From cc6e47460287eca00bc58504a6b9759bc02f5782 Mon Sep 17 00:00:00 2001 From: Daniela Soares Feitosa Date: Wed, 22 Jul 2009 12:22:18 -0300 Subject: [PATCH] ActionItem1125: only authenticated users can enable enterprises --- app/controllers/public/account_controller.rb | 31 ++----------------------------- app/views/account/activation_question.rhtml | 2 +- app/views/home/index.rhtml | 12 ------------ app/views/profile_editor/index.rhtml | 13 ++++++++++++- test/functional/account_controller_test.rb | 151 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------------------------------------ test/functional/home_controller_test.rb | 18 ------------------ test/functional/profile_editor_controller_test.rb | 19 +++++++++++++++++++ 7 files changed, 119 insertions(+), 127 deletions(-) diff --git a/app/controllers/public/account_controller.rb b/app/controllers/public/account_controller.rb index d35e543..614ce35 100644 --- a/app/controllers/public/account_controller.rb +++ b/app/controllers/public/account_controller.rb @@ -4,6 +4,8 @@ class AccountController < ApplicationController require_ssl :except => [ :login_popup, :logout_popup, :wizard, :profile_details ] + before_filter :login_required, :only => [:activation_question, :accept_terms, :activate_enterprise] + # say something nice, you goof! something sweet. def index unless logged_in? @@ -181,22 +183,6 @@ class AccountController < ApplicationController def accept_terms @enterprise = load_enterprise @question = @enterprise.question - - if @enterprise.enabled - render :action => 'already_activated' - return - end - - @question = @enterprise.question - if !@question || @enterprise.blocked? - render :action => 'blocked' - return - end - end - - def accept_terms - @enterprise = load_enterprise - @question = @enterprise.question if !@question || @enterprise.blocked? render :action => 'blocked' return @@ -212,7 +198,6 @@ class AccountController < ApplicationController @question = @enterprise.question return unless check_answer return unless check_acceptance_of_terms - load_user activation = load_enterprise_activation if activation && user @@ -253,18 +238,6 @@ class AccountController < ApplicationController @cannot_redirect = true end - def load_user - unless logged_in? - no_redirect - if params[:new_user] - signup - else - login - end - end - true - end - def check_answer unless answer_correct @enterprise.block diff --git a/app/views/account/activation_question.rhtml b/app/views/account/activation_question.rhtml index 4836fc3..7259948 100644 --- a/app/views/account/activation_question.rhtml +++ b/app/views/account/activation_question.rhtml @@ -28,7 +28,7 @@

<%= _('Pay atention! You have only one chance!') %>

-

<%= _("This is a question to know if you is really part of this enterprise. Pay atention because you has only one chance to answer rigth and activate your enterprise. If you answer wrong you will not be able to activate the enterprise automaticaly and must get in touch with the admins of %s by email or phone.") % environment.name %>

+

<%= _("This is a question to know if you really are part of this enterprise. Pay atention because you have only one chance to answer right and activate your enterprise. If you answer wrong you will not be able to activate the enterprise automaticaly and must get in touch with the admins of %s by email or phone.") % environment.name %>

<%= ApplicationHelper::NoosferoFormBuilder::output_field(@question == :foundation_year ? _('What year your enterprise was founded?') : _('What is the CNPJ of your enterprise?'), text_field_tag(:answer, nil, :id => 'enterprise-activation-answer', :help => help=_('We need to be sure that this is your enterprise'))) %> diff --git a/app/views/home/index.rhtml b/app/views/home/index.rhtml index 3da0a9e..056a623 100644 --- a/app/views/home/index.rhtml +++ b/app/views/home/index.rhtml @@ -47,18 +47,6 @@ <%= environment.description %> <% end %> -<% if environment.enabled?('enterprise_activation') %> - -
- <% form_tag({:controller => 'account', :action => 'activation_question'}, {:method => 'get'}) do %> -

