2023-02-22 00:55:31 +00:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2016-11-17 11:29:11 +00:00
|
|
|
require 'rails_helper'
|
|
|
|
|
2023-05-04 03:49:53 +00:00
|
|
|
RSpec.describe Auth::RegistrationsController do
|
2016-11-17 11:29:11 +00:00
|
|
|
render_views
|
|
|
|
|
2017-06-25 19:42:55 +00:00
|
|
|
shared_examples 'checks for enabled registrations' do |path|
|
|
|
|
it 'redirects if it is in single user mode while it is open for registration' do
|
|
|
|
Fabricate(:account)
|
2019-03-14 04:28:30 +00:00
|
|
|
Setting.registrations_mode = 'open'
|
2023-07-12 08:20:10 +00:00
|
|
|
allow(Rails.configuration.x).to receive(:single_user_mode).and_return(true)
|
2017-06-25 19:42:55 +00:00
|
|
|
|
|
|
|
get path
|
|
|
|
|
|
|
|
expect(response).to redirect_to '/'
|
2023-07-12 08:20:10 +00:00
|
|
|
expect(Rails.configuration.x).to have_received(:single_user_mode)
|
2017-06-25 19:42:55 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'redirects if it is not open for registration while it is not in single user mode' do
|
2019-03-14 04:28:30 +00:00
|
|
|
Setting.registrations_mode = 'none'
|
2023-07-12 08:20:10 +00:00
|
|
|
allow(Rails.configuration.x).to receive(:single_user_mode).and_return(false)
|
2017-06-25 19:42:55 +00:00
|
|
|
|
|
|
|
get path
|
|
|
|
|
|
|
|
expect(response).to redirect_to '/'
|
2023-07-12 08:20:10 +00:00
|
|
|
expect(Rails.configuration.x).to have_received(:single_user_mode)
|
2016-11-17 11:29:11 +00:00
|
|
|
end
|
2017-06-25 19:42:55 +00:00
|
|
|
end
|
2016-11-17 11:29:11 +00:00
|
|
|
|
2017-06-25 19:42:55 +00:00
|
|
|
describe 'GET #edit' do
|
2023-04-19 14:07:29 +00:00
|
|
|
before do
|
2023-02-18 22:38:14 +00:00
|
|
|
request.env['devise.mapping'] = Devise.mappings[:user]
|
2017-06-25 19:42:55 +00:00
|
|
|
sign_in(Fabricate(:user))
|
|
|
|
get :edit
|
2023-04-19 14:07:29 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns http success' do
|
2018-04-21 19:35:07 +00:00
|
|
|
expect(response).to have_http_status(200)
|
2016-11-17 11:29:11 +00:00
|
|
|
end
|
2023-04-19 14:07:29 +00:00
|
|
|
|
|
|
|
it 'returns private cache control header' do
|
|
|
|
expect(response.headers['Cache-Control']).to include('private, no-store')
|
|
|
|
end
|
2016-11-17 11:29:11 +00:00
|
|
|
end
|
|
|
|
|
2017-06-25 19:42:55 +00:00
|
|
|
describe 'GET #update' do
|
2023-04-19 14:07:29 +00:00
|
|
|
let(:user) { Fabricate(:user) }
|
|
|
|
|
|
|
|
before do
|
2023-02-18 22:38:14 +00:00
|
|
|
request.env['devise.mapping'] = Devise.mappings[:user]
|
2023-04-19 14:07:29 +00:00
|
|
|
sign_in(user, scope: :user)
|
2017-06-25 19:42:55 +00:00
|
|
|
post :update
|
2023-04-19 14:07:29 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns http success' do
|
2018-04-21 19:35:07 +00:00
|
|
|
expect(response).to have_http_status(200)
|
2017-06-25 19:42:55 +00:00
|
|
|
end
|
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
2019-07-22 08:48:50 +00:00
|
|
|
|
2023-04-19 14:07:29 +00:00
|
|
|
it 'returns private cache control headers' do
|
|
|
|
expect(response.headers['Cache-Control']).to include('private, no-store')
|
|
|
|
end
|
|
|
|
|
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
2019-07-22 08:48:50 +00:00
|
|
|
context 'when suspended' do
|
2023-04-19 14:07:29 +00:00
|
|
|
let(:user) { Fabricate(:user, account_attributes: { username: 'test', suspended_at: Time.now.utc }) }
|
|
|
|
|
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
2019-07-22 08:48:50 +00:00
|
|
|
it 'returns http forbidden' do
|
|
|
|
expect(response).to have_http_status(403)
|
|
|
|
end
|
|
|
|
end
|
2017-06-25 19:42:55 +00:00
|
|
|
end
|
2017-04-17 08:29:08 +00:00
|
|
|
|
2017-06-25 19:42:55 +00:00
|
|
|
describe 'GET #new' do
|
2016-11-17 11:29:11 +00:00
|
|
|
before do
|
2023-02-18 22:38:14 +00:00
|
|
|
request.env['devise.mapping'] = Devise.mappings[:user]
|
2016-11-17 11:29:11 +00:00
|
|
|
end
|
|
|
|
|
2023-06-06 13:51:42 +00:00
|
|
|
context 'with open registrations' do
|
2017-06-25 19:42:55 +00:00
|
|
|
it 'returns http success' do
