]> git.openstreetmap.org Git - rails.git/blobdiff - test/models/user_test.rb
Be paranoid when sending password reset emails
[rails.git] / test / models / user_test.rb
index 8a6e41013b15eb93f6f02175396d7b3c46c3b912..92e7d419c33c50f7ec91d1899581793ffd72508a 100644 (file)
@@ -10,13 +10,13 @@ class UserTest < ActiveSupport::TestCase
                         :home_lat => nil,
                         :home_lon => nil,
                         :home_zoom => nil)
                         :home_lat => nil,
                         :home_lon => nil,
                         :home_zoom => nil)
-    assert_not user.valid?
-    assert user.errors[:email].any?
-    assert user.errors[:pass_crypt].any?
-    assert user.errors[:display_name].any?
-    assert user.errors[:home_lat].none?
-    assert user.errors[:home_lon].none?
-    assert user.errors[:home_zoom].none?
+    assert_not_predicate user, :valid?
+    assert_predicate user.errors[:email], :any?
+    assert_predicate user.errors[:pass_crypt], :any?
+    assert_predicate user.errors[:display_name], :any?
+    assert_predicate user.errors[:home_lat], :none?
+    assert_predicate user.errors[:home_lon], :none?
+    assert_predicate user.errors[:home_zoom], :none?
   end
 
   def test_unique_email
   end
 
   def test_unique_email
@@ -27,10 +27,13 @@ class UserTest < ActiveSupport::TestCase
   end
 
   def test_unique_display_name
   end
 
   def test_unique_display_name
-    existing_user = create(:user)
-    new_user = build(:user, :display_name => existing_user.display_name)
-    assert_not new_user.save
-    assert_includes new_user.errors[:display_name], "has already been taken"
+    create(:user, :display_name => "H\u{e9}nryIV")
+
+    %W[H\u{e9}nryIV he\u{301}nryiv H\u{c9}nry\u2163 he\u{301}nry\u2173].each do |name|
+      new_user = build(:user, :display_name => name)
+      assert_not new_user.save
+      assert_includes new_user.errors[:display_name], "has already been taken"
+    end
   end
 
   def test_email_valid
   end
 
   def test_email_valid
@@ -55,13 +58,25 @@ class UserTest < ActiveSupport::TestCase
   def test_display_name_length
     user = build(:user)
     user.display_name = "123"
   def test_display_name_length
     user = build(:user)
     user.display_name = "123"
-    assert user.valid?, "should allow 3 char name name"
+    assert_predicate user, :valid?, "should allow 3 char name name"
     user.display_name = "12"
     user.display_name = "12"
-    assert_not user.valid?, "should not allow 2 char name"
+    assert_not_predicate user, :valid?, "should not allow 2 char name"
     user.display_name = ""
     user.display_name = ""
-    assert_not user.valid?, "should not allow blank/0 char name"
+    assert_not_predicate user, :valid?, "should not allow blank/0 char name"
     user.display_name = nil
     user.display_name = nil
-    assert_not user.valid?, "should not allow nil value"
+    assert_not_predicate user, :valid?, "should not allow nil value"
+  end
+
+  def test_display_name_width
+    user = build(:user)
+    user.display_name = "123"
+    assert_predicate user, :valid?, "should allow 3 column name name"
+    user.display_name = "12"
+    assert_not_predicate user, :valid?, "should not allow 2 column name"
+    user.display_name = "1\u{200B}2"
+    assert_not_predicate user, :valid?, "should not allow 2 column name"
+    user.display_name = "\u{200B}\u{200B}\u{200B}"
+    assert_not_predicate user, :valid?, "should not allow 0 column name"
   end
 
   def test_display_name_valid
   end
 
   def test_display_name_valid
@@ -81,28 +96,58 @@ class UserTest < ActiveSupport::TestCase
     ok.each do |display_name|
       user = build(:user)
       user.display_name = display_name
     ok.each do |display_name|
       user = build(:user)
       user.display_name = display_name
-      assert user.valid?, "#{display_name} is invalid, when it should be"
+      assert_predicate user, :valid?, "#{display_name} is invalid, when it should be"
     end
 
     bad.each do |display_name|
       user = build(:user)
       user.display_name = display_name
     end
 
