2013-02-05 14:16:51 -05:00
require 'spec_helper'
2013-02-07 06:50:59 -05:00
describe UsersController do
2013-02-05 14:16:51 -05:00
2013-02-07 06:50:59 -05:00
describe '.show' do
2013-02-05 14:16:51 -05:00
let! ( :user ) { log_in }
it 'returns success' do
2014-07-09 15:31:49 +10:00
xhr :get , :show , username : user . username , format : :json
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_success
2014-07-09 15:31:49 +10:00
json = JSON . parse ( response . body )
2015-01-09 14:04:02 -03:00
expect ( json [ " user " ] [ " has_title_badges " ] ) . to eq ( false )
2014-07-09 15:31:49 +10:00
2013-02-05 14:16:51 -05:00
end
it " returns not found when the username doesn't exist " do
xhr :get , :show , username : 'madeuppity'
2015-01-09 14:04:02 -03:00
expect ( response ) . not_to be_success
2013-02-05 14:16:51 -05:00
end
2014-08-13 13:30:25 -04:00
it 'returns not found when the user is inactive' do
inactive = Fabricate ( :user , active : false )
xhr :get , :show , username : inactive . username
2015-01-09 14:04:02 -03:00
expect ( response ) . not_to be_success
2014-08-13 13:30:25 -04:00
end
2013-02-05 14:16:51 -05:00
it " raises an error on invalid access " do
Guardian . any_instance . expects ( :can_see? ) . with ( user ) . returns ( false )
xhr :get , :show , username : user . username
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_forbidden
2013-02-05 14:16:51 -05:00
end
2014-06-18 14:40:15 -04:00
context " fetching a user by external_id " do
before { user . create_single_sign_on_record ( external_id : '997' , last_payload : '' ) }
it " returns fetch for a matching external_id " do
xhr :get , :show , external_id : '997'
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_success
2014-06-18 14:40:15 -04:00
end
it " returns not found when external_id doesn't match " do
xhr :get , :show , external_id : '99'
2015-01-09 14:04:02 -03:00
expect ( response ) . not_to be_success
2014-06-18 14:40:15 -04:00
end
end
2013-02-05 14:16:51 -05:00
end
describe '.user_preferences_redirect' do
it 'requires the user to be logged in' do
2015-01-09 14:04:02 -03:00
expect { get :user_preferences_redirect } . to raise_error ( Discourse :: NotLoggedIn )
2013-02-05 14:16:51 -05:00
end
it " redirects to their profile when logged in " do
user = log_in
get :user_preferences_redirect
2015-01-09 14:04:02 -03:00
expect ( response ) . to redirect_to ( " /users/ #{ user . username_lower } /preferences " )
2013-02-05 14:16:51 -05:00
end
end
describe '.authorize_email' do
2014-04-28 00:34:55 +10:00
it 'errors out for invalid tokens' do
get :authorize_email , token : 'asdfasdf'
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_success
expect ( flash [ :error ] ) . to be_present
2013-02-05 14:16:51 -05:00
end
context 'valid token' do
2014-04-28 00:34:55 +10:00
it 'authorizes with a correct token' do
user = Fabricate ( :user )
email_token = user . email_tokens . create ( email : user . email )
2013-02-05 14:16:51 -05:00
2014-04-28 00:34:55 +10:00
get :authorize_email , token : email_token . token
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_success
expect ( flash [ :error ] ) . to be_blank
expect ( session [ :current_user_id ] ) . to be_present
2013-02-05 14:16:51 -05:00
end
2013-02-07 06:50:59 -05:00
end
2013-02-05 14:16:51 -05:00
end
describe '.activate_account' do
2014-07-15 14:07:19 -04:00
before do
UsersController . any_instance . stubs ( :honeypot_or_challenge_fails? ) . returns ( false )
end
2013-02-05 14:16:51 -05:00
context 'invalid token' do
it 'return success' do
2015-02-20 10:28:38 +11:00
EmailToken . expects ( :confirm ) . with ( 'asdfasdf' ) . returns ( nil )
put :perform_account_activation , token : 'asdfasdf'
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_success
expect ( flash [ :error ] ) . to be_present
2013-02-07 06:50:59 -05:00
end
2013-02-05 14:16:51 -05:00
end
context 'valid token' do
let ( :user ) { Fabricate ( :user ) }
context 'welcome message' do
before do
EmailToken . expects ( :confirm ) . with ( 'asdfasdf' ) . returns ( user )
end
it 'enqueues a welcome message if the user object indicates so' do
2013-02-07 06:50:59 -05:00
user . send_welcome_message = true
2013-02-05 14:16:51 -05:00
user . expects ( :enqueue_welcome_message ) . with ( 'welcome_user' )
2014-07-14 12:25:42 -04:00
put :perform_account_activation , token : 'asdfasdf'
2013-02-05 14:16:51 -05:00
end
it " doesn't enqueue the welcome message if the object returns false " do
2013-02-07 06:50:59 -05:00
user . send_welcome_message = false
2013-02-05 14:16:51 -05:00
user . expects ( :enqueue_welcome_message ) . with ( 'welcome_user' ) . never
2014-07-14 12:25:42 -04:00
put :perform_account_activation , token : 'asdfasdf'
2013-02-05 14:16:51 -05:00
end
2014-07-15 14:07:19 -04:00
end
2013-02-05 14:16:51 -05:00
2014-07-15 14:07:19 -04:00
context " honeypot " do
it " raises an error if the honeypot is invalid " do
UsersController . any_instance . stubs ( :honeypot_or_challenge_fails? ) . returns ( true )
put :perform_account_activation , token : 'asdfasdf'
2015-01-09 14:04:02 -03:00
expect ( response ) . not_to be_success
2014-07-15 14:07:19 -04:00
end
2013-02-05 14:16:51 -05:00
end
2014-03-26 15:39:44 +11:00
context 'response' do
2013-02-05 14:16:51 -05:00
before do
2013-04-03 12:23:28 -04:00
Guardian . any_instance . expects ( :can_access_forum? ) . returns ( true )
2013-02-05 14:16:51 -05:00
EmailToken . expects ( :confirm ) . with ( 'asdfasdf' ) . returns ( user )
2014-07-14 12:25:42 -04:00
put :perform_account_activation , token : 'asdfasdf'
2013-02-05 14:16:51 -05:00
end
it 'returns success' do
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_success
2013-02-05 14:16:51 -05:00
end
it " doesn't set an error " do
2015-01-09 14:04:02 -03:00
expect ( flash [ :error ] ) . to be_blank
2013-02-05 14:16:51 -05:00
end
it 'logs in as the user' do
2015-01-09 14:04:02 -03:00
expect ( session [ :current_user_id ] ) . to be_present
2013-02-07 06:50:59 -05:00
end
2013-02-05 14:16:51 -05:00
it " doesn't set @needs_approval " do
2015-01-09 14:04:02 -03:00
expect ( assigns [ :needs_approval ] ) . to be_blank
2013-02-07 06:50:59 -05:00
end
2013-02-05 14:16:51 -05:00
end
2013-04-03 12:23:28 -04:00
context 'user is not approved' do
2013-02-05 14:16:51 -05:00
before do
2013-04-03 12:23:28 -04:00
Guardian . any_instance . expects ( :can_access_forum? ) . returns ( false )
2013-02-05 14:16:51 -05:00
EmailToken . expects ( :confirm ) . with ( 'asdfasdf' ) . returns ( user )
2014-07-14 12:25:42 -04:00
put :perform_account_activation , token : 'asdfasdf'
2013-02-05 14:16:51 -05:00
end
it 'returns success' do
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_success
2013-02-05 14:16:51 -05:00
end
it 'sets @needs_approval' do
2015-01-09 14:04:02 -03:00
expect ( assigns [ :needs_approval ] ) . to be_present
2013-02-05 14:16:51 -05:00
end
it " doesn't set an error " do
2015-01-09 14:04:02 -03:00
expect ( flash [ :error ] ) . to be_blank
2013-02-05 14:16:51 -05:00
end
it " doesn't log the user in " do
2015-01-09 14:04:02 -03:00
expect ( session [ :current_user_id ] ) . to be_blank
2013-02-05 14:16:51 -05:00
end
end
end
end
2013-02-07 06:50:59 -05:00
describe '.change_email' do
2013-02-05 14:16:51 -05:00
let ( :new_email ) { 'bubblegum@adventuretime.ooo' }
it " requires you to be logged in " do
2015-01-09 14:04:02 -03:00
expect { xhr :put , :change_email , username : 'asdf' , email : new_email } . to raise_error ( Discourse :: NotLoggedIn )
2013-02-05 14:16:51 -05:00
end
context 'when logged in' do
let! ( :user ) { log_in }
it 'raises an error without an email parameter' do
2015-01-09 14:04:02 -03:00
expect { xhr :put , :change_email , username : user . username } . to raise_error ( ActionController :: ParameterMissing )
