cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'upstream/pull/5391'

Browse source
This commit is contained in:
Tom Hughes 2024-12-18 14:11:51 +00:00
commit 6094a97ce6
13 changed files with 292 additions and 265 deletions
Download patch file Download diff file Expand all files Collapse all files

222
test/controllers/users/lists_controller_test.rb Normal file
View file

@ -0,0 +1,222 @@
require "test_helper"
module Users
class ListsControllerTest < ActionDispatch::IntegrationTest
##
# test all routes which lead to this controller
def test_routes
assert_routing(
{ :path => "/users", :method => :get },
{ :controller => "users/lists", :action => "show" }
)
assert_routing(
{ :path => "/users", :method => :put },
{ :controller => "users/lists", :action => "update" }
)
assert_routing(
{ :path => "/users/status", :method => :get },
{ :controller => "users/lists", :action => "show", :status => "status" }
)
assert_routing(
{ :path => "/users/status", :method => :put },
{ :controller => "users/lists", :action => "update", :status => "status" }
)
end
def test_show
user = create(:user)
moderator_user = create(:moderator_user)
administrator_user = create(:administrator_user)
_suspended_user = create(:user, :suspended)
_ip_user = create(:user, :creation_address => "1.2.3.4")
# There are now 7 users - the five above, plus two extra "granters" for the
# moderator_user and administrator_user
assert_equal 7, User.count
# Shouldn't work when not logged in
get users_list_path
assert_redirected_to login_path(:referer => users_list_path)
session_for(user)
# Shouldn't work when logged in as a normal user
get users_list_path
assert_redirected_to :controller => "/errors", :action => :forbidden
session_for(moderator_user)
# Shouldn't work when logged in as a moderator
get users_list_path
assert_redirected_to :controller => "/errors", :action => :forbidden
session_for(administrator_user)
# Note there is a header row, so all row counts are users + 1
# Should work when logged in as an administrator
get users_list_path
assert_response :success
assert_template :show
assert_select "table#user_list tbody tr", :count => 7
# Should be able to limit by status
get users_list_path, :params => { :status => "suspended" }
assert_response :success
assert_template :show
assert_select "table#user_list tbody tr", :count => 1
# Should be able to limit by IP address
get users_list_path, :params => { :ip => "1.2.3.4" }
assert_response :success
assert_template :show
assert_select "table#user_list tbody tr", :count => 1
end
def test_show_paginated
1.upto(100).each do |n|
User.create(:display_name => "extra_#{n}",
:email => "extra#{n}@example.com",
:pass_crypt => "extraextra")
end
session_for(create(:administrator_user))
# 100 examples, an administrator, and a granter for the admin.
assert_equal 102, User.count
next_path = users_list_path
get next_path
assert_response :success
assert_template :show
assert_select "table#user_list tbody tr", :count => 50
check_no_page_link "Newer Users"
next_path = check_page_link "Older Users"
get next_path
assert_response :success
assert_template :show
assert_select "table#user_list tbody tr", :count => 50
check_page_link "Newer Users"
next_path = check_page_link "Older Users"
get next_path
assert_response :success
assert_template :show
assert_select "table#user_list tbody tr", :count => 2
check_page_link "Newer Users"
check_no_page_link "Older Users"
end
def test_show_invalid_paginated
session_for(create(:administrator_user))
%w[-1 0 fred].each do |id|
get users_list_path(:before => id)
assert_redirected_to :controller => "/errors", :action => :bad_request
get users_list_path(:after => id)
assert_redirected_to :controller => "/errors", :action => :bad_request
end
end
def test_update_confirm
inactive_user = create(:user, :pending)
suspended_user = create(:user, :suspended)
# Shouldn't work when not logged in
assert_no_difference "User.active.count" do
put users_list_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
end
assert_response :forbidden
assert_equal "pending", inactive_user.reload.status
assert_equal "suspended", suspended_user.reload.status
session_for(create(:user))
# Shouldn't work when logged in as a normal user
assert_no_difference "User.active.count" do
put users_list_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
end
assert_redirected_to :controller => "/errors", :action => :forbidden
assert_equal "pending", inactive_user.reload.status
assert_equal "suspended", suspended_user.reload.status
session_for(create(:moderator_user))
# Shouldn't work when logged in as a moderator
assert_no_difference "User.active.count" do
put users_list_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
end
assert_redirected_to :controller => "/errors", :action => :forbidden
assert_equal "pending", inactive_user.reload.status
assert_equal "suspended", suspended_user.reload.status
session_for(create(:administrator_user))
# Should work when logged in as an administrator
assert_difference "User.active.count", 2 do
put users_list_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
end
assert_redirected_to :action => :show
assert_equal "confirmed", inactive_user.reload.status
assert_equal "confirmed", suspended_user.reload.status
end
def test_update_hide
normal_user = create(:user)
confirmed_user = create(:user, :confirmed)
# Shouldn't work when not logged in
assert_no_difference "User.active.count" do
put users_list_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
end
assert_response :forbidden
assert_equal "active", normal_user.reload.status
assert_equal "confirmed", confirmed_user.reload.status
session_for(create(:user))
# Shouldn't work when logged in as a normal user
assert_no_difference "User.active.count" do
put users_list_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
end
assert_redirected_to :controller => "/errors", :action => :forbidden
assert_equal "active", normal_user.reload.status
assert_equal "confirmed", confirmed_user.reload.status
session_for(create(:moderator_user))
# Shouldn't work when logged in as a moderator
assert_no_difference "User.active.count" do
put users_list_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
end
assert_redirected_to :controller => "/errors", :action => :forbidden
assert_equal "active", normal_user.reload.status
assert_equal "confirmed", confirmed_user.reload.status
session_for(create(:administrator_user))
# Should work when logged in as an administrator
assert_difference "User.active.count", -2 do
put users_list_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
end
assert_redirected_to :action => :show
assert_equal "deleted", normal_user.reload.status
assert_equal "deleted", confirmed_user.reload.status
end
private
def check_no_page_link(name)
assert_select "a.page-link", { :text => /#{Regexp.quote(name)}/, :count => 0 }, "unexpected #{name} page link"
end
def check_page_link(name)
assert_select "a.page-link", { :text => /#{Regexp.quote(name)}/ }, "missing #{name} page link" do |buttons|
return buttons.first.attributes["href"].value
end
end
end
end

