Remove the _osm_username cookie and session validation logic
This was a temporary hack to workaround issues with sessions getting mixed up at the time of the rails 3.1 upgrade, but logs indicate that whatever the original problem was it is no longer occurring.
This commit is contained in:
Tom Hughes
parent
ad368d189f
commit
41e45bad51
10 changed files with 21 additions and 151 deletions
|
|
@ -9,11 +9,7 @@ class ApplicationController < ActionController::Base
|
|||
if session[:user]
|
||||
@user = User.where(:id => session[:user]).where("status IN ('active', 'confirmed', 'suspended')").first
|
||||
|
||||
if @user.display_name != cookies["_osm_username"]
|
||||
logger.info "Session user '#{@user.display_name}' does not match cookie user '#{cookies['_osm_username']}'"
|
||||
reset_session
|
||||
@user = nil
|
||||
elsif @user.status == "suspended"
|
||||
if @user.status == "suspended"
|
||||
session.delete(:user)
|
||||
session_expires_automatically
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ class UserController < ApplicationController
|
|||
before_filter :authorize_web, :except => [:api_read, :api_details, :api_gpx_files]
|
||||
before_filter :set_locale, :except => [:api_read, :api_details, :api_gpx_files]
|
||||
before_filter :require_user, :only => [:account, :go_public, :make_friend, :remove_friend]
|
||||
before_filter :require_self, :only => [:account]
|
||||
before_filter :check_database_readable, :except => [:login, :api_read, :api_details, :api_gpx_files]
|
||||
before_filter :check_database_writable, :only => [:new, :account, :confirm, :confirm_email, :lost_password, :reset_password, :go_public, :make_friend, :remove_friend]
|
||||
before_filter :check_api_readable, :only => [:api_read, :api_details, :api_gpx_files]
|
||||
|
|
@ -338,7 +339,6 @@ class UserController < ApplicationController
|
|||
token.destroy
|
||||
|
||||
session[:user] = user.id
|
||||
cookies.permanent["_osm_username"] = user.display_name
|
||||
|
||||
redirect_to referer || welcome_path
|
||||
end
|
||||
|
|
@ -377,7 +377,6 @@ class UserController < ApplicationController
|
|||
end
|
||||
token.destroy
|
||||
session[:user] = @user.id
|
||||
cookies.permanent["_osm_username"] = @user.display_name
|
||||
redirect_to :action => 'account', :display_name => @user.display_name
|
||||
else
|
||||
flash[:error] = t 'user.confirm_email.failure'
|
||||
|
|
@ -638,8 +637,6 @@ private
|
|||
##
|
||||
# process a successful login
|
||||
def successful_login(user)
|
||||
cookies.permanent["_osm_username"] = user.display_name
|
||||
|
||||
session[:user] = user.id
|
||||
session_expires_after 28.days if session[:remember_me]
|
||||
|
||||
|
|
@ -727,8 +724,6 @@ private
|
|||
if user.save
|
||||
set_locale
|
||||
|
||||
cookies.permanent["_osm_username"] = user.display_name
|
||||
|
||||
if user.new_email.blank? or user.new_email == user.email
|
||||
flash.now[:notice] = t 'user.account.flash update success'
|
||||
else
|
||||
|
|
@ -769,6 +764,14 @@ private
|
|||
end
|
||||
end
|
||||
|
||||
##
|
||||
# require that the user in the URL is the logged in user
|
||||
def require_self
|
||||
if params[:display_name] != @user.display_name
|
||||
render :text => "", :status => :forbidden
|
||||
end
|
||||
end
|
||||
|
||||
##
|
||||
# ensure that there is a "this_user" instance variable
|
||||
def lookup_user_by_id
|
||||
|
|
|
|||
|
|
@ -86,8 +86,6 @@ class DiaryEntryControllerTest < ActionController::TestCase
|
|||
end
|
||||
|
||||
def test_showing_new_diary_entry
|
||||
@request.cookies["_osm_username"] = users(:normal_user).display_name
|
||||
|
||||
get :new
|
||||
assert_response :redirect
|
||||
assert_redirected_to :controller => :user, :action => "login", :referer => "/diary/new"
|
||||
|
|
@ -125,7 +123,6 @@ class DiaryEntryControllerTest < ActionController::TestCase
|
|||
end
|
||||
|
||||
def test_editing_diary_entry
|
||||
@request.cookies["_osm_username"] = users(:normal_user).display_name
|
||||
entry = diary_entries(:normal_user_entry_1)
|
||||
|
||||
# Make sure that you are redirected to the login page when you are
|
||||
|
|
@ -217,8 +214,6 @@ class DiaryEntryControllerTest < ActionController::TestCase
|
|||
end
|
||||
end
|
||||
|
||||
@request.cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
# and when not logged in as the user who wrote the entry
|
||||
get :view, {:display_name => entry.user.display_name, :id => entry.id}, {'user' => entry.user.id}
|
||||
assert_response :success
|
||||
|
|
@ -251,16 +246,12 @@ class DiaryEntryControllerTest < ActionController::TestCase
|
|||
end
|
||||
|
||||
def test_edit_diary_entry_i18n
|
||||
@request.cookies["_osm_username"] = users(:normal_user).display_name
|
||||
|
||||
get :edit, {:display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_entry_1).id}, {'user' => users(:normal_user).id}
|
||||
assert_response :success
|
||||
assert_select "span[class=translation_missing]", false, "Missing translation in edit diary entry"
|
