registrations_controller_spec.rb 8.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291
  1. # frozen_string_literal: true
  2. require 'rails_helper'
  3. RSpec.describe Auth::RegistrationsController do
  4. render_views
  5. shared_examples 'checks for enabled registrations' do |path|
  6. around do |example|
  7. registrations_mode = Setting.registrations_mode
  8. example.run
  9. Setting.registrations_mode = registrations_mode
  10. end
  11. it 'redirects if it is in single user mode while it is open for registration' do
  12. Fabricate(:account)
  13. Setting.registrations_mode = 'open'
  14. allow(Rails.configuration.x).to receive(:single_user_mode).and_return(true)
  15. get path
  16. expect(response).to redirect_to '/'
  17. expect(Rails.configuration.x).to have_received(:single_user_mode)
  18. end
  19. it 'redirects if it is not open for registration while it is not in single user mode' do
  20. Setting.registrations_mode = 'none'
  21. allow(Rails.configuration.x).to receive(:single_user_mode).and_return(false)
  22. get path
  23. expect(response).to redirect_to '/'
  24. expect(Rails.configuration.x).to have_received(:single_user_mode)
  25. end
  26. end
  27. describe 'GET #edit' do
  28. before do
  29. request.env['devise.mapping'] = Devise.mappings[:user]
  30. sign_in(Fabricate(:user))
  31. get :edit
  32. end
  33. it 'returns http success' do
  34. expect(response).to have_http_status(200)
  35. end
  36. it 'returns private cache control header' do
  37. expect(response.headers['Cache-Control']).to include('private, no-store')
  38. end
  39. end
  40. describe 'GET #update' do
  41. let(:user) { Fabricate(:user) }
  42. before do
  43. request.env['devise.mapping'] = Devise.mappings[:user]
  44. sign_in(user, scope: :user)
  45. post :update
  46. end
  47. it 'returns http success' do
  48. expect(response).to have_http_status(200)
  49. end
  50. it 'returns private cache control headers' do
  51. expect(response.headers['Cache-Control']).to include('private, no-store')
  52. end
  53. context 'when suspended' do
  54. let(:user) { Fabricate(:user, account_attributes: { username: 'test', suspended_at: Time.now.utc }) }
  55. it 'returns http forbidden' do
  56. expect(response).to have_http_status(403)
  57. end
  58. end
  59. end
  60. describe 'GET #new' do
  61. before do
  62. request.env['devise.mapping'] = Devise.mappings[:user]
  63. end
  64. context 'with open registrations' do
  65. around do |example|
  66. registrations_mode = Setting.registrations_mode
  67. example.run
  68. Setting.registrations_mode = registrations_mode
  69. end
  70. it 'returns http success' do
  71. Setting.registrations_mode = 'open'
  72. get :new
  73. expect(response).to have_http_status(200)
  74. end
  75. end
  76. include_examples 'checks for enabled registrations', :new
  77. end
  78. describe 'POST #create' do
  79. let(:accept_language) { 'de' }
  80. before do
  81. session[:registration_form_time] = 5.seconds.ago
  82. request.env['devise.mapping'] = Devise.mappings[:user]
  83. end
  84. around do |example|
  85. I18n.with_locale(I18n.locale) do
  86. example.run
  87. end
  88. end
  89. context 'when an accept language is present in headers' do
  90. subject do
  91. Setting.registrations_mode = 'open'
  92. request.headers['Accept-Language'] = accept_language
  93. post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } }
  94. end
  95. around do |example|
  96. registrations_mode = Setting.registrations_mode
  97. example.run
  98. Setting.registrations_mode = registrations_mode
  99. end
  100. it 'redirects to setup' do
  101. subject
  102. expect(response).to redirect_to auth_setup_path
  103. end
  104. it 'creates user' do
  105. subject
  106. user = User.find_by(email: 'test@example.com')
  107. expect(user).to_not be_nil
  108. expect(user.locale).to eq(accept_language)
  109. end
  110. end
  111. context 'when user has not agreed to terms of service' do
  112. subject do
  113. Setting.registrations_mode = 'open'
  114. request.headers['Accept-Language'] = accept_language
  115. post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'false' } }
  116. end
  117. around do |example|
  118. registrations_mode = Setting.registrations_mode
