1 require File.dirname(__FILE__) + '/../test_helper'
3 class UserControllerTest < ActionController::TestCase
7 # test all routes which lead to this controller
10 { :path => "/api/0.6/user/1", :method => :get },
11 { :controller => "user", :action => "api_read", :id => "1" }
14 { :path => "/api/0.6/user/details", :method => :get },
15 { :controller => "user", :action => "api_details" }
18 { :path => "/api/0.6/user/gpx_files", :method => :get },
19 { :controller => "user", :action => "api_gpx_files" }
23 { :path => "/login", :method => :get },
24 { :controller => "user", :action => "login" }
27 { :path => "/login", :method => :post },
28 { :controller => "user", :action => "login" }
31 { :controller => "user", :action => "login", :format => "html" },
32 { :path => "/login.html", :method => :get }
36 { :path => "/logout", :method => :get },
37 { :controller => "user", :action => "logout" }
40 { :path => "/logout", :method => :post },
41 { :controller => "user", :action => "logout" }
44 { :controller => "user", :action => "logout", :format => "html" },
45 { :path => "/logout.html", :method => :get }
49 { :path => "/user/new", :method => :get },
50 { :controller => "user", :action => "new" }
53 { :controller => "user", :action => "new" },
54 { :path => "/create-account.html", :method => :get }
58 { :path => "/user/terms", :method => :get },
59 { :controller => "user", :action => "terms" }
62 { :path => "/user/terms", :method => :post },
63 { :controller => "user", :action => "terms" }
67 { :path => "/user/save", :method => :post },
68 { :controller => "user", :action => "save" }
72 { :path => "/user/username/confirm", :method => :get },
73 { :controller => "user", :action => "confirm", :display_name => "username" }
76 { :path => "/user/username/confirm", :method => :post },
77 { :controller => "user", :action => "confirm", :display_name => "username" }
80 { :path => "/user/username/confirm/resend", :method => :get },
81 { :controller => "user", :action => "confirm_resend", :display_name => "username" }
85 { :path => "/user/confirm", :method => :get },
86 { :controller => "user", :action => "confirm" }
89 { :path => "/user/confirm", :method => :post },
90 { :controller => "user", :action => "confirm" }
93 { :path => "/user/confirm-email", :method => :get },
94 { :controller => "user", :action => "confirm_email" }
97 { :path => "/user/confirm-email", :method => :post },
98 { :controller => "user", :action => "confirm_email" }
102 { :path => "/user/go_public", :method => :post },
103 { :controller => "user", :action => "go_public" }
107 { :path => "/user/forgot-password", :method => :get },
108 { :controller => "user", :action => "lost_password" }
111 { :path => "/user/forgot-password", :method => :post },
112 { :controller => "user", :action => "lost_password" }
115 { :controller => "user", :action => "lost_password" },
116 { :path => "/forgot-password.html", :method => :get }
119 { :path => "/user/reset-password", :method => :get },
120 { :controller => "user", :action => "reset_password" }
123 { :path => "/user/reset-password", :method => :post },
124 { :controller => "user", :action => "reset_password" }
128 { :path => "/user/suspended", :method => :get },
129 { :controller => "user", :action => "suspended" }
133 { :path => "/user/username", :method => :get },
134 { :controller => "user", :action => "view", :display_name => "username" }
138 { :path => "/user/username/account", :method => :get },
139 { :controller => "user", :action => "account", :display_name => "username" }
142 { :path => "/user/username/account", :method => :post },
143 { :controller => "user", :action => "account", :display_name => "username" }
147 { :path => "/user/username/make_friend", :method => :get },
148 { :controller => "user", :action => "make_friend", :display_name => "username" }
151 { :path => "/user/username/make_friend", :method => :post },
152 { :controller => "user", :action => "make_friend", :display_name => "username" }
155 { :path => "/user/username/remove_friend", :method => :get },
156 { :controller => "user", :action => "remove_friend", :display_name => "username" }
159 { :path => "/user/username/remove_friend", :method => :post },
