3 class UsersControllerTest < ActionDispatch::IntegrationTest
5 # test all routes which lead to this controller
8 { :path => "/user/new", :method => :get },
9 { :controller => "users", :action => "new" }
13 { :path => "/user/new", :method => :post },
14 { :controller => "users", :action => "create" }
18 { :path => "/user/terms", :method => :get },
19 { :controller => "users", :action => "terms" }
23 { :path => "/user/save", :method => :post },
24 { :controller => "users", :action => "save" }
28 { :path => "/user/go_public", :method => :post },
29 { :controller => "users", :action => "go_public" }
33 { :path => "/user/suspended", :method => :get },
34 { :controller => "users", :action => "suspended" }
38 { :path => "/user/username", :method => :get },
39 { :controller => "users", :action => "show", :display_name => "username" }
43 { :path => "/user/username/set_status", :method => :post },
44 { :controller => "users", :action => "set_status", :display_name => "username" }
47 { :path => "/user/username", :method => :delete },
48 { :controller => "users", :action => "destroy", :display_name => "username" }
52 { :path => "/users", :method => :get },
53 { :controller => "users", :action => "index" }
56 { :path => "/users", :method => :post },
57 { :controller => "users", :action => "index" }
60 { :path => "/users/status", :method => :get },
61 { :controller => "users", :action => "index", :status => "status" }
64 { :path => "/users/status", :method => :post },
65 { :controller => "users", :action => "index", :status => "status" }
69 # The user creation page loads
72 assert_redirected_to user_new_path(:cookie_test => "true")
74 get user_new_path, :params => { :cookie_test => "true" }
75 assert_response :success
77 assert_select "html", :count => 1 do
78 assert_select "head", :count => 1 do
79 assert_select "title", :text => /Sign Up/, :count => 1
81 assert_select "body", :count => 1 do
82 assert_select "div#content", :count => 1 do
83 assert_select "form[action='/user/new'][method='post']", :count => 1 do
84 assert_select "input[id='user_email']", :count => 1
85 assert_select "input[id='user_email_confirmation']", :count => 1
86 assert_select "input[id='user_display_name']", :count => 1
87 assert_select "input[id='user_pass_crypt'][type='password']", :count => 1
88 assert_select "input[id='user_pass_crypt_confirmation'][type='password']", :count => 1
89 assert_select "input[type='submit'][value='Sign Up']", :count => 1
96 def test_new_view_logged_in
97 session_for(create(:user))
100 assert_redirected_to root_path
102 get user_new_path, :params => { :referer => "/test" }
103 assert_redirected_to "/test"
107 user = build(:user, :pending)
109 assert_no_difference "User.count" do
110 assert_no_difference "ActionMailer::Base.deliveries.size" do
111 perform_enqueued_jobs do
112 post user_new_path, :params => { :user => user.attributes }
117 assert_difference "User.count", 1 do
118 assert_difference "ActionMailer::Base.deliveries.size", 1 do
119 perform_enqueued_jobs do
120 post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
126 register_email = ActionMailer::Base.deliveries.first
128 assert_equal register_email.to[0], user.email
129 assert_match(/#{@url}/, register_email.body.to_s)
132 assert_redirected_to :controller => :confirmations, :action => :confirm, :display_name => user.display_name
134 ActionMailer::Base.deliveries.clear
137 def test_new_duplicate_email
138 user = build(:user, :pending)
139 create(:user, :email => user.email)
141 assert_no_difference "User.count" do
142 assert_no_difference "ActionMailer::Base.deliveries.size" do
143 perform_enqueued_jobs do
144 post user_new_path, :params => { :user => user.attributes }
149 assert_response :success
150 assert_template "new"
151 assert_select "form > div > input.is-invalid#user_email"
154 def test_save_duplicate_email
155 user = build(:user, :pending)
157 # Set up our user as being half-way through registration
158 assert_no_difference "User.count" do
159 assert_no_difference "ActionMailer::Base.deliveries.size" do
160 perform_enqueued_jobs do
161 post user_new_path, :params => { :user => user.attributes }
166 # Now create another user with that email
167 create(:user, :email => user.email)
169 # Check that the second half of registration fails
170 assert_no_difference "User.count" do
171 assert_no_difference "ActionMailer::Base.deliveries.size" do
172 perform_enqueued_jobs do
173 post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
178 assert_response :success
179 assert_template "new"
180 assert_select "form > div > input.is-invalid#user_email"
183 def test_save_duplicate_email_uppercase
184 user = build(:user, :pending)
186 # Set up our user as being half-way through registration
187 assert_no_difference "User.count" do
188 assert_no_difference "ActionMailer::Base.deliveries.size" do
189 perform_enqueued_jobs do
