require 'controllers/spec_helper' describe "Authentication" do with_controllers with_auth def form_action_should_include_return_to Nokogiri::XML(response.body_as_string).css("form").first[:action].should include(@escaped_return_to) end before :all do class SomeDomain < Controllers::UserManagement def all; end end end after :all do remove_constants :SomeDomain end before do Models::User.current = NotDefined @return_to = "http://some.com/some".freeze @escaped_return_to = "http%3A%2F%2Fsome.com%2Fsome".freeze end describe "By defautl should logged in as Anonymous" do it do pcall SomeDomain, :all response.should be_ok Models::User.current.should == Models::User.anonymous end end describe "Login by Password" do it "Should display Log In Form" do pcall Controllers::Sessions, :login, _return_to: @return_to response.should be_ok form_action_should_include_return_to end it "Registered Users should be able to Log In" do user = Factory.create :user pcall Controllers::Sessions, :login, name: user.name, password: user.password, _return_to: @return_to response.location.start_with?(@return_to).should be_true Models::User.current.should == user end it "Users shouldn't be able to login with invalid password" do user = Factory.create :user pcall Controllers::Sessions, :login, name: user.name, password: 'invalid', _return_to: @return_to response.should be_ok form_action_should_include_return_to Models::User.current.should == Models::User.anonymous end it "Not activated users should'not be able to login" do user = Factory.create :new_user pcall Controllers::Sessions, :login, name: user.name, password: user.password, _return_to: @return_to response.should be_ok form_action_should_include_return_to Models::User.current.should == Models::User.anonymous end end describe "Login by OpenID" do it "if user doesn't exists redirect to registration" do pcall Controllers::Sessions, :login, openid_identifier: "http://some_id.com", _return_to: @return_to token = Models::SecureToken.first token.should_not be_nil response.should redirect_to(finish_open_id_registration_form_identities_path(token: token.token, _return_to: @return_to)) end it "if user exists login" do open_id = "http://some_id.com" user = Factory.build :user user.open_ids << open_id user.save! pcall Controllers::Sessions, :login, openid_identifier: open_id, _return_to: @return_to # token = Models::SecureToken.first type: 'cas' # token.should_not be_nil # response.should redirect_to(@return_to + "?cas_token=#{token.token}") response.should redirect_to(@return_to) Models::User.current.should == user end end describe "Log Out" do it "Registered Users should be able to Log Out" do user = Factory.create :user Models::User.current = user call Controllers::Sessions, :logout, _return_to: @return_to response.should redirect_to(@return_to) Models::User.current.should == Models::User.anonymous end it "Should not loose session variables (from error)" do pcall Controllers::Sessions, :login do |c| request.session[:variable] = true c.call request.session[:variable].should be_true end response.should be_ok end end describe "Set Cookie Token" do it "should set remember me token" do user = Factory.create :user pcall Controllers::Sessions, :login, name: user.name, password: user.password do |c| c.call Models::SecureToken.count.should == 1 token = Models::SecureToken.first token[:user_id].should == user._id.to_s response.cookies.should =~ /auth_token=#{token.token}/ end end end describe "Restore user from Cookie Token" do it "any action in domain controller" do user = Factory.create :user token = Models::SecureToken.new token[:user_id] = user._id.to_s token.expires_at = 2.weeks.from_now token.save! pcall SomeDomain, :all do |c| request.cookies['auth_token'] = token.token c.call end Models::User.current.name.should == user.name end end describe "Miscellaneous" do it "should show status" do call Controllers::Sessions, :status response.should be_ok end end end