deletes_controller_spec.rb 2.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687
  1. # frozen_string_literal: true
  2. require 'rails_helper'
  3. RSpec.describe Settings::DeletesController do
  4. render_views
  5. describe 'GET #show' do
  6. context 'when signed in' do
  7. let(:user) { Fabricate(:user) }
  8. before do
  9. sign_in user, scope: :user
  10. get :show
  11. end
  12. it 'renders confirmation page with private cache control headers', :aggregate_failures do
  13. expect(response).to have_http_status(200)
  14. expect(response.headers['Cache-Control']).to include('private, no-store')
  15. end
  16. context 'when suspended' do
  17. let(:user) { Fabricate(:user, account_attributes: { suspended_at: Time.now.utc }) }
  18. it 'returns http forbidden with private cache control headers', :aggregate_failures do
  19. expect(response).to have_http_status(403)
  20. expect(response.headers['Cache-Control']).to include('private, no-store')
  21. end
  22. end
  23. end
  24. context 'when not signed in' do
  25. it 'redirects' do
  26. get :show
  27. expect(response).to redirect_to '/auth/sign_in'
  28. end
  29. end
  30. end
  31. describe 'DELETE #destroy' do
  32. context 'when signed in' do
  33. let(:user) { Fabricate(:user, password: 'petsmoldoggos') }
  34. before do
  35. sign_in user, scope: :user
  36. end
  37. context 'with correct password' do
  38. before do
  39. delete :destroy, params: { form_delete_confirmation: { password: 'petsmoldoggos' } }
  40. end
  41. it 'removes user record and redirects', :aggregate_failures, :inline_jobs do
  42. expect(response).to redirect_to '/auth/sign_in'
  43. expect(User.find_by(id: user.id)).to be_nil
  44. expect(user.account.reload).to be_suspended
  45. expect(CanonicalEmailBlock.block?(user.email)).to be false
  46. end
  47. context 'when suspended' do
  48. let(:user) { Fabricate(:user, account_attributes: { suspended_at: Time.now.utc }) }
  49. it 'returns http forbidden' do
  50. expect(response).to have_http_status(403)
  51. end
  52. end
  53. end
  54. context 'with incorrect password' do
  55. before do
  56. delete :destroy, params: { form_delete_confirmation: { password: 'blaze420' } }
  57. end
  58. it 'redirects back to confirmation page' do
  59. expect(response).to redirect_to settings_delete_path
  60. end
  61. end
  62. end
  63. context 'when not signed in' do
  64. it 'redirects' do
  65. delete :destroy
  66. expect(response).to redirect_to '/auth/sign_in'
  67. end
  68. end
  69. end
  70. end