]> git.openstreetmap.org Git - rails.git/blob - test/integration/user_blocks_test.rb
Bounding boxes are sanitised on creation now
[rails.git] / test / integration / user_blocks_test.rb
1 require File.dirname(__FILE__) + '/../test_helper'
2
3 class UserBlocksTest < ActionController::IntegrationTest
4   fixtures :users, :user_blocks, :user_roles
5
6   def auth_header(user, pass)
7     {"HTTP_AUTHORIZATION" => "Basic %s" % Base64.encode64("#{user}:#{pass}")}
8   end
9
10   def test_api_blocked
11     blocked_user = users(:public_user)
12
13     get "/api/#{API_VERSION}/user/details"
14     assert_response :unauthorized
15
16     get "/api/#{API_VERSION}/user/details", nil, auth_header(blocked_user.display_name, "test")
17     assert_response :success
18
19     # now block the user
20     UserBlock.create(:user_id => blocked_user.id,
21                      :creator_id => users(:moderator_user).id,
22                      :reason => "testing",
23                      :ends_at => Time.now.getutc + 5.minutes)
24     get "/api/#{API_VERSION}/user/details", nil, auth_header(blocked_user.display_name, "test")
25     assert_response :forbidden
26   end
27
28   def test_api_revoke
29     blocked_user = users(:public_user)
30     moderator = users(:moderator_user)
31
32     block = UserBlock.create(:user_id => blocked_user.id,
33                              :creator_id => moderator.id,
34                              :reason => "testing",
35                              :ends_at => Time.now.getutc + 5.minutes)
36     get "/api/#{API_VERSION}/user/details", nil, auth_header(blocked_user.display_name, "test")
37     assert_response :forbidden
38
39     # revoke the ban
40     get '/login'
41     assert_response :success
42     post '/login', {'username' => moderator.email, 'password' => "test", :referer => "/blocks/#{block.id}/revoke"}
43     assert_response :redirect
44     follow_redirect!
45     assert_response :success
46     assert_template 'user_blocks/revoke'
47     post "/blocks/#{block.id}/revoke", {'confirm' => "yes"}
48     assert_response :redirect
49     follow_redirect!
50     assert_response :success
51     assert_template 'user_blocks/show'
52     reset!
53
54     # access the API again. this time it should work
55     get "/api/#{API_VERSION}/user/details", nil, auth_header(blocked_user.display_name, "test")
56     assert_response :success
57   end
58 end