2015-10-11 17:41:23 +08:00
|
|
|
require 'rails_helper'
|
2014-10-28 08:25:02 +08:00
|
|
|
require_dependency 'single_sign_on'
|
2013-02-06 03:16:51 +08:00
|
|
|
|
|
|
|
describe Admin::UsersController do
|
|
|
|
|
2013-03-06 06:02:23 +08:00
|
|
|
it 'is a subclass of AdminController' do
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(Admin::UsersController < Admin::AdminController).to eq(true)
|
2013-02-06 03:16:51 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
context 'while logged in as an admin' do
|
|
|
|
before do
|
|
|
|
@user = log_in(:admin)
|
|
|
|
end
|
|
|
|
|
|
|
|
context '.index' do
|
|
|
|
it 'returns success' do
|
2017-08-31 12:06:56 +08:00
|
|
|
get :index, format: :json
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).to be_success
|
2013-02-06 03:16:51 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns JSON' do
|
2017-08-31 12:06:56 +08:00
|
|
|
get :index, format: :json
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(::JSON.parse(response.body)).to be_present
|
2013-02-26 00:42:20 +08:00
|
|
|
end
|
2014-11-03 19:46:08 +08:00
|
|
|
|
|
|
|
context 'when showing emails' do
|
|
|
|
|
|
|
|
it "returns email for all the users" do
|
2017-08-31 12:06:56 +08:00
|
|
|
get :index, params: { show_emails: "true" }, format: :json
|
2014-11-03 19:46:08 +08:00
|
|
|
data = ::JSON.parse(response.body)
|
|
|
|
data.each do |user|
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(user["email"]).to be_present
|
2014-11-03 19:46:08 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2014-12-29 18:50:36 +08:00
|
|
|
it "logs only 1 enty" do
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(UserHistory.where(action: UserHistory.actions[:check_email], acting_user_id: @user.id).count).to eq(0)
|
2014-11-03 19:46:08 +08:00
|
|
|
|
2017-08-31 12:06:56 +08:00
|
|
|
get :index, params: { show_emails: "true" }, format: :json
|
2014-11-03 19:46:08 +08:00
|
|
|
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(UserHistory.where(action: UserHistory.actions[:check_email], acting_user_id: @user.id).count).to eq(1)
|
2014-11-03 19:46:08 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
end
|
2013-02-06 03:16:51 +08:00
|
|
|
end
|
|
|
|
|
2013-03-06 06:02:23 +08:00
|
|
|
describe '.show' do
|
|
|
|
context 'an existing user' do
|
|
|
|
it 'returns success' do
|
2017-08-31 12:06:56 +08:00
|
|
|
get :show, params: { id: @user.id }, format: :json
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).to be_success
|
2013-03-06 06:02:23 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'an existing user' do
|
|
|
|
it 'returns success' do
|
2017-08-31 12:06:56 +08:00
|
|
|
get :show, params: { id: 0 }, format: :json
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).not_to be_success
|
2013-03-06 06:02:23 +08:00
|
|
|
end
|
2013-02-06 03:16:51 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context '.approve_bulk' do
|
|
|
|
|
|
|
|
let(:evil_trout) { Fabricate(:evil_trout) }
|
|
|
|
|
|
|
|
it "does nothing without uesrs" do
|
|
|
|
User.any_instance.expects(:approve).never
|
2017-08-31 12:06:56 +08:00
|
|
|
put :approve_bulk, format: :json
|
2013-02-06 03:16:51 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "won't approve the user when not allowed" do
|
|
|
|
Guardian.any_instance.expects(:can_approve?).with(evil_trout).returns(false)
|
|
|
|
User.any_instance.expects(:approve).never
|
2017-08-31 12:06:56 +08:00
|
|
|
put :approve_bulk, params: { users: [evil_trout.id] }, format: :json
|
2013-02-06 03:16:51 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "approves the user when permitted" do
|
|
|
|
Guardian.any_instance.expects(:can_approve?).with(evil_trout).returns(true)
|
|
|
|
User.any_instance.expects(:approve).once
|
2017-08-31 12:06:56 +08:00
|
|
|
put :approve_bulk, params: { users: [evil_trout.id] }, format: :json
|
2013-02-06 03:16:51 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
end
|
2013-10-23 03:53:08 +08:00
|
|
|
|
|
|
|
context '.generate_api_key' do
|
|
|
|
let(:evil_trout) { Fabricate(:evil_trout) }
