3 class UsersControllerTest < ActionDispatch::IntegrationTest
5 # test all routes which lead to this controller
8 { :path => "/user/new", :method => :get },
9 { :controller => "users", :action => "new" }
13 { :path => "/user/new", :method => :post },
14 { :controller => "users", :action => "create" }
18 { :path => "/user/terms", :method => :get },
19 { :controller => "users", :action => "terms" }
23 { :path => "/user/save", :method => :post },
24 { :controller => "users", :action => "save" }
28 { :path => "/user/go_public", :method => :post },
29 { :controller => "users", :action => "go_public" }
33 { :path => "/user/suspended", :method => :get },
34 { :controller => "users", :action => "suspended" }
38 { :path => "/user/username", :method => :get },
39 { :controller => "users", :action => "show", :display_name => "username" }
43 { :path => "/user/username/set_status", :method => :post },
44 { :controller => "users", :action => "set_status", :display_name => "username" }
47 { :path => "/user/username", :method => :delete },
48 { :controller => "users", :action => "destroy", :display_name => "username" }
52 { :path => "/users", :method => :get },
53 { :controller => "users", :action => "index" }
56 { :path => "/users", :method => :post },
57 { :controller => "users", :action => "index" }
60 { :path => "/users/status", :method => :get },
61 { :controller => "users", :action => "index", :status => "status" }
64 { :path => "/users/status", :method => :post },
65 { :controller => "users", :action => "index", :status => "status" }
69 # The user creation page loads
72 assert_response :redirect
73 assert_redirected_to user_new_path(:cookie_test => "true")
75 get user_new_path, :params => { :cookie_test => "true" }
76 assert_response :success
78 assert_select "html", :count => 1 do
79 assert_select "head", :count => 1 do
80 assert_select "title", :text => /Sign Up/, :count => 1
82 assert_select "body", :count => 1 do
83 assert_select "div#content", :count => 1 do
84 assert_select "form[action='/user/new'][method='post']", :count => 1 do
85 assert_select "input[id='user_email']", :count => 1
86 assert_select "input[id='user_email_confirmation']", :count => 1
87 assert_select "input[id='user_display_name']", :count => 1
88 assert_select "input[id='user_pass_crypt'][type='password']", :count => 1
89 assert_select "input[id='user_pass_crypt_confirmation'][type='password']", :count => 1
90 assert_select "input[type='submit'][value='Sign Up']", :count => 1
97 def test_new_view_logged_in
98 session_for(create(:user))
101 assert_response :redirect
102 assert_redirected_to root_path
104 get user_new_path, :params => { :referer => "/test" }
105 assert_response :redirect
106 assert_redirected_to "/test"
110 user = build(:user, :pending)
112 assert_no_difference "User.count" do
113 assert_no_difference "ActionMailer::Base.deliveries.size" do
114 perform_enqueued_jobs do
115 post user_new_path, :params => { :user => user.attributes }
120 assert_difference "User.count", 1 do
121 assert_difference "ActionMailer::Base.deliveries.size", 1 do
122 perform_enqueued_jobs do
123 post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
129 register_email = ActionMailer::Base.deliveries.first
131 assert_equal register_email.to[0], user.email
132 assert_match(/#{@url}/, register_email.body.to_s)
135 assert_redirected_to :controller => :confirmations, :action => :confirm, :display_name => user.display_name
137 ActionMailer::Base.deliveries.clear
140 def test_new_duplicate_email
141 user = build(:user, :pending)
142 create(:user, :email => user.email)
144 assert_no_difference "User.count" do
145 assert_no_difference "ActionMailer::Base.deliveries.size" do
146 perform_enqueued_jobs do
147 post user_new_path, :params => { :user => user.attributes }
152 assert_response :success
153 assert_template "new"
154 assert_select "form > div.form-group > input.is-invalid#user_email"
157 def test_save_duplicate_email
158 user = build(:user, :pending)
160 # Set up our user as being half-way through registration
161 assert_no_difference "User.count" do
162 assert_no_difference "ActionMailer::Base.deliveries.size" do
163 perform_enqueued_jobs do
164 post user_new_path, :params => { :user => user.attributes }
169 # Now create another user with that email
170 create(:user, :email => user.email)
172 # Check that the second half of registration fails
173 assert_no_difference "User.count" do
174 assert_no_difference "ActionMailer::Base.deliveries.size" do
175 perform_enqueued_jobs do
176 post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
181 assert_response :success
182 assert_template "new"
183 assert_select "form > div.form-group > input.is-invalid#user_email"
186 def test_save_duplicate_email_uppercase
187 user = build(:user, :pending)
189 # Set up our user as being half-way through registration
190 assert_no_difference "User.count" do
191 assert_no_difference "ActionMailer::Base.deliveries.size" do
