github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-23 10:59:51 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
64b4a7ba45
discourse/spec/serializers/user_serializer_spec.rb

281 lines
9.0 KiB
Ruby
Raw Normal View History

DEV: use #frozen_string_literal: true on all spec This change both speeds up specs (less strings to allocate) and helps catch cases where methods in Discourse are mutating inputs. Overall we will be migrating everything to use #frozen_string_literal: true it will take a while, but this is the first and safest move in this direction
2019-04-30 08:27:42 +08:00
# frozen_string_literal: true
Prepare for separation of RSpec helper files Since rspec-rails 3, the default installation creates two helper files: * `spec_helper.rb` * `rails_helper.rb` `spec_helper.rb` is intended as a way of running specs that do not require Rails, whereas `rails_helper.rb` loads Rails (as Discourse's current `spec_helper.rb` does). For more information: https://www.relishapp.com/rspec/rspec-rails/docs/upgrade#default-helper-files In this commit, I've simply replaced all instances of `spec_helper` with `rails_helper`, and renamed the original `spec_helper.rb`. This brings the Discourse project closer to the standard usage of RSpec in a Rails app. At present, every spec relies on loading Rails, but there are likely many that don't need to. In a future pull request, I hope to introduce a separate, minimal `spec_helper.rb` which can be used in tests which don't rely on Rails.
2015-10-11 17:41:23 +08:00
require 'rails_helper'
SiteSetting to hide regular names from users
2013-10-31 03:45:13 +08:00
describe UserSerializer do
FEATURE: restrict some user fields for TL0 users when viewed by anonymous users
2014-11-27 02:20:03 +08:00
context "with a TL0 user seen as anonymous" do
let(:user) { Fabricate.build(:user, trust_level: 0, user_profile: Fabricate.build(:user_profile)) }
let(:serializer) { UserSerializer.new(user, scope: Guardian.new, root: false) }
let(:json) { serializer.as_json }
FIX: do not show website name on TL0 profile
2017-06-04 20:58:36 +08:00
let(:untrusted_attributes) { %i{bio_raw bio_cooked bio_excerpt location website website_name profile_background card_background} }
FEATURE: restrict some user fields for TL0 users when viewed by anonymous users
2014-11-27 02:20:03 +08:00
it "doesn't serialize untrusted attributes" do
Update rspec syntax to v3 update rspec syntax to v3 change syntax to rspec v3 oops. fix typo mailers classes with rspec3 syntax helpers with rspec3 syntax jobs with rspec3 syntax serializers with rspec3 syntax views with rspec3 syntax support to rspec3 syntax category spec with rspec3 syntax
2014-12-31 22:55:03 +08:00
untrusted_attributes.each { |attr| expect(json).not_to have_key(attr) }
FEATURE: restrict some user fields for TL0 users when viewed by anonymous users
2014-11-27 02:20:03 +08:00
end
end
PERF: shift most user options out of the user table As it stands we load up user records quite frequently on the topic pages, this in turn pulls all the columns for the users being selected, just to discard them after they are loaded New structure keeps all options in a discrete table, this is better organised and allows us to easily add more column without worrying about bloating the user table
2016-02-17 12:46:19 +08:00
context "as current user" do
it "serializes options correctly" do
# so we serialize more stuff
PERF: move 3 more option columns out of the user table
2016-02-18 13:57:22 +08:00
SiteSetting.default_other_auto_track_topics_after_msecs = 0
Add notification level user preference when replying to a topic
2016-10-01 00:36:43 +08:00
SiteSetting.default_other_notification_level_when_replying = 3
Add rubocop to our build. (#5004)
2017-07-28 09:20:09 +08:00
SiteSetting.default_other_new_topic_duration_minutes = 60 * 24
PERF: shift most user options out of the user table As it stands we load up user records quite frequently on the topic pages, this in turn pulls all the columns for the users being selected, just to discard them after they are loaded New structure keeps all options in a discrete table, this is better organised and allows us to easily add more column without worrying about bloating the user table
2016-02-17 12:46:19 +08:00
user = Fabricate.build(:user,
user_profile: Fabricate.build(:user_profile),
FEATURE: remove user option for edit history public Users can no longer opt-in for "public" edit history if site owner disables it. This feature adds cost and complexity to post rendering since user options need to be premeptively loaded for every user in the stream. It is also confusing to explain to communities with private edit history.
