From b198fe678622b194ce93a531441490fce411b8f3 Mon Sep 17 00:00:00 2001 From: Francis Irving Date: Tue, 22 Dec 2009 15:47:34 +0000 Subject: Fix remember me. --- spec/controllers/user_controller_spec.rb | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'spec/controllers/user_controller_spec.rb') diff --git a/spec/controllers/user_controller_spec.rb b/spec/controllers/user_controller_spec.rb index f6f3c16ca..83abbfe3d 100644 --- a/spec/controllers/user_controller_spec.rb +++ b/spec/controllers/user_controller_spec.rb @@ -84,6 +84,15 @@ describe UserController, "when signing in" do response.should_not send_email end +# No idea how to test this in the test framework :( +# it "should have set a long lived cookie if they picked remember me, session cookie if they didn't" do +# get :signin, :r => "/list" +# response.should render_template('sign') +# post :signin, { :user_signin => { :email => 'bob@localhost', :password => 'jonespassword' } } +# session[:user_id].should == users(:bob_smith_user).id +# raise session.options.to_yaml # check cookie lasts a month +# end + it "should ask you to confirm your email if it isn't confirmed, after log in" do get :signin, :r => "/list" response.should render_template('sign') -- cgit v1.2.3 From 5e752e09c4d5afe4150bf20cc5ef332b1d8cda1a Mon Sep 17 00:00:00 2001 From: Francis Irving Date: Wed, 10 Mar 2010 01:25:24 +0000 Subject: Rename signchange to signchangepassword --- spec/controllers/user_controller_spec.rb | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'spec/controllers/user_controller_spec.rb') diff --git a/spec/controllers/user_controller_spec.rb b/spec/controllers/user_controller_spec.rb index 83abbfe3d..29658f085 100644 --- a/spec/controllers/user_controller_spec.rb +++ b/spec/controllers/user_controller_spec.rb @@ -240,14 +240,14 @@ describe UserController, "when changing password" do fixtures :users it "should show the email form when not logged in" do - get :signchange - response.should render_template('signchange_send_confirm') + get :signchangepassword + response.should render_template('signchangepassword_send_confirm') end it "should send a confirmation email when logged in normally" do session[:user_id] = users(:bob_smith_user).id - get :signchange - response.should render_template('signchange_confirm') + get :signchangepassword + response.should render_template('signchangepassword_confirm') deliveries = ActionMailer::Base.deliveries deliveries.size.should == 1 @@ -258,15 +258,15 @@ describe UserController, "when changing password" do it "should send a confirmation email when have wrong login circumstance" do session[:user_id] = users(:bob_smith_user).id session[:user_circumstance] = "bogus" - get :signchange - response.should render_template('signchange_confirm') + get :signchangepassword + response.should render_template('signchangepassword_confirm') end it "should show the password change screen when logged in as special password change mode" do session[:user_id] = users(:bob_smith_user).id session[:user_circumstance] = "change_password" - get :signchange - response.should render_template('signchange') + get :signchangepassword + response.should render_template('signchangepassword') end it "should change the password, if you have right to do so" do @@ -274,8 +274,8 @@ describe UserController, "when changing password" do session[:user_circumstance] = "change_password" old_hash = users(:bob_smith_user).hashed_password - post :signchange, { :user => { :password => 'ooo', :password_confirmation => 'ooo' }, - :submitted_signchange_password => 1 + post :signchangepassword, { :user => { :password => 'ooo', :password_confirmation => 'ooo' }, + :submitted_signchangepassword_do => 1 } users(:bob_smith_user).hashed_password.should != old_hash -- cgit v1.2.3 From 2734ede2a66553bf29294d64f9c1ed9782324686 Mon Sep 17 00:00:00 2001 From: Francis Irving Date: Wed, 10 Mar 2010 03:15:25 +0000 Subject: Form for changing your email address --- spec/controllers/user_controller_spec.rb | 70 ++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) (limited to 'spec/controllers/user_controller_spec.rb') diff --git a/spec/controllers/user_controller_spec.rb b/spec/controllers/user_controller_spec.rb index 29658f085..81333843a 100644 --- a/spec/controllers/user_controller_spec.rb +++ b/spec/controllers/user_controller_spec.rb @@ -290,6 +290,76 @@ describe UserController, "when changing password" do end +describe UserController, "when changing email address" do + integrate_views + fixtures :users + + it "should require login" do + get :signchangeemail + + post_redirect = PostRedirect.get_last_post_redirect + response.should redirect_to(:controller => 'user', :action => 'signin', :token => post_redirect.token) + end + + it "should show form for changing email if logged in" do + session[:user_id] = users(:silly_name_user).id + get :signchangeemail + + response.should render_template('signchangeemail') + end + + it "should be an error if the password is wrong, everything else right" do + @user = users(:silly_name_user) + session[:user_id] = @user.id + + post :signchangeemail, { :signchangeemail => { :old_email => 'silly@localhost', + :password => 'donotknowpassword', :new_email => 'newsilly@localhost' }, + :submitted_signchangeemail_do => 1 + } + + @user.reload + @user.email.should == 'silly@localhost' + response.should render_template('signchangeemail') + assigns[:signchangeemail].errors[:password].should_not be_nil + end + + it "should be an error if old email is wrong, everything else right" do + @user = users(:silly_name_user) + session[:user_id] = @user.id + + post :signchangeemail, { :signchangeemail => { :old_email => 'silly@moo', + :password => 'jonespassword', :new_email => 'newsilly@localhost' }, + :submitted_signchangeemail_do => 1 + } + + @user.reload + @user.email.should == 'silly@localhost' + response.should render_template('signchangeemail') + assigns[:signchangeemail].errors[:old_email].should_not be_nil + end + + it "should change your email if you get all the details right, and require confirmation" do + @user = users(:silly_name_user) + session[:user_id] = @user.id + + post :signchangeemail, { :signchangeemail => { :old_email => 'silly@localhost', + :password => 'jonespassword', :new_email => 'newsilly@localhost' }, + :submitted_signchangeemail_do => 1 + } + + @user.reload + @user.email.should == 'newsilly@localhost' + @user.email_confirmed.should == false + + response.flash[:notice].should include('Your email has been changed') + response.should render_template('confirm') + deliveries = ActionMailer::Base.deliveries + deliveries.size.should == 1 + deliveries[0].body.should include("not reveal your email") + end + + +end -- cgit v1.2.3 From 96ff1f26d610393b0e6cfc177d98039820fcf0da Mon Sep 17 00:00:00 2001 From: Francis Irving Date: Wed, 10 Mar 2010 03:15:46 +0000 Subject: Slight comment change --- spec/controllers/user_controller_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'spec/controllers/user_controller_spec.rb') diff --git a/spec/controllers/user_controller_spec.rb b/spec/controllers/user_controller_spec.rb index 81333843a..c552c8d41 100644 --- a/spec/controllers/user_controller_spec.rb +++ b/spec/controllers/user_controller_spec.rb @@ -338,7 +338,7 @@ describe UserController, "when changing email address" do assigns[:signchangeemail].errors[:old_email].should_not be_nil end - it "should change your email if you get all the details right, and require confirmation" do + it "should change your email if you get all the details right, and send confirmation email" do @user = users(:silly_name_user) session[:user_id] = @user.id -- cgit v1.2.3 From 5ec31603058d5c4108d08ed5cfa62707aaeced7d Mon Sep 17 00:00:00 2001 From: Francis Irving Date: Wed, 10 Mar 2010 03:54:40 +0000 Subject: Use bob instead of silly as test user. Make it behave better if existing email changed to. --- spec/controllers/user_controller_spec.rb | 62 ++++++++++++++++++++++++-------- 1 file changed, 47 insertions(+), 15 deletions(-) (limited to 'spec/controllers/user_controller_spec.rb') diff --git a/spec/controllers/user_controller_spec.rb b/spec/controllers/user_controller_spec.rb index c552c8d41..d85706b2d 100644 --- a/spec/controllers/user_controller_spec.rb +++ b/spec/controllers/user_controller_spec.rb @@ -302,63 +302,95 @@ describe UserController, "when changing email address" do end it "should show form for changing email if logged in" do - session[:user_id] = users(:silly_name_user).id + @user = users(:bob_smith_user) + session[:user_id] = @user.id + get :signchangeemail response.should render_template('signchangeemail') end it "should be an error if the password is wrong, everything else right" do - @user = users(:silly_name_user) + @user = users(:bob_smith_user) session[:user_id] = @user.id - post :signchangeemail, { :signchangeemail => { :old_email => 'silly@localhost', - :password => 'donotknowpassword', :new_email => 'newsilly@localhost' }, + post :signchangeemail, { :signchangeemail => { :old_email => 'bob@localhost', + :password => 'donotknowpassword', :new_email => 'newbob@localhost' }, :submitted_signchangeemail_do => 1 } @user.reload - @user.email.should == 'silly@localhost' + @user.email.should == 'bob@localhost' response.should render_template('signchangeemail') assigns[:signchangeemail].errors[:password].should_not be_nil + + deliveries = ActionMailer::Base.deliveries + deliveries.size.should == 0 end it "should be an error if old email is wrong, everything else right" do - @user = users(:silly_name_user) + @user = users(:bob_smith_user) session[:user_id] = @user.id - post :signchangeemail, { :signchangeemail => { :old_email => 'silly@moo', - :password => 'jonespassword', :new_email => 'newsilly@localhost' }, + post :signchangeemail, { :signchangeemail => { :old_email => 'bob@moo', + :password => 'jonespassword', :new_email => 'newbob@localhost' }, :submitted_signchangeemail_do => 1 } @user.reload - @user.email.should == 'silly@localhost' + @user.email.should == 'bob@localhost' response.should render_template('signchangeemail') assigns[:signchangeemail].errors[:old_email].should_not be_nil + + deliveries = ActionMailer::Base.deliveries + deliveries.size.should == 0 end it "should change your email if you get all the details right, and send confirmation email" do - @user = users(:silly_name_user) + @user = users(:bob_smith_user) session[:user_id] = @user.id - post :signchangeemail, { :signchangeemail => { :old_email => 'silly@localhost', - :password => 'jonespassword', :new_email => 'newsilly@localhost' }, + post :signchangeemail, { :signchangeemail => { :old_email => 'bob@localhost', + :password => 'jonespassword', :new_email => 'newbob@localhost' }, :submitted_signchangeemail_do => 1 } @user.reload - @user.email.should == 'newsilly@localhost' + @user.email.should == 'newbob@localhost' @user.email_confirmed.should == false - response.flash[:notice].should include('Your email has been changed') response.should render_template('confirm') deliveries = ActionMailer::Base.deliveries deliveries.size.should == 1 - deliveries[0].body.should include("not reveal your email") + mail = deliveries[0] + + mail.body.should include("not reveal your email") + mail.to.should == [ 'newbob@localhost' ] end + it "should send special 'already signed up' mail if you try to change your email to one already used" do + @user = users(:bob_smith_user) + session[:user_id] = @user.id + + post :signchangeemail, { :signchangeemail => { :old_email => 'bob@localhost', + :password => 'jonespassword', :new_email => 'bob@localhost' }, + :submitted_signchangeemail_do => 1 + } + + @user.reload + @user.email.should == 'bob@localhost' + @user.email_confirmed.should == true + + response.should render_template('confirm') + + deliveries = ActionMailer::Base.deliveries + deliveries.size.should == 1 + mail = deliveries[0] + + mail.body.should include("have an account") + mail.to.should == [ 'bob@localhost' ] + end end -- cgit v1.2.3 From 6c0d1b008d932bba2e8d92862a5220df5e357919 Mon Sep 17 00:00:00 2001 From: Francis Irving Date: Wed, 10 Mar 2010 10:54:38 +0000 Subject: Only change email address when they confirm the email, so there is no security leak that someone is registered with an email --- spec/controllers/user_controller_spec.rb | 53 +++++++++++++++++++++++++------- 1 file changed, 42 insertions(+), 11 deletions(-) (limited to 'spec/controllers/user_controller_spec.rb') diff --git a/spec/controllers/user_controller_spec.rb b/spec/controllers/user_controller_spec.rb index d85706b2d..2bfb35240 100644 --- a/spec/controllers/user_controller_spec.rb +++ b/spec/controllers/user_controller_spec.rb @@ -346,7 +346,7 @@ describe UserController, "when changing email address" do deliveries.size.should == 0 end - it "should change your email if you get all the details right, and send confirmation email" do + it "should