forked from dennisreimann/masq
-
Notifications
You must be signed in to change notification settings - Fork 1
/
server_controller_test.rb
111 lines (95 loc) · 4.05 KB
/
server_controller_test.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
require 'test_helper'
module Masq
class ServerControllerTest < ActionController::TestCase
fixtures :accounts, :personas
def test_should_redirect_to_safe_login_page_if_untrusted_domain
login_as(:standard)
post :index, checkid_request_params
assert_redirected_to safe_login_path
assert_not_nil request.session[:return_to]
assert_not_nil request.session[:request_token]
end
def test_should_redirect_to_login_page_if_trusted_domain
login_as(:standard)
domain = Masq::Engine.config.masq['trusted_domains'].first
post :index, checkid_request_params.merge('openid.trust_root' => "http://#{domain}/", 'openid.realm' => "http://#{domain}/", 'openid.return_to' => "http://#{domain}/return")
assert_redirected_to login_path
assert_not_nil request.session[:return_to]
assert_not_nil request.session[:request_token]
end
def test_should_save_site_if_user_chose_to_trust_always
fake_checkid_request(:standard)
assert_difference('Site.count', 1) do
post :complete, :always => 1,
:site => {
:persona_id => personas(:public).id,
:url => checkid_request_params['openid.trust_root'],
:properties => valid_properties }
end
assert_response :redirect
assert_match(checkid_request_params['openid.return_to'], response.redirect_url)
assert_match(/mode=id_res/, response.redirect_url)
end
def test_should_not_save_site_if_user_chose_to_trust_temporary
fake_checkid_request(:standard)
assert_no_difference('Site.count') do
post :complete, :temporary => 1,
:site => valid_site_attributes.merge(:properties => valid_properties)
end
assert_response :redirect
assert_match checkid_request_params['openid.return_to'], response.redirect_url
assert_match /mode=id_res/, response.redirect_url
end
def test_should_redirect_to_openid_cancel_url_if_user_chose_to_cancel
fake_checkid_request(:standard)
post :complete, :cancel => 1
assert_response :redirect
assert_match(checkid_request_params['openid.return_to'], response.redirect_url)
assert_match(/mode=cancel/, response.redirect_url)
end
def test_should_ask_user_to_login_if_claimed_id_does_not_belong_to_current_account
login_as(:standard)
id_url = "http://notmine.com"
post :index, checkid_request_params.merge('openid.identity' => id_url, 'openid.claimed_id' => id_url)
assert_redirected_to safe_login_path
assert_not_nil request.session[:return_to]
assert_not_nil request.session[:request_token]
end
def test_should_clear_old_request_when_recieving_a_new_one
fake_checkid_request(:standard)
token_for_first_request = request.session[:request_token]
assert token_for_first_request
post :index
assert_not_equal request.session[:request_token], token_for_first_request
assert_nil OpenIdRequest.find_by_token(token_for_first_request)
end
def test_should_directly_answer_incoming_associate_requests
post :index, associate_request_params
assert_response :success
assert_match 'assoc_handle', response.body
assert_match 'assoc_type', response.body
assert_match 'session_type', response.body
assert_match 'expires_in', response.body
end
def test_should_require_login_for_proceed
get :proceed
assert_login_required
end
def test_should_require_login_for_decide
get :decide
assert_login_required
end
def test_should_require_login_for_complete
get :complete
assert_login_required
end
private
# Takes the name of an account fixture for which to fake the request
def fake_checkid_request(account)
login_as account
id_url = identity_url(accounts(account), :host => Masq::Engine.config.masq['host'])
openid_params = checkid_request_params.merge('openid.identity' => id_url, 'openid.claimed_id' => id_url)
request.session[:request_token] = OpenIdRequest.create(:parameters => openid_params).token
end
end
end