     bad.each do |display_name|
       user = build(:user)
       user.display_name = display_name
-      assert_not user.valid?, "#{display_name} is valid when it shouldn't be"
+      assert_not_predicate user, :valid?, "#{display_name} is valid when it shouldn't be"
     end
   end
 
     end
   end
 
+  def test_display_name_user_id_new
+    existing_user = create(:user)
+    user = build(:user)
+
+    user.display_name = "user_#{existing_user.id}"
+    assert_not user.valid?, "user_<id> name is valid for existing user id when it shouldn't be"
+
+    user.display_name = "user_#{existing_user.id + 1}"
+    assert_not user.valid?, "user_<id> name is valid for new user id when it shouldn't be"
+  end
+
+  def test_display_name_user_id_rename
+    existing_user = create(:user)
+    user = create(:user)
+
+    user.display_name = "user_#{existing_user.id}"
+    assert_not user.valid?, "user_<id> name is valid for existing user id when it shouldn't be"
+
+    user.display_name = "user_#{user.id}"
+    assert_predicate user, :valid?, "user_<id> name is invalid for own id, when it should be"
+  end
+
+  def test_display_name_user_id_unchanged_is_valid
+    user = build(:user, :display_name => "user_0")
+    user.save(:validate => false)
+    user.reload
+
+    assert_predicate user, :valid?, "user_0 display_name is invalid but it hasn't been changed"
+  end
+
   def test_friends_with
     alice = create(:user, :active)
     bob = create(:user, :active)
     charlie = create(:user, :active)
     create(:friendship, :befriender => alice, :befriendee => bob)
 
   def test_friends_with
     alice = create(:user, :active)
     bob = create(:user, :active)
     charlie = create(:user, :active)
     create(:friendship, :befriender => alice, :befriendee => bob)
 
-    assert alice.is_friends_with?(bob)
-    assert_not alice.is_friends_with?(charlie)
-    assert_not bob.is_friends_with?(alice)
-    assert_not bob.is_friends_with?(charlie)
-    assert_not charlie.is_friends_with?(bob)
-    assert_not charlie.is_friends_with?(alice)
+    assert alice.friends_with?(bob)
+    assert_not alice.friends_with?(charlie)
+    assert_not bob.friends_with?(alice)
+    assert_not bob.friends_with?(charlie)
+    assert_not charlie.friends_with?(bob)
+    assert_not charlie.friends_with?(alice)
   end
 
   def test_users_nearby
   end
 
   def test_users_nearby
@@ -214,48 +259,130 @@ class UserTest < ActiveSupport::TestCase
   end
 
   def test_visible?
   end
 
   def test_visible?
-    assert build(:user, :pending).visible?
-    assert build(:user, :active).visible?
-    assert build(:user, :confirmed).visible?
-    assert_not build(:user, :suspended).visible?
-    assert_not build(:user, :deleted).visible?
+    assert_predicate build(:user, :pending), :visible?
+    assert_predicate build(:user, :active), :visible?
+    assert_predicate build(:user, :confirmed), :visible?
+    assert_not_predicate build(:user, :suspended), :visible?
+    assert_not_predicate build(:user, :deleted), :visible?
   end
 
   def test_active?
   end
 
   def test_active?
-    assert_not build(:user, :pending).active?
-    assert build(:user, :active).active?
-    assert build(:user, :confirmed).active?
-    assert_not build(:user, :suspended).active?
-    assert_not build(:user, :deleted).active?
+    assert_not_predicate build(:user, :pending), :active?
+    assert_predicate build(:user, :active), :active?
+    assert_predicate build(:user, :confirmed), :active?
+    assert_not_predicate build(:user, :suspended), :active?
+    assert_not_predicate build(:user, :deleted), :active?
   end
 
   def test_moderator?
   end
 
   def test_moderator?
-    assert_not create(:user).moderator?
-    assert create(:moderator_user).moderator?
+    assert_not_predicate create(:user), :moderator?
+    assert_predicate create(:moderator_user), :moderator?
   end
 
   def test_administrator?
   end
 
   def test_administrator?
-    assert_not create(:user).administrator?
-    assert create(:administrator_user).administrator?
+    assert_not_predicate create(:user), :administrator?
+    assert_predicate create(:administrator_user), :administrator?
   end
 
