From 37ec70687b2b61a53e6ca31d386b62f91ade2227 Mon Sep 17 00:00:00 2001
From: dinedine <didier.lafforgue@gmail.com>
Date: Wed, 28 Jul 2010 12:17:56 +0200
Subject: [PATCH] add cucumber scenarii  for the cross domain authentication
 feature

---
 .../admin/cross_domain_sessions_controller.rb | 10 ++++----
 app/views/admin/shared/_header.html.haml      |  4 +++-
 .../admin/cross_domain_authentication.feature | 24 +++++++++++++++++++
 features/step_definitions/admin_steps.rb      | 19 ++++++++++++++-
 public/javascripts/admin/application.js       |  2 +-
 5 files changed, 52 insertions(+), 7 deletions(-)
 create mode 100644 features/admin/cross_domain_authentication.feature

diff --git a/app/controllers/admin/cross_domain_sessions_controller.rb b/app/controllers/admin/cross_domain_sessions_controller.rb
index 07df5697..0bf5663f 100644
--- a/app/controllers/admin/cross_domain_sessions_controller.rb
+++ b/app/controllers/admin/cross_domain_sessions_controller.rb
@@ -12,10 +12,12 @@ module Admin
     before_filter :authenticate_admin!, :only => :new
 
     def new
-      site = current_admin.sites.detect { |s| s._id.to_s == params[:id] }
-      @target = site.domains_without_subdomain.first || site.domains_with_subdomain.first
-
-      current_admin.reset_switch_site_token!
+      if site = current_admin.sites.detect { |s| s._id.to_s == params[:target_id] }
+        @target = site.domains_without_subdomain.first || site.domains_with_subdomain.first
+        current_admin.reset_switch_site_token!
+      else
+        redirect_to admin_pages_path
+      end
     end
 
     def create
diff --git a/app/views/admin/shared/_header.html.haml b/app/views/admin/shared/_header.html.haml
index a9eebdee..fb63f3cf 100644
--- a/app/views/admin/shared/_header.html.haml
+++ b/app/views/admin/shared/_header.html.haml
@@ -1,6 +1,8 @@
 %h1
   - if current_admin.sites.size > 1
-    = select_tag 'site', options_for_select(current_admin.sites.collect { |site| [site.name, new_admin_cross_domain_session_path(:id => site.id)] }, new_admin_cross_domain_session_path(:id => current_site.id)), :id => 'site-selector'
+    = form_tag new_admin_cross_domain_session_url, :method => 'get' do
+      = select_tag 'target_id', options_for_select(current_admin.sites.collect { |site| [site.name, site.id] }, current_site.id), :id => 'site-selector'
+      = submit_tag 'Switch', :style => 'display: none'
   - else
     = link_to current_site.name, admin_root_url, :class => 'single'
 
diff --git a/features/admin/cross_domain_authentication.feature b/features/admin/cross_domain_authentication.feature
new file mode 100644
index 00000000..c3c3331e
--- /dev/null
+++ b/features/admin/cross_domain_authentication.feature
@@ -0,0 +1,24 @@
+@site_up
+@another_site_up
+@authenticated
+Feature:
+  In order to manage a new site I created
+  As an administrator signed in another site of mine
+  I want to bypass the authentication
+
+Scenario: Successful authentication
+  When I go to pages
+  Then I should see "Locomotive test website"
+  When I select "Locomotive test website #2" from "target_id"
+  And I press "Switch"
+  Then I should see "Cross-domain authentication"
+  When I press "Go"
+  Then I should see "Locomotive test website #2"
+
+Scenario: Failed authentication because of an outdated token
+  When I go to pages
+  And I select "Locomotive test website #2" from "target_id"
+  And I press "Switch"
+  And I forget to press the button on the cross-domain notice page
+  And I press "Go"
+  Then I should see "You need to sign in"
diff --git a/features/step_definitions/admin_steps.rb b/features/step_definitions/admin_steps.rb
index 358afc48..886f06f6 100644
--- a/features/step_definitions/admin_steps.rb
+++ b/features/step_definitions/admin_steps.rb
@@ -3,6 +3,10 @@ Before('@site_up') do
   create_layout_samples
 end
 
+Before('@another_site_up') do
+  add_new_site
+end
+
 Before('@authenticated') do
   Given %{I am an authenticated user}
 end
@@ -38,7 +42,14 @@ Then /^I should have "(.*)" in the (.*) page (.*)$/ do |content, page_slug, slug
   part.value.should == content
 end
 
-## Common
+### Cross-domain authentication
+
+When /^I forget to press the button on the cross-domain notice page$/ do
+  @admin.updated_at = 2.minutes.ago
+  Mongoid::Persistence::Update.new(@admin).send(:update)
+end
+
+### Common
 
 def create_site_and_admin_account
   @site = Factory(:site, :name => 'Locomotive test website', :subdomain => 'test')
@@ -47,6 +58,12 @@ def create_site_and_admin_account
   @site.save
 end
 
+def add_new_site
+  @another_site = Factory.build(:site, :name => 'Locomotive test website #2', :subdomain => 'test2')
+  @another_site.memberships.build :account => @admin, :admin => true
+  @another_site.save
+end
+
 def create_layout_samples
   Factory(:layout, :site => @site, :name => 'One column', :value => %{<html>
     <head>
diff --git a/public/javascripts/admin/application.js b/public/javascripts/admin/application.js
index 4516ff25..3b2cc6ec 100644
--- a/public/javascripts/admin/application.js
+++ b/public/javascripts/admin/application.js
@@ -121,7 +121,7 @@ $(document).ready(function() {
 
   // site selector
   $('#site-selector').selectmenu({ style: 'dropdown', width: 300, offsetTop: 8, change: function(event, ui) {
-    window.location.href = ui.value;
+    $('#site-selector').parent().submit();
   } });
 
 });