spec/lockout_spec.rb in rodauth-1.18.0 vs spec/lockout_spec.rb in rodauth-1.19.0

- old
+ new

@@ -1,13 +1,15 @@ require File.expand_path("spec_helper", File.dirname(__FILE__)) describe 'Rodauth lockout feature' do it "should support account lockouts without autologin on unlock" do + lockouts = [] rodauth do enable :lockout max_invalid_logins 2 unlock_account_autologin? false + after_account_lockout{lockouts << true} end roda do |r| r.rodauth r.root{view :content=>(rodauth.logged_in? ? "Logged In" : "Not Logged")} end @@ -26,19 +28,27 @@ 2.times do fill_in 'Password', :with=>'012345678910' click_button 'Login' page.find('#error_flash').text.must_equal 'There was an error logging in' end + lockouts.must_equal [true] fill_in 'Password', :with=>'012345678910' click_button 'Login' page.find('#error_flash').text.must_equal "This account is currently locked out and cannot be logged in to." page.body.must_include("This account is currently locked out") click_button 'Request Account Unlock' page.find('#notice_flash').text.must_equal 'An email has been sent to you with a link to unlock your account' - link = email_link(/(\/unlock-account\?key=.+)$/) + + visit '/login' + fill_in 'Login', :with=>'foo@example.com' + fill_in 'Password', :with=>'012345678910' + click_button 'Login' + click_button 'Request Account Unlock' + email_link(/(\/unlock-account\?key=.+)$/).must_equal link + visit link[0...-1] page.find('#error_flash').text.must_equal 'No matching unlock account key' visit link click_button 'Unlock Account' @@ -52,10 +62,11 @@ it "should support account lockouts with autologin and password required on unlock" do rodauth do enable :lockout unlock_account_requires_password? true + account_lockouts_email_last_sent_column :email_last_sent end roda do |r| r.rodauth r.root{view :content=>(rodauth.logged_in? ? "Logged In" : "Not Logged")} end @@ -72,12 +83,20 @@ click_button 'Login' page.find('#error_flash').text.must_equal "This account is currently locked out and cannot be logged in to." page.body.must_include("This account is currently locked out") click_button 'Request Account Unlock' page.find('#notice_flash').text.must_equal 'An email has been sent to you with a link to unlock your account' - link = email_link(/(\/unlock-account\?key=.+)$/) + + visit '/login' + fill_in 'Login', :with=>'foo@example.com' + fill_in 'Password', :with=>'012345678910' + click_button 'Login' + click_button 'Request Account Unlock' + page.find('#error_flash').text.must_equal "An email has recently been sent to you with a link to unlock the account" + Mail::TestMailer.deliveries.must_equal [] + visit link click_button 'Unlock Account' page.find('#error_flash').text.must_equal 'There was an error unlocking your account' page.body.must_include('invalid password') @@ -145,13 +164,15 @@ click_button 'Close Account' DB[:account_lockouts].count.must_equal 0 end it "should handle uniqueness errors raised when inserting unlock account token" do + lockouts = [] rodauth do enable :lockout max_invalid_logins 2 + after_account_lockout{lockouts << true} end roda do |r| def rodauth.raised_uniqueness_violation(*) super; true; end r.rodauth r.root{view :content=>(rodauth.logged_in? ? "Logged In" : "Not Logged")} @@ -163,9 +184,10 @@ click_button 'Login' page.find('#error_flash').text.must_equal 'There was an error logging in' fill_in 'Password', :with=>'012345678910' click_button 'Login' + lockouts.must_equal [true] page.find('#error_flash').text.must_equal "This account is currently locked out and cannot be logged in to." page.body.must_include("This account is currently locked out") click_button 'Request Account Unlock' page.find('#notice_flash').text.must_equal 'An email has been sent to you with a link to unlock your account'