closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7542 Commits
4 Branches
567 MiB
Tree: 964ae8eee5
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '964ae8eee5'
${ noResults }
mastodon/spec/controllers/auth/registrations_controller_sp...

227 lines
6.8 KiB
Raw Normal View History

Fix #148 - Devise mailer fixed, test spec added so it won't slip past again
7 years ago
Cover Auth::RegistrationsController more (#3353)
6 years ago
Admission-based registrations mode (#10250) Fix #6856 Fix #6951
5 years ago
Cover Auth::RegistrationsController more (#3353)
6 years ago
Admission-based registrations mode (#10250) Fix #6856 Fix #6951
5 years ago
Cover Auth::RegistrationsController more (#3353)
6 years ago
Admission-based registrations mode (#10250) Fix #6856 Fix #6951
5 years ago
Cover Auth::RegistrationsController more (#3353)
6 years ago
Admission-based registrations mode (#10250) Fix #6856 Fix #6951
5 years ago
Cover Auth::RegistrationsController more (#3353)
6 years ago
Fix #148 - Devise mailer fixed, test spec added so it won't slip past again
7 years ago
Cover Auth::RegistrationsController more (#3353)
6 years ago
Fix #148 - Devise mailer fixed, test spec added so it won't slip past again
7 years ago
Cover Auth::RegistrationsController more (#3353)
6 years ago
Fix #148 - Devise mailer fixed, test spec added so it won't slip past again
7 years ago
Cover Auth::RegistrationsController more (#3353)
6 years ago
Use raw status code on have_http_status (#7214)
6 years ago
Fix #148 - Devise mailer fixed, test spec added so it won't slip past again
7 years ago
Cover Auth::RegistrationsController more (#3353)
6 years ago
Use raw status code on have_http_status (#7214)
6 years ago
Cover Auth::RegistrationsController more (#3353)
6 years ago
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
4 years ago
Cover Auth::RegistrationsController more (#3353)
6 years ago
Assign user locale on signup (#1982)
7 years ago
Cover Auth::RegistrationsController more (#3353)
6 years ago
Fix #148 - Devise mailer fixed, test spec added so it won't slip past again
7 years ago
Cover Auth::RegistrationsController more (#3353)
6 years ago
Admission-based registrations mode (#10250) Fix #6856 Fix #6951
5 years ago
Cover Auth::RegistrationsController more (#3353)
6 years ago
Admission-based registrations mode (#10250) Fix #6856 Fix #6951
5 years ago
Cover Auth::RegistrationsController more (#3353)
6 years ago
Admission-based registrations mode (#10250) Fix #6856 Fix #6951
5 years ago
Cover Auth::RegistrationsController more (#3353)
6 years ago
Use raw status code on have_http_status (#7214)
6 years ago
Cover Auth::RegistrationsController more (#3353)
6 years ago
Fix #148 - Devise mailer fixed, test spec added so it won't slip past again
7 years ago
Cover Auth::RegistrationsController more (#3353)
6 years ago
Reset locale on registration tests (#7219)
6 years ago
Cover Auth::RegistrationsController more (#3353)
6 years ago
Admission-based registrations mode (#10250) Fix #6856 Fix #6951
5 years ago
Cover Auth::RegistrationsController more (#3353)
6 years ago
Admission-based registrations mode (#10250) Fix #6856 Fix #6951
5 years ago
Cover Auth::RegistrationsController more (#3353)
6 years ago
Admission-based registrations mode (#10250) Fix #6856 Fix #6951
5 years ago
Cover Auth::RegistrationsController more (#3353)
6 years ago
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
4 years ago
Cover Auth::RegistrationsController more (#3353)
6 years ago
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
4 years ago
Cover Auth::RegistrationsController more (#3353)
6 years ago
Check that an invite link is valid before bypassing approval mode (#10657) * Check that an invite link is valid before bypassing approval mode Fixes #10656 * Add tests * Only consider valid invite links in registration controller * fixup
5 years ago
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
4 years ago
Check that an invite link is valid before bypassing approval mode (#10657) * Check that an invite link is valid before bypassing approval mode Fixes #10656 * Add tests * Only consider valid invite links in registration controller * fixup
5 years ago
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
4 years ago
Check that an invite link is valid before bypassing approval mode (#10657) * Check that an invite link is valid before bypassing approval mode Fixes #10656 * Add tests * Only consider valid invite links in registration controller * fixup
5 years ago
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
4 years ago
Check that an invite link is valid before bypassing approval mode (#10657) * Check that an invite link is valid before bypassing approval mode Fixes #10656 * Add tests * Only consider valid invite links in registration controller * fixup
5 years ago
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
4 years ago
Check that an invite link is valid before bypassing approval mode (#10657) * Check that an invite link is valid before bypassing approval mode Fixes #10656 * Add tests * Only consider valid invite links in registration controller * fixup
5 years ago
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
4 years ago
Check that an invite link is valid before bypassing approval mode (#10657) * Check that an invite link is valid before bypassing approval mode Fixes #10656 * Add tests * Only consider valid invite links in registration controller * fixup
5 years ago
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
4 years ago
Check that an invite link is valid before bypassing approval mode (#10657) * Check that an invite link is valid before bypassing approval mode Fixes #10656 * Add tests * Only consider valid invite links in registration controller * fixup
5 years ago
Cover Auth::RegistrationsController more (#3353)
6 years ago
Fix #148 - Devise mailer fixed, test spec added so it won't slip past again
7 years ago
Cover Auth::RegistrationsController more (#3353)
6 years ago
Fix #148 - Devise mailer fixed, test spec added so it won't slip past again
7 years ago
Fix Devise destroy method being available to delete user record (#3266) (You may think that we need account deletions, but this way would've just orphaned the db records)
7 years ago
Fix #148 - Devise mailer fixed, test spec added so it won't slip past again
7 years ago
 