192 perform_enqueued_jobs do
193 post user_new_path, :params => { :user => user.attributes }
198 # Now create another user with that email, but uppercased
199 create(:user, :email => user.email.upcase)
201 # Check that the second half of registration fails
202 assert_no_difference "User.count" do
203 assert_no_difference "ActionMailer::Base.deliveries.size" do
204 perform_enqueued_jobs do
205 post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
210 assert_response :success
211 assert_template "new"
212 assert_select "form > div.form-group > input.is-invalid#user_email"
215 def test_save_duplicate_name
216 user = build(:user, :pending)
218 # Set up our user as being half-way through registration
219 assert_no_difference "User.count" do
220 assert_no_difference "ActionMailer::Base.deliveries.size" do
221 perform_enqueued_jobs do
222 post user_new_path, :params => { :user => user.attributes }
227 # Now create another user with that display name
228 create(:user, :display_name => user.display_name)
230 # Check that the second half of registration fails
231 assert_no_difference "User.count" do
232 assert_no_difference "ActionMailer::Base.deliveries.size" do
233 perform_enqueued_jobs do
234 post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
239 assert_response :success
240 assert_template "new"
241 assert_select "form > div.form-group > input.is-invalid#user_display_name"
244 def test_save_duplicate_name_uppercase
245 user = build(:user, :pending)
247 # Set up our user as being half-way through registration
248 assert_no_difference "User.count" do
249 assert_no_difference "ActionMailer::Base.deliveries.size" do
250 perform_enqueued_jobs do
251 post user_new_path, :params => { :user => user.attributes }
256 # Now create another user with that display_name, but uppercased
257 create(:user, :display_name => user.display_name.upcase)
259 # Check that the second half of registration fails
260 assert_no_difference "User.count" do
261 assert_no_difference "ActionMailer::Base.deliveries.size" do
262 perform_enqueued_jobs do
263 post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
268 assert_response :success
269 assert_template "new"
270 assert_select "form > div.form-group > input.is-invalid#user_display_name"
273 def test_save_blocked_domain
274 user = build(:user, :pending, :email => "user@example.net")
276 # Set up our user as being half-way through registration
277 assert_no_difference "User.count" do
278 assert_no_difference "ActionMailer::Base.deliveries.size" do
279 perform_enqueued_jobs do
280 post user_new_path, :params => { :user => user.attributes }
285 # Now block that domain
286 create(:acl, :domain => "example.net", :k => "no_account_creation")
288 # Check that the second half of registration fails
289 assert_no_difference "User.count" do
290 assert_no_difference "ActionMailer::Base.deliveries.size" do
291 perform_enqueued_jobs do
292 post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
297 assert_response :success
298 assert_template "blocked"
301 def test_save_referer_params
302 user = build(:user, :pending)
304 # Set up our user as being half-way through registration
305 assert_no_difference "User.count" do
306 assert_no_difference "ActionMailer::Base.deliveries.size" do
307 perform_enqueued_jobs do
308 post user_new_path, :params => { :user => user.attributes, :referer => "/edit?editor=id#map=1/2/3" }
313 assert_difference "User.count", 1 do
314 assert_difference "ActionMailer::Base.deliveries.size", 1 do
315 perform_enqueued_jobs do
316 post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
321 assert_equal welcome_path(:editor => "id", :zoom => 1, :lat => 2, :lon => 3),
322 User.find_by(:email => user.email).tokens.order("id DESC").first.referer
324 ActionMailer::Base.deliveries.clear
327 def test_terms_new_user
328 user = build(:user, :pending)
330 # Set up our user as being half-way through registration
331 assert_no_difference "User.count" do
332 assert_no_difference "ActionMailer::Base.deliveries.size" do
333 perform_enqueued_jobs do
334 post user_new_path, :params => { :user => user.attributes }
341 assert_response :success
342 assert_template :terms
345 def test_terms_agreed
346 user = create(:user, :terms_seen => true, :terms_agreed => Date.yesterday)
351 assert_response :redirect
352 assert_redirected_to edit_account_path
355 def test_terms_not_seen_without_referer
356 user = create(:user, :terms_seen => false, :terms_agreed => nil)
361 assert_response :success
362 assert_template :terms
364 post user_save_path, :params => { :user => { :consider_pd => true }, :read_ct => 1, :read_tou => 1 }
365 assert_response :redirect
366 assert_redirected_to edit_account_path
367 assert_equal "Thanks for accepting the new contributor terms!", flash[:notice]
371 assert user.consider_pd
372 assert_not_nil user.terms_agreed
373 assert user.terms_seen
376 def test_terms_not_seen_with_referer
