abunchtell
/
mastodon
1
0
Fork 0
Code Issues 0 Activity
The code powering m.abunchtell.com https://m.abunchtell.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6484 Commits
1 Branch
94 MiB
 
 
 
 
Tree: 5d2fc6de32
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '5d2fc6de32'
${ noResults }
mastodon/spec/models/user_spec.rb

530 lines
15 KiB
Raw Blame History 

  1. require 'rails_helper'

  2. require 'devise_two_factor/spec_helpers'

  3. 

  4. RSpec.describe User, type: :model do

  5.   it_behaves_like 'two_factor_backupable'

  6. 

  7.   describe 'otp_secret' do

  8.     it 'is encrypted with OTP_SECRET environment variable' do

  9.       user = Fabricate(:user,

  10.                        encrypted_otp_secret: "Fttsy7QAa0edaDfdfSz094rRLAxc8cJweDQ4BsWH/zozcdVA8o9GLqcKhn2b\nGi/V\n",

  11.                        encrypted_otp_secret_iv: 'rys3THICkr60BoWC',

  12.                        encrypted_otp_secret_salt: '_LMkAGvdg7a+sDIKjI3mR2Q==')

  13. 

  14.       expect(user.otp_secret).to eq 'anotpsecretthatshouldbeencrypted'

  15.     end

  16.   end

  17. 

  18.   describe 'validations' do

  19.     it 'is invalid without an account' do

  20.       user = Fabricate.build(:user, account: nil)

  21.       user.valid?

  22.       expect(user).to model_have_error_on_field(:account)

  23.     end

  24. 

  25.     it 'is invalid without a valid locale' do

  26.       user = Fabricate.build(:user, locale: 'toto')

  27.       user.valid?

  28.       expect(user).to model_have_error_on_field(:locale)

  29.     end

  30. 

  31.     it 'is invalid without a valid email' do

  32.       user = Fabricate.build(:user, email: 'john@')

  33.       user.valid?

  34.       expect(user).to model_have_error_on_field(:email)

  35.     end

  36. 

  37.     it 'is valid with an invalid e-mail that has already been saved' do

  38.       user = Fabricate.build(:user, email: 'invalid-email')

  39.       user.save(validate: false)

  40.       expect(user.valid?).to be true

  41.     end

  42. 

  43.     it 'cleans out empty string from languages' do

  44.       user = Fabricate.build(:user, chosen_languages: [''])

  45.       user.valid?

  46.       expect(user.chosen_languages).to eq nil

  47.     end

  48.   end

  49. 

  50.   describe 'scopes' do

  51.     describe 'recent' do

  52.       it 'returns an array of recent users ordered by id' do

  53.         user_1 = Fabricate(:user)

  54.         user_2 = Fabricate(:user)

  55.         expect(User.recent).to eq [user_2, user_1]

  56.       end

  57.     end

  58. 

  59.     describe 'admins' do

  60.       it 'returns an array of users who are admin' do

  61.         user_1 = Fabricate(:user, admin: false)

  62.         user_2 = Fabricate(:user, admin: true)

  63.         expect(User.admins).to match_array([user_2])

  64.       end

  65.     end

  66. 

  67.     describe 'confirmed' do

  68.       it 'returns an array of users who are confirmed' do

  69.         user_1 = Fabricate(:user, confirmed_at: nil)

  70.         user_2 = Fabricate(:user, confirmed_at: Time.zone.now)

  71.         expect(User.confirmed).to match_array([user_2])

  72.       end

  73.     end

  74. 

  75.     describe 'inactive' do

  76.       it 'returns a relation of inactive users' do

  77.         specified = Fabricate(:user, current_sign_in_at: 15.days.ago)

  78.         Fabricate(:user, current_sign_in_at: 6.days.ago)

  79. 

  80.         expect(User.inactive).to match_array([specified])

  81.       end

  82.     end

  83. 

