3 class UsersControllerTest < ActionDispatch::IntegrationTest
5 # test all routes which lead to this controller
8 { :path => "/user/new", :method => :get },
9 { :controller => "users", :action => "new" }
13 { :path => "/user/new", :method => :post },
14 { :controller => "users", :action => "create" }
18 { :path => "/user/terms", :method => :get },
19 { :controller => "users", :action => "terms" }
23 { :path => "/user/save", :method => :post },
24 { :controller => "users", :action => "save" }
28 { :path => "/user/go_public", :method => :post },
29 { :controller => "users", :action => "go_public" }
33 { :path => "/user/suspended", :method => :get },
34 { :controller => "users", :action => "suspended" }
38 { :path => "/user/username", :method => :get },
39 { :controller => "users", :action => "show", :display_name => "username" }
43 { :path => "/user/username/account", :method => :get },
44 { :controller => "users", :action => "account", :display_name => "username" }
47 { :path => "/user/username/account", :method => :post },
48 { :controller => "users", :action => "account", :display_name => "username" }
52 { :path => "/user/username/set_status", :method => :post },
53 { :controller => "users", :action => "set_status", :display_name => "username" }
56 { :path => "/user/username", :method => :delete },
57 { :controller => "users", :action => "destroy", :display_name => "username" }
61 { :path => "/users", :method => :get },
62 { :controller => "users", :action => "index" }
65 { :path => "/users", :method => :post },
66 { :controller => "users", :action => "index" }
69 { :path => "/users/status", :method => :get },
70 { :controller => "users", :action => "index", :status => "status" }
73 { :path => "/users/status", :method => :post },
74 { :controller => "users", :action => "index", :status => "status" }
78 # The user creation page loads
81 assert_response :redirect
82 assert_redirected_to user_new_path(:cookie_test => "true")
84 get user_new_path, :params => { :cookie_test => "true" }
85 assert_response :success
87 assert_select "html", :count => 1 do
88 assert_select "head", :count => 1 do
89 assert_select "title", :text => /Sign Up/, :count => 1
91 assert_select "body", :count => 1 do
92 assert_select "div#content", :count => 1 do
93 assert_select "form[action='/user/new'][method='post']", :count => 1 do
94 assert_select "input[id='user_email']", :count => 1
95 assert_select "input[id='user_email_confirmation']", :count => 1
96 assert_select "input[id='user_display_name']", :count => 1
97 assert_select "input[id='user_pass_crypt'][type='password']", :count => 1
98 assert_select "input[id='user_pass_crypt_confirmation'][type='password']", :count => 1
99 assert_select "input[type='submit'][value='Sign Up']", :count => 1
106 def test_new_view_logged_in
107 session_for(create(:user))
110 assert_response :redirect
111 assert_redirected_to root_path
113 get user_new_path, :params => { :referer => "/test" }
114 assert_response :redirect
115 assert_redirected_to "/test"
119 user = build(:user, :pending)
121 assert_no_difference "User.count" do
122 assert_no_difference "ActionMailer::Base.deliveries.size" do
123 perform_enqueued_jobs do
124 post user_new_path, :params => { :user => user.attributes }
129 assert_difference "User.count", 1 do
130 assert_difference "ActionMailer::Base.deliveries.size", 1 do
131 perform_enqueued_jobs do
132 post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
138 register_email = ActionMailer::Base.deliveries.first
140 assert_equal register_email.to[0], user.email
141 assert_match(/#{@url}/, register_email.body.to_s)
144 assert_redirected_to :controller => :confirmations, :action => :confirm, :display_name => user.display_name
146 ActionMailer::Base.deliveries.clear
149 def test_new_duplicate_email
150 user = build(:user, :pending)
151 create(:user, :email => user.email)
153 assert_no_difference "User.count" do
154 assert_no_difference "ActionMailer::Base.deliveries.size" do
155 perform_enqueued_jobs do
156 post user_new_path, :params => { :user => user.attributes }
161 assert_response :success
162 assert_template "new"
163 assert_select "form > div.form-group > input.is-invalid#user_email"
166 def test_save_duplicate_email
167 user = build(:user, :pending)
169 # Set up our user as being half-way through registration
170 assert_no_difference "User.count" do
171 assert_no_difference "ActionMailer::Base.deliveries.size" do
172 perform_enqueued_jobs do
173 post user_new_path, :params => { :user => user.attributes }
178 # Now create another user with that email
179 create(:user, :email => user.email)
181 # Check that the second half of registration fails
182 assert_no_difference "User.count" do
183 assert_no_difference "ActionMailer::Base.deliveries.size" do
184 perform_enqueued_jobs do
185 post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
190 assert_response :success
191 assert_template "new"
192 assert_select "form > div.form-group > input.is-invalid#user_email"
195 def test_save_duplicate_email_uppercase
196 user = build(:user, :pending)
198 # Set up our user as being half-way through registration
199 assert_no_difference "User.count" do
200 assert_no_difference "ActionMailer::Base.deliveries.size" do
201 perform_enqueued_jobs do
202 post user_new_path, :params => { :user => user.attributes }
207 # Now create another user with that email, but uppercased
208 create(:user, :email => user.email.upcase)
210 # Check that the second half of registration fails
211 assert_no_difference "User.count" do
212 assert_no_difference "ActionMailer::Base.deliveries.size" do
213 perform_enqueued_jobs do
214 post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
219 assert_response :success
220 assert_template "new"
221 assert_select "form > div.form-group > input.is-invalid#user_email"
224 def test_save_duplicate_name
225 user = build(:user, :pending)
227 # Set up our user as being half-way through registration
228 assert_no_difference "User.count" do
229 assert_no_difference "ActionMailer::Base.deliveries.size" do
230 perform_enqueued_jobs do
231 post user_new_path, :params => { :user => user.attributes }
236 # Now create another user with that display name
237 create(:user, :display_name => user.display_name)
239 # Check that the second half of registration fails
240 assert_no_difference "User.count" do
241 assert_no_difference "ActionMailer::Base.deliveries.size" do
242 perform_enqueued_jobs do
243 post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
248 assert_response :success
249 assert_template "new"
250 assert_select "form > div.form-group > input.is-invalid#user_display_name"
253 def test_save_duplicate_name_uppercase
254 user = build(:user, :pending)
256 # Set up our user as being half-way through registration
257 assert_no_difference "User.count" do
258 assert_no_difference "ActionMailer::Base.deliveries.size" do
259 perform_enqueued_jobs do
260 post user_new_path, :params => { :user => user.attributes }
265 # Now create another user with that display_name, but uppercased
266 create(:user, :display_name => user.display_name.upcase)
268 # Check that the second half of registration fails
269 assert_no_difference "User.count" do
270 assert_no_difference "ActionMailer::Base.deliveries.size" do
271 perform_enqueued_jobs do
272 post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
277 assert_response :success
278 assert_template "new"
279 assert_select "form > div.form-group > input.is-invalid#user_display_name"
282 def test_save_blocked_domain
283 user = build(:user, :pending, :email => "user@example.net")
285 # Set up our user as being half-way through registration
286 assert_no_difference "User.count" do
287 assert_no_difference "ActionMailer::Base.deliveries.size" do
288 perform_enqueued_jobs do
289 post user_new_path, :params => { :user => user.attributes }
294 # Now block that domain
295 create(:acl, :domain => "example.net", :k => "no_account_creation")
297 # Check that the second half of registration fails
298 assert_no_difference "User.count" do
299 assert_no_difference "ActionMailer::Base.deliveries.size" do
300 perform_enqueued_jobs do
301 post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
306 assert_response :success
307 assert_template "blocked"
310 def test_save_referer_params
311 user = build(:user, :pending)
313 # Set up our user as being half-way through registration
314 assert_no_difference "User.count" do
315 assert_no_difference "ActionMailer::Base.deliveries.size" do
316 perform_enqueued_jobs do
