]> git.openstreetmap.org Git - rails.git/blobdiff - test/models/user_test.rb
Make allow_account_creation work the same as other ACLs
[rails.git] / test / models / user_test.rb
index 0f74f8f3ecb6ac12e7d9e08d26483e527c06f8ce..5c48bb9698a6a73d56b7ab120b871d24902d18c5 100644 (file)
-# -*- coding: utf-8 -*-
-require 'test_helper'
+require "test_helper"
 
 class UserTest < ActiveSupport::TestCase
-  api_fixtures
-  fixtures :friends, :languages, :user_roles
+  include Rails::Dom::Testing::Assertions::SelectorAssertions
 
   def test_invalid_with_empty_attributes
-    user = User.new
-    assert !user.valid?
-    assert user.errors[:email].any?
-    assert user.errors[:pass_crypt].any?
-    assert user.errors[:display_name].any?
-    assert user.errors[:email].any?
-    assert !user.errors[:home_lat].any?
-    assert !user.errors[:home_lon].any?
-    assert !user.errors[:home_zoom].any?
+    user = build(:user, :email => nil,
+                        :pass_crypt => nil,
+                        :display_name => nil,
+                        :home_lat => nil,
+                        :home_lon => nil,
+                        :home_zoom => nil)
+    assert_not user.valid?
+    assert_predicate user.errors[:email], :any?
+    assert_predicate user.errors[:pass_crypt], :any?
+    assert_predicate user.errors[:display_name], :any?
+    assert_predicate user.errors[:home_lat], :none?
+    assert_predicate user.errors[:home_lon], :none?
+    assert_predicate user.errors[:home_zoom], :none?
   end
 
   def test_unique_email
-    new_user = User.new(
-      :email => users(:normal_user).email,
-      :status => "active",
-      :pass_crypt => Digest::MD5.hexdigest('test'),
-      :display_name => "new user",
-      :data_public => 1,
-      :description => "desc"
-    )
-    assert !new_user.save
-    assert new_user.errors[:email].include?("has already been taken")
+    existing_user = create(:user)
+    new_user = build(:user, :email => existing_user.email)
+    assert_not new_user.save
+    assert_includes new_user.errors[:email], "has already been taken"
   end
 
   def test_unique_display_name
-    new_user = User.new(
-      :email => "tester@openstreetmap.org",
-      :status => "pending",
-      :pass_crypt => Digest::MD5.hexdigest('test'),
-      :display_name => users(:normal_user).display_name,
-      :data_public => 1,
-      :description => "desc"
-    )
-    assert !new_user.save
-    assert new_user.errors[:display_name].include?("has already been taken")
+    existing_user = create(:user)
+    new_user = build(:user, :display_name => existing_user.display_name)
+    assert_not new_user.save
+    assert_includes new_user.errors[:display_name], "has already been taken"
   end
 
   def test_email_valid
-    ok = %wa@s.com test@shaunmcdonald.me.uk hello_local@ping-d.ng
-    test_local@openstreetmap.org test-local@example.com }
-    bad = %whi ht@ n@ @.com help@.me.uk help"hi.me.uk も対@応します
-    輕觸搖晃的遊戲@ah.com も対応します@s.name }
+    ok = %w[a@s.com test@shaunmcdonald.me.uk hello_local@ping-d.ng
+            test_local@openstreetmap.org test-local@example.com]
+    bad = %w[hi ht@ n@ @.com help@.me.uk help"hi.me.uk も対@応します
+             輕觸搖晃的遊戲@ah.com も対応します@s.name]
 
     ok.each do |name|
-      user = users(:normal_user)
+      user = build(:user)
       user.email = name
-      assert user.valid?(:save), user.errors.full_messages.join(",")
+      assert user.valid?(:save), "#{name} isn't valid when it should be"
     end
 
     bad.each do |name|
-      user = users(:normal_user)
+      user = build(:user)
       user.email = name
       assert user.invalid?(:save), "#{name} is valid when it shouldn't be"
     end
   end
 