377 user = create(:user, :terms_seen => false, :terms_agreed => nil)
381 get user_terms_path, :params => { :referer => "/test" }
382 assert_response :success
383 assert_template :terms
385 post user_save_path, :params => { :user => { :consider_pd => true }, :referer => "/test", :read_ct => 1, :read_tou => 1 }
386 assert_response :redirect
387 assert_redirected_to "/test"
388 assert_equal "Thanks for accepting the new contributor terms!", flash[:notice]
392 assert user.consider_pd
393 assert_not_nil user.terms_agreed
394 assert user.terms_seen
397 # Check that if you haven't seen the terms, and make a request that requires authentication,
398 # that your request is redirected to view the terms
399 def test_terms_not_seen_redirection
400 user = create(:user, :terms_seen => false, :terms_agreed => nil)
403 get edit_account_path
404 assert_response :redirect
405 assert_redirected_to :controller => :users, :action => :terms, :referer => "/account/edit"
408 def test_terms_not_logged_in
411 assert_redirected_to login_path(:referer => "/user/terms")
415 user = create(:user, :data_public => false)
418 post user_go_public_path
420 assert_response :redirect
421 assert_redirected_to edit_account_path
422 assert User.find(user.id).data_public
425 # Check that the user account page will display and contains some relevant
426 # information for the user
428 # Test a non-existent user
429 get user_path(:display_name => "unknown")
430 assert_response :not_found
436 assert_response :success
437 assert_select "div.content-heading" do
438 assert_select "a[href^='/user/#{ERB::Util.u(user.display_name)}/history']", 1
439 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/traces']", 1
440 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/diary']", 1
441 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/diary/comments']", 1
442 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/account']", 0
443 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/blocks']", 0
444 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/blocks_by']", 0
445 assert_select "a[href='/blocks/new/#{ERB::Util.u(user.display_name)}']", 0
448 # Friends shouldn't be visible as we're not logged in
449 assert_select "div#friends-container", :count => 0
451 # Test a user who has been blocked
452 blocked_user = create(:user)
453 create(:user_block, :user => blocked_user)
454 get user_path(blocked_user)
455 assert_response :success
456 assert_select "div.content-heading" do
457 assert_select "a[href^='/user/#{ERB::Util.u(blocked_user.display_name)}/history']", 1
458 assert_select "a[href='/user/#{ERB::Util.u(blocked_user.display_name)}/traces']", 1
459 assert_select "a[href='/user/#{ERB::Util.u(blocked_user.display_name)}/diary']", 1
460 assert_select "a[href='/user/#{ERB::Util.u(blocked_user.display_name)}/diary/comments']", 1
461 assert_select "a[href='/user/#{ERB::Util.u(blocked_user.display_name)}/account']", 0
462 assert_select "a[href='/user/#{ERB::Util.u(blocked_user.display_name)}/blocks']", 1
463 assert_select "a[href='/user/#{ERB::Util.u(blocked_user.display_name)}/blocks_by']", 0
464 assert_select "a[href='/blocks/new/#{ERB::Util.u(blocked_user.display_name)}']", 0
467 # Test a moderator who has applied blocks
468 moderator_user = create(:moderator_user)
469 create(:user_block, :creator => moderator_user)
470 get user_path(moderator_user)
471 assert_response :success
472 assert_select "div.content-heading" do
473 assert_select "a[href^='/user/#{ERB::Util.u(moderator_user.display_name)}/history']", 1
474 assert_select "a[href='/user/#{ERB::Util.u(moderator_user.display_name)}/traces']", 1
475 assert_select "a[href='/user/#{ERB::Util.u(moderator_user.display_name)}/diary']", 1
476 assert_select "a[href='/user/#{ERB::Util.u(moderator_user.display_name)}/diary/comments']", 1
477 assert_select "a[href='/user/#{ERB::Util.u(moderator_user.display_name)}/account']", 0
478 assert_select "a[href='/user/#{ERB::Util.u(moderator_user.display_name)}/blocks']", 0
479 assert_select "a[href='/user/#{ERB::Util.u(moderator_user.display_name)}/blocks_by']", 1
480 assert_select "a[href='/blocks/new/#{ERB::Util.u(moderator_user.display_name)}']", 0
483 # Login as a normal user
486 # Test the normal user
488 assert_response :success
489 assert_select "div.content-heading" do
490 assert_select "a[href^='/user/#{ERB::Util.u(user.display_name)}/history']", 1
491 assert_select "a[href='/traces/mine']", 1
492 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/diary']", 1
493 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/diary/comments']", 1
494 assert_select "a[href='/account/edit']", 1
495 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/blocks']", 0
496 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/blocks_by']", 0
497 assert_select "a[href='/blocks/new/#{ERB::Util.u(user.display_name)}']", 0
500 # Login as a moderator
501 session_for(create(:moderator_user))
503 # Test the normal user
505 assert_response :success