  84.     describe 'matches_email' do

  85.       it 'returns a relation of users whose email starts with the given string' do

  86.         specified = Fabricate(:user, email: 'specified@spec')

  87.         Fabricate(:user, email: 'unspecified@spec')

  88. 

  89.         expect(User.matches_email('specified')).to match_array([specified])

  90.       end

  91.     end

  92.   end

  93. 

  94.   let(:account) { Fabricate(:account, username: 'alice') }

  95.   let(:password) { 'abcd1234' }

  96. 

  97.   describe 'blacklist' do

  98.     around(:each) do |example|

  99.       old_blacklist = Rails.configuration.x.email_blacklist

  100. 

  101.       Rails.configuration.x.email_domains_blacklist = 'mvrht.com'

  102. 

  103.       example.run

  104. 

  105.       Rails.configuration.x.email_domains_blacklist = old_blacklist

  106.     end

  107. 

  108.     it 'should allow a non-blacklisted user to be created' do

  109.       user = User.new(email: 'foo@example.com', account: account, password: password, agreement: true)

  110. 

  111.       expect(user.valid?).to be_truthy

  112.     end

  113. 

  114.     it 'should not allow a blacklisted user to be created' do

  115.       user = User.new(email: 'foo@mvrht.com', account: account, password: password, agreement: true)

  116. 

  117.       expect(user.valid?).to be_falsey

  118.     end

  119. 

  120.     it 'should not allow a subdomain blacklisted user to be created' do

  121.       user = User.new(email: 'foo@mvrht.com.topdomain.tld', account: account, password: password, agreement: true)

  122. 

  123.       expect(user.valid?).to be_falsey

  124.     end

  125.   end

  126. 

  127.   describe '#confirmed?' do

  128.     it 'returns true when a confirmed_at is set' do

  129.       user = Fabricate.build(:user, confirmed_at: Time.now.utc)

  130.       expect(user.confirmed?).to be true

  131.     end

  132. 

  133.     it 'returns false if a confirmed_at is nil' do

  134.       user = Fabricate.build(:user, confirmed_at: nil)

  135.       expect(user.confirmed?).to be false

  136.     end

  137.   end

  138. 

  139.   describe '#confirm' do

  140.     it 'sets email to unconfirmed_email' do

  141.       user = Fabricate.build(:user, confirmed_at: Time.now.utc, unconfirmed_email: 'new-email@example.com')

  142.       user.confirm

  143.       expect(user.email).to eq 'new-email@example.com'

  144.     end

  145.   end

  146. 

  147.   describe '#disable_two_factor!' do

  148.     it 'saves false for otp_required_for_login' do

  149.       user = Fabricate.build(:user, otp_required_for_login: true)

  150.       user.disable_two_factor!

  151.       expect(user.reload.otp_required_for_login).to be false

  152.     end

  153. 

  154.     it 'saves cleared otp_backup_codes' do

  155.       user = Fabricate.build(:user, otp_backup_codes: %w(dummy dummy))

  156.       user.disable_two_factor!

  157.       expect(user.reload.otp_backup_codes.empty?).to be true

  158.     end

  159.   end

  160. 

  161.   describe '#send_confirmation_instructions' do

  162.     around do |example|

  163.       queue_adapter = ActiveJob::Base.queue_adapter

  164.       example.run

  165.       ActiveJob::Base.queue_adapter = queue_adapter

  166.     end

  167. 

  168.     it 'delivers confirmation instructions later' do

  169.       user = Fabricate(:user)

  170.       ActiveJob::Base.queue_adapter = :test

  171. 

  172.       expect { user.send_confirmation_instructions }.to have_enqueued_job(ActionMailer::DeliveryJob)

  173.     end

  174.   end

  175. 

  176.   describe 'settings' do

  177.     it 'is instance of Settings::ScopedSettings' do

  178.       user = Fabricate(:user)

  179.       expect(user.settings).to be_kind_of Settings::ScopedSettings

  180.     end

  181.   end

  182. 