|
|
|
|
|
|
|
|
it 'calls generate_api_key' do
|
|
|
|
User.any_instance.expects(:generate_api_key).with(@user)
|
2017-08-31 12:06:56 +08:00
|
|
|
post :generate_api_key, params: { user_id: evil_trout.id }, format: :json
|
2013-10-23 03:53:08 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context '.revoke_api_key' do
|
|
|
|
|
|
|
|
let(:evil_trout) { Fabricate(:evil_trout) }
|
|
|
|
|
|
|
|
it 'calls revoke_api_key' do
|
|
|
|
User.any_instance.expects(:revoke_api_key)
|
2017-08-31 12:06:56 +08:00
|
|
|
delete :revoke_api_key, params: { user_id: evil_trout.id }, format: :json
|
2013-10-23 03:53:08 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
end
|
2013-02-06 03:16:51 +08:00
|
|
|
|
|
|
|
context '.approve' do
|
|
|
|
|
|
|
|
let(:evil_trout) { Fabricate(:evil_trout) }
|
|
|
|
|
|
|
|
it "raises an error when the user doesn't have permission" do
|
|
|
|
Guardian.any_instance.expects(:can_approve?).with(evil_trout).returns(false)
|
2017-08-31 12:06:56 +08:00
|
|
|
put :approve, params: { user_id: evil_trout.id }, format: :json
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).to be_forbidden
|
2013-02-06 03:16:51 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'calls approve' do
|
|
|
|
User.any_instance.expects(:approve).with(@user)
|
2017-08-31 12:06:56 +08:00
|
|
|
put :approve, params: { user_id: evil_trout.id }, format: :json
|
2013-02-06 03:16:51 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
|
2015-08-24 04:33:03 +08:00
|
|
|
context '.suspend' do
|
2017-09-14 02:43:36 +08:00
|
|
|
let(:user) { Fabricate(:evil_trout) }
|
|
|
|
|
|
|
|
it "works properly" do
|
2017-09-15 02:10:39 +08:00
|
|
|
Fabricate(:api_key, user: user)
|
2017-09-14 02:43:36 +08:00
|
|
|
put(
|
|
|
|
:suspend,
|
|
|
|
user_id: user.id,
|
2017-09-14 04:44:47 +08:00
|
|
|
suspend_until: 5.hours.from_now,
|
2017-09-14 02:43:36 +08:00
|
|
|
reason: "because I said so",
|
|
|
|
format: :json
|
|
|
|
)
|
|
|
|
expect(response).to be_success
|
2015-08-24 04:33:03 +08:00
|
|
|
|
2017-09-14 02:43:36 +08:00
|
|
|
user.reload
|
|
|
|
expect(user.suspended_at).to be_present
|
|
|
|
expect(user.suspended_till).to be_present
|
|
|
|
expect(ApiKey.where(user_id: user.id).count).to eq(0)
|
|
|
|
|
|
|
|
log = UserHistory.where(target_user_id: user.id).order('id desc').first
|
|
|
|
expect(log).to be_present
|
|
|
|
expect(log.details).to match(/because I said so/)
|
|
|
|
end
|
|
|
|
|
2017-09-15 02:10:39 +08:00
|
|
|
it "can have an associated post" do
|
|
|
|
post = Fabricate(:post)
|
|
|
|
|
|
|
|
put(
|
|
|
|
:suspend,
|
|
|
|
user_id: user.id,
|
|
|
|
suspend_until: 5.hours.from_now,
|
|
|
|
reason: "because of this post",
|
|
|
|
post_id: post.id,
|
|
|
|
format: :json
|
|
|
|
)
|
|
|
|
expect(response).to be_success
|
|
|
|
|
|
|
|
log = UserHistory.where(target_user_id: user.id).order('id desc').first
|
|
|
|
expect(log).to be_present
|
|
|
|
expect(log.post_id).to eq(post.id)
|
|
|
|
end
|
|
|
|
|
2017-09-14 02:43:36 +08:00
|
|
|
it "can send a message to the user" do
|
|
|
|
Jobs.expects(:enqueue).with(
|
|
|
|
:critical_user_email,
|
|
|
|
has_entries(
|
|
|
|
type: :account_suspended,
|
2017-09-14 04:44:47 +08:00
|
|
|
user_id: user.id
|
2017-09-14 02:43:36 +08:00
|
|
|
)
|
|
|
|
)
|
|
|
|
|
|
|
|
put(
|
|
|
|
:suspend,
|
|
|
|
user_id: user.id,
|
2017-09-14 04:44:47 +08:00
|
|
|
suspend_until: 10.days.from_now,
|
2017-09-14 02:43:36 +08:00
|
|
|
reason: "short reason",
|
|
|
|
message: "long reason",
|
|
|
|
format: :json
|
|
|
|
)
|
|
|
|
expect(response).to be_success
|
|
|
|
|
|
|
|
log = UserHistory.where(target_user_id: user.id).order('id desc').first
|
|
|
|
expect(log).to be_present
|
|
|
|
expect(log.details).to match(/short reason/)
|
|
|
|
expect(log.details).to match(/long reason/)
|
2017-09-14 04:44:47 +08:00
|
|
|
end
|
2015-08-24 04:33:03 +08:00
|
|
|
|
|
|
|
it "also revoke any api keys" do
|
|
|
|
User.any_instance.expects(:revoke_api_key)
|
2017-08-31 12:06:56 +08:00
|
|
|
put :suspend, params: { user_id: evil_trout.id }, format: :json