<%= __('Activate your enterprise') %>

- <%= labelled_form_field(__('Enterprise activation code') + ':', text_field_tag('enterprise_code')) %> - <%= submit_button(:ok, _('Activate')) %> - <% end %> -
- -<% end %> - <% if environment.enabled?('search_in_home') %> diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb index 89d7a95..619bf52 100644 --- a/test/functional/account_controller_test.rb +++ b/test/functional/account_controller_test.rb @@ -332,7 +332,16 @@ class AccountControllerTest < Test::Unit::TestCase # # ################################ + should 'require login for validation question' do + get :activation_question, :enterprise_code => 'some_code' + + assert_redirected_to :controller => 'account', :action => 'login' + end + should 'report invalid enterprise code on signup' do + person = create_user('mylogin').person + login_as(person.identifier) + EnterpriseActivation.expects(:find_by_code).with('some_invalid_code').returns(nil).at_least_once get :activation_question, :enterprise_code => 'some_invalid_code' @@ -341,6 +350,9 @@ class AccountControllerTest < Test::Unit::TestCase end should 'report enterprise already enabled' do + person = create_user('mylogin').person + login_as(person.identifier) + ent = Enterprise.create!(:name => 'test enterprise', :identifier => 'test_ent', :cnpj => '0'*14, :enabled => true) task = mock task.expects(:enterprise).returns(ent).at_least_once @@ -352,6 +364,9 @@ class AccountControllerTest < Test::Unit::TestCase end should 'load enterprise from code on for validation question' do + person = create_user('mylogin').person + login_as(person.identifier) + ent = Enterprise.create!(:name => 'test enterprise', :identifier => 'test_ent') task = mock @@ -364,6 +379,9 @@ class AccountControllerTest < Test::Unit::TestCase end should 'block enterprises that do not have foundation_year or cnpj' do + person = create_user('mylogin').person + login_as(person.identifier) + ent = Enterprise.create!(:name => 'test enterprise', :identifier => 'test_ent', :enabled => false) task = mock @@ -376,6 +394,9 @@ class AccountControllerTest < Test::Unit::TestCase end should 'show form to those enterprises that have foundation year' do + person = create_user('mylogin').person + login_as(person.identifier) + ent = Enterprise.create!(:name => 'test enterprise', :identifier => 'test_ent', :foundation_year => 1998, :enabled => false) task = mock @@ -388,6 +409,9 @@ class AccountControllerTest < Test::Unit::TestCase end should 'show form to those enterprises that have cnpj' do + person = create_user('mylogin').person + login_as(person.identifier) + ent = Enterprise.create!(:name => 'test enterprise', :identifier => 'test_ent', :cnpj => '0'*14, :enabled => false) task = mock @@ -400,6 +424,9 @@ class AccountControllerTest < Test::Unit::TestCase end should 'block those who are blocked' do + person = create_user('mylogin').person + login_as(person.identifier) + ent = Enterprise.create!(:name => 'test enterprise', :identifier => 'test_ent', :foundation_year => '1998', :enabled => false) ent.block @@ -412,7 +439,37 @@ class AccountControllerTest < Test::Unit::TestCase assert_template 'blocked' end + should 'put hidden field with enterprise code for answering question' do + person = create_user('mylogin').person + login_as(person.identifier) + + ent = Enterprise.create!(:name => 'test enterprise', :identifier => 'test_ent', :foundation_year => 1998, :enabled => false) + + task = mock + task.expects(:enterprise).returns(ent).at_least_once + EnterpriseActivation.expects(:find_by_code).with('0123456789').returns(task).at_least_once + + get :activation_question, :enterprise_code => '0123456789' + + assert_tag :tag => 'input', :attributes => { :type => 'hidden', :name => 'enterprise_code', :value => '0123456789'} + end + + should 'require login for accept terms' do + ent = Enterprise.create!(:name => 'test enterprise', :identifier => 'test_ent', :foundation_year => 1998, :enabled => false) + + task = mock + task.expects(:enterprise).returns(ent).never + EnterpriseActivation.expects(:find_by_code).with('0123456789').returns(task).never + + post :accept_terms, :enterprise_code => '0123456789', :answer => '1998' + + assert_redirected_to :controller => 'account', :action => 'login' + end + should 'block those who failed to answer the question' do + person = create_user('mylogin').person + login_as(person.identifier) + ent = Enterprise.create!