Merge remote-tracking branch 'upstream/pull/5011'

[rails.git] / test / controllers / user_blocks_controller_test.rb

require "test_helper"

class UserBlocksControllerTest < ActionDispatch::IntegrationTest
  ##
  # test all routes which lead to this controller
  def test_routes
    assert_routing(
      { :path => "/blocks/new/username", :method => :get },
      { :controller => "user_blocks", :action => "new", :display_name => "username" }
    )

    assert_routing(
      { :path => "/user_blocks", :method => :get },
      { :controller => "user_blocks", :action => "index" }
    )
    assert_routing(
      { :path => "/user_blocks/new", :method => :get },
      { :controller => "user_blocks", :action => "new" }
    )
    assert_routing(
      { :path => "/user_blocks", :method => :post },
      { :controller => "user_blocks", :action => "create" }
    )
    assert_routing(
      { :path => "/user_blocks/1", :method => :get },
      { :controller => "user_blocks", :action => "show", :id => "1" }
    )
    assert_routing(
      { :path => "/user_blocks/1/edit", :method => :get },
      { :controller => "user_blocks", :action => "edit", :id => "1" }
    )
    assert_routing(
      { :path => "/user_blocks/1", :method => :put },
      { :controller => "user_blocks", :action => "update", :id => "1" }
    )
    assert_routing(
      { :path => "/user_blocks/1", :method => :delete },
      { :controller => "user_blocks", :action => "destroy", :id => "1" }
    )
    assert_routing(
      { :path => "/blocks/1/revoke", :method => :get },
      { :controller => "user_blocks", :action => "revoke", :id => "1" }
    )
    assert_routing(
      { :path => "/blocks/1/revoke", :method => :post },
      { :controller => "user_blocks", :action => "revoke", :id => "1" }
    )

    assert_routing(
      { :path => "/user/username/blocks", :method => :get },
      { :controller => "user_blocks", :action => "blocks_on", :display_name => "username" }
    )
    assert_routing(
      { :path => "/user/username/blocks_by", :method => :get },
      { :controller => "user_blocks", :action => "blocks_by", :display_name => "username" }
    )
    assert_routing(
      { :path => "/user/username/blocks/revoke_all", :method => :get },
      { :controller => "user_blocks", :action => "revoke_all", :display_name => "username" }
    )
    assert_routing(
      { :path => "/user/username/blocks/revoke_all", :method => :post },
      { :controller => "user_blocks", :action => "revoke_all", :display_name => "username" }
    )
  end

  ##
  # test the index action
  def test_index
    revoked_block = create(:user_block, :revoked)

    get user_blocks_path
    assert_response :success
    assert_select "table#block_list tbody tr", :count => 1 do
      assert_select "a[href='#{user_path revoked_block.user}']", :text => revoked_block.user.display_name
      assert_select "a[href='#{user_path revoked_block.creator}']", :text => revoked_block.creator.display_name
      assert_select "a[href='#{user_path revoked_block.revoker}']", :text => revoked_block.revoker.display_name
    end

    active_block = create(:user_block)
    expired_block = create(:user_block, :expired)

    get user_blocks_path
    assert_response :success
    assert_select "table#block_list tbody", :count => 1 do
      assert_select "tr", 3
      assert_select "a[href='#{user_block_path(active_block)}']", 1
      assert_select "a[href='#{user_block_path(expired_block)}']", 1
      assert_select "a[href='#{user_block_path(revoked_block)}']", 1
    end
  end

  ##
  # test the index action with multiple pages
  def test_index_paged
    user_blocks = create_list(:user_block, 50).reverse
    next_path = user_blocks_path

    get next_path
    assert_response :success
    check_user_blocks_table user_blocks[0...20]
    check_no_page_link "Newer Blocks"
    next_path = check_page_link "Older Blocks"

    get next_path
    assert_response :success
    check_user_blocks_table user_blocks[20...40]
    check_page_link "Newer Blocks"
    next_path = check_page_link "Older Blocks"

    get next_path
    assert_response :success
    check_user_blocks_table user_blocks[40...50]
    check_page_link "Newer Blocks"
    check_no_page_link "Older Blocks"
  end