  1. require 'rails_helper'
  2. 

  3. RSpec.describe Auth::RegistrationsController, type: :controller do
  4.   render_views
  5. 

  6.   shared_examples 'checks for enabled registrations' do |path|
  7.     around do |example|
  8.       registrations_mode = Setting.registrations_mode
  9.       example.run
  10.       Setting.registrations_mode = registrations_mode
  11.     end
  12. 

  13.     it 'redirects if it is in single user mode while it is open for registration' do
  14.       Fabricate(:account)
  15.       Setting.registrations_mode = 'open'
  16.       expect(Rails.configuration.x).to receive(:single_user_mode).and_return(true)
  17. 

  18.       get path
  19. 

  20.       expect(response).to redirect_to '/'
  21.     end
  22. 

  23.     it 'redirects if it is not open for registration while it is not in single user mode' do
  24.       Setting.registrations_mode = 'none'
  25.       expect(Rails.configuration.x).to receive(:single_user_mode).and_return(false)
  26. 

  27.       get path
  28. 

  29.       expect(response).to redirect_to '/'
  30.     end
  31.   end
  32. 

  33.   describe 'GET #edit' do
  34.     it 'returns http success' do
  35.       request.env["devise.mapping"] = Devise.mappings[:user]
  36.       sign_in(Fabricate(:user))
  37.       get :edit
  38.       expect(response).to have_http_status(200)
  39.     end
  40.   end
  41. 

  42.   describe 'GET #update' do
  43.     it 'returns http success' do
  44.       request.env["devise.mapping"] = Devise.mappings[:user]
  45.       sign_in(Fabricate(:user), scope: :user)
  46.       post :update
  47.       expect(response).to have_http_status(200)
  48.     end
  49. 

  50.     context 'when suspended' do
  51.       it 'returns http forbidden' do
  52.         request.env["devise.mapping"] = Devise.mappings[:user]
  53.         sign_in(Fabricate(:user, account_attributes: { username: 'test', suspended_at: Time.now.utc }), scope: :user)
  54.         post :update
  55.         expect(response).to have_http_status(403)
  56.       end
  57.     end
  58.   end
  59. 

  60.   describe 'GET #new' do
  61.     before do
  62.       request.env["devise.mapping"] = Devise.mappings[:user]
  63.     end
  64. 

  65.     context do
  66.       around do |example|
  67.         registrations_mode = Setting.registrations_mode
  68.         example.run
  69.         Setting.registrations_mode = registrations_mode
  70.       end
  71. 

  72.       it 'returns http success' do
  73.         Setting.registrations_mode = 'open'
  74.         get :new
  75.         expect(response).to have_http_status(200)
  76.       end
  77.     end
  78. 

  79.     include_examples 'checks for enabled registrations', :new
  80.   end
  81. 

  82.   describe 'POST #create' do
  83.     let(:accept_language) { Rails.application.config.i18n.available_locales.sample.to_s }
  84. 

  85.     around do |example|
  86.       current_locale = I18n.locale
  87.       example.run
  88.       I18n.locale = current_locale
  89.     end
  90. 

