2011-10-08 17:36:38 -04:00
|
|
|
require 'spec_helper'
|
|
|
|
|
2014-04-12 04:56:37 -04:00
|
|
|
describe "Admin::Users", feature: true do
|
2016-12-28 17:22:57 -05:00
|
|
|
include WaitForAjax
|
|
|
|
|
2011-10-08 17:36:38 -04:00
|
|
|
before { login_as :admin }
|
|
|
|
|
|
|
|
describe "GET /admin/users" do
|
2011-10-26 09:46:25 -04:00
|
|
|
before do
|
2011-10-08 17:36:38 -04:00
|
|
|
visit admin_users_path
|
|
|
|
end
|
|
|
|
|
2016-07-25 14:16:19 -04:00
|
|
|
it "is ok" do
|
2015-02-12 13:17:35 -05:00
|
|
|
expect(current_path).to eq(admin_users_path)
|
2011-10-08 17:36:38 -04:00
|
|
|
end
|
|
|
|
|
2016-07-25 14:16:19 -04:00
|
|
|
it "has users list" do
|
2015-02-12 13:17:35 -05:00
|
|
|
expect(page).to have_content(@user.email)
|
|
|
|
expect(page).to have_content(@user.name)
|
2011-10-08 17:36:38 -04:00
|
|
|
end
|
2015-06-19 16:31:36 -04:00
|
|
|
|
|
|
|
describe 'Two-factor Authentication filters' do
|
|
|
|
it 'counts users who have enabled 2FA' do
|
2016-06-06 00:38:42 -04:00
|
|
|
create(:user, :two_factor)
|
2015-06-19 16:31:36 -04:00
|
|
|
|
|
|
|
visit admin_users_path
|
|
|
|
|
|
|
|
page.within('.filter-two-factor-enabled small') do
|
|
|
|
expect(page).to have_content('1')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'filters by users who have enabled 2FA' do
|
2016-06-06 00:38:42 -04:00
|
|
|
user = create(:user, :two_factor)
|
2015-06-19 16:31:36 -04:00
|
|
|
|
|
|
|
visit admin_users_path
|
|
|
|
click_link '2FA Enabled'
|
|
|
|
|
|
|
|
expect(page).to have_content(user.email)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'counts users who have not enabled 2FA' do
|
2016-06-06 00:38:42 -04:00
|
|
|
create(:user)
|
2015-06-19 16:31:36 -04:00
|
|
|
|
|
|
|
visit admin_users_path
|
|
|
|
|
|
|
|
page.within('.filter-two-factor-disabled small') do
|
|
|
|
expect(page).to have_content('2') # Including admin
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'filters by users who have not enabled 2FA' do
|
2016-06-06 00:38:42 -04:00
|
|
|
user = create(:user)
|
2015-06-19 16:31:36 -04:00
|
|
|
|
|
|
|
visit admin_users_path
|
|
|
|
click_link '2FA Disabled'
|
|
|
|
|
|
|
|
expect(page).to have_content(user.email)
|
|
|
|
end
|
|
|
|
end
|
2011-10-08 17:36:38 -04:00
|
|
|
end
|
|
|
|
|
2011-10-26 09:46:25 -04:00
|
|
|
describe "GET /admin/users/new" do
|
|
|
|
before do
|
2011-10-08 17:36:38 -04:00
|
|
|
visit new_admin_user_path
|
2012-08-10 18:07:50 -04:00
|
|
|
fill_in "user_name", with: "Big Bang"
|
2012-11-23 15:25:28 -05:00
|
|
|
fill_in "user_username", with: "bang"
|
2012-08-10 18:07:50 -04:00
|
|
|
fill_in "user_email", with: "bigbang@mail.com"
|
2011-10-08 17:36:38 -04:00
|
|
|
end
|
|
|
|
|
2016-07-25 14:16:19 -04:00
|
|
|
it "creates new user" do
|
2013-04-18 10:28:09 -04:00
|
|
|
expect { click_button "Create user" }.to change {User.count}.by(1)
|
2011-10-08 17:36:38 -04:00
|
|
|
end
|
|
|
|
|
2016-07-25 14:16:19 -04:00
|
|
|
it "applies defaults to user" do
|
2013-03-11 02:44:45 -04:00
|
|
|
click_button "Create user"
|
2015-02-06 01:40:35 -05:00
|
|
|
user = User.find_by(username: 'bang')
|
2015-02-12 13:53:23 -05:00
|
|
|
expect(user.projects_limit).