215
test/controllers/users_controller_test.rb
View file

@ -47,23 +47,6 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
{ :path => "/user/username", :method => :delete },
{ :controller => "users", :action => "destroy", :display_name => "username" }
)
assert_routing(
{ :path => "/users", :method => :get },
{ :controller => "users", :action => "index" }
)
assert_routing(
{ :path => "/users", :method => :post },
{ :controller => "users", :action => "index" }
)
assert_routing(
{ :path => "/users/status", :method => :get },
{ :controller => "users", :action => "index", :status => "status" }
)
assert_routing(
{ :path => "/users/status", :method => :post },
{ :controller => "users", :action => "index", :status => "status" }
)
end
# The user creation page loads
@ -471,204 +454,6 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
assert_equal "deleted", user.status
end
def test_index_get
user = create(:user)
moderator_user = create(:moderator_user)
administrator_user = create(:administrator_user)
_suspended_user = create(:user, :suspended)
_ip_user = create(:user, :creation_address => "1.2.3.4")
# There are now 7 users - the five above, plus two extra "granters" for the
# moderator_user and administrator_user
assert_equal 7, User.count
# Shouldn't work when not logged in
get users_path
assert_redirected_to login_path(:referer => users_path)
session_for(user)
# Shouldn't work when logged in as a normal user
get users_path
assert_redirected_to :controller => :errors, :action => :forbidden
session_for(moderator_user)
# Shouldn't work when logged in as a moderator
get users_path
assert_redirected_to :controller => :errors, :action => :forbidden
session_for(administrator_user)
# Note there is a header row, so all row counts are users + 1
# Should work when logged in as an administrator
get users_path
assert_response :success
assert_template :index
assert_select "table#user_list tbody tr", :count => 7
# Should be able to limit by status
get users_path, :params => { :status => "suspended" }
assert_response :success
assert_template :index
assert_select "table#user_list tbody tr", :count => 1
# Should be able to limit by IP address
get users_path, :params => { :ip => "1.2.3.4" }
assert_response :success
assert_template :index
assert_select "table#user_list tbody tr", :count => 1
end
def test_index_get_paginated
1.upto(100).each do |n|
User.create(:display_name => "extra_#{n}",
:email => "extra#{n}@example.com",
:pass_crypt => "extraextra")
end
session_for(create(:administrator_user))
# 100 examples, an administrator, and a granter for the admin.
assert_equal 102, User.count
next_path = users_path
get next_path
assert_response :success
assert_template :index
assert_select "table#user_list tbody tr", :count => 50
check_no_page_link "Newer Users"
next_path = check_page_link "Older Users"
get next_path
assert_response :success
assert_template :index
assert_select "table#user_list tbody tr", :count => 50
check_page_link "Newer Users"
next_path = check_page_link "Older Users"
get next_path
assert_response :success
assert_template :index
assert_select "table#user_list tbody tr", :count => 2
check_page_link "Newer Users"
check_no_page_link "Older Users"
end
def test_index_get_invalid_paginated
session_for(create(:administrator_user))
%w[-1 0 fred].each do |id|
get users_path(:before => id)
assert_redirected_to :controller => :errors, :action => :bad_request
get users_path(:after => id)
assert_redirected_to :controller => :errors, :action => :bad_request
end
end
private
def check_no_page_link(name)
assert_select "a.page-link", { :text => /#{Regexp.quote(name)}/, :count => 0 }, "unexpected #{name} page link"