|
2017-09-14 04:44:47 +08:00
|
|
|
expect(log.context).to match(/long reason/)
|
2015-08-24 04:33:03 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
|
2013-02-06 03:16:51 +08:00
|
|
|
context '.revoke_admin' do
|
|
|
|
before do
|
2013-05-31 23:41:40 +08:00
|
|
|
@another_admin = Fabricate(:admin)
|
2013-02-06 03:16:51 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'raises an error unless the user can revoke access' do
|
|
|
|
Guardian.any_instance.expects(:can_revoke_admin?).with(@another_admin).returns(false)
|
2017-08-31 12:06:56 +08:00
|
|
|
put :revoke_admin, params: { user_id: @another_admin.id }, format: :json
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).to be_forbidden
|
2013-02-06 03:16:51 +08:00
|
|
|
end
|
|
|
|
|
2013-02-26 00:42:20 +08:00
|
|
|
it 'updates the admin flag' do
|
2017-08-31 12:06:56 +08:00
|
|
|
put :revoke_admin, params: { user_id: @another_admin.id }, format: :json
|
2013-02-06 03:16:51 +08:00
|
|
|
@another_admin.reload
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(@another_admin).not_to be_admin
|
2013-02-06 03:16:51 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context '.grant_admin' do
|
|
|
|
before do
|
|
|
|
@another_user = Fabricate(:coding_horror)
|
|
|
|
end
|
|
|
|
|
2017-04-27 02:47:36 +08:00
|
|
|
after do
|
|
|
|
$redis.flushall
|
|
|
|
end
|
|
|
|
|
2013-02-06 03:16:51 +08:00
|
|
|
it "raises an error when the user doesn't have permission" do
|
|
|
|
Guardian.any_instance.expects(:can_grant_admin?).with(@another_user).returns(false)
|
2017-08-31 12:06:56 +08:00
|
|
|
put :grant_admin, params: { user_id: @another_user.id }, format: :json
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).to be_forbidden
|
2013-02-06 03:16:51 +08:00
|
|
|
end
|
|
|
|
|
2013-02-26 00:42:20 +08:00
|
|
|
it "returns a 404 if the username doesn't exist" do
|
2017-08-31 12:06:56 +08:00
|
|
|
put :grant_admin, params: { user_id: 123123 }, format: :json
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).to be_forbidden
|
2013-02-06 03:16:51 +08:00
|
|
|
end
|
|
|
|
|
2013-02-26 00:42:20 +08:00
|
|
|
it 'updates the admin flag' do
|
2017-04-05 01:59:22 +08:00
|
|
|
expect(AdminConfirmation.exists_for?(@another_user.id)).to eq(false)
|
2017-08-31 12:06:56 +08:00
|
|
|
put :grant_admin, params: { user_id: @another_user.id }, format: :json
|
2017-04-05 01:59:22 +08:00
|
|
|
expect(AdminConfirmation.exists_for?(@another_user.id)).to eq(true)
|
2013-02-06 03:16:51 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2015-10-29 00:21:54 +08:00
|
|
|
context '.add_group' do
|
|
|
|
let(:user) { Fabricate(:user) }
|
|
|
|
let(:group) { Fabricate(:group) }
|
|
|
|
|
|
|
|
it 'adds the user to the group' do
|
2017-08-31 12:06:56 +08:00
|
|
|
post :add_group, params: {
|
|
|
|
group_id: group.id, user_id: user.id
|
|
|
|
}, format: :json
|
2015-10-29 00:21:54 +08:00
|
|
|
|
2016-12-11 23:36:15 +08:00
|
|
|
expect(response).to be_success
|
2015-10-29 00:21:54 +08:00
|
|
|
expect(GroupUser.where(user_id: user.id, group_id: group.id).exists?).to eq(true)
|
|
|
|
|
2016-12-11 23:36:15 +08:00
|
|
|
group_history = GroupHistory.last
|
|
|
|
|
|
|
|
expect(group_history.action).to eq(GroupHistory.actions[:add_user_to_group])
|
|
|
|
expect(group_history.acting_user).to eq(@user)
|
|
|
|
expect(group_history.target_user).to eq(user)
|
|
|
|
|
2015-10-29 00:21:54 +08:00
|
|
|
# Doing it again doesn't raise an error
|
2017-08-31 12:06:56 +08:00
|
|
|
post :add_group, params: {
|
|
|
|
group_id: group.id, user_id: user.id
|
|
|
|
}, format: :json
|
|
|
|
|
2015-10-29 00:21:54 +08:00
|
|
|
expect(response).to be_success
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2014-02-11 05:59:36 +08:00
|
|
|
context '.primary_group' do
|
2017-05-18 00:42:04 +08:00
|
|
|
let(:group) { Fabricate(:group) }
|
|
|
|
|
2014-02-11 05:59:36 +08:00
|
|
|
before do
|
|
|
|
@another_user = Fabricate(:coding_horror)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "raises an error when the user doesn't have permission" do
|
|
|
|
