)
assert_routing(
- { :path => "/user/new", :method => :post },
+ { :path => "/user", :method => :post },
{ :controller => "users", :action => "create" }
)
- assert_routing(
- { :path => "/user/terms", :method => :get },
- { :controller => "users", :action => "terms" }
- )
-
- assert_routing(
- { :path => "/user/save", :method => :post },
- { :controller => "users", :action => "save" }
- )
-
assert_routing(
{ :path => "/user/go_public", :method => :post },
{ :controller => "users", :action => "go_public" }
{ :path => "/user/username", :method => :delete },
{ :controller => "users", :action => "destroy", :display_name => "username" }
)
-
- assert_routing(
- { :path => "/users", :method => :get },
- { :controller => "users", :action => "index" }
- )
- assert_routing(
- { :path => "/users", :method => :post },
- { :controller => "users", :action => "index" }
- )
- assert_routing(
- { :path => "/users/status", :method => :get },
- { :controller => "users", :action => "index", :status => "status" }
- )
- assert_routing(
- { :path => "/users/status", :method => :post },
- { :controller => "users", :action => "index", :status => "status" }
- )
end
# The user creation page loads
- def test_new_view
- get user_new_path
- assert_redirected_to user_new_path(:cookie_test => "true")
+ def test_new
+ get new_user_path
+ assert_redirected_to new_user_path(:cookie_test => "true")
- get user_new_path, :params => { :cookie_test => "true" }
+ get new_user_path, :params => { :cookie_test => "true" }
assert_response :success
+ assert_no_match(/img-src \* data:;/, @response.headers["Content-Security-Policy-Report-Only"])
+
assert_select "html", :count => 1 do
assert_select "head", :count => 1 do
assert_select "title", :text => /Sign Up/, :count => 1
end
assert_select "body", :count => 1 do
assert_select "div#content", :count => 1 do
- assert_select "form[action='/user/new'][method='post']", :count => 1 do
+ assert_select "form[action='/user'][method='post']", :count => 1 do
assert_select "input[id='user_email']", :count => 1
assert_select "input[id='user_display_name']", :count => 1
assert_select "input[id='user_pass_crypt'][type='password']", :count => 1
end
end
- def test_new_view_logged_in
+ def test_new_logged_in
session_for(create(:user))
- get user_new_path
+ get new_user_path
assert_redirected_to root_path
- get user_new_path, :params => { :referer => "/test" }
+ get new_user_path, :params => { :referer => "/test" }
assert_redirected_to "/test"
end
- def test_new_success
+ def test_create_success
user = build(:user, :pending)
assert_difference "User.count", 1 do
assert_difference "ActionMailer::Base.deliveries.size", 1 do
perform_enqueued_jobs do
- post user_new_path, :params => { :user => user.attributes }
+ post users_path, :params => { :user => user.attributes }
end
end
end
ActionMailer::Base.deliveries.clear
end
- def test_new_duplicate_email
+ def test_create_duplicate_email
user = build(:user, :pending)
create(:user, :email => user.email)
assert_no_difference "User.count" do
assert_no_difference "ActionMailer::Base.deliveries.size" do
perform_enqueued_jobs do
- post user_new_path, :params => { :user => user.attributes }
+ post users_path, :params => { :user => user.attributes }
end
end
end
assert_select "form > div > input.is-invalid#user_email"
end
- def test_new_duplicate_email_uppercase
+ def test_create_duplicate_email_uppercase
user = build(:user, :pending)
create(:user, :email => user.email.upcase)
assert_no_difference "User.count" do
assert_no_difference "ActionMailer::Base.deliveries.size" do
perform_enqueued_jobs do
- post user_new_path, :params => { :user => user.attributes }
+ post users_path, :params => { :user => user.attributes }
end
end
end
assert_select "form > div > input.is-invalid#user_email"
end
- def test_new_duplicate_name
+ def test_create_duplicate_name
user = build(:user, :pending)
create(:user, :display_name => user.display_name)
assert_no_difference "User.count" do
assert_no_difference "ActionMailer::Base.deliveries.size" do
perform_enqueued_jobs do
- post user_new_path, :params => { :user => user.attributes }
