user_spec.rb 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522
  1. require 'rails_helper'
  2. require 'devise_two_factor/spec_helpers'
  3. RSpec.describe User, type: :model do
  4. it_behaves_like 'two_factor_backupable'
  5. describe 'otp_secret' do
  6. it 'is encrypted with OTP_SECRET environment variable' do
  7. user = Fabricate(:user,
  8. encrypted_otp_secret: "Fttsy7QAa0edaDfdfSz094rRLAxc8cJweDQ4BsWH/zozcdVA8o9GLqcKhn2b\nGi/V\n",
  9. encrypted_otp_secret_iv: 'rys3THICkr60BoWC',
  10. encrypted_otp_secret_salt: '_LMkAGvdg7a+sDIKjI3mR2Q==')
  11. expect(user.otp_secret).to eq 'anotpsecretthatshouldbeencrypted'
  12. end
  13. end
  14. describe 'validations' do
  15. it 'is invalid without an account' do
  16. user = Fabricate.build(:user, account: nil)
  17. user.valid?
  18. expect(user).to model_have_error_on_field(:account)
  19. end
  20. it 'is invalid without a valid locale' do
  21. user = Fabricate.build(:user, locale: 'toto')
  22. user.valid?
  23. expect(user).to model_have_error_on_field(:locale)
  24. end
  25. it 'is invalid without a valid email' do
  26. user = Fabricate.build(:user, email: 'john@')
  27. user.valid?
  28. expect(user).to model_have_error_on_field(:email)
  29. end
  30. it 'is valid with an invalid e-mail that has already been saved' do
  31. user = Fabricate.build(:user, email: 'invalid-email')
  32. user.save(validate: false)
  33. expect(user.valid?).to be true
  34. end
  35. it 'cleans out empty string from languages' do
  36. user = Fabricate.build(:user, chosen_languages: [''])
  37. user.valid?
  38. expect(user.chosen_languages).to eq nil
  39. end
  40. end
  41. describe 'scopes' do
  42. describe 'recent' do
  43. it 'returns an array of recent users ordered by id' do
  44. user_1 = Fabricate(:user)
  45. user_2 = Fabricate(:user)
  46. expect(User.recent).to eq [user_2, user_1]
  47. end
  48. end
  49. describe 'admins' do
  50. it 'returns an array of users who are admin' do
  51. user_1 = Fabricate(:user, admin: false)
  52. user_2 = Fabricate(:user, admin: true)
  53. expect(User.admins).to match_array([user_2])
  54. end
  55. end
  56. describe 'confirmed' do
  57. it 'returns an array of users who are confirmed' do
  58. user_1 = Fabricate(:user, confirmed_at: nil)
  59. user_2 = Fabricate(:user, confirmed_at: Time.zone.now)
  60. expect(User.confirmed).to match_array([user_2])
  61. end
  62. end
  63. describe 'inactive' do
  64. it 'returns a relation of inactive users' do
  65. specified = Fabricate(:user, current_sign_in_at: 15.days.ago)
  66. Fabricate(:user, current_sign_in_at: 6.days.ago)
  67. expect(User.inactive).to match_array([specified])
  68. end
  69. end
  70. describe 'matches_email' do
  71. it 'returns a relation of users whose email starts with the given string' do
  72. specified = Fabricate(:user, email: 'specified@spec')
  73. Fabricate(:user, email: 'unspecified@spec')
  74. expect(User.matches_email('specified')).to match_array([specified])
  75. end
  76. end
  77. end
  78. let(:account) { Fabricate(:account, username: 'alice') }
  79. let(:password) { 'abcd1234' }
  80. describe 'blacklist' do
  81. around(:each) do |example|
  82. old_blacklist = Rails.configuration.x.email_blacklist
  83. Rails.configuration.x.email_domains_blacklist = 'mvrht.com'
  84. example.run
  85. Rails.configuration.x.email_domains_blacklist = old_blacklist
  86. end
  87. it 'should allow a non-blacklisted user to be created' do
  88. user = User.new(email: 'foo@example.com', account: account, password: password, agreement: true)
  89. expect(user.valid?).to be_truthy
  90. end
  91. it 'should not allow a blacklisted user to be created' do
  92. user = User.new(email: 'foo@mvrht.com', account: account, password: password, agreement: true)
  93. expect(user.valid?).to be_falsey
  94. end
  95. it 'should not allow a subdomain blacklisted user to be created' do
  96. user = User.new(email: 'foo@mvrht.com.topdomain.tld', account: account, password: password, agreement: true)
  97. expect(user.valid?).to be_falsey
  98. end
  99. end
  100. describe '#confirmed?' do
  101. it 'returns true when a confirmed_at is set' do
  102. user = Fabricate.build(:user, confirmed_at: Time.now.utc)
  103. expect(user.confirmed?).to be true
  104. end