||||
end
|
||||
|
||||
def test_create_diary_entry
|
||||
@request.cookies["_osm_username"] = users(:normal_user).display_name
|
||||
|
||||
# Make sure that you are redirected to the login page when you
|
||||
# are not logged in
|
||||
get :new
|
||||
|
|
@ -320,7 +311,6 @@ class DiaryEntryControllerTest < ActionController::TestCase
|
|||
end
|
||||
|
||||
def test_creating_diary_comment
|
||||
@request.cookies["_osm_username"] = users(:public_user).display_name
|
||||
entry = diary_entries(:normal_user_entry_1)
|
||||
|
||||
# Make sure that you are denied when you are not logged in
|
||||
|
|
@ -472,16 +462,12 @@ class DiaryEntryControllerTest < ActionController::TestCase
|
|||
assert_response :forbidden
|
||||
assert_equal true, DiaryEntry.find(diary_entries(:normal_user_entry_1).id).visible
|
||||
|
||||
@request.cookies["_osm_username"] = users(:normal_user).display_name
|
||||
|
||||
# Now try as a normal user
|
||||
post :hide, {:display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_entry_1).id}, {:user => users(:normal_user).id}
|
||||
assert_response :redirect
|
||||
assert_redirected_to :action => :view, :display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_entry_1).id
|
||||
assert_equal true, DiaryEntry.find(diary_entries(:normal_user_entry_1).id).visible
|
||||
|
||||
@request.cookies["_osm_username"] = users(:administrator_user).display_name
|
||||
|
||||
# Finally try as an administrator
|
||||
post :hide, {:display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_entry_1).id}, {:user => users(:administrator_user).id}
|
||||
assert_response :redirect
|
||||
|
|
@ -495,16 +481,12 @@ class DiaryEntryControllerTest < ActionController::TestCase
|
|||
assert_response :forbidden
|
||||
assert_equal true, DiaryComment.find(diary_comments(:comment_for_geo_post).id).visible
|
||||
|
||||
@request.cookies["_osm_username"] = users(:normal_user).display_name
|
||||
|
||||
# Now try as a normal user
|
||||
post :hidecomment, {:display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_geo_entry).id, :comment => diary_comments(:comment_for_geo_post).id}, {:user => users(:normal_user).id}
|
||||
assert_response :redirect
|
||||
assert_redirected_to :action => :view, :display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_geo_entry).id
|
||||
assert_equal true, DiaryComment.find(diary_comments(:comment_for_geo_post).id).visible
|
||||
|
||||
@request.cookies["_osm_username"] = users(:administrator_user).display_name
|
||||
|
||||
# Finally try as an administrator
|
||||
post :hidecomment, {:display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_geo_entry).id, :comment => diary_comments(:comment_for_geo_post).id}, {:user => users(:administrator_user).id}
|
||||
assert_response :redirect
|
||||
|
|
|
|||
|
|
@ -53,7 +53,6 @@ class MessageControllerTest < ActionController::TestCase
|
|||
|
||||
# Login as a normal user
|
||||
session[:user] = users(:normal_user).id
|
||||
cookies["_osm_username"] = users(:normal_user).display_name
|
||||
|
||||
# Check that the new message page loads
|
||||
get :new, :display_name => users(:public_user).display_name
|
||||
|
|
@ -106,7 +105,6 @@ class MessageControllerTest < ActionController::TestCase
|
|||
|
||||
# Login as the wrong user
|
||||
session[:user] = users(:second_public_user).id
|
||||
cookies["_osm_username"] = users(:second_public_user).display_name
|
||||
|
||||
# Check that we can't reply to somebody else's message
|
||||
get :reply, :message_id => messages(:unread_message).id
|
||||
|
|
@ -115,7 +113,6 @@ class MessageControllerTest < ActionController::TestCase
|
|||
|
||||
# Login as the right user
|
||||
session[:user] = users(:public_user).id
|
||||
cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
# Check that the message reply page loads
|
||||
get :reply, :message_id => messages(:unread_message).id
|
||||
|
|
@ -149,7 +146,6 @@ class MessageControllerTest < ActionController::TestCase
|
|||
|
||||
# Login as the wrong user
|
||||
session[:user] = users(:second_public_user).id
|
||||
cookies["_osm_username"] = users(:second_public_user).display_name
|
||||
|
||||
# Check that we can't read the message
|
||||
get :read, :message_id => messages(:unread_message).id
|
||||
|
|
@ -158,7 +154,6 @@ class MessageControllerTest < ActionController::TestCase
|
|||
|
||||
# Login as the message sender
|
||||
session[:user] = users(:normal_user).id
|
||||
cookies["_osm_username"] = users(:normal_user).display_name
|
||||
|
||||
# Check that the message sender can read the message
|
||||
get :read, :message_id => messages(:unread_message).id
|
||||
|
|
@ -168,7 +163,6 @@ class MessageControllerTest < ActionController::TestCase
|
|||
|
||||
# Login as the message recipient
|
||||
session[:user] = users(:public_user).id
|
||||
cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
# Check that the message recipient can read the message
|
||||
get :read, :message_id => messages(:unread_message).id
