require File.expand_path("spec_helper", File.dirname(__FILE__))
describe 'Rodauth remember feature' do
it "should support login via remember token" do
rodauth do
enable :login, :remember
end
roda do |r|
r.rodauth
r.get 'load' do
rodauth.load_memory
r.redirect '/'
end
r.root do
if rodauth.logged_in?
if rodauth.logged_in_via_remember_key?
view :content=>"Logged In via Remember"
else
view :content=>"Logged In Normally"
end
else
view :content=>"Not Logged In"
end
end
end
login
page.body.must_include 'Logged In Normally'
visit '/load'
page.body.must_include 'Logged In Normally'
visit '/remember'
click_button 'Change Remember Setting'
page.find('#error_flash').text.must_equal "There was an error updating your remember setting"
choose 'Remember Me'
click_button 'Change Remember Setting'
page.find('#notice_flash').text.must_equal "Your remember setting has been updated"
page.body.must_include 'Logged In Normally'
remove_cookie('rack.session')
visit '/'
page.body.must_include 'Not Logged In'
visit '/load'
page.body.must_include 'Logged In via Remember'
key = get_cookie('_remember')
visit '/remember'
choose 'Forget Me'
click_button 'Change Remember Setting'
page.body.must_include 'Logged In via Remember'
remove_cookie('rack.session')
visit '/'
page.body.must_include 'Not Logged In'
visit '/load'
page.body.must_include 'Not Logged In'
set_cookie('_remember', key)
visit '/load'
page.body.must_include 'Logged In via Remember'
visit '/remember'
choose 'Disable Remember Me'
click_button 'Change Remember Setting'
page.body.must_include 'Logged In via Remember'
remove_cookie('rack.session')
visit '/'
page.body.must_include 'Not Logged In'
set_cookie('_remember', key)
visit '/load'
page.body.must_include 'Not Logged In'
end
it "should forget remember token when explicitly logging out" do
rodauth do
enable :login, :logout, :remember
end
roda do |r|
r.rodauth
r.get 'load' do
rodauth.load_memory
r.redirect '/'
end
r.root{rodauth.logged_in? ? "Logged In#{session[:remembered]}" : "Not Logged In"}
end
login
page.body.must_equal 'Logged In'
visit '/remember'
choose 'Remember Me'
click_button 'Change Remember Setting'
page.body.must_equal 'Logged In'
logout
visit '/'
page.body.must_equal 'Not Logged In'
visit '/load'
page.body.must_equal 'Not Logged In'
end
it "should remove cookie if cookie is no longer valid" do
rodauth do
enable :login, :remember
skip_status_checks? false
end
roda do |r|
r.rodauth
r.get 'load' do
rodauth.load_memory
r.redirect '/'
end
r.root do
if rodauth.logged_in?
if rodauth.logged_in_via_remember_key?
view :content=>"Logged In via Remember"
else
view :content=>"Logged In Normally"
end
else
view :content=>"Not Logged In"
end
end
end
login
visit '/remember'
choose 'Remember Me'
click_button 'Change Remember Setting'
page.body.must_include 'Logged In Normally'
cookie = get_cookie('_remember')
remove_cookie('rack.session')
rk = DB[:account_remember_keys].first
DB[:account_remember_keys].update(:key=>rk[:key][0...-1])
visit '/load'
page.body.must_include 'Not Logged In'
get_cookie('_remember').must_equal ""
DB[:account_remember_keys].delete
set_cookie('_remember', cookie)
visit '/load'
page.body.must_include 'Not Logged In'
get_cookie('_remember').must_equal ""
DB[:account_remember_keys].insert(rk)
DB[:accounts].update(:status_id=>3)
set_cookie('_remember', cookie)
visit '/load'
page.body.must_include 'Not Logged In'
get_cookie('_remember').must_equal ""
DB[:account_remember_keys].must_be :empty?
end
it "should support clearing remembered flag" do
rodauth do
enable :login, :remember
end
roda do |r|
r.rodauth
r.get 'load' do
rodauth.load_memory
r.redirect '/'
end
r.root do
if rodauth.logged_in?
if rodauth.logged_in_via_remember_key?