  105. it 'returns false if a confirmed_at is nil' do
  106. user = Fabricate.build(:user, confirmed_at: nil)
  107. expect(user.confirmed?).to be false
  108. end
  109. end
  110. describe '#confirm' do
  111. it 'sets email to unconfirmed_email' do
  112. user = Fabricate.build(:user, confirmed_at: Time.now.utc, unconfirmed_email: 'new-email@example.com')
  113. user.confirm
  114. expect(user.email).to eq 'new-email@example.com'
  115. end
  116. end
  117. describe '#disable_two_factor!' do
  118. it 'saves false for otp_required_for_login' do
  119. user = Fabricate.build(:user, otp_required_for_login: true)
  120. user.disable_two_factor!
  121. expect(user.reload.otp_required_for_login).to be false
  122. end
  123. it 'saves nil for otp_secret' do
  124. user = Fabricate.build(:user, otp_secret: 'oldotpcode')
  125. user.disable_two_factor!
  126. expect(user.reload.otp_secret).to be nil
  127. end
  128. it 'saves cleared otp_backup_codes' do
  129. user = Fabricate.build(:user, otp_backup_codes: %w(dummy dummy))
  130. user.disable_two_factor!
  131. expect(user.reload.otp_backup_codes.empty?).to be true
  132. end
  133. end
  134. describe '#send_confirmation_instructions' do
  135. around do |example|
  136. queue_adapter = ActiveJob::Base.queue_adapter
  137. example.run
  138. ActiveJob::Base.queue_adapter = queue_adapter
  139. end
  140. it 'delivers confirmation instructions later' do
  141. user = Fabricate(:user)
  142. ActiveJob::Base.queue_adapter = :test
  143. expect { user.send_confirmation_instructions }.to have_enqueued_job(ActionMailer::DeliveryJob)
  144. end
  145. end
  146. describe 'settings' do
  147. it 'is instance of Settings::ScopedSettings' do
  148. user = Fabricate(:user)
  149. expect(user.settings).to be_kind_of Settings::ScopedSettings
  150. end
  151. end
  152. describe '#setting_default_privacy' do
  153. it 'returns default privacy setting if user has configured' do
  154. user = Fabricate(:user)
  155. user.settings[:default_privacy] = 'unlisted'
  156. expect(user.setting_default_privacy).to eq 'unlisted'
  157. end
  158. it "returns 'private' if user has not configured default privacy setting and account is locked" do
  159. user = Fabricate(:user, account: Fabricate(:account, locked: true))
  160. expect(user.setting_default_privacy).to eq 'private'
  161. end
  162. it "returns 'public' if user has not configured default privacy setting and account is not locked" do
  163. user = Fabricate(:user, account: Fabricate(:account, locked: false))
  164. expect(user.setting_default_privacy).to eq 'public'
  165. end
  166. end
  167. describe 'whitelist' do
  168. around(:each) do |example|
  169. old_whitelist = Rails.configuration.x.email_whitelist
  170. Rails.configuration.x.email_domains_whitelist = 'mastodon.space'
  171. example.run
  172. Rails.configuration.x.email_domains_whitelist = old_whitelist
  173. end
  174. it 'should not allow a user to be created unless they are whitelisted' do
  175. user = User.new(email: 'foo@example.com', account: account, password: password, agreement: true)
  176. expect(user.valid?).to be_falsey
  177. end
  178. it 'should allow a user to be created if they are whitelisted' do
  179. user = User.new(email: 'foo@mastodon.space', account: account, password: password, agreement: true)
  180. expect(user.valid?).to be_truthy
  181. end
  182. it 'should not allow a user with a whitelisted top domain as subdomain in their email address to be created' do
  183. user = User.new(email: 'foo@mastodon.space.userdomain.com', account: account, password: password, agreement: true)
  184. expect(user.valid?).to be_falsey
  185. end
  186. context do
  187. around do |example|
  188. old_blacklist = Rails.configuration.x.email_blacklist
  189. example.run
  190. Rails.configuration.x.email_domains_blacklist = old_blacklist
  191. end
  192. it 'should not allow a user to be created with a specific blacklisted subdomain even if the top domain is whitelisted' do
  193. Rails.configuration.x.email_domains_blacklist = 'blacklisted.mastodon.space'
  194. user = User.new(email: 'foo@blacklisted.mastodon.space', account: account, password: password)
  195. expect(user.valid?).to be_falsey
  196. end
  197. end
  198. end
  199. it_behaves_like 'Settings-extended' do
  200. def create!