|
|
|
|
to eq(Gitlab.config.gitlab.default_projects_limit)
|
|
|
|
expect(user.can_create_group).
|
|
|
|
to eq(Gitlab.config.gitlab.default_can_create_group)
|
2013-03-11 02:44:45 -04:00
|
|
|
end
|
|
|
|
|
2016-07-25 14:16:19 -04:00
|
|
|
it "creates user with valid data" do
|
2013-04-18 10:28:09 -04:00
|
|
|
click_button "Create user"
|
2015-02-06 01:40:35 -05:00
|
|
|
user = User.find_by(username: 'bang')
|
2015-02-12 13:53:23 -05:00
|
|
|
expect(user.name).to eq('Big Bang')
|
|
|
|
expect(user.email).to eq('bigbang@mail.com')
|
2011-10-08 17:36:38 -04:00
|
|
|
end
|
|
|
|
|
2016-07-25 14:16:19 -04:00
|
|
|
it "calls send mail" do
|
2015-11-30 09:12:31 -05:00
|
|
|
expect_any_instance_of(NotificationService).to receive(:new_user)
|
2012-06-20 12:29:10 -04:00
|
|
|
|
2014-06-17 15:51:43 -04:00
|
|
|
click_button "Create user"
|
2011-10-08 17:36:38 -04:00
|
|
|
end
|
|
|
|
|
2016-07-25 14:16:19 -04:00
|
|
|
it "sends valid email to user with email & password" do
|
2015-11-30 11:03:07 -05:00
|
|
|
perform_enqueued_jobs do
|
|
|
|
click_button "Create user"
|
|
|
|
end
|
|
|
|
|
2015-02-06 01:40:35 -05:00
|
|
|
user = User.find_by(username: 'bang')
|
2014-06-17 15:51:43 -04:00
|
|
|
email = ActionMailer::Base.deliveries.last
|
2015-02-12 13:53:23 -05:00
|
|
|
expect(email.subject).to have_content('Account was created')
|
2015-02-12 13:17:35 -05:00
|
|
|
expect(email.text_part.body).to have_content(user.email)
|
|
|
|
expect(email.text_part.body).to have_content('password')
|
2012-11-06 08:30:48 -05:00
|
|
|
end
|
2011-10-08 17:36:38 -04:00
|
|
|
end
|
|
|
|
|
2011-10-26 09:46:25 -04:00
|
|
|
describe "GET /admin/users/:id" do
|
2016-07-25 14:16:19 -04:00
|
|
|
it "has user info" do
|
2011-10-08 17:36:38 -04:00
|
|
|
visit admin_users_path
|
2015-06-19 15:04:47 -04:00
|
|
|
click_link @user.name
|
2011-10-08 17:36:38 -04:00
|
|
|
|
2015-02-12 13:17:35 -05:00
|
|
|
expect(page).to have_content(@user.email)
|
|
|
|
expect(page).to have_content(@user.name)
|
2011-10-08 17:36:38 -04:00
|
|
|
end
|
2015-06-19 15:04:47 -04:00
|
|
|
|
2015-10-28 11:39:23 -04:00
|
|
|
describe 'Impersonation' do
|
|
|
|
let(:another_user) { create(:user) }
|
|
|
|
before { visit admin_user_path(another_user) }
|
2015-09-24 09:34:04 -04:00
|
|
|
|
2015-10-28 11:39:23 -04:00
|
|
|
context 'before impersonating' do
|
|
|
|
it 'shows impersonate button for other users' do
|
|
|
|
expect(page).to have_content('Impersonate')
|
|
|
|
end
|
2015-09-24 09:34:04 -04:00
|
|
|
|
2016-07-25 14:16:19 -04:00
|
|
|
it 'does not show impersonate button for admin itself' do
|
2015-10-28 11:39:23 -04:00
|
|
|
visit admin_user_path(@user)
|
2015-09-24 09:34:04 -04:00
|
|
|
|
2015-10-28 11:39:23 -04:00
|
|
|
expect(page).not_to have_content('Impersonate')
|
2015-09-24 09:34:04 -04:00
|
|
|
end
|
2015-12-01 23:40:24 -05:00
|
|
