aboutsummaryrefslogtreecommitdiffstats
path: root/spec/controllers/user_controller_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/controllers/user_controller_spec.rb')
-rw-r--r--spec/controllers/user_controller_spec.rb26
1 files changed, 26 insertions, 0 deletions
diff --git a/spec/controllers/user_controller_spec.rb b/spec/controllers/user_controller_spec.rb
index 193cf476c..7fc9dbf98 100644
--- a/spec/controllers/user_controller_spec.rb
+++ b/spec/controllers/user_controller_spec.rb
@@ -283,9 +283,25 @@ describe UserController, "when changing password" do
end
it "should not change the password, if you're not logged in" do
+ session[:user_circumstance] = "change_password"
+
+ old_hash = users(:bob_smith_user).hashed_password
+ post :signchange, { :user => { :password => 'ooo', :password_confirmation => 'ooo' },
+ :submitted_signchange_password => 1
+ }
+ users(:bob_smith_user).hashed_password.should == old_hash
end
it "should not change the password, if you're just logged in normally" do
+ session[:user_id] = users(:bob_smith_user).id
+ session[:user_circumstance] = nil
+
+ old_hash = users(:bob_smith_user).hashed_password
+ post :signchange, { :user => { :password => 'ooo', :password_confirmation => 'ooo' },
+ :submitted_signchange_password => 1
+ }
+
+ users(:bob_smith_user).hashed_password.should == old_hash
end
end
@@ -437,4 +453,14 @@ describe UserController, "when changing email address" do
end
end
+describe UserController, "when using profile photos" do
+ integrate_views
+ fixtures :users
+
+ it "should not let you change profile photo if you're not logged in as the user" do
+ user = users(:bob_smith_user)
+ data = load_file_fixture("parrot.png")
+ post :profile_photo, { :id => user.id, :data => data }
+ end
+end