317 post user_new_path, :params => { :user => user.attributes, :referer => "/edit?editor=id#map=1/2/3" }
322 assert_difference "User.count", 1 do
323 assert_difference "ActionMailer::Base.deliveries.size", 1 do
324 perform_enqueued_jobs do
325 post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
330 assert_equal welcome_path(:editor => "id", :zoom => 1, :lat => 2, :lon => 3),
331 User.find_by(:email => user.email).tokens.order("id DESC").first.referer
333 ActionMailer::Base.deliveries.clear
336 def test_terms_new_user
337 user = build(:user, :pending)
339 # Set up our user as being half-way through registration
340 assert_no_difference "User.count" do
341 assert_no_difference "ActionMailer::Base.deliveries.size" do
342 perform_enqueued_jobs do
343 post user_new_path, :params => { :user => user.attributes }
350 assert_response :success
351 assert_template :terms
354 def test_terms_agreed
355 user = create(:user, :terms_seen => true, :terms_agreed => Date.yesterday)
360 assert_response :redirect
361 assert_redirected_to :action => :account, :display_name => user.display_name
364 def test_terms_not_seen_without_referer
365 user = create(:user, :terms_seen => false, :terms_agreed => nil)
370 assert_response :success
371 assert_template :terms
373 post user_save_path, :params => { :user => { :consider_pd => true }, :read_ct => 1, :read_tou => 1 }
374 assert_response :redirect
375 assert_redirected_to :action => :account, :display_name => user.display_name
376 assert_equal "Thanks for accepting the new contributor terms!", flash[:notice]
380 assert user.consider_pd
381 assert_not_nil user.terms_agreed
382 assert user.terms_seen
385 def test_terms_not_seen_with_referer
386 user = create(:user, :terms_seen => false, :terms_agreed => nil)
390 get user_terms_path, :params => { :referer => "/test" }
391 assert_response :success
392 assert_template :terms
394 post user_save_path, :params => { :user => { :consider_pd => true }, :referer => "/test", :read_ct => 1, :read_tou => 1 }
395 assert_response :redirect
396 assert_redirected_to "/test"
397 assert_equal "Thanks for accepting the new contributor terms!", flash[:notice]
401 assert user.consider_pd
402 assert_not_nil user.terms_agreed
403 assert user.terms_seen
406 # Check that if you haven't seen the terms, and make a request that requires authentication,
407 # that your request is redirected to view the terms
408 def test_terms_not_seen_redirection
409 user = create(:user, :terms_seen => false, :terms_agreed => nil)
412 get user_account_path(user)
413 assert_response :redirect
414 assert_redirected_to :action => :terms, :referer => "/user/#{ERB::Util.u(user.display_name)}/account"
417 def test_terms_not_logged_in
420 assert_redirected_to login_path(:referer => "/user/terms")
424 user = create(:user, :data_public => false)
427 post user_go_public_path
429 assert_response :redirect
430 assert_redirected_to :action => :account, :display_name => user.display_name
431 assert User.find(user.id).data_public
435 # Get a user to work with - note that this user deliberately
436 # conflicts with uppercase_user in the email and display name
437 # fields to test that we can change other fields without any
438 # validation errors being reported
439 user = create(:user, :languages => [])
440 _uppercase_user = build(:user, :email => user.email.upcase, :display_name => user.display_name.upcase).tap { |u| u.save(:validate => false) }
442 # Make sure that you are redirected to the login page when
443 # you are not logged in
444 get user_account_path(user)
445 assert_response :redirect
446 assert_redirected_to login_path(:referer => "/user/#{ERB::Util.u(user.display_name)}/account")
448 # Make sure that you are blocked when not logged in as the right user
449 session_for(create(:user))
450 get user_account_path(user)
451 assert_response :forbidden
453 # Make sure we get the page when we are logged in as the right user
455 get user_account_path(user)
456 assert_response :success
457 assert_template :account
458 assert_select "form#accountForm" do |form|
459 assert_equal "post", form.attr("method").to_s
460 assert_select "input[name='_method']", false
461 assert_equal "/user/#{ERB::Util.u(user.display_name)}/account", form.attr("action").to_s
