cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'openstreetmap/pull/1477'

Browse source
This commit is contained in:
Tom Hughes 2017-03-06 17:54:26 +00:00
commit 49c3af4a32
3 changed files with 142 additions and 97 deletions
Download patch file Download diff file Expand all files Collapse all files

155
test/controllers/message_controller_test.rb
View file

@ -1,8 +1,6 @@
require "test_helper"
class MessageControllerTest < ActionController::TestCase
fixtures :users
##
# test all routes which lead to this controller
def test_routes
@ -48,22 +46,25 @@ class MessageControllerTest < ActionController::TestCase
# test fetching new message page when not logged in
def test_new_no_login
# Check that the new message page requires us to login
get :new, :display_name => users(:public_user).display_name
assert_redirected_to login_path(:referer => new_message_path(:display_name => users(:public_user).display_name))
user = create(:user)
get :new, :display_name => user.display_name
assert_redirected_to login_path(:referer => new_message_path(:display_name => user.display_name))
end
##
# test fetching new message page when logged in
def test_new_form
# Login as a normal user
session[:user] = users(:normal_user).id
user = create(:user)
recipient_user = create(:user)
session[:user] = user.id
# Check that the new message page loads
get :new, :display_name => users(:public_user).display_name
get :new, :display_name => recipient_user.display_name
assert_response :success
assert_template "new"
assert_select "title", "OpenStreetMap | Send message"
assert_select "form[action='#{new_message_path(:display_name => users(:public_user).display_name)}']", :count => 1 do
assert_select "form[action='#{new_message_path(:display_name => recipient_user.display_name)}']", :count => 1 do
assert_select "input#message_title", :count => 1
assert_select "textarea#message_body", :count => 1
assert_select "input[type='submit'][value='Send']", :count => 1
@ -74,20 +75,22 @@ class MessageControllerTest < ActionController::TestCase
# test fetching new message page with body and title
def test_new_get_with_params
# Login as a normal user
session[:user] = users(:normal_user).id
user = create(:user)
recipient_user = create(:user)
session[:user] = user.id
# Check that we can't send a message from a GET request
assert_difference "ActionMailer::Base.deliveries.size", 0 do
assert_difference "Message.count", 0 do
get :new,
:display_name => users(:public_user).display_name,
:display_name => recipient_user.display_name,
:message => { :title => "Test Message", :body => "Test message body" }
end
end
assert_response :success
assert_template "new"
assert_select "title", "OpenStreetMap | Send message"
assert_select "form[action='#{new_message_path(:display_name => users(:public_user).display_name)}']", :count => 1 do
assert_select "form[action='#{new_message_path(:display_name => recipient_user.display_name)}']", :count => 1 do
assert_select "input#message_title", :count => 1 do
assert_select "[value='Test Message']"
end
@ -100,20 +103,22 @@ class MessageControllerTest < ActionController::TestCase
# test posting new message page with no body
def test_new_post_no_body
# Login as a normal user
session[:user] = users(:normal_user).id
user = create(:user)
recipient_user = create(:user)
session[:user] = user.id
# Check that the subject is preserved over errors
assert_difference "ActionMailer::Base.deliveries.size", 0 do
assert_difference "Message.count", 0 do
post :new,
:display_name => users(:public_user).display_name,
:display_name => recipient_user.display_name,
:message => { :title => "Test Message", :body => "" }
end
end
assert_response :success
assert_template "new"
assert_select "title", "OpenStreetMap | Send message"
assert_select "form[action='#{new_message_path(:display_name => users(:public_user).display_name)}']", :count => 1 do
assert_select "form[action='#{new_message_path(:display_name => recipient_user.display_name)}']", :count => 1 do
assert_select "input#message_title", :count => 1 do
assert_select "[value='Test Message']"
end
@ -126,20 +131,22 @@ class MessageControllerTest < ActionController::TestCase
# test posting new message page with no title
def test_new_post_no_title
# Login as a normal user
session[:user] = users(:normal_user).id
user = create(:user)
recipient_user = create(:user)
session[:user] = user.id