  ##
  # test the index action with invalid pages
  def test_index_invalid_paged
    %w[-1 0 fred].each do |id|
      get user_blocks_path(:before => id)
      assert_redirected_to :controller => :errors, :action => :bad_request

      get user_blocks_path(:after => id)
      assert_redirected_to :controller => :errors, :action => :bad_request
    end
  end

  ##
  # test the show action
  def test_show
    active_block = create(:user_block, :needs_view)
    expired_block = create(:user_block, :expired)
    revoked_block = create(:user_block, :revoked)

    # Viewing a block should fail when a bogus ID is given
    get user_block_path(:id => 99999)
    assert_response :not_found
    assert_template "not_found"
    assert_select "p", "Sorry, the user block with ID 99999 could not be found."

    # Viewing an expired block should work
    get user_block_path(:id => expired_block)
    assert_response :success
    assert_select "h1 a[href='#{user_path expired_block.user}']", :text => expired_block.user.display_name
    assert_select "h1 a[href='#{user_path expired_block.creator}']", :text => expired_block.creator.display_name

    # Viewing a revoked block should work
    get user_block_path(:id => revoked_block)
    assert_response :success
    assert_select "h1 a[href='#{user_path revoked_block.user}']", :text => revoked_block.user.display_name
    assert_select "h1 a[href='#{user_path revoked_block.creator}']", :text => revoked_block.creator.display_name
    assert_select "a[href='#{user_path revoked_block.revoker}']", :text => revoked_block.revoker.display_name

    # Viewing an active block should work, but shouldn't mark it as seen
    get user_block_path(:id => active_block)
    assert_response :success
    assert_select "h1 a[href='#{user_path active_block.user}']", :text => active_block.user.display_name
    assert_select "h1 a[href='#{user_path active_block.creator}']", :text => active_block.creator.display_name
    assert UserBlock.find(active_block.id).needs_view

    # Login as the blocked user
    session_for(active_block.user)

    # Now viewing it should mark it as seen
    get user_block_path(:id => active_block)
    assert_response :success
    assert_not UserBlock.find(active_block.id).needs_view
  end

  ##
  # test the new action
  def test_new
    target_user = create(:user)

    # Check that the block creation page requires us to login
    get new_user_block_path(target_user)
    assert_redirected_to login_path(:referer => new_user_block_path(target_user))

    # Login as a normal user
    session_for(create(:user))

    # Check that normal users can't load the block creation page
    get new_user_block_path(target_user)
    assert_redirected_to :controller => "errors", :action => "forbidden"

    # Login as a moderator
    session_for(create(:moderator_user))

    # Check that the block creation page loads for moderators
    get new_user_block_path(target_user)
    assert_response :success
    assert_select "h1 a[href='#{user_path target_user}']", :text => target_user.display_name
    assert_select "form#new_user_block", :count => 1 do
      assert_select "textarea#user_block_reason", :count => 1
      assert_select "select#user_block_period", :count => 1
      assert_select "input#user_block_needs_view[type='checkbox']", :count => 1
      assert_select "input#display_name[type='hidden']", :count => 1
      assert_select "input[type='submit'][value='Create block']", :count => 1
    end

    # We should get an error if the user doesn't exist
    get new_user_block_path(:display_name => "non_existent_user")
    assert_response :not_found
    assert_template "users/no_such_user"
    assert_select "h1", "The user non_existent_user does not exist"
  end

  ##
  # test the edit action
  def test_edit
    active_block = create(:user_block)

    # Check that the block edit page requires us to login
    get edit_user_block_path(:id => active_block)
    assert_redirected_to login_path(:referer => edit_user_block_path(active_block))

    # Login as a normal user
    session_for(create(:user))

    # Check that normal users can't load the block edit page
    get edit_user_block_path(:id => active_block)
    assert_redirected_to :controller => "errors", :action => "forbidden"

    # Login as a moderator
    session_for(create(:moderator_user))

    # Check that the block edit page loads for moderators
    get edit_user_block_path(:id => active_block)
    assert_response :success
    assert_select "h1 a[href='#{user_path active_block.user}']", :text => active_block.user.display_name
    assert_select "form#edit_user_block_#{active_block.id}", :count => 1 do
      assert_select "textarea#user_block_reason", :count => 1
      assert_select "select#user_block_period", :count => 1
      assert_select "input#user_block_needs_view[type='checkbox']", :count => 1
      assert_select "input[type='submit'][value='Update block']", :count => 1
    end