  183.   describe '#setting_default_privacy' do

  184.     it 'returns default privacy setting if user has configured' do

  185.       user = Fabricate(:user)

  186.       user.settings[:default_privacy] = 'unlisted'

  187.       expect(user.setting_default_privacy).to eq 'unlisted'

  188.     end

  189. 

  190.     it "returns 'private' if user has not configured default privacy setting and account is locked" do

  191.       user = Fabricate(:user, account: Fabricate(:account, locked: true))

  192.       expect(user.setting_default_privacy).to eq 'private'

  193.     end

  194. 

  195.     it "returns 'public' if user has not configured default privacy setting and account is not locked" do

  196.       user = Fabricate(:user, account: Fabricate(:account, locked: false))

  197.       expect(user.setting_default_privacy).to eq 'public'

  198.     end

  199.   end

  200. 

  201.   describe 'whitelist' do

  202.     around(:each) do |example|

  203.       old_whitelist = Rails.configuration.x.email_whitelist

  204. 

  205.       Rails.configuration.x.email_domains_whitelist = 'mastodon.space'

  206. 

  207.       example.run

  208. 

  209.       Rails.configuration.x.email_domains_whitelist = old_whitelist

  210.     end

  211. 

  212.     it 'should not allow a user to be created unless they are whitelisted' do

  213.       user = User.new(email: 'foo@example.com', account: account, password: password, agreement: true)

  214.       expect(user.valid?).to be_falsey

  215.     end

  216. 

  217.     it 'should allow a user to be created if they are whitelisted' do

  218.       user = User.new(email: 'foo@mastodon.space', account: account, password: password, agreement: true)

  219.       expect(user.valid?).to be_truthy

  220.     end

  221. 

  222.     it 'should not allow a user with a whitelisted top domain as subdomain in their email address to be created' do

  223.       user = User.new(email: 'foo@mastodon.space.userdomain.com', account: account, password: password, agreement: true)

  224.       expect(user.valid?).to be_falsey

  225.     end

  226. 

  227.     context do

  228.       around do |example|

  229.         old_blacklist = Rails.configuration.x.email_blacklist

  230.         example.run

  231.         Rails.configuration.x.email_domains_blacklist = old_blacklist

  232.       end

  233. 

  234.       it 'should not allow a user to be created with a specific blacklisted subdomain even if the top domain is whitelisted' do

  235.         Rails.configuration.x.email_domains_blacklist = 'blacklisted.mastodon.space'

  236. 

  237.         user = User.new(email: 'foo@blacklisted.mastodon.space', account: account, password: password)

  238.         expect(user.valid?).to be_falsey

  239.       end

  240.     end

  241.   end

  242. 

  243.   it_behaves_like 'Settings-extended' do

  244.     def create!

  245.       User.create!(account: Fabricate(:account), email: 'foo@mastodon.space', password: 'abcd1234', agreement: true)

  246.     end

  247. 

  248.     def fabricate

  249.       Fabricate(:user)

  250.     end

  251.   end

  252. 

  253.   describe 'token_for_app' do

  254.     let(:user) { Fabricate(:user) }

  255.     let(:app) { Fabricate(:application, owner: user) }

  256. 

  257.     it 'returns a token' do

  258.       expect(user.token_for_app(app)).to be_a(Doorkeeper::AccessToken)

  259.     end

  260. 

  261.     it 'persists a token' do

  262.       t = user.token_for_app(app)

  263.       expect(user.token_for_app(app)).to eql(t)

  264.     end

  265. 

  266.     it 'is nil if user does not own app' do

  267.       app.update!(owner: nil)

  268. 

  269.       expect(user.token_for_app(app)).to be_nil

  270.     end

  271.   end

  272. 

  273.   describe '#role' do

  274.     it 'returns admin for admin' do

  275.       user = User.new(admin: true)

  276.       expect(user.role).to eq 'admin'

  277.     end

  278. 