2013-02-05 14:16:51 -05:00
end
2013-09-08 11:42:41 +09:00
it " raises an error if you can't edit the user's email " do
Guardian . any_instance . expects ( :can_edit_email? ) . with ( user ) . returns ( false )
2013-02-05 14:16:51 -05:00
xhr :put , :change_email , username : user . username , email : new_email
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_forbidden
2013-02-05 14:16:51 -05:00
end
context 'when the new email address is taken' do
let! ( :other_user ) { Fabricate ( :coding_horror ) }
it 'raises an error' do
2015-01-09 14:04:02 -03:00
expect { xhr :put , :change_email , username : user . username , email : other_user . email } . to raise_error ( Discourse :: InvalidParameters )
2013-02-05 14:16:51 -05:00
end
2013-04-27 23:02:23 -04:00
it 'raises an error if there is whitespace too' do
2015-01-09 14:04:02 -03:00
expect { xhr :put , :change_email , username : user . username , email : other_user . email + ' ' } . to raise_error ( Discourse :: InvalidParameters )
2013-04-27 23:02:23 -04:00
end
2013-02-05 14:16:51 -05:00
end
2014-07-14 10:16:24 -04:00
context 'when new email is different case of existing email' do
let! ( :other_user ) { Fabricate ( :user , email : 'case.insensitive@gmail.com' ) }
it 'raises an error' do
2015-01-09 14:04:02 -03:00
expect { xhr :put , :change_email , username : user . username , email : other_user . email . upcase } . to raise_error ( Discourse :: InvalidParameters )
2014-07-14 10:16:24 -04:00
end
end
2013-02-05 14:16:51 -05:00
context 'success' do
it 'has an email token' do
2015-01-09 14:04:02 -03:00
expect { xhr :put , :change_email , username : user . username , email : new_email } . to change ( EmailToken , :count )
2013-02-05 14:16:51 -05:00
end
it 'enqueues an email authorization' do
Jobs . expects ( :enqueue ) . with ( :user_email , has_entries ( type : :authorize_email , user_id : user . id , to_address : new_email ) )
xhr :put , :change_email , username : user . username , email : new_email
end
end
end
end
describe '.password_reset' do
let ( :user ) { Fabricate ( :user ) }
2013-07-15 12:12:54 -04:00
context " you can view it even if login is required " do
it " returns success " do
2014-07-02 13:06:55 +10:00
SiteSetting . login_required = true
get :password_reset , token : 'asdfasdf'
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_success
2013-07-15 12:12:54 -04:00
end
end
2014-08-25 15:30:52 -04:00
context 'missing token' do
2013-02-05 14:16:51 -05:00
before do
2014-07-02 13:06:55 +10:00
get :password_reset , token : SecureRandom . hex
2013-02-05 14:16:51 -05:00
end
2014-07-02 13:06:55 +10:00
it 'disallows login' do
2015-02-20 10:28:38 +11:00
expect ( assigns [ :error ] ) . to be_present
2015-01-09 14:04:02 -03:00
expect ( session [ :current_user_id ] ) . to be_blank
expect ( assigns [ :invalid_token ] ) . to eq ( nil )
expect ( response ) . to be_success
2013-02-07 06:50:59 -05:00
end
2014-08-25 15:30:52 -04:00
end
2014-07-02 13:06:55 +10:00
2014-08-25 15:30:52 -04:00
context 'invalid token' do
before do
get :password_reset , token : " evil_trout! "
end
it 'disallows login' do
2015-02-20 10:28:38 +11:00
expect ( assigns [ :error ] ) . to be_present
2015-01-09 14:04:02 -03:00
expect ( session [ :current_user_id ] ) . to be_blank
expect ( assigns [ :invalid_token ] ) . to eq ( true )
expect ( response ) . to be_success
2014-08-25 15:30:52 -04:00
end
2013-02-05 14:16:51 -05:00
end
context 'valid token' do
it 'returns success' do
2015-04-15 08:57:43 +10:00
user = Fabricate ( :user , auth_token : SecureRandom . hex ( 16 ) )
2014-07-02 13:06:55 +10:00
token = user . email_tokens . create ( email : user . email ) . token
2013-02-05 14:16:51 -05:00
2015-04-15 08:57:43 +10:00
old_token = user . auth_token
2014-07-02 13:06:55 +10:00
get :password_reset , token : token
put :password_reset , token : token , password : 'newpassword'
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_success
2015-02-20 10:28:38 +11:00
expect ( assigns [ :error ] ) . to be_blank
2015-04-15 08:57:43 +10:00
user . reload
expect ( user . auth_token ) . to_not eq old_token
expect ( user . auth_token . length ) . to eq 32
2013-02-05 14:16:51 -05:00
end
end
context 'submit change' do
2014-08-25 15:30:52 -04:00
let ( :token ) { EmailToken . generate_token }
2013-02-05 14:16:51 -05:00
before do
2014-08-25 15:30:52 -04:00
EmailToken . expects ( :confirm ) . with ( token ) . returns ( user )
2013-02-05 14:16:51 -05:00
end
2014-09-11 12:22:11 -07:00
it " fails when the password is blank " do
put :password_reset , token : token , password : ''
2015-01-09 14:04:02 -03:00
expect ( assigns ( :user ) . errors ) . to be_present
expect ( session [ :current_user_id ] ) . to be_blank
2014-09-11 12:22:11 -07:00
end
it " fails when the password is too long " do
put :password_reset , token : token , password : ( 'x' * ( User . max_password_length + 1 ) )
2015-01-09 14:04:02 -03:00
expect ( assigns ( :user ) . errors ) . to be_present
expect ( session [ :current_user_id ] ) . to be_blank
2014-09-11 12:22:11 -07:00
end
2013-02-05 14:16:51 -05:00
it " logs in the user " do
2014-08-25 15:30:52 -04:00
put :password_reset , token : token , password : 'newpassword'
2015-01-09 14:04:02 -03:00
expect ( assigns ( :user ) . errors ) . to be_blank
expect ( session [ :current_user_id ] ) . to be_present
2013-02-05 14:16:51 -05:00
end
it " doesn't log in the user when not approved " do
SiteSetting . expects ( :must_approve_users? ) . returns ( true )
2014-08-25 15:30:52 -04:00
put :password_reset , token : token , password : 'newpassword'
2015-01-09 14:04:02 -03:00
expect ( assigns ( :user ) . errors ) . to be_blank
expect ( session [ :current_user_id ] ) . to be_blank
2013-02-07 06:50:59 -05:00
end
2013-02-05 14:16:51 -05:00
end
end
2015-04-27 16:29:48 +05:30
describe '.admin_login' do
let ( :admin ) { Fabricate ( :admin ) }
let ( :user ) { Fabricate ( :user ) }
context 'enqueues mail' do
it 'enqueues mail with admin email and sso enabled' do
Jobs . expects ( :enqueue ) . with ( :user_email , has_entries ( type : :admin_login , user_id : admin . id ) )
put :admin_login , email : admin . email
end
end
context 'logs in admin' do
it 'does not log in admin with invalid token' do
SiteSetting . enable_sso = true
get :admin_login , token : " invalid "
expect ( session [ :current_user_id ] ) . to be_blank
end
2015-06-05 18:58:20 +10:00
it 'does log in admin with valid token and SSO disabled' do
2015-04-27 16:29:48 +05:30
SiteSetting . enable_sso = false
token = admin . email_tokens . create ( email : admin . email ) . token
get :admin_login , token : token
expect ( response ) . to redirect_to ( '/' )
2015-06-05 18:58:20 +10:00
expect ( session [ :current_user_id ] ) . to eq ( admin . id )
2015-04-27 16:29:48 +05:30
end
it 'logs in admin with valid token and SSO enabled' do
SiteSetting . enable_sso = true
token = admin . email_tokens . create ( email : admin . email ) . token
get :admin_login , token : token
expect ( response ) . to redirect_to ( '/' )
expect ( session [ :current_user_id ] ) . to eq ( admin . id )
end
end
end
2015-04-07 18:02:10 +10:00
describe '#toggle_anon' do
it 'allows you to toggle anon if enabled' do
SiteSetting . allow_anonymous_posting = true
user = log_in
user . trust_level = 1
user . save
post :toggle_anon
expect ( response ) . to be_success
expect ( session [ :current_user_id ] ) . to eq ( AnonymousShadowCreator . get ( user ) . id )
post :toggle_anon
expect ( response ) . to be_success
expect ( session [ :current_user_id ] ) . to eq ( user . id )
end
end
2013-11-12 14:37:38 -08:00
describe '#create' do
2014-07-15 14:07:19 -04:00
2013-02-07 06:50:59 -05:00
before do