    # We should get an error if the user doesn't exist
    get edit_user_block_path(:id => 99999)
    assert_response :not_found
    assert_template "not_found"
    assert_select "p", "Sorry, the user block with ID 99999 could not be found."
  end

  ##
  # test the edit action when the remaining block duration doesn't match the available select options
  def test_edit_duration
    moderator_user = create(:moderator_user)

    freeze_time do
      active_block = create(:user_block, :creator => moderator_user, :ends_at => Time.now.utc + 96.hours)

      session_for(moderator_user)
      get edit_user_block_path(active_block)

      assert_select "form#edit_user_block_#{active_block.id}", :count => 1 do
        assert_select "select#user_block_period", :count => 1 do
          assert_select "option[value='96'][selected]", :count => 1
        end
      end

      travel 2.hours
      get edit_user_block_path(active_block)

      assert_select "form#edit_user_block_#{active_block.id}", :count => 1 do
        assert_select "select#user_block_period", :count => 1 do
          assert_select "option[value='96'][selected]", :count => 1
        end
      end
    end
  end

  ##
  # test the create action
  def test_create
    target_user = create(:user)
    moderator_user = create(:moderator_user)

    # Not logged in yet, so creating a block should fail
    post user_blocks_path
    assert_response :forbidden

    # Login as a normal user
    session_for(create(:user))

    # Check that normal users can't create blocks
    post user_blocks_path
    assert_redirected_to :controller => "errors", :action => "forbidden"

    # Login as a moderator
    session_for(moderator_user)

    # A bogus block period should result in an error
    assert_no_difference "UserBlock.count" do
      post user_blocks_path(:display_name => target_user.display_name,
                            :user_block_period => "99")
    end
    assert_redirected_to new_user_block_path(target_user)
    assert_equal "The blocking period must be one of the values selectable in the drop-down list.", flash[:error]

    # Check that creating a block works
    assert_difference "UserBlock.count", 1 do
      post user_blocks_path(:display_name => target_user.display_name,
                            :user_block_period => "12",
                            :user_block => { :needs_view => false, :reason => "Vandalism" })
    end
    id = UserBlock.order(:id).ids.last
    assert_redirected_to user_block_path(:id => id)
    assert_equal "Created a block on user #{target_user.display_name}.", flash[:notice]
    b = UserBlock.find(id)
    assert_in_delta Time.now.utc, b.created_at, 1
    assert_in_delta Time.now.utc, b.updated_at, 1
    assert_in_delta Time.now.utc + 12.hours, b.ends_at, 1
    assert_not b.needs_view
    assert_equal "Vandalism", b.reason
    assert_equal "markdown", b.reason_format
    assert_equal moderator_user.id, b.creator_id

    # We should get an error if no user is specified
    post user_blocks_path
    assert_response :not_found
    assert_template "users/no_such_user"
    assert_select "h1", "The user  does not exist"

    # We should get an error if the user doesn't exist
    post user_blocks_path(:display_name => "non_existent_user")
    assert_response :not_found
    assert_template "users/no_such_user"
    assert_select "h1", "The user non_existent_user does not exist"
  end

  ##
  # test the duration of a created block
  def test_create_duration
    target_user = create(:user)
    moderator_user = create(:moderator_user)

    session_for(moderator_user)
    post user_blocks_path(:display_name => target_user.display_name,
                          :user_block_period => "336",
                          :user_block => { :needs_view => false, :reason => "Vandalism" })

    block = UserBlock.order(:id).last
    assert_equal 1209600, block.ends_at - block.created_at
  end

  ##
  # test the update action
  def test_update
    moderator_user = create(:moderator_user)
    second_moderator_user = create(:moderator_user)
    active_block = create(:user_block, :creator => moderator_user)

    # Not logged in yet, so updating a block should fail
    put user_block_path(:id => active_block)
    assert_response :forbidden

    # Login as a normal user
    session_for(create(:user))

    # Check that normal users can't update blocks
    put user_block_path(:id => active_block)
    assert_redirected_to :controller => "errors", :action => "forbidden"