Guardian.any_instance.expects(:can_change_primary_group?).with(@another_user).returns(false)
|
2017-08-31 12:06:56 +08:00
|
|
|
put :primary_group, params: {
|
|
|
|
user_id: @another_user.id
|
|
|
|
}, format: :json
|
|
|
|
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).to be_forbidden
|
2014-02-11 05:59:36 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "returns a 404 if the user doesn't exist" do
|
2017-08-31 12:06:56 +08:00
|
|
|
put :primary_group, params: {
|
|
|
|
user_id: 123123
|
|
|
|
}, format: :json
|
|
|
|
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).to be_forbidden
|
2014-02-11 05:59:36 +08:00
|
|
|
end
|
|
|
|
|
2014-02-11 06:36:13 +08:00
|
|
|
it "changes the user's primary group" do
|
2017-05-18 00:42:04 +08:00
|
|
|
group.add(@another_user)
|
2017-08-31 12:06:56 +08:00
|
|
|
put :primary_group, params: {
|
|
|
|
user_id: @another_user.id, primary_group_id: group.id
|
|
|
|
}, format: :json
|
|
|
|
|
2017-05-18 00:42:04 +08:00
|
|
|
@another_user.reload
|
|
|
|
expect(@another_user.primary_group_id).to eq(group.id)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "doesn't change primary group if they aren't a member of the group" do
|
2017-08-31 12:06:56 +08:00
|
|
|
put :primary_group, params: {
|
|
|
|
user_id: @another_user.id, primary_group_id: group.id
|
|
|
|
}, format: :json
|
|
|
|
|
2014-02-11 05:59:36 +08:00
|
|
|
@another_user.reload
|
2017-05-18 00:42:04 +08:00
|
|
|
expect(@another_user.primary_group_id).to be_nil
|
2014-02-11 05:59:36 +08:00
|
|
|
end
|
2017-08-05 00:13:20 +08:00
|
|
|
|
|
|
|
it "remove user's primary group" do
|
|
|
|
group.add(@another_user)
|
2017-08-31 12:06:56 +08:00
|
|
|
|
|
|
|
put :primary_group, params: {
|
|
|
|
user_id: @another_user.id, primary_group_id: ""
|
|
|
|
}, format: :json
|
|
|
|
|
2017-08-05 00:13:20 +08:00
|
|
|
@another_user.reload
|
|
|
|
expect(@another_user.primary_group_id).to be(nil)
|
|
|
|
end
|
2014-02-11 05:59:36 +08:00
|
|
|
end
|
|
|
|
|
2013-07-03 16:27:40 +08:00
|
|
|
context '.trust_level' do
|
|
|
|
before do
|
2015-04-15 00:05:09 +08:00
|
|
|
@another_user = Fabricate(:coding_horror, created_at: 1.month.ago)
|
2013-07-03 16:27:40 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "raises an error when the user doesn't have permission" do
|
|
|
|
Guardian.any_instance.expects(:can_change_trust_level?).with(@another_user).returns(false)
|
2017-08-31 12:06:56 +08:00
|
|
|
put :trust_level, params: {
|
|
|
|
user_id: @another_user.id
|
|
|
|
}, format: :json
|
|
|
|
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).not_to be_success
|
2013-07-03 16:27:40 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "returns a 404 if the username doesn't exist" do
|
2017-08-31 12:06:56 +08:00
|
|
|
put :trust_level, params: {
|
|
|
|
user_id: 123123
|
|
|
|
}, format: :json
|
|
|
|
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).not_to be_success
|
2013-07-03 16:27:40 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "upgrades the user's trust level" do
|
2013-08-14 00:04:28 +08:00
|
|
|
StaffActionLogger.any_instance.expects(:log_trust_level_change).with(@another_user, @another_user.trust_level, 2).once
|
2017-08-31 12:06:56 +08:00
|
|
|
|
|
|
|
put :trust_level, params: {
|
|
|
|
user_id: @another_user.id, level: 2
|
|
|
|
}, format: :json
|
|
|
|
|
2013-07-03 16:27:40 +08:00
|
|
|
@another_user.reload
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(@another_user.trust_level).to eq(2)
|
|
|
|
expect(response).to be_success
|
2013-07-03 16:27:40 +08:00
|
|
|
end
|
|
|
|
|
2014-09-30 11:15:02 +08:00
|
|
|
it "raises no error when demoting a user below their current trust level (locks trust level)" do
|
2013-10-04 11:28:49 +08:00
|
|
|
stat = @another_user.user_stat
|
2014-09-05 04:16:46 +08:00
|
|
|
stat.topics_entered = SiteSetting.tl1_requires_topics_entered + 1
|
|
|
|
stat.posts_read_count = SiteSetting.tl1_requires_read_posts + 1
|
|
|
|
stat.time_read = SiteSetting.tl1_requires_time_spent_mins * 60
|
2013-10-04 11:28:49 +08:00
|
|
|
stat.save!