2014-07-15 14:07:19 -04:00
UsersController . any_instance . stubs ( :honeypot_value ) . returns ( nil )
UsersController . any_instance . stubs ( :challenge_value ) . returns ( nil )
2014-07-14 15:42:14 -04:00
SiteSetting . stubs ( :allow_new_registrations ) . returns ( true )
2013-02-05 14:16:51 -05:00
@user = Fabricate . build ( :user )
2013-02-07 06:50:59 -05:00
@user . password = " strongpassword "
2013-02-05 14:16:51 -05:00
end
2013-06-05 17:09:22 -07:00
def post_user
xhr :post , :create ,
name : @user . name ,
username : @user . username ,
password : " strongpassword " ,
email : @user . email
end
2013-02-05 14:16:51 -05:00
context 'when creating a non active user (unconfirmed email)' do
2014-03-26 15:39:44 +11:00
it 'returns a 500 when local logins are disabled' do
SiteSetting . expects ( :enable_local_logins ) . returns ( false )
2013-06-05 17:09:22 -07:00
post_user
2014-03-26 15:39:44 +11:00
expect ( response . status ) . to eq ( 500 )
2013-02-05 14:16:51 -05:00
end
2014-07-14 15:42:14 -04:00
it 'returns an error when new registrations are disabled' do
SiteSetting . stubs ( :allow_new_registrations ) . returns ( false )
post_user
json = JSON . parse ( response . body )
2015-01-09 14:04:02 -03:00
expect ( json [ 'success' ] ) . to eq ( false )
expect ( json [ 'message' ] ) . to be_present
2014-07-14 15:42:14 -04:00
end
2014-03-26 15:39:44 +11:00
it 'creates a user correctly' do
Jobs . expects ( :enqueue ) . with ( :user_email , has_entries ( type : :signup ) )
2013-02-05 14:16:51 -05:00
User . any_instance . expects ( :enqueue_welcome_message ) . with ( 'welcome_user' ) . never
2013-06-05 17:09:22 -07:00
2013-06-05 18:19:27 -07:00
post_user
2014-03-26 15:39:44 +11:00
2014-09-25 17:44:48 +02:00
expect ( JSON . parse ( response . body ) [ 'active' ] ) . to be_falsey
2014-10-01 23:03:49 +05:30
2014-11-04 15:47:32 -05:00
# should save user_created_message in session
2015-01-09 14:04:02 -03:00
expect ( session [ " user_created_message " ] ) . to be_present
2013-02-07 06:50:59 -05:00
end
2013-02-05 14:16:51 -05:00
2013-06-05 18:19:27 -07:00
context " and 'must approve users' site setting is enabled " do
before { SiteSetting . expects ( :must_approve_users ) . returns ( true ) }
2013-02-05 14:16:51 -05:00
2013-06-05 18:19:27 -07:00
it 'does not enqueue an email' do
Jobs . expects ( :enqueue ) . never
post_user
end
it 'does not login the user' do
post_user
expect ( session [ :current_user_id ] ) . to be_blank
end
it 'indicates the user is not active in the response' do
post_user
2014-09-25 17:44:48 +02:00
expect ( JSON . parse ( response . body ) [ 'active' ] ) . to be_falsey
2013-06-05 18:19:27 -07:00
end
it " shows the 'waiting approval' message " do
post_user
2014-09-25 17:44:48 +02:00
expect ( JSON . parse ( response . body ) [ 'message' ] ) . to eq ( I18n . t 'login.wait_approval' )
2013-06-05 18:19:27 -07:00
end
2013-02-05 14:16:51 -05:00
end
2013-06-05 18:19:27 -07:00
end
context 'when creating an active user (confirmed email)' do
before { User . any_instance . stubs ( :active? ) . returns ( true ) }
2013-02-05 14:16:51 -05:00
2013-06-05 16:50:24 -07:00
it 'enqueues a welcome email' do
2013-02-05 14:16:51 -05:00
User . any_instance . expects ( :enqueue_welcome_message ) . with ( 'welcome_user' )
2013-06-05 17:09:22 -07:00
post_user
2014-10-01 23:03:49 +05:30
2014-11-04 15:47:32 -05:00
# should save user_created_message in session
2015-01-09 14:04:02 -03:00
expect ( session [ " user_created_message " ] ) . to be_present
2013-06-05 17:09:22 -07:00
end
2013-06-05 18:19:27 -07:00
it " shows the 'active' message " do
User . any_instance . expects ( :enqueue_welcome_message )
post_user
expect ( JSON . parse ( response . body ) [ 'message' ] ) . to eq (
I18n . t 'login.active'
)
2013-02-07 06:50:59 -05:00
end
2013-02-05 14:16:51 -05:00
it " should be logged in " do
User . any_instance . expects ( :enqueue_welcome_message )
2013-06-05 17:09:22 -07:00
post_user
2015-01-09 14:04:02 -03:00
expect ( session [ :current_user_id ] ) . to be_present
2013-02-05 14:16:51 -05:00
end
2013-06-05 18:19:27 -07:00
it 'indicates the user is active in the response' do
2013-02-05 14:16:51 -05:00
User . any_instance . expects ( :enqueue_welcome_message )
2013-06-05 17:09:22 -07:00
post_user
2014-09-25 17:44:48 +02:00
expect ( JSON . parse ( response . body ) [ 'active' ] ) . to be_truthy
2013-02-05 14:16:51 -05:00
end
2014-07-14 15:42:14 -04:00
it 'returns 500 status when new registrations are disabled' do
SiteSetting . stubs ( :allow_new_registrations ) . returns ( false )
post_user
json = JSON . parse ( response . body )
2015-01-09 14:04:02 -03:00
expect ( json [ 'success' ] ) . to eq ( false )
expect ( json [ 'message' ] ) . to be_present
2014-07-14 15:42:14 -04:00
end
2013-04-13 00:46:55 +02:00
context 'authentication records for' do
before do
SiteSetting . expects ( :must_approve_users ) . returns ( true )
end
2013-08-26 11:04:16 +10:00
it 'should create twitter user info if required' do
SiteSetting . stubs ( :enable_twitter_logins? ) . returns ( true )
2013-04-13 00:46:55 +02:00
twitter_auth = { twitter_user_id : 42 , twitter_screen_name : " bruce " }
2013-08-26 11:04:16 +10:00
auth = session [ :authentication ] = { }
auth [ :authenticator_name ] = 'twitter'
auth [ :extra_data ] = twitter_auth
2013-04-13 00:46:55 +02:00
TwitterUserInfo . expects ( :create )
2013-06-05 17:09:22 -07:00
post_user
2013-04-13 00:46:55 +02:00
end
end
2013-02-05 14:16:51 -05:00
end
context 'after success' do
2013-06-05 17:09:22 -07:00
before { post_user }
2013-02-05 14:16:51 -05:00
2013-02-07 06:50:59 -05:00
it 'should succeed' do
2015-01-09 14:04:02 -03:00
is_expected . to respond_with ( :success )
2013-02-05 14:16:51 -05:00
end
it 'has the proper JSON' do
json = JSON :: parse ( response . body )
2015-01-09 14:04:02 -03:00
expect ( json [ " success " ] ) . to eq ( true )
2013-02-05 14:16:51 -05:00
end
2013-02-07 06:50:59 -05:00
it 'should not result in an active account' do
2015-01-09 14:04:02 -03:00
expect ( User . find_by ( username : @user . username ) . active ) . to eq ( false )
2013-02-05 14:16:51 -05:00
end
end
2013-02-06 19:25:21 -05:00
2013-06-28 14:43:35 -04:00
shared_examples 'honeypot fails' do
2013-02-06 19:25:21 -05:00
it 'should not create a new user' do
expect {
xhr :post , :create , create_params
} . to_not change { User . count }
end
it 'should not send an email' do
User . any_instance . expects ( :enqueue_welcome_message ) . never
xhr :post , :create , create_params
end
it 'should say it was successful' do
xhr :post , :create , create_params
json = JSON :: parse ( response . body )
2015-01-09 14:04:02 -03:00
expect ( json [ " success " ] ) . to eq ( true )
2014-10-01 23:03:49 +05:30
# should not change the session
2015-01-09 14:04:02 -03:00
expect ( session [ " user_created_message " ] ) . to be_blank
2013-02-06 19:25:21 -05:00
end
end
context 'when honeypot value is wrong' do
before do
UsersController . any_instance . stubs ( :honeypot_value ) . returns ( 'abc' )
end
2013-03-23 20:32:59 +05:30
let ( :create_params ) { { name : @user . name , username : @user . username , password : " strongpassword " , email : @user . email , password_confirmation : 'wrong' } }
2013-06-28 14:43:35 -04:00
include_examples 'honeypot fails'
2013-02-06 19:25:21 -05:00
end
context 'when challenge answer is wrong' do
before do
UsersController . any_instance . stubs ( :challenge_value ) . returns ( 'abc' )
end
2013-03-23 20:32:59 +05:30
let ( :create_params ) { { name : @user . name , username : @user . username , password : " strongpassword " , email : @user . email , challenge : 'abc' } }
2013-06-28 14:43:35 -04:00
include_examples 'honeypot fails'
2013-02-06 19:25:21 -05:00
end