160 { :controller => "user", :action => "remove_friend", :display_name => "username" }
164 { :path => "/user/username/set_status", :method => :get },
165 { :controller => "user", :action => "set_status", :display_name => "username" }
168 { :path => "/user/username/delete", :method => :get },
169 { :controller => "user", :action => "delete", :display_name => "username" }
173 { :path => "/users", :method => :get },
174 { :controller => "user", :action => "list" }
177 { :path => "/users", :method => :post },
178 { :controller => "user", :action => "list" }
181 { :path => "/users/status", :method => :get },
182 { :controller => "user", :action => "list", :status => "status" }
185 { :path => "/users/status", :method => :post },
186 { :controller => "user", :action => "list", :status => "status" }
190 # The user creation page loads
191 def test_user_create_view
193 assert_response :redirect
194 assert_redirected_to user_new_path(:cookie_test => "true")
196 get :new, { :cookie_test => "true" }, { :cookie_test => true }
197 assert_response :success
199 assert_select "html", :count => 1 do
200 assert_select "head", :count => 1 do
201 assert_select "title", :text => /Create account/, :count => 1
203 assert_select "body", :count => 1 do
204 assert_select "div#content", :count => 1 do
205 assert_select "form[action='/user/terms'][method=post]", :count => 1 do
206 assert_select "input[id=user_email]", :count => 1
207 assert_select "input[id=user_email_confirmation]", :count => 1
208 assert_select "input[id=user_display_name]", :count => 1
209 assert_select "input[id=user_pass_crypt][type=password]", :count => 1
210 assert_select "input[id=user_pass_crypt_confirmation][type=password]", :count => 1
211 assert_select "input[type=submit][value=Continue]", :count => 1
218 def test_user_create_success
219 new_email = "newtester@osm.org"
220 display_name = "new_tester"
221 assert_difference('User.count') do
222 assert_difference('ActionMailer::Base.deliveries.size') do
223 session[:new_user] = User.new({
224 :status => "pending", :display_name => display_name,
225 :email => new_email, :email_confirmation => new_email,
226 :pass_crypt => "testtest", :pass_crypt_confirmation => "testtest"
227 }, :without_protection => true)
234 register_email = ActionMailer::Base.deliveries.first
236 assert_equal register_email.to[0], new_email
237 assert_match /#{@url}/, register_email.body.to_s
240 assert_redirected_to :action => 'login', :referer => nil
242 ActionMailer::Base.deliveries.clear
245 def test_user_create_submit_duplicate_email
246 email = users(:public_user).email
247 display_name = "new_tester"
248 assert_difference('User.count', 0) do
249 assert_difference('ActionMailer::Base.deliveries.size', 0) do
250 session[:new_user] = User.new({
251 :status => "pending", :display_name => display_name,
252 :email => email, :email_confirmation => email,
253 :pass_crypt => "testtest", :pass_crypt_confirmation => "testtest"
254 }, :without_protection => true)
259 assert_response :success
260 assert_template 'new'
261 assert_select "div#errorExplanation"
262 assert_select "table#signupForm > tr > td > div[class=field_with_errors] > input#user_email"
265 def test_user_create_submit_duplicate_email_uppercase
266 email = users(:public_user).email.upcase
267 display_name = "new_tester"
268 assert_difference('User.count', 0) do
269 assert_difference('ActionMailer::Base.deliveries.size', 0) do
270 session[:new_user] = User.new({
271 :status => "pending", :display_name => display_name,
272 :email => email, :email_confirmation => email,
273 :pass_crypt => "testtest", :pass_crypt_confirmation => "testtest"
274 }, :without_protection => true)
279 assert_response :success
280 assert_template 'new'
281 assert_select "div#errorExplanation"
282 assert_select "table#signupForm > tr > td > div[class=field_with_errors] > input#user_email"
285 def test_user_create_submit_duplicate_name
286 email = "new_tester@example.com"
287 display_name = users(:public_user).display_name
288 assert_difference('User.count', 0) do
289 assert_difference('ActionMailer::Base.deliveries.size', 0) do
290 session[:new_user] = User.new({
291 :status => "pending", :display_name => display_name,
292 :email => email, :email_confirmation => email,
