2019-04-15 06:17:05 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2015-10-20 03:28:28 -04:00
|
|
|
require 'spec_helper'
|
|
|
|
|
2021-02-03 10:09:24 -05:00
|
|
|
RSpec.describe InvitesController do
|
2020-07-07 08:09:16 -04:00
|
|
|
let_it_be(:user) { create(:user) }
|
2021-03-30 14:10:47 -04:00
|
|
|
let_it_be(:member, reload: true) { create(:project_member, :invited, invite_email: user.email) }
|
2020-09-04 17:08:41 -04:00
|
|
|
let(:raw_invite_token) { member.raw_invite_token }
|
2020-07-07 08:09:16 -04:00
|
|
|
let(:project_members) { member.source.users }
|
2020-08-25 14:10:49 -04:00
|
|
|
let(:md5_member_global_id) { Digest::MD5.hexdigest(member.to_global_id.to_s) }
|
2020-09-04 17:08:41 -04:00
|
|
|
let(:params) { { id: raw_invite_token } }
|
2015-10-20 03:28:28 -04:00
|
|
|
|
2020-09-22 05:09:43 -04:00
|
|
|
shared_examples 'invalid token' do
|
|
|
|
context 'when invite token is not valid' do
|
|
|
|
let(:params) { { id: '_bogus_token_' } }
|
|
|
|
|
|
|
|
it 'renders the 404 page' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:not_found)
|
|
|
|
end
|
|
|
|
end
|
2015-10-20 03:28:28 -04:00
|
|
|
end
|
|
|
|
|
2020-07-07 08:09:16 -04:00
|
|
|
describe 'GET #show' do
|
2020-08-25 14:10:49 -04:00
|
|
|
subject(:request) { get :show, params: params }
|
|
|
|
|
2020-09-04 17:08:41 -04:00
|
|
|
context 'when logged in' do
|
|
|
|
before do
|
|
|
|
sign_in(user)
|
|
|
|
end
|
2020-07-07 08:09:16 -04:00
|
|
|
|
2020-09-04 17:08:41 -04:00
|
|
|
it 'accepts user if invite email matches signed in user' do
|
|
|
|
expect do
|
|
|
|
request
|
|
|
|
end.to change { project_members.include?(user) }.from(false).to(true)
|
2020-07-07 08:09:16 -04:00
|
|
|
|
2020-09-04 17:08:41 -04:00
|
|
|
expect(response).to have_gitlab_http_status(:found)
|
|
|
|
expect(flash[:notice]).to include 'You have been granted'
|
|
|
|
end
|
2020-07-07 08:09:16 -04:00
|
|
|
|
2020-09-04 17:08:41 -04:00
|
|
|
it 'forces re-confirmation if email does not match signed in user' do
|
2020-09-22 05:09:43 -04:00
|
|
|
member.update!(invite_email: 'bogus@email.com')
|
2020-08-25 14:10:49 -04:00
|
|
|
|
2020-09-04 17:08:41 -04:00
|
|
|
expect do
|
|
|
|
request
|
|
|
|
end.not_to change { project_members.include?(user) }
|
2020-08-25 14:10:49 -04:00
|
|
|
|
2020-09-04 17:08:41 -04:00
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
|
|
expect(flash[:notice]).to be_nil
|
2020-08-25 14:10:49 -04:00
|
|
|
end
|
|
|
|
|
2020-09-22 05:09:43 -04:00
|
|
|
it_behaves_like 'invalid token'
|
2021-02-03 10:09:24 -05:00
|
|
|
|
|
|
|
context 'when invite comes from the initial email invite' do
|
|
|
|
let(:params) { { id: raw_invite_token, invite_type: Members::InviteEmailExperiment::INVITE_TYPE } }
|
|
|
|
|
|
|
|
it 'tracks via experiment', :aggregate_failures do
|
|
|
|
experiment = double(track: true)
|
|
|
|
allow(controller).to receive(:experiment).and_return(experiment)
|
|
|
|
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(experiment).to have_received(:track).with(:opened)
|
|
|
|
expect(experiment).to have_received(:track).with(:accepted)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when invite does not come from initial email invite' do
|
|
|
|
it 'does not track via experiment' do
|
|
|
|
expect(controller).not_to receive(:experiment)
|
|
|
|
|
|
|
|
request
|
|
|
|
end
|
|
|
|
end
|
2020-08-25 14:10:49 -04:00
|
|
|
end
|
|
|
|
|
2020-09-04 17:08:41 -04:00
|
|
|
context 'when not logged in' do
|
|
|
|
context 'when inviter is a member' do
|
2021-03-30 14:10:47 -04:00
|
|
|
context 'when instance allows sign up' do
|
|
|
|
it 'indicates an account can be created in notice' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(flash[:notice]).to include('or create an account')
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when user exists with the invited email' do
|
|
|
|
it 'is redirected to a new session with invite email param' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to redirect_to(new_user_session_path(invite_email: member.invite_email))
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when user exists with the invited email as secondary email' do
|
|
|
|
before do
|
|
|
|
