-
Notifications
You must be signed in to change notification settings - Fork 42
Expand file tree
/
Copy pathusers_controller_spec.rb
More file actions
219 lines (185 loc) · 7.71 KB
/
users_controller_spec.rb
File metadata and controls
219 lines (185 loc) · 7.71 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
# frozen_string_literal: true
require 'spec_helper'
describe UsersController, type: :controller do
describe 'GET show' do
describe 'when accessed as a guest' do
before :each do
expect(controller.current_user).to be_guest
end
it 'should redirect to login page' do
get :show
expect(response.status).to eq(302)
expect(response.headers['Location']).to include('/login?return_to=%2Fuser')
end
it 'should deny access if signup is disabled in site settings' do
SiteSetting.all_settings['enable_signup'] = false
get :show
expect(response.status).to eq(302)
expect(response.headers).to include 'X-Frame-Options'
end
describe 'when using bare layout' do
it 'should ' do
get :new, params: { bare_layout: 1 }
expect(response.headers).not_to include 'X-Frame-Options'
expect(response.status).to eq(200)
end
end
end
describe 'when accessed as a logged in user' do
before :each do
controller.current_user = FactoryBot.create(:user)
end
it 'should show the profile page' do
get :show
expect(response).to be_successful
end
end
end
describe 'POST create' do
before :each do
@valid_attrs = {
login: 'asd',
email: 'asd@example.com',
email_repeat: 'asd@example.com',
password: 'xoox',
password_repeat: 'xoox'
}
# Mock the courses.mooc.fi integration to avoid HTTP calls in tests
allow_any_instance_of(User).to receive(:post_new_user_to_courses_mooc_fi).and_return(true)
end
it 'should create a new user account' do
post :create, params: { user: @valid_attrs }
expect(response).to redirect_to(root_path)
user = User.find_by(email: @valid_attrs[:email])
expect(user).not_to be_nil
expect(user.email).to eq(@valid_attrs[:email])
expect(user.login).not_to eq(@valid_attrs[:login])
expect(user).to have_password(@valid_attrs[:password])
end
# Username generated by uuid
it 'should not require an username' do
@valid_attrs.delete :login
post :create, params: { user: @valid_attrs }
expect(User.count).to eq(1)
end
it 'should require the email to be unique' do
post :create, params: { user: @valid_attrs }
post :create, params: { user: @valid_attrs }
expect(User.count).to eq(1)
end
it 'should require an email' do
@valid_attrs.delete :email
@valid_attrs.delete :email_repeat
post :create, params: { user: @valid_attrs }
expect(User.count).to eq(0)
end
it 'should require an email confirmation' do
@valid_attrs.delete :email_repeat
post :create, params: { user: @valid_attrs }
expect(User.count).to eq(0)
end
it 'should require a password' do
@valid_attrs.delete :password
@valid_attrs.delete :password_repeat
post :create, params: { user: @valid_attrs }
expect(User.count).to eq(0)
end
it 'should require a password confirmation' do
@valid_attrs.delete :password_repeat
post :create, params: { user: @valid_attrs }
expect(User.count).to eq(0)
end
it 'should save extra fields' do
fields = [
UserField.new(name: 'field1', field_type: 'text'),
UserField.new(name: 'field2', field_type: 'boolean'),
UserField.new(name: 'field3', field_type: 'boolean')
]
allow(UserField).to receive_messages(all: fields)
allow(ExtraField).to receive(:by_kind).with(:user).and_return(fields)
post :create, params: { user: @valid_attrs, user_field: { 'field1' => 'foo', 'field2' => '1' } }
expect(User.count).to eq(1)
user = User.find_by(email: @valid_attrs[:email])
expect(user.field_value_record(fields[0]).value).to eq('foo')
expect(user.field_value_record(fields[1]).value).not_to be_blank
expect(user.field_value_record(fields[2]).value).to be_blank
end
it 'should fail if signup is disabled in site settings' do
bypass_rescue
SiteSetting.all_settings['enable_signup'] = false
expect { post :create, params: { user: @valid_attrs } }.to raise_error(CanCan::AccessDenied)
expect(User.count).to eq(0)
end
end
describe 'PUT update' do
before :each do
@user = FactoryBot.create(:user, email: 'oldemail@valid.com')
controller.current_user = @user
end
it 'should save the email field' do
put :update, params: { user: { email: 'newemail@valid.com', email_repeat: 'newemail@valid.com' } }
expect(response).to redirect_to(user_path)
expect(@user.reload.email).to eq('newemail@valid.com')
end
it 'should not allow changing the login' do
old_login = @user.login
put :update, params: { user: { email: 'newemail@valid.com', login: 'newlogin' } }
expect(response).to redirect_to(user_path)
expect(@user.reload.login).to eq(old_login)
end
it 'should save extra fields' do
fields = [
UserField.new(name: 'field1', field_type: 'text'),
UserField.new(name: 'field2', field_type: 'boolean'),
UserField.new(name: 'field3', field_type: 'boolean')
]
allow(UserField).to receive_messages(all: fields)
allow(ExtraField).to receive(:by_kind).with(:user).and_return(fields)
put :update, params: { user: { email: @user.email }, user_field: { 'field1' => 'foo', 'field2' => '1' } }
expect(@user.field_value_record(fields[0]).value).to eq('foo')
expect(@user.field_value_record(fields[1]).value).not_to be_blank
expect(@user.field_value_record(fields[2]).value).to be_blank
end
describe 'changing the password' do
let(:params) { { email: 'newemail@valid.com' } }
before :each do
@user.password = 'oldpassword'
@user.save!
expect(@user.reload).to have_password('oldpassword')
end
it 'should not try to change the password unless specified' do
put :update, params: { user: params }
expect(response).to redirect_to(user_path)
expect(@user.reload).to have_password('oldpassword')
end
it 'should change the password if the old password matched and both new password fields were the same' do
put :update, params: { user: params.merge(old_password: 'oldpassword',
password: 'newpassword',
password_repeat: 'newpassword') }
expect(response).to redirect_to(user_path)
expect(@user.reload).to have_password('newpassword')
end
it 'should not change the password if the old password was wrong' do
put :update, params: { user: params.merge(old_password: 'wrongpassword',
password: 'newpassword',
password_repeat: 'newpassword') }
expect(response.status).to eq(403)
expect(@user.reload).to have_password('oldpassword')
end
it 'should not change the password if the new password fields were not the same' do
put :update, params: { user: params.merge(old_password: 'oldpassword',
password: 'newpassword',
password_repeat: 'foo') }
expect(response.status).to eq(403)
expect(@user.reload).to have_password('oldpassword')
end
it 'should not allow changing to a blank password' do
put :update, params: { user: params.merge(old_password: 'oldpassword',
password: '',
password_repeat: '') }
expect(response.status).to eq(403)
expect(@user.reload).to have_password('oldpassword')
end
end
end
end