diff options
Diffstat (limited to 'spec/controllers/user_controller_spec.rb')
-rw-r--r-- | spec/controllers/user_controller_spec.rb | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/spec/controllers/user_controller_spec.rb b/spec/controllers/user_controller_spec.rb index 193cf476c..7fc9dbf98 100644 --- a/spec/controllers/user_controller_spec.rb +++ b/spec/controllers/user_controller_spec.rb @@ -283,9 +283,25 @@ describe UserController, "when changing password" do end it "should not change the password, if you're not logged in" do + session[:user_circumstance] = "change_password" + + old_hash = users(:bob_smith_user).hashed_password + post :signchange, { :user => { :password => 'ooo', :password_confirmation => 'ooo' }, + :submitted_signchange_password => 1 + } + users(:bob_smith_user).hashed_password.should == old_hash end it "should not change the password, if you're just logged in normally" do + session[:user_id] = users(:bob_smith_user).id + session[:user_circumstance] = nil + + old_hash = users(:bob_smith_user).hashed_password + post :signchange, { :user => { :password => 'ooo', :password_confirmation => 'ooo' }, + :submitted_signchange_password => 1 + } + + users(:bob_smith_user).hashed_password.should == old_hash end end @@ -437,4 +453,14 @@ describe UserController, "when changing email address" do end end +describe UserController, "when using profile photos" do + integrate_views + fixtures :users + + it "should not let you change profile photo if you're not logged in as the user" do + user = users(:bob_smith_user) + data = load_file_fixture("parrot.png") + post :profile_photo, { :id => user.id, :data => data } + end +end |