  119. example.run
  120. Setting.registrations_mode = registrations_mode
  121. end
  122. it 'does not create user' do
  123. subject
  124. user = User.find_by(email: 'test@example.com')
  125. expect(user).to be_nil
  126. end
  127. end
  128. context 'with Approval-based registrations without invite' do
  129. subject do
  130. Setting.registrations_mode = 'approved'
  131. request.headers['Accept-Language'] = accept_language
  132. post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } }
  133. end
  134. around do |example|
  135. registrations_mode = Setting.registrations_mode
  136. example.run
  137. Setting.registrations_mode = registrations_mode
  138. end
  139. it 'redirects to setup' do
  140. subject
  141. expect(response).to redirect_to auth_setup_path
  142. end
  143. it 'creates user' do
  144. subject
  145. user = User.find_by(email: 'test@example.com')
  146. expect(user).to_not be_nil
  147. expect(user.locale).to eq(accept_language)
  148. expect(user.approved).to be(false)
  149. end
  150. end
  151. context 'with Approval-based registrations with expired invite' do
  152. subject do
  153. Setting.registrations_mode = 'approved'
  154. request.headers['Accept-Language'] = accept_language
  155. invite = Fabricate(:invite, max_uses: nil, expires_at: 1.hour.ago)
  156. post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', invite_code: invite.code, agreement: 'true' } }
  157. end
  158. around do |example|
  159. registrations_mode = Setting.registrations_mode
  160. example.run
  161. Setting.registrations_mode = registrations_mode
  162. end
  163. it 'redirects to setup' do
  164. subject
  165. expect(response).to redirect_to auth_setup_path
  166. end
  167. it 'creates user' do
  168. subject
  169. user = User.find_by(email: 'test@example.com')
  170. expect(user).to_not be_nil
  171. expect(user.locale).to eq(accept_language)
  172. expect(user.approved).to be(false)
  173. end
  174. end
  175. context 'with Approval-based registrations with valid invite and required invite text' do
  176. subject do
  177. inviter = Fabricate(:user, confirmed_at: 2.days.ago)
  178. Setting.registrations_mode = 'approved'
  179. Setting.require_invite_text = true
  180. request.headers['Accept-Language'] = accept_language
  181. invite = Fabricate(:invite, user: inviter, max_uses: nil, expires_at: 1.hour.from_now)
  182. post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', invite_code: invite.code, agreement: 'true' } }
  183. end
  184. around do |example|
  185. registrations_mode = Setting.registrations_mode
  186. require_invite_text = Setting.require_invite_text
  187. example.run
  188. Setting.require_invite_text = require_invite_text
  189. Setting.registrations_mode = registrations_mode
  190. end
  191. it 'redirects to setup' do
  192. subject
  193. expect(response).to redirect_to auth_setup_path
  194. end
  195. it 'creates user' do
  196. subject
  197. user = User.find_by(email: 'test@example.com')
  198. expect(user).to_not be_nil
  199. expect(user.locale).to eq(accept_language)
  200. expect(user.approved).to be(true)
  201. end
  202. end
  203. context 'with an already taken username' do
  204. subject do
  205. Setting.registrations_mode = 'open'
  206. post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } }
  207. end
  208. before do
  209. Fabricate(:account, username: 'test')
  210. end
  211. it 'responds with an error message about the username' do
  212. subject
  213. expect(response).to have_http_status(:success)
  214. expect(username_error_text).to eq(I18n.t('errors.messages.taken'))
  215. end
  216. def username_error_text
  217. Nokogiri::Slop(response.body).css('.user_account_username .error').text
  218. end
  219. end
  220. include_examples 'checks for enabled registrations', :create
  221. end
  222. describe 'DELETE #destroy' do
  223. let(:user) { Fabricate(:user) }
  224. before do
  225. request.env['devise.mapping'] = Devise.mappings[:user]
  226. sign_in(user, scope: :user)
  227. delete :destroy
  228. end
  229. it 'returns http not found' do
  230. expect(response).to have_http_status(404)
  231. end
  232. it 'does not delete user' do
  233. expect(User.find(user.id)).to_not be_nil
  234. end
  235. end
  236. end