|
2014-09-05 13:20:39 +08:00
|
|
|
@another_user.update_attributes(trust_level: TrustLevel[1])
|
2017-08-31 12:06:56 +08:00
|
|
|
|
|
|
|
put :trust_level, params: {
|
|
|
|
user_id: @another_user.id, level: TrustLevel[0]
|
|
|
|
}, format: :json
|
|
|
|
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).to be_success
|
2014-09-30 11:15:02 +08:00
|
|
|
@another_user.reload
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(@another_user.trust_level_locked).to eq(true)
|
2013-07-03 16:27:40 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2013-02-13 06:58:08 +08:00
|
|
|
describe '.revoke_moderation' do
|
|
|
|
before do
|
|
|
|
@moderator = Fabricate(:moderator)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'raises an error unless the user can revoke access' do
|
|
|
|
Guardian.any_instance.expects(:can_revoke_moderation?).with(@moderator).returns(false)
|
2017-08-31 12:06:56 +08:00
|
|
|
put :revoke_moderation, params: {
|
|
|
|
user_id: @moderator.id
|
|
|
|
}, format: :json
|
|
|
|
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).to be_forbidden
|
2013-02-13 06:58:08 +08:00
|
|
|
end
|
|
|
|
|
2013-02-26 00:42:20 +08:00
|
|
|
it 'updates the moderator flag' do
|
2017-08-31 12:06:56 +08:00
|
|
|
put :revoke_moderation, params: {
|
|
|
|
user_id: @moderator.id
|
|
|
|
}, format: :json
|
|
|
|
|
2013-02-13 06:58:08 +08:00
|
|
|
@moderator.reload
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(@moderator.moderator).not_to eq(true)
|
2013-02-13 06:58:08 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context '.grant_moderation' do
|
|
|
|
before do
|
|
|
|
@another_user = Fabricate(:coding_horror)
|
|
|
|
end
|
2013-02-06 03:16:51 +08:00
|
|
|
|
2013-02-13 06:58:08 +08:00
|
|
|
it "raises an error when the user doesn't have permission" do
|
|
|
|
Guardian.any_instance.expects(:can_grant_moderation?).with(@another_user).returns(false)
|
2017-08-31 12:06:56 +08:00
|
|
|
put :grant_moderation, params: { user_id: @another_user.id }, format: :json
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).to be_forbidden
|
2013-02-13 06:58:08 +08:00
|
|
|
end
|
2013-02-06 03:16:51 +08:00
|
|
|
|
2013-02-26 00:42:20 +08:00
|
|
|
it "returns a 404 if the username doesn't exist" do
|
2017-08-31 12:06:56 +08:00
|
|
|
put :grant_moderation, params: { user_id: 123123 }, format: :json
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).to be_forbidden
|
2013-02-13 06:58:08 +08:00
|
|
|
end
|
|
|
|
|
2013-02-26 00:42:20 +08:00
|
|
|
it 'updates the moderator flag' do
|
2017-08-31 12:06:56 +08:00
|
|
|
put :grant_moderation, params: { user_id: @another_user.id }, format: :json
|
2013-02-13 06:58:08 +08:00
|
|
|
@another_user.reload
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(@another_user.moderator).to eq(true)
|
2013-02-13 06:58:08 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2013-08-16 23:42:24 +08:00
|
|
|
context '.reject_bulk' do
|
|
|
|
let(:reject_me) { Fabricate(:user) }
|
|
|
|
let(:reject_me_too) { Fabricate(:user) }
|
|
|
|
|
|
|
|
it 'does nothing without users' do
|
|
|
|
UserDestroyer.any_instance.expects(:destroy).never
|
2017-08-31 12:06:56 +08:00
|
|
|
delete :reject_bulk, format: :json
|
2013-08-16 23:42:24 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "won't delete users if not allowed" do
|
|
|
|
Guardian.any_instance.stubs(:can_delete_user?).returns(false)
|
|
|
|
UserDestroyer.any_instance.expects(:destroy).never
|
2017-08-31 12:06:56 +08:00
|
|
|
|
|
|
|
delete :reject_bulk, params: {
|
|
|
|
users: [reject_me.id]
|
|
|
|
}, format: :json
|
2013-08-16 23:42:24 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "reports successes" do
|
|
|
|
Guardian.any_instance.stubs(:can_delete_user?).returns(true)
|
|
|
|
UserDestroyer.any_instance.stubs(:destroy).returns(true)
|
2017-08-31 12:06:56 +08:00
|
|
|
|
|
|
|
delete :reject_bulk, params: {
|
|
|
|
users: [reject_me.id, reject_me_too.id]
|
|
|
|
}, format: :json
|
|
|
|
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).to be_success
|
2013-08-16 23:42:24 +08:00
|
|
|
json = ::JSON.parse(response.body)
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(json['success'].to_i).to eq(2)
|
|
|
|
expect(json['failed'].to_i).to eq(0)
|
2013-08-16 23:42:24 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
context 'failures' do
|
|
|
|
before do
|
|
|
|
Guardian.any_instance.stubs(:can_delete_user?).returns(true)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'can handle some successes and some failures' do
|
|
|
|
UserDestroyer.any_instance.stubs(:destroy).with(reject_me, anything).returns(false)
|
|
|
|
UserDestroyer.any_instance.stubs(:destroy).with(reject_me_too, anything).returns(true)
