mastodon-docker-playground/spec/controllers/settings/deletes_controller_spec.rb

require 'rails_helper'

describe Settings::DeletesController do
  render_views

  describe 'GET #show' do
    context 'when signed in' do
      let(:user) { Fabricate(:user) }

      before do
        sign_in user, scope: :user
      end

      it 'renders confirmation page' do
        get :show
        expect(response).to have_http_status(200)
      end

      context 'when suspended' do
        let(:user) { Fabricate(:user, account_attributes: { username: 'alice', suspended_at: Time.now.utc }) }

        it 'returns http forbidden' do
          get :show
          expect(response).to have_http_status(403)
        end
      end
    end

    context 'when not signed in' do
      it 'redirects' do
        get :show
        expect(response).to redirect_to '/auth/sign_in'
      end
    end
  end

  describe 'DELETE #destroy' do
    context 'when signed in' do
      let(:user) { Fabricate(:user, password: 'petsmoldoggos') }

      before do
        sign_in user, scope: :user
      end

      context 'with correct password' do
        before do
          delete :destroy, params: { form_delete_confirmation: { password: 'petsmoldoggos' } }
        end

        it 'redirects to sign in page' do
          expect(response).to redirect_to '/auth/sign_in'
        end

        it 'removes user record' do
          expect(User.find_by(id: user.id)).to be_nil
        end

        it 'marks account as suspended' do
          expect(user.account.reload).to be_suspended
        end

        context 'when suspended' do
          let(:user) { Fabricate(:user, account_attributes: { username: 'alice', suspended_at: Time.now.utc }) }

          it 'returns http forbidden' do
            expect(response).to have_http_status(403)
          end
        end
      end

      context 'with incorrect password' do
        before do
          delete :destroy, params: { form_delete_confirmation: { password: 'blaze420' } }
        end

        it 'redirects back to confirmation page' do
          expect(response).to redirect_to settings_delete_path
        end
      end

      context 'when account deletions are disabled' do
        around do |example|
          open_deletion = Setting.open_deletion
          example.run
          Setting.open_deletion = open_deletion
        end

        it 'redirects' do
          Setting.open_deletion = false
          delete :destroy
          expect(response).to redirect_to root_path
        end
      end
    end

    context 'when not signed in' do
      it 'redirects' do
        delete :destroy
        expect(response).to redirect_to '/auth/sign_in'
      end
    end
  end
end
Account deletion (#3728) * Add form for account deletion * If avatar or header are gone from source, remove them * Add option to have SuspendAccountService remove user record, add tests * Exclude suspended accounts from search 2017-06-14 16:01:27 +00:00			`require 'rails_helper'`

			`describe Settings::DeletesController do`
			`render_views`

			`describe 'GET #show' do`
			`context 'when signed in' do`
			`let(:user) { Fabricate(:user) }`

			`before do`
			`sign_in user, scope: :user`
			`end`

			`it 'renders confirmation page' do`
			`get :show`
Use raw status code on have_http_status (#7214) 2018-04-21 19:35:07 +00:00			`expect(response).to have_http_status(200)`
Account deletion (#3728) * Add form for account deletion * If avatar or header are gone from source, remove them * Add option to have SuspendAccountService remove user record, add tests * Exclude suspended accounts from search 2017-06-14 16:01:27 +00:00			`end`
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication. 2019-07-22 08:48:50 +00:00
			`context 'when suspended' do`
			`let(:user) { Fabricate(:user, account_attributes: { username: 'alice', suspended_at: Time.now.utc }) }`

			`it 'returns http forbidden' do`
			`get :show`
			`expect(response).to have_http_status(403)`
			`end`
			`end`
Account deletion (#3728) * Add form for account deletion * If avatar or header are gone from source, remove them * Add option to have SuspendAccountService remove user record, add tests * Exclude suspended accounts from search 2017-06-14 16:01:27 +00:00			`end`

			`context 'when not signed in' do`
			`it 'redirects' do`
			`get :show`
			`expect(response).to redirect_to '/auth/sign_in'`
			`end`
			`end`
			`end`

			`describe 'DELETE #destroy' do`
			`context 'when signed in' do`
			`let(:user) { Fabricate(:user, password: 'petsmoldoggos') }`