# Check that the body text is preserved over errors
assert_difference "ActionMailer::Base.deliveries.size", 0 do
assert_difference "Message.count", 0 do
post :new,
:display_name => users(:public_user).display_name,
:display_name => recipient_user.display_name,
:message => { :title => "", :body => "Test message body" }
end
end
assert_response :success
assert_template "new"
assert_select "title", "OpenStreetMap | Send message"
assert_select "form[action='#{new_message_path(:display_name => users(:public_user).display_name)}']", :count => 1 do
assert_select "form[action='#{new_message_path(:display_name => recipient_user.display_name)}']", :count => 1 do
assert_select "input#message_title", :count => 1 do
assert_select "[value='']"
end
@ -152,27 +159,29 @@ class MessageControllerTest < ActionController::TestCase
# test posting new message page sends message
def test_new_post_send
# Login as a normal user
session[:user] = users(:normal_user).id
user = create(:user)
recipient_user = create(:user)
session[:user] = user.id
# Check that sending a message works
assert_difference "ActionMailer::Base.deliveries.size", 1 do
assert_difference "Message.count", 1 do
post :new,
:display_name => users(:public_user).display_name,
:display_name => recipient_user.display_name,
:message => { :title => "Test Message", :body => "Test message body" }
end
end
assert_redirected_to inbox_path(:display_name => users(:normal_user).display_name)
assert_redirected_to inbox_path(:display_name => user.display_name)
assert_equal "Message sent", flash[:notice]
e = ActionMailer::Base.deliveries.first
assert_equal [users(:public_user).email], e.to
assert_equal [recipient_user.email], e.to
assert_equal "[OpenStreetMap] Test Message", e.subject
assert_match /Test message body/, e.text_part.decoded
assert_match /Test message body/, e.html_part.decoded
ActionMailer::Base.deliveries.clear
m = Message.last
assert_equal users(:normal_user).id, m.from_user_id
assert_equal users(:public_user).id, m.to_user_id
assert_equal user.id, m.from_user_id
assert_equal recipient_user.id, m.to_user_id
assert_in_delta Time.now, m.sent_on, 2
assert_equal "Test Message", m.title
assert_equal "Test message body", m.body
@ -189,14 +198,16 @@ class MessageControllerTest < ActionController::TestCase
# test the new action message limit
def test_new_limit
# Login as a normal user
session[:user] = users(:normal_user).id
user = create(:user)
recipient_user = create(:user)
session[:user] = user.id
# Check that sending a message fails when the message limit is hit
assert_no_difference "ActionMailer::Base.deliveries.size" do
assert_no_difference "Message.count" do
with_message_limit(0) do
post :new,
:display_name => users(:public_user).display_name,
:display_name => recipient_user.display_name,
:message => { :title => "Test Message", :body => "Test message body" }
assert_response :success
assert_template "new"
@ -209,29 +220,32 @@ class MessageControllerTest < ActionController::TestCase
##
# test the reply action
def test_reply
unread_message = create(:message, :unread, :sender => users(:normal_user), :recipient => users(:public_user))
user = create(:user)
recipient_user = create(:user)
other_user = create(:user)
unread_message = create(:message, :unread, :sender => user, :recipient => recipient_user)
# Check that the message reply page requires us to login
get :reply, :message_id => unread_message.id
assert_redirected_to login_path(:referer => reply_message_path(:message_id => unread_message.id))
# Login as the wrong user
session[:user] = users(:second_public_user).id
session[:user] = other_user.id
# Check that we can't reply to somebody else's message
get :reply, :message_id => unread_message.id
assert_redirected_to login_path(:referer => reply_message_path(:message_id => unread_message.id))
assert_equal "You are logged in as `pulibc_test2' but the message you have asked to reply to was not sent to that user. Please login as the correct user in order to reply.", flash[:notice]
assert_equal "You are logged in as `#{other_user.display_name}' but the message you have asked to reply to was not sent to that user. Please login as the correct user in order to reply.", flash[:notice]
# Login as the right user
session[:user] = users(:public_user).id
session[:user] = recipient_user.id
# Check that the message reply page loads
get :reply, :message_id => unread_message.id
