cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove the _osm_username cookie and session validation logic

Browse source 
This was a temporary hack to workaround issues with sessions getting
mixed up at the time of the rails 3.1 upgrade, but logs indicate that
whatever the original problem was it is no longer occurring.
This commit is contained in:
Tom Hughes 2013-11-17 21:52:04 +00:00
parent ad368d189f
commit 41e45bad51
10 changed files with 21 additions and 151 deletions
Download patch file Download diff file Expand all files Collapse all files

18
test/functional/diary_entry_controller_test.rb
View file

@ -86,8 +86,6 @@ class DiaryEntryControllerTest < ActionController::TestCase
end
def test_showing_new_diary_entry
@request.cookies["_osm_username"] = users(:normal_user).display_name
get :new
assert_response :redirect
assert_redirected_to :controller => :user, :action => "login", :referer => "/diary/new"
@ -125,7 +123,6 @@ class DiaryEntryControllerTest < ActionController::TestCase
end
def test_editing_diary_entry
@request.cookies["_osm_username"] = users(:normal_user).display_name
entry = diary_entries(:normal_user_entry_1)
# Make sure that you are redirected to the login page when you are
@ -217,8 +214,6 @@ class DiaryEntryControllerTest < ActionController::TestCase
end
end
@request.cookies["_osm_username"] = users(:public_user).display_name
# and when not logged in as the user who wrote the entry
get :view, {:display_name => entry.user.display_name, :id => entry.id}, {'user' => entry.user.id}
assert_response :success
@ -251,16 +246,12 @@ class DiaryEntryControllerTest < ActionController::TestCase
end
def test_edit_diary_entry_i18n
@request.cookies["_osm_username"] = users(:normal_user).display_name
get :edit, {:display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_entry_1).id}, {'user' => users(:normal_user).id}
assert_response :success
assert_select "span[class=translation_missing]", false, "Missing translation in edit diary entry"
end
def test_create_diary_entry
@request.cookies["_osm_username"] = users(:normal_user).display_name
# Make sure that you are redirected to the login page when you
# are not logged in
get :new
@ -320,7 +311,6 @@ class DiaryEntryControllerTest < ActionController::TestCase
end
def test_creating_diary_comment
@request.cookies["_osm_username"] = users(:public_user).display_name
entry = diary_entries(:normal_user_entry_1)
# Make sure that you are denied when you are not logged in
@ -472,16 +462,12 @@ class DiaryEntryControllerTest < ActionController::TestCase
assert_response :forbidden
assert_equal true, DiaryEntry.find(diary_entries(:normal_user_entry_1).id).visible
@request.cookies["_osm_username"] = users(:normal_user).display_name
# Now try as a normal user
post :hide, {:display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_entry_1).id}, {:user => users(:normal_user).id}
assert_response :redirect
assert_redirected_to :action => :view, :display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_entry_1).id
assert_equal true, DiaryEntry.find(diary_entries(:normal_user_entry_1).id).visible
@request.cookies["_osm_username"] = users(:administrator_user).display_name
# Finally try as an administrator
post :hide, {:display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_entry_1).id}, {:user => users(:administrator_user).id}
assert_response :redirect
@ -495,16 +481,12 @@ class DiaryEntryControllerTest < ActionController::TestCase
assert_response :forbidden
assert_equal true, DiaryComment.find(diary_comments(:comment_for_geo_post).id).visible
@request.cookies["_osm_username"] = users(:normal_user).display_name
# Now try as a normal user
post :hidecomment, {:display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_geo_entry).id, :comment => diary_comments(:comment_for_geo_post).id}, {:user => users(:normal_user).id}
assert_response :redirect
assert_redirected_to :action => :view, :display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_geo_entry).id
assert_equal true, DiaryComment.find(diary_comments(:comment_for_geo_post).id).visible
@request.cookies["_osm_username"] = users(:administrator_user).display_name
# Finally try as an administrator
post :hidecomment, {:display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_geo_entry).id, :comment => diary_comments(:comment_for_geo_post).id}, {:user => users(:administrator_user).id}
assert_response :redirect