2016-07-16 19:30:00 +08:00
user_option: UserOption.new(dynamic_favicon: true),
PERF: shift most user options out of the user table As it stands we load up user records quite frequently on the topic pages, this in turn pulls all the columns for the users being selected, just to discard them after they are loaded New structure keeps all options in a discrete table, this is better organised and allows us to easily add more column without worrying about bloating the user table
2016-02-17 12:46:19 +08:00
user_stat: UserStat.new
)
json = UserSerializer.new(user, scope: Guardian.new(user), root: false).as_json
FEATURE: remove user option for edit history public Users can no longer opt-in for "public" edit history if site owner disables it. This feature adds cost and complexity to post rendering since user options need to be premeptively loaded for every user in the stream. It is also confusing to explain to communities with private edit history.
2016-07-16 19:30:00 +08:00
expect(json[:user_option][:dynamic_favicon]).to eq(true)
Add rubocop to our build. (#5004)
2017-07-28 09:20:09 +08:00
expect(json[:user_option][:new_topic_duration_minutes]).to eq(60 * 24)
PERF: move 3 more option columns out of the user table
2016-02-18 13:57:22 +08:00
expect(json[:user_option][:auto_track_topics_after_msecs]).to eq(0)
Add notification level user preference when replying to a topic
2016-10-01 00:36:43 +08:00
expect(json[:user_option][:notification_level_when_replying]).to eq(3)
PERF: shift most user options out of the user table As it stands we load up user records quite frequently on the topic pages, this in turn pulls all the columns for the users being selected, just to discard them after they are loaded New structure keeps all options in a discrete table, this is better organised and allows us to easily add more column without worrying about bloating the user table
2016-02-17 12:46:19 +08:00
end
end
SiteSetting to hide regular names from users
2013-10-31 03:45:13 +08:00
context "with a user" do
FIX: Ensure enforce 2FA for staff satisfied by security keys (#8316) * If a staff user created only a security key as their single 2FA option. they continued to be prompted to create a 2FA option because we only considered this condition satisfied if a TOTP was added. * The condition is now satisfied if TOTP OR security keys are enabled.
2019-11-08 13:11:53 +08:00
let(:scope) { Guardian.new }
More prefabrication
2019-05-10 18:59:31 +08:00
fab!(:user) { Fabricate(:user) }
FIX: Ensure enforce 2FA for staff satisfied by security keys (#8316) * If a staff user created only a security key as their single 2FA option. they continued to be prompted to create a 2FA option because we only considered this condition satisfied if a TOTP was added. * The condition is now satisfied if TOTP OR security keys are enabled.
2019-11-08 13:11:53 +08:00
let(:serializer) { UserSerializer.new(user, scope: scope, root: false) }
SiteSetting to hide regular names from users
2013-10-31 03:45:13 +08:00
let(:json) { serializer.as_json }
More prefabrication
2019-05-10 18:59:31 +08:00
fab!(:upload) { Fabricate(:upload) }
fab!(:upload2) { Fabricate(:upload) }
SiteSetting to hide regular names from users
2013-10-31 03:45:13 +08:00
context "with `enable_names` true" do
before do
PERF: shift most user options out of the user table As it stands we load up user records quite frequently on the topic pages, this in turn pulls all the columns for the users being selected, just to discard them after they are loaded New structure keeps all options in a discrete table, this is better organised and allows us to easily add more column without worrying about bloating the user table
2016-02-17 12:46:19 +08:00
SiteSetting.enable_names = true
SiteSetting to hide regular names from users
2013-10-31 03:45:13 +08:00
end
it "has a name" do
Update rspec syntax to v3 update rspec syntax to v3 change syntax to rspec v3 oops. fix typo mailers classes with rspec3 syntax helpers with rspec3 syntax jobs with rspec3 syntax serializers with rspec3 syntax views with rspec3 syntax support to rspec3 syntax category spec with rspec3 syntax
2014-12-31 22:55:03 +08:00
expect(json[:name]).to be_present
SiteSetting to hide regular names from users
2013-10-31 03:45:13 +08:00
end
end
context "with `enable_names` false" do
before do
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 14:09:14 +08:00
SiteSetting.enable_names = false
SiteSetting to hide regular names from users
2013-10-31 03:45:13 +08:00
end
it "has a name" do
Update rspec syntax to v3 update rspec syntax to v3 change syntax to rspec v3 oops. fix typo mailers classes with rspec3 syntax helpers with rspec3 syntax jobs with rspec3 syntax serializers with rspec3 syntax views with rspec3 syntax support to rspec3 syntax category spec with rspec3 syntax
2014-12-31 22:55:03 +08:00
expect(json[:name]).to be_blank
SiteSetting to hide regular names from users
2013-10-31 03:45:13 +08:00
end
end
FIX: Properly associate user_profiles background urls via upload id. `Upload#url` is more likely and can change from time to time. When it does changes, we don't want to have to look through multiple tables to ensure that the URLs are all up to date. Instead, we simply associate uploads properly to `UserProfile` so that it does not have to replicate the URLs in the table.