2013-02-12 15:42:04 -05:00
2013-06-05 11:08:21 -07:00
context " when 'invite only' setting is enabled " do
before { SiteSetting . expects ( :invite_only? ) . returns ( true ) }
let ( :create_params ) { {
name : @user . name ,
username : @user . username ,
password : 'strongpassword' ,
email : @user . email
} }
2013-06-28 14:43:35 -04:00
include_examples 'honeypot fails'
2013-06-05 11:08:21 -07:00
end
2013-06-28 14:43:35 -04:00
shared_examples 'failed signup' do
2013-02-12 15:42:04 -05:00
it 'should not create a new User' do
expect { xhr :post , :create , create_params } . to_not change { User . count }
end
it 'should report failed' do
xhr :post , :create , create_params
json = JSON :: parse ( response . body )
2015-01-09 14:04:02 -03:00
expect ( json [ " success " ] ) . not_to eq ( true )
2014-10-29 01:06:59 +01:00
2014-10-01 23:03:49 +05:30
# should not change the session
2015-01-09 14:04:02 -03:00
expect ( session [ " user_created_message " ] ) . to be_blank
2013-02-12 15:42:04 -05:00
end
end
context 'when password is blank' do
2013-03-23 20:32:59 +05:30
let ( :create_params ) { { name : @user . name , username : @user . username , password : " " , email : @user . email } }
2013-06-28 14:43:35 -04:00
include_examples 'failed signup'
2013-02-12 15:42:04 -05:00
end
2014-09-11 12:22:11 -07:00
context 'when password is too long' do
let ( :create_params ) { { name : @user . name , username : @user . username , password : " x " * ( User . max_password_length + 1 ) , email : @user . email } }
include_examples 'failed signup'
end
2013-02-12 15:42:04 -05:00
context 'when password param is missing' do
2013-03-23 20:32:59 +05:30
let ( :create_params ) { { name : @user . name , username : @user . username , email : @user . email } }
2013-06-28 14:43:35 -04:00
include_examples 'failed signup'
2013-03-07 14:56:28 -05:00
end
2015-07-01 13:44:53 -07:00
context 'with a reserved username' do
let ( :create_params ) { { name : @user . name , username : 'Reserved' , email : @user . email , password : " x " * 20 } }
before { SiteSetting . reserved_usernames = 'a|reserved|b' }
after { SiteSetting . reserved_usernames = nil }
include_examples 'failed signup'
end
2013-04-13 00:46:55 +02:00
context 'when an Exception is raised' do
[ ActiveRecord :: StatementInvalid ,
RestClient :: Forbidden ] . each do | exception |
before { User . any_instance . stubs ( :save ) . raises ( exception ) }
let ( :create_params ) {
{ name : @user . name , username : @user . username ,
password : " strongpassword " , email : @user . email }
}
2013-06-28 14:43:35 -04:00
include_examples 'failed signup'
2013-03-07 14:56:28 -05:00
end
2013-02-12 15:42:04 -05:00
end
2013-04-13 00:46:55 +02:00
2014-09-26 14:48:34 -04:00
context " with custom fields " do
let! ( :user_field ) { Fabricate ( :user_field ) }
let! ( :another_field ) { Fabricate ( :user_field ) }
2014-10-08 14:38:18 -04:00
let! ( :optional_field ) { Fabricate ( :user_field , required : false ) }
2014-09-26 14:48:34 -04:00
context " without a value for the fields " do
let ( :create_params ) { { name : @user . name , password : 'watwatwat' , username : @user . username , email : @user . email } }
include_examples 'failed signup'
end
context " with values for the fields " do
let ( :create_params ) { {
name : @user . name ,
password : 'watwatwat' ,
username : @user . username ,
email : @user . email ,
user_fields : {
user_field . id . to_s = > 'value1' ,
another_field . id . to_s = > 'value2' ,
}
} }
2014-10-08 14:38:18 -04:00
it " should succeed without the optional field " do
2014-09-26 14:48:34 -04:00
xhr :post , :create , create_params
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_success
2014-09-26 14:48:34 -04:00
inserted = User . where ( email : @user . email ) . first
2015-01-09 14:04:02 -03:00
expect ( inserted ) . to be_present
expect ( inserted . custom_fields ) . to be_present
expect ( inserted . custom_fields [ " user_field_ #{ user_field . id } " ] ) . to eq ( 'value1' )
expect ( inserted . custom_fields [ " user_field_ #{ another_field . id } " ] ) . to eq ( 'value2' )
expect ( inserted . custom_fields [ " user_field_ #{ optional_field . id } " ] ) . to be_blank
2014-10-08 14:38:18 -04:00
end
it " should succeed with the optional field " do
create_params [ :user_fields ] [ optional_field . id . to_s ] = 'value3'
xhr :post , :create , create_params . merge ( create_params )
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_success
2014-10-08 14:38:18 -04:00
inserted = User . where ( email : @user . email ) . first
2015-01-09 14:04:02 -03:00
expect ( inserted ) . to be_present
expect ( inserted . custom_fields ) . to be_present
expect ( inserted . custom_fields [ " user_field_ #{ user_field . id } " ] ) . to eq ( 'value1' )
expect ( inserted . custom_fields [ " user_field_ #{ another_field . id } " ] ) . to eq ( 'value2' )
expect ( inserted . custom_fields [ " user_field_ #{ optional_field . id } " ] ) . to eq ( 'value3' )
2014-09-26 14:48:34 -04:00
end
2015-02-23 13:02:30 -05:00
it " trims excessively long fields " do
create_params [ :user_fields ] [ optional_field . id . to_s ] = ( 'x' * 3000 )
xhr :post , :create , create_params . merge ( create_params )
expect ( response ) . to be_success
inserted = User . where ( email : @user . email ) . first
val = inserted . custom_fields [ " user_field_ #{ optional_field . id } " ]
expect ( val . length ) . to eq ( UserField . max_length )
end
2014-09-26 14:48:34 -04:00
end
end
2015-01-27 11:48:27 +02:00
context " with only optional custom fields " do
let! ( :user_field ) { Fabricate ( :user_field , required : false ) }
context " without values for the fields " do
let ( :create_params ) { {
name : @user . name ,
password : 'watwatwat' ,
username : @user . username ,
email : @user . email ,
} }
it " should succeed " do
xhr :post , :create , create_params
expect ( response ) . to be_success
inserted = User . where ( email : @user . email ) . first
expect ( inserted ) . to be_present
expect ( inserted . custom_fields ) . not_to be_present
expect ( inserted . custom_fields [ " user_field_ #{ user_field . id } " ] ) . to be_blank
end
end
end
2013-02-05 14:16:51 -05:00
end
context '.username' do
it 'raises an error when not logged in' do
2015-01-09 14:04:02 -03:00
expect { xhr :put , :username , username : 'somename' } . to raise_error ( Discourse :: NotLoggedIn )
2013-02-05 14:16:51 -05:00
end
context 'while logged in' do
2015-01-16 14:30:46 -08:00
let ( :old_username ) { " OrigUsrname " }
let ( :new_username ) { " #{ old_username } 1234 " }
let ( :user ) { Fabricate ( :user , username : old_username ) }
before do
user . username = old_username
log_in_user ( user )
end
2013-02-05 14:16:51 -05:00
it 'raises an error without a new_username param' do
2015-01-09 14:04:02 -03:00
expect { xhr :put , :username , username : user . username } . to raise_error ( ActionController :: ParameterMissing )
2015-04-25 11:18:35 -04:00
expect ( user . reload . username ) . to eq ( old_username )
2013-02-05 14:16:51 -05:00
end
2013-08-12 14:54:52 -04:00
it 'raises an error when you don\'t have permission to change the username' do
Guardian . any_instance . expects ( :can_edit_username? ) . with ( user ) . returns ( false )
2013-02-05 14:16:51 -05:00
xhr :put , :username , username : user . username , new_username : new_username
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_forbidden
2015-04-25 11:18:35 -04:00
expect ( user . reload . username ) . to eq ( old_username )
2013-02-05 14:16:51 -05:00
end
2015-01-16 14:30:46 -08:00
# Bad behavior, this should give a real JSON error, not an InvalidParameters
2013-02-05 14:16:51 -05:00
it 'raises an error when change_username fails' do