(:name => 'test enterprise', :identifier => 'test_ent', :foundation_year => 1998, :enabled => false) task = mock @@ -429,6 +486,9 @@ class AccountControllerTest < Test::Unit::TestCase end should 'show terms of use for enterprise owners' do + person = create_user('mylogin').person + login_as(person.identifier) + env = Environment.default env.terms_of_enterprise_use = 'Some terms' env.save! @@ -443,32 +503,37 @@ class AccountControllerTest < Test::Unit::TestCase assert_tag :tag => 'div', :content => 'Some terms' end - should 'not activate if user does not accept terms' do + should 'block who is blocked but directly arrive in the second step' do + person = create_user('mylogin').person + login_as(person.identifier) + ent = Enterprise.create!(:name => 'test enterprise', :identifier => 'test_ent', :foundation_year => 1998, :enabled => false) - p = create_user('test_user', :password => 'blih', :password_confirmation => 'blih', :email => 'test@noosfero.com').person - login_as(p.identifier) + ent.block + ent.save - task = EnterpriseActivation.create!(:enterprise => ent) + task = mock + task.expects(:enterprise).returns(ent).at_least_once EnterpriseActivation.expects(:find_by_code).with('0123456789').returns(task).at_least_once - post :activate_enterprise, :enterprise_code => '0123456789', :answer => '1998', :terms_accepted => false - ent.reload + get :accept_terms, :enterprise_code => '0123456789', :answer => 1998 - assert !ent.enabled - assert_not_includes ent.members, p + assert_template 'blocked' end - should 'ask for login or singup if not logged in' do + should 'require login to activate enterprise' do + env = Environment.default + env.terms_of_use = 'some terms' + env.save! ent = Enterprise.create!(:name => 'test enterprise', :identifier => 'test_ent', :foundation_year => 1998, :enabled => false) task = EnterpriseActivation.create!(:enterprise => ent) - EnterpriseActivation.expects(:find_by_code).with('0123456789').returns(task).at_least_once + EnterpriseActivation.expects(:find_by_code).with('0123456789').returns(task).never post :activate_enterprise, :enterprise_code => '0123456789', :answer => '1998', :terms_accepted => true - assert_template 'activate_enterprise' + assert_redirected_to :controller => 'account', :action => 'login' end - should 'activate enterprise and make logged user admin' do + should 'not activate if user does not accept terms' do ent = Enterprise.create!(:name => 'test enterprise', :identifier => 'test_ent', :foundation_year => 1998, :enabled => false) p = create_user('test_user', :password => 'blih', :password_confirmation => 'blih', :email => 'test@noosfero.com').person login_as(p.identifier) @@ -476,78 +541,32 @@ class AccountControllerTest < Test::Unit::TestCase task = EnterpriseActivation.create!(:enterprise => ent) EnterpriseActivation.expects(:find_by_code).with('0123456789').returns(task).at_least_once - post :activate_enterprise, :enterprise_code => '0123456789', :answer => '1998', :terms_accepted => true - ent.reload - - assert ent.enabled - assert_includes ent.members, p - end - - should 'not activate enterprise for inexistent user' do - ent = Enterprise.create!(:name => 'test enterprise', :identifier => 'test_ent', :foundation_year => 1998, :enabled => false) - task = EnterpriseActivation.create!(:enterprise => ent) - EnterpriseActivation.expects(:find_by_code).with('0123456789').returns(task).at_least_once - - post :activate_enterprise, :enterprise_code => '0123456789', :answer => '1998', :terms_accepted => true, :user => { :login => 'inexistent_user', :password => 'inexistent_password' } + post :activate_enterprise, :enterprise_code => '0123456789', :answer => '1998', :terms_accepted => false ent.reload assert !ent.enabled + assert_not_includes ent.members, p end - should 'activate enterprise and make unlogged user admin' do + should 'activate enterprise and make logged user admin' do ent = Enterprise.create!(:name => 'test enterprise', :identifier => 'test_ent', :foundation_year => 1998, :enabled => false) p = create_user('test_user', :password => 'blih', :password_confirmation => 'blih', :email => 'test@noosfero.com').person + login_as(p.identifier) task = EnterpriseActivation.create!(:enterprise => ent) EnterpriseActivation.expects(:find_by_code).with('0123456789').returns(task).at_least_once - post :activate_enterprise, :enterprise_code => '0123456789', :answer => '1998', :terms_accepted => true, :user => { :login => 'test_user', :password => 'blih' } + post :activate_enterprise, :enterprise_code => '0123456789', :answer => '1998', :terms_accepted => true ent.reload assert ent.enabled assert_includes ent.members, p end - should 'activate enterprise, create user and make admin' do - ent = Enterprise.create!