464 # Updating the description using GET should fail
465 user.description = "new description"
466 user.preferred_editor = "default"
467 get user_account_path(user), :params => { :user => user.attributes }
468 assert_response :success
469 assert_template :account
470 assert_not_equal user.description, User.find(user.id).description
472 # Adding external authentication should redirect to the auth provider
473 post user_account_path(user), :params => { :user => user.attributes.merge(:auth_provider => "openid", :auth_uid => "gmail.com") }
474 assert_response :redirect
475 assert_redirected_to auth_path(:provider => "openid", :openid_url => "https://www.google.com/accounts/o8/id", :origin => "/user/#{ERB::Util.u(user.display_name)}/account")
477 # Changing name to one that exists should fail
478 new_attributes = user.attributes.dup.merge(:display_name => create(:user).display_name)
479 post user_account_path(user), :params => { :user => new_attributes }
480 assert_response :success
481 assert_template :account
482 assert_select ".notice", false
483 assert_select "form#accountForm > div.form-group > input.is-invalid#user_display_name"
485 # Changing name to one that exists should fail, regardless of case
486 new_attributes = user.attributes.dup.merge(:display_name => create(:user).display_name.upcase)
487 post user_account_path(user), :params => { :user => new_attributes }
488 assert_response :success
489 assert_template :account
490 assert_select ".notice", false
491 assert_select "form#accountForm > div.form-group > input.is-invalid#user_display_name"
493 # Changing name to one that doesn't exist should work
494 new_attributes = user.attributes.dup.merge(:display_name => "new tester")
495 post user_account_path(user), :params => { :user => new_attributes }
496 assert_response :redirect
497 assert_redirected_to user_account_url(:display_name => "new tester")
498 get user_account_path(:display_name => "new tester")
499 assert_response :success
500 assert_template :account
501 assert_select ".notice", /^User information updated successfully/
502 assert_select "form#accountForm > div.form-group > input#user_display_name[value=?]", "new tester"
504 # Record the change of name
505 user.display_name = "new tester"
507 # Changing email to one that exists should fail
508 user.new_email = create(:user).email
509 assert_no_difference "ActionMailer::Base.deliveries.size" do
510 perform_enqueued_jobs do
511 post user_account_path(user), :params => { :user => user.attributes }
514 assert_response :success
515 assert_template :account
516 assert_select ".notice", false
517 assert_select "form#accountForm > div.form-group > input.is-invalid#user_new_email"
519 # Changing email to one that exists should fail, regardless of case
520 user.new_email = create(:user).email.upcase
521 assert_no_difference "ActionMailer::Base.deliveries.size" do
522 perform_enqueued_jobs do
523 post user_account_path(user), :params => { :user => user.attributes }
526 assert_response :success
527 assert_template :account
528 assert_select ".notice", false
529 assert_select "form#accountForm > div.form-group > input.is-invalid#user_new_email"
531 # Changing email to one that doesn't exist should work
532 user.new_email = "new_tester@example.com"
533 assert_difference "ActionMailer::Base.deliveries.size", 1 do
534 perform_enqueued_jobs do
535 post user_account_path(user), :params => { :user => user.attributes }
538 assert_response :redirect
539 assert_redirected_to user_account_url(user)
540 get user_account_path(user)
541 assert_response :success
542 assert_template :account
543 assert_select ".notice", /^User information updated successfully/
544 assert_select "form#accountForm > div.form-group > input#user_new_email[value=?]", user.new_email
545 email = ActionMailer::Base.deliveries.first
546 assert_equal 1, email.to.count
547 assert_equal user.new_email, email.to.first
548 ActionMailer::Base.deliveries.clear
551 # Check that the user account page will display and contains some relevant
552 # information for the user
554 # Test a non-existent user
555 get user_path(:display_name => "unknown")
556 assert_response :not_found
562 assert_response :success
563 assert_select "div.content-heading" do
