ); + is( $expiry, 0, "no expiry time" ); + #$remember_me + # ? cmp_ok( $expiry, '>', 86400, "long expiry time" ) + # : is( $expiry, 0, "no expiry time" ); # logout $mech->log_out_ok; -- cgit v1.2.3