(:name => 'test enterprise', :identifier => 'test_ent', :foundation_year => 1998, :enabled => false) - - task = EnterpriseActivation.create!(:enterprise => ent) - EnterpriseActivation.expects(:find_by_code).with('0123456789').returns(task).at_least_once - - post :activate_enterprise, :enterprise_code => '0123456789', :answer => '1998', :terms_accepted => true, :new_user => true, :user => { :login => 'test_user', :password => 'blih', :password_confirmation => 'blih', :email => 'test@noosfero.com' }, :profile_data => person_data - ent.reload - - assert ent.enabled - assert_includes ent.members.map(&:identifier), 'test_user' - end - - should 'put hidden field with enterprise code for answering question' do - ent = Enterprise.create!(:name => 'test enterprise', :identifier => 'test_ent', :foundation_year => 1998, :enabled => false) - - task = mock - task.expects(:enterprise).returns(ent).at_least_once - EnterpriseActivation.expects(:find_by_code).with('0123456789').returns(task).at_least_once - - get :activation_question, :enterprise_code => '0123456789' - - assert_tag :tag => 'input', :attributes => { :type => 'hidden', :name => 'enterprise_code', :value => '0123456789'} - end - - should 'block who is blocked but directly arrive in the second step' do - ent = Enterprise.create!(:name => 'test enterprise', :identifier => 'test_ent', :foundation_year => 1998, :enabled => false) - ent.block - ent.save - - task = mock - task.expects(:enterprise).returns(ent).at_least_once - EnterpriseActivation.expects(:find_by_code).with('0123456789').returns(task).at_least_once - - get :accept_terms, :enterprise_code => '0123456789', :answer => 1998 - - assert_template 'blocked' - end - should 'load terms of use for users when creating new users as activate enterprise' do + person = create_user('mylogin').person + login_as(person.identifier) + env = Environment.default env.terms_of_use = 'some terms' env.save! diff --git a/test/functional/home_controller_test.rb b/test/functional/home_controller_test.rb index 41d22c1..ca12cc9 100644 --- a/test/functional/home_controller_test.rb +++ b/test/functional/home_controller_test.rb @@ -22,24 +22,6 @@ all_fixtures assert_valid_xhtml end - should 'not display form for enterprise activation if disabled in environment' do - env = Environment.default - env.disable('enterprise_activation') - env.save! - - get :index - assert_no_tag :tag => 'div', :attributes => { :id => 'activation_enterprise' }, :descendant => {:tag => 'form', :attributes => {:action => '/account/activation_question'}} - end - - should 'display form for enterprise activation if enabled on environment' do - env = Environment.default - env.enable('enterprise_activation') - env.save! - - get :index - assert_tag :tag => 'div', :attributes => { :id => 'activation_enterprise' }, :descendant => {:tag => 'form', :attributes => {:action => '/account/activation_question'}} - end - should 'not display news from portal if disabled in environment' do env = Environment.default env.disable('use_portal_community') diff --git a/test/functional/profile_editor_controller_test.rb b/test/functional/profile_editor_controller_test.rb index 8f20f2b..806d1de 100644 --- a/test/functional/profile_editor_controller_test.rb +++ b/test/functional/profile_editor_controller_test.rb @@ -694,4 +694,23 @@ class ProfileEditorControllerTest < Test::Unit::TestCase assert_template 'edit' end + should 'not display form for enterprise activation if disabled in environment' do + env = Environment.default + env.disable('enterprise_activation') + env.save! + + get :index, :profile => profile.identifier + assert_no_tag :tag => 'div', :attributes => { :id => 'activation_enterprise' }, :descendant => {:tag => 'form', :attributes => {:action => '/account/activation_question'}} + end + + should 'display form for enterprise activation if enabled on environment' do + env = Environment.default + env.enable('enterprise_activation') + env.save! + + get :index, :profile => profile.identifier + assert_tag :tag => 'div', :attributes => { :id => 'activation_enterprise' }, :descendant => {:tag => 'form', :attributes => {:action => '/account/activation_question'}} + end + + end -- libgit2 0.21.2