2019-04-29 11:58:52 +08:00
context "with filled out backgrounds" do
move profile_background from User to UserProfile
2014-06-12 09:52:50 +08:00
before do
FIX: Properly associate user_profiles background urls via upload id. `Upload#url` is more likely and can change from time to time. When it does changes, we don't want to have to look through multiple tables to ensure that the URLs are all up to date. Instead, we simply associate uploads properly to `UserProfile` so that it does not have to replicate the URLs in the table.
2019-04-29 11:58:52 +08:00
user.user_profile.upload_card_background(upload)
user.user_profile.upload_profile_background(upload2)
move profile_background from User to UserProfile
2014-06-12 09:52:50 +08:00
end
it "has a profile background" do
FIX: Properly associate user_profiles background urls via upload id. `Upload#url` is more likely and can change from time to time. When it does changes, we don't want to have to look through multiple tables to ensure that the URLs are all up to date. Instead, we simply associate uploads properly to `UserProfile` so that it does not have to replicate the URLs in the table.
2019-04-29 11:58:52 +08:00
expect(json[:card_background_upload_url]).to eq(upload.url)
expect(json[:profile_background_upload_url]).to eq(upload2.url)
move profile_background from User to UserProfile
2014-06-12 09:52:50 +08:00
end
end
do not use try in UserSerializer for fields coming from UserProfile
2014-06-08 03:52:51 +08:00
context "with filled out website" do
Add spec for website name when url has subdomain
2016-04-11 13:53:50 +08:00
context "when website has a path" do
before do
user.user_profile.website = 'http://example.com/user'
end
SiteSetting to hide regular names from users
2013-10-31 03:45:13 +08:00
Add spec for website name when url has subdomain
2016-04-11 13:53:50 +08:00
it "has a website with a path" do
expect(json[:website]).to eq 'http://example.com/user'
end
it "returns complete website name with path" do
expect(json[:website_name]).to eq 'example.com/user'
end
UX: show complete URL path if website domain is same as instance domain
2015-08-10 16:07:53 +08:00
end
Add spec for website name when url has subdomain
2016-04-11 13:53:50 +08:00
context "when website has a subdomain" do
before do
Remove www. from website name
2016-04-11 22:13:33 +08:00
user.user_profile.website = 'http://subdomain.example.com/user'
Add spec for website name when url has subdomain
2016-04-11 13:53:50 +08:00
end
it "has a website with a subdomain" do
Remove www. from website name
2016-04-11 22:13:33 +08:00
expect(json[:website]).to eq 'http://subdomain.example.com/user'
Add spec for website name when url has subdomain
2016-04-11 13:53:50 +08:00
end
it "returns website name with the subdomain" do
Remove www. from website name
2016-04-11 22:13:33 +08:00
expect(json[:website_name]).to eq 'subdomain.example.com/user'
end
end
context "when website has www" do
before do
user.user_profile.website = 'http://www.example.com/user'
end
it "has a website with the www" do
expect(json[:website]).to eq 'http://www.example.com/user'
end
it "returns website name without the www" do
expect(json[:website_name]).to eq 'example.com/user'
Add spec for website name when url has subdomain
2016-04-11 13:53:50 +08:00
end
UX: Show website path in website name for all domains Query parameters are still truncated in website name
2016-04-09 19:52:55 +08:00
end
context "when website includes query parameters" do
before do
user.user_profile.website = 'http://example.com/user?ref=payme'
UX: show complete URL path if website domain is same as instance domain
2015-08-10 16:07:53 +08:00
end
UX: Show website path in website name for all domains Query parameters are still truncated in website name
2016-04-09 19:52:55 +08:00
it "has a website with query params" do