+ post users_path, :params => { :user => user.attributes }
end
end
end
assert_select "form > div > input.is-invalid#user_display_name"
end
- def test_new_duplicate_name_uppercase
+ def test_create_duplicate_name_uppercase
user = build(:user, :pending)
create(:user, :display_name => user.display_name.upcase)
assert_no_difference "User.count" do
assert_no_difference "ActionMailer::Base.deliveries.size" do
perform_enqueued_jobs do
- post user_new_path, :params => { :user => user.attributes }
+ post users_path, :params => { :user => user.attributes }
end
end
end
assert_select "form > div > input.is-invalid#user_display_name"
end
- def test_new_blocked_domain
+ def test_create_blocked_domain
user = build(:user, :pending, :email => "user@example.net")
# Now block that domain
assert_no_difference "User.count" do
assert_no_difference "ActionMailer::Base.deliveries.size" do
perform_enqueued_jobs do
- post user_new_path, :params => { :user => user.attributes }
+ post users_path, :params => { :user => user.attributes }
end
end
end
assert_template "blocked"
end
- def test_save_referer_params
+ def test_create_referer_params
user = build(:user, :pending)
assert_difference "User.count", 1 do
assert_difference "ActionMailer::Base.deliveries.size", 1 do
- post user_new_path, :params => { :user => user.attributes, :referer => "/edit?editor=id#map=1/2/3" }
+ post users_path, :params => { :user => user.attributes, :referer => "/edit?editor=id#map=1/2/3" }
assert_enqueued_with :job => ActionMailer::MailDeliveryJob,
:args => proc { |args| args[3][:args][2] == welcome_path(:editor => "id", :zoom => 1, :lat => 2, :lon => 3) }
perform_enqueued_jobs
ActionMailer::Base.deliveries.clear
end
- def test_terms_agreed
- user = create(:user, :terms_seen => true, :terms_agreed => Date.yesterday)
-
- session_for(user)
-
- get user_terms_path
- assert_redirected_to edit_account_path
- end
-
- def test_terms_not_seen_without_referer
- user = create(:user, :terms_seen => false, :terms_agreed => nil)
-
- session_for(user)
-
- get user_terms_path
- assert_response :success
- assert_template :terms
-
- post user_save_path, :params => { :user => { :consider_pd => true }, :read_ct => 1, :read_tou => 1 }
- assert_redirected_to edit_account_path
- assert_equal "Thanks for accepting the new contributor terms!", flash[:notice]
-
- user.reload
-
- assert user.consider_pd
- assert_not_nil user.terms_agreed
- assert user.terms_seen
- end
-
- def test_terms_not_seen_with_referer
- user = create(:user, :terms_seen => false, :terms_agreed => nil)
-
- session_for(user)
-
- get user_terms_path, :params => { :referer => "/test" }
- assert_response :success
- assert_template :terms
-
- post user_save_path, :params => { :user => { :consider_pd => true }, :referer => "/test", :read_ct => 1, :read_tou => 1 }
- assert_redirected_to "/test"
- assert_equal "Thanks for accepting the new contributor terms!", flash[:notice]
-
- user.reload
-
- assert user.consider_pd
- assert_not_nil user.terms_agreed
- assert user.terms_seen
- end
-
- # Check that if you haven't seen the terms, and make a request that requires authentication,
- # that your request is redirected to view the terms
- def test_terms_not_seen_redirection
- user = create(:user, :terms_seen => false, :terms_agreed => nil)
- session_for(user)
-
- get edit_account_path
- assert_redirected_to :controller => :users, :action => :terms, :referer => "/account/edit"
- end
-
- def test_terms_not_logged_in
- get user_terms_path
-
- assert_redirected_to login_path(:referer => "/user/terms")
- end
-
def test_go_public
user = create(:user, :data_public => false)
session_for(user)
get user_path(user)
assert_response :success
+ assert_match(/img-src \* data:;/, @response.headers["Content-Security-Policy-Report-Only"])
assert_select "div.content-heading" do
assert_select "a[href^='/user/#{ERB::Util.u(user.display_name)}/history']", 1
assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/traces']", 1
assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/account']", 0
assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/blocks']", 0
assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/blocks_by']", 0
- assert_select "a[href='/blocks/new/#{ERB::Util.u(user.display_name)}']", 0
+ assert_select "a[href='/user_blocks/new/#{ERB::Util.u(user.display_name)}']", 0
end
- # Friends shouldn't be visible as we're not logged in
- assert_select "div#friends-container", :count => 0
-
# Test a user who has been blocked
blocked_user = create(:user)
create(:user_block, :user => blocked_user)
assert_select "a[href='/user/#{ERB::Util.u(blocked_user.display_name)}/account']", 0
assert_select "a[href='/user/#{ERB::Util.u(blocked_user.display_name)}/blocks']", 1
assert_select "a[href='/user/#{ERB::Util.u(blocked_user.display_name)}/blocks_by']", 0
- assert_select "a[href='/blocks/new/#{ERB::Util.u(blocked_user.display_name)}']", 0
+ assert_select "a[href='/user_blocks/new/#{ERB::Util.u(blocked_user.display_name)}']", 0
end
# Test a moderator who has applied blocks
assert_select "a[href='/user/#{ERB::Util.u(moderator_user.display_name)}/account']", 0
assert_select "a[href='/user/#{ERB::Util.u(moderator_user.display_name)}/blocks']", 0
assert_select "a[href='/user/#{ERB::Util.u(moderator_user.display_name)}/blocks_by']", 1
- assert_select "a[href='/blocks/new/#{ERB::Util.u(moderator_user.display_name)}']", 0
+ assert_select "a[href='/user_blocks/new/#{ERB::Util.u(moderator_user.display_name)}']", 0
end
# Login as a normal user
assert_select "a[href='/account/edit']", 1
assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/blocks']", 0
assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/blocks_by']", 0
- assert_select "a[href='/blocks/new/#{ERB::Util.u(user.display_name)}']", 0
+ assert_select "a[href='/user_blocks/new/#{ERB::Util.u(user.display_name)}']", 0
assert_select "a[href='/api/0.6/user/#{ERB::Util.u(user.id)}']", 0
end
assert_select "a[href='/account/edit']", 0
assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/blocks']", 0
assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/blocks_by']", 0
- assert_select "a[href='/blocks/new/#{ERB::Util.u(user.display_name)}']", 1
+ assert_select "a[href='/user_blocks/new/#{ERB::Util.u(user.display_name)}']", 1
assert_select "a[href='/api/0.6/user/#{ERB::Util.u(user.id)}']", 1
end
end
assert_equal "deleted", user.status
end
- def test_index_get
- user = create(:user)
- moderator_user = create(:moderator_user)
- administrator_user = create(:administrator_user)
- _suspended_user = create(:user, :suspended)
- _ip_user = create(:user, :creation_ip => "1.2.3.4")
-
- # There are now 7 users - the five above, plus two extra "granters" for the
- # moderator_user and administrator_user
- assert_equal 7, User.count
-
- # Shouldn't work when not logged in
- get users_path
- assert_redirected_to login_path(:referer => users_path)
-
- session_for(user)
-
- # Shouldn't work when logged in as a normal user
- get users_path
- assert_redirected_to :controller => :errors, :action => :forbidden
-
- session_for(moderator_user)
-
- # Shouldn't work when logged in as a moderator
- get users_path
- assert_redirected_to :controller => :errors, :action => :forbidden
-
- session_for(administrator_user)
-
- # Note there is a header row, so all row counts are users + 1
- # Should work when logged in as an administrator
- get users_path
- assert_response :success
- assert_template :index
- assert_select "table#user_list tbody tr", :count => 7
-
- # Should be able to limit by status
- get users_path, :params => { :status => "suspended" }
- assert_response :success
- assert_template :index
- assert_select "table#user_list tbody tr", :count => 1
-
- # Should be able to limit by IP address
- get users_path, :params => { :ip => "1.2.3.4" }
- assert_response :success
- assert_template :index
- assert_select "table#user_list tbody tr", :count => 1
- end
-
- def test_index_get_paginated
- 1.upto(100).each do |n|
- User.create(:display_name => "extra_#{n}",
- :email => "extra#{n}@example.com",
- :pass_crypt => "extraextra")
- end
-
- session_for(create(:administrator_user))
-
- # 100 examples, an administrator, and a granter for the admin.