|
||||
|
|
@ -196,7 +190,6 @@ class MessageControllerTest < ActionController::TestCase
|
|||
|
||||
# Login
|
||||
session[:user] = users(:normal_user).id
|
||||
cookies["_osm_username"] = users(:normal_user).display_name
|
||||
|
||||
# Check that we can view our inbox when logged in
|
||||
get :inbox, :display_name => users(:normal_user).display_name
|
||||
|
|
@ -221,7 +214,6 @@ class MessageControllerTest < ActionController::TestCase
|
|||
|
||||
# Login
|
||||
session[:user] = users(:normal_user).id
|
||||
cookies["_osm_username"] = users(:normal_user).display_name
|
||||
|
||||
# Check that we can view our outbox when logged in
|
||||
get :outbox, :display_name => users(:normal_user).display_name
|
||||
|
|
@ -246,7 +238,6 @@ class MessageControllerTest < ActionController::TestCase
|
|||
|
||||
# Login as a user with no messages
|
||||
session[:user] = users(:second_public_user).id
|
||||
cookies["_osm_username"] = users(:second_public_user).display_name
|
||||
|
||||
# Check that marking a message we didn't send or receive fails
|
||||
post :mark, :message_id => messages(:read_message).id
|
||||
|
|
@ -255,7 +246,6 @@ class MessageControllerTest < ActionController::TestCase
|
|||
|
||||
# Login as the message recipient
|
||||
session[:user] = users(:public_user).id
|
||||
cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
# Check that the marking a message read works
|
||||
post :mark, :message_id => messages(:unread_message).id, :mark => "read"
|
||||
|
|
@ -299,7 +289,6 @@ class MessageControllerTest < ActionController::TestCase
|
|||
|
||||
# Login as a user with no messages
|
||||
session[:user] = users(:second_public_user).id
|
||||
cookies["_osm_username"] = users(:second_public_user).display_name
|
||||
|
||||
# Check that deleting a message we didn't send or receive fails
|
||||
post :delete, :message_id => messages(:read_message).id
|
||||
|
|
@ -308,7 +297,6 @@ class MessageControllerTest < ActionController::TestCase
|
|||
|
||||
# Login as the message recipient
|
||||
session[:user] = users(:normal_user).id
|
||||
cookies["_osm_username"] = users(:normal_user).display_name
|
||||
|
||||
# Check that the deleting a received message works
|
||||
post :delete, :message_id => messages(:read_message).id
|
||||
|
|
|
|||
|
|
@ -39,7 +39,6 @@ class RedactionsControllerTest < ActionController::TestCase
|
|||
|
||||
def test_moderators_can_create
|
||||
session[:user] = users(:moderator_user).id
|
||||
cookies["_osm_username"] = users(:moderator_user).display_name
|
||||
|
||||
post :create, :redaction => { :title => "Foo", :description => "Description here." }
|
||||
assert_response :redirect
|
||||
|
|
@ -48,7 +47,6 @@ class RedactionsControllerTest < ActionController::TestCase
|
|||
|
||||
def test_non_moderators_cant_create
|
||||
session[:user] = users(:public_user).id
|
||||
cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
post :create, :redaction => { :title => "Foo", :description => "Description here." }
|
||||
assert_response :forbidden
|
||||
|
|
@ -56,7 +54,6 @@ class RedactionsControllerTest < ActionController::TestCase
|
|||
|
||||
def test_moderators_can_delete_empty
|
||||
session[:user] = users(:moderator_user).id
|
||||
cookies["_osm_username"] = users(:moderator_user).display_name
|
||||
|
||||
# remove all elements from the redaction
|
||||
redaction = redactions(:example)
|
||||
|
|
@ -71,7 +68,6 @@ class RedactionsControllerTest < ActionController::TestCase
|
|||
|
||||
def test_moderators_cant_delete_nonempty
|
||||
session[:user] = users(:moderator_user).id
|
||||
cookies["_osm_username"] = users(:moderator_user).display_name
|
||||
|
||||
# leave elements in the redaction
|
||||
redaction = redactions(:example)
|
||||
|
|
@ -84,7 +80,6 @@ class RedactionsControllerTest < ActionController::TestCase
|
|||
|
||||
def test_non_moderators_cant_delete
|
||||
session[:user] = users(:public_user).id
|
||||
cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
delete :destroy, :id => redactions(:example).id
|
||||
assert_response :forbidden
|
||||
|
|
@ -92,7 +87,6 @@ class RedactionsControllerTest < ActionController::TestCase
|
|||
|
||||
def test_moderators_can_edit
|
||||
session[:user] = users(:moderator_user).id
|
||||
cookies["_osm_username"] = users(:moderator_user).display_name
|
||||
|
||||
get :edit, :id => redactions(:example).id
|
||||
assert_response :success
|
||||
|
|
@ -100,7 +94,6 @@ class RedactionsControllerTest < ActionController::TestCase
|
|||
|
||||
def test_non_moderators_cant_edit
|
||||
session[:user] = users(:public_user).id
|
||||
cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
get :edit, :id => redactions(:example).id
|
||||
assert_response :redirect
|
||||
|
|
@ -109,7 +102,6 @@ class RedactionsControllerTest < ActionController::TestCase
|
|||
|
||||
def test_moderators_can_update
|
||||
session[:user] = users(:moderator_user).id
|
||||
cookies["_osm_username"] = users(:moderator_user).display_name
