From 9f724d0a04ad9270f1e96f528f2bd7a3f5163655 Mon Sep 17 00:00:00 2001 From: Shane Kilkelly Date: Wed, 6 Jul 2016 12:14:01 +0100 Subject: [PATCH] Add tests to check if users can access a restricted page. --- .../acceptance/coffee/SessionTests.coffee | 63 ++++++++++++++++++- .../acceptance/coffee/helpers/User.coffee | 11 ++++ 2 files changed, 73 insertions(+), 1 deletion(-) diff --git a/services/web/test/acceptance/coffee/SessionTests.coffee b/services/web/test/acceptance/coffee/SessionTests.coffee index b2b02917ec..cff5b66406 100644 --- a/services/web/test/acceptance/coffee/SessionTests.coffee +++ b/services/web/test/acceptance/coffee/SessionTests.coffee @@ -7,7 +7,7 @@ redis = require "./helpers/redis" describe "Sessions", -> before (done) -> - @timeout(10000) + @timeout(20000) @user1 = new User() @site_admin = new User({email: "admin@example.com"}) async.series [ @@ -34,6 +34,13 @@ describe "Sessions", -> expect(sessions[0].slice(0, 5)).to.equal 'sess:' next() + # should be able to access settings page + , (next) => + @user1.getUserSettingsPage (err, statusCode) => + expect(err).to.equal null + expect(statusCode).to.equal 200 + next() + # logout, should remove session from set , (next) => @user1.logout (err) -> @@ -87,6 +94,19 @@ describe "Sessions", -> expect(sessions[1].slice(0, 5)).to.equal 'sess:' next() + # both should be able to access settings page + , (next) => + @user1.getUserSettingsPage (err, statusCode) => + expect(err).to.equal null + expect(statusCode).to.equal 200 + next() + + , (next) => + @user2.getUserSettingsPage (err, statusCode) => + expect(err).to.equal null + expect(statusCode).to.equal 200 + next() + # logout first session, should remove session from set , (next) => @user1.logout (err) -> @@ -97,6 +117,20 @@ describe "Sessions", -> expect(sessions.length).to.equal 1 next() + # first session should not have access to settings page + , (next) => + @user1.getUserSettingsPage (err, statusCode) => + expect(err).to.equal null + expect(statusCode).to.equal 302 + next() + + # second session should still have access to settings + , (next) => + @user2.getUserSettingsPage (err, statusCode) => + expect(err).to.equal null + expect(statusCode).to.equal 200 + next() + # logout second session, should remove last session from set , (next) => @user2.logout (err) -> @@ -107,6 +141,13 @@ describe "Sessions", -> expect(sessions.length).to.equal 0 next() + # second session should not have access to settings page + , (next) => + @user2.getUserSettingsPage (err, statusCode) => + expect(err).to.equal null + expect(statusCode).to.equal 302 + next() + ], (err, result) => if err throw err @@ -175,6 +216,26 @@ describe "Sessions", -> expect(sessions.length).to.equal 1 next() + # users one and three should not be able to access settings page + , (next) => + @user1.getUserSettingsPage (err, statusCode) => + expect(err).to.equal null + expect(statusCode).to.equal 302 + next() + + , (next) => + @user3.getUserSettingsPage (err, statusCode) => + expect(err).to.equal null + expect(statusCode).to.equal 302 + next() + + # user two should still be logged in, and able to access settings page + , (next) => + @user2.getUserSettingsPage (err, statusCode) => + expect(err).to.equal null + expect(statusCode).to.equal 200 + next() + # logout second session, should remove last session from set , (next) => @user2.logout (err) -> diff --git a/services/web/test/acceptance/coffee/helpers/User.coffee b/services/web/test/acceptance/coffee/helpers/User.coffee index afdd766306..888473578e 100644 --- a/services/web/test/acceptance/coffee/helpers/User.coffee +++ b/services/web/test/acceptance/coffee/helpers/User.coffee @@ -106,4 +106,15 @@ class User return callback(error) if error? callback() + getUserSettingsPage: (callback = (error, statusCode) ->) -> + @getCsrfToken (error) => + return callback(error) if error? + @request.get { + url: "/user/settings" + }, (error, response, body) => + return callback(error) if error? + callback(null, response.statusCode) + + + module.exports = User