gitlab-org--gitlab-foss/spec/controllers/users/terms_controller_spec.rb
Bob Van Landuyt 7684217d68 Enforces terms in the web application
This enforces the terms in the web application. These cases are
specced:

- Logging in: When terms are enforced, and a user logs in that has not
  accepted the terms, they are presented with the screen. They get
  directed to their customized root path afterwards.
- Signing up: After signing up, the first screen the user is presented
  with the screen to accept the terms. After they accept they are
  directed to the dashboard.
- While a session is active:
  - For a GET: The user will be directed to the terms page first,
    after they accept the terms, they will be directed to the page
    they were going to
  - For any other request: They are directed to the terms, after they
    accept the terms, they are directed back to the page they came
    from to retry the request. Any information entered would be
    persisted in localstorage and available on the page.
2018-05-04 13:54:43 +02:00

81 lines
1.9 KiB
Ruby

require 'spec_helper'
describe Users::TermsController do
let(:user) { create(:user) }
let(:term) { create(:term) }
before do
sign_in user
end
describe 'GET #index' do
it 'redirects when no terms exist' do
get :index
expect(response).to have_gitlab_http_status(:redirect)
end
it 'shows terms when they exist' do
term
expect(response).to have_gitlab_http_status(:success)
end
end
describe 'POST #accept' do
it 'saves that the user accepted the terms' do
post :accept, id: term.id
agreement = user.term_agreements.find_by(term: term)
expect(agreement.accepted).to eq(true)
end
it 'redirects to a path when specified' do
post :accept, id: term.id, redirect: groups_path
expect(response).to redirect_to(groups_path)
end
it 'redirects to the referer when no redirect specified' do
request.env["HTTP_REFERER"] = groups_url
post :accept, id: term.id
expect(response).to redirect_to(groups_path)
end
context 'redirecting to another domain' do
it 'is prevented when passing a redirect param' do
post :accept, id: term.id, redirect: '//example.com/random/path'
expect(response).to redirect_to(root_path)
end
it 'is prevented when redirecting to the referer' do
request.env["HTTP_REFERER"] = 'http://example.com/and/a/path'
post :accept, id: term.id
expect(response).to redirect_to(root_path)
end
end
end
describe 'POST #decline' do
it 'stores that the user declined the terms' do
post :decline, id: term.id
agreement = user.term_agreements.find_by(term: term)
expect(agreement.accepted).to eq(false)
end
it 'signs out the user' do
post :decline, id: term.id
expect(response).to redirect_to(root_path)
expect(assigns(:current_user)).to be_nil
end
end
end