   def test_display_name_length
-    user = users(:normal_user)
+    user = build(:user)
     user.display_name = "123"
-    assert user.valid?, " should allow nil display name"
+    assert_predicate user, :valid?, "should allow 3 char name name"
     user.display_name = "12"
-    assert !user.valid?, "should not allow 2 char name"
+    assert_not user.valid?, "should not allow 2 char name"
     user.display_name = ""
-    assert !user.valid?
+    assert_not user.valid?, "should not allow blank/0 char name"
     user.display_name = nil
-    # Don't understand why it isn't allowing a nil value,
-    # when the validates statements specifically allow it
-    # It appears the database does not allow null values
-    assert !user.valid?
+    assert_not user.valid?, "should not allow nil value"
   end
 
   def test_display_name_valid
     # Due to sanitisation in the view some of these that you might not
-    # expact are allowed
+    # expect are allowed
     # However, would they affect the xml planet dumps?
-    ok = [ "Name", "'me", "he\"", "<hr>", "*ho", "\"help\"@",
-           "vergrößern", "ルシステムにも対応します", "輕觸搖晃的遊戲" ]
+    ok = ["Name", "'me", "he\"", "<hr>", "*ho", "\"help\"@",
+          "vergrößern", "ルシステムにも対応します", "輕觸搖晃的遊戲", "space space"]
     # These need to be 3 chars in length, otherwise the length test above
     # should be used.
-    bad = [ "<hr/>", "test@example.com", "s/f", "aa/", "aa;", "aa.",
-            "aa,", "aa?", "/;.,?", "も対応します/", "#ping",
-            "foo\x1fbar", "foo\x7fbar", "foo\ufffebar", "foo\uffffbar",
-            "new", "terms", "save", "confirm", "confirm-email",
-            "go_public", "reset-password", "forgot-password", "suspended" ]
+    bad = ["<hr/>", "test@example.com", "s/f", "aa/", "aa;", "aa.",
+           "aa,", "aa?", "/;.,?", "も対応します/", "#ping",
+           "foo\x1fbar", "foo\x7fbar", "foo\ufffebar", "foo\uffffbar",
+           "new", "terms", "save", "confirm", "confirm-email",
+           "go_public", "reset-password", "forgot-password", "suspended",
+           "trailing whitespace ", " leading whitespace"]
     ok.each do |display_name|
-      user = users(:normal_user)
+      user = build(:user)
       user.display_name = display_name
-      assert user.valid?, "#{display_name} is invalid, when it should be"
+      assert_predicate user, :valid?, "#{display_name} is invalid, when it should be"
     end
 
     bad.each do |display_name|
-      user = users(:normal_user)
+      user = build(:user)
       user.display_name = display_name
-      assert !user.valid?, "#{display_name} is valid when it shouldn't be"
+      assert_not user.valid?, "#{display_name} is valid when it shouldn't be"
     end
   end
 
-  def test_friend_with
-    assert users(:normal_user).is_friends_with?(users(:public_user))
-    assert !users(:normal_user).is_friends_with?(users(:inactive_user))
-    assert !users(:public_user).is_friends_with?(users(:normal_user))
-    assert !users(:public_user).is_friends_with?(users(:inactive_user))
-    assert !users(:inactive_user).is_friends_with?(users(:normal_user))
-    assert !users(:inactive_user).is_friends_with?(users(:public_user))
+  def test_friends_with
+    alice = create(:user, :active)
+    bob = create(:user, :active)
+    charlie = create(:user, :active)
+    create(:friendship, :befriender => alice, :befriendee => bob)
+
+    assert alice.friends_with?(bob)
+    assert_not alice.friends_with?(charlie)
+    assert_not bob.friends_with?(alice)
+    assert_not bob.friends_with?(charlie)
+    assert_not charlie.friends_with?(bob)
+    assert_not charlie.friends_with?(alice)
   end
 