- assert_equal 102, User.count
- next_path = users_path
-
- get next_path
- assert_response :success
- assert_template :index
- assert_select "table#user_list tbody tr", :count => 50
- check_no_page_link "Newer Users"
- next_path = check_page_link "Older Users"
-
- get next_path
- assert_response :success
- assert_template :index
- assert_select "table#user_list tbody tr", :count => 50
- check_page_link "Newer Users"
- next_path = check_page_link "Older Users"
-
- get next_path
- assert_response :success
- assert_template :index
- assert_select "table#user_list tbody tr", :count => 2
- check_page_link "Newer Users"
- check_no_page_link "Older Users"
- end
-
- def test_index_get_invalid_paginated
- session_for(create(:administrator_user))
-
- %w[-1 0 fred].each do |id|
- get users_path(:before => id)
- assert_redirected_to :controller => :errors, :action => :bad_request
-
- get users_path(:after => id)
- assert_redirected_to :controller => :errors, :action => :bad_request
- end
- end
-
- private
-
- def check_no_page_link(name)
- assert_select "a.page-link", { :text => /#{Regexp.quote(name)}/, :count => 0 }, "unexpected #{name} page link"
- end
-
- def check_page_link(name)
- assert_select "a.page-link", { :text => /#{Regexp.quote(name)}/ }, "missing #{name} page link" do |buttons|
- return buttons.first.attributes["href"].value
- end
- end
-
- public
-
- def test_index_post_confirm
- inactive_user = create(:user, :pending)
- suspended_user = create(:user, :suspended)
-
- # Shouldn't work when not logged in
- assert_no_difference "User.active.count" do
- post users_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
- end
- assert_response :forbidden
-
- assert_equal "pending", inactive_user.reload.status
- assert_equal "suspended", suspended_user.reload.status
-
- session_for(create(:user))
-
- # Shouldn't work when logged in as a normal user
- assert_no_difference "User.active.count" do
- post users_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
- end
- assert_redirected_to :controller => :errors, :action => :forbidden
- assert_equal "pending", inactive_user.reload.status
- assert_equal "suspended", suspended_user.reload.status
-
- session_for(create(:moderator_user))
-
- # Shouldn't work when logged in as a moderator
- assert_no_difference "User.active.count" do
- post users_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
- end
- assert_redirected_to :controller => :errors, :action => :forbidden
- assert_equal "pending", inactive_user.reload.status
- assert_equal "suspended", suspended_user.reload.status
-
- session_for(create(:administrator_user))
-
- # Should work when logged in as an administrator
- assert_difference "User.active.count", 2 do
- post users_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
- end
- assert_redirected_to :action => :index
- assert_equal "confirmed", inactive_user.reload.status
- assert_equal "confirmed", suspended_user.reload.status
- end
-
- def test_index_post_hide
- normal_user = create(:user)
- confirmed_user = create(:user, :confirmed)
-
- # Shouldn't work when not logged in
- assert_no_difference "User.active.count" do
- post users_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
- end
- assert_response :forbidden
-
- assert_equal "active", normal_user.reload.status
- assert_equal "confirmed", confirmed_user.reload.status
-
- session_for(create(:user))
-
- # Shouldn't work when logged in as a normal user
- assert_no_difference "User.active.count" do
- post users_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
- end
- assert_redirected_to :controller => :errors, :action => :forbidden
- assert_equal "active", normal_user.reload.status
- assert_equal "confirmed", confirmed_user.reload.status
-
- session_for(create(:moderator_user))
-
- # Shouldn't work when logged in as a moderator
- assert_no_difference "User.active.count" do
- post users_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
- end
- assert_redirected_to :controller => :errors, :action => :forbidden
- assert_equal "active", normal_user.reload.status
- assert_equal "confirmed", confirmed_user.reload.status
-
- session_for(create(:administrator_user))
-
- # Should work when logged in as an administrator
- assert_difference "User.active.count", -2 do
- post users_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
- end
- assert_redirected_to :action => :index
- assert_equal "deleted", normal_user.reload.status
- assert_equal "deleted", confirmed_user.reload.status
- end
-
def test_auth_failure_callback
get auth_failure_path
assert_redirected_to login_path