2015-01-16 14:30:46 -08:00
User . any_instance . expects ( :save ) . returns ( false )
2015-01-09 14:04:02 -03:00
expect { xhr :put , :username , username : user . username , new_username : new_username } . to raise_error ( Discourse :: InvalidParameters )
2015-04-25 11:18:35 -04:00
expect ( user . reload . username ) . to eq ( old_username )
2013-02-05 14:16:51 -05:00
end
2015-01-16 14:30:46 -08:00
it 'should succeed in normal circumstances' do
2013-02-05 14:16:51 -05:00
xhr :put , :username , username : user . username , new_username : new_username
2015-04-25 11:18:35 -04:00
expect ( response ) . to be_success
expect ( user . reload . username ) . to eq ( new_username )
2015-01-16 14:30:46 -08:00
end
2015-02-26 13:05:20 +01:00
skip 'should fail if the user is old' , 'ensure_can_edit_username! is not throwing' do
2015-01-16 14:30:46 -08:00
# Older than the change period and >1 post
user . created_at = Time . now - ( SiteSetting . username_change_period + 1 ) . days
user . stubs ( :post_count ) . returns ( 200 )
2015-04-25 11:18:35 -04:00
expect ( Guardian . new ( user ) . can_edit_username? ( user ) ) . to eq ( false )
2015-01-16 14:30:46 -08:00
xhr :put , :username , username : user . username , new_username : new_username
2015-04-25 11:18:35 -04:00
expect ( response ) . to be_forbidden
expect ( user . reload . username ) . to eq ( old_username )
2015-01-16 14:30:46 -08:00
end
it 'should create a staff action log when a staff member changes the username' do
acting_user = Fabricate ( :admin )
log_in_user ( acting_user )
xhr :put , :username , username : user . username , new_username : new_username
2015-04-25 11:18:35 -04:00
expect ( response ) . to be_success
expect ( UserHistory . where ( action : UserHistory . actions [ :change_username ] , target_user_id : user . id , acting_user_id : acting_user . id ) ) . to be_present
expect ( user . reload . username ) . to eq ( new_username )
2013-02-05 14:16:51 -05:00
end
2014-12-10 09:43:16 -07:00
it 'should return a JSON response with the updated username' do
xhr :put , :username , username : user . username , new_username : new_username
2015-01-09 14:04:02 -03:00
expect ( :: JSON . parse ( response . body ) [ 'username' ] ) . to eq ( new_username )
2014-12-10 09:43:16 -07:00
end
2013-02-05 14:16:51 -05:00
end
end
context '.check_username' do
2013-11-19 14:15:05 -05:00
it 'raises an error without any parameters' do
2015-01-09 14:04:02 -03:00
expect { xhr :get , :check_username } . to raise_error ( ActionController :: ParameterMissing )
2013-02-05 14:16:51 -05:00
end
2014-07-16 12:25:24 -04:00
shared_examples 'when username is unavailable' do
2013-02-05 14:16:51 -05:00
it 'should return success' do
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_success
2013-02-05 14:16:51 -05:00
end
it 'should return available as false in the JSON' do
2015-01-09 14:04:02 -03:00
expect ( :: JSON . parse ( response . body ) [ 'available' ] ) . to eq ( false )
2013-02-05 14:16:51 -05:00
end
it 'should return a suggested username' do
2015-01-09 14:04:02 -03:00
expect ( :: JSON . parse ( response . body ) [ 'suggestion' ] ) . to be_present
2013-02-05 14:16:51 -05:00
end
end
2014-07-16 12:25:24 -04:00
shared_examples 'when username is available' do
2013-02-05 14:16:51 -05:00
it 'should return success' do
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_success
2013-02-05 14:16:51 -05:00
end
it 'should return available in the JSON' do
2015-01-09 14:04:02 -03:00
expect ( :: JSON . parse ( response . body ) [ 'available' ] ) . to eq ( true )
2013-02-05 14:16:51 -05:00
end
end
2014-07-16 12:25:24 -04:00
it 'returns nothing when given an email param but no username' do
xhr :get , :check_username , email : 'dood@example.com'
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_success
2014-07-16 12:25:24 -04:00
end
2013-02-08 14:12:48 -05:00
2014-07-16 12:25:24 -04:00
context 'username is available' do
before do
xhr :get , :check_username , username : 'BruceWayne'
2013-02-08 14:12:48 -05:00
end
2014-07-16 12:25:24 -04:00
include_examples 'when username is available'
2013-02-05 14:16:51 -05:00
end
2014-07-16 12:25:24 -04:00
context 'username is unavailable' do
let! ( :user ) { Fabricate ( :user ) }
2013-02-05 14:16:51 -05:00
before do
2014-07-16 12:25:24 -04:00
xhr :get , :check_username , username : user . username
2013-02-05 14:16:51 -05:00
end
2014-07-16 12:25:24 -04:00
include_examples 'when username is unavailable'
end
2013-02-05 14:16:51 -05:00
2014-07-16 12:25:24 -04:00
shared_examples 'checking an invalid username' do
it 'should return success' do
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_success
2013-02-05 14:16:51 -05:00
end
2014-07-16 12:25:24 -04:00
it 'should not return an available key' do
2015-01-09 14:04:02 -03:00
expect ( :: JSON . parse ( response . body ) [ 'available' ] ) . to eq ( nil )
2013-02-05 14:16:51 -05:00
end
2014-07-16 12:25:24 -04:00
it 'should return an error message' do
2015-01-09 14:04:02 -03:00
expect ( :: JSON . parse ( response . body ) [ 'errors' ] ) . not_to be_empty
2013-02-05 14:16:51 -05:00
end
2014-07-16 12:25:24 -04:00
end
2013-02-05 14:16:51 -05:00
2014-07-16 12:25:24 -04:00
context 'has invalid characters' do
before do
xhr :get , :check_username , username : 'bad username'
2013-02-05 14:16:51 -05:00
end
2014-07-16 12:25:24 -04:00
include_examples 'checking an invalid username'
2013-02-05 14:16:51 -05:00
2014-07-16 12:25:24 -04:00
it 'should return the invalid characters message' do
2015-01-09 14:04:02 -03:00
expect ( :: JSON . parse ( response . body ) [ 'errors' ] ) . to include ( I18n . t ( :'user.username.characters' ) )
2013-02-05 14:16:51 -05:00
end
end
2014-07-16 12:25:24 -04:00
context 'is too long' do
2013-02-05 14:16:51 -05:00
before do
2014-07-16 12:25:24 -04:00
xhr :get , :check_username , username : generate_username ( User . username_length . last + 1 )
2013-02-05 14:16:51 -05:00
end
2014-07-16 12:25:24 -04:00
include_examples 'checking an invalid username'
2013-02-05 14:16:51 -05:00
2014-07-16 12:25:24 -04:00
it 'should return the "too long" message' do
2015-01-09 14:04:02 -03:00
expect ( :: JSON . parse ( response . body ) [ 'errors' ] ) . to include ( I18n . t ( :'user.username.long' , max : User . username_length . end ) )
2013-02-05 14:16:51 -05:00
end
end
2013-06-28 16:21:46 -04:00
describe 'different case of existing username' do
context " it's my username " do
let! ( :user ) { Fabricate ( :user , username : 'hansolo' ) }
before do
log_in_user ( user )
xhr :get , :check_username , username : 'HanSolo'
end
2014-07-16 12:25:24 -04:00
include_examples 'when username is available'
2013-06-28 16:21:46 -04:00
end
context " it's someone else's username " do
let! ( :user ) { Fabricate ( :user , username : 'hansolo' ) }
before do
log_in
xhr :get , :check_username , username : 'HanSolo'
end
2014-07-16 12:25:24 -04:00
include_examples 'when username is unavailable'
2013-06-28 16:21:46 -04:00
end
2013-07-30 14:13:56 -04:00
context " an admin changing it for someone else " do
let! ( :user ) { Fabricate ( :user , username : 'hansolo' ) }
before do
log_in_user ( Fabricate ( :admin ) )
xhr :get , :check_username , username : 'HanSolo' , for_user_id : user . id
end
2014-07-16 12:25:24 -04:00
include_examples 'when username is available'
2013-07-30 14:13:56 -04:00
end
2013-06-28 16:21:46 -04:00
end
2013-02-05 14:16:51 -05:00
end
2013-11-08 11:11:41 -08:00
describe '#invited' do
2013-02-05 14:16:51 -05:00
it 'returns success' do
2013-11-08 11:11:41 -08:00
user = Fabricate ( :user )
2013-02-05 14:16:51 -05:00
xhr :get , :invited , username : user . username
2013-11-08 11:11:41 -08:00
expect ( response ) . to be_success
end
it 'filters by email' do
