Files
once-campfire/test/controllers/first_runs_controller_test.rb

58 lines
1.6 KiB
Ruby

require "test_helper"
class FirstRunsControllerTest < ActionDispatch::IntegrationTest
setup do
Account.destroy_all
User.destroy_all
Room.destroy_all
end
test "new is permitted when no other users exit" do
get first_run_url
assert_response :success
end
test "new is not permitted when account exist" do
Account.create!(name: "Chat")
get first_run_url
assert_redirected_to root_url
end
test "create" do
assert_difference -> { Room.count }, 1 do
assert_difference -> { User.count }, 1 do
post first_run_url, params: { account: { name: "37signals" }, user: { name: "New Person", email_address: "new@37signals.com", password: "secret123456" } }
end
end
assert_redirected_to root_url
assert parsed_cookies.signed[:session_token]
end
test "create is not vulnerable to race conditions" do
num_attackers = 5
url = first_run_url
barrier = Concurrent::CyclicBarrier.new(num_attackers)
num_attackers.times.map do |i|
Thread.new do
session = ActionDispatch::Integration::Session.new(Rails.application)
barrier.wait # All threads wait here, then fire simultaneously
session.post url, params: {
user: {
name: "Attacker#{i}",
email_address: "attacker#{i}@example.com",
password: "password123"
}
}
end
end.each(&:join)
assert_equal 1, Account.count, "Race condition allowed #{Account.count} accounts to be created!"
assert_equal 1, User.where(role: :administrator).count, "Race condition allowed multiple admin users!"
end
end