|
||||
|
||||
redaction = redactions(:example)
|
||||
|
||||
|
|
@ -120,7 +112,6 @@ class RedactionsControllerTest < ActionController::TestCase
|
|||
|
||||
def test_non_moderators_cant_update
|
||||
session[:user] = users(:public_user).id
|
||||
cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
redaction = redactions(:example)
|
||||
|
||||
|
|
|
|||
|
|
@ -132,8 +132,6 @@ class SiteControllerTest < ActionController::TestCase
|
|||
|
||||
# test the right editor gets used when the user hasn't set a preference
|
||||
def test_edit_without_preference
|
||||
@request.cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
get(:edit, nil, { 'user' => users(:public_user).id })
|
||||
assert_response :success
|
||||
assert_template :partial => "_#{DEFAULT_EDITOR}", :count => 1
|
||||
|
|
@ -141,8 +139,6 @@ class SiteControllerTest < ActionController::TestCase
|
|||
|
||||
# and when they have...
|
||||
def test_edit_with_preference
|
||||
@request.cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
user = users(:public_user)
|
||||
user.preferred_editor = "potlatch"
|
||||
user.save!
|
||||
|
|
@ -161,8 +157,6 @@ class SiteControllerTest < ActionController::TestCase
|
|||
end
|
||||
|
||||
def test_edit_with_node
|
||||
@request.cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
user = users(:public_user)
|
||||
node = current_nodes(:visible_node)
|
||||
|
||||
|
|
@ -172,8 +166,6 @@ class SiteControllerTest < ActionController::TestCase
|
|||
end
|
||||
|
||||
def test_edit_with_way
|
||||
@request.cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
user = users(:public_user)
|
||||
way = current_ways(:visible_way)
|
||||
|
||||
|
|
@ -183,8 +175,6 @@ class SiteControllerTest < ActionController::TestCase
|
|||
end
|
||||
|
||||
def test_edit_with_gpx
|
||||
@request.cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
user = users(:public_user)
|
||||
gpx = gpx_files(:public_trace_file)
|
||||
|
||||
|
|
|
|||
|
|
@ -171,8 +171,6 @@ class TraceControllerTest < ActionController::TestCase
|
|||
|
||||
# Check that I can get mine
|
||||
def test_list_mine
|
||||
@request.cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
# First try to get it when not logged in
|
||||
get :mine
|
||||
assert_redirected_to :controller => 'user', :action => 'login', :referer => '/traces/mine'
|
||||
|
|
@ -196,14 +194,10 @@ class TraceControllerTest < ActionController::TestCase
|
|||
get :list, :display_name => users(:public_user).display_name
|
||||
check_trace_list users(:public_user).traces.public
|
||||
|
||||
@request.cookies["_osm_username"] = users(:normal_user).display_name
|
||||
|
||||
# Should still see only public ones when authenticated as another user
|
||||
get :list, {:display_name => users(:public_user).display_name}, {:user => users(:normal_user).id}
|
||||
check_trace_list users(:public_user).traces.public
|
||||
|
||||
@request.cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
# Should see all traces when authenticated as the target user
|
||||
get :list, {:display_name => users(:public_user).display_name}, {:user => users(:public_user).id}
|
||||
check_trace_list users(:public_user).traces
|
||||
|
|
@ -234,14 +228,10 @@ class TraceControllerTest < ActionController::TestCase
|
|||
get :view, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}
|
||||
check_trace_view gpx_files(:public_trace_file)
|
||||
|
||||
@request.cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
# Now with some other user, which should work since the trace is public
|
||||
get :view, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:public_user).id}
|
||||
check_trace_view gpx_files(:public_trace_file)
|
||||
|
||||
@request.cookies["_osm_username"] = users(:normal_user).display_name
|
||||
|
||||
# And finally we should be able to do it with the owner of the trace
|
||||
get :view, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:normal_user).id}
|
||||
check_trace_view gpx_files(:public_trace_file)
|
||||
|
|
@ -254,15 +244,11 @@ class TraceControllerTest < ActionController::TestCase
|
|||
assert_response :redirect
|
||||
assert_redirected_to :action => :list
|
||||
|
||||
@request.cookies["_osm_username"] = users(:normal_user).display_name
|
||||
|
||||
# Now with some other user, which should work since the trace is anon
|
||||
get :view, {:display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id}, {:user => users(:normal_user).id}
|
||||
assert_response :redirect
|
||||
assert_redirected_to :action => :list
|
||||
|
||||
@request.cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
# And finally we should be able to do it with the owner of the trace
|
||||
get :view, {:display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id}, {:user => users(:public_user).id}
|
||||
check_trace_view gpx_files(:anon_trace_file)
|
||||
|
|
@ -275,8 +261,6 @@ class TraceControllerTest < ActionController::TestCase
|
|||
assert_response :redirect
|
||||