293 :pass_crypt => "testtest", :pass_crypt_confirmation => "testtest"
294 }, :without_protection => true)
299 assert_response :success
300 assert_template 'new'
301 assert_select "div#errorExplanation"
302 assert_select "table#signupForm > tr > td > div[class=field_with_errors] > input#user_display_name"
305 def test_user_create_submit_duplicate_name_uppercase
306 email = "new_tester@example.com"
307 display_name = users(:public_user).display_name.upcase
308 assert_difference('User.count', 0) do
309 assert_difference('ActionMailer::Base.deliveries.size', 0) do
310 session[:new_user] = User.new({
311 :status => "pending", :display_name => display_name,
312 :email => email, :email_confirmation => email,
313 :pass_crypt => "testtest", :pass_crypt_confirmation => "testtest"
314 }, :without_protection => true)
319 assert_response :success
320 assert_template 'new'
321 assert_select "div#errorExplanation"
322 assert_select "table#signupForm > tr > td > div[class=field_with_errors] > input#user_display_name"
325 def test_user_lost_password
326 # Test fetching the lost password page
328 assert_response :success
329 assert_template :lost_password
330 assert_select "div#notice", false
332 # Test resetting using the address as recorded for a user that has an
333 # address which is duplicated in a different case by another user
334 assert_difference('ActionMailer::Base.deliveries.size', 1) do
335 post :lost_password, :user => { :email => users(:normal_user).email }
337 assert_response :redirect
338 assert_redirected_to :action => :login
339 assert_match /^Sorry you lost it/, flash[:notice]
340 assert_equal users(:normal_user).email, ActionMailer::Base.deliveries.last.to[0]
342 # Test resetting using an address that matches a different user
343 # that has the same address in a different case
344 assert_difference('ActionMailer::Base.deliveries.size', 1) do
345 post :lost_password, :user => { :email => users(:normal_user).email.upcase }
347 assert_response :redirect
348 assert_redirected_to :action => :login
349 assert_match /^Sorry you lost it/, flash[:notice]
350 assert_equal users(:uppercase_user).email, ActionMailer::Base.deliveries.last.to[0]
352 # Test resetting using an address that is a case insensitive match
353 # for more than one user but not an exact match for either
354 assert_difference('ActionMailer::Base.deliveries.size', 0) do
355 post :lost_password, :user => { :email => users(:normal_user).email.titlecase }
357 assert_response :success
358 assert_template :lost_password
359 assert_select "div#error", /^Could not find that email address/
361 # Test resetting using the address as recorded for a user that has an
362 # address which is case insensitively unique
363 assert_difference('ActionMailer::Base.deliveries.size', 1) do
364 post :lost_password, :user => { :email => users(:public_user).email }
366 assert_response :redirect
367 assert_redirected_to :action => :login
368 assert_match /^Sorry you lost it/, flash[:notice]
369 assert_equal users(:public_user).email, ActionMailer::Base.deliveries.last.to[0]
371 # Test resetting using an address that matches a user that has the
372 # same (case insensitively unique) address in a different case
373 assert_difference('ActionMailer::Base.deliveries.size', 1) do
374 post :lost_password, :user => { :email => users(:public_user).email.upcase }
376 assert_response :redirect
377 assert_redirected_to :action => :login
378 assert_match /^Sorry you lost it/, flash[:notice]
379 assert_equal users(:public_user).email, ActionMailer::Base.deliveries.last.to[0]
383 # Get a user to work with - note that this user deliberately
384 # conflicts with uppercase_user in the email and display name
385 # fields to test that we can change other fields without any
386 # validation errors being reported
387 user = users(:normal_user)
389 # Set the username cookie
390 @request.cookies["_osm_username"] = user.display_name
392 # Make sure that you are redirected to the login page when
393 # you are not logged in
394 get :account, { :display_name => user.display_name }
395 assert_response :redirect
396 assert_redirected_to :controller => :user, :action => "login", :referer => "/user/test/account"
398 # Make sure that you are redirected to the login page when
