closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10683 Commits
4 Branches
567 MiB
Tree: 2476d4f391
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2476d4f391'
${ noResults }
mastodon/spec/controllers/settings/deletes_controller_spec.rb

107 lines
2.7 KiB
Raw Normal View History

Account deletion (#3728) * Add form for account deletion * If avatar or header are gone from source, remove them * Add option to have SuspendAccountService remove user record, add tests * Exclude suspended accounts from search
6 years ago
Use raw status code on have_http_status (#7214)
6 years ago
Account deletion (#3728) * Add form for account deletion * If avatar or header are gone from source, remove them * Add option to have SuspendAccountService remove user record, add tests * Exclude suspended accounts from search
6 years ago
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
4 years ago
Account deletion (#3728) * Add form for account deletion * If avatar or header are gone from source, remove them * Add option to have SuspendAccountService remove user record, add tests * Exclude suspended accounts from search
6 years ago
Fix account delete form not accepting password, update suspended (#3745) account before removing content for quicker feedback to end-users
6 years ago
Account deletion (#3728) * Add form for account deletion * If avatar or header are gone from source, remove them * Add option to have SuspendAccountService remove user record, add tests * Exclude suspended accounts from search
6 years ago
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
4 years ago
Fix user email address being banned on self-deletion (#16503) * Add tests * Fix user email address being banned on self-deletion Fixes #16498
2 years ago
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
4 years ago
Account deletion (#3728) * Add form for account deletion * If avatar or header are gone from source, remove them * Add option to have SuspendAccountService remove user record, add tests * Exclude suspended accounts from search
6 years ago
Fix account delete form not accepting password, update suspended (#3745) account before removing content for quicker feedback to end-users
6 years ago
Account deletion (#3728) * Add form for account deletion * If avatar or header are gone from source, remove them * Add option to have SuspendAccountService remove user record, add tests * Exclude suspended accounts from search
6 years ago
Refactor settings controllers (#14767) - Disallow suspended accounts from revoking sessions and apps - Allow suspended accounts to access exports
3 years ago
setting-for-account-deletable (#3852)
6 years ago
Refactor settings controllers (#14767) - Disallow suspended accounts from revoking sessions and apps - Allow suspended accounts to access exports
3 years ago
setting-for-account-deletable (#3852)
6 years ago
Refactor settings controllers (#14767) - Disallow suspended accounts from revoking sessions and apps - Allow suspended accounts to access exports
3 years ago
setting-for-account-deletable (#3852)
6 years ago
Refactor settings controllers (#14767) - Disallow suspended accounts from revoking sessions and apps - Allow suspended accounts to access exports
3 years ago
setting-for-account-deletable (#3852)
6 years ago
Refactor settings controllers (#14767) - Disallow suspended accounts from revoking sessions and apps - Allow suspended accounts to access exports
3 years ago
setting-for-account-deletable (#3852)
6 years ago
Account deletion (#3728) * Add form for account deletion * If avatar or header are gone from source, remove them * Add option to have SuspendAccountService remove user record, add tests * Exclude suspended accounts from search
6 years ago
 
  1. require 'rails_helper'
  2. 

  3. describe Settings::DeletesController do
  4.   render_views
  5. 

  6.   describe 'GET #show' do
  7.     context 'when signed in' do
  8.       let(:user) { Fabricate(:user) }
  9. 

  10.       before do
  11.         sign_in user, scope: :user
  12.       end
  13. 

  14.       it 'renders confirmation page' do
  15.         get :show
  16.         expect(response).to have_http_status(200)
  17.       end
  18. 

  19.       context 'when suspended' do
  20.         let(:user) { Fabricate(:user, account_attributes: { username: 'alice', suspended_at: Time.now.utc }) }
  21. 

  22.         it 'returns http forbidden' do
  23.           get :show
  24.           expect(response).to have_http_status(403)
  25.         end
  26.       end
  27.     end
  28. 

  29.     context 'when not signed in' do
  30.       it 'redirects' do
  31.         get :show
  32.         expect(response).to redirect_to '/auth/sign_in'
  33.       end
  34.     end
  35.   end
  36. 

  37.   describe 'DELETE #destroy' do
  38.     context 'when signed in' do
  39.       let(:user) { Fabricate(:user, password: 'petsmoldoggos') }
  40. 

  41.       before do
  42.         sign_in user, scope: :user
  43.       end
  44. 

  45.       context 'with correct password' do
  46.         before do
  47.           delete :destroy, params: { form_delete_confirmation: { password: 'petsmoldoggos' } }
  48.         end
  49. 

  50.         it 'redirects to sign in page' do
  51.           expect(response).to redirect_to '/auth/sign_in'
  52.         end
  53. 

  54.         it 'removes user record' do
  55.           expect(User.find_by(id: user.id)).to be_nil
  56.         end
  57. 

  58.         it 'marks account as suspended' do
  59.           expect(user.account.reload).to be_suspended
  60.         end
  61. 

  62.         it 'does not create an email block' do
  63.           expect(CanonicalEmailBlock.block?(user.email)).to be false
  64.         end
  65. 

  66.         context 'when suspended' do
  67.           let(:user) { Fabricate(:user, account_attributes: { username: 'alice', suspended_at: Time.now.utc }) }
  68. 

  69.           it 'returns http forbidden' do
  70.             expect(response).to have_http_status(403)
  71.           end
  72.         end
  73.       end
  74. 

  75.       context 'with incorrect password' do
  76.         before do
  77.           delete :destroy, params: { form_delete_confirmation: { password: 'blaze420' } }
  78.         end
  79. 

  80.         it 'redirects back to confirmation page' do
  81.           expect(response).to redirect_to settings_delete_path
  82.         end
  83.       end
  84. 

  85.       context 'when account deletions are disabled' do
  86.         around do |example|
  87.           open_deletion = Setting.open_deletion
  88.           example.run
  89.           Setting.open_deletion = open_deletion
  90.         end
  91. 

  92.         it 'redirects' do
  93.           Setting.open_deletion = false
  94.           delete :destroy
  95.           expect(response).to redirect_to root_path
  96.         end
  97.       end
  98.     end
  99. 

  100.     context 'when not signed in' do
  101.       it 'redirects' do
  102.         delete :destroy
  103.         expect(response).to redirect_to '/auth/sign_in'
  104.       end
  105.     end
  106.   end
  107. end