|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
require 'rails_helper'
|
|
|
|
|
|
|
|
RSpec.describe Auth::RegistrationsController do
|
|
|
|
render_views
|
|
|
|
|
|
|
|
shared_examples 'checks for enabled registrations' do |path|
|
|
|
|
it 'redirects if it is in single user mode while it is open for registration' do
|
|
|
|
Fabricate(:account)
|
|
|
|
Setting.registrations_mode = 'open'
|
|
|
|
allow(Rails.configuration.x).to receive(:single_user_mode).and_return(true)
|
|
|
|
|
|
|
|
get path
|
|
|
|
|
|
|
|
expect(response).to redirect_to '/'
|
|
|
|
expect(Rails.configuration.x).to have_received(:single_user_mode)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'redirects if it is not open for registration while it is not in single user mode' do
|
|
|
|
Setting.registrations_mode = 'none'
|
|
|
|
allow(Rails.configuration.x).to receive(:single_user_mode).and_return(false)
|
|
|
|
|
|
|
|
get path
|
|
|
|
|
|
|
|
expect(response).to redirect_to '/'
|
|
|
|
expect(Rails.configuration.x).to have_received(:single_user_mode)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'GET #edit' do
|
|
|
|
before do
|
|
|
|
request.env['devise.mapping'] = Devise.mappings[:user]
|
|
|
|
sign_in(Fabricate(:user))
|
|
|
|
get :edit
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns http success' do
|
|
|
|
expect(response).to have_http_status(200)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns private cache control header' do
|
|
|
|
expect(response.headers['Cache-Control']).to include('private, no-store')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'PUT #update' do
|
|
|
|
let(:current_password) { 'current password' }
|
|
|
|
let(:user) { Fabricate(:user, password: current_password) }
|
|
|
|
|
|
|
|
before do
|
|
|
|
request.env['devise.mapping'] = Devise.mappings[:user]
|
|
|
|
sign_in(user, scope: :user)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns http success' do
|
|
|
|
put :update
|
|
|
|
expect(response).to have_http_status(200)
|
|
|
|
end
|
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
6 years ago
|
|
|
|
|
|
|
it 'returns private cache control headers' do
|
|
|
|
put :update
|
|
|
|
expect(response.headers['Cache-Control']).to include('private, no-store')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'can update the user email' do
|
|
|
|
expect do
|
|
|
|
put :update, params: {
|
|
|
|
user: {
|
|
|
|
email: 'newemail@example.com',
|
|
|
|
current_password: current_password,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
expect(response).to redirect_to(edit_user_registration_path)
|
|
|
|
end.to change { user.reload.unconfirmed_email }.to('newemail@example.com')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'requires the current password to update the email' do
|
|
|
|
expect do
|
|
|
|
put :update, params: {
|
|
|
|
user: {
|
|
|
|
email: 'newemail@example.com',
|
|
|
|
current_password: 'something',
|
|
|
|
},
|
|
|
|
}
|
|
|
|
expect(response).to have_http_status(200)
|
|
|
|
end.to_not(change { user.reload.unconfirmed_email })
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'can update the user password' do
|
|
|
|
expect do
|
|
|
|
put :update, params: {
|
|
|
|
user: {
|
|
|
|
password: 'new password',
|
|
|
|
password_confirmation: 'new password',
|
|
|
|
current_password: current_password,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
expect(response).to redirect_to(edit_user_registration_path)
|
|
|
|
end.to(change { user.reload.encrypted_password })
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'requires the password confirmation' do
|
|
|
|
expect do
|
|
|
|
put :update, params: {
|
|
|
|
user: {
|
|
|
|
password: 'new password',
|
|
|
|
password_confirmation: 'something else',
|
|
|
|
current_password: current_password,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
expect(response).to have_http_status(200)
|
|
|
|
end.to_not(change { user.reload.encrypted_password })
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'requires the current password to update the password' do
|
|
|
|
expect do
|
|
|
|
put :update, params: {
|
|
|
|
user: {
|
|
|
|
password: 'new password',
|
|
|
|
password_confirmation: 'new password',
|
|
|
|
current_password: 'something',
|
|
|
|
},
|
|
|
|
}
|
|
|
|
expect(response).to have_http_status(200)
|
|
|
|
