mastodon/spec/models/user_spec.rb

require 'rails_helper'
require 'devise_two_factor/spec_helpers'

RSpec.describe User, type: :model do
  it_behaves_like 'two_factor_backupable'

  describe 'validations' do
    it 'is invalid without an account' do
      user = Fabricate.build(:user, account: nil)
      user.valid?
      expect(user).to model_have_error_on_field(:account)
    end

    it 'is invalid without a valid locale' do
      user = Fabricate.build(:user, locale: 'toto')
      user.valid?
      expect(user).to model_have_error_on_field(:locale)
    end

    it 'is invalid without a valid email' do
      user = Fabricate.build(:user, email: 'john@')
      user.valid?
      expect(user).to model_have_error_on_field(:email)
    end

    it 'cleans out empty string from languages' do
      user = Fabricate.build(:user, filtered_languages: [''])
      user.valid?
      expect(user.filtered_languages).to eq []
    end
  end

  describe 'settings' do
    it 'inherits default settings from default yml' do
      expect(Setting.boost_modal).to eq false
      expect(Setting.interactions['must_be_follower']).to eq false

      user = User.new
      expect(user.settings.boost_modal).to eq false
      expect(user.settings.interactions['must_be_follower']).to eq false
    end

    it 'can update settings' do
      user = Fabricate(:user)
      expect(user.settings['interactions']['must_be_follower']).to eq false
      user.settings['interactions'] = user.settings['interactions'].merge('must_be_follower' => true)
      user.reload

      expect(user.settings['interactions']['must_be_follower']).to eq true
    end

    xit 'does not mutate defaults via the cache' do
      user = Fabricate(:user)
      user.settings['interactions']['must_be_follower'] = true
      # TODO
      # This mutates the global settings default such that future user
      # instances will inherit the incorrect starting values

      other = Fabricate(:user)
      expect(other.settings['interactions']['must_be_follower']).to eq false
    end
  end

  describe 'scopes' do
    describe 'recent' do
      it 'returns an array of recent users ordered by id' do
        user_1 = Fabricate(:user)
        user_2 = Fabricate(:user)
        expect(User.recent).to match_array([user_2, user_1])
      end
    end

    describe 'admins' do
      it 'returns an array of users who are admin' do
        user_1 = Fabricate(:user, admin: false)
        user_2 = Fabricate(:user, admin: true)
        expect(User.admins).to match_array([user_2])
      end
    end

    describe 'confirmed' do
      it 'returns an array of users who are confirmed' do
        user_1 = Fabricate(:user, confirmed_at: nil)
        user_2 = Fabricate(:user, confirmed_at: Time.now)
        expect(User.confirmed).to match_array([user_2])
      end
    end
  end

  let(:account) { Fabricate(:account, username: 'alice') }
  let(:password) { 'abcd1234' }

  describe 'blacklist' do
    around(:each) do |example|
      old_blacklist = Rails.configuration.x.email_blacklist

      Rails.configuration.x.email_domains_blacklist = 'mvrht.com'

      example.run

      Rails.configuration.x.email_domains_blacklist = old_blacklist
    end

    it 'should allow a non-blacklisted user to be created' do
      user = User.new(email: 'foo@example.com', account: account, password: password)

      expect(user.valid?).to be_truthy
    end

    it 'should not allow a blacklisted user to be created' do
      user = User.new(email: 'foo@mvrht.com', account: account, password: password)

      expect(user.valid?).to be_falsey
    end

    it 'should not allow a subdomain blacklisted user to be created' do
      user = User.new(email: 'foo@mvrht.com.topdomain.tld', account: account, password: password)

      expect(user.valid?).to be_falsey
    end
  end

  describe '#confirmed?' do
    it 'returns true when a confirmed_at is set' do
      user = Fabricate.build(:user, confirmed_at: Time.now.utc)
      expect(user.confirmed?).to be true
    end

    it 'returns false if a confirmed_at is nil' do
      user = Fabricate.build(:user, confirmed_at: nil)
      expect(user.confirmed?).to be false
    end
  end

  describe '#disable_two_factor!' do
    it 'sets otp_required_for_login to false' do
      user = Fabricate.build(:user, otp_required_for_login: true)
      user.disable_two_factor!
      expect(user.otp_required_for_login).to be false
    end

    it 'clears otp_backup_codes' do
      user = Fabricate.build(:user, otp_backup_codes: %w[dummy dummy])
      user.disable_two_factor!
      expect(user.otp_backup_codes.empty?).to be true
    end
  end

  describe 'whitelist' do
    around(:each) do |example|
      old_whitelist = Rails.configuration.x.email_whitelist