inviter = Fabricate ( :user )
invitee = Fabricate ( :user )
2014-09-25 17:46:51 +10:00
_invite = Fabricate (
2013-11-08 11:11:41 -08:00
:invite ,
email : 'billybob@example.com' ,
invited_by : inviter ,
user : invitee
)
Fabricate (
:invite ,
email : 'jimtom@example.com' ,
invited_by : inviter ,
user : invitee
)
xhr :get , :invited , username : inviter . username , filter : 'billybob'
2014-03-21 14:13:04 -04:00
invites = JSON . parse ( response . body ) [ 'invites' ]
2015-01-09 14:04:02 -03:00
expect ( invites . size ) . to eq ( 1 )
2013-11-08 11:11:41 -08:00
expect ( invites . first ) . to include ( 'email' = > 'billybob@example.com' )
end
it 'filters by username' do
inviter = Fabricate ( :user )
invitee = Fabricate ( :user , username : 'billybob' )
2014-09-25 17:46:51 +10:00
_invite = Fabricate (
2013-11-08 11:11:41 -08:00
:invite ,
invited_by : inviter ,
email : 'billybob@example.com' ,
user : invitee
)
Fabricate (
:invite ,
invited_by : inviter ,
user : Fabricate ( :user , username : 'jimtom' )
)
xhr :get , :invited , username : inviter . username , filter : 'billybob'
2014-03-21 14:13:04 -04:00
invites = JSON . parse ( response . body ) [ 'invites' ]
2015-01-09 14:04:02 -03:00
expect ( invites . size ) . to eq ( 1 )
2013-11-08 11:11:41 -08:00
expect ( invites . first ) . to include ( 'email' = > 'billybob@example.com' )
2013-02-05 14:16:51 -05:00
end
2013-11-08 11:11:41 -08:00
context 'with guest' do
context 'with pending invites' do
it 'does not return invites' do
inviter = Fabricate ( :user )
Fabricate ( :invite , invited_by : inviter )
xhr :get , :invited , username : inviter . username
2014-03-21 14:13:04 -04:00
invites = JSON . parse ( response . body ) [ 'invites' ]
2013-11-08 11:11:41 -08:00
expect ( invites ) . to be_empty
end
end
context 'with redeemed invites' do
it 'returns invites' do
inviter = Fabricate ( :user )
invitee = Fabricate ( :user )
invite = Fabricate ( :invite , invited_by : inviter , user : invitee )
xhr :get , :invited , username : inviter . username
2014-03-21 14:13:04 -04:00
invites = JSON . parse ( response . body ) [ 'invites' ]
2015-01-09 14:04:02 -03:00
expect ( invites . size ) . to eq ( 1 )
2013-11-08 11:11:41 -08:00
expect ( invites . first ) . to include ( 'email' = > invite . email )
end
end
end
context 'with authenticated user' do
context 'with pending invites' do
context 'with permission to see pending invites' do
it 'returns invites' do
user = log_in
inviter = Fabricate ( :user )
invite = Fabricate ( :invite , invited_by : inviter )
stub_guardian ( user ) do | guardian |
2014-03-21 14:13:04 -04:00
guardian . stubs ( :can_see_invite_details? ) .
2013-11-08 11:11:41 -08:00
with ( inviter ) . returns ( true )
end
xhr :get , :invited , username : inviter . username
2014-03-21 14:13:04 -04:00
invites = JSON . parse ( response . body ) [ 'invites' ]
2015-01-09 14:04:02 -03:00
expect ( invites . size ) . to eq ( 1 )
2013-11-08 11:11:41 -08:00
expect ( invites . first ) . to include ( " email " = > invite . email )
end
end
context 'without permission to see pending invites' do
it 'does not return invites' do
user = log_in
inviter = Fabricate ( :user )
2014-09-25 17:46:51 +10:00
_invitee = Fabricate ( :user )
2013-11-08 11:11:41 -08:00
Fabricate ( :invite , invited_by : inviter )
stub_guardian ( user ) do | guardian |
2014-03-21 14:13:04 -04:00
guardian . stubs ( :can_see_invite_details? ) .
2013-11-08 11:11:41 -08:00
with ( inviter ) . returns ( false )
end
xhr :get , :invited , username : inviter . username
2014-03-21 14:13:04 -04:00
json = JSON . parse ( response . body ) [ 'invites' ]
expect ( json ) . to be_empty
2013-11-08 11:11:41 -08:00
end
end
end
context 'with redeemed invites' do
it 'returns invites' do
2014-09-25 17:46:51 +10:00
_user = log_in
2013-11-08 11:11:41 -08:00
inviter = Fabricate ( :user )
invitee = Fabricate ( :user )
invite = Fabricate ( :invite , invited_by : inviter , user : invitee )
xhr :get , :invited , username : inviter . username
2014-03-21 14:13:04 -04:00
invites = JSON . parse ( response . body ) [ 'invites' ]
2015-01-09 14:04:02 -03:00
expect ( invites . size ) . to eq ( 1 )
2013-11-08 11:11:41 -08:00
expect ( invites . first ) . to include ( 'email' = > invite . email )
end
end
end
2013-02-05 14:16:51 -05:00
end
2013-11-01 11:12:25 -07:00
describe '#update' do
context 'with guest' do
it 'raises an error' do
2013-04-13 00:46:55 +02:00
expect do
2013-11-01 11:12:25 -07:00
xhr :put , :update , username : 'guest'
2013-04-13 00:46:55 +02:00
end . to raise_error ( Discourse :: NotLoggedIn )
2013-02-05 14:16:51 -05:00
end
end
2015-03-20 15:18:43 -04:00
context " as a staff user " do
let! ( :user ) { log_in ( :admin ) }
context " uneditable field " do
let! ( :user_field ) { Fabricate ( :user_field , editable : false ) }
it " allows staff to edit the field " do
put :update , username : user . username , name : 'Jim Tom' , user_fields : { user_field . id . to_s = > 'happy' }
expect ( response ) . to be_success
expect ( user . user_fields [ user_field . id . to_s ] ) . to eq ( 'happy' )
end
end
end
2013-11-01 11:12:25 -07:00
context 'with authenticated user' do
context 'with permission to update' do
2014-09-26 14:48:34 -04:00
let! ( :user ) { log_in ( :user ) }
2013-02-05 14:16:51 -05:00
2014-09-26 14:48:34 -04:00
it 'allows the update' do
2015-03-24 11:55:22 +11:00
user2 = Fabricate ( :user )
user3 = Fabricate ( :user )
put :update ,
username : user . username ,
name : 'Jim Tom' ,
custom_fields : { test : :it } ,
muted_usernames : " #{ user2 . username } , #{ user3 . username } "
2013-11-01 11:12:25 -07:00
expect ( response ) . to be_success
2014-06-11 15:50:37 +10:00
user . reload
expect ( user . name ) . to eq 'Jim Tom'
expect ( user . custom_fields [ 'test' ] ) . to eq 'it'
2015-03-24 11:55:22 +11:00
expect ( user . muted_users . pluck ( :username ) . sort ) . to eq [ user2 . username , user3 . username ] . sort
put :update ,
username : user . username ,
muted_usernames : " "
user . reload
expect ( user . muted_users . pluck ( :username ) . sort ) . to be_empty
2013-11-01 11:12:25 -07:00
end
2013-11-01 11:42:16 -07:00
2014-09-26 14:48:34 -04:00
context " with user fields " do
context " an editable field " do
let! ( :user_field ) { Fabricate ( :user_field ) }
2014-10-08 14:38:18 -04:00
let! ( :optional_field ) { Fabricate ( :user_field , required : false ) }
2014-09-26 14:48:34 -04:00
it " should update the user field " do
put :update , username : user . username , name : 'Jim Tom' , user_fields : { user_field . id . to_s = > 'happy' }
expect ( response ) . to be_success
expect ( user . user_fields [ user_field . id . to_s ] ) . to eq 'happy'
end
it " cannot be updated to blank " do
put :update , username : user . username , name : 'Jim Tom' , user_fields : { user_field . id . to_s = > '' }
2015-01-09 14:04:02 -03:00
expect ( response ) . not_to be_success
expect ( user . user_fields [ user_field . id . to_s ] ) . not_to eq ( 'happy' )
2014-09-26 14:48:34 -04:00
end
2015-02-23 13:02:30 -05:00
it " trims excessively large fields " do
put :update , username : user . username , name : 'Jim Tom' , user_fields : { user_field . id . to_s = > ( 'x' * 3000 ) }
expect ( user . user_fields [ user_field . id . to_s ] . size ) . to eq ( UserField . max_length )
end
2014-09-26 14:48:34 -04:00
end
2013-11-01 11:42:16 -07:00
2014-09-26 14:48:34 -04:00
context " uneditable field " do
let! ( :user_field ) { Fabricate ( :user_field , editable : false ) }
it " does not update the user field " do
put :update , username : user . username , name : 'Jim Tom' , user_fields : { user_field . id . to_s = > 'happy' }
expect ( response ) . to be_success
expect ( user . user_fields [ user_field . id . to_s ] ) . to be_blank
