Display account connection link
This commit is contained in:
parent
77fa9fe048
commit
28ff44357d
|
@ -11,6 +11,7 @@ class Staffs::People::AccountConnectionLinksController < ApplicationController
|
|||
# POST /staff/people/:person_id/account_connection_link
|
||||
def create
|
||||
authorize [:staff, @person, AccountConnectionLink.new(@person)]
|
||||
@person.update! account_connection_token: SecureRandom.alphanumeric(32)
|
||||
end
|
||||
|
||||
private
|
||||
|
|
|
@ -10,4 +10,8 @@ module PeopleHelper
|
|||
person.full_name
|
||||
end
|
||||
end
|
||||
|
||||
def person_account_connection_link(person)
|
||||
new_account_connection_link_url token: person.account_connection_token
|
||||
end
|
||||
end
|
||||
|
|
|
@ -3,6 +3,8 @@
|
|||
class Person < ApplicationRecord
|
||||
include Nameable
|
||||
|
||||
ACCOUNT_CONNECTION_TOKEN_RE = /\A\w+\z/.freeze
|
||||
|
||||
################
|
||||
# Associations #
|
||||
################
|
||||
|
@ -35,6 +37,12 @@ class Person < ApplicationRecord
|
|||
|
||||
validates :photo, allow_nil: true, image: true
|
||||
|
||||
validates :account_connection_token,
|
||||
allow_nil: true,
|
||||
allow_blank: false,
|
||||
length: { is: 32 },
|
||||
format: { with: ACCOUNT_CONNECTION_TOKEN_RE }
|
||||
|
||||
###########
|
||||
# Methods #
|
||||
###########
|
||||
|
|
|
@ -10,5 +10,12 @@
|
|||
<p class="lead">
|
||||
<%= translate '.description' %>
|
||||
</p>
|
||||
|
||||
<input
|
||||
type="text"
|
||||
class="form-control"
|
||||
readonly="readonly"
|
||||
value="<%= person_account_connection_link @person %>"
|
||||
>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
@ -30,6 +30,8 @@ Rails.application.routes.draw do
|
|||
# Account routes #
|
||||
##################
|
||||
|
||||
resource :account_connection_link, only: :new
|
||||
|
||||
namespace :settings do
|
||||
resource :profile, only: %i[edit update]
|
||||
end
|
||||
|
|
|
@ -12,7 +12,31 @@ RSpec.describe Person do
|
|||
end
|
||||
|
||||
describe '#account_connection_token' do
|
||||
def allow_value(*)
|
||||
super.for :account_connection_token
|
||||
end
|
||||
|
||||
it { is_expected.not_to validate_presence_of :account_connection_token }
|
||||
|
||||
it do
|
||||
is_expected.to \
|
||||
validate_length_of(:account_connection_token).is_equal_to(32)
|
||||
end
|
||||
|
||||
it { is_expected.to allow_value nil }
|
||||
it { is_expected.to allow_value SecureRandom.alphanumeric(32) }
|
||||
it { is_expected.to allow_value '_' * 32 }
|
||||
|
||||
it { is_expected.not_to allow_value '' }
|
||||
it { is_expected.not_to allow_value 'q' }
|
||||
it { is_expected.not_to allow_value SecureRandom.alphanumeric(31) }
|
||||
it { is_expected.not_to allow_value SecureRandom.alphanumeric(33) }
|
||||
|
||||
%w[
|
||||
~ ` ! @ # $ % ^ & * ( ) - = + [ { ] } \ | ; : ' " , < . > / ?
|
||||
].each do |char|
|
||||
it { is_expected.not_to allow_value char * 32 }
|
||||
end
|
||||
end
|
||||
|
||||
describe '#contact_list' do
|
||||
|
|
|
@ -7,29 +7,53 @@ RSpec.describe 'GET /staff/people/:person_id/account_connection_link' do
|
|||
|
||||
let(:current_account) { create :superuser_account }
|
||||
|
||||
before do
|
||||
sign_in current_account.user if current_account&.user
|
||||
|
||||
def make_request
|
||||
post "/staff/people/#{person.to_param}/account_connection_link"
|
||||
end
|
||||
|
||||
before do
|
||||
sign_in current_account.user if current_account&.user
|
||||
end
|
||||
|
||||
for_account_types nil, :usual do
|
||||
before { make_request }
|
||||
|
||||
specify do
|
||||
expect(response).to have_http_status :forbidden
|
||||
end
|
||||
end
|
||||
|
||||
for_account_types :superuser do
|
||||
specify do
|
||||
expect { make_request }.to(
|
||||
change { person.reload.account_connection_token },
|
||||
)
|
||||
end
|
||||
|
||||
context 'after request' do
|
||||
before { make_request }
|
||||
|
||||
specify do
|
||||
expect(response).to have_http_status :ok
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'when person already has account' do
|
||||
let(:person) { create(:personal_account).person }
|
||||
|
||||
specify do
|
||||
expect { make_request }.not_to(
|
||||
change { person.reload.account_connection_token },
|
||||
)
|
||||
end
|
||||
|
||||
context 'after request' do
|
||||
before { make_request }
|
||||
|
||||
specify do
|
||||
expect(response).to have_http_status :forbidden
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Reference in New Issue