+ def test_terms_cant_be_circumvented
+ with_terms_seen(true) do
+ user = users(:terms_not_seen_user)
+
+ # try to log in
+ get_via_redirect "/login"
+ assert_response :success
+ assert_template "user/login"
+ post "/login", :username => user.email, :password => "test", :referer => "/diary/new"
+ assert_response :redirect
+ # but now we need to look at the terms
+ assert_redirected_to :controller => :user, :action => :terms, :referer => "/diary/new"
+
+ # check that if we go somewhere else now, it redirects
+ # back to the terms page.
+ get "/traces/mine"
+ assert_redirected_to :controller => :user, :action => :terms, :referer => "/traces/mine"
+ get "/traces/mine", :referer => "/diary/new"
+ assert_redirected_to :controller => :user, :action => :terms, :referer => "/diary/new"
+ end
+ end
+
+ private
+
+ def auth_header(user, pass)
+ { "HTTP_AUTHORIZATION" => format("Basic %s", Base64.encode64("#{user}:#{pass}")) }
+ end