expect(json[:website]).to eq 'http://example.com/user?ref=payme'
UX: show complete URL path if website domain is same as instance domain
2015-08-10 16:07:53 +08:00
end
UX: Show website path in website name for all domains Query parameters are still truncated in website name
2016-04-09 19:52:55 +08:00
it "has a website name without query params" do
UX: show complete URL path if website domain is same as instance domain
2015-08-10 16:07:53 +08:00
expect(json[:website_name]).to eq 'example.com/user'
end
do not use try in UserSerializer for fields coming from UserProfile
2014-06-08 03:52:51 +08:00
end
UX: Show website path in website name for all domains Query parameters are still truncated in website name
2016-04-09 19:52:55 +08:00
context "when website is not a valid url" do
before do
user.user_profile.website = 'invalid-url'
end
it "has a website with the invalid url" do
expect(json[:website]).to eq 'invalid-url'
end
it "has a nil website name" do
expect(json[:website_name]).to eq nil
end
end
do not use try in UserSerializer for fields coming from UserProfile
2014-06-08 03:52:51 +08:00
end
move bio to UserProfile from User
2014-06-10 13:19:08 +08:00
context "with filled out bio" do
before do
user.user_profile.bio_raw = 'my raw bio'
user.user_profile.bio_cooked = 'my cooked bio'
end
it "has a bio" do
expect(json[:bio_raw]).to eq 'my raw bio'
end
it "has a cooked bio" do
expect(json[:bio_cooked]).to eq 'my cooked bio'
end
end
FIX: Ensure enforce 2FA for staff satisfied by security keys (#8316) * If a staff user created only a security key as their single 2FA option. they continued to be prompted to create a 2FA option because we only considered this condition satisfied if a TOTP was added. * The condition is now satisfied if TOTP OR security keys are enabled.
2019-11-08 13:11:53 +08:00
describe "second_factor_enabled" do
let(:scope) { Guardian.new(user) }
it "is false by default" do
expect(json[:second_factor_enabled]).to eq(false)
end
context "when totp enabled" do
before do
User.any_instance.stubs(:totp_enabled?).returns(true)
end
it "is true" do
expect(json[:second_factor_enabled]).to eq(true)
end
end
context "when security_keys enabled" do
before do
User.any_instance.stubs(:security_keys_enabled?).returns(true)
end
it "is true" do
expect(json[:second_factor_enabled]).to eq(true)
end
end
end
SiteSetting to hide regular names from users
2013-10-31 03:45:13 +08:00
end
FIX: public_user_custom_fields are returned by UserSerializer
2014-08-19 23:05:35 +08:00
context "with custom_fields" do
DEV: Prefabrication (test optimization) (#7414) * Introduced fab!, a helper that creates database state for a group It's almost identical to let_it_be, except: 1. It creates a new object for each test by default, 2. You can disable it using PREFABRICATION=0
2019-05-07 11:12:20 +08:00
fab!(:user) { Fabricate(:user) }
FIX: public_user_custom_fields are returned by UserSerializer
2014-08-19 23:05:35 +08:00
let(:json) { UserSerializer.new(user, scope: Guardian.new, root: false).as_json }
before do
user.custom_fields['secret_field'] = 'Only for me to know'
user.custom_fields['public_field'] = 'Everyone look here'
user.save
end
it "doesn't serialize the fields by default" do
json[:custom_fields]
Update rspec syntax to v3 update rspec syntax to v3 change syntax to rspec v3 oops. fix typo mailers classes with rspec3 syntax helpers with rspec3 syntax jobs with rspec3 syntax serializers with rspec3 syntax views with rspec3 syntax support to rspec3 syntax category spec with rspec3 syntax
2014-12-31 22:55:03 +08:00
expect(json[:custom_fields]).to be_empty
FIX: public_user_custom_fields are returned by UserSerializer
2014-08-19 23:05:35 +08:00
end
it "serializes the fields listed in public_user_custom_fields site setting" do
Nuke all `SiteSetting.stubs` from our codebase.