assert_redirected_to :action => :list
|
||||
|
||||
@request.cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
# Now with some other user, which should work since the trace is public
|
||||
get :view, {:display_name => users(:public_user).display_name, :id => 0}, {:user => users(:public_user).id}
|
||||
assert_response :redirect
|
||||
|
|
@ -294,14 +278,10 @@ class TraceControllerTest < ActionController::TestCase
|
|||
get :data, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}
|
||||
check_trace_data gpx_files(:public_trace_file)
|
||||
|
||||
@request.cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
# Now with some other user, which should work since the trace is public
|
||||
get :data, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:public_user).id}
|
||||
check_trace_data gpx_files(:public_trace_file)
|
||||
|
||||
@request.cookies["_osm_username"] = users(:normal_user).display_name
|
||||
|
||||
# And finally we should be able to do it with the owner of the trace
|
||||
get :data, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:normal_user).id}
|
||||
check_trace_data gpx_files(:public_trace_file)
|
||||
|
|
@ -328,14 +308,10 @@ class TraceControllerTest < ActionController::TestCase
|
|||
get :data, {:display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id}
|
||||
assert_response :not_found
|
||||
|
||||
@request.cookies["_osm_username"] = users(:normal_user).display_name
|
||||
|
||||
# Now with some other user, which should work since the trace is anon
|
||||
get :data, {:display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id}, {:user => users(:normal_user).id}
|
||||
assert_response :not_found
|
||||
|
||||
@request.cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
# And finally we should be able to do it with the owner of the trace
|
||||
get :data, {:display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id}, {:user => users(:public_user).id}
|
||||
check_trace_data gpx_files(:anon_trace_file)
|
||||
|
|
@ -347,8 +323,6 @@ class TraceControllerTest < ActionController::TestCase
|
|||
get :data, {:display_name => users(:public_user).display_name, :id => 0}
|
||||
assert_response :not_found
|
||||
|
||||
@request.cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
# Now with some other user, which should work since the trace is public
|
||||
get :data, {:display_name => users(:public_user).display_name, :id => 0}, {:user => users(:public_user).id}
|
||||
assert_response :not_found
|
||||
|
|
@ -365,8 +339,6 @@ class TraceControllerTest < ActionController::TestCase
|
|||
assert_response :redirect
|
||||
assert_redirected_to :controller => :user, :action => :login, :referer => trace_edit_path(:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id)
|
||||
|
||||
@request.cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
# Now with some other user, which should fail
|
||||
get :edit, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:public_user).id}
|
||||
assert_response :forbidden
|
||||
|
|
@ -379,8 +351,6 @@ class TraceControllerTest < ActionController::TestCase
|
|||
get :edit, {:display_name => users(:public_user).display_name, :id => gpx_files(:deleted_trace_file).id}, {:user => users(:public_user).id}
|
||||
assert_response :not_found
|
||||
|
||||
@request.cookies["_osm_username"] = users(:normal_user).display_name
|
||||
|
||||
# Finally with a trace that we are allowed to edit
|
||||
get :edit, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:normal_user).id}
|
||||
assert_response :success
|
||||
|
|
@ -395,8 +365,6 @@ class TraceControllerTest < ActionController::TestCase
|
|||
post :edit, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id, :trace => new_details}
|
||||
assert_response :forbidden
|
||||
|
||||
@request.cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
# Now with some other user, which should fail
|
||||
post :edit, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id, :trace => new_details}, {:user => users(:public_user).id}
|
||||
assert_response :forbidden
|
||||
|
|
@ -409,8 +377,6 @@ class TraceControllerTest < ActionController::TestCase
|
|||
post :edit, {:display_name => users(:public_user).display_name, :id => gpx_files(:deleted_trace_file).id, :trace => new_details}, {:user => users(:public_user).id}
|
||||
assert_response :not_found
|
||||
|
||||
@request.cookies["_osm_username"] = users(:normal_user).display_name
|
||||
|
||||
# Finally with a trace that we are allowed to edit
|
||||
post :edit, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id, :trace => new_details}, {:user => users(:normal_user).id}
|
||||
assert_response :redirect
|
||||
|
|
@ -427,8 +393,6 @@ class TraceControllerTest < ActionController::TestCase
|
|||
post :delete, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id,}
|
||||
assert_response :forbidden
|
||||
|
||||
@request.cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
# Now with some other user, which should fail
|