      Rails.configuration.x.email_domains_whitelist = 'mastodon.space'

      example.run

      Rails.configuration.x.email_domains_whitelist = old_whitelist
    end

    it 'should not allow a user to be created unless they are whitelisted' do
      user = User.new(email: 'foo@example.com', account: account, password: password)
      expect(user.valid?).to be_falsey
    end

    it 'should allow a user to be created if they are whitelisted' do
      user = User.new(email: 'foo@mastodon.space', account: account, password: password)
      expect(user.valid?).to be_truthy
    end

    it 'should not allow a user with a whitelisted top domain as subdomain in their email address to be created' do
      user = User.new(email: 'foo@mastodon.space.userdomain.com', account: account, password: password)
      expect(user.valid?).to be_falsey
    end

    it 'should not allow a user to be created with a specific blacklisted subdomain even if the top domain is whitelisted' do
      old_blacklist = Rails.configuration.x.email_blacklist
      Rails.configuration.x.email_domains_blacklist = 'blacklisted.mastodon.space'

      user = User.new(email: 'foo@blacklisted.mastodon.space', account: account, password: password)
      expect(user.valid?).to be_falsey

      Rails.configuration.x.email_domains_blacklist = old_blacklist
    end
  end
end
Made some progress 2016-02-22 16:00:20 +01:00			`require 'rails_helper'`
Add recovery code support for two-factor auth (#1773) * Add recovery code support for two-factor auth When users enable two-factor auth, the app now generates ten single-use recovery codes. Users are encouraged to print the codes and store them in a safe place. The two-factor prompt during login now accepts both OTP codes and recovery codes. The two-factor settings UI allows users to regenerated lost recovery codes. Users who have set up two-factor auth prior to this feature being added can use it to generate recovery codes for the first time. Fixes #563 and fixes #987 * Set OTP_SECRET in test enviroment * add missing .html to view file names 2017-04-15 13:26:03 +02:00			`require 'devise_two_factor/spec_helpers'`
Made some progress 2016-02-22 16:00:20 +01:00
			`RSpec.describe User, type: :model do`
Add recovery code support for two-factor auth (#1773) * Add recovery code support for two-factor auth When users enable two-factor auth, the app now generates ten single-use recovery codes. Users are encouraged to print the codes and store them in a safe place. The two-factor prompt during login now accepts both OTP codes and recovery codes. The two-factor settings UI allows users to regenerated lost recovery codes. Users who have set up two-factor auth prior to this feature being added can use it to generate recovery codes for the first time. Fixes #563 and fixes #987 * Set OTP_SECRET in test enviroment * add missing .html to view file names 2017-04-15 13:26:03 +02:00			`it_behaves_like 'two_factor_backupable'`

add more tests to models 2017-04-05 00:29:56 +02:00			`describe 'validations' do`
			`it 'is invalid without an account' do`
			`user = Fabricate.build(:user, account: nil)`
			`user.valid?`
			`expect(user).to model_have_error_on_field(:account)`
			`end`
Adding a Mention model, test stubs 2016-02-25 00:17:01 +01:00
add more tests to models 2017-04-05 00:29:56 +02:00			`it 'is invalid without a valid locale' do`
			`user = Fabricate.build(:user, locale: 'toto')`
			`user.valid?`
			`expect(user).to model_have_error_on_field(:locale)`
			`end`

			`it 'is invalid without a valid email' do`
			`user = Fabricate.build(:user, email: 'john@')`
			`user.valid?`
			`expect(user).to model_have_error_on_field(:email)`
			`end`
Improve allowed language handling (#2897) * Dont allow empty value in user allowed languages * Sanitize language input to reject blank values in array 2017-05-08 03:32:52 +02:00
			`it 'cleans out empty string from languages' do`
Filter languages with opt out (#3175) * Remove allowed_languages and add filtered_languages * Use filtered_languages instead of allowed_languages 2017-05-20 17:32:44 +02:00			`user = Fabricate.build(:user, filtered_languages: [''])`
Improve allowed language handling (#2897) * Dont allow empty value in user allowed languages * Sanitize language input to reject blank values in array 2017-05-08 03:32:52 +02:00			`user.valid?`
Filter languages with opt out (#3175) * Remove allowed_languages and add filtered_languages * Use filtered_languages instead of allowed_languages 2017-05-20 17:32:44 +02:00			`expect(user.filtered_languages).to eq []`
Improve allowed language handling (#2897) * Dont allow empty value in user allowed languages * Sanitize language input to reject blank values in array 2017-05-08 03:32:52 +02:00			`end`
add more tests to models 2017-04-05 00:29:56 +02:00			`end`