    # Login as the wrong moderator
    session_for(second_moderator_user)

    # Check that only the person who created a block can update it
    assert_no_difference "UserBlock.count" do
      put user_block_path(:id => active_block,
                          :user_block_period => "12",
                          :user_block => { :needs_view => true, :reason => "Vandalism" })
    end
    assert_redirected_to edit_user_block_path(active_block)
    assert_equal "Only the moderator who created this block can edit it.", flash[:error]

    # Login as the correct moderator
    session_for(moderator_user)

    # A bogus block period should result in an error
    assert_no_difference "UserBlock.count" do
      put user_block_path(:id => active_block, :user_block_period => "99")
    end
    assert_redirected_to edit_user_block_path(active_block)
    assert_equal "The blocking period must be one of the values selectable in the drop-down list.", flash[:error]

    # Check that updating a block works
    assert_no_difference "UserBlock.count" do
      put user_block_path(:id => active_block,
                          :user_block_period => "12",
                          :user_block => { :needs_view => true, :reason => "Vandalism" })
    end
    assert_redirected_to user_block_path(active_block)
    assert_equal "Block updated.", flash[:notice]
    b = UserBlock.find(active_block.id)
    assert_in_delta Time.now.utc, b.updated_at, 1
    assert b.needs_view
    assert_equal "Vandalism", b.reason

    # We should get an error if the block doesn't exist
    put user_block_path(:id => 99999)
    assert_response :not_found
    assert_template "not_found"
    assert_select "p", "Sorry, the user block with ID 99999 could not be found."
  end

  ##
  # test the revoke action
  def test_revoke
    active_block = create(:user_block)

    # Check that the block revoke page requires us to login
    get revoke_user_block_path(:id => active_block)
    assert_redirected_to login_path(:referer => revoke_user_block_path(:id => active_block))

    # Login as a normal user
    session_for(create(:user))

    # Check that normal users can't load the block revoke page
    get revoke_user_block_path(:id => active_block)
    assert_redirected_to :controller => "errors", :action => "forbidden"

    # Login as a moderator
    session_for(create(:moderator_user))

    # Check that the block revoke page loads for moderators
    get revoke_user_block_path(:id => active_block)
    assert_response :success
    assert_template "revoke"
    assert_select "h1 a[href='#{user_path active_block.user}']", :text => active_block.user.display_name
    assert_select "form", :count => 1 do
      assert_select "input#confirm[type='checkbox']", :count => 1
      assert_select "input[type='submit'][value='Revoke!']", :count => 1
    end

    # Check that revoking a block using GET should fail
    get revoke_user_block_path(:id => active_block, :confirm => true)
    assert_response :success
    assert_template "revoke"
    b = UserBlock.find(active_block.id)
    assert_operator b.ends_at - Time.now.utc, :>, 100

    # Check that revoking a block works using POST
    post revoke_user_block_path(:id => active_block, :confirm => true)
    assert_redirected_to user_block_path(active_block)
    b = UserBlock.find(active_block.id)
    assert_in_delta Time.now.utc, b.ends_at, 1

    # We should get an error if the block doesn't exist
    get revoke_user_block_path(:id => 99999)
    assert_response :not_found
    assert_template "not_found"
    assert_select "p", "Sorry, the user block with ID 99999 could not be found."
  end

  ##
  # test the revoke all page
  def test_revoke_all_page
    blocked_user = create(:user)
    create(:user_block, :user => blocked_user)

    # Asking for the revoke all blocks page with a bogus user name should fail
    get user_blocks_on_path("non_existent_user")
    assert_response :not_found

    # Check that the revoke all blocks page requires us to login
    get revoke_all_user_blocks_path(blocked_user)
    assert_redirected_to login_path(:referer => revoke_all_user_blocks_path(blocked_user))

    # Login as a normal user
    session_for(create(:user))

    # Check that normal users can't load the revoke all blocks page
    get revoke_all_user_blocks_path(blocked_user)
    assert_redirected_to :controller => "errors", :action => "forbidden"