secondary_email = create(:email, user: user, email: 'foo@example.com')
|
|
|
|
member.update!(invite_email: secondary_email.email)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'is redirected to a new session with invite email param' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to redirect_to(new_user_session_path(invite_email: member.invite_email))
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when user does not exist with the invited email' do
|
|
|
|
before do
|
|
|
|
member.update!(invite_email: 'bogus_email@example.com')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'indicates an account can be created in notice' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(flash[:notice]).to include('create an account or sign in')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'is redirected to a new registration with invite email param' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to redirect_to(new_user_registration_path(invite_email: member.invite_email))
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when instance does not allow sign up' do
|
|
|
|
before do
|
|
|
|
stub_application_setting(allow_signup?: false)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'does not indicate an account can be created in notice' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(flash[:notice]).not_to include('or create an account')
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when user exists with the invited email' do
|
|
|
|
it 'is redirected to a new session with invite email param' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to redirect_to(new_user_session_path(invite_email: member.invite_email))
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when user does not exist with the invited email' do
|
|
|
|
before do
|
|
|
|
member.update!(invite_email: 'bogus_email@example.com')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'is redirected to a new session with invite email param' do
|
|
|
|
request
|
2020-08-25 14:10:49 -04:00
|
|
|
|
2021-03-30 14:10:47 -04:00
|
|
|
expect(response).to redirect_to(new_user_session_path(invite_email: member.invite_email))
|
|
|
|
end
|
|
|
|
end
|
2020-09-04 17:08:41 -04:00
|
|
|
end
|
|
|
|
end
|
2020-08-25 14:10:49 -04:00
|
|
|
|
2020-09-04 17:08:41 -04:00
|
|
|
context 'when inviter is not a member' do
|
|
|
|
let(:params) { { id: '_bogus_token_' } }
|
|
|
|
|
|
|
|
it 'is redirected to a new session' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to redirect_to(new_user_session_path)
|
|
|
|
end
|
2020-08-25 14:10:49 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'POST #accept' do
|
2020-09-04 17:08:41 -04:00
|
|
|
before do
|
|
|
|
sign_in(user)
|
|
|
|
end
|
2020-08-25 14:10:49 -04:00
|
|
|
|
|
|
|
subject(:request) { post :accept, params: params }
|
|
|
|
|
2020-09-22 05:09:43 -04:00
|
|
|
it_behaves_like 'invalid token'
|
2021-02-03 10:09:24 -05:00
|
|
|
|
|
|
|
context 'when invite comes from the initial email invite' do
|
|
|
|
it 'tracks via experiment' do
|
|
|
|
experiment = double(track: true)
|
|
|
|
allow(controller).to receive(:experiment).and_return(experiment)
|
|
|
|
|
|
|
|
post :accept, params: params, session: { invite_type: Members::InviteEmailExperiment::INVITE_TYPE }
|
|
|
|
|
|
|
|
expect(experiment).to have_received(:track).with(:accepted)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when invite does not come from initial email invite' do
|
|
|
|
it 'does not track via experiment' do
|
|
|
|
expect(controller).not_to receive(:experiment)
|
|
|
|
|
|
|
|
request
|
|
|
|
end
|
|
|
|
end
|
2020-09-22 05:09:43 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
describe 'POST #decline for link in UI' do
|
|
|
|
before do
|
|
|
|
sign_in(user)
|
|
|
|
end
|
|
|
|
|
|
|
|
subject(:request) { post :decline, params: params }
|
|
|
|
|
|
|
|
it_behaves_like 'invalid token'
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'GET #decline for link in email' do
|
|
|
|
before do
|
|
|
|
sign_in(user)
|
|
|
|
end
|
|
|
|
|
|
|
|
subject(:request) { get :decline, params: params }
|
|
|
|
|
|
|
|
it_behaves_like 'invalid token'
|
2020-07-07 08:09:16 -04:00
|
|
|
end
|
2015-10-20 03:28:28 -04:00
|
|
|
end
|