564 assert_select "a[href^='/user/#{ERB::Util.u(user.display_name)}/history']", 1
565 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/traces']", 1
566 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/diary']", 1
567 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/diary/comments']", 1
568 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/account']", 0
569 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/blocks']", 0
570 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/blocks_by']", 0
571 assert_select "a[href='/blocks/new/#{ERB::Util.u(user.display_name)}']", 0
574 # Friends shouldn't be visible as we're not logged in
575 assert_select "div#friends-container", :count => 0
577 # Test a user who has been blocked
578 blocked_user = create(:user)
579 create(:user_block, :user => blocked_user)
580 get user_path(blocked_user)
581 assert_response :success
582 assert_select "div.content-heading" do
583 assert_select "a[href^='/user/#{ERB::Util.u(blocked_user.display_name)}/history']", 1
584 assert_select "a[href='/user/#{ERB::Util.u(blocked_user.display_name)}/traces']", 1
585 assert_select "a[href='/user/#{ERB::Util.u(blocked_user.display_name)}/diary']", 1
586 assert_select "a[href='/user/#{ERB::Util.u(blocked_user.display_name)}/diary/comments']", 1
587 assert_select "a[href='/user/#{ERB::Util.u(blocked_user.display_name)}/account']", 0
588 assert_select "a[href='/user/#{ERB::Util.u(blocked_user.display_name)}/blocks']", 1
589 assert_select "a[href='/user/#{ERB::Util.u(blocked_user.display_name)}/blocks_by']", 0
590 assert_select "a[href='/blocks/new/#{ERB::Util.u(blocked_user.display_name)}']", 0
593 # Test a moderator who has applied blocks
594 moderator_user = create(:moderator_user)
595 create(:user_block, :creator => moderator_user)
596 get user_path(moderator_user)
597 assert_response :success
598 assert_select "div.content-heading" do
599 assert_select "a[href^='/user/#{ERB::Util.u(moderator_user.display_name)}/history']", 1
600 assert_select "a[href='/user/#{ERB::Util.u(moderator_user.display_name)}/traces']", 1
601 assert_select "a[href='/user/#{ERB::Util.u(moderator_user.display_name)}/diary']", 1
602 assert_select "a[href='/user/#{ERB::Util.u(moderator_user.display_name)}/diary/comments']", 1
603 assert_select "a[href='/user/#{ERB::Util.u(moderator_user.display_name)}/account']", 0
604 assert_select "a[href='/user/#{ERB::Util.u(moderator_user.display_name)}/blocks']", 0
605 assert_select "a[href='/user/#{ERB::Util.u(moderator_user.display_name)}/blocks_by']", 1
606 assert_select "a[href='/blocks/new/#{ERB::Util.u(moderator_user.display_name)}']", 0
609 # Login as a normal user
612 # Test the normal user
614 assert_response :success
615 assert_select "div.content-heading" do
616 assert_select "a[href^='/user/#{ERB::Util.u(user.display_name)}/history']", 1
617 assert_select "a[href='/traces/mine']", 1
618 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/diary']", 1
619 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/diary/comments']", 1
620 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/account']", 1
621 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/blocks']", 0
622 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/blocks_by']", 0
623 assert_select "a[href='/blocks/new/#{ERB::Util.u(user.display_name)}']", 0
626 # Login as a moderator
627 session_for(create(:moderator_user))
629 # Test the normal user
631 assert_response :success
632 assert_select "div.content-heading" do
633 assert_select "a[href^='/user/#{ERB::Util.u(user.display_name)}/history']", 1
634 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/traces']", 1
635 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/diary']", 1
636 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/diary/comments']", 1
637 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/account']", 0
638 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/blocks']", 0
639 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/blocks_by']", 0
640 assert_select "a[href='/blocks/new/#{ERB::Util.u(user.display_name)}']", 1
644 # Test whether information about contributor terms is shown for users who haven't agreed
645 def test_terms_not_agreed
646 agreed_user = create(:user, :terms_agreed => 3.days.ago)