|
2017-08-31 12:06:56 +08:00
|
|
|
|
|
|
|
delete :reject_bulk, params: {
|
|
|
|
users: [reject_me.id, reject_me_too.id]
|
|
|
|
}, format: :json
|
|
|
|
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).to be_success
|
2013-08-16 23:42:24 +08:00
|
|
|
json = ::JSON.parse(response.body)
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(json['success'].to_i).to eq(1)
|
|
|
|
expect(json['failed'].to_i).to eq(1)
|
2013-08-16 23:42:24 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'reports failure due to a user still having posts' do
|
|
|
|
UserDestroyer.any_instance.expects(:destroy).with(reject_me, anything).raises(UserDestroyer::PostsExistError)
|
2017-08-31 12:06:56 +08:00
|
|
|
|
|
|
|
delete :reject_bulk, params: {
|
|
|
|
users: [reject_me.id]
|
|
|
|
}, format: :json
|
|
|
|
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).to be_success
|
2013-08-16 23:42:24 +08:00
|
|
|
json = ::JSON.parse(response.body)
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(json['success'].to_i).to eq(0)
|
|
|
|
expect(json['failed'].to_i).to eq(1)
|
2013-08-16 23:42:24 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2013-04-12 04:04:20 +08:00
|
|
|
context '.destroy' do
|
|
|
|
before do
|
|
|
|
@delete_me = Fabricate(:user)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "raises an error when the user doesn't have permission" do
|
|
|
|
Guardian.any_instance.expects(:can_delete_user?).with(@delete_me).returns(false)
|
2017-08-31 12:06:56 +08:00
|
|
|
delete :destroy, params: { id: @delete_me.id }, format: :json
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).to be_forbidden
|
2013-04-12 04:04:20 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "returns a 403 if the user doesn't exist" do
|
2017-08-31 12:06:56 +08:00
|
|
|
delete :destroy, params: { id: 123123 }, format: :json
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).to be_forbidden
|
2013-04-12 04:04:20 +08:00
|
|
|
end
|
|
|
|
|
2014-07-29 01:17:37 +08:00
|
|
|
context "user has post" do
|
|
|
|
|
|
|
|
before do
|
2014-08-19 00:07:21 +08:00
|
|
|
@user = Fabricate(:user)
|
|
|
|
topic = create_topic(user: @user)
|
2014-10-28 08:25:02 +08:00
|
|
|
_post = create_post(topic: topic, user: @user)
|
2014-07-29 01:17:37 +08:00
|
|
|
@user.stubs(:first_post_created_at).returns(Time.zone.now)
|
|
|
|
User.expects(:find_by).with(id: @delete_me.id).returns(@user)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "returns an error" do
|
2017-08-31 12:06:56 +08:00
|
|
|
delete :destroy, params: { id: @delete_me.id }, format: :json
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).to be_forbidden
|
2014-07-29 01:17:37 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "doesn't return an error if delete_posts == true" do
|
|
|
|
UserDestroyer.any_instance.expects(:destroy).with(@user, has_entry('delete_posts' => true)).returns(true)
|
2017-08-31 12:06:56 +08:00
|
|
|
delete :destroy, params: { id: @delete_me.id, delete_posts: true }, format: :json
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).to be_success
|
2014-07-29 01:17:37 +08:00
|
|
|
end
|
2013-04-12 04:04:20 +08:00
|
|
|
|
2013-07-25 01:48:55 +08:00
|
|
|
end
|
|
|
|
|
2013-04-12 04:04:20 +08:00
|
|
|
it "deletes the user record" do
|
|
|
|
UserDestroyer.any_instance.expects(:destroy).returns(true)
|
2017-08-31 12:06:56 +08:00
|
|
|
delete :destroy, params: { id: @delete_me.id }, format: :json
|
2013-04-12 04:04:20 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2014-12-09 02:16:57 +08:00
|
|
|
context 'activate' do
|
2014-12-01 21:03:25 +08:00
|
|
|
before do
|
2014-12-09 02:16:57 +08:00
|
|
|
@reg_user = Fabricate(:inactive_user)
|
2014-12-01 21:03:25 +08:00
|
|
|
end
|
|
|
|
|
2014-12-09 02:16:57 +08:00
|
|
|
it "returns success" do
|
2017-08-31 12:06:56 +08:00
|
|
|
put :activate, params: { user_id: @reg_user.id }, format: :json
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).to be_success
|
2014-12-09 02:16:57 +08:00
|
|
|
json = ::JSON.parse(response.body)
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(json['success']).to eq("OK")
|
2014-12-09 02:16:57 +08:00
|
|
|
end
|
2017-08-01 00:54:09 +08:00
|
|
|
|
|
|
|
it "should confirm email even when the tokens are expired" do
|
|
|
|
@reg_user.email_tokens.update_all(confirmed: false, expired: true)
|
|
|
|
|
|
|
|
@reg_user.reload
|
|
|
|
expect(@reg_user.email_confirmed?).to eq(false)
|
|
|
|
|
2017-08-31 12:06:56 +08:00
|
|
|
put :activate, params: { user_id: @reg_user.id }, format: :json
|
2017-08-01 00:54:09 +08:00
|
|
|
expect(response).to be_success
|
|
|
|
|
|
|
|
@reg_user.reload
|
|
|
|
expect(@reg_user.email_confirmed?).to eq(true)
|
|
|
|
end
|