end.to_not(change { user.reload.encrypted_password })
|
|
|
|
end
|
|
|
|
|
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
6 years ago
|
|
|
context 'when suspended' do
|
|
|
|
let(:user) { Fabricate(:user, account_attributes: { username: 'test', suspended_at: Time.now.utc }) }
|
|
|
|
|
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
6 years ago
|
|
|
it 'returns http forbidden' do
|
|
|
|
put :update
|
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
6 years ago
|
|
|
expect(response).to have_http_status(403)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'GET #new' do
|
|
|
|
before do
|
|
|
|
request.env['devise.mapping'] = Devise.mappings[:user]
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with open registrations' do
|
|
|
|
it 'returns http success' do
|
|
|
|
Setting.registrations_mode = 'open'
|
|
|
|
get :new
|
|
|
|
expect(response).to have_http_status(200)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
include_examples 'checks for enabled registrations', :new
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'POST #create' do
|
|
|
|
let(:accept_language) { 'de' }
|
|
|
|
|
|
|
|
before do
|
|
|
|
session[:registration_form_time] = 5.seconds.ago
|
|
|
|
|
|
|
|
request.env['devise.mapping'] = Devise.mappings[:user]
|
|
|
|
end
|
|
|
|
|
|
|
|
around do |example|
|
|
|
|
I18n.with_locale(I18n.locale) do
|
|
|
|
example.run
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when an accept language is present in headers' do
|
|
|
|
subject do
|
|
|
|
Setting.registrations_mode = 'open'
|
|
|
|
request.headers['Accept-Language'] = accept_language
|
|
|
|
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } }
|
|
|
|
end
|
|
|
|
|
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
6 years ago
|
|
|
it 'redirects to setup' do
|
|
|
|
subject
|
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
6 years ago
|
|
|
expect(response).to redirect_to auth_setup_path
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'creates user' do
|
|
|
|
subject
|
|
|
|
user = User.find_by(email: 'test@example.com')
|
|
|
|
expect(user).to_not be_nil
|
|
|
|
expect(user.locale).to eq(accept_language)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when user has not agreed to terms of service' do
|
|
|
|
subject do
|
|
|
|
Setting.registrations_mode = 'open'
|
|
|
|
request.headers['Accept-Language'] = accept_language
|
|
|
|
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'false' } }
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'does not create user' do
|
|
|
|
subject
|
|
|
|
user = User.find_by(email: 'test@example.com')
|
|
|
|
expect(user).to be_nil
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when user has an email address requiring approval' do
|
|
|
|
subject do
|
|
|
|
request.headers['Accept-Language'] = accept_language
|
|
|
|
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } }
|
|
|
|
end
|
|
|
|
|
|
|
|
before do
|
|
|
|
Setting.registrations_mode = 'open'
|
|
|
|
Fabricate(:email_domain_block, allow_with_approval: true, domain: 'example.com')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'creates unapproved user and redirects to setup' do
|
|
|
|
subject
|
|
|
|
expect(response).to redirect_to auth_setup_path
|
|
|
|
|
|
|
|
user = User.find_by(email: 'test@example.com')
|
|
|
|
expect(user).to_not be_nil
|
|
|
|
expect(user.locale).to eq(accept_language)
|
|
|
|
expect(user.approved).to be(false)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when user has an email address requiring approval through a MX record' do
|
|
|
|
subject do
|
|
|
|
request.headers['Accept-Language'] = accept_language
|
|
|
|
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } }
|
|
|
|
end
|
|
|
|
|
|
|
|
before do
|
|
|
|
Setting.registrations_mode = 'open'
|
|
|
|
Fabricate(:email_domain_block, allow_with_approval: true, domain: 'mail.example.com')
|
|
|
|
allow(User).to receive(:skip_mx_check?).and_return(false)
|
|
|
|
configure_mx(domain: 'example.com', exchange: 'mail.example.com')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'creates unapproved user and redirects to setup' do
|
|
|
|
subject
|
|
|
|
expect(response).to redirect_to auth_setup_path
|
|
|
|
|
|
|
|
user = User.find_by(email: 'test@example.com')
|
|
|
|
expect(user).to_not be_nil
|
|
|
|
