mirror of
https://github.com/neocities/neocities.git
synced 2025-04-25 01:32:36 +02:00
d467e9be96
There is a legacy bug I just caught, where many accounts would have the same email but then have different casing. In extreme scenarios, this would lead to them creating a new user with the same email, or having issues with password reset and username lookup. This doesn't merge in the existing duplicates, but makes sure to only allow insensitive lowercase emails from here on out. It also will check for emails in a case insensitive way for such things as resets and logins if the sensitive lookup doesn't work. The implementation was not wrong per se - email is supposed to be case sensitive for usernames. But of course, nobody (nor do most/all email servers) treat them that way, leading to confusion situations where the user sometimes camelcases their email and then switches to lowercase later.
95 lines
2.6 KiB
Ruby
95 lines
2.6 KiB
Ruby
require_relative './environment.rb'
|
|
|
|
describe 'signin' do
|
|
include Capybara::DSL
|
|
|
|
def fill_in_valid
|
|
@site = Fabricate.attributes_for :site
|
|
fill_in 'username', with: @site[:username]
|
|
fill_in 'password', with: @site[:password]
|
|
end
|
|
|
|
before do
|
|
Capybara.reset_sessions!
|
|
end
|
|
|
|
it 'restores a deleted site' do
|
|
pass = SecureRandom.hex
|
|
@site = Fabricate :site, password: pass
|
|
@site.destroy
|
|
Dir.exist?(@site.files_path).must_equal false
|
|
Dir.exist?(@site.deleted_files_path).must_equal true
|
|
visit '/signin'
|
|
fill_in 'username', with: @site.username
|
|
fill_in 'password', with: pass
|
|
click_button 'Sign In'
|
|
page.must_have_content 'Restore Site'
|
|
click_button 'Restore Site'
|
|
Dir.exist?(@site.deleted_files_path).must_equal false
|
|
Dir.exist?(@site.files_path).must_equal true
|
|
@site.reload.is_deleted.must_equal false
|
|
end
|
|
|
|
it 'fails for invalid signin' do
|
|
visit '/'
|
|
click_link 'Sign In'
|
|
page.must_have_content 'Welcome Back'
|
|
fill_in_valid
|
|
click_button 'Sign In'
|
|
page.must_have_content 'Invalid login'
|
|
end
|
|
|
|
it 'fails for missing signin' do
|
|
visit '/'
|
|
click_link 'Sign In'
|
|
auth = {username: SecureRandom.hex, password: Faker::Internet.password}
|
|
fill_in 'username', with: auth[:username]
|
|
fill_in 'password', with: auth[:password]
|
|
click_button 'Sign In'
|
|
page.must_have_content 'Invalid login'
|
|
end
|
|
|
|
it 'signs in with proper credentials' do
|
|
pass = SecureRandom.hex
|
|
@site = Fabricate :site, password: pass
|
|
visit '/'
|
|
click_link 'Sign In'
|
|
fill_in 'username', with: @site.username
|
|
fill_in 'password', with: pass
|
|
click_button 'Sign In'
|
|
page.must_have_content 'Your Feed'
|
|
end
|
|
|
|
it 'signs in with invalid case username' do
|
|
pass = SecureRandom.hex
|
|
@site = Fabricate :site, password: pass
|
|
visit '/'
|
|
click_link 'Sign In'
|
|
fill_in 'username', with: @site.username.upcase
|
|
fill_in 'password', with: pass
|
|
click_button 'Sign In'
|
|
page.must_have_content 'Your Feed'
|
|
end
|
|
|
|
it 'signs in with email' do
|
|
pass = SecureRandom.hex
|
|
@site = Fabricate :site, password: pass
|
|
visit '/'
|
|
click_link 'Sign In'
|
|
fill_in 'username', with: @site.email
|
|
fill_in 'password', with: pass
|
|
click_button 'Sign In'
|
|
page.must_have_content 'Your Feed'
|
|
end
|
|
|
|
it 'signs in with invalid case email' do
|
|
pass = SecureRandom.hex
|
|
@site = Fabricate :site, password: pass
|
|
visit '/'
|
|
click_link 'Sign In'
|
|
fill_in 'username', with: @site.email.upcase
|
|
fill_in 'password', with: pass
|
|
click_button 'Sign In'
|
|
page.must_have_content 'Your Feed'
|
|
end
|
|
end
|