    # Login as a moderator
    session_for(create(:moderator_user))

    # Check that the revoke all blocks page loads for moderators
    get revoke_all_user_blocks_path(blocked_user)
    assert_response :success
    assert_select "h1 a[href='#{user_path blocked_user}']", :text => blocked_user.display_name
  end

  ##
  # test the revoke all action
  def test_revoke_all_action
    blocked_user = create(:user)
    active_block1 = create(:user_block, :user => blocked_user)
    active_block2 = create(:user_block, :user => blocked_user)
    expired_block1 = create(:user_block, :expired, :user => blocked_user)
    blocks = [active_block1, active_block2, expired_block1]
    moderator_user = create(:moderator_user)

    assert_predicate active_block1, :active?
    assert_predicate active_block2, :active?
    assert_not_predicate expired_block1, :active?

    # Login as a normal user
    session_for(create(:user))

    # Check that normal users can't load the block revoke page
    get revoke_all_user_blocks_path(:blocked_user)
    assert_redirected_to :controller => "errors", :action => "forbidden"

    # Login as a moderator
    session_for(moderator_user)

    # Check that revoking blocks using GET should fail
    get revoke_all_user_blocks_path(blocked_user, :confirm => true)
    assert_response :success
    assert_template "revoke_all"

    blocks.each(&:reload)
    assert_predicate active_block1, :active?
    assert_predicate active_block2, :active?
    assert_not_predicate expired_block1, :active?

    # Check that revoking blocks works using POST
    post revoke_all_user_blocks_path(blocked_user, :confirm => true)
    assert_redirected_to user_blocks_on_path(blocked_user)

    blocks.each(&:reload)
    assert_not_predicate active_block1, :active?
    assert_not_predicate active_block2, :active?
    assert_not_predicate expired_block1, :active?
    assert_equal moderator_user, active_block1.revoker
    assert_equal moderator_user, active_block2.revoker
    assert_not_equal moderator_user, expired_block1.revoker
  end

  ##
  # test the blocks_on action
  def test_blocks_on
    blocked_user = create(:user)
    unblocked_user = create(:user)
    normal_user = create(:user)
    active_block = create(:user_block, :user => blocked_user)
    revoked_block = create(:user_block, :revoked, :user => blocked_user)
    expired_block = create(:user_block, :expired, :user => unblocked_user)

    # Asking for a list of blocks with a bogus user name should fail
    get user_blocks_on_path("non_existent_user")
    assert_response :not_found
    assert_template "users/no_such_user"
    assert_select "h1", "The user non_existent_user does not exist"

    # Check the list of blocks for a user that has never been blocked
    get user_blocks_on_path(normal_user)
    assert_response :success
    assert_select "table#block_list", false
    assert_select "p", "#{normal_user.display_name} has not been blocked yet."

    # Check the list of blocks for a user that is currently blocked
    get user_blocks_on_path(blocked_user)
    assert_response :success
    assert_select "h1 a[href='#{user_path blocked_user}']", :text => blocked_user.display_name
    assert_select "table#block_list tbody", :count => 1 do
      assert_select "tr", 2
      assert_select "a[href='#{user_block_path(active_block)}']", 1
      assert_select "a[href='#{user_block_path(revoked_block)}']", 1
    end

    # Check the list of blocks for a user that has previously been blocked
    get user_blocks_on_path(unblocked_user)
    assert_response :success
    assert_select "h1 a[href='#{user_path unblocked_user}']", :text => unblocked_user.display_name
    assert_select "table#block_list tbody", :count => 1 do
      assert_select "tr", 1
      assert_select "a[href='#{user_block_path(expired_block)}']", 1
    end
  end

  ##
  # test the blocks_on action with multiple pages
  def test_blocks_on_paged
    user = create(:user)
    user_blocks = create_list(:user_block, 50, :user => user).reverse
    next_path = user_blocks_on_path(user)

    get next_path
    assert_response :success
    check_user_blocks_table user_blocks[0...20]
    check_no_page_link "Newer Blocks"
    next_path = check_page_link "Older Blocks"

    get next_path
    assert_response :success
    check_user_blocks_table user_blocks[20...40]
    check_page_link "Newer Blocks"
    next_path = check_page_link "Older Blocks"

    get next_path
    assert_response :success
    check_user_blocks_table user_blocks[40...50]
    check_page_link "Newer Blocks"
    check_no_page_link "Older Blocks"
  end