||||
post :delete, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:public_user).id}
|
||||
assert_response :forbidden
|
||||
|
|
@ -441,8 +405,6 @@ class TraceControllerTest < ActionController::TestCase
|
|||
post :delete, {:display_name => users(:public_user).display_name, :id => gpx_files(:deleted_trace_file).id}, {:user => users(:public_user).id}
|
||||
assert_response :not_found
|
||||
|
||||
@request.cookies["_osm_username"] = users(:normal_user).display_name
|
||||
|
||||
# Finally with a trace that we are allowed to delete
|
||||
post :delete, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:normal_user).id}
|
||||
assert_response :redirect
|
||||
|
|
|
|||
|
|
@ -101,7 +101,6 @@ class UserBlocksControllerTest < ActionController::TestCase
|
|||
|
||||
# Login as the blocked user
|
||||
session[:user] = users(:blocked_user).id
|
||||
cookies["_osm_username"] = users(:blocked_user).display_name
|
||||
|
||||
# Now viewing it should mark it as seen
|
||||
get :show, :id => user_blocks(:active_block)
|
||||
|
|
@ -118,7 +117,6 @@ class UserBlocksControllerTest < ActionController::TestCase
|
|||
|
||||
# Login as a normal user
|
||||
session[:user] = users(:public_user).id
|
||||
cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
# Check that normal users can't load the block creation page
|
||||
get :new, :display_name => users(:normal_user).display_name
|
||||
|
|
@ -127,7 +125,6 @@ class UserBlocksControllerTest < ActionController::TestCase
|
|||
|
||||
# Login as a moderator
|
||||
session[:user] = users(:moderator_user).id
|
||||
cookies["_osm_username"] = users(:moderator_user).display_name
|
||||
|
||||
# Check that the block creation page loads for moderators
|
||||
get :new, :display_name => users(:normal_user).display_name
|
||||
|
|
@ -162,7 +159,6 @@ class UserBlocksControllerTest < ActionController::TestCase
|
|||
|
||||
# Login as a normal user
|
||||
session[:user] = users(:public_user).id
|
||||
cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
# Check that normal users can't load the block edit page
|
||||
get :edit, :id => user_blocks(:active_block).id
|
||||
|
|
@ -171,7 +167,6 @@ class UserBlocksControllerTest < ActionController::TestCase
|
|||
|
||||
# Login as a moderator
|
||||
session[:user] = users(:moderator_user).id
|
||||
cookies["_osm_username"] = users(:moderator_user).display_name
|
||||
|
||||
# Check that the block edit page loads for moderators
|
||||
get :edit, :id => user_blocks(:active_block).id
|
||||
|
|
@ -204,7 +199,6 @@ class UserBlocksControllerTest < ActionController::TestCase
|
|||
|
||||
# Login as a normal user
|
||||
session[:user] = users(:public_user).id
|
||||
cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
# Check that normal users can't create blocks
|
||||
post :create
|
||||
|
|
@ -212,7 +206,6 @@ class UserBlocksControllerTest < ActionController::TestCase
|
|||
|
||||
# Login as a moderator
|
||||
session[:user] = users(:moderator_user).id
|
||||
cookies["_osm_username"] = users(:moderator_user).display_name
|
||||
|
||||
# A bogus block period should result in an error
|
||||
assert_no_difference "UserBlock.count" do
|
||||
|
|
@ -263,7 +256,6 @@ class UserBlocksControllerTest < ActionController::TestCase
|
|||
|
||||
# Login as a normal user
|
||||
session[:user] = users(:public_user).id
|
||||
cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
# Check that normal users can't update blocks
|
||||
put :update, :id => user_blocks(:active_block).id
|
||||
|
|
@ -271,7 +263,6 @@ class UserBlocksControllerTest < ActionController::TestCase
|
|||
|
||||
# Login as the wrong moderator
|
||||
session[:user] = users(:second_moderator_user).id
|
||||
cookies["_osm_username"] = users(:second_moderator_user).display_name
|
||||
|
||||
# Check that only the person who created a block can update it
|
||||
assert_no_difference "UserBlock.count" do
|
||||
|
|
@ -285,7 +276,6 @@ class UserBlocksControllerTest < ActionController::TestCase
|
|||
|
||||
# Login as the correct moderator
|
||||
session[:user] = users(:moderator_user).id
|
||||
cookies["_osm_username"] = users(:moderator_user).display_name
|
||||
|
||||
# A bogus block period should result in an error
|
||||
assert_no_difference "UserBlock.count" do
|
||||
|
|
@ -331,7 +321,6 @@ class UserBlocksControllerTest < ActionController::TestCase
|
|||
|
||||
# Login as a normal user
|
||||
session[:user] = users(:public_user).id
|
||||
cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
# Check that normal users can't load the block revoke page
|
||||
get :revoke, :id => user_blocks(:active_block).id
|
||||
|
|
@ -340,7 +329,6 @@ class UserBlocksControllerTest < ActionController::TestCase
|
|||
|
||||
# Login as a moderator
|
||||
session[:user] = users(:moderator_user).id
|
||||
cookies["_osm_username"] = users(:moderator_user).display_name
|
||||
|
||||
# Check that the block revoke page loads for moderators
|
||||
get :revoke, :id => user_blocks(:active_block).id