190 post user_new_path, :params => { :user => user.attributes }
195 # Now create another user with that email, but uppercased
196 create(:user, :email => user.email.upcase)
198 # Check that the second half of registration fails
199 assert_no_difference "User.count" do
200 assert_no_difference "ActionMailer::Base.deliveries.size" do
201 perform_enqueued_jobs do
202 post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
207 assert_response :success
208 assert_template "new"
209 assert_select "form > div > input.is-invalid#user_email"
212 def test_save_duplicate_name
213 user = build(:user, :pending)
215 # Set up our user as being half-way through registration
216 assert_no_difference "User.count" do
217 assert_no_difference "ActionMailer::Base.deliveries.size" do
218 perform_enqueued_jobs do
219 post user_new_path, :params => { :user => user.attributes }
224 # Now create another user with that display name
225 create(:user, :display_name => user.display_name)
227 # Check that the second half of registration fails
228 assert_no_difference "User.count" do
229 assert_no_difference "ActionMailer::Base.deliveries.size" do
230 perform_enqueued_jobs do
231 post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
236 assert_response :success
237 assert_template "new"
238 assert_select "form > div > input.is-invalid#user_display_name"
241 def test_save_duplicate_name_uppercase
242 user = build(:user, :pending)
244 # Set up our user as being half-way through registration
245 assert_no_difference "User.count" do
246 assert_no_difference "ActionMailer::Base.deliveries.size" do
247 perform_enqueued_jobs do
248 post user_new_path, :params => { :user => user.attributes }
253 # Now create another user with that display_name, but uppercased
254 create(:user, :display_name => user.display_name.upcase)
256 # Check that the second half of registration fails
257 assert_no_difference "User.count" do
258 assert_no_difference "ActionMailer::Base.deliveries.size" do
259 perform_enqueued_jobs do
260 post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
265 assert_response :success
266 assert_template "new"
267 assert_select "form > div > input.is-invalid#user_display_name"
270 def test_save_blocked_domain
271 user = build(:user, :pending, :email => "user@example.net")
273 # Set up our user as being half-way through registration
274 assert_no_difference "User.count" do
275 assert_no_difference "ActionMailer::Base.deliveries.size" do
276 perform_enqueued_jobs do
277 post user_new_path, :params => { :user => user.attributes }
282 # Now block that domain
283 create(:acl, :domain => "example.net", :k => "no_account_creation")
285 # Check that the second half of registration fails
286 assert_no_difference "User.count" do
287 assert_no_difference "ActionMailer::Base.deliveries.size" do
288 perform_enqueued_jobs do
289 post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
294 assert_response :success
295 assert_template "blocked"
298 def test_save_referer_params
299 user = build(:user, :pending)
301 # Set up our user as being half-way through registration
302 assert_no_difference "User.count" do
303 assert_no_difference "ActionMailer::Base.deliveries.size" do
304 perform_enqueued_jobs do
305 post user_new_path, :params => { :user => user.attributes, :referer => "/edit?editor=id#map=1/2/3" }
310 assert_difference "User.count", 1 do
311 assert_difference "ActionMailer::Base.deliveries.size", 1 do
312 post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
313 assert_enqueued_with :job => ActionMailer::MailDeliveryJob,
314 :args => proc { |args| args[3][:args][2] == welcome_path(:editor => "id", :zoom => 1, :lat => 2, :lon => 3) }
315 perform_enqueued_jobs
319 ActionMailer::Base.deliveries.clear
322 def test_terms_new_user
323 user = build(:user, :pending)
325 # Set up our user as being half-way through registration
326 assert_no_difference "User.count" do
327 assert_no_difference "ActionMailer::Base.deliveries.size" do
328 perform_enqueued_jobs do
329 post user_new_path, :params => { :user => user.attributes }
336 assert_response :success
337 assert_template :terms
340 def test_terms_agreed
341 user = create(:user, :terms_seen => true, :terms_agreed => Date.yesterday)
346 assert_redirected_to edit_account_path
349 def test_terms_not_seen_without_referer
350 user = create(:user, :terms_seen => false, :terms_agreed => nil)
355 assert_response :success
356 assert_template :terms
358 post user_save_path, :params => { :user => { :consider_pd => true }, :read_ct => 1, :read_tou => 1 }
359 assert_redirected_to edit_account_path
360 assert_equal "Thanks for accepting the new contributor terms!", flash[:notice]
364 assert user.consider_pd
365 assert_not_nil user.terms_agreed
366 assert user.terms_seen
369 def test_terms_not_seen_with_referer
370 user = create(:user, :terms_seen => false, :terms_agreed => nil)