send confirmation email if you get all the details right" do @user = users(:bob_smith_user) session[:user_id] = @user.id @@ -356,17 +356,49 @@ describe UserController, "when changing email address" do } @user.reload - @user.email.should == 'newbob@localhost' - @user.email_confirmed.should == false + @user.email.should == 'bob@localhost' + @user.email_confirmed.should == true - response.should render_template('confirm') + response.should render_template('signchangeemail_confirm') deliveries = ActionMailer::Base.deliveries deliveries.size.should == 1 mail = deliveries[0] - - mail.body.should include("not reveal your email") + mail.body.should include("confirm that you want to change") mail.to.should == [ 'newbob@localhost' ] + + mail.body =~ /(http:\/\/.*(\/c\/(.*)))/ + mail_url = $1 + mail_path = $2 + mail_token = $3 + + # Check confirmation URL works + session[:user_id] = nil + session[:user_circumstance].should == nil + get :confirm, :email_token => mail_token + session[:user_id].should == users(:bob_smith_user).id + session[:user_circumstance].should == 'change_email' + response.should redirect_to(:controller => 'user', :action => 'signchangeemail', :post_redirect => 1) + + # Would be nice to do a follow_redirect! here, but rspec-rails doesn't + # have one. Instead do an equivalent manually. + post_redirect = PostRedirect.find_by_email_token(mail_token) + post_redirect.circumstance.should == 'change_email' + post_redirect.user.should == users(:bob_smith_user) + post_redirect.post_params.should == {"submitted_signchangeemail_do"=>"1", + "action"=>"signchangeemail", + "signchangeemail"=>{ + "old_email"=>"bob@localhost", + "new_email"=>"newbob@localhost", + "password"=>"jonespassword"}, + "controller"=>"user"} + post :signchangeemail, post_redirect.post_params + + response.should redirect_to(:controller => 'user', :action => 'show', :url_name => 'bob_smith') + flash[:notice].should match(/You have now changed your email address/) + @user.reload + @user.email.should == 'newbob@localhost' + @user.email_confirmed.should == true end it "should send special 'already signed up' mail if you try to change your email to one already used" do @@ -374,7 +406,7 @@ describe UserController, "when changing email address" do session[:user_id] = @user.id post :signchangeemail, { :signchangeemail => { :old_email => 'bob@localhost', - :password => 'jonespassword', :new_email => 'bob@localhost' }, + :password => 'jonespassword', :new_email => 'silly@localhost' }, :submitted_signchangeemail_do => 1 } @@ -382,16 +414,15 @@ describe UserController, "when changing email address" do @user.email.should == 'bob@localhost' @user.email_confirmed.should == true - response.should render_template('confirm') + response.should render_template('signchangeemail_confirm') deliveries = ActionMailer::Base.deliveries deliveries.size.should == 1 mail = deliveries[0] - mail.body.should include("have an account") - mail.to.should == [ 'bob@localhost' ] + mail.body.should include("perhaps you, just tried to change their") + mail.to.should == [ 'silly@localhost' ] end - end -- cgit v1.2.3 From 5b35b7768baa4df6e96f1a147c247691497f0a3e Mon Sep 17 00:00:00 2001 From: Francis Irving Date: Sat, 20 Mar 2010 18:45:15 +0000 Subject: Allow emails case insensitively. --- spec/controllers/user_controller_spec.rb | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'spec/controllers/user_controller_spec.rb') diff --git a/spec/controllers/user_controller_spec.rb b/spec/controllers/user_controller_spec.rb index 2bfb35240..193cf476c 100644 --- a/spec/controllers/user_controller_spec.rb +++ b/spec/controllers/user_controller_spec.rb @@ -346,6 +346,18 @@ describe UserController, "when changing email address" do deliveries.size.should == 0 end + it "should work even if the old email had a case difference" do + @user = users(:bob_smith_user) + session[:user_id] = @user.id + + post :signchangeemail, { :signchangeemail => { :old_email => 'BOB@localhost', + :password => 'jonespassword', :new_email => 'newbob@localhost' }, + :submitted_signchangeemail_do => 1 + } + + response.should render_template('signchangeemail_confirm') + end + it "should send confirmation email if you get all the details right" do @user = users(:bob_smith_user) session[:user_id] = @user.id -- cgit v1.2.3