506 assert_select "div.content-heading" do
507 assert_select "a[href^='/user/#{ERB::Util.u(user.display_name)}/history']", 1
508 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/traces']", 1
509 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/diary']", 1
510 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/diary/comments']", 1
511 assert_select "a[href='/account/edit']", 0
512 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/blocks']", 0
513 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/blocks_by']", 0
514 assert_select "a[href='/blocks/new/#{ERB::Util.u(user.display_name)}']", 1
518 # Test whether information about contributor terms is shown for users who haven't agreed
519 def test_terms_not_agreed
520 agreed_user = create(:user, :terms_agreed => 3.days.ago)
521 seen_user = create(:user, :terms_seen => true, :terms_agreed => nil)
522 not_seen_user = create(:user, :terms_seen => false, :terms_agreed => nil)
524 get user_path(agreed_user)
525 assert_response :success
526 assert_select "div.content-heading" do
527 assert_select "dt", :count => 0, :text => /Contributor terms/
530 get user_path(seen_user)
531 assert_response :success
533 assert_select "div.content-heading" do
534 assert_select "dt", :count => 1, :text => /Contributor terms/
535 assert_select "dd", /Declined/
538 get user_path(not_seen_user)
539 assert_response :success
540 assert_select "div.content-heading" do
541 assert_select "dt", :count => 1, :text => /Contributor terms/
542 assert_select "dd", /Undecided/
549 # Try without logging in
550 post set_status_user_path(user), :params => { :event => "confirm" }
551 assert_response :forbidden
553 # Now try as a normal user
555 post set_status_user_path(user), :params => { :event => "confirm" }
556 assert_response :redirect
557 assert_redirected_to :controller => :errors, :action => :forbidden
559 # Finally try as an administrator
560 session_for(create(:administrator_user))
561 post set_status_user_path(user), :params => { :event => "confirm" }
562 assert_response :redirect
563 assert_redirected_to :action => :show, :display_name => user.display_name
564 assert_equal "confirmed", User.find(user.id).status
568 user = create(:user, :home_lat => 12.1, :home_lon => 12.1, :description => "test")
570 # Try without logging in
571 delete user_path(user)
572 assert_response :forbidden
574 # Now try as a normal user
576 delete user_path(user)
577 assert_response :redirect
578 assert_redirected_to :controller => :errors, :action => :forbidden
580 # Finally try as an administrator
581 session_for(create(:administrator_user))
582 delete user_path(user)
583 assert_response :redirect
584 assert_redirected_to :action => :show, :display_name => user.display_name
586 # Check that the user was deleted properly
588 assert_equal "user_#{user.id}", user.display_name
589 assert_equal "", user.description
590 assert_nil user.home_lat
591 assert_nil user.home_lon
592 assert_not user.avatar.attached?
593 assert_not user.email_valid
594 assert_nil user.new_email
595 assert_nil user.auth_provider
596 assert_nil user.auth_uid
597 assert_equal "deleted", user.status
602 moderator_user = create(:moderator_user)
603 administrator_user = create(:administrator_user)
604 _suspended_user = create(:user, :suspended)
605 _ip_user = create(:user, :creation_ip => "1.2.3.4")
607 # There are now 7 users - the five above, plus two extra "granters" for the
608 # moderator_user and administrator_user
609 assert_equal 7, User.count
611 # Shouldn't work when not logged in
613 assert_response :redirect
614 assert_redirected_to login_path(:referer => users_path)
618 # Shouldn't work when logged in as a normal user
620 assert_response :redirect
621 assert_redirected_to :controller => :errors, :action => :forbidden
623 session_for(moderator_user)
625 # Shouldn't work when logged in as a moderator
627 assert_response :redirect
628 assert_redirected_to :controller => :errors, :action => :forbidden
630 session_for(administrator_user)
632 # Note there is a header row, so all row counts are users + 1
633 # Should work when logged in as an administrator
635 assert_response :success
636 assert_template :index
637 assert_select "table#user_list tr", :count => 7 + 1
639 # Should be able to limit by status
640 get users_path, :params => { :status => "suspended" }
641 assert_response :success
642 assert_template :index
643 assert_select "table#user_list tr", :count => 1 + 1
645 # Should be able to limit by IP address
646 get users_path, :params => { :ip => "1.2.3.4" }
647 assert_response :success
648 assert_template :index
649 assert_select "table#user_list tr", :count => 1 + 1
652 def test_index_get_paginated
653 1.upto(100).each do |n|
654 User.create(:display_name => "extra_#{n}",
655 :email => "extra#{n}@example.com",
656 :pass_crypt => "extraextra")
659 session_for(create(:administrator_user))
661 # 100 examples, an administrator, and a granter for the admin.