  91.     before { request.env["devise.mapping"] = Devise.mappings[:user] }
  92. 

  93.     context do
  94.       around do |example|
  95.         registrations_mode = Setting.registrations_mode
  96.         example.run
  97.         Setting.registrations_mode = registrations_mode
  98.       end
  99. 

  100.       subject do
  101.         Setting.registrations_mode = 'open'
  102.         request.headers["Accept-Language"] = accept_language
  103.         post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678' } }
  104.       end
  105. 

  106.       it 'redirects to setup' do
  107.         subject
  108.         expect(response).to redirect_to auth_setup_path
  109.       end
  110. 

  111.       it 'creates user' do
  112.         subject
  113.         user = User.find_by(email: 'test@example.com')
  114.         expect(user).to_not be_nil
  115.         expect(user.locale).to eq(accept_language)
  116.       end
  117.     end
  118. 

  119.     context 'approval-based registrations without invite' do
  120.       around do |example|
  121.         registrations_mode = Setting.registrations_mode
  122.         example.run
  123.         Setting.registrations_mode = registrations_mode
  124.       end
  125. 

  126.       subject do
  127.         Setting.registrations_mode = 'approved'
  128.         request.headers["Accept-Language"] = accept_language
  129.         post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678' } }
  130.       end
  131. 

  132.       it 'redirects to setup' do
  133.         subject
  134.         expect(response).to redirect_to auth_setup_path
  135.       end
  136. 

  137.       it 'creates user' do
  138.         subject
  139.         user = User.find_by(email: 'test@example.com')
  140.         expect(user).to_not be_nil
  141.         expect(user.locale).to eq(accept_language)
  142.         expect(user.approved).to eq(false)
  143.       end
  144.     end
  145. 

  146.     context 'approval-based registrations with expired invite' do
  147.       around do |example|
  148.         registrations_mode = Setting.registrations_mode
  149.         example.run
  150.         Setting.registrations_mode = registrations_mode
  151.       end
  152. 

  153.       subject do
  154.         Setting.registrations_mode = 'approved'
  155.         request.headers["Accept-Language"] = accept_language
  156.         invite = Fabricate(:invite, max_uses: nil, expires_at: 1.hour.ago)
  157.         post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', 'invite_code': invite.code } }
  158.       end
  159. 

  160.       it 'redirects to setup' do
  161.         subject
  162.         expect(response).to redirect_to auth_setup_path
  163.       end
  164. 

  165.       it 'creates user' do
  166.         subject
  167.         user = User.find_by(email: 'test@example.com')
  168.         expect(user).to_not be_nil
  169.         expect(user.locale).to eq(accept_language)
  170.         expect(user.approved).to eq(false)
  171.       end
  172.     end
  173. 

  174.     context 'approval-based registrations with valid invite' do
  175.       around do |example|
  176.         registrations_mode = Setting.registrations_mode
  177.         example.run
  178.         Setting.registrations_mode = registrations_mode
  179.       end
  180. 

  181.       subject do
  182.         Setting.registrations_mode = 'approved'
  183.         request.headers["Accept-Language"] = accept_language
  184.         invite = Fabricate(:invite, max_uses: nil, expires_at: 1.hour.from_now)
  185.         post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', 'invite_code': invite.code } }
  186.       end
  187. 

  188.       it 'redirects to setup' do
  189.         subject
  190.         expect(response).to redirect_to auth_setup_path
  191.       end
  192. 

  193.       it 'creates user' do
  194.         subject
  195.         user = User.find_by(email: 'test@example.com')
  196.         expect(user).to_not be_nil
  197.         expect(user.locale).to eq(accept_language)
  198.         expect(user.approved).to eq(true)
  199.       end
  200.     end
  201. 

  202.     it 'does nothing if user already exists' do
  203.       Fabricate(:user, account: Fabricate(:account, username: 'test'))
  204.       subject
  205.     end
  206. 

  207.     include_examples 'checks for enabled registrations', :create
  208.   end
  209. 

  210.   describe 'DELETE #destroy' do
  211.     let(:user) { Fabricate(:user) }
  212. 

  213.     before do
  214.       request.env['devise.mapping'] = Devise.mappings[:user]
  215.       sign_in(user, scope: :user)
  216.       delete :destroy
  217.     end
  218. 

  219.     it 'returns http not found' do
  220.       expect(response).to have_http_status(:not_found)
  221.     end
  222. 

  223.     it 'does not delete user' do
  224.       expect(User.find(user.id)).to_not be_nil
  225.     end
  226.   end
  227. end