|
|
2016-07-25 14:16:19 -04:00
|
|
|
it 'does not show impersonate button for blocked user' do
|
2015-12-01 23:40:24 -05:00
|
|
|
another_user.block
|
|
|
|
|
|
|
|
visit admin_user_path(another_user)
|
|
|
|
|
|
|
|
expect(page).not_to have_content('Impersonate')
|
|
|
|
|
|
|
|
another_user.activate
|
|
|
|
end
|
2015-09-24 09:34:04 -04:00
|
|
|
end
|
|
|
|
|
2015-10-28 11:39:23 -04:00
|
|
|
context 'when impersonating' do
|
|
|
|
before { click_link 'Impersonate' }
|
|
|
|
|
|
|
|
it 'logs in as the user when impersonate is clicked' do
|
2016-07-05 08:10:46 -04:00
|
|
|
expect(page.find(:css, '.header-user .profile-link')['data-user']).to eql(another_user.username)
|
2015-10-28 11:39:23 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'sees impersonation log out icon' do
|
|
|
|
icon = first('.fa.fa-user-secret')
|
|
|
|
|
2016-05-23 19:37:59 -04:00
|
|
|
expect(icon).not_to eql nil
|
2015-10-28 11:39:23 -04:00
|
|
|
end
|
|
|
|
|
2016-07-25 14:16:19 -04:00
|
|
|
it 'logs out of impersonated user back to original user' do
|
2015-10-28 11:39:23 -04:00
|
|
|
find(:css, 'li.impersonation a').click
|
|
|
|
|
2016-07-05 08:10:46 -04:00
|
|
|
expect(page.find(:css, '.header-user .profile-link')['data-user']).to eql(@user.username)
|
2015-10-28 11:39:23 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'is redirected back to the impersonated users page in the admin after stopping' do
|
|
|
|
find(:css, 'li.impersonation a').click
|
|
|
|
|
|
|
|
expect(current_path).to eql "/admin/users/#{another_user.username}"
|
|
|
|
end
|
2015-09-24 09:34:04 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2015-06-19 15:04:47 -04:00
|
|
|
describe 'Two-factor Authentication status' do
|
|
|
|
it 'shows when enabled' do
|
2016-06-06 00:38:42 -04:00
|
|
|
@user.update_attribute(:otp_required_for_login, true)
|
2015-06-19 15:04:47 -04:00
|
|
|
|
|
|
|
visit admin_user_path(@user)
|
|
|
|
|
|
|
|
expect_two_factor_status('Enabled')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'shows when disabled' do
|
|
|
|
visit admin_user_path(@user)
|
|
|
|
|
|
|
|
expect_two_factor_status('Disabled')
|
|
|
|
end
|
|
|
|
|
|
|
|
def expect_two_factor_status(status)
|
|
|
|
page.within('.two-factor-status') do
|
|
|
|
expect(page).to have_content(status)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2011-10-08 17:36:38 -04:00
|
|
|
end
|
|
|
|
|
2011-10-26 09:46:25 -04:00
|
|
|
describe "GET /admin/users/:id/edit" do
|
|
|
|
before do
|
2012-11-05 22:31:55 -05:00
|
|
|
@simple_user = create(:user)
|
2011-10-08 17:36:38 -04:00
|
|
|
visit admin_users_path
|
|
|
|
click_link "edit_user_#{@simple_user.id}"
|
|
|
|
end
|
|
|
|
|
2016-07-25 14:16:19 -04:00
|
|
|
it "has user edit page" do
|
2015-02-12 13:53:23 -05:00
|
|
|
expect(page).to have_content('Name')
|
|
|
|
expect(page).to have_content('Password')