  201. User.create!(account: Fabricate(:account), email: 'foo@mastodon.space', password: 'abcd1234', agreement: true)
  202. end
  203. def fabricate
  204. Fabricate(:user)
  205. end
  206. end
  207. describe 'token_for_app' do
  208. let(:user) { Fabricate(:user) }
  209. let(:app) { Fabricate(:application, owner: user) }
  210. it 'returns a token' do
  211. expect(user.token_for_app(app)).to be_a(Doorkeeper::AccessToken)
  212. end
  213. it 'persists a token' do
  214. t = user.token_for_app(app)
  215. expect(user.token_for_app(app)).to eql(t)
  216. end
  217. it 'is nil if user does not own app' do
  218. app.update!(owner: nil)
  219. expect(user.token_for_app(app)).to be_nil
  220. end
  221. end
  222. describe '#role' do
  223. it 'returns admin for admin' do
  224. user = User.new(admin: true)
  225. expect(user.role).to eq 'admin'
  226. end
  227. it 'returns moderator for moderator' do
  228. user = User.new(moderator: true)
  229. expect(user.role).to eq 'moderator'
  230. end
  231. it 'returns user otherwise' do
  232. user = User.new
  233. expect(user.role).to eq 'user'
  234. end
  235. end
  236. describe '#role?' do
  237. it 'returns false when invalid role requested' do
  238. user = User.new(admin: true)
  239. expect(user.role?('disabled')).to be false
  240. end
  241. it 'returns true when exact role match' do
  242. user = User.new
  243. mod = User.new(moderator: true)
  244. admin = User.new(admin: true)
  245. expect(user.role?('user')).to be true
  246. expect(mod.role?('moderator')).to be true
  247. expect(admin.role?('admin')).to be true
  248. end
  249. it 'returns true when role higher than needed' do
  250. mod = User.new(moderator: true)
  251. admin = User.new(admin: true)
  252. expect(mod.role?('user')).to be true
  253. expect(admin.role?('user')).to be true
  254. expect(admin.role?('moderator')).to be true
  255. end
  256. end
  257. describe '#disable!' do
  258. subject(:user) { Fabricate(:user, disabled: false, current_sign_in_at: current_sign_in_at, last_sign_in_at: nil) }
  259. let(:current_sign_in_at) { Time.zone.now }
  260. before do
  261. user.disable!
  262. end
  263. it 'disables user' do
  264. expect(user).to have_attributes(disabled: true)
  265. end
  266. end
  267. describe '#enable!' do
  268. subject(:user) { Fabricate(:user, disabled: true) }
  269. before do
  270. user.enable!
  271. end
  272. it 'enables user' do
  273. expect(user).to have_attributes(disabled: false)
  274. end
  275. end
  276. describe '#confirm!' do
  277. subject(:user) { Fabricate(:user, confirmed_at: confirmed_at) }
  278. before do
  279. ActionMailer::Base.deliveries.clear
  280. user.confirm!