399 # you are not logged in as the right user
400 get :account, { :display_name => user.display_name }, { "user" => users(:public_user).id }
401 assert_response :redirect
402 assert_redirected_to :controller => :user, :action => "login", :referer => "/user/test/account"
404 # Make sure we get the page when we are logged in as the right user
405 get :account, { :display_name => user.display_name }, { "user" => user }
406 assert_response :success
407 assert_template :account
409 # Updating the description should work
410 user.description = "new description"
411 post :account, { :display_name => user.display_name, :user => user.attributes }, { "user" => user.id }
412 assert_response :success
413 assert_template :account
414 assert_select "div#errorExplanation", false
415 assert_select "div#notice", /^User information updated successfully/
416 assert_select "table#accountForm > tr > td > div#user_description_container > div#user_description_content > textarea#user_description", user.description
418 # Changing name to one that exists should fail
419 user.display_name = users(:public_user).display_name
420 post :account, { :display_name => user.display_name, :user => user.attributes }, { "user" => user.id }
421 assert_response :success
422 assert_template :account
423 assert_select "div#notice", false
424 assert_select "div#errorExplanation"
425 assert_select "table#accountForm > tr > td > div[class=field_with_errors] > input#user_display_name"
427 # Changing name to one that exists should fail, regardless of case
428 user.display_name = users(:public_user).display_name.upcase
429 post :account, { :display_name => user.display_name, :user => user.attributes }, { "user" => user.id }
430 assert_response :success
431 assert_template :account
432 assert_select "div#notice", false
433 assert_select "div#errorExplanation"
434 assert_select "table#accountForm > tr > td > div[class=field_with_errors] > input#user_display_name"
436 # Changing name to one that doesn't exist should work
437 user.display_name = "new tester"
438 post :account, { :display_name => user.display_name, :user => user.attributes }, { "user" => user.id }
439 assert_response :success
440 assert_template :account
441 assert_select "div#errorExplanation", false
442 assert_select "div#notice", /^User information updated successfully/
443 assert_select "table#accountForm > tr > td > input#user_display_name[value=?]", user.display_name
445 # Need to update cookies now to stay valid
446 @request.cookies["_osm_username"] = user.display_name
448 # Changing email to one that exists should fail
449 user.new_email = users(:public_user).email
450 post :account, { :display_name => user.display_name, :user => user.attributes }, { "user" => user.id }
451 assert_response :success
452 assert_template :account
453 assert_select "div#notice", false
454 assert_select "div#errorExplanation"
455 assert_select "table#accountForm > tr > td > div[class=field_with_errors] > input#user_new_email"
457 # Changing email to one that exists should fail, regardless of case
458 user.new_email = users(:public_user).email.upcase
459 post :account, { :display_name => user.display_name, :user => user.attributes }, { "user" => user.id }
460 assert_response :success
461 assert_template :account
462 assert_select "div#notice", false
463 assert_select "div#errorExplanation"
464 assert_select "table#accountForm > tr > td > div[class=field_with_errors] > input#user_new_email"
466 # Changing email to one that doesn't exist should work
467 user.new_email = "new_tester@example.com"
468 post :account, { :display_name => user.display_name, :user => user.attributes }, { "user" => user.id }
469 assert_response :success
470 assert_template :account
471 assert_select "div#errorExplanation", false
472 assert_select "div#notice", /^User information updated successfully/
473 assert_select "table#accountForm > tr > td > input#user_new_email[value=?]", user.new_email
476 # Check that the user account page will display and contains some relevant
477 # information for the user
478 def test_user_view_account
479 # Test a non-existent user
480 get :view, {:display_name => "unknown"}
481 assert_response :not_found