|
||||
|
|
|
|||
|
|
@ -351,17 +351,12 @@ class UserControllerTest < ActionController::TestCase
|
|||
def test_user_terms_seen
|
||||
user = users(:normal_user)
|
||||
|
||||
# Set the username cookie
|
||||
@request.cookies["_osm_username"] = user.display_name
|
||||
|
||||
get :terms, {}, { "user" => user }
|
||||
assert_response :redirect
|
||||
assert_redirected_to :action => :account, :display_name => user.display_name
|
||||
end
|
||||
|
||||
def test_user_go_public
|
||||
@request.cookies["_osm_username"] = users(:normal_user).display_name
|
||||
|
||||
post :go_public, {}, { :user => users(:normal_user) }
|
||||
assert_response :redirect
|
||||
assert_redirected_to :action => :account, :display_name => users(:normal_user).display_name
|
||||
|
|
@ -460,20 +455,15 @@ class UserControllerTest < ActionController::TestCase
|
|||
# validation errors being reported
|
||||
user = users(:normal_user)
|
||||
|
||||
# Set the username cookie
|
||||
@request.cookies["_osm_username"] = user.display_name
|
||||
|
||||
# Make sure that you are redirected to the login page when
|
||||
# you are not logged in
|
||||
get :account, { :display_name => user.display_name }
|
||||
assert_response :redirect
|
||||
assert_redirected_to :controller => :user, :action => "login", :referer => "/user/test/account"
|
||||
|
||||
# Make sure that you are redirected to the login page when
|
||||
# you are not logged in as the right user
|
||||
# Make sure that you are blocked when not logged in as the right user
|
||||
get :account, { :display_name => user.display_name }, { "user" => users(:public_user).id }
|
||||
assert_response :redirect
|
||||
assert_redirected_to :controller => :user, :action => "login", :referer => "/user/test/account"
|
||||
assert_response :forbidden
|
||||
|
||||
# Make sure we get the page when we are logged in as the right user
|
||||
get :account, { :display_name => user.display_name }, { "user" => user }
|
||||
|
|
@ -490,8 +480,8 @@ class UserControllerTest < ActionController::TestCase
|
|||
assert_select "form#accountForm > fieldset > div.form-row > div#user_description_container > div#user_description_content > textarea#user_description", user.description
|
||||
|
||||
# Changing name to one that exists should fail
|
||||
user.display_name = users(:public_user).display_name
|
||||
post :account, { :display_name => user.display_name, :user => user.attributes }, { "user" => user.id }
|
||||
new_attributes = user.attributes.dup.merge(:display_name => users(:public_user).display_name)
|
||||
post :account, { :display_name => user.display_name, :user => new_attributes }, { "user" => user.id }
|
||||
assert_response :success
|
||||
assert_template :account
|
||||
assert_select "div#notice", false
|
||||
|
|
@ -499,8 +489,8 @@ class UserControllerTest < ActionController::TestCase
|
|||
assert_select "form#accountForm > fieldset > div.form-row > div.field_with_errors > input#user_display_name"
|
||||
|
||||
# Changing name to one that exists should fail, regardless of case
|
||||
user.display_name = users(:public_user).display_name.upcase
|
||||
post :account, { :display_name => user.display_name, :user => user.attributes }, { "user" => user.id }
|
||||
new_attributes = user.attributes.dup.merge(:display_name => users(:public_user).display_name.upcase)
|
||||
post :account, { :display_name => user.display_name, :user => new_attributes }, { "user" => user.id }
|
||||
assert_response :success
|
||||
assert_template :account
|
||||
assert_select "div#notice", false
|
||||
|
|
@ -508,16 +498,16 @@ class UserControllerTest < ActionController::TestCase
|
|||
assert_select "form#accountForm > fieldset > div.form-row > div.field_with_errors > input#user_display_name"
|
||||
|
||||
# Changing name to one that doesn't exist should work
|
||||
user.display_name = "new tester"
|
||||
post :account, { :display_name => user.display_name, :user => user.attributes }, { "user" => user.id }
|
||||
new_attributes = user.attributes.dup.merge(:display_name => "new tester")
|
||||
post :account, { :display_name => user.display_name, :user => new_attributes }, { "user" => user.id }
|
||||
assert_response :success
|
||||
assert_template :account
|
||||
assert_select "div#errorExplanation", false
|
||||
assert_select "div#notice", /^User information updated successfully/
|
||||
assert_select "form#accountForm > fieldset > div.form-row > input#user_display_name[value=?]", user.display_name
|
||||
assert_select "form#accountForm > fieldset > div.form-row > input#user_display_name[value=?]", "new tester"
|
||||
|
||||
# Need to update cookies now to stay valid
|
||||
@request.cookies["_osm_username"] = user.display_name
|
||||
# Record the change of name
|
||||
user.display_name = "new tester"
|
||||
|
||||
# Changing email to one that exists should fail
|
||||
user.new_email = users(:public_user).email
|
||||
|
|
@ -598,7 +588,6 @@ class UserControllerTest < ActionController::TestCase