2014-12-09 02:16:57 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
context 'log_out' do
|
|
|
|
before do
|
|
|
|
@reg_user = Fabricate(:user)
|
2014-12-01 21:03:25 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "returns success" do
|
2017-08-31 12:06:56 +08:00
|
|
|
put :log_out, params: { user_id: @reg_user.id }, format: :json
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).to be_success
|
2014-12-01 21:03:25 +08:00
|
|
|
json = ::JSON.parse(response.body)
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(json['success']).to eq("OK")
|
2014-12-01 21:03:25 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "returns 404 when user_id does not exist" do
|
2017-08-31 12:06:56 +08:00
|
|
|
put :log_out, params: { user_id: 123123 }, format: :json
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).not_to be_success
|
2014-12-01 21:03:25 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2013-05-31 23:41:40 +08:00
|
|
|
context 'block' do
|
|
|
|
before do
|
2013-07-03 02:42:30 +08:00
|
|
|
@reg_user = Fabricate(:user)
|
2013-05-31 23:41:40 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "raises an error when the user doesn't have permission" do
|
2013-07-03 02:42:30 +08:00
|
|
|
Guardian.any_instance.expects(:can_block_user?).with(@reg_user).returns(false)
|
|
|
|
UserBlocker.expects(:block).never
|
2017-08-31 12:06:56 +08:00
|
|
|
put :block, params: { user_id: @reg_user.id }, format: :json
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).to be_forbidden
|
2013-05-31 23:41:40 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "returns a 403 if the user doesn't exist" do
|
2017-08-31 12:06:56 +08:00
|
|
|
put :block, params: { user_id: 123123 }, format: :json
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).to be_forbidden
|
2013-05-31 23:41:40 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "punishes the user for spamming" do
|
2013-07-03 02:42:30 +08:00
|
|
|
UserBlocker.expects(:block).with(@reg_user, @user, anything)
|
2017-08-31 12:06:56 +08:00
|
|
|
put :block, params: { user_id: @reg_user.id }, format: :json
|
2013-05-31 23:41:40 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'unblock' do
|
|
|
|
before do
|
2013-07-03 02:42:30 +08:00
|
|
|
@reg_user = Fabricate(:user)
|
2013-05-31 23:41:40 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "raises an error when the user doesn't have permission" do
|
2013-07-03 02:42:30 +08:00
|
|
|
Guardian.any_instance.expects(:can_unblock_user?).with(@reg_user).returns(false)
|
2017-08-31 12:06:56 +08:00
|
|
|
put :unblock, params: { user_id: @reg_user.id }, format: :json
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).to be_forbidden
|
2013-05-31 23:41:40 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "returns a 403 if the user doesn't exist" do
|
2017-08-31 12:06:56 +08:00
|
|
|
put :unblock, params: { user_id: 123123 }, format: :json
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).to be_forbidden
|
2013-05-31 23:41:40 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "punishes the user for spamming" do
|
2013-07-03 02:42:30 +08:00
|
|
|
UserBlocker.expects(:unblock).with(@reg_user, @user, anything)
|
2017-08-31 12:06:56 +08:00
|
|
|
put :unblock, params: { user_id: @reg_user.id }, format: :json
|
2013-05-31 23:41:40 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2014-07-08 04:18:18 +08:00
|
|
|
context 'ip-info' do
|
|
|
|
|
|
|
|
it "uses ipinfo.io webservice to retrieve the info" do
|
2017-08-22 02:40:44 +08:00
|
|
|
Excon.expects(:get).with("https://ipinfo.io/123.123.123.123/json", read_timeout: 10, connect_timeout: 10)
|
2017-08-31 12:06:56 +08:00
|
|
|
get :ip_info, params: { ip: "123.123.123.123" }, format: :json
|
2014-07-08 04:18:18 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
|
2014-11-21 02:59:20 +08:00
|
|
|
context "delete_other_accounts_with_same_ip" do
|
|
|
|
|
|
|
|
it "works" do
|
|
|
|
Fabricate(:user, ip_address: "42.42.42.42")
|
|
|
|
Fabricate(:user, ip_address: "42.42.42.42")
|
|
|
|
|
|
|
|
UserDestroyer.any_instance.expects(:destroy).twice
|
|
|
|
|
2017-08-31 12:06:56 +08:00
|
|
|
delete :delete_other_accounts_with_same_ip, params: {
|
|
|
|
ip: "42.42.42.42", exclude: -1, order: "trust_level DESC"
|
|
|
|
}, format: :json
|
2014-11-21 02:59:20 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
|
2014-11-24 12:42:39 +08:00
|
|
|
context ".invite_admin" do
|
2017-04-05 01:59:22 +08:00
|
|
|
it "doesn't work when not via API" do
|
|
|
|
controller.stubs(:is_api?).returns(false)
|
2017-08-31 12:06:56 +08:00
|
|
|
|
|
|
|
post :invite_admin, params: {
|
|
|
|
name: 'Bill', username: 'bill22', email: 'bill@bill.com'
|
|
|
|
}, format: :json
|
|
|
|
|
