gitlab-org--gitlab-foss/spec/controllers/registrations_controller_spec.rb

require 'spec_helper'

describe RegistrationsController do
  include TermsHelper

  describe '#create' do
    let(:user_params) { { user: { name: 'new_user', username: 'new_username', email: 'new@user.com', password: 'Any_password' } } }

    context 'email confirmation' do
      around do |example|
        perform_enqueued_jobs do
          example.run
        end
      end

      context 'when send_user_confirmation_email is false' do
        it 'signs the user in' do
          allow_any_instance_of(ApplicationSetting).to receive(:send_user_confirmation_email).and_return(false)

          expect { post(:create, user_params) }.not_to change { ActionMailer::Base.deliveries.size }
          expect(subject.current_user).not_to be_nil
        end
      end

      context 'when send_user_confirmation_email is true' do
        it 'does not authenticate user and sends confirmation email' do
          allow_any_instance_of(ApplicationSetting).to receive(:send_user_confirmation_email).and_return(true)

          post(:create, user_params)

          expect(ActionMailer::Base.deliveries.last.to.first).to eq(user_params[:user][:email])
          expect(subject.current_user).to be_nil
        end
      end

      context 'when signup_enabled? is false' do
        it 'redirects to sign_in' do
          allow_any_instance_of(ApplicationSetting).to receive(:signup_enabled?).and_return(false)

          expect { post(:create, user_params) }.not_to change(User, :count)
          expect(response).to redirect_to(new_user_session_path)
        end
      end
    end

    context 'when reCAPTCHA is enabled' do
      before do
        stub_application_setting(recaptcha_enabled: true)
      end

      it 'displays an error when the reCAPTCHA is not solved' do
        # Without this, `verify_recaptcha` arbitraily returns true in test env
        Recaptcha.configuration.skip_verify_env.delete('test')

        post(:create, user_params)

        expect(response).to render_template(:new)
        expect(flash[:alert]).to include 'There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.'
      end

      it 'redirects to the dashboard when the recaptcha is solved' do
        # Avoid test ordering issue and ensure `verify_recaptcha` returns true
        unless Recaptcha.configuration.skip_verify_env.include?('test')
          Recaptcha.configuration.skip_verify_env << 'test'
        end

        post(:create, user_params)

        expect(flash[:notice]).to include 'Welcome! You have signed up successfully.'
      end
    end

    context 'when terms are enforced' do
      before do
        enforce_terms
      end

      it 'redirects back with a notice when the checkbox was not checked' do
        post :create, user_params

        expect(flash[:alert]).to match /you must accept our terms/i
      end

      it 'creates the user with agreement when terms are accepted' do
        post :create, user_params.merge(terms_opt_in: '1')

        expect(subject.current_user).to be_present
        expect(subject.current_user.terms_accepted?).to be(true)
      end
    end
  end

  describe '#destroy' do
    let(:user) { create(:user) }

    before do
      sign_in(user)
    end

    def expect_failure(message)
      expect(flash[:alert]).to eq(message)
      expect(response.status).to eq(303)
      expect(response).to redirect_to profile_account_path
    end

    def expect_password_failure
      expect_failure('Invalid password')
    end

    def expect_username_failure
      expect_failure('Invalid username')
    end

    def expect_success
      expect(flash[:notice]).to eq 'Account scheduled for removal.'
      expect(response.status).to eq(303)
      expect(response).to redirect_to new_user_session_path
    end

    context 'user requires password confirmation' do
      it 'fails if password confirmation is not provided' do
        post :destroy

        expect_password_failure
      end

      it 'fails if password confirmation is wrong' do
        post :destroy, password: 'wrong password'

        expect_password_failure
      end

      it 'succeeds if password is confirmed' do
        post :destroy, password: '12345678'

        expect_success
      end
    end

    context 'user does not require password confirmation' do
      before do
        stub_application_setting(password_authentication_enabled_for_web: false)
        stub_application_setting(password_authentication_enabled_for_git: false)
      end

      it 'fails if username confirmation is not provided' do
        post :destroy

        expect_username_failure
      end

      it 'fails if username confirmation is wrong' do
        post :destroy, username: 'wrong username'

        expect_username_failure
      end

      it 'succeeds if username is confirmed' do
        post :destroy, username: user.username

        expect_success
      end
    end
  end
end
Toggle email signup confirmation in admin settings 2016-04-21 14:55:54 -04:00			`require 'spec_helper'`

			`describe RegistrationsController do`
Users can accept terms during registration When a user checks the `accept` checkbox, we will track that acceptance as usual. That way they don't need to accept again after they complete the registration. When an unauthenticated user visits the `/-/users/terms` page, there is no button to accept, decline or continue. The 'current-user menu' is also hidden from the top bar. 2018-06-08 07:20:44 -04:00			`include TermsHelper`