assert_response :success
assert_template "new"
assert_select "title", "OpenStreetMap | Re: #{unread_message.title}"
assert_select "form[action='#{new_message_path(:display_name => users(:normal_user).display_name)}']", :count => 1 do
assert_select "form[action='#{new_message_path(:display_name => user.display_name)}']", :count => 1 do
assert_select "input#message_title[value='Re: #{unread_message.title}']", :count => 1
assert_select "textarea#message_body", :count => 1
assert_select "input[type='submit'][value='Send']", :count => 1
@ -252,22 +266,25 @@ class MessageControllerTest < ActionController::TestCase
##
# test the read action
def test_read
unread_message = create(:message, :unread, :sender => users(:normal_user), :recipient => users(:public_user))
user = create(:user)
recipient_user = create(:user)
other_user = create(:user)
unread_message = create(:message, :unread, :sender => user, :recipient => recipient_user)
# Check that the read message page requires us to login
get :read, :message_id => unread_message.id
assert_redirected_to login_path(:referer => read_message_path(:message_id => unread_message.id))
# Login as the wrong user
session[:user] = users(:second_public_user).id
session[:user] = other_user.id
# Check that we can't read the message
get :read, :message_id => unread_message.id
assert_redirected_to login_path(:referer => read_message_path(:message_id => unread_message.id))
assert_equal "You are logged in as `pulibc_test2' but the message you have asked to read was not sent by or to that user. Please login as the correct user in order to read it.", flash[:notice]
assert_equal "You are logged in as `#{other_user.display_name}' but the message you have asked to read was not sent by or to that user. Please login as the correct user in order to read it.", flash[:notice]
# Login as the message sender
session[:user] = users(:normal_user).id
session[:user] = user.id
# Check that the message sender can read the message
get :read, :message_id => unread_message.id
@ -275,10 +292,10 @@ class MessageControllerTest < ActionController::TestCase
assert_template "read"
assert_equal false, Message.find(unread_message.id).message_read
# Login as the message recipient
session[:user] = users(:public_user).id
# Login as the message recipient_user
session[:user] = recipient_user.id
# Check that the message recipient can read the message
# Check that the message recipient_user can read the message
get :read, :message_id => unread_message.id
assert_response :success
assert_template "read"
@ -298,16 +315,18 @@ class MessageControllerTest < ActionController::TestCase
##
# test the inbox action
def test_inbox
read_message = create(:message, :read, :recipient => users(:normal_user))
user = create(:user)
other_user = create(:user)
read_message = create(:message, :read, :recipient => user)
# Check that the inbox page requires us to login
get :inbox, :display_name => users(:normal_user).display_name
assert_redirected_to login_path(:referer => inbox_path(:display_name => users(:normal_user).display_name))
get :inbox, :display_name => user.display_name
assert_redirected_to login_path(:referer => inbox_path(:display_name => user.display_name))
# Login
session[:user] = users(:normal_user).id
session[:user] = user.id
# Check that we can view our inbox when logged in
get :inbox, :display_name => users(:normal_user).display_name
get :inbox, :display_name => user.display_name
assert_response :success
assert_template "inbox"
assert_select "table.messages", :count => 1 do
@ -316,24 +335,26 @@ class MessageControllerTest < ActionController::TestCase
end
# Check that we can't view somebody else's inbox when logged in
get :inbox, :display_name => users(:public_user).display_name
assert_redirected_to inbox_path(:display_name => users(:normal_user).display_name)
get :inbox, :display_name => other_user.display_name
assert_redirected_to inbox_path(:display_name => user.display_name)
end
##
# test the outbox action
def test_outbox
create(:message, :sender => users(:normal_user))
user = create(:user)
other_user = create(:user)
create(:message, :sender => user)
# Check that the outbox page requires us to login
get :outbox, :display_name => users(:normal_user).display_name
assert_redirected_to login_path(:referer => outbox_path(:display_name => users(:normal_user).display_name))
get :outbox, :display_name => user.display_name