end
def check_page_link(name)
assert_select "a.page-link", { :text => /#{Regexp.quote(name)}/ }, "missing #{name} page link" do |buttons|
return buttons.first.attributes["href"].value
end
end
public
def test_index_post_confirm
inactive_user = create(:user, :pending)
suspended_user = create(:user, :suspended)
# Shouldn't work when not logged in
assert_no_difference "User.active.count" do
post users_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
end
assert_response :forbidden
assert_equal "pending", inactive_user.reload.status
assert_equal "suspended", suspended_user.reload.status
session_for(create(:user))
# Shouldn't work when logged in as a normal user
assert_no_difference "User.active.count" do
post users_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
end
assert_redirected_to :controller => :errors, :action => :forbidden
assert_equal "pending", inactive_user.reload.status
assert_equal "suspended", suspended_user.reload.status
session_for(create(:moderator_user))
# Shouldn't work when logged in as a moderator
assert_no_difference "User.active.count" do
post users_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
end
assert_redirected_to :controller => :errors, :action => :forbidden
assert_equal "pending", inactive_user.reload.status
assert_equal "suspended", suspended_user.reload.status
session_for(create(:administrator_user))
# Should work when logged in as an administrator
assert_difference "User.active.count", 2 do
post users_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
end
assert_redirected_to :action => :index
assert_equal "confirmed", inactive_user.reload.status
assert_equal "confirmed", suspended_user.reload.status
end
def test_index_post_hide
normal_user = create(:user)
confirmed_user = create(:user, :confirmed)
# Shouldn't work when not logged in
assert_no_difference "User.active.count" do
post users_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
end
assert_response :forbidden
assert_equal "active", normal_user.reload.status
assert_equal "confirmed", confirmed_user.reload.status
session_for(create(:user))
# Shouldn't work when logged in as a normal user
assert_no_difference "User.active.count" do
post users_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
end
assert_redirected_to :controller => :errors, :action => :forbidden
assert_equal "active", normal_user.reload.status
assert_equal "confirmed", confirmed_user.reload.status
session_for(create(:moderator_user))
# Shouldn't work when logged in as a moderator
assert_no_difference "User.active.count" do
post users_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
end
assert_redirected_to :controller => :errors, :action => :forbidden
assert_equal "active", normal_user.reload.status
assert_equal "confirmed", confirmed_user.reload.status
session_for(create(:administrator_user))
# Should work when logged in as an administrator
assert_difference "User.active.count", -2 do
post users_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
end
assert_redirected_to :action => :index
assert_equal "deleted", normal_user.reload.status
assert_equal "deleted", confirmed_user.reload.status
end
def test_auth_failure_callback
get auth_failure_path
assert_redirected_to login_path

2
test/system/users_test.rb
View file

@ -9,7 +9,7 @@ class UsersTest < ApplicationSystemTestCase
test "all users can be selected" do
create_list(:user, 100)
visit users_path
visit users_list_path
assert_css "tbody input[type=checkbox]:checked", :count => 0
assert_css "tbody input[type=checkbox]:not(:checked)", :count => 50