1 files changed, 26 insertions, 0 deletions

diff --git a/spec/controllers/user_controller_spec.rb b/spec/controllers/user_controller_spec.rb
index 193cf476c..7fc9dbf98 100644
--- a/spec/controllers/user_controller_spec.rb
+++ b/spec/controllers/user_controller_spec.rb
@@ -283,9 +283,25 @@ describe UserController, "when changing password" do
     end
 
     it "should not change the password, if you're not logged in" do
+        session[:user_circumstance] = "change_password"
+
+        old_hash = users(:bob_smith_user).hashed_password
+        post :signchange, { :user => { :password => 'ooo', :password_confirmation => 'ooo' },
+            :submitted_signchange_password => 1
+        }
+        users(:bob_smith_user).hashed_password.should == old_hash
     end
 
     it "should not change the password, if you're just logged in normally" do
+        session[:user_id] = users(:bob_smith_user).id
+        session[:user_circumstance] = nil
+
+        old_hash = users(:bob_smith_user).hashed_password
+        post :signchange, { :user => { :password => 'ooo', :password_confirmation => 'ooo' },
+            :submitted_signchange_password => 1
+        }
+
+        users(:bob_smith_user).hashed_password.should == old_hash
     end
 
 end
@@ -437,4 +453,14 @@ describe UserController, "when changing email address" do
     end
 end
 
+describe UserController, "when using profile photos" do
+    integrate_views
+    fixtures :users
+    
+    it "should not let you change profile photo if you're not logged in as the user" do
+        user = users(:bob_smith_user)
+        data = load_file_fixture("parrot.png")
+        post :profile_photo, { :id => user.id, :data => data } 
+    end
+end