|
2011-10-08 17:36:38 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
describe "Update user" do
|
2011-10-26 09:46:25 -04:00
|
|
|
before do
|
2012-08-10 18:07:50 -04:00
|
|
|
fill_in "user_name", with: "Big Bang"
|
|
|
|
fill_in "user_email", with: "bigbang@mail.com"
|
2016-05-03 07:42:55 -04:00
|
|
|
fill_in "user_password", with: "AValidPassword1"
|
|
|
|
fill_in "user_password_confirmation", with: "AValidPassword1"
|
2011-10-08 17:36:38 -04:00
|
|
|
check "user_admin"
|
2013-04-18 10:28:09 -04:00
|
|
|
click_button "Save changes"
|
2011-10-08 17:36:38 -04:00
|
|
|
end
|
|
|
|
|
2016-07-25 14:16:19 -04:00
|
|
|
it "shows page with new data" do
|
2015-02-12 13:53:23 -05:00
|
|
|
expect(page).to have_content('bigbang@mail.com')
|
|
|
|
expect(page).to have_content('Big Bang')
|
2011-10-08 17:36:38 -04:00
|
|
|
end
|
|
|
|
|
2016-07-25 14:16:19 -04:00
|
|
|
it "changes user entry" do
|
2011-10-08 17:36:38 -04:00
|
|
|
@simple_user.reload
|
2015-02-12 13:53:23 -05:00
|
|
|
expect(@simple_user.name).to eq('Big Bang')
|
2015-02-12 13:17:35 -05:00
|
|
|
expect(@simple_user.is_admin?).to be_truthy
|
2016-05-03 07:42:55 -04:00
|
|
|
expect(@simple_user.password_expires_at).to be <= Time.now
|
2011-10-08 17:36:38 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2016-11-28 12:14:05 -05:00
|
|
|
|
|
|
|
describe "GET /admin/users/:id/projects" do
|
|
|
|
before do
|
|
|
|
@group = create(:group)
|
|
|
|
@project = create(:project, group: @group)
|
|
|
|
@simple_user = create(:user)
|
|
|
|
@group.add_developer(@simple_user)
|
|
|
|
|
|
|
|
visit projects_admin_user_path(@simple_user)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "lists group projects" do
|
|
|
|
within(:css, '.append-bottom-default + .panel') do
|
|
|
|
expect(page).to have_content 'Group projects'
|
|
|
|
expect(page).to have_link @group.name, admin_group_path(@group)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'allows navigation to the group details' do
|
|
|
|
within(:css, '.append-bottom-default + .panel') do
|
|
|
|
click_link @group.name
|
|
|
|
end
|
|
|
|
within(:css, 'h3.page-title') do
|
|
|
|
expect(page).to have_content "Group: #{@group.name}"
|
|
|
|
end
|
|
|
|
expect(page).to have_content @project.name
|
|
|
|
end
|
2016-12-28 17:22:57 -05:00
|
|
|
|
|
|
|
it 'shows the group access level' do
|
|
|
|
within(:css, '.append-bottom-default + .panel') do
|
|
|
|
expect(page).to have_content 'Developer'
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'allows group membership to be revoked', js: true do
|
|
|
|
page.within(first('.group_member')) do
|
|
|
|
find('.btn-remove').click
|
|
|
|
end
|
|
|
|
wait_for_ajax
|
|
|
|
|
|
|
|
expect(page).not_to have_selector('.group_member')
|
|
|
|
end
|
2016-11-28 12:14:05 -05:00
|
|
|
end
|
2011-10-08 17:36:38 -04:00
|
|
|
end
|