User settings mutation (#2270) * Add user spec for settings, highlight global default mutation issue * Fix mutation issue caused by settings/preferences spec 2017-04-21 18:07:17 +02:00			`describe 'settings' do`
			`it 'inherits default settings from default yml' do`
			`expect(Setting.boost_modal).to eq false`
			`expect(Setting.interactions['must_be_follower']).to eq false`

			`user = User.new`
			`expect(user.settings.boost_modal).to eq false`
			`expect(user.settings.interactions['must_be_follower']).to eq false`
			`end`

			`it 'can update settings' do`
			`user = Fabricate(:user)`
			`expect(user.settings['interactions']['must_be_follower']).to eq false`
			`user.settings['interactions'] = user.settings['interactions'].merge('must_be_follower' => true)`
			`user.reload`

			`expect(user.settings['interactions']['must_be_follower']).to eq true`
			`end`

			`xit 'does not mutate defaults via the cache' do`
			`user = Fabricate(:user)`
			`user.settings['interactions']['must_be_follower'] = true`
			`# TODO`
			`# This mutates the global settings default such that future user`
			`# instances will inherit the incorrect starting values`

			`other = Fabricate(:user)`
			`expect(other.settings['interactions']['must_be_follower']).to eq false`
			`end`
			`end`

add more tests to models 2017-04-05 00:29:56 +02:00			`describe 'scopes' do`
			`describe 'recent' do`
			`it 'returns an array of recent users ordered by id' do`
			`user_1 = Fabricate(:user)`
			`user_2 = Fabricate(:user)`
			`expect(User.recent).to match_array([user_2, user_1])`
			`end`
			`end`

			`describe 'admins' do`
			`it 'returns an array of users who are admin' do`
			`user_1 = Fabricate(:user, admin: false)`
			`user_2 = Fabricate(:user, admin: true)`
			`expect(User.admins).to match_array([user_2])`
			`end`
			`end`

			`describe 'confirmed' do`
			`it 'returns an array of users who are confirmed' do`
			`user_1 = Fabricate(:user, confirmed_at: nil)`
			`user_2 = Fabricate(:user, confirmed_at: Time.now)`
			`expect(User.confirmed).to match_array([user_2])`
			`end`
			`end`
Fix spec 2017-04-05 03:31:26 +02:00			`end`
Merge branch 'master' into add_more_tests_to_models 2017-04-05 03:27:38 +02:00
Fix spec 2017-04-05 03:31:26 +02:00			`let(:account) { Fabricate(:account, username: 'alice') }`
[#817] Add email whitelist This adds the ability to filter user signup with a whitelist instead of or in addition to a blacklist. Fixes #817 2017-04-04 17:04:44 +02:00			`let(:password) { 'abcd1234' }`
Adding a Mention model, test stubs 2016-02-25 00:17:01 +01:00
[#817] Add email whitelist This adds the ability to filter user signup with a whitelist instead of or in addition to a blacklist. Fixes #817 2017-04-04 17:04:44 +02:00			`describe 'blacklist' do`
Stricter whitelist rules (#2213) * Stricter whitelist rules * Linting * Added spec for blacklisting * Test subdomain blacklist on domain whitelist * No need to split * Change spec name 2017-04-26 01:22:51 +02:00			`around(:each) do \|example\|`
			`old_blacklist = Rails.configuration.x.email_blacklist`

			`Rails.configuration.x.email_domains_blacklist = 'mvrht.com'`

			`example.run`

			`Rails.configuration.x.email_domains_blacklist = old_blacklist`
			`end`

[#817] Add email whitelist This adds the ability to filter user signup with a whitelist instead of or in addition to a blacklist. Fixes #817 2017-04-04 17:04:44 +02:00			`it 'should allow a non-blacklisted user to be created' do`
			`user = User.new(email: 'foo@example.com', account: account, password: password)`

			`expect(user.valid?).to be_truthy`
			`end`
Fix spec 2017-04-05 03:31:26 +02:00
[#817] Add email whitelist This adds the ability to filter user signup with a whitelist instead of or in addition to a blacklist. Fixes #817 2017-04-04 17:04:44 +02:00			`it 'should not allow a blacklisted user to be created' do`
			`user = User.new(email: 'foo@mvrht.com', account: account, password: password)`

