mirror of
https://github.com/basecamp/once-campfire.git
synced 2026-02-21 12:10:34 +09:00
58 lines
1.6 KiB
Ruby
58 lines
1.6 KiB
Ruby
require "test_helper"
|
|
|
|
class FirstRunsControllerTest < ActionDispatch::IntegrationTest
|
|
setup do
|
|
Account.destroy_all
|
|
User.destroy_all
|
|
Room.destroy_all
|
|
end
|
|
|
|
test "new is permitted when no other users exit" do
|
|
get first_run_url
|
|
assert_response :success
|
|
end
|
|
|
|
test "new is not permitted when account exist" do
|
|
Account.create!(name: "Chat")
|
|
|
|
get first_run_url
|
|
assert_redirected_to root_url
|
|
end
|
|
|
|
test "create" do
|
|
assert_difference -> { Room.count }, 1 do
|
|
assert_difference -> { User.count }, 1 do
|
|
post first_run_url, params: { account: { name: "37signals" }, user: { name: "New Person", email_address: "new@37signals.com", password: "secret123456" } }
|
|
end
|
|
end
|
|
|
|
assert_redirected_to root_url
|
|
|
|
assert parsed_cookies.signed[:session_token]
|
|
end
|
|
|
|
test "create is not vulnerable to race conditions" do
|
|
num_attackers = 5
|
|
url = first_run_url
|
|
barrier = Concurrent::CyclicBarrier.new(num_attackers)
|
|
|
|
num_attackers.times.map do |i|
|
|
Thread.new do
|
|
session = ActionDispatch::Integration::Session.new(Rails.application)
|
|
barrier.wait # All threads wait here, then fire simultaneously
|
|
|
|
session.post url, params: {
|
|
user: {
|
|
name: "Attacker#{i}",
|
|
email_address: "attacker#{i}@example.com",
|
|
password: "password123"
|
|
}
|
|
}
|
|
end
|
|
end.each(&:join)
|
|
|
|
assert_equal 1, Account.count, "Race condition allowed #{Account.count} accounts to be created!"
|
|
assert_equal 1, User.where(role: :administrator).count, "Race condition allowed multiple admin users!"
|
|
end
|
|
end
|