spec/lockout_spec.rb in rodauth-1.18.0 vs spec/lockout_spec.rb in rodauth-1.19.0
- old
+ new
@@ -1,13 +1,15 @@
require File.expand_path("spec_helper", File.dirname(__FILE__))
describe 'Rodauth lockout feature' do
it "should support account lockouts without autologin on unlock" do
+ lockouts = []
rodauth do
enable :lockout
max_invalid_logins 2
unlock_account_autologin? false
+ after_account_lockout{lockouts << true}
end
roda do |r|
r.rodauth
r.root{view :content=>(rodauth.logged_in? ? "Logged In" : "Not Logged")}
end
@@ -26,19 +28,27 @@
2.times do
fill_in 'Password', :with=>'012345678910'
click_button 'Login'
page.find('#error_flash').text.must_equal 'There was an error logging in'
end
+ lockouts.must_equal [true]
fill_in 'Password', :with=>'012345678910'
click_button 'Login'
page.find('#error_flash').text.must_equal "This account is currently locked out and cannot be logged in to."
page.body.must_include("This account is currently locked out")
click_button 'Request Account Unlock'
page.find('#notice_flash').text.must_equal 'An email has been sent to you with a link to unlock your account'
-
link = email_link(/(\/unlock-account\?key=.+)$/)
+
+ visit '/login'
+ fill_in 'Login', :with=>'foo@example.com'
+ fill_in 'Password', :with=>'012345678910'
+ click_button 'Login'
+ click_button 'Request Account Unlock'
+ email_link(/(\/unlock-account\?key=.+)$/).must_equal link
+
visit link[0...-1]
page.find('#error_flash').text.must_equal 'No matching unlock account key'
visit link
click_button 'Unlock Account'
@@ -52,10 +62,11 @@
it "should support account lockouts with autologin and password required on unlock" do
rodauth do
enable :lockout
unlock_account_requires_password? true
+ account_lockouts_email_last_sent_column :email_last_sent
end
roda do |r|
r.rodauth
r.root{view :content=>(rodauth.logged_in? ? "Logged In" : "Not Logged")}
end
@@ -72,12 +83,20 @@
click_button 'Login'
page.find('#error_flash').text.must_equal "This account is currently locked out and cannot be logged in to."
page.body.must_include("This account is currently locked out")
click_button 'Request Account Unlock'
page.find('#notice_flash').text.must_equal 'An email has been sent to you with a link to unlock your account'
-
link = email_link(/(\/unlock-account\?key=.+)$/)
+
+ visit '/login'
+ fill_in 'Login', :with=>'foo@example.com'
+ fill_in 'Password', :with=>'012345678910'
+ click_button 'Login'
+ click_button 'Request Account Unlock'
+ page.find('#error_flash').text.must_equal "An email has recently been sent to you with a link to unlock the account"
+ Mail::TestMailer.deliveries.must_equal []
+
visit link
click_button 'Unlock Account'
page.find('#error_flash').text.must_equal 'There was an error unlocking your account'
page.body.must_include('invalid password')
@@ -145,13 +164,15 @@
click_button 'Close Account'
DB[:account_lockouts].count.must_equal 0
end
it "should handle uniqueness errors raised when inserting unlock account token" do
+ lockouts = []
rodauth do
enable :lockout
max_invalid_logins 2
+ after_account_lockout{lockouts << true}
end
roda do |r|
def rodauth.raised_uniqueness_violation(*) super; true; end
r.rodauth
r.root{view :content=>(rodauth.logged_in? ? "Logged In" : "Not Logged")}
@@ -163,9 +184,10 @@
click_button 'Login'
page.find('#error_flash').text.must_equal 'There was an error logging in'
fill_in 'Password', :with=>'012345678910'
click_button 'Login'
+ lockouts.must_equal [true]
page.find('#error_flash').text.must_equal "This account is currently locked out and cannot be logged in to."
page.body.must_include("This account is currently locked out")
click_button 'Request Account Unlock'
page.find('#notice_flash').text.must_equal 'An email has been sent to you with a link to unlock your account'