   def test_users_nearby
-    # second user has their data public and is close by normal user
-    assert_equal [users(:public_user)], users(:normal_user).nearby
-    # second_user has normal user nearby, but normal user has their data private
-    assert_equal [], users(:public_user).nearby
-    # inactive_user has no user nearby
-    assert_equal [], users(:inactive_user).nearby
-    # north_pole_user has no user nearby, and doesn't throw exception
-    assert_equal [], users(:north_pole_user).nearby
+    alice = create(:user, :active, :home_lat => 51.0, :home_lon => 1.0, :data_public => false)
+    bob = create(:user, :active, :home_lat => 51.1, :home_lon => 1.0, :data_public => true)
+    charlie = create(:user, :active, :home_lat => 51.1, :home_lon => 1.1, :data_public => true)
+    david = create(:user, :active, :home_lat => 10.0, :home_lon => -123.0, :data_public => true)
+    _edward = create(:user, :suspended, :home_lat => 10.0, :home_lon => -123.0, :data_public => true)
+    south_pole_user = create(:user, :active, :home_lat => -90.0, :home_lon => 0.0, :data_public => true)
+    vagrant_user = create(:user, :active, :home_lat => nil, :home_lon => nil, :data_public => true)
+
+    # bob and charlie are both near alice
+    assert_equal [bob, charlie], alice.nearby
+    # charlie and alice are both near bob, but alice has their data private
+    assert_equal [charlie], bob.nearby
+    # david has no user nearby, since edward is not active
+    assert_empty david.nearby
+    # south_pole_user has no user nearby, and doesn't throw exception
+    assert_empty south_pole_user.nearby
+    # vagrant_user has no home location
+    assert_empty vagrant_user.nearby
   end
 
-  def test_friends_with
-    # normal user is a friend of second user
-    # it should be a one way friend accossitation
-    assert_equal 1, Friend.count
-    norm = users(:normal_user)
-    sec = users(:public_user)
-    #friend = Friend.new
-    #friend.befriender = norm
-    #friend.befriendee = sec
-    #friend.save
-    assert_equal [sec], norm.nearby
-    assert_equal 1, norm.nearby.size
-    assert_equal 1, Friend.count
-    assert norm.is_friends_with?(sec)
-    assert !sec.is_friends_with?(norm)
-    assert !users(:normal_user).is_friends_with?(users(:inactive_user))
-    assert !users(:public_user).is_friends_with?(users(:normal_user))
-    assert !users(:public_user).is_friends_with?(users(:inactive_user))
-    assert !users(:inactive_user).is_friends_with?(users(:normal_user))
-    assert !users(:inactive_user).is_friends_with?(users(:public_user))
-    #Friend.delete(friend)
-    #assert_equal 0, Friend.count
+  def test_friends
+    norm = create(:user, :active)
+    sec = create(:user, :active)
+    create(:friendship, :befriender => norm, :befriendee => sec)
+
+    assert_equal [sec], norm.friends
+    assert_equal 1, norm.friends.size
+
+    assert_empty sec.friends
+    assert_equal 0, sec.friends.size
   end
 
   def test_user_preferred_editor
-    user = users(:normal_user)
-    assert_equal nil, user.preferred_editor
-    user.preferred_editor = "potlatch"
-    assert_equal "potlatch", user.preferred_editor
+    user = create(:user)
+    assert_nil user.preferred_editor
+    user.preferred_editor = "id"
+    assert_equal "id", user.preferred_editor
     user.save!
 
     user.preferred_editor = "invalid_editor"
@@ -159,88 +150,194 @@ class UserTest < ActiveSupport::TestCase
   end
 
   def test_visible
-    assert_equal 15, User.visible.count
+    pending = create(:user, :pending)
+    active = create(:user, :active)
+    confirmed = create(:user, :confirmed)
+    suspended = create(:user, :suspended)
+    deleted = create(:user, :deleted)
+
+    assert User.visible.find(pending.id)
+    assert User.visible.find(active.id)
+    assert User.visible.find(confirmed.id)
     assert_raise ActiveRecord::RecordNotFound do
-      User.visible.find(users(:suspended_user).id)
+      User.visible.find(suspended.id)
     end
     assert_raise ActiveRecord::RecordNotFound do
-      User.visible.find(users(:deleted_user).id)
+      User.visible.find(deleted.id)
     end
   end
 
