Class: SecurityTest

Inherits:

ActionController::IntegrationTest

• Object
• ActionController::IntegrationTest
• SecurityTest

Includes:

Goldberg::TestHelper

Defined in:

lib/six-updater-web/vendor/plugins/goldberg/test/integration/security_test.rb

Overview

(Also need to test for pending registration confirmation, and for session expiry.)

Instance Method Summary

• #test_action_security ⇒ Object

  Public user can execute public actions, but when they try executing an administrator action they are redirected to login.

• #test_page_security ⇒ Object

  Public user can view public pages, but when they try accessing an administrator page they are redirected to login.

• #test_pending_request ⇒ Object

  If a public user tries to access a resource for which they lack authorisation, after logging in they should be redirected to that resource.

• #test_session_expiry ⇒ Object

  User should be redirected to the session expired page if they remain inactive longer than the session timeout in System Settings.

• #test_wrong_password ⇒ Object

  User is not logged in if password is wrong.

Methods included from Goldberg::TestHelper

#form_login, #form_logout, included, #login_user

Instance Method Details

#test_action_security ⇒ Object

Public user can execute public actions, but when they try executing an administrator action they are redirected to login.

# File 'lib/six-updater-web/vendor/plugins/goldberg/test/integration/security_test.rb', line 12

def test_action_security
  # A public action
  get '/goldberg/auth/login'
  assert_response :success
  # An administrator action
  get '/goldberg/users/list'
  assert_redirected_to_login

  form_login('admin', 'admin')

  get '/goldberg/users/list'
  assert_response :success
end

#test_page_security ⇒ Object

Public user can view public pages, but when they try accessing an administrator page they are redirected to login.

# File 'lib/six-updater-web/vendor/plugins/goldberg/test/integration/security_test.rb', line 28

def test_page_security
  # A public page
  get '/home'
  assert_response :success
  # An administrator page
  get '/admin'
  assert_redirected_to_login

  form_login('admin', 'admin')
  
  get '/admin'
  assert_response :success
end

#test_pending_request ⇒ Object

If a public user tries to access a resource for which they lack authorisation, after logging in they should be redirected to that resource.

# File 'lib/six-updater-web/vendor/plugins/goldberg/test/integration/security_test.rb', line 45

def test_pending_request
  get '/goldberg/users/list'
  assert_redirected_to_login

  form_login('admin', 'admin')
  assert_match /goldberg\/users\/list/, response.redirected_to
end

#test_session_expiry ⇒ Object

User should be redirected to the session expired page if they remain inactive longer than the session timeout in System Settings.

# File 'lib/six-updater-web/vendor/plugins/goldberg/test/integration/security_test.rb', line 56

def test_session_expiry
  # Set the timeout really short
  settings = Goldberg::SystemSettings.find :first
  settings.session_timeout = 3  # Three seconds should be ample
  settings.save!

  form_login('admin', 'admin')
  get '/site_admin'
  assert_response :success

  # Wait longer than the timeout
  sleep 4
  get '/site_admin'
  assert_redirected_to :session_expired_page
end

#test_wrong_password ⇒ Object

User is not logged in if password is wrong

# File 'lib/six-updater-web/vendor/plugins/goldberg/test/integration/security_test.rb', line 73

def test_wrong_password
  form_login('admin', 'foobar')
  assert_nil session[:goldberg][:user_id]
end