assert_redirected_to login_path(:referer => outbox_path(:display_name => user.display_name))
# Login
session[:user] = users(:normal_user).id
session[:user] = user.id
# Check that we can view our outbox when logged in
get :outbox, :display_name => users(:normal_user).display_name
get :outbox, :display_name => user.display_name
assert_response :success
assert_template "outbox"
assert_select "table.messages", :count => 1 do
@ -342,38 +363,41 @@ class MessageControllerTest < ActionController::TestCase
end
# Check that we can't view somebody else's outbox when logged in
get :outbox, :display_name => users(:public_user).display_name
assert_redirected_to outbox_path(:display_name => users(:normal_user).display_name)
get :outbox, :display_name => other_user.display_name
assert_redirected_to outbox_path(:display_name => user.display_name)
end
##
# test the mark action
def test_mark
unread_message = create(:message, :unread, :sender => users(:normal_user), :recipient => users(:public_user))
user = create(:user)
recipient_user = create(:user)
other_user = create(:user)
unread_message = create(:message, :unread, :sender => user, :recipient => recipient_user)
# Check that the marking a message requires us to login
post :mark, :message_id => unread_message.id
assert_response :forbidden
# Login as a user with no messages
session[:user] = users(:second_public_user).id
session[:user] = other_user.id
# Check that marking a message we didn't send or receive fails
post :mark, :message_id => unread_message.id
assert_response :not_found
assert_template "no_such_message"
# Login as the message recipient
session[:user] = users(:public_user).id
# Login as the message recipient_user
session[:user] = recipient_user.id
# Check that the marking a message read works
post :mark, :message_id => unread_message.id, :mark => "read"
assert_redirected_to inbox_path(:display_name => users(:public_user).display_name)
assert_redirected_to inbox_path(:display_name => recipient_user.display_name)
assert_equal true, Message.find(unread_message.id).message_read
# Check that the marking a message unread works
post :mark, :message_id => unread_message.id, :mark => "unread"
assert_redirected_to inbox_path(:display_name => users(:public_user).display_name)
assert_redirected_to inbox_path(:display_name => recipient_user.display_name)
assert_equal false, Message.find(unread_message.id).message_read
# Check that the marking a message read via XHR works
@ -402,35 +426,38 @@ class MessageControllerTest < ActionController::TestCase
##
# test the delete action
def test_delete
read_message = create(:message, :read, :recipient => users(:normal_user), :sender => users(:public_user))
sent_message = create(:message, :unread, :recipient => users(:public_user), :sender => users(:normal_user))
user = create(:user)
second_user = create(:user)
other_user = create(:user)
read_message = create(:message, :read, :recipient => user, :sender => second_user)
sent_message = create(:message, :unread, :recipient => second_user, :sender => user)
# Check that the deleting a message requires us to login
post :delete, :message_id => read_message.id
assert_response :forbidden
# Login as a user with no messages
session[:user] = users(:second_public_user).id
session[:user] = other_user.id
# Check that deleting a message we didn't send or receive fails
post :delete, :message_id => read_message.id
assert_response :not_found
assert_template "no_such_message"
# Login as the message recipient
session[:user] = users(:normal_user).id
# Login as the message recipient_user
session[:user] = user.id
# Check that the deleting a received message works
post :delete, :message_id => read_message.id
assert_redirected_to inbox_path(:display_name => users(:normal_user).display_name)
assert_redirected_to inbox_path(:display_name => user.display_name)
assert_equal "Message deleted", flash[:notice]
m = Message.find(read_message.id)
assert_equal true, m.from_user_visible
assert_equal false, m.to_user_visible
# Check that the deleting a sent message works
post :delete, :message_id => sent_message.id, :referer => outbox_path(:display_name => users(:normal_user).display_name)
assert_redirected_to outbox_path(:display_name => users(:normal_user).display_name)
post :delete, :message_id => sent_message.id, :referer => outbox_path(:display_name => user.display_name)