   def test_active
-    assert_equal 14, User.active.count
+    pending = create(:user, :pending)
+    active = create(:user, :active)
+    confirmed = create(:user, :confirmed)
+    suspended = create(:user, :suspended)
+    deleted = create(:user, :deleted)
+
+    assert User.active.find(active.id)
+    assert User.active.find(confirmed.id)
     assert_raise ActiveRecord::RecordNotFound do
-      User.active.find(users(:inactive_user).id)
+      User.active.find(pending.id)
     end
     assert_raise ActiveRecord::RecordNotFound do
-      User.active.find(users(:suspended_user).id)
+      User.active.find(suspended.id)
     end
     assert_raise ActiveRecord::RecordNotFound do
-      User.active.find(users(:deleted_user).id)
+      User.active.find(deleted.id)
     end
   end
 
   def test_identifiable
-    assert_equal 16, User.identifiable.count
+    public_user = create(:user, :data_public => true)
+    private_user = create(:user, :data_public => false)
+
+    assert User.identifiable.find(public_user.id)
     assert_raise ActiveRecord::RecordNotFound do
-      User.identifiable.find(users(:normal_user).id)
+      User.identifiable.find(private_user.id)
     end
   end
 
   def test_languages
-    user = users(:normal_user)
-    assert_equal [ "en" ], user.languages
-    user.languages = [ "de", "fr", "en" ]
-    assert_equal [ "de", "fr", "en" ], user.languages
-    user.languages = [ "fr", "de", "sl" ]
+    create(:language, :code => "en")
+    create(:language, :code => "de")
+    create(:language, :code => "sl")
+
+    user = create(:user, :languages => ["en"])
+    assert_equal ["en"], user.languages
+    user.languages = %w[de fr en]
+    assert_equal %w[de fr en], user.languages
+    user.languages = %w[fr de sl]
     assert_equal "de", user.preferred_language
-    assert_equal "de", user.preferred_language_from(["en", "sl", "de", "es"])
+    assert_equal %w[fr de sl], user.preferred_languages.map(&:to_s)
+    user = create(:user, :languages => %w[en de])
+    assert_equal %w[en de], user.languages
   end
 
   def test_visible?
-    assert_equal true, users(:inactive_user).visible?
-    assert_equal true, users(:normal_user).visible?
-    assert_equal true, users(:confirmed_user).visible?
-    assert_equal false, users(:suspended_user).visible?
-    assert_equal false, users(:deleted_user).visible?
+    assert_predicate build(:user, :pending), :visible?
+    assert_predicate build(:user, :active), :visible?
+    assert_predicate build(:user, :confirmed), :visible?
+    assert_not build(:user, :suspended).visible?
+    assert_not build(:user, :deleted).visible?
   end
 
   def test_active?
-    assert_equal false, users(:inactive_user).active?
-    assert_equal true, users(:normal_user).active?
-    assert_equal true, users(:confirmed_user).active?
-    assert_equal false, users(:suspended_user).active?
-    assert_equal false, users(:deleted_user).active?
+    assert_not build(:user, :pending).active?
+    assert_predicate build(:user, :active), :active?
+    assert_predicate build(:user, :confirmed), :active?
+    assert_not build(:user, :suspended).active?
+    assert_not build(:user, :deleted).active?
   end
 
   def test_moderator?
-    assert_equal false, users(:normal_user).moderator?
-    assert_equal true, users(:moderator_user).moderator?
+    assert_not create(:user).moderator?
+    assert_predicate create(:moderator_user), :moderator?
   end
 
   def test_administrator?
-    assert_equal false, users(:normal_user).administrator?
-    assert_equal true, users(:administrator_user).administrator?
+    assert_not create(:user).administrator?
+    assert_predicate create(:administrator_user), :administrator?
   end
 