|
|||
|
||||
# Login as a normal user
|
||||
session[:user] = users(:normal_user).id
|
||||
cookies["_osm_username"] = users(:normal_user).display_name
|
||||
|
||||
# Test the normal user
|
||||
get :view, {:display_name => "test"}
|
||||
|
|
@ -616,7 +605,6 @@ class UserControllerTest < ActionController::TestCase
|
|||
|
||||
# Login as a moderator
|
||||
session[:user] = users(:moderator_user).id
|
||||
cookies["_osm_username"] = users(:moderator_user).display_name
|
||||
|
||||
# Test the normal user
|
||||
get :view, {:display_name => "test"}
|
||||
|
|
@ -734,9 +722,6 @@ class UserControllerTest < ActionController::TestCase
|
|||
# Check that the users aren't already friends
|
||||
assert_nil Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
|
||||
|
||||
# Set the username cookie
|
||||
@request.cookies["_osm_username"] = user.display_name
|
||||
|
||||
# When not logged in a GET should ask us to login
|
||||
get :make_friend, {:display_name => friend.display_name}
|
||||
assert_redirected_to :controller => :user, :action => "login", :referer => make_friend_path(:display_name => friend.display_name)
|
||||
|
|
@ -787,9 +772,6 @@ class UserControllerTest < ActionController::TestCase
|
|||
# Check that the users are friends
|
||||
assert Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
|
||||
|
||||
# Set the username cookie
|
||||
@request.cookies["_osm_username"] = user.display_name
|
||||
|
||||
# When not logged in a GET should ask us to login
|
||||
get :remove_friend, {:display_name => friend.display_name}
|
||||
assert_redirected_to :controller => :user, :action => "login", :referer => remove_friend_path(:display_name => friend.display_name)
|
||||
|
|
@ -838,15 +820,11 @@ class UserControllerTest < ActionController::TestCase
|
|||
assert_response :redirect
|
||||
assert_redirected_to :action => :login, :referer => set_status_user_path(:status => "suspended")
|
||||
|
||||
@request.cookies["_osm_username"] = users(:normal_user).display_name
|
||||
|
||||
# Now try as a normal user
|
||||
get :set_status, {:display_name => users(:normal_user).display_name, :status => "suspended"}, {:user => users(:normal_user).id}
|
||||
assert_response :redirect
|
||||
assert_redirected_to :action => :view, :display_name => users(:normal_user).display_name
|
||||
|
||||
@request.cookies["_osm_username"] = users(:administrator_user).display_name
|
||||
|
||||
# Finally try as an administrator
|
||||
get :set_status, {:display_name => users(:normal_user).display_name, :status => "suspended"}, {:user => users(:administrator_user).id}
|
||||
assert_response :redirect
|
||||
|
|
@ -860,15 +838,11 @@ class UserControllerTest < ActionController::TestCase
|
|||
assert_response :redirect
|
||||
assert_redirected_to :action => :login, :referer => delete_user_path(:status => "suspended")
|
||||
|
||||
@request.cookies["_osm_username"] = users(:normal_user).display_name
|
||||
|
||||
# Now try as a normal user
|
||||
get :delete, {:display_name => users(:normal_user).display_name, :status => "suspended"}, {:user => users(:normal_user).id}
|
||||
assert_response :redirect
|
||||
assert_redirected_to :action => :view, :display_name => users(:normal_user).display_name
|
||||
|
||||
@request.cookies["_osm_username"] = users(:administrator_user).display_name
|
||||
|
||||
# Finally try as an administrator
|
||||
get :delete, {:display_name => users(:normal_user).display_name, :status => "suspended"}, {:user => users(:administrator_user).id}
|
||||
assert_response :redirect
|
||||
|
|
|
|||
|
|
@ -25,7 +25,6 @@ class UserRolesControllerTest < ActionController::TestCase
|
|||
|
||||
# Login as an unprivileged user
|
||||
session[:user] = users(:public_user).id
|
||||
cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
# Granting should still fail
|
||||
post :grant, :display_name => users(:normal_user).display_name, :role => "moderator"
|
||||
|
|
@ -34,7 +33,6 @@ class UserRolesControllerTest < ActionController::TestCase
|
|||
|
||||
# Login as an administrator
|
||||
session[:user] = users(:administrator_user).id
|
||||
cookies["_osm_username"] = users(:administrator_user).display_name
|
||||
|
||||
UserRole::ALL_ROLES.each do |role|
|
||||
|
||||
|
|
@ -85,7 +83,6 @@ class UserRolesControllerTest < ActionController::TestCase
|
|||
|
||||
# Login as an unprivileged user
|
||||
session[:user] = users(:public_user).id
|
||||
cookies["_osm_username"] = users(:public_user).display_name
|
||||
|
||||
# Revoking should still fail
|
||||
post :revoke, :display_name => users(:normal_user).display_name, :role => "moderator"
|
||||
|
|
@ -94,7 +91,6 @@ class UserRolesControllerTest < ActionController::TestCase
|
|||
|
||||
# Login as an administrator
|
||||
session[:user] = users(:administrator_user).id
|
||||
cookies["_osm_username"] = users(:administrator_user).display_name
|
||||
|
||||
UserRole::ALL_ROLES.each do |role|
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue