2019-04-30 08:27:42 +08:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2015-10-11 17:41:23 +08:00
|
|
|
require 'rails_helper'
|
2013-10-31 03:45:13 +08:00
|
|
|
|
|
|
|
describe UserSerializer do
|
|
|
|
|
2014-11-27 02:20:03 +08:00
|
|
|
context "with a TL0 user seen as anonymous" do
|
|
|
|
let(:user) { Fabricate.build(:user, trust_level: 0, user_profile: Fabricate.build(:user_profile)) }
|
|
|
|
let(:serializer) { UserSerializer.new(user, scope: Guardian.new, root: false) }
|
|
|
|
let(:json) { serializer.as_json }
|
|
|
|
|
2017-06-04 20:58:36 +08:00
|
|
|
let(:untrusted_attributes) { %i{bio_raw bio_cooked bio_excerpt location website website_name profile_background card_background} }
|
2014-11-27 02:20:03 +08:00
|
|
|
|
|
|
|
it "doesn't serialize untrusted attributes" do
|
2014-12-31 22:55:03 +08:00
|
|
|
untrusted_attributes.each { |attr| expect(json).not_to have_key(attr) }
|
2014-11-27 02:20:03 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-02-17 12:46:19 +08:00
|
|
|
context "as current user" do
|
|
|
|
it "serializes options correctly" do
|
|
|
|
# so we serialize more stuff
|
2016-02-18 13:57:22 +08:00
|
|
|
SiteSetting.default_other_auto_track_topics_after_msecs = 0
|
2016-10-01 00:36:43 +08:00
|
|
|
SiteSetting.default_other_notification_level_when_replying = 3
|
2017-07-28 09:20:09 +08:00
|
|
|
SiteSetting.default_other_new_topic_duration_minutes = 60 * 24
|
2016-02-17 12:46:19 +08:00
|
|
|
|
|
|
|
user = Fabricate.build(:user,
|
|
|
|
user_profile: Fabricate.build(:user_profile),
|
2016-07-16 19:30:00 +08:00
|
|
|
user_option: UserOption.new(dynamic_favicon: true),
|
2016-02-17 12:46:19 +08:00
|
|
|
user_stat: UserStat.new
|
|
|
|
)
|
|
|
|
|
|
|
|
json = UserSerializer.new(user, scope: Guardian.new(user), root: false).as_json
|
|
|
|
|
2016-07-16 19:30:00 +08:00
|
|
|
expect(json[:user_option][:dynamic_favicon]).to eq(true)
|
2017-07-28 09:20:09 +08:00
|
|
|
expect(json[:user_option][:new_topic_duration_minutes]).to eq(60 * 24)
|
2016-02-18 13:57:22 +08:00
|
|
|
expect(json[:user_option][:auto_track_topics_after_msecs]).to eq(0)
|
2016-10-01 00:36:43 +08:00
|
|
|
expect(json[:user_option][:notification_level_when_replying]).to eq(3)
|
2016-02-17 12:46:19 +08:00
|
|
|
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2013-10-31 03:45:13 +08:00
|
|
|
context "with a user" do
|
2019-11-08 13:11:53 +08:00
|
|
|
let(:scope) { Guardian.new }
|
2019-05-10 18:59:31 +08:00
|
|
|
fab!(:user) { Fabricate(:user) }
|
2019-11-08 13:11:53 +08:00
|
|
|
let(:serializer) { UserSerializer.new(user, scope: scope, root: false) }
|
2013-10-31 03:45:13 +08:00
|
|
|
let(:json) { serializer.as_json }
|
2019-05-10 18:59:31 +08:00
|
|
|
fab!(:upload) { Fabricate(:upload) }
|
|
|
|
fab!(:upload2) { Fabricate(:upload) }
|
2013-10-31 03:45:13 +08:00
|
|
|
|
|
|
|
context "with `enable_names` true" do
|
|
|
|
before do
|
2016-02-17 12:46:19 +08:00
|
|
|
SiteSetting.enable_names = true
|
2013-10-31 03:45:13 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "has a name" do
|
2014-12-31 22:55:03 +08:00
|
|
|
expect(json[:name]).to be_present
|
2013-10-31 03:45:13 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "with `enable_names` false" do
|
|
|
|
before do
|
2017-07-07 14:09:14 +08:00
|
|
|
SiteSetting.enable_names = false
|
2013-10-31 03:45:13 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "has a name" do
|
2014-12-31 22:55:03 +08:00
|
|
|
expect(json[:name]).to be_blank
|
2013-10-31 03:45:13 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-04-29 11:58:52 +08:00
|
|
|
context "with filled out backgrounds" do
|
2014-06-12 09:52:50 +08:00
|
|
|
before do
|
2019-04-29 11:58:52 +08:00
|
|
|
user.user_profile.upload_card_background(upload)
|
|
|
|
user.user_profile.upload_profile_background(upload2)
|
2014-06-12 09:52:50 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "has a profile background" do
|
2019-04-29 11:58:52 +08:00
|
|
|
expect(json[:card_background_upload_url]).to eq(upload.url)
|
|
|
|
expect(json[:profile_background_upload_url]).to eq(upload2.url)
|
2014-06-12 09:52:50 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2014-06-08 03:52:51 +08:00
|
|
|
context "with filled out website" do
|
2016-04-11 13:53:50 +08:00
|
|
|
context "when website has a path" do
|
|
|
|
before do
|
|
|
|
user.user_profile.website = 'http://example.com/user'
|
|
|
|
end
|
2013-10-31 03:45:13 +08:00
|
|
|
|
2016-04-11 13:53:50 +08:00
|
|
|
it "has a website with a path" do
|
|
|
|
expect(json[:website]).to eq 'http://example.com/user'
|
|
|
|
end
|
|
|
|
|
|
|
|
it "returns complete website name with path" do
|
|
|
|
expect(json[:website_name]).to eq 'example.com/user'
|
|
|
|
end
|
2015-08-10 16:07:53 +08:00
|
|
|
end
|
|
|
|
|
2016-04-11 13:53:50 +08:00
|
|
|
context "when website has a subdomain" do
|
|
|
|
before do
|
2016-04-11 22:13:33 +08:00
|
|
|
user.user_profile.website = 'http://subdomain.example.com/user'
|
2016-04-11 13:53:50 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "has a website with a subdomain" do
|
2016-04-11 22:13:33 +08:00
|
|
|
expect(json[:website]).to eq 'http://subdomain.example.com/user'
|
2016-04-11 13:53:50 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "returns website name with the subdomain" do
|
2016-04-11 22:13:33 +08:00
|
|
|
expect(json[:website_name]).to eq 'subdomain.example.com/user'
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when website has www" do
|
|
|
|
before do
|
|
|
|
user.user_profile.website = 'http://www.example.com/user'
|
|
|
|
end
|
|
|
|
|
|
|
|
it "has a website with the www" do
|
|
|
|
expect(json[:website]).to eq 'http://www.example.com/user'
|
|
|
|
end
|
|
|
|
|
|
|
|
it "returns website name without the www" do
|
|
|
|
expect(json[:website_name]).to eq 'example.com/user'
|
2016-04-11 13:53:50 +08:00
|
|
|
end
|
2016-04-09 19:52:55 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
context "when website includes query parameters" do
|
|
|
|
before do
|
|
|
|
user.user_profile.website = 'http://example.com/user?ref=payme'
|
2015-08-10 16:07:53 +08:00
|
|
|
end
|
|
|
|
|
2016-04-09 19:52:55 +08:00
|
|
|
it "has a website with query params" do
|
|
|
|
expect(json[:website]).to eq 'http://example.com/user?ref=payme'
|
2015-08-10 16:07:53 +08:00
|
|
|
end
|
|
|
|
|
2016-04-09 19:52:55 +08:00
|
|
|
it "has a website name without query params" do
|
2015-08-10 16:07:53 +08:00
|
|
|
expect(json[:website_name]).to eq 'example.com/user'
|
|
|
|
end
|
2014-06-08 03:52:51 +08:00
|
|
|
end
|
2016-04-09 19:52:55 +08:00
|
|
|
|
|
|
|
context "when website is not a valid url" do
|
|
|
|
before do
|
|
|
|
user.user_profile.website = 'invalid-url'
|
|
|
|
end
|
|
|
|
|
|
|
|
it "has a website with the invalid url" do
|
|
|
|
expect(json[:website]).to eq 'invalid-url'
|
|
|
|
end
|
|
|
|
|
|
|
|
it "has a nil website name" do
|
|
|
|
expect(json[:website_name]).to eq nil
|
|
|
|
end
|
|
|
|
end
|
2014-06-08 03:52:51 +08:00
|
|
|
end
|
2014-06-10 13:19:08 +08:00
|
|
|
|
|
|
|
context "with filled out bio" do
|
|
|
|
before do
|
|
|
|
user.user_profile.bio_raw = 'my raw bio'
|
|
|
|
user.user_profile.bio_cooked = 'my cooked bio'
|
|
|
|
end
|
|
|
|
|
|
|
|
it "has a bio" do
|
|
|
|
expect(json[:bio_raw]).to eq 'my raw bio'
|
|
|
|
end
|
|
|
|
|
|
|
|
it "has a cooked bio" do
|
|
|
|
expect(json[:bio_cooked]).to eq 'my cooked bio'
|
|
|
|
end
|
|
|
|
end
|
2019-11-08 13:11:53 +08:00
|
|
|
|
|
|
|
describe "second_factor_enabled" do
|
|
|
|
let(:scope) { Guardian.new(user) }
|
|
|
|
it "is false by default" do
|
|
|
|
expect(json[:second_factor_enabled]).to eq(false)
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when totp enabled" do
|
|
|
|
before do
|
|
|
|
User.any_instance.stubs(:totp_enabled?).returns(true)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "is true" do
|
|
|
|
expect(json[:second_factor_enabled]).to eq(true)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when security_keys enabled" do
|
|
|
|
before do
|
|
|
|
User.any_instance.stubs(:security_keys_enabled?).returns(true)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "is true" do
|
|
|
|
expect(json[:second_factor_enabled]).to eq(true)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2020-01-02 21:04:08 +08:00
|
|
|
|
|
|
|
describe "ignored and muted" do
|
|
|
|
fab!(:viewing_user) { Fabricate(:user) }
|
|
|
|
let(:scope) { Guardian.new(viewing_user) }
|
|
|
|
|
|
|
|
it 'returns false values for muted and ignored' do
|
|
|
|
expect(json[:ignored]).to eq(false)
|
|
|
|
expect(json[:muted]).to eq(false)
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when ignored' do
|
|
|
|
before do
|
|
|
|
Fabricate(:ignored_user, user: viewing_user, ignored_user: user)
|
|
|
|
viewing_user.reload
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns true for ignored' do
|
|
|
|
expect(json[:ignored]).to eq(true)
|
|
|
|
expect(json[:muted]).to eq(false)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when muted' do
|
|
|
|
before do
|
|
|
|
Fabricate(:muted_user, user: viewing_user, muted_user: user)
|
|
|
|
viewing_user.reload
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns true for muted' do
|
|
|
|
expect(json[:muted]).to eq(true)
|
|
|
|
expect(json[:ignored]).to eq(false)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|
2013-10-31 03:45:13 +08:00
|
|
|
end
|
2014-08-19 23:05:35 +08:00
|
|
|
|
|
|
|
context "with custom_fields" do
|
2019-05-07 11:12:20 +08:00
|
|
|
fab!(:user) { Fabricate(:user) }
|
2014-08-19 23:05:35 +08:00
|
|
|
let(:json) { UserSerializer.new(user, scope: Guardian.new, root: false).as_json }
|
|
|
|
|
|
|
|
before do
|
|
|
|
user.custom_fields['secret_field'] = 'Only for me to know'
|
|
|
|
user.custom_fields['public_field'] = 'Everyone look here'
|
|
|
|
user.save
|
|
|
|
end
|
|
|
|
|
|
|
|
it "doesn't serialize the fields by default" do
|
|
|
|
json[:custom_fields]
|
2014-12-31 22:55:03 +08:00
|
|
|
expect(json[:custom_fields]).to be_empty
|
2014-08-19 23:05:35 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
it "serializes the fields listed in public_user_custom_fields site setting" do
|
2017-07-07 14:09:14 +08:00
|
|
|
SiteSetting.public_user_custom_fields = 'public_field'
|
2014-12-31 22:55:03 +08:00
|
|
|
expect(json[:custom_fields]['public_field']).to eq(user.custom_fields['public_field'])
|
|
|
|
expect(json[:custom_fields]['secret_field']).to eq(nil)
|
2014-08-19 23:05:35 +08:00
|
|
|
end
|
2018-10-17 17:33:27 +08:00
|
|
|
|
2018-10-17 17:54:22 +08:00
|
|
|
context "with user custom field" do
|
|
|
|
before do
|
|
|
|
plugin = Plugin::Instance.new
|
|
|
|
plugin.whitelist_public_user_custom_field :public_field
|
|
|
|
end
|
|
|
|
|
|
|
|
after do
|
|
|
|
User.plugin_public_user_custom_fields.clear
|
|
|
|
end
|
|
|
|
|
|
|
|
it "serializes the fields listed in plugin_public_user_custom_fields" do
|
|
|
|
expect(json[:custom_fields]['public_field']).to eq(user.custom_fields['public_field'])
|
|
|
|
expect(json[:custom_fields]['secret_field']).to eq(nil)
|
|
|
|
end
|
2018-10-17 17:33:27 +08:00
|
|
|
end
|
2014-08-19 23:05:35 +08:00
|
|
|
end
|
2018-12-07 18:57:28 +08:00
|
|
|
|
|
|
|
context "with user fields" do
|
2019-05-07 11:12:20 +08:00
|
|
|
fab!(:user) { Fabricate(:user) }
|
2018-12-07 18:57:28 +08:00
|
|
|
|
|
|
|
let! :fields do
|
|
|
|
[
|
|
|
|
Fabricate(:user_field),
|
|
|
|
Fabricate(:user_field),
|
|
|
|
Fabricate(:user_field, show_on_profile: true),
|
|
|
|
Fabricate(:user_field, show_on_user_card: true),
|
|
|
|
Fabricate(:user_field, show_on_user_card: true, show_on_profile: true)
|
|
|
|
]
|
|
|
|
end
|
|
|
|
|
|
|
|
let(:other_user_json) { UserSerializer.new(user, scope: Guardian.new(Fabricate(:user)), root: false).as_json }
|
|
|
|
let(:self_json) { UserSerializer.new(user, scope: Guardian.new(user), root: false).as_json }
|
|
|
|
let(:admin_json) { UserSerializer.new(user, scope: Guardian.new(Fabricate(:admin)), root: false).as_json }
|
|
|
|
|
|
|
|
it "includes the correct fields for each audience" do
|
|
|
|
expect(admin_json[:user_fields].keys).to contain_exactly(*fields.map { |f| f.id.to_s })
|
|
|
|
expect(other_user_json[:user_fields].keys).to contain_exactly(*fields[2..5].map { |f| f.id.to_s })
|
|
|
|
expect(self_json[:user_fields].keys).to contain_exactly(*fields.map { |f| f.id.to_s })
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|
2018-08-23 05:19:01 +08:00
|
|
|
|
|
|
|
context "with user_api_keys" do
|
2019-05-07 11:12:20 +08:00
|
|
|
fab!(:user) { Fabricate(:user) }
|
2018-08-23 05:19:01 +08:00
|
|
|
|
|
|
|
it "sorts keys by last used time" do
|
|
|
|
freeze_time
|
|
|
|
|
|
|
|
user_api_key_0 = Fabricate(:readonly_user_api_key, user: user, last_used_at: 2.days.ago, revoked_at: Time.zone.now)
|
|
|
|
user_api_key_1 = Fabricate(:readonly_user_api_key, user: user, last_used_at: 7.days.ago)
|
|
|
|
user_api_key_2 = Fabricate(:readonly_user_api_key, user: user, last_used_at: 1.days.ago)
|
|
|
|
user_api_key_3 = Fabricate(:readonly_user_api_key, user: user, last_used_at: 4.days.ago, revoked_at: Time.zone.now)
|
|
|
|
user_api_key_4 = Fabricate(:readonly_user_api_key, user: user, last_used_at: 3.days.ago)
|
|
|
|
|
|
|
|
json = UserSerializer.new(user, scope: Guardian.new(user), root: false).as_json
|
|
|
|
|
|
|
|
expect(json[:user_api_keys].size).to eq(3)
|
|
|
|
expect(json[:user_api_keys][0][:id]).to eq(user_api_key_1.id)
|
|
|
|
expect(json[:user_api_keys][1][:id]).to eq(user_api_key_4.id)
|
|
|
|
expect(json[:user_api_keys][2][:id]).to eq(user_api_key_2.id)
|
|
|
|
end
|
|
|
|
end
|
2013-10-31 03:45:13 +08:00
|
|
|
end
|