-  def test_has_role?
-    assert_equal false, users(:normal_user).has_role?("administrator")
-    assert_equal false, users(:normal_user).has_role?("moderator")
-    assert_equal true, users(:administrator_user).has_role?("administrator")
-    assert_equal true, users(:moderator_user).has_role?("moderator")
+  def test_role?
+    assert_not create(:user).role?("administrator")
+    assert_not create(:user).role?("moderator")
+    assert create(:administrator_user).role?("administrator")
+    assert create(:moderator_user).role?("moderator")
   end
 
-  def test_delete
-    user = users(:normal_user)
-    user.delete
+  def test_soft_destroy
+    user = create(:user, :with_home_location, :description => "foo")
+    user.soft_destroy
     assert_equal "user_#{user.id}", user.display_name
-    assert user.description.blank?
-    assert_equal nil, user.home_lat
-    assert_equal nil, user.home_lon
-    assert_equal false, user.image.file?
+    assert_predicate user.description, :blank?
+    assert_nil user.home_lat
+    assert_nil user.home_lon
+    assert_not user.avatar.attached?
     assert_equal "deleted", user.status
-    assert_equal false, user.visible?
-    assert_equal false, user.active?
+    assert_not user.visible?
+    assert_not user.active?
+  end
+
+  def test_soft_destroy_revokes_oauth1_tokens
+    user = create(:user)
+    access_token = create(:access_token, :user => user)
+    assert_equal 1, user.oauth_tokens.authorized.count
+
+    user.soft_destroy
+
+    assert_equal 0, user.oauth_tokens.authorized.count
+    access_token.reload
+    assert_predicate access_token, :invalidated?
+  end
+
+  def test_soft_destroy_revokes_oauth2_tokens
+    user = create(:user)
+    oauth_access_token = create(:oauth_access_token, :resource_owner_id => user.id)
+    assert_equal 1, user.access_tokens.not_expired.count
+
+    user.soft_destroy
+
+    assert_equal 0, user.access_tokens.not_expired.count
+    oauth_access_token.reload
+    assert_predicate oauth_access_token, :revoked?
+  end
+
+  def test_deletion_allowed_when_no_changesets
+    with_user_account_deletion_delay(10000) do
+      user = create(:user)
+      assert_predicate user, :deletion_allowed?
+    end
+  end
+
+  def test_deletion_allowed_without_delay
+    with_user_account_deletion_delay(nil) do
+      user = create(:user)
+      create(:changeset, :user => user)
+      user.reload
+      assert_predicate user, :deletion_allowed?
+    end
+  end
+
+  def test_deletion_allowed_past_delay
+    with_user_account_deletion_delay(10) do
+      user = create(:user)
+      create(:changeset, :user => user, :created_at => Time.now.utc - 12.hours, :closed_at => Time.now.utc - 10.hours)
+      user.reload
+      assert_predicate user, :deletion_allowed?
+    end
+  end
+
+  def test_deletion_allowed_during_delay
+    with_user_account_deletion_delay(10) do
+      user = create(:user)
+      create(:changeset, :user => user, :created_at => Time.now.utc - 11.hours, :closed_at => Time.now.utc - 9.hours)
+      user.reload
+      assert_not_predicate user, :deletion_allowed?
+      assert_equal Time.now.utc + 1.hour, user.deletion_allowed_at
+    end
+  end
+
+  def test_deletion_allowed_past_zero_delay
+    with_user_account_deletion_delay(0) do
+      user = create(:user)
+      create(:changeset, :user => user, :created_at => Time.now.utc, :closed_at => Time.now.utc + 1.hour)
+      travel 90.minutes do
+        user.reload
+        assert_predicate user, :deletion_allowed?
+      end
+    end
+  end
+
+  def test_deletion_allowed_during_zero_delay
+    with_user_account_deletion_delay(0) do
+      user = create(:user)
+      create(:changeset, :user => user, :created_at => Time.now.utc, :closed_at => Time.now.utc + 1.hour)
+      travel 30.minutes do
+        user.reload
+        assert_not_predicate user, :deletion_allowed?
+        assert_equal Time.now.utc + 30.minutes, user.deletion_allowed_at
+      end
+    end
   end
 end