add a cucumber test to simulate expiration of a session

Signed-off-by: Reinier Balt <lrbalt@gmail.com>
2025-12-26 12:08:47 +01:00 · 2010-11-10 23:48:56 +01:00 · 2010-11-10 23:48:56 +01:00 · 7b3c07a754
commit 7b3c07a754
parent 520e45fe6b
5 changed files with 72 additions and 30 deletions
--- a/app/controllers/login_controller.rb
+++ b/app/controllers/login_controller.rb
@ -33,30 +33,30 @@ class LoginController < ApplicationController
      @page_title = "TRACKS::Login"
      cookies[:preferred_auth] = prefered_auth? unless cookies[:preferred_auth]
      case request.method
-        when :post
-          if @user = User.authenticate(params['user_login'], params['user_password'])
-            session['user_id'] = @user.id
-            # If checkbox on login page checked, we don't expire the session after 1 hour
-            # of inactivity and we remember this user for future browser sessions
-            session['noexpiry'] = params['user_noexpiry']
-            msg = (should_expire_sessions?) ? "will expire after 1 hour of inactivity." : "will not expire." 
-            notify :notice, "Login successful: session #{msg}"
-            cookies[:tracks_login] = { :value => @user.login, :expires => Time.now + 1.year, :secure => SITE_CONFIG['secure_cookies'] }
-            unless should_expire_sessions?
-              @user.remember_me
-              cookies[:auth_token] = { :value => @user.remember_token , :expires => @user.remember_token_expires_at, :secure => SITE_CONFIG['secure_cookies'] }
-            end
-            redirect_back_or_home
-            return
-          else
-            @login = params['user_login']
-            notify :warning, t('login.unsuccessful')
-          end
-        when :get
-          if User.no_users_yet?
-            redirect_to signup_path
-            return
+      when :post
+        if @user = User.authenticate(params['user_login'], params['user_password'])
+          session['user_id'] = @user.id
+          # If checkbox on login page checked, we don't expire the session after 1 hour
+          # of inactivity and we remember this user for future browser sessions
+          session['noexpiry'] = params['user_noexpiry']
+          msg = (should_expire_sessions?) ? "will expire after 1 hour of inactivity." : "will not expire."
+          notify :notice, "Login successful: session #{msg}"
+          cookies[:tracks_login] = { :value => @user.login, :expires => Time.now + 1.year, :secure => SITE_CONFIG['secure_cookies'] }
+          unless should_expire_sessions?
+            @user.remember_me
+            cookies[:auth_token] = { :value => @user.remember_token , :expires => @user.remember_token_expires_at, :secure => SITE_CONFIG['secure_cookies'] }
          end
+          redirect_back_or_home
+          return
+        else
+          @login = params['user_login']
+          notify :warning, t('login.unsuccessful')
+        end
+      when :get
+        if User.no_users_yet?
+          redirect_to signup_path
+          return
+        end
      end
      respond_to do |format|
        format.html
@ -77,9 +77,26 @@ class LoginController < ApplicationController
      redirect_to_login
    end
  end
+
+  def expire_session
+    # this is a hack to enable cucumber to expire a session by calling this
+    # method. The method will be unavailable for production environment
+    unless Rails.env.production?
+      session['expiry_time'] = Time.now
+      respond_to do |format|
+        format.html { render :text => "Session expired for test purposes"}
+        format.js { render :text => "" }
+      end
+    else
+      respond_to do |format|
+        format.html { render :text => "Not available for production use"}
+        format.js { render :text => "" }
+      end
+    end
+  end
  
  def check_expiry
-    # Gets called by periodically_call_remote to check whether 
+    # Gets called by periodically_call_remote to check whether
    # the session has timed out yet
    unless session == nil
      if session
@ -95,7 +112,7 @@ class LoginController < ApplicationController
    end
  end

-    def login_cas
+  def login_cas
    # If checkbox on login page checked, we don't expire the session after 1 hour
    # of inactivity and we remember this user for future browser sessions