assert_redirected_to outbox_path(:display_name => user.display_name)
assert_equal "Message deleted", flash[:notice]
m = Message.find(sent_message.id)
assert_equal false, m.from_user_visible

8
test/controllers/swf_controller_test.rb
View file

@ -15,7 +15,9 @@ class SwfControllerTest < ActionController::TestCase
##
# basic test that trackpoints at least returns some sort of flash movie
def test_trackpoints
create(:trace, :visibility => "trackable", :latitude => 51.51, :longitude => -0.14, :user => users(:public_user)) do |trace|
user = create(:user)
other_user = create(:user)
create(:trace, :visibility => "trackable", :latitude => 51.51, :longitude => -0.14, :user => user) do |trace|
create(:tracepoint, :trace => trace, :trackid => 1, :latitude => (51.510 * GeoRecord::SCALE).to_i, :longitude => (-0.140 * GeoRecord::SCALE).to_i)
create(:tracepoint, :trace => trace, :trackid => 2, :latitude => (51.511 * GeoRecord::SCALE).to_i, :longitude => (-0.141 * GeoRecord::SCALE).to_i)
end
@ -29,13 +31,13 @@ class SwfControllerTest < ActionController::TestCase
assert_match /^FWS/, response.body
assert_equal 80, response.body.length
get :trackpoints, :xmin => -1, :xmax => 1, :ymin => 51, :ymax => 52, :baselong => 0, :basey => 0, :masterscale => 1, :token => users(:normal_user).tokens.create.token
get :trackpoints, :xmin => -1, :xmax => 1, :ymin => 51, :ymax => 52, :baselong => 0, :basey => 0, :masterscale => 1, :token => other_user.tokens.create.token
assert_response :success
assert_equal "application/x-shockwave-flash", response.content_type
assert_match /^FWS/, response.body
assert_equal 67, response.body.length
get :trackpoints, :xmin => -1, :xmax => 1, :ymin => 51, :ymax => 52, :baselong => 0, :basey => 0, :masterscale => 1, :token => users(:public_user).tokens.create.token
get :trackpoints, :xmin => -1, :xmax => 1, :ymin => 51, :ymax => 52, :baselong => 0, :basey => 0, :masterscale => 1, :token => user.tokens.create.token
assert_response :success
assert_equal "application/x-shockwave-flash", response.content_type
assert_match /^FWS/, response.body

76
test/controllers/user_roles_controller_test.rb
View file

@ -1,8 +1,6 @@
require "test_helper"
class UserRolesControllerTest < ActionController::TestCase
fixtures :users, :user_roles
##
# test all routes which lead to this controller
def test_routes
@ -19,20 +17,29 @@ class UserRolesControllerTest < ActionController::TestCase
##
# test the grant action
def test_grant
target_user = create(:user)
normal_user = create(:user)
administrator_user = create(:administrator_user)
# Create a super user which has all known roles
super_user = create(:user)
UserRole::ALL_ROLES.each do |role|
create(:user_role, :user => super_user, :granter => administrator_user, :role => role)
end
# Granting should fail when not logged in
post :grant, :display_name => users(:normal_user).display_name, :role => "moderator"
post :grant, :display_name => target_user.display_name, :role => "moderator"
assert_response :forbidden
# Login as an unprivileged user
session[:user] = users(:public_user).id
session[:user] = normal_user.id
# Granting should still fail
post :grant, :display_name => users(:normal_user).display_name, :role => "moderator"
assert_redirected_to user_path(users(:normal_user).display_name)
post :grant, :display_name => target_user.display_name, :role => "moderator"
assert_redirected_to user_path(target_user.display_name)
assert_equal "Only administrators can perform user role management, and you are not an administrator.", flash[:error]
# Login as an administrator
session[:user] = users(:administrator_user).id
session[:user] = administrator_user.id
UserRole::ALL_ROLES.each do |role|
# Granting a role to a non-existent user should fail
@ -43,52 +50,61 @@ class UserRolesControllerTest < ActionController::TestCase
assert_template "user/no_such_user"
assert_select "h1", "The user non_existent_user does not exist"
# Granting a role from a user that already has it should fail
# Granting a role to a user that already has it should fail
assert_no_difference "UserRole.count" do
post :grant, :display_name => users(:super_user).display_name, :role => role
post :grant, :display_name => super_user.display_name, :role => role
end
assert_redirected_to user_path(users(:super_user).display_name)
assert_redirected_to user_path(super_user.display_name)
assert_equal "The user already has role #{role}.", flash[:error]
