Migrate to request specs in `/api/v1/emails/confirmations` (#25686)

pull/2305/head
Daniel M Brasil 2023-07-17 11:22:33 -03:00 committed by GitHub
parent 8a1aabaac1
commit 6cdc8408a9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 75 additions and 49 deletions

View File

@ -2,27 +2,34 @@
require 'rails_helper' require 'rails_helper'
RSpec.describe Api::V1::Emails::ConfirmationsController do RSpec.describe 'Confirmations' do
let(:confirmed_at) { nil } let(:confirmed_at) { nil }
let(:user) { Fabricate(:user, confirmed_at: confirmed_at) } let(:user) { Fabricate(:user, confirmed_at: confirmed_at) }
let(:app) { Fabricate(:application) } let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) }
let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes, application: app) } let(:scopes) { 'read:accounts write:accounts' }
let(:scopes) { 'write' } let(:headers) { { 'Authorization' => "Bearer #{token.token}" } }
describe '#create' do describe 'POST /api/v1/emails/confirmations' do
context 'with an oauth token' do subject do
before do post '/api/v1/emails/confirmations', headers: headers, params: params
allow(controller).to receive(:doorkeeper_token) { token }
end end
context 'when from a random app' do let(:params) { {} }
it_behaves_like 'forbidden for wrong scope', 'read read:accounts'
context 'with an oauth token' do
context 'when user was created by a different application' do
let(:user) { Fabricate(:user, confirmed_at: confirmed_at, created_by_application: Fabricate(:application)) }
it 'returns http forbidden' do it 'returns http forbidden' do
post :create subject
expect(response).to have_http_status(403) expect(response).to have_http_status(403)
end end
end end
context 'when from an app that created the account' do context 'when user was created by the same application' do
before do before do
user.update(created_by_application: token.application) user.update(created_by_application: token.application)
end end
@ -31,55 +38,79 @@ RSpec.describe Api::V1::Emails::ConfirmationsController do
let(:confirmed_at) { Time.now.utc } let(:confirmed_at) { Time.now.utc }
it 'returns http forbidden' do it 'returns http forbidden' do
post :create subject
expect(response).to have_http_status(403) expect(response).to have_http_status(403)
end end
context 'with user changed e-mail and has not confirmed it' do context 'when user changed e-mail and has not confirmed it' do
before do before do
user.update(email: 'foo@bar.com') user.update(email: 'foo@bar.com')
end end
it 'returns http success' do it 'returns http success' do
post :create subject
expect(response).to have_http_status(:success)
expect(response).to have_http_status(200)
end end
end end
end end
context 'when the account is unconfirmed' do context 'when the account is unconfirmed' do
it 'returns http success' do it 'returns http success' do
post :create subject
expect(response).to have_http_status(:success)
expect(response).to have_http_status(200)
end
end
context 'with email param' do
let(:params) { { email: 'foo@bar.com' } }
it "updates the user's e-mail address", :aggregate_failures do
subject
expect(response).to have_http_status(200)
expect(user.reload.unconfirmed_email).to eq('foo@bar.com')
end
end
context 'with invalid email param' do
let(:params) { { email: 'invalid' } }
it 'returns http unprocessable entity' do
subject
expect(response).to have_http_status(422)
end end
end end
end end
end end
context 'without an oauth token' do context 'without an oauth token' do
let(:headers) { {} }
it 'returns http unauthorized' do it 'returns http unauthorized' do
post :create subject
expect(response).to have_http_status(401) expect(response).to have_http_status(401)
end end
end end
end end
describe '#check' do describe 'GET /api/v1/emails/check_confirmation' do
let(:scopes) { 'read' } subject do
get '/api/v1/emails/check_confirmation', headers: headers
end
it_behaves_like 'forbidden for wrong scope', 'write'
context 'with an oauth token' do context 'with an oauth token' do
before do
allow(controller).to receive(:doorkeeper_token) { token }
end
context 'when the account is not confirmed' do context 'when the account is not confirmed' do
it 'returns http success' do it 'returns the confirmation status successfully', :aggregate_failures do
get :check subject
expect(response).to have_http_status(200)
end
it 'returns false' do expect(response).to have_http_status(200)
get :check
expect(body_as_json).to be false expect(body_as_json).to be false
end end
end end
@ -87,31 +118,27 @@ RSpec.describe Api::V1::Emails::ConfirmationsController do
context 'when the account is confirmed' do context 'when the account is confirmed' do
let(:confirmed_at) { Time.now.utc } let(:confirmed_at) { Time.now.utc }
it 'returns http success' do it 'returns the confirmation status successfully', :aggregate_failures do
get :check subject
expect(response).to have_http_status(200)
end
it 'returns true' do expect(response).to have_http_status(200)
get :check
expect(body_as_json).to be true expect(body_as_json).to be true
end end
end end
end end
context 'with an authentication cookie' do context 'with an authentication cookie' do
let(:headers) { {} }
before do before do
sign_in user, scope: :user sign_in user, scope: :user
end end
context 'when the account is not confirmed' do context 'when the account is not confirmed' do
it 'returns http success' do it 'returns the confirmation status successfully', :aggregate_failures do
get :check subject
expect(response).to have_http_status(200)
end
it 'returns false' do expect(response).to have_http_status(200)
get :check
expect(body_as_json).to be false expect(body_as_json).to be false
end end
end end
@ -119,21 +146,20 @@ RSpec.describe Api::V1::Emails::ConfirmationsController do
context 'when the account is confirmed' do context 'when the account is confirmed' do
let(:confirmed_at) { Time.now.utc } let(:confirmed_at) { Time.now.utc }
it 'returns http success' do it 'returns the confirmation status successfully', :aggregate_failures do
get :check subject
expect(response).to have_http_status(200)
end
it 'returns true' do expect(response).to have_http_status(200)
get :check
expect(body_as_json).to be true expect(body_as_json).to be true
end end
end end
end end
context 'without an oauth token and an authentication cookie' do context 'without an oauth token and an authentication cookie' do
let(:headers) { {} }
it 'returns http unauthorized' do it 'returns http unauthorized' do
get :check subject
expect(response).to have_http_status(401) expect(response).to have_http_status(401)
end end