3 class UserTermsSeenTest < ActionDispatch::IntegrationTest
9 with_terms_seen(true) do
10 user = create(:user, :terms_seen => false)
12 get "/api/#{API_VERSION}/user/preferences", :headers => auth_header(user.display_name, "test")
13 assert_response :forbidden
15 # touch it so that the user has seen the terms
16 user.terms_seen = true
19 get "/api/#{API_VERSION}/user/preferences", :headers => auth_header(user.display_name, "test")
20 assert_response :success
24 def test_terms_presented_at_login
25 with_terms_seen(true) do
26 user = create(:user, :terms_seen => false)
31 assert_response :success
32 assert_template "user/login"
33 post "/login", :params => { :username => user.email, :password => "test", :referer => "/diary/new" }
34 assert_response :redirect
35 # but now we need to look at the terms
36 assert_redirected_to :controller => :user, :action => :terms, :referer => "/diary/new"
38 assert_response :success
40 # don't agree to the terms, but hit decline
41 post "/user/save", :params => { :decline => true, :referer => "/diary/new" }
42 assert_redirected_to "/diary/new"
45 # should be carried through to a normal login with a message
46 assert_response :success
47 assert !flash[:notice].nil?
51 def test_terms_cant_be_circumvented
52 with_terms_seen(true) do
53 user = create(:user, :terms_seen => false)
58 assert_response :success
59 assert_template "user/login"
60 post "/login", :params => { :username => user.email, :password => "test", :referer => "/diary/new" }
61 assert_response :redirect
62 # but now we need to look at the terms
63 assert_redirected_to :controller => :user, :action => :terms, :referer => "/diary/new"
65 # check that if we go somewhere else now, it redirects
66 # back to the terms page.
68 assert_redirected_to :controller => :user, :action => :terms, :referer => "/traces/mine"
69 get "/traces/mine", :params => { :referer => "/diary/new" }
70 assert_redirected_to :controller => :user, :action => :terms, :referer => "/diary/new"
76 def auth_header(user, pass)
77 { "HTTP_AUTHORIZATION" => format("Basic %s", Base64.encode64("#{user}:#{pass}")) }
80 def with_terms_seen(value)
81 require_terms_seen = Object.send("remove_const", "REQUIRE_TERMS_SEEN")
82 Object.const_set("REQUIRE_TERMS_SEEN", value)
86 Object.send("remove_const", "REQUIRE_TERMS_SEEN")
87 Object.const_set("REQUIRE_TERMS_SEEN", require_terms_seen)