374 get user_terms_path, :params => { :referer => "/test" }
375 assert_response :success
376 assert_template :terms
378 post user_save_path, :params => { :user => { :consider_pd => true }, :referer => "/test", :read_ct => 1, :read_tou => 1 }
379 assert_redirected_to "/test"
380 assert_equal "Thanks for accepting the new contributor terms!", flash[:notice]
384 assert user.consider_pd
385 assert_not_nil user.terms_agreed
386 assert user.terms_seen
389 # Check that if you haven't seen the terms, and make a request that requires authentication,
390 # that your request is redirected to view the terms
391 def test_terms_not_seen_redirection
392 user = create(:user, :terms_seen => false, :terms_agreed => nil)
395 get edit_account_path
396 assert_redirected_to :controller => :users, :action => :terms, :referer => "/account/edit"
399 def test_terms_not_logged_in
402 assert_redirected_to login_path(:referer => "/user/terms")
406 user = create(:user, :data_public => false)
409 post user_go_public_path
411 assert_redirected_to edit_account_path
412 assert User.find(user.id).data_public
415 # Check that the user account page will display and contains some relevant
416 # information for the user
418 # Test a non-existent user
419 get user_path("unknown")
420 assert_response :not_found
426 assert_response :success
427 assert_select "div.content-heading" do
428 assert_select "a[href^='/user/#{ERB::Util.u(user.display_name)}/history']", 1
429 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/traces']", 1
430 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/diary']", 1
431 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/diary/comments']", 1
432 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/account']", 0
433 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/blocks']", 0
434 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/blocks_by']", 0
435 assert_select "a[href='/blocks/new/#{ERB::Util.u(user.display_name)}']", 0
438 # Friends shouldn't be visible as we're not logged in
439 assert_select "div#friends-container", :count => 0
441 # Test a user who has been blocked
442 blocked_user = create(:user)
443 create(:user_block, :user => blocked_user)
444 get user_path(blocked_user)
445 assert_response :success
446 assert_select "div.content-heading" do
447 assert_select "a[href^='/user/#{ERB::Util.u(blocked_user.display_name)}/history']", 1
448 assert_select "a[href='/user/#{ERB::Util.u(blocked_user.display_name)}/traces']", 1
449 assert_select "a[href='/user/#{ERB::Util.u(blocked_user.display_name)}/diary']", 1
450 assert_select "a[href='/user/#{ERB::Util.u(blocked_user.display_name)}/diary/comments']", 1
451 assert_select "a[href='/user/#{ERB::Util.u(blocked_user.display_name)}/account']", 0
452 assert_select "a[href='/user/#{ERB::Util.u(blocked_user.display_name)}/blocks']", 1
453 assert_select "a[href='/user/#{ERB::Util.u(blocked_user.display_name)}/blocks_by']", 0
454 assert_select "a[href='/blocks/new/#{ERB::Util.u(blocked_user.display_name)}']", 0
457 # Test a moderator who has applied blocks
458 moderator_user = create(:moderator_user)
459 create(:user_block, :creator => moderator_user)
460 get user_path(moderator_user)
461 assert_response :success
462 assert_select "div.content-heading" do
463 assert_select "a[href^='/user/#{ERB::Util.u(moderator_user.display_name)}/history']", 1
464 assert_select "a[href='/user/#{ERB::Util.u(moderator_user.display_name)}/traces']", 1
465 assert_select "a[href='/user/#{ERB::Util.u(moderator_user.display_name)}/diary']", 1
466 assert_select "a[href='/user/#{ERB::Util.u(moderator_user.display_name)}/diary/comments']", 1
467 assert_select "a[href='/user/#{ERB::Util.u(moderator_user.display_name)}/account']", 0
468 assert_select "a[href='/user/#{ERB::Util.u(moderator_user.display_name)}/blocks']", 0
469 assert_select "a[href='/user/#{ERB::Util.u(moderator_user.display_name)}/blocks_by']", 1
470 assert_select "a[href='/blocks/new/#{ERB::Util.u(moderator_user.display_name)}']", 0
473 # Login as a normal user
476 # Test the normal user
478 assert_response :success
479 assert_select "div.content-heading" do
480 assert_select "a[href^='/user/#{ERB::Util.u(user.display_name)}/history']", 1
481 assert_select "a[href='/traces/mine']", 1
482 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/diary']", 1
483 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/diary/comments']", 1
484 assert_select "a[href='/account/edit']", 1
485 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/blocks']", 0
486 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/blocks_by']", 0
487 assert_select "a[href='/blocks/new/#{ERB::Util.u(user.display_name)}']", 0
488 assert_select "a[href='/api/0.6/user/#{ERB::Util.u(user.id)}']", 0
491 # Login as a moderator
492 session_for(create(:moderator_user))