647 seen_user = create(:user, :terms_seen => true, :terms_agreed => nil)
648 not_seen_user = create(:user, :terms_seen => false, :terms_agreed => nil)
650 get user_path(agreed_user)
651 assert_response :success
652 assert_select "div.content-heading" do
653 assert_select "dt", :count => 0, :text => /Contributor terms/
656 get user_path(seen_user)
657 assert_response :success
659 assert_select "div.content-heading" do
660 assert_select "dt", :count => 1, :text => /Contributor terms/
661 assert_select "dd", /Declined/
664 get user_path(not_seen_user)
665 assert_response :success
666 assert_select "div.content-heading" do
667 assert_select "dt", :count => 1, :text => /Contributor terms/
668 assert_select "dd", /Undecided/
675 # Try without logging in
676 post set_status_user_path(user), :params => { :status => "suspended" }
677 assert_response :forbidden
679 # Now try as a normal user
681 post set_status_user_path(user), :params => { :status => "suspended" }
682 assert_response :redirect
683 assert_redirected_to :controller => :errors, :action => :forbidden
685 # Finally try as an administrator
686 session_for(create(:administrator_user))
687 post set_status_user_path(user), :params => { :status => "suspended" }
688 assert_response :redirect
689 assert_redirected_to :action => :show, :display_name => user.display_name
690 assert_equal "suspended", User.find(user.id).status
694 user = create(:user, :home_lat => 12.1, :home_lon => 12.1, :description => "test")
696 # Try without logging in
697 delete user_path(user), :params => { :status => "suspended" }
698 assert_response :forbidden
700 # Now try as a normal user
702 delete user_path(user), :params => { :status => "suspended" }
703 assert_response :redirect
704 assert_redirected_to :controller => :errors, :action => :forbidden
706 # Finally try as an administrator
707 session_for(create(:administrator_user))
708 delete user_path(user), :params => { :status => "suspended" }
709 assert_response :redirect
710 assert_redirected_to :action => :show, :display_name => user.display_name
712 # Check that the user was deleted properly
714 assert_equal "user_#{user.id}", user.display_name
715 assert_equal "", user.description
716 assert_nil user.home_lat
717 assert_nil user.home_lon
718 assert_not user.avatar.attached?
719 assert_not user.email_valid
720 assert_nil user.new_email
721 assert_nil user.auth_provider
722 assert_nil user.auth_uid
723 assert_equal "deleted", user.status
728 moderator_user = create(:moderator_user)
729 administrator_user = create(:administrator_user)
730 _suspended_user = create(:user, :suspended)
731 _ip_user = create(:user, :creation_ip => "1.2.3.4")
733 # There are now 7 users - the five above, plus two extra "granters" for the
734 # moderator_user and administrator_user
735 assert_equal 7, User.count
737 # Shouldn't work when not logged in
739 assert_response :redirect
740 assert_redirected_to login_path(:referer => users_path)
744 # Shouldn't work when logged in as a normal user
746 assert_response :redirect
747 assert_redirected_to :controller => :errors, :action => :forbidden
749 session_for(moderator_user)
751 # Shouldn't work when logged in as a moderator
753 assert_response :redirect
754 assert_redirected_to :controller => :errors, :action => :forbidden
756 session_for(administrator_user)
758 # Note there is a header row, so all row counts are users + 1
759 # Should work when logged in as an administrator
761 assert_response :success
762 assert_template :index
763 assert_select "table#user_list tr", :count => 7 + 1
765 # Should be able to limit by status
766 get users_path, :params => { :status => "suspended" }
767 assert_response :success
768 assert_template :index
769 assert_select "table#user_list tr", :count => 1 + 1
771 # Should be able to limit by IP address
772 get users_path, :params => { :ip => "1.2.3.4" }
773 assert_response :success
774 assert_template :index
775 assert_select "table#user_list tr", :count => 1 + 1
778 def test_index_get_paginated
779 1.upto(100).each do |n|
780 User.create(:display_name => "extra_#{n}",
781 :email => "extra#{n}@example.com",
782 :pass_crypt => "extraextra")
785 session_for(create(:administrator_user))
787 # 100 examples, an administrator, and a granter for the admin.