# Granting a role to a user that doesn't have it should work...
assert_difference "UserRole.count", 1 do
post :grant, :display_name => users(:normal_user).display_name, :role => role
post :grant, :display_name => target_user.display_name, :role => role
end
assert_redirected_to user_path(users(:normal_user).display_name)
assert_redirected_to user_path(target_user.display_name)
# ...but trying a second time should fail
assert_no_difference "UserRole.count" do
post :grant, :display_name => users(:normal_user).display_name, :role => role
post :grant, :display_name => target_user.display_name, :role => role
end
assert_redirected_to user_path(users(:normal_user).display_name)
assert_redirected_to user_path(target_user.display_name)
assert_equal "The user already has role #{role}.", flash[:error]
end
# Granting a non-existent role should fail
assert_difference "UserRole.count", 0 do
post :grant, :display_name => users(:normal_user).display_name, :role => "no_such_role"
post :grant, :display_name => target_user.display_name, :role => "no_such_role"
end
assert_redirected_to user_path(users(:normal_user).display_name)
assert_redirected_to user_path(target_user.display_name)
assert_equal "The string `no_such_role' is not a valid role.", flash[:error]
end
##
# test the revoke action
def test_revoke
target_user = create(:user)
normal_user = create(:user)
administrator_user = create(:administrator_user)
# Create a super user which has all known roles
super_user = create(:user)
UserRole::ALL_ROLES.each do |role|
create(:user_role, :user => super_user, :granter => administrator_user, :role => role)
end
# Revoking should fail when not logged in
post :revoke, :display_name => users(:normal_user).display_name, :role => "moderator"
post :revoke, :display_name => target_user.display_name, :role => "moderator"
assert_response :forbidden
# Login as an unprivileged user
session[:user] = users(:public_user).id
session[:user] = normal_user.id
# Revoking should still fail
post :revoke, :display_name => users(:normal_user).display_name, :role => "moderator"
assert_redirected_to user_path(users(:normal_user).display_name)
post :revoke, :display_name => target_user.display_name, :role => "moderator"
assert_redirected_to user_path(target_user.display_name)
assert_equal "Only administrators can perform user role management, and you are not an administrator.", flash[:error]
# Login as an administrator
session[:user] = users(:administrator_user).id
session[:user] = administrator_user.id
UserRole::ALL_ROLES.each do |role|
# Removing a role from a non-existent user should fail
@ -101,30 +117,30 @@ class UserRolesControllerTest < ActionController::TestCase
# Removing a role from a user that doesn't have it should fail
assert_no_difference "UserRole.count" do
post :revoke, :display_name => users(:normal_user).display_name, :role => role
post :revoke, :display_name => target_user.display_name, :role => role
end
assert_redirected_to user_path(users(:normal_user).display_name)
assert_redirected_to user_path(target_user.display_name)
assert_equal "The user does not have role #{role}.", flash[:error]
# Removing a role' from a user that has it should work...
# Removing a role from a user that has it should work...
assert_difference "UserRole.count", -1 do
post :revoke, :display_name => users(:super_user).display_name, :role => role
post :revoke, :display_name => super_user.display_name, :role => role
end
assert_redirected_to user_path(users(:super_user).display_name)
assert_redirected_to user_path(super_user.display_name)
# ...but trying a second time should fail
assert_no_difference "UserRole.count" do
post :revoke, :display_name => users(:super_user).display_name, :role => role
post :revoke, :display_name => super_user.display_name, :role => role
end
assert_redirected_to user_path(users(:super_user).display_name)
assert_redirected_to user_path(super_user.display_name)
assert_equal "The user does not have role #{role}.", flash[:error]
end
# Revoking a non-existent role should fail
assert_difference "UserRole.count", 0 do
post :revoke, :display_name => users(:normal_user).display_name, :role => "no_such_role"
post :revoke, :display_name => target_user.display_name, :role => "no_such_role"
end
assert_redirected_to user_path(users(:normal_user).display_name)
assert_redirected_to user_path(target_user.display_name)
assert_equal "The string `no_such_role' is not a valid role.", flash[:error]
end
end