662 assert_equal 102, User.count
665 assert_response :success
666 assert_template :index
667 assert_select "table#user_list tr", :count => 51
669 get users_path, :params => { :page => 2 }
670 assert_response :success
671 assert_template :index
672 assert_select "table#user_list tr", :count => 51
674 get users_path, :params => { :page => 3 }
675 assert_response :success
676 assert_template :index
677 assert_select "table#user_list tr", :count => 3
680 def test_index_post_confirm
681 inactive_user = create(:user, :pending)
682 suspended_user = create(:user, :suspended)
684 # Shouldn't work when not logged in
685 assert_no_difference "User.active.count" do
686 post users_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
688 assert_response :forbidden
690 assert_equal "pending", inactive_user.reload.status
691 assert_equal "suspended", suspended_user.reload.status
693 session_for(create(:user))
695 # Shouldn't work when logged in as a normal user
696 assert_no_difference "User.active.count" do
697 post users_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
699 assert_response :redirect
700 assert_redirected_to :controller => :errors, :action => :forbidden
701 assert_equal "pending", inactive_user.reload.status
702 assert_equal "suspended", suspended_user.reload.status
704 session_for(create(:moderator_user))
706 # Shouldn't work when logged in as a moderator
707 assert_no_difference "User.active.count" do
708 post users_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
710 assert_response :redirect
711 assert_redirected_to :controller => :errors, :action => :forbidden
712 assert_equal "pending", inactive_user.reload.status
713 assert_equal "suspended", suspended_user.reload.status
715 session_for(create(:administrator_user))
717 # Should work when logged in as an administrator
718 assert_difference "User.active.count", 2 do
719 post users_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
721 assert_response :redirect
722 assert_redirected_to :action => :index
723 assert_equal "confirmed", inactive_user.reload.status
724 assert_equal "confirmed", suspended_user.reload.status
727 def test_index_post_hide
728 normal_user = create(:user)
729 confirmed_user = create(:user, :confirmed)
731 # Shouldn't work when not logged in
732 assert_no_difference "User.active.count" do
733 post users_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
735 assert_response :forbidden
737 assert_equal "active", normal_user.reload.status
738 assert_equal "confirmed", confirmed_user.reload.status
740 session_for(create(:user))
742 # Shouldn't work when logged in as a normal user
743 assert_no_difference "User.active.count" do
744 post users_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
746 assert_response :redirect
747 assert_redirected_to :controller => :errors, :action => :forbidden
748 assert_equal "active", normal_user.reload.status
749 assert_equal "confirmed", confirmed_user.reload.status
751 session_for(create(:moderator_user))
753 # Shouldn't work when logged in as a moderator
754 assert_no_difference "User.active.count" do
755 post users_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
757 assert_response :redirect
758 assert_redirected_to :controller => :errors, :action => :forbidden
759 assert_equal "active", normal_user.reload.status
760 assert_equal "confirmed", confirmed_user.reload.status
762 session_for(create(:administrator_user))
764 # Should work when logged in as an administrator
765 assert_difference "User.active.count", -2 do
766 post users_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
768 assert_response :redirect
769 assert_redirected_to :action => :index
770 assert_equal "deleted", normal_user.reload.status
771 assert_equal "deleted", confirmed_user.reload.status
774 def test_auth_failure_callback
775 get auth_failure_path
776 assert_response :redirect
777 assert_redirected_to login_path
779 get auth_failure_path, :params => { :origin => "/" }
780 assert_response :redirect
781 assert_redirected_to root_path
783 get auth_failure_path, :params => { :origin => "http://www.google.com" }
784 assert_response :redirect
785 assert_redirected_to login_path