484 get :view, {:display_name => "test"}
485 assert_response :success
486 assert_select "div#userinformation" do
487 assert_select "a[href=/user/test/edits]", 1
488 assert_select "a[href=/user/test/traces]", 1
489 assert_select "a[href=/user/test/diary]", 1
490 assert_select "a[href=/user/test/diary/comments]", 1
491 assert_select "a[href=/user/test/account]", 0
492 assert_select "a[href=/user/test/blocks]", 0
493 assert_select "a[href=/user/test/blocks_by]", 0
494 assert_select "a[href=/blocks/new/test]", 0
497 # Test a user who has been blocked
498 get :view, {:display_name => "blocked"}
499 assert_response :success
500 assert_select "div#userinformation" do
501 assert_select "a[href=/user/blocked/edits]", 1
502 assert_select "a[href=/user/blocked/traces]", 1
503 assert_select "a[href=/user/blocked/diary]", 1
504 assert_select "a[href=/user/blocked/diary/comments]", 1
505 assert_select "a[href=/user/blocked/account]", 0
506 assert_select "a[href=/user/blocked/blocks]", 1
507 assert_select "a[href=/user/blocked/blocks_by]", 0
508 assert_select "a[href=/blocks/new/blocked]", 0
511 # Test a moderator who has applied blocks
512 get :view, {:display_name => "moderator"}
513 assert_response :success
514 assert_select "div#userinformation" do
515 assert_select "a[href=/user/moderator/edits]", 1
516 assert_select "a[href=/user/moderator/traces]", 1
517 assert_select "a[href=/user/moderator/diary]", 1
518 assert_select "a[href=/user/moderator/diary/comments]", 1
519 assert_select "a[href=/user/moderator/account]", 0
520 assert_select "a[href=/user/moderator/blocks]", 0
521 assert_select "a[href=/user/moderator/blocks_by]", 1
522 assert_select "a[href=/blocks/new/moderator]", 0
525 # Login as a normal user
526 session[:user] = users(:normal_user).id
527 cookies["_osm_username"] = users(:normal_user).display_name
529 # Test the normal user
530 get :view, {:display_name => "test"}
531 assert_response :success
532 assert_select "div#userinformation" do
533 assert_select "a[href=/user/test/edits]", 1
534 assert_select "a[href=/traces/mine]", 1
535 assert_select "a[href=/user/test/diary]", 1
536 assert_select "a[href=/user/test/diary/comments]", 1
537 assert_select "a[href=/user/test/account]", 1
538 assert_select "a[href=/user/test/blocks]", 0
539 assert_select "a[href=/user/test/blocks_by]", 0
540 assert_select "a[href=/blocks/new/test]", 0
543 # Login as a moderator
544 session[:user] = users(:moderator_user).id
545 cookies["_osm_username"] = users(:moderator_user).display_name
547 # Test the normal user
548 get :view, {:display_name => "test"}
549 assert_response :success
550 assert_select "div#userinformation" do
551 assert_select "a[href=/user/test/edits]", 1
552 assert_select "a[href=/user/test/traces]", 1
553 assert_select "a[href=/user/test/diary]", 1
554 assert_select "a[href=/user/test/diary/comments]", 1
555 assert_select "a[href=/user/test/account]", 0
556 assert_select "a[href=/user/test/blocks]", 0
557 assert_select "a[href=/user/test/blocks_by]", 0
558 assert_select "a[href=/blocks/new/test]", 1
562 def test_user_api_read
563 # check that a visible user is returned properly
564 get :api_read, :id => users(:normal_user).id
565 assert_response :success
567 # check that we aren't revealing private information
568 assert_select "contributor-terms[pd]", false
569 assert_select "home", false
570 assert_select "languages", false
572 # check that a suspended user is not returned
573 get :api_read, :id => users(:suspended_user).id
574 assert_response :gone
576 # check that a deleted user is not returned
577 get :api_read, :id => users(:deleted_user).id
578 assert_response :gone
580 # check that a non-existent user is not returned
581 get :api_read, :id => 0
582 assert_response :not_found
585 def test_user_api_details
587 assert_response :unauthorized
589 basic_authorization(users(:normal_user).email, "test")
591 assert_response :success
594 def test_user_make_friend
595 # Get users to work with
596 user = users(:normal_user)
597 friend = users(:second_public_user)
599 # Check that the users aren't already friends
600 assert_nil Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
602 # Set the username cookie
603 @request.cookies["_osm_username"] = user.display_name