view :content=>"Logged In via Remember"
else
view :content=>"Logged In Normally"
end
else
view :content=>"Not Logged In"
end
end
end
login
page.body.must_include 'Logged In Normally'
visit '/remember'
choose 'Remember Me'
click_button 'Change Remember Setting'
page.body.must_include 'Logged In Normally'
remove_cookie('rack.session')
visit '/'
page.body.must_include 'Not Logged In'
visit '/load'
page.body.must_include 'Logged In via Remember'
visit '/confirm-password'
fill_in 'Password', :with=>'012345678'
click_button 'Confirm Password'
page.find('#error_flash').text.must_equal "There was an error confirming your password"
page.html.must_include("invalid password")
fill_in 'Password', :with=>'0123456789'
click_button 'Confirm Password'
page.find('#notice_flash').text.must_equal "Your password has been confirmed"
page.body.must_include 'Logged In Normally'
end
it "should support extending remember token" do
rodauth do
enable :login, :remember
extend_remember_deadline? true
remember_period :days=>30
end
roda do |r|
r.rodauth
r.get 'load' do
rodauth.load_memory
r.redirect '/'
end
r.root{rodauth.logged_in? ? "Logged In#{session[:remembered]}" : "Not Logged In"}
end
login
visit '/remember'
choose 'Remember Me'
click_button 'Change Remember Setting'
deadline = DB[:account_remember_keys].get(:deadline)
deadline = Time.parse(deadline) if deadline.is_a?(String)
deadline.must_be(:<, Time.now + 15*86400)
remove_cookie('rack.session')
visit '/'
page.body.must_equal 'Not Logged In'
old_expiration = page.driver.browser.rack_mock_session.cookie_jar.instance_variable_get(:@cookies).first.expires
visit '/load'
page.body.must_equal 'Logged Intrue'
new_expiration = page.driver.browser.rack_mock_session.cookie_jar.instance_variable_get(:@cookies).first.expires
new_expiration.must_be :>=, old_expiration
deadline = DB[:account_remember_keys].get(:deadline)
deadline = Time.parse(deadline) if deadline.is_a?(String)
deadline.must_be(:>, Time.now + 29*86400)
end
it "should clear remember token when closing account" do
rodauth do
enable :login, :remember, :close_account
end
roda do |r|
r.rodauth
rodauth.load_memory
r.root{rodauth.logged_in? ? "Logged In#{session[:remembered]}" : "Not Logged In"}
end
login
visit '/remember'
choose 'Remember Me'
click_button 'Change Remember Setting'
DB[:account_remember_keys].count.must_equal 1
visit '/close-account'
fill_in 'Password', :with=>'0123456789'
click_button 'Close Account'
DB[:account_remember_keys].count.must_equal 0
end
it "should not use remember token if the account is not open" do
rodauth do
enable :login, :remember
skip_status_checks? false
end
roda do |r|
r.rodauth
r.get 'load' do
rodauth.load_memory
r.redirect '/'
end
r.root do
if rodauth.logged_in?
if rodauth.logged_in_via_remember_key?
"Logged In via Remember"
else
"Logged In Normally"
end
else
"Not Logged In"
end
end
end
login
page.body.must_equal 'Logged In Normally'
visit '/load'
page.body.must_equal 'Logged In Normally'
visit '/remember'
choose 'Remember Me'
click_button 'Change Remember Setting'
page.body.must_equal 'Logged In Normally'
remove_cookie('rack.session')
visit '/'
page.body.must_equal 'Not Logged In'
DB[:accounts].update(:status_id=>3)
visit '/load'
page.body.must_equal 'Not Logged In'
end
it "should handle uniqueness errors raised when inserting remember token" do
rodauth do
enable :login, :remember
end
roda do |r|
def rodauth.raised_uniqueness_violation(*) super; true; end
r.rodauth
r.get 'load' do
rodauth.load_memory
r.redirect '/'
end
r.root do
if rodauth.logged_in?
if rodauth.logged_in_via_remember_key?
"Logged In via Remember"
else
"Logged In Normally"
end
else
"Not Logged In"
end
end
end
login
visit '/remember'
choose 'Remember Me'
click_button 'Change Remember Setting'
page.body.must_equal 'Logged In Normally'
end
it "should support login via remember token via jwt" do
rodauth do
enable :login, :remember
end
roda(:jwt) do |r|
r.rodauth
r.post 'load' do
rodauth.load_memory
[4]
end
if rodauth.logged_in?
if rodauth.logged_in_via_remember_key?
[1]
else
[2]
end
else
[3]
end
end
json_request.must_equal [200, [3]]
json_login
json_request.must_equal [200, [2]]
json_request('/load').must_equal [200, [4]]
json_request.must_equal [200, [2]]
res = json_request('/remember', :remember=>'remember')
res.must_equal [200, {'success'=>"Your remember setting has been updated"}]
@authorization = nil
json_request.must_equal [200, [3]]
json_request('/load').must_equal [200, [4]]
json_request.must_equal [200, [1]]
cookie = @cookie
res = json_request('/remember', :remember=>'forget')
res.must_equal [200, {'success'=>"Your remember setting has been updated"}]
json_request.must_equal [200, [1]]
@cookie = nil
@authorization = nil
json_request.must_equal [200, [3]]
json_request('/load').must_equal [200, [4]]
json_request.must_equal [200, [3]]
@cookie = cookie
json_request('/load').must_equal [200, [4]]
json_request.must_equal [200, [1]]
res = json_request('/confirm-password', :password=>'123456')
res.must_equal [401, {'error'=>"There was an error confirming your password", "field-error"=>["password", "invalid password"]}]
res = json_request('/confirm-password', :password=>'0123456789')
res.must_equal [200, {'success'=>"Your password has been confirmed"}]
json_request.must_equal [200, [2]]
res = json_request('/remember', :remember=>'disable')
res.must_equal [200, {'success'=>"Your remember setting has been updated"}]
@authorization = nil
@cookie = nil
json_request.must_equal [200, [3]]
@cookie = cookie
json_request('/load').must_equal [200, [4]]
json_request.must_equal [200, [3]]
end
end