   end
 
-  def test_has_role?
-    assert_not create(:user).has_role?("administrator")
-    assert_not create(:user).has_role?("moderator")
-    assert create(:administrator_user).has_role?("administrator")
-    assert create(:moderator_user).has_role?("moderator")
+  def test_role?
+    assert_not create(:user).role?("administrator")
+    assert_not create(:user).role?("moderator")
+    assert create(:administrator_user).role?("administrator")
+    assert create(:moderator_user).role?("moderator")
   end
 
   end
 
-  def test_destroy
+  def test_soft_destroy
     user = create(:user, :with_home_location, :description => "foo")
     user = create(:user, :with_home_location, :description => "foo")
-    user.destroy
+    user.soft_destroy
     assert_equal "user_#{user.id}", user.display_name
     assert_equal "user_#{user.id}", user.display_name
-    assert user.description.blank?
+    assert_predicate user.description, :blank?
     assert_nil user.home_lat
     assert_nil user.home_lon
     assert_nil user.home_lat
     assert_nil user.home_lon
-    assert_not user.avatar.attached?
+    assert_not_predicate user.avatar, :attached?
     assert_equal "deleted", user.status
     assert_equal "deleted", user.status
-    assert_not user.visible?
-    assert_not user.active?
+    assert_not_predicate user, :visible?
+    assert_not_predicate user, :active?
+  end
+
+  def test_soft_destroy_revokes_oauth1_tokens
+    user = create(:user)
+    access_token = create(:access_token, :user => user)
+    assert_equal 1, user.oauth_tokens.authorized.count
+
+    user.soft_destroy
+
+    assert_equal 0, user.oauth_tokens.authorized.count
+    access_token.reload
+    assert_predicate access_token, :invalidated?
+  end
+
+  def test_soft_destroy_revokes_oauth2_tokens
+    user = create(:user)
+    oauth_access_token = create(:oauth_access_token, :resource_owner_id => user.id)
+    assert_equal 1, user.access_tokens.not_expired.count
+
+    user.soft_destroy
+
+    assert_equal 0, user.access_tokens.not_expired.count
+    oauth_access_token.reload
+    assert_predicate oauth_access_token, :revoked?
+  end
+
+  def test_deletion_allowed_when_no_changesets
+    with_user_account_deletion_delay(10000) do
+      user = create(:user)
+      assert_predicate user, :deletion_allowed?
+    end
+  end
+
+  def test_deletion_allowed_without_delay
+    with_user_account_deletion_delay(nil) do
+      user = create(:user)
+      create(:changeset, :user => user)
+      user.reload
+      assert_predicate user, :deletion_allowed?
+    end
+  end
+
+  def test_deletion_allowed_past_delay
+    with_user_account_deletion_delay(10) do
+      user = create(:user)
+      create(:changeset, :user => user, :created_at => Time.now.utc - 12.hours, :closed_at => Time.now.utc - 10.hours)
+      user.reload
+      assert_predicate user, :deletion_allowed?
+    end
+  end
+
+  def test_deletion_allowed_during_delay
+    with_user_account_deletion_delay(10) do
+      user = create(:user)
+      create(:changeset, :user => user, :created_at => Time.now.utc - 11.hours, :closed_at => Time.now.utc - 9.hours)
+      user.reload
+      assert_not_predicate user, :deletion_allowed?
+      assert_equal Time.now.utc + 1.hour, user.deletion_allowed_at
+    end
+  end
+
+  def test_deletion_allowed_past_zero_delay
+    with_user_account_deletion_delay(0) do
+      user = create(:user)
+      create(:changeset, :user => user, :created_at => Time.now.utc, :closed_at => Time.now.utc + 1.hour)
+      travel 90.minutes do
+        user.reload
+        assert_predicate user, :deletion_allowed?
+      end
+    end
+  end
+
+  def test_deletion_allowed_during_zero_delay
+    with_user_account_deletion_delay(0) do
+      user = create(:user)
+      create(:changeset, :user => user, :created_at => Time.now.utc, :closed_at => Time.now.utc + 1.hour)
+      travel 30.minutes do
+        user.reload
+        assert_not_predicate user, :deletion_allowed?
+        assert_equal Time.now.utc + 30.minutes, user.deletion_allowed_at
+      end
+    end
   end
 end
   end
 end