494 # Test the normal user
496 assert_response :success
497 assert_select "div.content-heading" do
498 assert_select "a[href^='/user/#{ERB::Util.u(user.display_name)}/history']", 1
499 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/traces']", 1
500 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/diary']", 1
501 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/diary/comments']", 1
502 assert_select "a[href='/account/edit']", 0
503 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/blocks']", 0
504 assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/blocks_by']", 0
505 assert_select "a[href='/blocks/new/#{ERB::Util.u(user.display_name)}']", 1
506 assert_select "a[href='/api/0.6/user/#{ERB::Util.u(user.id)}']", 1
510 # Test whether information about contributor terms is shown for users who haven't agreed
511 def test_terms_not_agreed
512 agreed_user = create(:user, :terms_agreed => 3.days.ago)
513 seen_user = create(:user, :terms_seen => true, :terms_agreed => nil)
514 not_seen_user = create(:user, :terms_seen => false, :terms_agreed => nil)
516 get user_path(agreed_user)
517 assert_response :success
518 assert_select "div.content-heading" do
519 assert_select "dt", :count => 0, :text => /Contributor terms/
522 get user_path(seen_user)
523 assert_response :success
524 assert_select "div.content-heading" do
525 assert_select "dt", :count => 1, :text => /Contributor terms/
526 assert_select "dd", /Declined/
529 get user_path(not_seen_user)
530 assert_response :success
531 assert_select "div.content-heading" do
532 assert_select "dt", :count => 1, :text => /Contributor terms/
533 assert_select "dd", /Undecided/
540 # Try without logging in
541 post set_status_user_path(user), :params => { :event => "confirm" }
542 assert_response :forbidden
544 # Now try as a normal user
546 post set_status_user_path(user), :params => { :event => "confirm" }
547 assert_redirected_to :controller => :errors, :action => :forbidden
549 # Finally try as an administrator
550 session_for(create(:administrator_user))
551 post set_status_user_path(user), :params => { :event => "confirm" }
552 assert_redirected_to :action => :show, :display_name => user.display_name
553 assert_equal "confirmed", User.find(user.id).status
557 user = create(:user, :home_lat => 12.1, :home_lon => 12.1, :description => "test")
559 # Try without logging in
560 delete user_path(user)
561 assert_response :forbidden
563 # Now try as a normal user
565 delete user_path(user)
566 assert_redirected_to :controller => :errors, :action => :forbidden
568 # Finally try as an administrator
569 session_for(create(:administrator_user))
570 delete user_path(user)
571 assert_redirected_to :action => :show, :display_name => user.display_name
573 # Check that the user was deleted properly
575 assert_equal "user_#{user.id}", user.display_name
576 assert_equal "", user.description
577 assert_nil user.home_lat
578 assert_nil user.home_lon
579 assert_not user.avatar.attached?
580 assert_not user.email_valid
581 assert_nil user.new_email
582 assert_nil user.auth_provider
583 assert_nil user.auth_uid
584 assert_equal "deleted", user.status
589 moderator_user = create(:moderator_user)
590 administrator_user = create(:administrator_user)
591 _suspended_user = create(:user, :suspended)
592 _ip_user = create(:user, :creation_ip => "1.2.3.4")
594 # There are now 7 users - the five above, plus two extra "granters" for the
595 # moderator_user and administrator_user
596 assert_equal 7, User.count
598 # Shouldn't work when not logged in
600 assert_redirected_to login_path(:referer => users_path)
604 # Shouldn't work when logged in as a normal user
606 assert_redirected_to :controller => :errors, :action => :forbidden
608 session_for(moderator_user)
610 # Shouldn't work when logged in as a moderator
612 assert_redirected_to :controller => :errors, :action => :forbidden
614 session_for(administrator_user)
616 # Note there is a header row, so all row counts are users + 1
617 # Should work when logged in as an administrator
619 assert_response :success
620 assert_template :index
621 assert_select "table#user_list tbody tr", :count => 7
623 # Should be able to limit by status
624 get users_path, :params => { :status => "suspended" }
625 assert_response :success
626 assert_template :index
627 assert_select "table#user_list tbody tr", :count => 1
629 # Should be able to limit by IP address
630 get users_path, :params => { :ip => "1.2.3.4" }
631 assert_response :success
632 assert_template :index
633 assert_select "table#user_list tbody tr", :count => 1
636 def test_index_get_paginated
637 1.upto(100).each do |n|
638 User.create(:display_name => "extra_#{n}",
639 :email => "extra#{n}@example.com",
640 :pass_crypt => "extraextra")
643 session_for(create(:administrator_user))
645 # 100 examples, an administrator, and a granter for the admin.