expect(user.locale).to eq(accept_language)
|
|
|
|
expect(user.approved).to be(false)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with Approval-based registrations without invite' do
|
|
|
|
subject do
|
|
|
|
Setting.registrations_mode = 'approved'
|
|
|
|
request.headers['Accept-Language'] = accept_language
|
|
|
|
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } }
|
|
|
|
end
|
|
|
|
|
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
6 years ago
|
|
|
it 'redirects to setup' do
|
|
|
|
subject
|
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
6 years ago
|
|
|
expect(response).to redirect_to auth_setup_path
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'creates user' do
|
|
|
|
subject
|
|
|
|
user = User.find_by(email: 'test@example.com')
|
|
|
|
expect(user).to_not be_nil
|
|
|
|
expect(user.locale).to eq(accept_language)
|
|
|
|
expect(user.approved).to be(false)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with Approval-based registrations with expired invite' do
|
|
|
|
subject do
|
|
|
|
Setting.registrations_mode = 'approved'
|
|
|
|
request.headers['Accept-Language'] = accept_language
|
|
|
|
invite = Fabricate(:invite, max_uses: nil, expires_at: 1.hour.ago)
|
|
|
|
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', invite_code: invite.code, agreement: 'true' } }
|
|
|
|
end
|
|
|
|
|
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
6 years ago
|
|
|
it 'redirects to setup' do
|
|
|
|
subject
|
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
6 years ago
|
|
|
expect(response).to redirect_to auth_setup_path
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'creates user' do
|
|
|
|
subject
|
|
|
|
user = User.find_by(email: 'test@example.com')
|
|
|
|
expect(user).to_not be_nil
|
|
|
|
expect(user.locale).to eq(accept_language)
|
|
|
|
expect(user.approved).to be(false)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with Approval-based registrations with valid invite and required invite text' do
|
|
|
|
subject do
|
|
|
|
inviter = Fabricate(:user, confirmed_at: 2.days.ago)
|
|
|
|
Setting.registrations_mode = 'approved'
|
|
|
|
Setting.require_invite_text = true
|
|
|
|
request.headers['Accept-Language'] = accept_language
|
|
|
|
invite = Fabricate(:invite, user: inviter, max_uses: nil, expires_at: 1.hour.from_now)
|
|
|
|
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', invite_code: invite.code, agreement: 'true' } }
|
|
|
|
end
|
|
|
|
|
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
6 years ago
|
|
|
it 'redirects to setup' do
|
|
|
|
subject
|
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
6 years ago
|
|
|
expect(response).to redirect_to auth_setup_path
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'creates user' do
|
|
|
|
subject
|
|
|
|
user = User.find_by(email: 'test@example.com')
|
|
|
|
expect(user).to_not be_nil
|
|
|
|
expect(user.locale).to eq(accept_language)
|
|
|
|
expect(user.approved).to be(true)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with an already taken username' do
|
|
|
|
subject do
|
|
|
|
Setting.registrations_mode = 'open'
|
|
|
|
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } }
|
|
|
|
end
|
|
|
|
|
|
|
|
before do
|
|
|
|
Fabricate(:account, username: 'test')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'responds with an error message about the username' do
|
|
|
|
subject
|
|
|
|
|
|
|
|
expect(response).to have_http_status(:success)
|
|
|
|
expect(username_error_text).to eq(I18n.t('errors.messages.taken'))
|
|
|
|
end
|
|
|
|
|
|
|
|
def username_error_text
|
|
|
|
response.parsed_body.css('.user_account_username .error').text
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
include_examples 'checks for enabled registrations', :create
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'DELETE #destroy' do
|
|
|
|
let(:user) { Fabricate(:user) }
|
|
|
|
|
|
|
|
before do
|
|
|
|
request.env['devise.mapping'] = Devise.mappings[:user]
|
|
|
|
sign_in(user, scope: :user)
|
|
|
|
delete :destroy
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns http not found' do
|
|
|
|
expect(response).to have_http_status(404)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'does not delete user' do
|
|
|
|
expect(User.find(user.id)).to_not be_nil
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|