end
end
end
it 'returns user JSON' do
2013-11-01 11:42:16 -07:00
put :update , username : user . username
json = JSON . parse ( response . body )
expect ( json [ 'user' ] [ 'id' ] ) . to eq user . id
end
2014-09-26 14:48:34 -04:00
2013-11-01 11:12:25 -07:00
end
2013-02-05 14:16:51 -05:00
2013-11-01 14:06:20 -07:00
context 'without permission to update' do
2013-11-01 11:12:25 -07:00
it 'does not allow the update' do
2013-11-01 11:42:16 -07:00
user = Fabricate ( :user , name : 'Billy Bob' )
log_in_user ( user )
guardian = Guardian . new ( user )
guardian . stubs ( :ensure_can_edit! ) . with ( user ) . raises ( Discourse :: InvalidAccess . new )
Guardian . stubs ( new : guardian ) . with ( user )
2013-02-05 14:16:51 -05:00
2013-11-01 11:12:25 -07:00
put :update , username : user . username , name : 'Jim Tom'
2013-02-05 14:16:51 -05:00
2013-11-01 11:12:25 -07:00
expect ( response ) . to be_forbidden
expect ( user . reload . name ) . not_to eq 'Jim Tom'
2013-02-05 14:16:51 -05:00
end
end
end
end
2014-10-20 13:15:58 -04:00
describe " badge_card " do
let ( :user ) { Fabricate ( :user ) }
let ( :badge ) { Fabricate ( :badge ) }
let ( :user_badge ) { BadgeGranter . grant ( badge , user ) }
it " sets the user's card image to the badge " do
log_in_user user
xhr :put , :update_card_badge , user_badge_id : user_badge . id , username : user . username
2015-01-09 14:04:02 -03:00
expect ( user . user_profile . reload . card_image_badge_id ) . to be_blank
2014-10-20 13:15:58 -04:00
badge . update_attributes image : " wat.com/wat.jpg "
xhr :put , :update_card_badge , user_badge_id : user_badge . id , username : user . username
2015-01-09 14:04:02 -03:00
expect ( user . user_profile . reload . card_image_badge_id ) . to eq ( badge . id )
2014-10-20 13:15:58 -04:00
# Can set to nothing
xhr :put , :update_card_badge , username : user . username
2015-01-09 14:04:02 -03:00
expect ( user . user_profile . reload . card_image_badge_id ) . to be_blank
2014-10-20 13:15:58 -04:00
end
end
2014-04-25 23:55:29 +05:30
describe " badge_title " do
let ( :user ) { Fabricate ( :user ) }
let ( :badge ) { Fabricate ( :badge ) }
let ( :user_badge ) { BadgeGranter . grant ( badge , user ) }
it " sets the user's title to the badge name if it is titleable " do
log_in_user user
xhr :put , :badge_title , user_badge_id : user_badge . id , username : user . username
2015-01-09 14:04:02 -03:00
expect ( user . reload . title ) . not_to eq ( badge . name )
2014-04-25 23:55:29 +05:30
badge . update_attributes allow_title : true
xhr :put , :badge_title , user_badge_id : user_badge . id , username : user . username
2015-01-09 14:04:02 -03:00
expect ( user . reload . title ) . to eq ( badge . name )
expect ( user . user_profile . badge_granted_title ) . to eq ( true )
2014-10-08 10:26:18 +11:00
user . title = " testing "
user . save
user . user_profile . reload
2015-01-09 14:04:02 -03:00
expect ( user . user_profile . badge_granted_title ) . to eq ( false )
2014-10-08 10:26:18 +11:00
2014-04-25 23:55:29 +05:30
end
end
2013-02-07 06:50:59 -05:00
describe " search_users " do
let ( :topic ) { Fabricate :topic }
let ( :user ) { Fabricate :user , username : " joecabot " , name : " Lawrence Tierney " }
before do
2014-07-05 09:13:53 +10:00
ActiveRecord :: Base . observers . enable :all
2013-02-07 06:50:59 -05:00
Fabricate :post , user : user , topic : topic
end
it " searches when provided the term only " do
xhr :post , :search_users , term : user . name . split ( " " ) . last
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_success
2013-02-07 06:50:59 -05:00
json = JSON . parse ( response . body )
2015-01-09 14:04:02 -03:00
expect ( json [ " users " ] . map { | u | u [ " username " ] } ) . to include ( user . username )
2013-02-07 06:50:59 -05:00
end
it " searches when provided the topic only " do
xhr :post , :search_users , topic_id : topic . id
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_success
2013-02-07 06:50:59 -05:00
json = JSON . parse ( response . body )
2015-01-09 14:04:02 -03:00
expect ( json [ " users " ] . map { | u | u [ " username " ] } ) . to include ( user . username )
2013-02-07 06:50:59 -05:00
end
it " searches when provided the term and topic " do
xhr :post , :search_users , term : user . name . split ( " " ) . last , topic_id : topic . id
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_success
2013-02-07 06:50:59 -05:00
json = JSON . parse ( response . body )
2015-01-09 14:04:02 -03:00
expect ( json [ " users " ] . map { | u | u [ " username " ] } ) . to include ( user . username )
2013-02-07 06:50:59 -05:00
end
2015-04-13 20:33:13 +05:30
it " searches only for users who have access to private topic " do
privileged_user = Fabricate ( :user , trust_level : 4 , username : " joecabit " , name : " Lawrence Tierney " )
privileged_group = Fabricate ( :group )
privileged_group . add ( privileged_user )
privileged_group . save
category = Fabricate ( :category )
category . set_permissions ( privileged_group = > :readonly )
category . save
private_topic = Fabricate ( :topic , category : category )
xhr :post , :search_users , term : user . name . split ( " " ) . last , topic_id : private_topic . id , topic_allowed_users : " true "
expect ( response ) . to be_success
json = JSON . parse ( response . body )
expect ( json [ " users " ] . map { | u | u [ " username " ] } ) . to_not include ( user . username )
expect ( json [ " users " ] . map { | u | u [ " username " ] } ) . to include ( privileged_user . username )
end
2013-10-30 15:45:13 -04:00
context " when `enable_names` is true " do
before do
2014-07-05 09:13:53 +10:00
SiteSetting . enable_names = true
2013-10-30 15:45:13 -04:00
end
it " returns names " do
xhr :post , :search_users , term : user . name
json = JSON . parse ( response . body )
2015-01-09 14:04:02 -03:00
expect ( json [ " users " ] . map { | u | u [ " name " ] } ) . to include ( user . name )
2013-10-30 15:45:13 -04:00
end
end
context " when `enable_names` is false " do
before do
SiteSetting . stubs ( :enable_names? ) . returns ( false )
end
it " returns names " do
xhr :post , :search_users , term : user . name
json = JSON . parse ( response . body )
2015-01-09 14:04:02 -03:00
expect ( json [ " users " ] . map { | u | u [ " name " ] } ) . not_to include ( user . name )
2013-10-30 15:45:13 -04:00
end
end
2013-02-07 06:50:59 -05:00
end
2013-02-22 11:49:48 -05:00
describe 'send_activation_email' do
context 'for an existing user' do
2014-08-28 12:07:13 -04:00
let ( :user ) { Fabricate ( :user , active : false ) }
2013-02-22 11:49:48 -05:00
context 'with a valid email_token' do
it 'should send the activation email' do
Jobs . expects ( :enqueue ) . with ( :user_email , has_entries ( type : :signup ) )
2013-07-05 12:26:46 -04:00
xhr :post , :send_activation_email , username : user . username
2013-02-22 11:49:48 -05:00
end
end
context 'without an existing email_token' do
before do
user . email_tokens . each { | t | t . destroy }
user . reload
end
it 'should generate a new token' do
expect {
2013-07-05 12:26:46 -04:00
xhr :post , :send_activation_email , username : user . username
2013-02-22 11:49:48 -05:00
} . to change { user . email_tokens ( true ) . count } . by ( 1 )
end
it 'should send an email' do
Jobs . expects ( :enqueue ) . with ( :user_email , has_entries ( type : :signup ) )
2013-07-05 12:26:46 -04:00
xhr :post , :send_activation_email , username : user . username
2013-02-22 11:49:48 -05:00
end
end
end
context 'when username does not exist' do
it 'should not send an email' do
Jobs . expects ( :enqueue ) . never
2013-07-05 12:26:46 -04:00
xhr :post , :send_activation_email , username : 'nopenopenopenope'
2013-02-22 11:49:48 -05:00