			`before do`
			`sign_in user, scope: :user`
			`end`

			`context 'with correct password' do`
			`before do`
Fix account delete form not accepting password, update suspended (#3745) account before removing content for quicker feedback to end-users 2017-06-14 18:30:12 +00:00			`delete :destroy, params: { form_delete_confirmation: { password: 'petsmoldoggos' } }`
Account deletion (#3728) * Add form for account deletion * If avatar or header are gone from source, remove them * Add option to have SuspendAccountService remove user record, add tests * Exclude suspended accounts from search 2017-06-14 16:01:27 +00:00			`end`

			`it 'redirects to sign in page' do`
			`expect(response).to redirect_to '/auth/sign_in'`
			`end`

			`it 'removes user record' do`
			`expect(User.find_by(id: user.id)).to be_nil`
			`end`

			`it 'marks account as suspended' do`
			`expect(user.account.reload).to be_suspended`
			`end`
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication. 2019-07-22 08:48:50 +00:00
			`context 'when suspended' do`
			`let(:user) { Fabricate(:user, account_attributes: { username: 'alice', suspended_at: Time.now.utc }) }`

			`it 'returns http forbidden' do`
			`expect(response).to have_http_status(403)`
			`end`
			`end`
Account deletion (#3728) * Add form for account deletion * If avatar or header are gone from source, remove them * Add option to have SuspendAccountService remove user record, add tests * Exclude suspended accounts from search 2017-06-14 16:01:27 +00:00			`end`

			`context 'with incorrect password' do`
			`before do`
Fix account delete form not accepting password, update suspended (#3745) account before removing content for quicker feedback to end-users 2017-06-14 18:30:12 +00:00			`delete :destroy, params: { form_delete_confirmation: { password: 'blaze420' } }`
Account deletion (#3728) * Add form for account deletion * If avatar or header are gone from source, remove them * Add option to have SuspendAccountService remove user record, add tests * Exclude suspended accounts from search 2017-06-14 16:01:27 +00:00			`end`

			`it 'redirects back to confirmation page' do`
			`expect(response).to redirect_to settings_delete_path`
			`end`
			`end`

Refactor settings controllers (#14767) - Disallow suspended accounts from revoking sessions and apps - Allow suspended accounts to access exports 2020-09-11 18:56:35 +00:00			`context 'when account deletions are disabled' do`
			`around do \|example\|`
			`open_deletion = Setting.open_deletion`
			`example.run`
			`Setting.open_deletion = open_deletion`
			`end`
setting-for-account-deletable (#3852) 2017-06-19 13:12:31 +00:00
Refactor settings controllers (#14767) - Disallow suspended accounts from revoking sessions and apps - Allow suspended accounts to access exports 2020-09-11 18:56:35 +00:00			`it 'redirects' do`
			`Setting.open_deletion = false`
			`delete :destroy`
			`expect(response).to redirect_to root_path`
			`end`
setting-for-account-deletable (#3852) 2017-06-19 13:12:31 +00:00			`end`
Refactor settings controllers (#14767) - Disallow suspended accounts from revoking sessions and apps - Allow suspended accounts to access exports 2020-09-11 18:56:35 +00:00			`end`
setting-for-account-deletable (#3852) 2017-06-19 13:12:31 +00:00
Refactor settings controllers (#14767) - Disallow suspended accounts from revoking sessions and apps - Allow suspended accounts to access exports 2020-09-11 18:56:35 +00:00			`context 'when not signed in' do`
setting-for-account-deletable (#3852) 2017-06-19 13:12:31 +00:00			`it 'redirects' do`
			`delete :destroy`
Refactor settings controllers (#14767) - Disallow suspended accounts from revoking sessions and apps - Allow suspended accounts to access exports 2020-09-11 18:56:35 +00:00			`expect(response).to redirect_to '/auth/sign_in'`
setting-for-account-deletable (#3852) 2017-06-19 13:12:31 +00:00			`end`
			`end`
Account deletion (#3728) * Add form for account deletion * If avatar or header are gone from source, remove them * Add option to have SuspendAccountService remove user record, add tests * Exclude suspended accounts from search 2017-06-14 16:01:27 +00:00			`end`
			`end`