Toggle email signup confirmation in admin settings 2016-04-21 14:55:54 -04:00			`describe '#create' do`
Properly handle failed reCAPTCHA on user registration If a user presses the 'Register' button too quickly after attempting to solve the reCAPTCHA, or the reCAPTCHA is not solved at all, the user would experience a 500 error. Now, the case is properly handled and the user will be sent back to the registration page with a clear error message and can try again. 2017-01-03 02:08:21 -05:00			`let(:user_params) { { user: { name: 'new_user', username: 'new_username', email: 'new@user.com', password: 'Any_password' } } }`

			`context 'email confirmation' do`
Enable the RSpec/HookArgument cop and auto-correct offenses 2017-08-10 18:31:42 -04:00			`around do \|example\|`
Properly handle failed reCAPTCHA on user registration If a user presses the 'Register' button too quickly after attempting to solve the reCAPTCHA, or the reCAPTCHA is not solved at all, the user would experience a 500 error. Now, the case is properly handled and the user will be sent back to the registration page with a clear error message and can try again. 2017-01-03 02:08:21 -05:00			`perform_enqueued_jobs do`
			`example.run`
			`end`
Toggle email signup confirmation in admin settings 2016-04-21 14:55:54 -04:00			`end`

Properly handle failed reCAPTCHA on user registration If a user presses the 'Register' button too quickly after attempting to solve the reCAPTCHA, or the reCAPTCHA is not solved at all, the user would experience a 500 error. Now, the case is properly handled and the user will be sent back to the registration page with a clear error message and can try again. 2017-01-03 02:08:21 -05:00			`context 'when send_user_confirmation_email is false' do`
			`it 'signs the user in' do`
			`allow_any_instance_of(ApplicationSetting).to receive(:send_user_confirmation_email).and_return(false)`

Enable the Layout/SpaceBeforeBlockBraces cop Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-08-09 05:52:22 -04:00			`expect { post(:create, user_params) }.not_to change { ActionMailer::Base.deliveries.size }`
Properly handle failed reCAPTCHA on user registration If a user presses the 'Register' button too quickly after attempting to solve the reCAPTCHA, or the reCAPTCHA is not solved at all, the user would experience a 500 error. Now, the case is properly handled and the user will be sent back to the registration page with a clear error message and can try again. 2017-01-03 02:08:21 -05:00			`expect(subject.current_user).not_to be_nil`
			`end`
			`end`
Toggle email signup confirmation in admin settings 2016-04-21 14:55:54 -04:00
Properly handle failed reCAPTCHA on user registration If a user presses the 'Register' button too quickly after attempting to solve the reCAPTCHA, or the reCAPTCHA is not solved at all, the user would experience a 500 error. Now, the case is properly handled and the user will be sent back to the registration page with a clear error message and can try again. 2017-01-03 02:08:21 -05:00			`context 'when send_user_confirmation_email is true' do`
			`it 'does not authenticate user and sends confirmation email' do`
			`allow_any_instance_of(ApplicationSetting).to receive(:send_user_confirmation_email).and_return(true)`
Toggle email signup confirmation in admin settings 2016-04-21 14:55:54 -04:00
Properly handle failed reCAPTCHA on user registration If a user presses the 'Register' button too quickly after attempting to solve the reCAPTCHA, or the reCAPTCHA is not solved at all, the user would experience a 500 error. Now, the case is properly handled and the user will be sent back to the registration page with a clear error message and can try again. 2017-01-03 02:08:21 -05:00			`post(:create, user_params)`

			`expect(ActionMailer::Base.deliveries.last.to.first).to eq(user_params[:user][:email])`
			`expect(subject.current_user).to be_nil`
			`end`
Implement new service for creating user 2017-03-27 05:37:24 -04:00			`end`

			`context 'when signup_enabled? is false' do`
			`it 'redirects to sign_in' do`
			`allow_any_instance_of(ApplicationSetting).to receive(:signup_enabled?).and_return(false)`

			`expect { post(:create, user_params) }.not_to change(User, :count)`
			`expect(response).to redirect_to(new_user_session_path)`
			`end`
Toggle email signup confirmation in admin settings 2016-04-21 14:55:54 -04:00			`end`
			`end`

Properly handle failed reCAPTCHA on user registration If a user presses the 'Register' button too quickly after attempting to solve the reCAPTCHA, or the reCAPTCHA is not solved at all, the user would experience a 500 error. Now, the case is properly handled and the user will be sent back to the registration page with a clear error message and can try again. 2017-01-03 02:08:21 -05:00			`context 'when reCAPTCHA is enabled' do`
			`before do`
			`stub_application_setting(recaptcha_enabled: true)`
			`end`

			`it 'displays an error when the reCAPTCHA is not solved' do`
			# Without this, `verify_recaptcha` arbitraily returns true in test env
			`Recaptcha.configuration.skip_verify_env.delete('test')`
Toggle email signup confirmation in admin settings 2016-04-21 14:55:54 -04:00
			`post(:create, user_params)`
Properly handle failed reCAPTCHA on user registration If a user presses the 'Register' button too quickly after attempting to solve the reCAPTCHA, or the reCAPTCHA is not solved at all, the user would experience a 500 error. Now, the case is properly handled and the user will be sent back to the registration page with a clear error message and can try again. 2017-01-03 02:08:21 -05:00
			`expect(response).to render_template(:new)`
Use reCaptcha when an issue identified as spam 2017-01-27 11:25:39 -05:00			`expect(flash[:alert]).to include 'There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.'`
Properly handle failed reCAPTCHA on user registration If a user presses the 'Register' button too quickly after attempting to solve the reCAPTCHA, or the reCAPTCHA is not solved at all, the user would experience a 500 error. Now, the case is properly handled and the user will be sent back to the registration page with a clear error message and can try again. 2017-01-03 02:08:21 -05:00			`end`

			`it 'redirects to the dashboard when the recaptcha is solved' do`
			# Avoid test ordering issue and ensure `verify_recaptcha` returns true
			`unless Recaptcha.configuration.skip_verify_env.include?('test')`
			`Recaptcha.configuration.skip_verify_env << 'test'`
			`end`

			`post(:create, user_params)`

			`expect(flash[:notice]).to include 'Welcome! You have signed up successfully.'`
Toggle email signup confirmation in admin settings 2016-04-21 14:55:54 -04:00			`end`
			`end`
Users can accept terms during registration When a user checks the `accept` checkbox, we will track that acceptance as usual. That way they don't need to accept again after they complete the registration. When an unauthenticated user visits the `/-/users/terms` page, there is no button to accept, decline or continue. The 'current-user menu' is also hidden from the top bar. 2018-06-08 07:20:44 -04:00
			`context 'when terms are enforced' do`
			`before do`
			`enforce_terms`
			`end`

			`it 'redirects back with a notice when the checkbox was not checked' do`
			`post :create, user_params`

			`expect(flash[:alert]).to match /you must accept our terms/i`
			`end`

			`it 'creates the user with agreement when terms are accepted' do`
			`post :create, user_params.merge(terms_opt_in: '1')`

			`expect(subject.current_user).to be_present`
			`expect(subject.current_user.terms_accepted?).to be(true)`
			`end`
			`end`
Toggle email signup confirmation in admin settings 2016-04-21 14:55:54 -04:00			`end`
Delete users asynchronously 2017-04-01 00:29:51 -04:00
			`describe '#destroy' do`
			`let(:user) { create(:user) }`

			`before do`
			`sign_in(user)`
			`end`

Show confirmation modal before deleting account 2017-10-06 16:40:41 -04:00			`def expect_failure(message)`
			`expect(flash[:alert]).to eq(message)`
			`expect(response.status).to eq(303)`
			`expect(response).to redirect_to profile_account_path`
			`end`

			`def expect_password_failure`
			`expect_failure('Invalid password')`
			`end`

			`def expect_username_failure`
			`expect_failure('Invalid username')`
			`end`

			`def expect_success`
			`expect(flash[:notice]).to eq 'Account scheduled for removal.'`
			`expect(response.status).to eq(303)`
			`expect(response).to redirect_to new_user_session_path`
			`end`
Delete users asynchronously 2017-04-01 00:29:51 -04:00
Show confirmation modal before deleting account 2017-10-06 16:40:41 -04:00			`context 'user requires password confirmation' do`
			`it 'fails if password confirmation is not provided' do`
			`post :destroy`
Delete users asynchronously 2017-04-01 00:29:51 -04:00
Show confirmation modal before deleting account 2017-10-06 16:40:41 -04:00			`expect_password_failure`
			`end`

			`it 'fails if password confirmation is wrong' do`
			`post :destroy, password: 'wrong password'`

			`expect_password_failure`
			`end`

			`it 'succeeds if password is confirmed' do`
			`post :destroy, password: '12345678'`

			`expect_success`
			`end`
			`end`

			`context 'user does not require password confirmation' do`
			`before do`
Allow password authentication to be disabled entirely 2017-11-23 08:16:14 -05:00			`stub_application_setting(password_authentication_enabled_for_web: false)`
			`stub_application_setting(password_authentication_enabled_for_git: false)`
Show confirmation modal before deleting account 2017-10-06 16:40:41 -04:00			`end`

			`it 'fails if username confirmation is not provided' do`
			`post :destroy`

			`expect_username_failure`
			`end`

			`it 'fails if username confirmation is wrong' do`
			`post :destroy, username: 'wrong username'`

			`expect_username_failure`
			`end`

			`it 'succeeds if username is confirmed' do`
			`post :destroy, username: user.username`

			`expect_success`
			`end`
Delete users asynchronously 2017-04-01 00:29:51 -04:00			`end`
			`end`
Toggle email signup confirmation in admin settings 2016-04-21 14:55:54 -04:00			`end`