2017-07-07 14:09:14 +08:00
SiteSetting.public_user_custom_fields = 'public_field'
Update rspec syntax to v3 update rspec syntax to v3 change syntax to rspec v3 oops. fix typo mailers classes with rspec3 syntax helpers with rspec3 syntax jobs with rspec3 syntax serializers with rspec3 syntax views with rspec3 syntax support to rspec3 syntax category spec with rspec3 syntax
2014-12-31 22:55:03 +08:00
expect(json[:custom_fields]['public_field']).to eq(user.custom_fields['public_field'])
expect(json[:custom_fields]['secret_field']).to eq(nil)
FIX: public_user_custom_fields are returned by UserSerializer
2014-08-19 23:05:35 +08:00
end
FEATURE: Allow plugins to whitelist user custom fields for public display (#6499) This works exactly the same as `whitelist_staff_user_custom_fields`, but is not limited to staff
2018-10-17 17:33:27 +08:00
DEV: Cleanup properly after user_serializer test
2018-10-17 17:54:22 +08:00
context "with user custom field" do
before do
plugin = Plugin::Instance.new
plugin.whitelist_public_user_custom_field :public_field
end
after do
User.plugin_public_user_custom_fields.clear
end
it "serializes the fields listed in plugin_public_user_custom_fields" do
expect(json[:custom_fields]['public_field']).to eq(user.custom_fields['public_field'])
expect(json[:custom_fields]['secret_field']).to eq(nil)
end
FEATURE: Allow plugins to whitelist user custom fields for public display (#6499) This works exactly the same as `whitelist_staff_user_custom_fields`, but is not limited to staff
2018-10-17 17:33:27 +08:00
end
FIX: public_user_custom_fields are returned by UserSerializer
2014-08-19 23:05:35 +08:00
end
FIX: Do not serialize user fields unless they are specified for display (#6736)
2018-12-07 18:57:28 +08:00
context "with user fields" do
DEV: Prefabrication (test optimization) (#7414) * Introduced fab!, a helper that creates database state for a group It's almost identical to let_it_be, except: 1. It creates a new object for each test by default, 2. You can disable it using PREFABRICATION=0
2019-05-07 11:12:20 +08:00
fab!(:user) { Fabricate(:user) }
FIX: Do not serialize user fields unless they are specified for display (#6736)
2018-12-07 18:57:28 +08:00
let! :fields do
[
Fabricate(:user_field),
Fabricate(:user_field),
Fabricate(:user_field, show_on_profile: true),
Fabricate(:user_field, show_on_user_card: true),
Fabricate(:user_field, show_on_user_card: true, show_on_profile: true)
]
end
let(:other_user_json) { UserSerializer.new(user, scope: Guardian.new(Fabricate(:user)), root: false).as_json }
let(:self_json) { UserSerializer.new(user, scope: Guardian.new(user), root: false).as_json }
let(:admin_json) { UserSerializer.new(user, scope: Guardian.new(Fabricate(:admin)), root: false).as_json }
it "includes the correct fields for each audience" do
expect(admin_json[:user_fields].keys).to contain_exactly(*fields.map { |f| f.id.to_s })
expect(other_user_json[:user_fields].keys).to contain_exactly(*fields[2..5].map { |f| f.id.to_s })
expect(self_json[:user_fields].keys).to contain_exactly(*fields.map { |f| f.id.to_s })
end
end
Add spec for UserSerializer and UserApiKey.
2018-08-23 05:19:01 +08:00
context "with user_api_keys" do
DEV: Prefabrication (test optimization) (#7414) * Introduced fab!, a helper that creates database state for a group It's almost identical to let_it_be, except: 1. It creates a new object for each test by default, 2. You can disable it using PREFABRICATION=0
2019-05-07 11:12:20 +08:00
fab!(:user) { Fabricate(:user) }
Add spec for UserSerializer and UserApiKey.
2018-08-23 05:19:01 +08:00
it "sorts keys by last used time" do
freeze_time
user_api_key_0 = Fabricate(:readonly_user_api_key, user: user, last_used_at: 2.days.ago, revoked_at: Time.zone.now)
user_api_key_1 = Fabricate(:readonly_user_api_key, user: user, last_used_at: 7.days.ago)
user_api_key_2 = Fabricate(:readonly_user_api_key, user: user, last_used_at: 1.days.ago)
user_api_key_3 = Fabricate(:readonly_user_api_key, user: user, last_used_at: 4.days.ago, revoked_at: Time.zone.now)
user_api_key_4 = Fabricate(:readonly_user_api_key, user: user, last_used_at: 3.days.ago)
json = UserSerializer.new(user, scope: Guardian.new(user), root: false).as_json
expect(json[:user_api_keys].size).to eq(3)
expect(json[:user_api_keys][0][:id]).to eq(user_api_key_1.id)
expect(json[:user_api_keys][1][:id]).to eq(user_api_key_4.id)
expect(json[:user_api_keys][2][:id]).to eq(user_api_key_2.id)
end
end
SiteSetting to hide regular names from users
2013-10-31 03:45:13 +08:00
end
Reference in New Issue Copy Permalink