7684217d68
This enforces the terms in the web application. These cases are specced: - Logging in: When terms are enforced, and a user logs in that has not accepted the terms, they are presented with the screen. They get directed to their customized root path afterwards. - Signing up: After signing up, the first screen the user is presented with the screen to accept the terms. After they accept they are directed to the dashboard. - While a session is active: - For a GET: The user will be directed to the terms page first, after they accept the terms, they will be directed to the page they were going to - For any other request: They are directed to the terms, after they accept the terms, they are directed back to the page they came from to retry the request. Any information entered would be persisted in localstorage and available on the page.
81 lines
1.9 KiB
Ruby
81 lines
1.9 KiB
Ruby
require 'spec_helper'
|
|
|
|
describe Users::TermsController do
|
|
let(:user) { create(:user) }
|
|
let(:term) { create(:term) }
|
|
|
|
before do
|
|
sign_in user
|
|
end
|
|
|
|
describe 'GET #index' do
|
|
it 'redirects when no terms exist' do
|
|
get :index
|
|
|
|
expect(response).to have_gitlab_http_status(:redirect)
|
|
end
|
|
|
|
it 'shows terms when they exist' do
|
|
term
|
|
|
|
expect(response).to have_gitlab_http_status(:success)
|
|
end
|
|
end
|
|
|
|
describe 'POST #accept' do
|
|
it 'saves that the user accepted the terms' do
|
|
post :accept, id: term.id
|
|
|
|
agreement = user.term_agreements.find_by(term: term)
|
|
|
|
expect(agreement.accepted).to eq(true)
|
|
end
|
|
|
|
it 'redirects to a path when specified' do
|
|
post :accept, id: term.id, redirect: groups_path
|
|
|
|
expect(response).to redirect_to(groups_path)
|
|
end
|
|
|
|
it 'redirects to the referer when no redirect specified' do
|
|
request.env["HTTP_REFERER"] = groups_url
|
|
|
|
post :accept, id: term.id
|
|
|
|
expect(response).to redirect_to(groups_path)
|
|
end
|
|
|
|
context 'redirecting to another domain' do
|
|
it 'is prevented when passing a redirect param' do
|
|
post :accept, id: term.id, redirect: '//example.com/random/path'
|
|
|
|
expect(response).to redirect_to(root_path)
|
|
end
|
|
|
|
it 'is prevented when redirecting to the referer' do
|
|
request.env["HTTP_REFERER"] = 'http://example.com/and/a/path'
|
|
|
|
post :accept, id: term.id
|
|
|
|
expect(response).to redirect_to(root_path)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'POST #decline' do
|
|
it 'stores that the user declined the terms' do
|
|
post :decline, id: term.id
|
|
|
|
agreement = user.term_agreements.find_by(term: term)
|
|
|
|
expect(agreement.accepted).to eq(false)
|
|
end
|
|
|
|
it 'signs out the user' do
|
|
post :decline, id: term.id
|
|
|
|
expect(response).to redirect_to(root_path)
|
|
expect(assigns(:current_user)).to be_nil
|
|
end
|
|
end
|
|
end
|