X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/452879ee03951f017ef356f47bda79a7fc7b3cf4..5add2d7e1d1d365e80d1d4ef417ff249ca7f35c0:/test/integration/user_terms_seen_test.rb diff --git a/test/integration/user_terms_seen_test.rb b/test/integration/user_terms_seen_test.rb index f9c266ba0..46db48388 100644 --- a/test/integration/user_terms_seen_test.rb +++ b/test/integration/user_terms_seen_test.rb @@ -1,49 +1,67 @@ -require File.dirname(__FILE__) + '/../test_helper' +require "test_helper" -class UserTermsSeenTest < ActionController::IntegrationTest - fixtures :users +class UserTermsSeenTest < ActionDispatch::IntegrationTest + def test_api_blocked + user = create(:user, :terms_seen => false, :terms_agreed => nil) - def auth_header(user, pass) - {"HTTP_AUTHORIZATION" => "Basic %s" % Base64.encode64("#{user}:#{pass}")} + get "/api/#{Settings.api_version}/user/preferences", :headers => auth_header(user.display_name, "test") + assert_response :forbidden + + # touch it so that the user has seen the terms + user.terms_seen = true + user.save + + get "/api/#{Settings.api_version}/user/preferences", :headers => auth_header(user.display_name, "test") + assert_response :success end - def test_api_blocked - if REQUIRE_TERMS_SEEN - user = users(:terms_not_seen_user) + def test_terms_presented_at_login + user = create(:user, :terms_seen => false, :terms_agreed => nil) - get "/api/#{API_VERSION}/user/details", nil, auth_header(user.display_name, "test") - assert_response :forbidden + # try to log in + get "/login" + follow_redirect! + assert_response :success + assert_template "sessions/new" + post "/login", :params => { :username => user.email, :password => "test", :referer => "/diary/new" } + # but now we need to look at the terms + assert_redirected_to :controller => :users, :action => :terms, :referer => "/diary/new" + follow_redirect! + assert_response :success - # touch it so that the user has seen the terms - user.terms_seen = true - user.save + # don't agree to the terms, but hit decline + post "/user/save", :params => { :decline => true, :referer => "/diary/new" } + assert_redirected_to "/diary/new" + follow_redirect! - get "/api/#{API_VERSION}/user/details", nil, auth_header(user.display_name, "test") - assert_response :success - end + # should be carried through to a normal login with a message + assert_response :success + assert_not flash[:notice].nil? end - def test_terms_presented_at_login - if REQUIRE_TERMS_SEEN - user = users(:terms_not_seen_user) - - # try to log in - get_via_redirect "/login" - assert_response :success - assert_template 'user/login' - post "/login", {'user[email]' => user.email, 'user[password]' => 'test', :referer => "/"} - assert_response :redirect - # but now we need to look at the terms - assert_redirected_to "controller" => "user", "action" => "terms", :referer => "/" - follow_redirect! - assert_response :success - - # don't agree to the terms, but hit decline - - # should be carried through to a normal login - end + def test_terms_cant_be_circumvented + user = create(:user, :terms_seen => false, :terms_agreed => nil) + + # try to log in + get "/login" + follow_redirect! + assert_response :success + assert_template "sessions/new" + post "/login", :params => { :username => user.email, :password => "test", :referer => "/diary/new" } + # but now we need to look at the terms + assert_redirected_to :controller => :users, :action => :terms, :referer => "/diary/new" + + # check that if we go somewhere else now, it redirects + # back to the terms page. + get "/traces/mine" + assert_redirected_to :controller => :users, :action => :terms, :referer => "/traces/mine" + get "/traces/mine", :params => { :referer => "/diary/new" } + assert_redirected_to :controller => :users, :action => :terms, :referer => "/diary/new" end -end + private - + def auth_header(user, pass) + { "HTTP_AUTHORIZATION" => format("Basic %s", :auth => Base64.encode64("#{user}:#{pass}")) } + end +end