end
end
end
2014-05-26 19:46:43 +10:00
describe '.pick_avatar' do
2013-08-24 22:37:31 +02:00
it 'raises an error when not logged in' do
2015-01-09 14:04:02 -03:00
expect { xhr :put , :pick_avatar , username : 'asdf' , avatar_id : 1 } . to raise_error ( Discourse :: NotLoggedIn )
2013-08-24 22:37:31 +02:00
end
context 'while logged in' do
let! ( :user ) { log_in }
it 'raises an error when you don\'t have permission to toggle the avatar' do
2014-05-26 19:46:43 +10:00
another_user = Fabricate ( :user )
xhr :put , :pick_avatar , username : another_user . username , upload_id : 1
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_forbidden
2013-08-24 22:37:31 +02:00
end
it 'it successful' do
2014-05-26 19:46:43 +10:00
xhr :put , :pick_avatar , username : user . username , upload_id : 111
2015-01-09 14:04:02 -03:00
expect ( user . reload . uploaded_avatar_id ) . to eq ( 111 )
2015-05-29 10:21:41 +02:00
expect ( user . user_avatar . reload . custom_upload_id ) . to eq ( 111 )
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_success
2014-05-30 14:48:07 +10:00
xhr :put , :pick_avatar , username : user . username
2015-01-09 14:04:02 -03:00
expect ( user . reload . uploaded_avatar_id ) . to eq ( nil )
2015-05-29 10:21:41 +02:00
expect ( user . user_avatar . reload . custom_upload_id ) . to eq ( 111 )
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_success
2013-08-24 22:37:31 +02:00
end
2014-12-06 09:26:32 -07:00
it 'returns success' do
xhr :put , :pick_avatar , username : user . username , upload_id : 111
2015-01-09 14:04:02 -03:00
expect ( user . reload . uploaded_avatar_id ) . to eq ( 111 )
expect ( response ) . to be_success
2014-12-06 09:26:32 -07:00
json = :: JSON . parse ( response . body )
2015-01-09 14:04:02 -03:00
expect ( json [ 'success' ] ) . to eq ( " OK " )
2014-12-06 09:26:32 -07:00
end
2013-08-24 22:37:31 +02:00
end
end
2014-03-26 15:39:44 +11:00
2014-06-27 14:48:39 -04:00
describe '.destroy_user_image' do
2014-03-26 15:39:44 +11:00
2014-02-28 21:12:51 +01:00
it 'raises an error when not logged in' do
2015-01-09 14:04:02 -03:00
expect { xhr :delete , :destroy_user_image , type : 'profile_background' , username : 'asdf' } . to raise_error ( Discourse :: NotLoggedIn )
2014-02-28 21:12:51 +01:00
end
2014-03-26 15:39:44 +11:00
2014-02-28 21:12:51 +01:00
context 'while logged in' do
let! ( :user ) { log_in }
it 'raises an error when you don\'t have permission to clear the profile background' do
Guardian . any_instance . expects ( :can_edit? ) . with ( user ) . returns ( false )
2015-05-20 01:39:58 +02:00
xhr :delete , :destroy_user_image , username : user . username , type : 'profile_background'
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_forbidden
2014-02-28 21:12:51 +01:00
end
2015-05-20 01:39:58 +02:00
it " requires the `type` param " do
2015-01-09 14:04:02 -03:00
expect { xhr :delete , :destroy_user_image , username : user . username } . to raise_error ( ActionController :: ParameterMissing )
2014-06-27 14:48:39 -04:00
end
2015-05-20 01:39:58 +02:00
it " only allows certain `types` " do
expect { xhr :delete , :destroy_user_image , username : user . username , type : 'wat' } . to raise_error ( Discourse :: InvalidParameters )
2014-06-27 14:48:39 -04:00
end
it 'can clear the profile background' do
2015-05-20 01:39:58 +02:00
xhr :delete , :destroy_user_image , type : 'profile_background' , username : user . username
2015-01-09 14:04:02 -03:00
expect ( user . reload . user_profile . profile_background ) . to eq ( " " )
expect ( response ) . to be_success
2014-02-28 21:12:51 +01:00
end
end
end
2014-02-13 11:42:35 -05:00
describe '.destroy' do
it 'raises an error when not logged in' do
2015-01-09 14:04:02 -03:00
expect { xhr :delete , :destroy , username : 'nobody' } . to raise_error ( Discourse :: NotLoggedIn )
2014-02-13 11:42:35 -05:00
end
context 'while logged in' do
let! ( :user ) { log_in }
it 'raises an error when you cannot delete your account' do
Guardian . any_instance . stubs ( :can_delete_user? ) . returns ( false )
UserDestroyer . any_instance . expects ( :destroy ) . never
xhr :delete , :destroy , username : user . username
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_forbidden
2014-02-13 11:42:35 -05:00
end
it " raises an error when you try to delete someone else's account " do
UserDestroyer . any_instance . expects ( :destroy ) . never
xhr :delete , :destroy , username : Fabricate ( :user ) . username
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_forbidden
2014-02-13 11:42:35 -05:00
end
it " deletes your account when you're allowed to " do
Guardian . any_instance . stubs ( :can_delete_user? ) . returns ( true )
UserDestroyer . any_instance . expects ( :destroy ) . with ( user , anything ) . returns ( user )
xhr :delete , :destroy , username : user . username
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_success
2014-02-13 11:42:35 -05:00
end
end
end
2014-04-21 11:52:11 -04:00
describe '.my_redirect' do
it " returns 404 if the user is not logged in " do
get :my_redirect , path : " wat "
2015-01-09 14:04:02 -03:00
expect ( response ) . not_to be_success
expect ( response ) . not_to be_redirect
2014-04-21 11:52:11 -04:00
end
context " when the user is logged in " do
let! ( :user ) { log_in }
it " will not redirect to an invalid path " do
get :my_redirect , path : " wat/..password.txt "
2015-01-09 14:04:02 -03:00
expect ( response ) . not_to be_redirect
2014-04-21 11:52:11 -04:00
end
it " will redirect to an valid path " do
get :my_redirect , path : " preferences "
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_redirect
2014-04-21 11:52:11 -04:00
end
2014-06-14 10:51:06 -07:00
it " permits forward slashes " do
get :my_redirect , path : " activity/posts "
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_redirect
2014-06-14 10:51:06 -07:00
end
2014-04-21 11:52:11 -04:00
end
end
2014-09-29 22:31:05 +02:00
describe '.check_emails' do
it 'raises an error when not logged in' do
2015-01-09 14:04:02 -03:00
expect { xhr :put , :check_emails , username : 'zogstrip' } . to raise_error ( Discourse :: NotLoggedIn )
2014-09-29 22:31:05 +02:00
end
context 'while logged in' do
let! ( :user ) { log_in }
it " raises an error when you aren't allowed to check emails " do
Guardian . any_instance . expects ( :can_check_emails? ) . returns ( false )
2014-09-29 22:41:54 +02:00
xhr :put , :check_emails , username : Fabricate ( :user ) . username
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_forbidden
2014-09-29 22:31:05 +02:00
end
it " returns both email and associated_accounts when you're allowed to see them " do
Guardian . any_instance . expects ( :can_check_emails? ) . returns ( true )
2014-09-29 22:41:54 +02:00
xhr :put , :check_emails , username : Fabricate ( :user ) . username
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_success
2014-09-29 22:31:05 +02:00
json = JSON . parse ( response . body )
2015-01-09 14:04:02 -03:00
expect ( json [ " email " ] ) . to be_present
expect ( json [ " associated_accounts " ] ) . to be_present
2014-09-29 22:31:05 +02:00
end
2014-10-29 01:06:59 +01:00
it " works on inactive users " do
inactive_user = Fabricate ( :user , active : false )
Guardian . any_instance . expects ( :can_check_emails? ) . returns ( true )
xhr :put , :check_emails , username : inactive_user . username
2015-01-09 14:04:02 -03:00
expect ( response ) . to be_success
2014-10-29 01:06:59 +01:00
json = JSON . parse ( response . body )
2015-01-09 14:04:02 -03:00
expect ( json [ " email " ] ) . to be_present
expect ( json [ " associated_accounts " ] ) . to be_present
2014-10-29 01:06:59 +01:00
end
2014-09-29 22:31:05 +02:00
end
end
2013-02-05 14:16:51 -05:00
end