transferred Code Ocean from original repository to GitHub

2015-01-22 09:51:49 +01:00
commit 4cbf9970b1
683 changed files with 11979 additions and 0 deletions
--- a/spec/controllers/sessions_controller_spec.rb
+++ b/spec/controllers/sessions_controller_spec.rb
@ -0,0 +1,145 @@
+require 'rails_helper'
+
+describe SessionsController do
+  let(:consumer) { FactoryGirl.create(:consumer) }
+
+  describe 'POST #create' do
+    let(:password) { user_attributes[:password] }
+    let(:user) { InternalUser.create(user_attributes) }
+    let(:user_attributes) { FactoryGirl.attributes_for(:teacher) }
+
+    context 'with valid credentials' do
+      before(:each) do
+        user.activate!
+        post :create, email: user.email, password: password, remember_me: 1
+      end
+
+      expect_flash_message(:notice, :'sessions.create.success')
+      expect_redirect
+    end
+
+    context 'with invalid credentials' do
+      before(:each) { post :create, email: user.email, password: '', remember_me: 1 }
+
+      expect_flash_message(:danger, :'sessions.create.failure')
+      expect_template(:new)
+    end
+  end
+
+  describe 'POST #create_through_lti' do
+    let(:exercise) { FactoryGirl.create(:fibonacci) }
+    let(:nonce) { SecureRandom.hex }
+
+    context 'without OAuth parameters' do
+      it 'refuses the LTI launch' do
+        expect(controller).to receive(:refuse_lti_launch).with(message: I18n.t('sessions.oauth.missing_parameters')).and_call_original
+        post :create_through_lti
+      end
+    end
+
+    context 'without a valid consumer key' do
+      it 'refuses the LTI launch' do
+        expect(controller).to receive(:refuse_lti_launch).with(message: I18n.t('sessions.oauth.invalid_consumer')).and_call_original
+        post :create_through_lti, oauth_consumer_key: SecureRandom.hex, oauth_signature: SecureRandom.hex
+      end
+    end
+
+    context 'with an invalid OAuth signature' do
+      it 'refuses the LTI launch' do
+        expect(controller).to receive(:refuse_lti_launch).with(message: I18n.t('sessions.oauth.invalid_signature')).and_call_original
+        post :create_through_lti, oauth_consumer_key: consumer.oauth_key, oauth_signature: SecureRandom.hex
+      end
+    end
+
+    context 'without a unique OAuth nonce' do
+      it 'refuses the LTI launch' do
+        expect_any_instance_of(IMS::LTI::ToolProvider).to receive(:valid_request?).and_return(true)
+        expect(NonceStore).to receive(:has?).with(nonce).and_return(true)
+        expect(controller).to receive(:refuse_lti_launch).with(message: I18n.t('sessions.oauth.used_nonce')).and_call_original
+        post :create_through_lti, oauth_consumer_key: consumer.oauth_key, oauth_nonce: nonce, oauth_signature: SecureRandom.hex
+      end
+    end
+
+    context 'without a valid exercise token' do
+      it 'refuses the LTI launch' do
+        expect_any_instance_of(IMS::LTI::ToolProvider).to receive(:valid_request?).and_return(true)
+        expect(controller).to receive(:refuse_lti_launch).with(message: I18n.t('sessions.oauth.invalid_exercise_token')).and_call_original
+        post :create_through_lti, custom_token: '', oauth_consumer_key: consumer.oauth_key, oauth_nonce: nonce, oauth_signature: SecureRandom.hex
+      end
+    end
+
+    context 'with valid launch parameters' do
+      let(:request) { post :create_through_lti, custom_token: exercise.token, oauth_consumer_key: consumer.oauth_key, oauth_nonce: nonce, oauth_signature: SecureRandom.hex, user_id: user.external_id }
+      let(:user) { FactoryGirl.create(:external_user, consumer_id: consumer.id) }
+      before(:each) { expect_any_instance_of(IMS::LTI::ToolProvider).to receive(:valid_request?).and_return(true) }
+
+      it 'assigns the current user' do
+        request
+        expect(assigns(:current_user)).to be_an(ExternalUser)
+        expect(session[:external_user_id]).to eq(user.id)
+      end
+
+      it 'assigns the exercise' do
+        request
+        expect(assigns(:exercise)).to eq(exercise)
+      end
+
+      it 'stores LTI parameters in the session' do
+        expect(controller).to receive(:store_lti_session_data)
+        request
+      end
+
+      it 'stores the OAuth nonce' do
+        expect(controller).to receive(:store_nonce).with(nonce)
+        request
+      end
+
+      context 'when LTI outcomes are supported' do
+        before(:each) do
+          expect(controller).to receive(:lti_outcome_service?).and_return(true)
+          request
+        end
+
+        it 'displays a flash message' do
+          expect(flash[:notice]).to eq(I18n.t('sessions.create_through_lti.session_with_outcome', consumer: consumer))
+        end
+      end
+
+      context 'when LTI outcomes are not supported' do
+        before(:each) do
+          expect(controller).to receive(:lti_outcome_service?).and_return(false)
+          request
+        end
+
+        it 'displays a flash message' do
+          expect(flash[:notice]).to eq(I18n.t('sessions.create_through_lti.session_without_outcome', consumer: consumer))
+        end
+      end
+
+      it 'redirects to the requested exercise' do
+        request
+        expect(controller).to redirect_to(implement_exercise_path(exercise.id))
+      end
+    end
+  end
+
+  describe 'GET #destroy_through_lti' do
+    let(:request) { Proc.new { get :destroy_through_lti, consumer_id: consumer.id, submission_id: submission.id } }
+    let(:submission) { FactoryGirl.create(:submission) }
+
+    before(:each) do
+      session[:consumer_id] = consumer.id
+      session[:lti_parameters] = {}
+    end
+
+    before(:each) { request.call }
+
+    it 'clears the session' do
+      expect(controller).to receive(:clear_lti_session_data)
+      request.call
+    end
+
+    expect_status(200)
+    expect_template(:destroy_through_lti)
+  end
+end