  279.     it 'returns moderator for moderator' do

  280.       user = User.new(moderator: true)

  281.       expect(user.role).to eq 'moderator'

  282.     end

  283. 

  284.     it 'returns user otherwise' do

  285.       user = User.new

  286.       expect(user.role).to eq 'user'

  287.     end

  288.   end

  289. 

  290.   describe '#role?' do

  291.     it 'returns false when invalid role requested' do

  292.       user = User.new(admin: true)

  293.       expect(user.role?('disabled')).to be false

  294.     end

  295. 

  296.     it 'returns true when exact role match' do

  297.       user  = User.new

  298.       mod   = User.new(moderator: true)

  299.       admin = User.new(admin: true)

  300. 

  301.       expect(user.role?('user')).to be true

  302.       expect(mod.role?('moderator')).to be true

  303.       expect(admin.role?('admin')).to be true

  304.     end

  305. 

  306.     it 'returns true when role higher than needed' do

  307.       mod   = User.new(moderator: true)

  308.       admin = User.new(admin: true)

  309. 

  310.       expect(mod.role?('user')).to be true

  311.       expect(admin.role?('user')).to be true

  312.       expect(admin.role?('moderator')).to be true

  313.     end

  314.   end

  315. 

  316.   describe '#disable!' do

  317.     subject(:user) { Fabricate(:user, disabled: false, current_sign_in_at: current_sign_in_at, last_sign_in_at: nil) }

  318.     let(:current_sign_in_at) { Time.zone.now }

  319. 

  320.     before do

  321.       user.disable!

  322.     end

  323. 

  324.     it 'disables user' do

  325.       expect(user).to have_attributes(disabled: true, current_sign_in_at: nil, last_sign_in_at: current_sign_in_at)

  326.     end

  327.   end

  328. 

  329.   describe '#disable!' do

  330.     subject(:user) { Fabricate(:user, disabled: false, current_sign_in_at: current_sign_in_at, last_sign_in_at: nil) }

  331.     let(:current_sign_in_at) { Time.zone.now }

  332. 

  333.     before do

  334.       user.disable!

  335.     end

  336. 

  337.     it 'disables user' do

  338.       expect(user).to have_attributes(disabled: true, current_sign_in_at: nil, last_sign_in_at: current_sign_in_at)

  339.     end

  340.   end

  341. 

  342.   describe '#enable!' do

  343.     subject(:user) { Fabricate(:user, disabled: true) }

  344. 

  345.     before do

  346.       user.enable!

  347.     end

  348. 

  349.     it 'enables user' do

  350.       expect(user).to have_attributes(disabled: false)

  351.     end

  352.   end

  353. 

  354.   describe '#confirm!' do

  355.     subject(:user) { Fabricate(:user, confirmed_at: confirmed_at) }

  356. 

  357.     before do

  358.       ActionMailer::Base.deliveries.clear

  359.       user.confirm!

  360.     end

  361. 

  362.     after { ActionMailer::Base.deliveries.clear }

  363. 

  364.     context 'when user is new' do

  365.       let(:confirmed_at) { nil }

  366. 

  367.       it 'confirms user' do

  368.         expect(user.confirmed_at).to be_present

  369.       end

  370. 

  371.       it 'delivers mails' do

  372.         expect(ActionMailer::Base.deliveries.count).to eq 2

  373.       end

  374.     end

  375. 

  376.     context 'when user is not new' do

  377.       let(:confirmed_at) { Time.zone.now }

  378. 

  379.       it 'confirms user' do

  380.         expect(user.confirmed_at).to be_present

  381.       end

  382. 

  383.       it 'does not deliver mail' do

  384.         expect(ActionMailer::Base.deliveries.count).to eq 0

  385.       end

  386.     end

  387.   end

  388. 

  389.   describe '#promote!' do

  390.     subject(:user) { Fabricate(:user, admin: is_admin, moderator: is_moderator) }

  391. 

  392.     before do

  393.       user.promote!

  394.     end

  395. 