@ -110,7 +127,6 @@ class LoginController < ApplicationController
          @user.remember_me
          cookies[:auth_token] = { :value => @user.remember_token, :expires => @user.remember_token_expires_at, :secure => SITE_CONFIG['secure_cookies'] }
        end
-        #redirect_back_or_home
      else
        notify :warning, t('login.cas_username_not_found', :username => session[:cas_user])
        redirect_to signup_url ; return
@ -118,7 +134,7 @@ class LoginController < ApplicationController
    else
      notify :warning, result.message
    end
-    redirect_back_or_home 
+    redirect_back_or_home

  end
  
--- a/app/views/login/check_expiry.js.erb
+++ b/app/views/login/check_expiry.js.erb
@ -1,9 +1,10 @@
 <%  if @session_expired
-  theHtml = content_tag(
+  theHtml = escape_javascript(content_tag(
    :div,
    t('login.session_time_out', :link => link_to(t('login.log_in_again'), :controller => "login", :action => "login")),
-    :"class" => "warning")
+    :"class" => "warning"))
+  logger.debug("theHtml='#{theHtml}'")
  -%>
-  $('div#navcontainer').remove();
+  $('div#navcontainer').hide();
  $('div#content').html('<%=theHtml%>');
 <%  end -%>
--- a/features/logging_in.feature
+++ b/features/logging_in.feature
@ -49,3 +49,11 @@ Feature: Existing user logging in
      | search page                                             | search page                                             | Logout (Test User) |
      | "top secret" project for user "testuser"                | "top secret" project for user "testuser"                | Logout (Test User) |
      | context page for "@secret location" for user "testuser" | context page for "@secret location" for user "testuser" | Logout (Test User) |
+
+  @selenium @wip
+  Scenario: When session expires, you should be logged out
+    When I go to the login page
+    And I submit the login form as user "testuser" with password "secret" 
+    Then I should be on the login page
+    When my session expires
+    Then I should see "Session has timed out"
--- a/features/step_definitions/login_steps.rb
+++ b/features/step_definitions/login_steps.rb
@ -2,6 +2,7 @@ Given /^I have logged in as "(.*)" with password "(.*)"$/ do |username, password
  visit login_path
  fill_in "Login", :with => username
  fill_in "Password", :with => password
+  uncheck "Stay logged in:"
  click_button
  if response.respond_to? :selenium
    selenium.wait_for_page_to_load(5000)
@ -13,5 +14,20 @@ end
 When /^I submit the login form as user "([^\"]*)" with password "([^\"]*)"$/ do |username, password|
  fill_in 'Login', :with => username
  fill_in 'Password', :with => password
+  uncheck "Stay logged in:"
  click_button
 end
+
+When /^my session expires$/ do
+  selenium.wait_for_page_to_load(5000)
+
+  # use expire_session to force expiry of session
+  js = '$.ajax({type: "GET", url: "/login/expire_session", dataType: "script", async: false});'
+  selenium.run_script(js);
+  
+  # force check of expiry bypassing timeout
+  js = '$.ajax({type: "GET", url: "/login/check_expiry", dataType: "script", async: false});'
+  selenium.run_script(js);
+
+  sleep(2)
+end
--- a/features/step_definitions/todo_steps.rb
+++ b/features/step_definitions/todo_steps.rb
@ -79,6 +79,7 @@ When /I change the (.*) field of "([^\"]*)" to "([^\"]*)"$/ do |field, todo_name
  selenium.click("//img[@id='edit_icon_todo_#{todo.id}']", :wait_for => :ajax, :javascript_framework => :jquery)
  selenium.type("css=form.edit_todo_form input[name=#{field}]", new_value)
  selenium.click("css=button.positive", :wait_for => :ajax, :javascript_framework => :jquery)
+  # TODO: change to a wait_for
  sleep(5)
 end