  ##
  # test the blocks_on action with invalid pages
  def test_blocks_on_invalid_paged
    user = create(:user)

    %w[-1 0 fred].each do |id|
      get user_blocks_on_path(user, :before => id)
      assert_redirected_to :controller => :errors, :action => :bad_request

      get user_blocks_on_path(user, :after => id)
      assert_redirected_to :controller => :errors, :action => :bad_request
    end
  end

  ##
  # test the blocks_by action
  def test_blocks_by
    moderator_user = create(:moderator_user)
    second_moderator_user = create(:moderator_user)
    normal_user = create(:user)
    active_block = create(:user_block, :creator => moderator_user)
    expired_block = create(:user_block, :expired, :creator => second_moderator_user)
    revoked_block = create(:user_block, :revoked, :creator => second_moderator_user)

    # Asking for a list of blocks with a bogus user name should fail
    get user_blocks_by_path("non_existent_user")
    assert_response :not_found
    assert_template "users/no_such_user"
    assert_select "h1", "The user non_existent_user does not exist"

    # Check the list of blocks given by one moderator
    get user_blocks_by_path(moderator_user)
    assert_response :success
    assert_select "h1 a[href='#{user_path moderator_user}']", :text => moderator_user.display_name
    assert_select "table#block_list tbody", :count => 1 do
      assert_select "tr", 1
      assert_select "a[href='#{user_block_path(active_block)}']", 1
    end

    # Check the list of blocks given by a different moderator
    get user_blocks_by_path(second_moderator_user)
    assert_response :success
    assert_select "h1 a[href='#{user_path second_moderator_user}']", :text => second_moderator_user.display_name
    assert_select "table#block_list tbody", :count => 1 do
      assert_select "tr", 2
      assert_select "a[href='#{user_block_path(expired_block)}']", 1
      assert_select "a[href='#{user_block_path(revoked_block)}']", 1
    end

    # Check the list of blocks (not) given by a normal user
    get user_blocks_by_path(normal_user)
    assert_response :success
    assert_select "table#block_list", false
    assert_select "p", "#{normal_user.display_name} has not made any blocks yet."
  end

  ##
  # test the blocks_by action with multiple pages
  def test_blocks_by_paged
    user = create(:moderator_user)
    user_blocks = create_list(:user_block, 50, :creator => user).reverse
    next_path = user_blocks_by_path(user)

    get next_path
    assert_response :success
    check_user_blocks_table user_blocks[0...20]
    check_no_page_link "Newer Blocks"
    next_path = check_page_link "Older Blocks"

    get next_path
    assert_response :success
    check_user_blocks_table user_blocks[20...40]
    check_page_link "Newer Blocks"
    next_path = check_page_link "Older Blocks"

    get next_path
    assert_response :success
    check_user_blocks_table user_blocks[40...50]
    check_page_link "Newer Blocks"
    check_no_page_link "Older Blocks"
  end

  ##
  # test the blocks_by action with invalid pages
  def test_blocks_by_invalid_paged
    user = create(:moderator_user)

    %w[-1 0 fred].each do |id|
      get user_blocks_by_path(user, :before => id)
      assert_redirected_to :controller => :errors, :action => :bad_request

      get user_blocks_by_path(user, :after => id)
      assert_redirected_to :controller => :errors, :action => :bad_request
    end
  end

  private

  def check_user_blocks_table(user_blocks)
    assert_dom "table#block_list tbody tr" do |rows|
      assert_equal user_blocks.count, rows.count, "unexpected number of rows in user blocks table"
      rows.zip(user_blocks).map do |row, user_block|
        assert_dom row, "a[href='#{user_block_path user_block}']", 1
      end
    end
  end

  def check_no_page_link(name)
    assert_select "a.page-link", { :text => /#{Regexp.quote(name)}/, :count => 0 }, "unexpected #{name} page link"
  end

  def check_page_link(name)
    assert_select "a.page-link", { :text => /#{Regexp.quote(name)}/ }, "missing #{name} page link" do |buttons|
      return buttons.first.attributes["href"].value
    end
  end
end