  396.     context 'when user is an admin' do

  397.       let(:is_admin) { true }

  398. 

  399.       context 'when user is a moderator' do

  400.         let(:is_moderator) { true }

  401. 

  402.         it 'changes moderator filed false' do

  403.           expect(user).to be_admin

  404.           expect(user).not_to be_moderator

  405.         end

  406.       end

  407. 

  408.       context 'when user is not a moderator' do

  409.         let(:is_moderator) { false }

  410. 

  411.         it 'does not change status' do

  412.           expect(user).to be_admin

  413.           expect(user).not_to be_moderator

  414.         end

  415.       end

  416.     end

  417. 

  418.     context 'when user is not admin' do

  419.       let(:is_admin) { false }

  420. 

  421.       context 'when user is a moderator' do

  422.         let(:is_moderator) { true }

  423. 

  424.         it 'changes user into an admin' do

  425.           expect(user).to be_admin

  426.           expect(user).not_to be_moderator

  427.         end

  428.       end

  429. 

  430.       context 'when user is not a moderator' do

  431.         let(:is_moderator) { false }

  432. 

  433.         it 'changes user into a moderator' do

  434.           expect(user).not_to be_admin

  435.           expect(user).to be_moderator

  436.         end

  437.       end

  438.     end

  439.   end

  440. 

  441.   describe '#demote!' do

  442.     subject(:user) { Fabricate(:user, admin: admin, moderator: moderator) }

  443. 

  444.     before do

  445.       user.demote!

  446.     end

  447. 

  448.     context 'when user is an admin' do

  449.       let(:admin) { true }

  450. 

  451.       context 'when user is a moderator' do

  452.         let(:moderator) { true }

  453. 

  454.         it 'changes user into a moderator' do

  455.           expect(user).not_to be_admin

  456.           expect(user).to be_moderator

  457.         end

  458.       end

  459. 

  460.       context 'when user is not a moderator' do

  461.         let(:moderator) { false }

  462. 

  463.         it 'changes user into a moderator' do

  464.           expect(user).not_to be_admin

  465.           expect(user).to be_moderator

  466.         end

  467.       end

  468.     end

  469. 

  470.     context 'when user is not an admin' do

  471.       let(:admin) { false }

  472. 

  473.       context 'when user is a moderator' do

  474.         let(:moderator) { true }

  475. 

  476.         it 'changes user into a plain user' do

  477.           expect(user).not_to be_admin

  478.           expect(user).not_to be_moderator

  479.         end

  480.       end

  481. 

  482.       context 'when user is not a moderator' do

  483.         let(:moderator) { false }

  484. 

  485.         it 'does not change any fields' do

  486.           expect(user).not_to be_admin

  487.           expect(user).not_to be_moderator

  488.         end

  489.       end

  490.     end

  491.   end

  492. 

  493.   describe '#active_for_authentication?' do

  494.     subject { user.active_for_authentication? }

  495.     let(:user) { Fabricate(:user, disabled: disabled, confirmed_at: confirmed_at) }

  496. 

  497.     context 'when user is disabled' do

  498.       let(:disabled) { true }

  499. 

  500.       context 'when user is confirmed' do

  501.         let(:confirmed_at) { Time.zone.now }

  502. 

  503.         it { is_expected.to be true }

  504.       end

  505. 

  506.       context 'when user is not confirmed' do

  507.         let(:confirmed_at) { nil }

  508. 

  509.         it { is_expected.to be false }

  510.       end

  511.     end

  512. 

  513.     context 'when user is not disabled' do

  514.       let(:disabled) { false }

  515. 

  516.       context 'when user is confirmed' do

  517.         let(:confirmed_at) { Time.zone.now }

  518. 

  519.         it { is_expected.to be true }

  520.       end

  521. 

  522.       context 'when user is not confirmed' do

  523.         let(:confirmed_at) { nil }

  524. 

  525.         it { is_expected.to be false }

  526.       end

  527.     end

  528.   end

  529. end