2017-04-05 01:59:22 +08:00
|
|
|
expect(response).not_to be_success
|
|
|
|
end
|
|
|
|
|
2014-11-24 12:42:39 +08:00
|
|
|
it 'should invite admin' do
|
2017-04-05 01:59:22 +08:00
|
|
|
controller.stubs(:is_api?).returns(true)
|
2016-04-07 12:38:43 +08:00
|
|
|
Jobs.expects(:enqueue).with(:critical_user_email, anything).returns(true)
|
2017-08-31 12:06:56 +08:00
|
|
|
|
|
|
|
post :invite_admin, params: {
|
|
|
|
name: 'Bill', username: 'bill22', email: 'bill@bill.com'
|
|
|
|
}, format: :json
|
|
|
|
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).to be_success
|
2014-11-24 12:42:39 +08:00
|
|
|
|
2017-04-27 02:47:36 +08:00
|
|
|
u = User.find_by_email('bill@bill.com')
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(u.name).to eq("Bill")
|
|
|
|
expect(u.username).to eq("bill22")
|
|
|
|
expect(u.admin).to eq(true)
|
2014-11-24 12:42:39 +08:00
|
|
|
end
|
2015-01-03 04:48:34 +08:00
|
|
|
|
|
|
|
it "doesn't send the email with send_email falsy" do
|
2017-04-05 01:59:22 +08:00
|
|
|
controller.stubs(:is_api?).returns(true)
|
2015-01-03 04:48:34 +08:00
|
|
|
Jobs.expects(:enqueue).with(:user_email, anything).never
|
2017-08-31 12:06:56 +08:00
|
|
|
|
|
|
|
post :invite_admin, params: {
|
|
|
|
name: 'Bill', username: 'bill22', email: 'bill@bill.com', send_email: '0'
|
|
|
|
}, format: :json
|
|
|
|
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(response).to be_success
|
2015-01-03 04:48:34 +08:00
|
|
|
json = ::JSON.parse(response.body)
|
2015-01-10 01:04:02 +08:00
|
|
|
expect(json["password_url"]).to be_present
|
2015-01-03 04:48:34 +08:00
|
|
|
end
|
2014-11-24 12:42:39 +08:00
|
|
|
end
|
|
|
|
|
2017-05-18 00:42:04 +08:00
|
|
|
context 'remove_group' do
|
|
|
|
it "also clears the user's primary group" do
|
|
|
|
g = Fabricate(:group)
|
|
|
|
u = Fabricate(:user, primary_group: g)
|
2017-08-31 12:06:56 +08:00
|
|
|
delete :remove_group, params: { group_id: g.id, user_id: u.id }, format: :json
|
|
|
|
|
2017-05-18 00:42:04 +08:00
|
|
|
expect(u.reload.primary_group).to be_nil
|
|
|
|
end
|
|
|
|
end
|
2013-02-13 06:58:08 +08:00
|
|
|
end
|
2013-02-06 03:16:51 +08:00
|
|
|
|
2016-03-26 13:28:49 +08:00
|
|
|
context '#sync_sso' do
|
|
|
|
let(:sso) { SingleSignOn.new }
|
|
|
|
let(:sso_secret) { "sso secret" }
|
|
|
|
|
|
|
|
before do
|
|
|
|
log_in(:admin)
|
|
|
|
|
2017-07-10 10:12:21 +08:00
|
|
|
SiteSetting.email_editable = false
|
2016-03-26 13:28:49 +08:00
|
|
|
SiteSetting.enable_sso = true
|
|
|
|
SiteSetting.sso_overrides_email = true
|
|
|
|
SiteSetting.sso_overrides_name = true
|
|
|
|
SiteSetting.sso_overrides_username = true
|
|
|
|
SiteSetting.sso_secret = sso_secret
|
|
|
|
sso.sso_secret = sso_secret
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'can sync up with the sso' do
|
|
|
|
sso.name = "Bob The Bob"
|
|
|
|
sso.username = "bob"
|
|
|
|
sso.email = "bob@bob.com"
|
|
|
|
sso.external_id = "1"
|
|
|
|
|
|
|
|
user = DiscourseSingleSignOn.parse(sso.payload)
|
2017-07-28 09:20:09 +08:00
|
|
|
.lookup_or_create_user
|
2016-03-26 13:28:49 +08:00
|
|
|
|
|
|
|
sso.name = "Bill"
|
|
|
|
sso.username = "Hokli$$!!"
|
|
|
|
sso.email = "bob2@bob.com"
|
2014-10-28 08:25:02 +08:00
|
|
|
|
2017-08-31 12:06:56 +08:00
|
|
|
post :sync_sso, params: Rack::Utils.parse_query(sso.payload), format: :json
|
2016-03-26 13:28:49 +08:00
|
|
|
expect(response).to be_success
|
|
|
|
|
|
|
|
user.reload
|
|
|
|
expect(user.email).to eq("bob2@bob.com")
|
|
|
|
expect(user.name).to eq("Bill")
|
|
|
|
expect(user.username).to eq("Hokli")
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'should create new users' do
|
|
|
|
sso.name = "Dr. Claw"
|
|
|
|
sso.username = "dr_claw"
|
|
|
|
sso.email = "dr@claw.com"
|
|
|
|
sso.external_id = "2"
|
2017-08-31 12:06:56 +08:00
|
|
|
post :sync_sso, params: Rack::Utils.parse_query(sso.payload), format: :json
|
2016-03-26 13:28:49 +08:00
|
|
|
expect(response).to be_success
|
|
|
|
|
2017-04-27 02:47:36 +08:00
|
|
|
user = User.find_by_email('dr@claw.com')
|
2016-03-26 13:28:49 +08:00
|
|
|
expect(user).to be_present
|
|
|
|
expect(user.ip_address).to be_blank
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'should return the right message if the record is invalid' do
|
|
|
|
sso.email = ""
|
|
|
|
sso.name = ""
|
|
|
|
sso.external_id = "1"
|
|
|
|
|
2017-08-31 12:06:56 +08:00
|
|
|
post :sync_sso, params: Rack::Utils.parse_query(sso.payload), format: :json
|
2016-03-26 13:28:49 +08:00
|
|
|
expect(response.status).to eq(403)
|
2017-09-12 01:22:04 +08:00
|
|
|
expect(JSON.parse(response.body)["message"]).to include("Primary email can't be blank")
|
2016-03-26 13:28:49 +08:00
|
|
|
end
|
|
|
|
end
|
2013-02-13 06:58:08 +08:00
|
|
|
end
|