646 assert_equal 102, User.count
647 next_path = users_path
650 assert_response :success
651 assert_template :index
652 assert_select "table#user_list tbody tr", :count => 50
653 check_no_page_link "Newer Users"
654 next_path = check_page_link "Older Users"
657 assert_response :success
658 assert_template :index
659 assert_select "table#user_list tbody tr", :count => 50
660 check_page_link "Newer Users"
661 next_path = check_page_link "Older Users"
664 assert_response :success
665 assert_template :index
666 assert_select "table#user_list tbody tr", :count => 2
667 check_page_link "Newer Users"
668 check_no_page_link "Older Users"
673 def check_no_page_link(name)
674 assert_select "a.page-link", { :text => /#{Regexp.quote(name)}/, :count => 0 }, "unexpected #{name} page link"
677 def check_page_link(name)
678 assert_select "a.page-link", { :text => /#{Regexp.quote(name)}/ }, "missing #{name} page link" do |buttons|
679 return buttons.first.attributes["href"].value
685 def test_index_post_confirm
686 inactive_user = create(:user, :pending)
687 suspended_user = create(:user, :suspended)
689 # Shouldn't work when not logged in
690 assert_no_difference "User.active.count" do
691 post users_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
693 assert_response :forbidden
695 assert_equal "pending", inactive_user.reload.status
696 assert_equal "suspended", suspended_user.reload.status
698 session_for(create(:user))
700 # Shouldn't work when logged in as a normal user
701 assert_no_difference "User.active.count" do
702 post users_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
704 assert_redirected_to :controller => :errors, :action => :forbidden
705 assert_equal "pending", inactive_user.reload.status
706 assert_equal "suspended", suspended_user.reload.status
708 session_for(create(:moderator_user))
710 # Shouldn't work when logged in as a moderator
711 assert_no_difference "User.active.count" do
712 post users_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
714 assert_redirected_to :controller => :errors, :action => :forbidden
715 assert_equal "pending", inactive_user.reload.status
716 assert_equal "suspended", suspended_user.reload.status
718 session_for(create(:administrator_user))
720 # Should work when logged in as an administrator
721 assert_difference "User.active.count", 2 do
722 post users_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
724 assert_redirected_to :action => :index
725 assert_equal "confirmed", inactive_user.reload.status
726 assert_equal "confirmed", suspended_user.reload.status
729 def test_index_post_hide
730 normal_user = create(:user)
731 confirmed_user = create(:user, :confirmed)
733 # Shouldn't work when not logged in
734 assert_no_difference "User.active.count" do
735 post users_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
737 assert_response :forbidden
739 assert_equal "active", normal_user.reload.status
740 assert_equal "confirmed", confirmed_user.reload.status
742 session_for(create(:user))
744 # Shouldn't work when logged in as a normal user
745 assert_no_difference "User.active.count" do
746 post users_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
748 assert_redirected_to :controller => :errors, :action => :forbidden
749 assert_equal "active", normal_user.reload.status
750 assert_equal "confirmed", confirmed_user.reload.status
752 session_for(create(:moderator_user))
754 # Shouldn't work when logged in as a moderator
755 assert_no_difference "User.active.count" do
756 post users_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
758 assert_redirected_to :controller => :errors, :action => :forbidden
759 assert_equal "active", normal_user.reload.status
760 assert_equal "confirmed", confirmed_user.reload.status
762 session_for(create(:administrator_user))
764 # Should work when logged in as an administrator
765 assert_difference "User.active.count", -2 do
766 post users_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
768 assert_redirected_to :action => :index
769 assert_equal "deleted", normal_user.reload.status
770 assert_equal "deleted", confirmed_user.reload.status
773 def test_auth_failure_callback
774 get auth_failure_path
775 assert_redirected_to login_path
777 get auth_failure_path, :params => { :origin => "/" }
778 assert_redirected_to root_path
780 get auth_failure_path, :params => { :origin => "http://www.google.com" }
781 assert_redirected_to login_path