788 assert_equal 102, User.count
791 assert_response :success
792 assert_template :index
793 assert_select "table#user_list tr", :count => 51
795 get users_path, :params => { :page => 2 }
796 assert_response :success
797 assert_template :index
798 assert_select "table#user_list tr", :count => 51
800 get users_path, :params => { :page => 3 }
801 assert_response :success
802 assert_template :index
803 assert_select "table#user_list tr", :count => 3
806 def test_index_post_confirm
807 inactive_user = create(:user, :pending)
808 suspended_user = create(:user, :suspended)
810 # Shouldn't work when not logged in
811 assert_no_difference "User.active.count" do
812 post users_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
814 assert_response :forbidden
816 assert_equal "pending", inactive_user.reload.status
817 assert_equal "suspended", suspended_user.reload.status
819 session_for(create(:user))
821 # Shouldn't work when logged in as a normal user
822 assert_no_difference "User.active.count" do
823 post users_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
825 assert_response :redirect
826 assert_redirected_to :controller => :errors, :action => :forbidden
827 assert_equal "pending", inactive_user.reload.status
828 assert_equal "suspended", suspended_user.reload.status
830 session_for(create(:moderator_user))
832 # Shouldn't work when logged in as a moderator
833 assert_no_difference "User.active.count" do
834 post users_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
836 assert_response :redirect
837 assert_redirected_to :controller => :errors, :action => :forbidden
838 assert_equal "pending", inactive_user.reload.status
839 assert_equal "suspended", suspended_user.reload.status
841 session_for(create(:administrator_user))
843 # Should work when logged in as an administrator
844 assert_difference "User.active.count", 2 do
845 post users_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
847 assert_response :redirect
848 assert_redirected_to :action => :index
849 assert_equal "confirmed", inactive_user.reload.status
850 assert_equal "confirmed", suspended_user.reload.status
853 def test_index_post_hide
854 normal_user = create(:user)
855 confirmed_user = create(:user, :confirmed)
857 # Shouldn't work when not logged in
858 assert_no_difference "User.active.count" do
859 post users_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
861 assert_response :forbidden
863 assert_equal "active", normal_user.reload.status
864 assert_equal "confirmed", confirmed_user.reload.status
866 session_for(create(:user))
868 # Shouldn't work when logged in as a normal user
869 assert_no_difference "User.active.count" do
870 post users_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
872 assert_response :redirect
873 assert_redirected_to :controller => :errors, :action => :forbidden
874 assert_equal "active", normal_user.reload.status
875 assert_equal "confirmed", confirmed_user.reload.status
877 session_for(create(:moderator_user))
879 # Shouldn't work when logged in as a moderator
880 assert_no_difference "User.active.count" do
881 post users_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
883 assert_response :redirect
884 assert_redirected_to :controller => :errors, :action => :forbidden
885 assert_equal "active", normal_user.reload.status
886 assert_equal "confirmed", confirmed_user.reload.status
888 session_for(create(:administrator_user))
890 # Should work when logged in as an administrator
891 assert_difference "User.active.count", -2 do
892 post users_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
894 assert_response :redirect
895 assert_redirected_to :action => :index
896 assert_equal "deleted", normal_user.reload.status
897 assert_equal "deleted", confirmed_user.reload.status
900 def test_auth_failure_callback
901 get auth_failure_path
902 assert_response :redirect
903 assert_redirected_to login_path
905 get auth_failure_path, :params => { :origin => "/" }
906 assert_response :redirect
907 assert_redirected_to root_path
909 get auth_failure_path, :params => { :origin => "http://www.google.com" }
910 assert_response :redirect
911 assert_redirected_to login_path