-
Notifications
You must be signed in to change notification settings - Fork 5.5k
/
Copy pathlockable_test.rb
227 lines (172 loc) · 7.45 KB
/
lockable_test.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
# frozen_string_literal: true
require 'test_helper'
class LockTest < Devise::IntegrationTest
def visit_user_unlock_with_token(unlock_token)
visit user_unlock_path(unlock_token: unlock_token)
end
def send_unlock_request
user = create_user(locked: true)
ActionMailer::Base.deliveries.clear
visit new_user_session_path
click_link "Didn't receive unlock instructions?"
Devise.stubs(:friendly_token).returns("abcdef")
fill_in 'email', with: user.email
click_button 'Resend unlock instructions'
end
test 'user should be able to request a new unlock token' do
send_unlock_request
assert_template 'sessions/new'
assert_contain 'You will receive an email with instructions for how to unlock your account in a few minutes'
mail = ActionMailer::Base.deliveries.last
assert_equal 1, ActionMailer::Base.deliveries.size
assert_equal ['[email protected]'], mail.from
assert_match user_unlock_path(unlock_token: 'abcdef'), mail.body.encoded
end
test 'user should receive the instructions from a custom mailer' do
User.any_instance.stubs(:devise_mailer).returns(Users::Mailer)
send_unlock_request
assert_equal ['[email protected]'], ActionMailer::Base.deliveries.first.from
end
test 'unlocked user should not be able to request a unlock token' do
user = create_user(locked: false)
ActionMailer::Base.deliveries.clear
visit new_user_session_path
click_link "Didn't receive unlock instructions?"
fill_in 'email', with: user.email
click_button 'Resend unlock instructions'
assert_template 'unlocks/new'
assert_contain 'not locked'
assert_equal 0, ActionMailer::Base.deliveries.size
end
test 'unlocked pages should not be available if email strategy is disabled' do
visit "/admin_area/sign_in"
assert_raise Webrat::NotFoundError do
click_link "Didn't receive unlock instructions?"
end
assert_raise NameError do
visit new_admin_unlock_path
end
assert_raise ActionController::RoutingError do
visit "/admin_area/unlock/new"
end
end
test 'user with invalid unlock token should not be able to unlock an account' do
visit_user_unlock_with_token('invalid_token')
assert_response :success
assert_current_url '/users/unlock?unlock_token=invalid_token'
assert_have_selector '#error_explanation'
assert_contain %r{Unlock token(.*)invalid}
end
test "locked user should be able to unlock account" do
user = create_user
raw = user.lock_access!
visit_user_unlock_with_token(raw)
assert_current_url "/users/sign_in"
assert_contain 'Your account has been unlocked successfully. Please sign in to continue.'
assert_not user.reload.access_locked?
end
test "user should not send a new e-mail if already locked" do
user = create_user(locked: true)
user.failed_attempts = User.maximum_attempts + 1
user.save!
ActionMailer::Base.deliveries.clear
sign_in_as_user(password: "invalid")
assert_contain 'Your account is locked.'
assert_empty ActionMailer::Base.deliveries
end
test 'error message is configurable by resource name' do
store_translations en: { devise: { failure: { user: { locked: "You are locked!"} } } } do
user = create_user(locked: true)
user.failed_attempts = User.maximum_attempts + 1
user.save!
sign_in_as_user(password: "invalid")
assert_contain "You are locked!"
end
end
test "user should not be able to sign in when locked" do
store_translations en: { devise: { failure: { user: { locked: "You are locked!"} } } } do
user = create_user(locked: true)
user.failed_attempts = User.maximum_attempts + 1
user.save!
sign_in_as_user(password: "123456")
assert_contain "You are locked!"
end
end
test 'user should be able to request a new unlock token via JSON request and should return empty and valid response' do
user = create_user(locked: true)
ActionMailer::Base.deliveries.clear
post user_unlock_path(format: 'json'), params: { user: {email: user.email} }
assert_response :success
assert_equal({}.to_json, response.body)
assert_equal 1, ActionMailer::Base.deliveries.size
end
test 'unlocked user should not be able to request a unlock token via JSON request' do
user = create_user(locked: false)
ActionMailer::Base.deliveries.clear
post user_unlock_path(format: 'json'), params: { user: {email: user.email} }
assert_response :unprocessable_entity
assert_includes response.body, '{"errors":{'
assert_equal 0, ActionMailer::Base.deliveries.size
end
test 'user with valid unlock token should be able to unlock account via JSON request' do
user = create_user()
raw = user.lock_access!
assert user.access_locked?
get user_unlock_path(format: 'json', unlock_token: raw)
assert_response :success
assert_includes response.body, '{"user":{'
end
test 'user with invalid unlock token should not be able to unlock the account via JSON request' do
get user_unlock_path(format: 'json', unlock_token: 'invalid_token')
assert_response :unprocessable_entity
assert_includes response.body, '{"unlock_token":['
end
test "in paranoid mode, when trying to unlock a user that exists it should not say that it exists if it is locked" do
swap Devise, paranoid: true do
user = create_user(locked: true)
visit new_user_session_path
click_link "Didn't receive unlock instructions?"
fill_in 'email', with: user.email
click_button 'Resend unlock instructions'
assert_current_url "/users/sign_in"
assert_contain "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
end
end
test "in paranoid mode, when trying to unlock a user that exists it should not say that it exists if it is not locked" do
swap Devise, paranoid: true do
user = create_user(locked: false)
visit new_user_session_path
click_link "Didn't receive unlock instructions?"
fill_in 'email', with: user.email
click_button 'Resend unlock instructions'
assert_current_url "/users/sign_in"
assert_contain "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
end
end
test "in paranoid mode, when trying to unlock a user that does not exists it should not say that it does not exists" do
swap Devise, paranoid: true do
visit new_user_session_path
click_link "Didn't receive unlock instructions?"
fill_in 'email', with: "[email protected]"
click_button 'Resend unlock instructions'
assert_not_contain "1 error prohibited this user from being saved:"
assert_not_contain "Email not found"
assert_current_url "/users/sign_in"
assert_contain "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
end
end
test "in paranoid mode, when locking a user that exists it should not say that the user was locked" do
swap Devise, paranoid: true, maximum_attempts: 1 do
user = create_user(locked: false)
visit new_user_session_path
fill_in 'email', with: user.email
fill_in 'password', with: "abadpassword"
click_button 'Log in'
fill_in 'email', with: user.email
fill_in 'password', with: "abadpassword"
click_button 'Log in'
assert_current_url "/users/sign_in"
assert_not_contain "locked"
end
end
end