|
2019-03-14 04:28:30 +00:00
|
|
|
Setting.registrations_mode = 'open'
|
2017-06-25 19:42:55 +00:00
|
|
|
get :new
|
2018-04-21 19:35:07 +00:00
|
|
|
expect(response).to have_http_status(200)
|
2017-06-25 19:42:55 +00:00
|
|
|
end
|
2016-11-17 11:29:11 +00:00
|
|
|
end
|
|
|
|
|
2017-06-25 19:42:55 +00:00
|
|
|
include_examples 'checks for enabled registrations', :new
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'POST #create' do
|
2023-05-15 18:20:13 +00:00
|
|
|
let(:accept_language) { 'de' }
|
2017-06-25 19:42:55 +00:00
|
|
|
|
2020-12-10 05:27:26 +00:00
|
|
|
before do
|
|
|
|
session[:registration_form_time] = 5.seconds.ago
|
2023-05-11 08:32:09 +00:00
|
|
|
|
|
|
|
request.env['devise.mapping'] = Devise.mappings[:user]
|
2020-12-10 05:27:26 +00:00
|
|
|
end
|
|
|
|
|
2018-04-21 21:37:07 +00:00
|
|
|
around do |example|
|
2023-04-30 12:07:03 +00:00
|
|
|
I18n.with_locale(I18n.locale) do
|
|
|
|
example.run
|
|
|
|
end
|
2018-04-21 21:37:07 +00:00
|
|
|
end
|
|
|
|
|
2023-06-06 13:51:42 +00:00
|
|
|
context 'when an accept language is present in headers' do
|
2017-06-25 19:42:55 +00:00
|
|
|
subject do
|
2019-03-14 04:28:30 +00:00
|
|
|
Setting.registrations_mode = 'open'
|
2023-02-18 22:38:14 +00:00
|
|
|
request.headers['Accept-Language'] = accept_language
|
2020-02-16 11:56:53 +00:00
|
|
|
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } }
|
2017-06-25 19:42:55 +00:00
|
|
|
end
|
|
|
|
|
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
2019-07-22 08:48:50 +00:00
|
|
|
it 'redirects to setup' do
|
2017-06-25 19:42:55 +00:00
|
|
|
subject
|
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
2019-07-22 08:48:50 +00:00
|
|
|
expect(response).to redirect_to auth_setup_path
|
2017-06-25 19:42:55 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'creates user' do
|
|
|
|
subject
|
|
|
|
user = User.find_by(email: 'test@example.com')
|
|
|
|
expect(user).to_not be_nil
|
|
|
|
expect(user.locale).to eq(accept_language)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-02-16 11:56:53 +00:00
|
|
|
context 'when user has not agreed to terms of service' do
|
|
|
|
subject do
|
|
|
|
Setting.registrations_mode = 'open'
|
2023-02-18 22:38:14 +00:00
|
|
|
request.headers['Accept-Language'] = accept_language
|
2020-02-16 11:56:53 +00:00
|
|
|
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'false' } }
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'does not create user' do
|
|
|
|
subject
|
|
|
|
user = User.find_by(email: 'test@example.com')
|
|
|
|
expect(user).to be_nil
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2023-05-04 03:49:08 +00:00
|
|
|
context 'with Approval-based registrations without invite' do
|
2019-05-02 02:30:12 +00:00
|
|
|
subject do
|
|
|
|
Setting.registrations_mode = 'approved'
|
2023-02-18 22:38:14 +00:00
|
|
|
request.headers['Accept-Language'] = accept_language
|
2020-02-16 11:56:53 +00:00
|
|
|
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } }
|
2019-05-02 02:30:12 +00:00
|
|
|
end
|
|
|
|
|
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
2019-07-22 08:48:50 +00:00
|
|
|
it 'redirects to setup' do
|
2019-05-02 02:30:12 +00:00
|
|
|
subject
|
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
2019-07-22 08:48:50 +00:00
|
|
|
expect(response).to redirect_to auth_setup_path
|
2019-05-02 02:30:12 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'creates user' do
|
|
|
|
subject
|
|
|
|
user = User.find_by(email: 'test@example.com')
|
|
|
|
expect(user).to_not be_nil
|
|
|
|
expect(user.locale).to eq(accept_language)
|
2023-02-20 05:14:50 +00:00
|
|
|
expect(user.approved).to be(false)
|
2019-05-02 02:30:12 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2023-05-04 03:49:08 +00:00
|
|
|
context 'with Approval-based registrations with expired invite' do
|
2019-05-02 02:30:12 +00:00
|
|
|
subject do
|
|
|
|
Setting.registrations_mode = 'approved'
|
2023-02-18 22:38:14 +00:00
|
|
|
request.headers['Accept-Language'] = accept_language
