jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
b2ee1f076695a8a4d46cda99a66492bd8a1e367b
danbooru/test/functional/sessions_controller_test.rb
evazion b2ee1f0766 ip bans: add hit counter, deleted flag, new ban type. 
* Make IP bans soft deletable.
* Add a hit counter to track how many times an IP ban has blocked someone.
* Add a last hit timestamp to track when the IP ban last blocked someone.
* Add a new type of IP ban, the signup ban. Signup bans restrict new
  signups from editing anything until they've verified their email
  address.
2020-04-06 14:13:22 -05:00

85 lines
2.8 KiB
Ruby
Raw Blame History

require 'test_helper'
class SessionsControllerTest < ActionDispatch::IntegrationTest
context "the sessions controller" do
setup do
@user = create(:user, password: "password")
end
context "new action" do
should "render" do
get new_session_path
assert_response :success
end
end
context "create action" do
should "log the user in when given the correct password" do
post session_path, params: { name: @user.name, password: "password" }
assert_redirected_to posts_path
assert_equal(@user.id, session[:user_id])
assert_not_nil(@user.reload.last_ip_addr)
end
should "not log the user in when given an incorrect password" do
post session_path, params: { name: @user.name, password: "wrong"}
assert_response 401
assert_nil(nil, session[:user_id])
end
should "redirect the user when given an url param" do
post session_path, params: { name: @user.name, password: "password", url: tags_path }
assert_redirected_to tags_path
end
should "not allow IP banned users to login" do
@ip_ban = create(:ip_ban, category: :normal, ip_addr: "1.2.3.4")
post session_path, params: { name: @user.name, password: "password" }, headers: { REMOTE_ADDR: "1.2.3.4" }
assert_response 403
assert_not_equal(@user.id, session[:user_id])
assert_equal(1, @ip_ban.reload.hit_count)
assert(@ip_ban.last_hit_at > 1.minute.ago)
end
should "allow signup-restricted IP banned users to login" do
@ip_ban = create(:ip_ban, category: :signup, ip_addr: "1.2.3.4")
post session_path, params: { name: @user.name, password: "password" }, headers: { REMOTE_ADDR: "1.2.3.4" }
assert_redirected_to posts_path
assert_equal(@user.id, session[:user_id])
assert_equal(0, @ip_ban.reload.hit_count)
assert_nil(@ip_ban.last_hit_at)
end
should "ignore deleted IP bans when logging in" do
@ip_ban = create(:ip_ban, is_deleted: true, category: :normal, ip_addr: "1.2.3.4")
post session_path, params: { name: @user.name, password: "password" }, headers: { REMOTE_ADDR: "1.2.3.4" }
assert_redirected_to posts_path
assert_equal(@user.id, session[:user_id])
assert_equal(0, @ip_ban.reload.hit_count)
assert_nil(@ip_ban.last_hit_at)
end
end
context "destroy action" do
should "clear the session" do
delete_auth session_path, @user
assert_redirected_to posts_path
assert_nil(session[:user_id])
end
end
context "sign_out action" do
should "clear the session" do
get_auth sign_out_session_path, @user
assert_redirected_to posts_path
assert_nil(session[:user_id])
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink