# frozen_string_literal: true require 'spec_helper' RSpec.describe 'Invites', :aggregate_failures do let(:user) { create(:user, email: 'user@example.com') } let(:owner) { create(:user, name: 'John Doe') } let(:group) { create(:group, name: 'Owned') } let(:project) { create(:project, :repository, namespace: group) } let(:group_invite) { group.group_members.invite.last } before do project.add_maintainer(owner) group.add_owner(owner) group.add_developer('user@example.com', owner) group_invite.generate_invite_token! end def confirm_email(new_user) new_user_token = User.find_by_email(new_user.email).confirmation_token visit user_confirmation_path(confirmation_token: new_user_token) end def fill_in_sign_up_form(new_user) fill_in 'new_user_name', with: new_user.name fill_in 'new_user_username', with: new_user.username fill_in 'new_user_email', with: new_user.email fill_in 'new_user_password', with: new_user.password click_button 'Register' end def fill_in_sign_in_form(user) fill_in 'user_login', with: user.email fill_in 'user_password', with: user.password check 'user_remember_me' click_button 'Sign in' end def fill_in_welcome_form select 'Software Developer', from: 'user_role' click_button 'Get started!' end context 'when signed out' do before do visit invite_path(group_invite.raw_invite_token) end it 'renders sign in page with sign in notice' do expect(current_path).to eq(new_user_session_path) expect(page).to have_content('To accept this invitation, sign in') end it 'pre-fills the "Username or email" field on the sign in box with the invite_email from the invite' do expect(find_field('Username or email').value).to eq(group_invite.invite_email) end it 'pre-fills the Email field on the sign up box with the invite_email from the invite' do expect(find_field('Email').value).to eq(group_invite.invite_email) end it 'sign in, grants access and redirects to group page' do fill_in_sign_in_form(user) expect(current_path).to eq(group_path(group)) expect(page).to have_content('You have been granted Developer access to group Owned.') end end context 'when signed in as an existing member' do before do sign_in(owner) end it 'shows message user already a member' do visit invite_path(group_invite.raw_invite_token) expect(page).to have_link(owner.name, href: user_url(owner)) expect(page).to have_content('However, you are already a member of this group.') end end context 'when inviting a user using their email address' do let(:new_user) { build_stubbed(:user) } let(:invite_email) { new_user.email } let(:group_invite) { create(:group_member, :invited, group: group, invite_email: invite_email) } let!(:project_invite) { create(:project_member, :invited, project: project, invite_email: invite_email) } context 'when user has not signed in yet' do before do stub_application_setting(send_user_confirmation_email: send_email_confirmation) visit invite_path(group_invite.raw_invite_token) end context 'email confirmation disabled' do let(:send_email_confirmation) { false } it 'signs up and redirects to the dashboard page with all the projects/groups invitations automatically accepted' do fill_in_sign_up_form(new_user) fill_in_welcome_form expect(current_path).to eq(dashboard_projects_path) expect(page).to have_content(project.full_name) visit group_path(group) expect(page).to have_content(group.full_name) end context 'the user sign-up using a different email address' do let(:invite_email) { build_stubbed(:user).email } it 'signs up and redirects to the invitation page' do fill_in_sign_up_form(new_user) fill_in_welcome_form expect(current_path).to eq(invite_path(group_invite.raw_invite_token)) end end end context 'email confirmation enabled' do let(:send_email_confirmation) { true } context 'when soft email confirmation is not enabled' do before do allow(User).to receive(:allow_unconfirmed_access_for).and_return 0 end it 'signs up and redirects to root page with all the project/groups invitation automatically accepted' do fill_in_sign_up_form(new_user) confirm_email(new_user) fill_in_sign_in_form(new_user) fill_in_welcome_form expect(current_path).to eq(root_path) expect(page).to have_content(project.full_name) visit group_path(group) expect(page).to have_content(group.full_name) end end context 'when soft email confirmation is enabled' do before do allow(User).to receive(:allow_unconfirmed_access_for).and_return 2.days end it 'signs up and redirects to root page with all the project/groups invitation automatically accepted' do fill_in_sign_up_form(new_user) fill_in_welcome_form confirm_email(new_user) expect(current_path).to eq(root_path) expect(page).to have_content(project.full_name) visit group_path(group) expect(page).to have_content(group.full_name) end end it "doesn't accept invitations until the user confirms their email" do fill_in_sign_up_form(new_user) fill_in_welcome_form sign_in(owner) visit project_project_members_path(project) expect(page).to have_content 'Invited' end context 'the user sign-up using a different email address' do let(:invite_email) { build_stubbed(:user).email } context 'when soft email confirmation is not enabled' do before do stub_feature_flags(soft_email_confirmation: false) allow(User).to receive(:allow_unconfirmed_access_for).and_return 0 end it 'signs up and redirects to the invitation page' do fill_in_sign_up_form(new_user) confirm_email(new_user) fill_in_sign_in_form(new_user) fill_in_welcome_form expect(current_path).to eq(invite_path(group_invite.raw_invite_token)) end end context 'when soft email confirmation is enabled' do before do stub_feature_flags(soft_email_confirmation: true) allow(User).to receive(:allow_unconfirmed_access_for).and_return 2.days end it 'signs up and redirects to the invitation page' do fill_in_sign_up_form(new_user) fill_in_welcome_form expect(current_path).to eq(invite_path(group_invite.raw_invite_token)) end end end end end context 'when declining the invitation' do let(:send_email_confirmation) { true } context 'when signed in' do before do sign_in(user) visit invite_path(group_invite.raw_invite_token) end it 'declines application and redirects to dashboard' do page.click_link 'Decline' expect(current_path).to eq(dashboard_projects_path) expect(page).to have_content('You have declined the invitation to join group Owned.') expect { group_invite.reload }.to raise_error ActiveRecord::RecordNotFound end end context 'when signed out' do before do visit decline_invite_path(group_invite.raw_invite_token) end it 'declines application and redirects to sign in page' do expect(current_path).to eq(new_user_session_path) expect(page).to have_content('You have declined the invitation to join group Owned.') expect { group_invite.reload }.to raise_error ActiveRecord::RecordNotFound end end end context 'when accepting the invitation' do let(:send_email_confirmation) { true } before do sign_in(user) visit invite_path(group_invite.raw_invite_token) end it 'grants access and redirects to group page' do expect(group.users.include?(user)).to be false page.click_link 'Accept invitation' expect(current_path).to eq(group_path(group)) expect(page).to have_content('You have been granted Owner access to group Owned.') expect(group.users.include?(user)).to be true end end end end