|
2019-05-02 02:30:12 +00:00
|
|
|
invite = Fabricate(:invite, max_uses: nil, expires_at: 1.hour.ago)
|
2023-02-18 02:23:49 +00:00
|
|
|
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', invite_code: invite.code, agreement: 'true' } }
|
2019-05-02 02:30:12 +00:00
|
|
|
end
|
|
|
|
|
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
2019-07-22 08:48:50 +00:00
|
|
|
it 'redirects to setup' do
|
2019-05-02 02:30:12 +00:00
|
|
|
subject
|
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
2019-07-22 08:48:50 +00:00
|
|
|
expect(response).to redirect_to auth_setup_path
|
2019-05-02 02:30:12 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'creates user' do
|
|
|
|
subject
|
|
|
|
user = User.find_by(email: 'test@example.com')
|
|
|
|
expect(user).to_not be_nil
|
|
|
|
expect(user.locale).to eq(accept_language)
|
2023-02-20 05:14:50 +00:00
|
|
|
expect(user.approved).to be(false)
|
2019-05-02 02:30:12 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2023-05-04 03:49:08 +00:00
|
|
|
context 'with Approval-based registrations with valid invite and required invite text' do
|
2019-05-02 02:30:12 +00:00
|
|
|
subject do
|
2020-09-15 12:37:58 +00:00
|
|
|
inviter = Fabricate(:user, confirmed_at: 2.days.ago)
|
2019-05-02 02:30:12 +00:00
|
|
|
Setting.registrations_mode = 'approved'
|
2020-12-22 16:14:32 +00:00
|
|
|
Setting.require_invite_text = true
|
2023-02-18 22:38:14 +00:00
|
|
|
request.headers['Accept-Language'] = accept_language
|
2020-09-15 12:37:58 +00:00
|
|
|
invite = Fabricate(:invite, user: inviter, max_uses: nil, expires_at: 1.hour.from_now)
|
2023-02-18 02:23:49 +00:00
|
|
|
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', invite_code: invite.code, agreement: 'true' } }
|
2019-05-02 02:30:12 +00:00
|
|
|
end
|
|
|
|
|
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
2019-07-22 08:48:50 +00:00
|
|
|
it 'redirects to setup' do
|
2019-05-02 02:30:12 +00:00
|
|
|
subject
|
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
2019-07-22 08:48:50 +00:00
|
|
|
expect(response).to redirect_to auth_setup_path
|
2019-05-02 02:30:12 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'creates user' do
|
|
|
|
subject
|
|
|
|
user = User.find_by(email: 'test@example.com')
|
|
|
|
expect(user).to_not be_nil
|
|
|
|
expect(user.locale).to eq(accept_language)
|
2023-02-20 05:14:50 +00:00
|
|
|
expect(user.approved).to be(true)
|
2019-05-02 02:30:12 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2023-05-26 07:41:12 +00:00
|
|
|
context 'with an already taken username' do
|
|
|
|
subject do
|
|
|
|
Setting.registrations_mode = 'open'
|
|
|
|
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } }
|
|
|
|
end
|
|
|
|
|
|
|
|
before do
|
|
|
|
Fabricate(:account, username: 'test')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'responds with an error message about the username' do
|
|
|
|
subject
|
|
|
|
|
|
|
|
expect(response).to have_http_status(:success)
|
|
|
|
expect(username_error_text).to eq(I18n.t('errors.messages.taken'))
|
|
|
|
end
|
|
|
|
|
|
|
|
def username_error_text
|
|
|
|
Nokogiri::Slop(response.body).css('.user_account_username .error').text
|
|
|
|
end
|
2016-11-17 11:29:11 +00:00
|
|
|
end
|
2017-06-25 19:42:55 +00:00
|
|
|
|
|
|
|
include_examples 'checks for enabled registrations', :create
|
2016-11-17 11:29:11 +00:00
|
|
|
end
|
2017-05-23 19:32:42 +00:00
|
|
|
|
|
|
|
describe 'DELETE #destroy' do
|
|
|
|
let(:user) { Fabricate(:user) }
|
|
|
|
|
|
|
|
before do
|
|
|
|
request.env['devise.mapping'] = Devise.mappings[:user]
|
|
|
|
sign_in(user, scope: :user)
|
|
|
|
delete :destroy
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns http not found' do
|
2023-02-20 02:16:40 +00:00
|
|
|
expect(response).to have_http_status(404)
|
2017-05-23 19:32:42 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'does not delete user' do
|
|
|
|
expect(User.find(user.id)).to_not be_nil
|
|
|
|
end
|
|
|
|
end
|
2016-11-17 11:29:11 +00:00
|
|
|
end
|