605 # When not logged in a GET should ask us to login
606 get :make_friend, {:display_name => friend.display_name}
607 assert_redirected_to :controller => :user, :action => "login", :referer => make_friend_path(:display_name => friend.display_name)
609 # When not logged in a POST should error
610 post :make_friend, {:display_name => friend.display_name}
611 assert_response :forbidden
612 assert_nil Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
614 # When logged in a GET should get a confirmation page
615 get :make_friend, {:display_name => friend.display_name}, {"user" => user}
616 assert_response :success
617 assert_template :make_friend
618 assert_select "form" do
619 assert_select "input[type=hidden][name=referer]", 0
620 assert_select "input[type=submit]", 1
622 assert_nil Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
624 # The GET should preserve any referer
625 get :make_friend, {:display_name => friend.display_name, :referer => "/test"}, {"user" => user}
626 assert_response :success
627 assert_template :make_friend
628 assert_select "form" do
629 assert_select "input[type=hidden][name=referer][value=/test]", 1
630 assert_select "input[type=submit]", 1
632 assert_nil Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
634 # When logged in a POST should add the friendship
635 post :make_friend, {:display_name => friend.display_name}, {"user" => user}
636 assert_redirected_to user_path(:display_name => friend.display_name)
637 assert_match /is now your friend/, flash[:notice]
638 assert Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
640 # A second POST should report that the friendship already exists
641 post :make_friend, {:display_name => friend.display_name}, {"user" => user}
642 assert_redirected_to user_path(:display_name => friend.display_name)
643 assert_match /You are already friends with/, flash[:warning]
644 assert Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
647 def test_user_remove_friend
648 # Get users to work with
649 user = users(:normal_user)
650 friend = users(:public_user)
652 # Check that the users are friends
653 assert Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
655 # Set the username cookie
656 @request.cookies["_osm_username"] = user.display_name
658 # When not logged in a GET should ask us to login
659 get :remove_friend, {:display_name => friend.display_name}
660 assert_redirected_to :controller => :user, :action => "login", :referer => remove_friend_path(:display_name => friend.display_name)
662 # When not logged in a POST should error
663 post :remove_friend, {:display_name => friend.display_name}
664 assert_response :forbidden
665 assert Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
667 # When logged in a GET should get a confirmation page
668 get :remove_friend, {:display_name => friend.display_name}, {"user" => user}
669 assert_response :success
670 assert_template :remove_friend
671 assert_select "form" do
672 assert_select "input[type=hidden][name=referer]", 0
673 assert_select "input[type=submit]", 1
675 assert Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
677 # The GET should preserve any referer
678 get :remove_friend, {:display_name => friend.display_name, :referer => "/test"}, {"user" => user}
679 assert_response :success
680 assert_template :remove_friend
681 assert_select "form" do
682 assert_select "input[type=hidden][name=referer][value=/test]", 1
683 assert_select "input[type=submit]", 1
685 assert Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
687 # When logged in a POST should remove the friendship
688 post :remove_friend, {:display_name => friend.display_name}, {"user" => user}
689 assert_redirected_to user_path(:display_name => friend.display_name)
690 assert_match /was removed from your friends/, flash[:notice]
691 assert_nil Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
693 # A second POST should report that the friendship does not exist
694 post :remove_friend, {:display_name => friend.display_name}, {"user" => user}
695 assert_redirected_to user_path(:display_name => friend.display_name)
696 assert_match /is not one of your friends/, flash[:error]
697 assert_nil Friend.where(:user_id => user.id, :friend_user_id => friend.id).first