Redmine 3.4.4

2018-02-02 22:19:29 +01:00 · 2018-02-02 22:19:29 +01:00 · 64924a6376
commit 64924a6376
2112 changed files with 259028 additions and 0 deletions
--- a/test/integration/sessions_test.rb
+++ b/test/integration/sessions_test.rb
@ -0,0 +1,99 @@
+# Redmine - project management software
+# Copyright (C) 2006-2017  Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+require File.expand_path('../../test_helper', __FILE__)
+
+class SessionsTest < Redmine::IntegrationTest
+  fixtures :users, :email_addresses, :roles
+
+  def setup
+    Rails.application.config.redmine_verify_sessions = true
+  end
+
+  def teardown
+    Rails.application.config.redmine_verify_sessions = false
+  end
+
+  def test_change_password_kills_sessions
+    log_user('jsmith', 'jsmith')
+
+    jsmith = User.find(2)
+    jsmith.password = "somenewpassword"
+    jsmith.save!
+
+    get '/my/account'
+    assert_response 302
+    assert flash[:error].match(/Your session has expired/)
+  end
+
+  def test_lock_user_kills_sessions
+    log_user('jsmith', 'jsmith')
+
+    jsmith = User.find(2)
+    assert jsmith.lock!
+    assert jsmith.activate!
+
+    get '/my/account'
+    assert_response 302
+    assert flash[:error].match(/Your session has expired/)
+  end
+
+  def test_update_user_does_not_kill_sessions
+    log_user('jsmith', 'jsmith')
+
+    jsmith = User.find(2)
+    jsmith.firstname = 'Robert'
+    jsmith.save!
+
+    get '/my/account'
+    assert_response 200
+  end
+
+  def test_change_password_generates_a_new_token_for_current_session
+    log_user('jsmith', 'jsmith')
+    assert_not_nil token = session[:tk]
+
+    get '/my/password'
+    assert_response 200
+    post '/my/password', :params => {
+        :password => 'jsmith',
+        :new_password => 'secret123',
+        :new_password_confirmation => 'secret123'
+      }
+    assert_response 302
+    assert_not_equal token, session[:tk]
+
+    get '/my/account'
+    assert_response 200
+  end
+
+  def test_simultaneous_sessions_should_be_valid
+    first = open_session do |session|
+      session.post "/login", :params => {:username => 'jsmith', :password => 'jsmith'}
+    end
+    other = open_session do |session|
+      session.post "/login", :params => {:username => 'jsmith', :password => 'jsmith'}
+    end
+
+    first.get '/my/account'
+    assert_equal 200, first.response.response_code
+    first.post '/logout'
+
+    other.get '/my/account'
+    assert_equal 200, other.response.response_code
+  end
+end