  281. end
  282. after { ActionMailer::Base.deliveries.clear }
  283. context 'when user is new' do
  284. let(:confirmed_at) { nil }
  285. it 'confirms user' do
  286. expect(user.confirmed_at).to be_present
  287. end
  288. it 'delivers mails' do
  289. expect(ActionMailer::Base.deliveries.count).to eq 2
  290. end
  291. end
  292. context 'when user is not new' do
  293. let(:confirmed_at) { Time.zone.now }
  294. it 'confirms user' do
  295. expect(user.confirmed_at).to be_present
  296. end
  297. it 'does not deliver mail' do
  298. expect(ActionMailer::Base.deliveries.count).to eq 0
  299. end
  300. end
  301. end
  302. describe '#promote!' do
  303. subject(:user) { Fabricate(:user, admin: is_admin, moderator: is_moderator) }
  304. before do
  305. user.promote!
  306. end
  307. context 'when user is an admin' do
  308. let(:is_admin) { true }
  309. context 'when user is a moderator' do
  310. let(:is_moderator) { true }
  311. it 'changes moderator filed false' do
  312. expect(user).to be_admin
  313. expect(user).not_to be_moderator
  314. end
  315. end
  316. context 'when user is not a moderator' do
  317. let(:is_moderator) { false }
  318. it 'does not change status' do
  319. expect(user).to be_admin
  320. expect(user).not_to be_moderator
  321. end
  322. end
  323. end
  324. context 'when user is not admin' do
  325. let(:is_admin) { false }
  326. context 'when user is a moderator' do
  327. let(:is_moderator) { true }
  328. it 'changes user into an admin' do
  329. expect(user).to be_admin
  330. expect(user).not_to be_moderator
  331. end
  332. end
  333. context 'when user is not a moderator' do
  334. let(:is_moderator) { false }
  335. it 'changes user into a moderator' do
  336. expect(user).not_to be_admin
  337. expect(user).to be_moderator
  338. end
  339. end
  340. end
  341. end
  342. describe '#demote!' do
  343. subject(:user) { Fabricate(:user, admin: admin, moderator: moderator) }
  344. before do
  345. user.demote!
  346. end
  347. context 'when user is an admin' do
  348. let(:admin) { true }
  349. context 'when user is a moderator' do
  350. let(:moderator) { true }
  351. it 'changes user into a moderator' do
  352. expect(user).not_to be_admin
  353. expect(user).to be_moderator
  354. end
  355. end
  356. context 'when user is not a moderator' do
  357. let(:moderator) { false }
  358. it 'changes user into a moderator' do
  359. expect(user).not_to be_admin
  360. expect(user).to be_moderator
  361. end
  362. end
  363. end
  364. context 'when user is not an admin' do
  365. let(:admin) { false }
  366. context 'when user is a moderator' do
  367. let(:moderator) { true }
  368. it 'changes user into a plain user' do
  369. expect(user).not_to be_admin
  370. expect(user).not_to be_moderator
  371. end
  372. end
  373. context 'when user is not a moderator' do
  374. let(:moderator) { false }
  375. it 'does not change any fields' do
  376. expect(user).not_to be_admin
  377. expect(user).not_to be_moderator
  378. end
  379. end
  380. end
  381. end
  382. describe '#active_for_authentication?' do
  383. subject { user.active_for_authentication? }
  384. let(:user) { Fabricate(:user, disabled: disabled, confirmed_at: confirmed_at) }
  385. context 'when user is disabled' do
  386. let(:disabled) { true }
  387. context 'when user is confirmed' do
  388. let(:confirmed_at) { Time.zone.now }
  389. it { is_expected.to be true }
  390. end
  391. context 'when user is not confirmed' do
  392. let(:confirmed_at) { nil }
  393. it { is_expected.to be true }
  394. end
  395. end
  396. context 'when user is not disabled' do
  397. let(:disabled) { false }
  398. context 'when user is confirmed' do
  399. let(:confirmed_at) { Time.zone.now }
  400. it { is_expected.to be true }
  401. end
  402. context 'when user is not confirmed' do
  403. let(:confirmed_at) { nil }
  404. it { is_expected.to be true }
  405. end
  406. end
  407. end
  408. end