			`expect(user.valid?).to be_falsey`
			`end`
Stricter whitelist rules (#2213) * Stricter whitelist rules * Linting * Added spec for blacklisting * Test subdomain blacklist on domain whitelist * No need to split * Change spec name 2017-04-26 01:22:51 +02:00
			`it 'should not allow a subdomain blacklisted user to be created' do`
			`user = User.new(email: 'foo@mvrht.com.topdomain.tld', account: account, password: password)`

			`expect(user.valid?).to be_falsey`
			`end`
[#817] Add email whitelist This adds the ability to filter user signup with a whitelist instead of or in addition to a blacklist. Fixes #817 2017-04-04 17:04:44 +02:00			`end`

Admin UI for confirming users (#2245) * Shows confirmed status in list. * Adds ability to confirm users in admin UI. * Added new english translations. * Addresses feedback from #2245. * More feedback. 2017-04-23 04:43:42 +02:00			`describe '#confirmed?' do`
			`it 'returns true when a confirmed_at is set' do`
			`user = Fabricate.build(:user, confirmed_at: Time.now.utc)`
			`expect(user.confirmed?).to be true`
			`end`

			`it 'returns false if a confirmed_at is nil' do`
			`user = Fabricate.build(:user, confirmed_at: nil)`
			`expect(user.confirmed?).to be false`
			`end`
			`end`

Add option to disable two factor auth in admin accounts panel. (#2584) * Add option to disable two factor auth in admin accounts panel. Closes #2578 * Add @mjankowski's suggestions. * Moves destroy actions behind User#disable_two_factor! * Adds spec coverage for Admin:TwoFactorAuthenticationsController and User#disable_two_factor! 2017-05-02 21:07:12 +02:00			`describe '#disable_two_factor!' do`
			`it 'sets otp_required_for_login to false' do`
			`user = Fabricate.build(:user, otp_required_for_login: true)`
			`user.disable_two_factor!`
			`expect(user.otp_required_for_login).to be false`
			`end`

			`it 'clears otp_backup_codes' do`
			`user = Fabricate.build(:user, otp_backup_codes: %w[dummy dummy])`
			`user.disable_two_factor!`
			`expect(user.otp_backup_codes.empty?).to be true`
			`end`
			`end`

[#817] Add email whitelist This adds the ability to filter user signup with a whitelist instead of or in addition to a blacklist. Fixes #817 2017-04-04 17:04:44 +02:00			`describe 'whitelist' do`
			`around(:each) do \|example\|`
			`old_whitelist = Rails.configuration.x.email_whitelist`

			`Rails.configuration.x.email_domains_whitelist = 'mastodon.space'`

			`example.run`

			`Rails.configuration.x.email_domains_whitelist = old_whitelist`
			`end`

			`it 'should not allow a user to be created unless they are whitelisted' do`
			`user = User.new(email: 'foo@example.com', account: account, password: password)`
			`expect(user.valid?).to be_falsey`
			`end`

			`it 'should allow a user to be created if they are whitelisted' do`
			`user = User.new(email: 'foo@mastodon.space', account: account, password: password)`
			`expect(user.valid?).to be_truthy`
Merge branch 'master' into add_more_tests_to_models 2017-04-05 03:27:38 +02:00			`end`
Stricter whitelist rules (#2213) * Stricter whitelist rules * Linting * Added spec for blacklisting * Test subdomain blacklist on domain whitelist * No need to split * Change spec name 2017-04-26 01:22:51 +02:00
			`it 'should not allow a user with a whitelisted top domain as subdomain in their email address to be created' do`
			`user = User.new(email: 'foo@mastodon.space.userdomain.com', account: account, password: password)`
			`expect(user.valid?).to be_falsey`
			`end`

			`it 'should not allow a user to be created with a specific blacklisted subdomain even if the top domain is whitelisted' do`
			`old_blacklist = Rails.configuration.x.email_blacklist`
			`Rails.configuration.x.email_domains_blacklist = 'blacklisted.mastodon.space'`

			`user = User.new(email: 'foo@blacklisted.mastodon.space', account: account, password: password)`
			`expect(user.valid?).to be_falsey`

			`Rails.configuration.x.email_domains_blacklist = old_blacklist`
			`end`
add more tests to models 2017-04-05 00:29:56 +02:00			`end`
Made some progress 2016-02-22 16:00:20 +01:00			`end`