Retrospring/spec/controllers/user_controller_spec.rb

# frozen_string_literal: true

require "rails_helper"

describe UserController, type: :controller do
  let(:user) { FactoryBot.create :user,
                                 otp_module: :disabled,
                                 otp_secret_key: 'EJFNIJPYXXTCQSRTQY6AG7XQLAT2IDG5H7NGLJE3'}

  describe "#show" do
    subject { get :show, params: { username: user.screen_name } }

    context "user signed in" do
      before(:each) { sign_in user }

      it "renders the user/show template" do
        subject
        expect(assigns(:user)).to eq(user)
        expect(response).to render_template("user/show")
      end
    end
  end

  describe "#followers" do
    subject { get :followers, params: { username: user.screen_name } }

    context "user signed in" do
      before(:each) { sign_in user }

      it "renders the user/show_follow template" do
        subject
        expect(assigns(:user)).to eq(user)
        expect(response).to render_template("user/show_follow")
      end
    end
  end

  describe "#followings" do
    subject { get :followings, params: { username: user.screen_name } }

    context "user signed in" do
      before(:each) { sign_in user }

      it "renders the user/show_follow template" do
        subject
        expect(assigns(:user)).to eq(user)
        expect(response).to render_template("user/show_follow")
      end
    end
  end

  describe "#questions" do
    subject { get :questions, params: { username: user.screen_name } }

    context "user signed in" do
      before(:each) { sign_in user }

      it "renders the user/questions template" do
        subject
        expect(assigns(:user)).to eq(user)
        expect(response).to render_template("user/questions")
      end
    end
  end

  describe "#edit_security" do
    subject { get :edit_security }

    context "user signed in" do
      before(:each) { sign_in user }
      render_views

      it "shows a setup form for users who don't have 2FA enabled" do
        subject
        expect(response).to have_rendered(:edit_security)
        expect(response).to have_rendered(partial: 'settings/security/_totp_setup')
      end

      it "shows the option to disable 2FA for users who have 2FA already enabled" do
        user.otp_module = :enabled
        user.save

        subject
        expect(response).to have_rendered(:edit_security)
        expect(response).to have_rendered(partial: 'settings/security/_totp_enabled')
      end
    end
  end

  describe "#update_2fa" do
    subject { post :update_2fa, params: update_params }

    context "user signed in" do
      before(:each) { sign_in user }

      context "user enters the incorrect code" do
        let(:update_params) do
          {
              user: { otp_validation: 123456 }
          }
        end

        it "shows an error if the user enters the incorrect code" do
          Timecop.freeze(Time.at(1603290888)) do
            subject
            expect(response).to redirect_to :edit_user_security
            expect(flash[:error]).to eq('The code you entered was invalid.')
          end
        end
      end

      context "user enters the correct code" do
        let(:update_params) do
          {
              user: { otp_validation: 187894 }
          }
        end

        it "enables 2FA for the logged in user and generates recovery keys" do
          Timecop.freeze(Time.at(1603290888)) do
            subject
            expect(response).to have_rendered(:recovery_keys)

            expect(user.totp_recovery_codes.count).to be(TotpRecoveryCode::NUMBER_OF_CODES_TO_GENERATE)
          end
        end

        it "shows an error if the user attempts to use the code once it has expired" do
          Timecop.freeze(Time.at(1603290950)) do
            subject
            expect(response).to redirect_to :edit_user_security
            expect(flash[:error]).to eq(I18n.t("errors.invalid_otp"))
          end
        end
      end
    end
  end

  describe "#destroy_2fa" do
    subject { delete :destroy_2fa }

    context "user signed in" do
      before(:each) do
        user.otp_module = :enabled
        user.save
        sign_in(user)
      end

      it "disables 2FA for the logged in user" do
        subject
        user.reload
        expect(user.otp_module_enabled?).to be_falsey
        expect(user.totp_recovery_codes.count).to be(0)
      end
    end
  end

  describe "#reset_user_recovery_codes" do
    subject { delete :reset_user_recovery_codes }

    context "user signed in" do
      before(:each) do
        sign_in(user)
      end

      it "regenerates codes on request" do
        old_codes = user.totp_recovery_codes.pluck(:code)
        subject
        new_codes = user.totp_recovery_codes.pluck(:code)
        expect(new_codes).not_to match_array(old_codes)
      end
    end
  end

  describe "#edit_blocks" do
    subject { get :edit_blocks }

    context "user signed in" do
      before(:each) { sign_in user }

      it "shows the edit_blocks page" do
        subject
        expect(response).to have_rendered(:edit_blocks)
      end

      it "only contains blocks of the signed in user" do
        other_user = create(:user)
        other_user.block(user)

        subject

        expect(assigns(:blocks)).to eq(user.active_block_relationships)
      end

      it "only contains anonymous blocks of the signed in user" do
        other_user = create(:user)
        question = create(:question)
        other_user.anonymous_blocks.create(identifier: "very-real-identifier", question_id: question.id)

        subject

        expect(assigns(:anonymous_blocks)).to eq(user.anonymous_blocks)
      end
    end
  end
end
Add uploader tests 2020-05-21 13:25:43 -07:00			`# frozen_string_literal: true`

			`require "rails_helper"`

			`describe UserController, type: :controller do`
Add tests for recovery codes 2020-11-15 01:21:06 -08:00			`let(:user) { FactoryBot.create :user,`
			`otp_module: :disabled,`
			`otp_secret_key: 'EJFNIJPYXXTCQSRTQY6AG7XQLAT2IDG5H7NGLJE3'}`
Add uploader tests 2020-05-21 13:25:43 -07:00
Add basic test for answer & user show views 2021-12-31 04:59:08 -08:00			`describe "#show" do`
			`subject { get :show, params: { username: user.screen_name } }`

			`context "user signed in" do`
			`before(:each) { sign_in user }`

			`it "renders the user/show template" do`
			`subject`
			`expect(assigns(:user)).to eq(user)`
			`expect(response).to render_template("user/show")`
			`end`
			`end`
			`end`

Add basic tests for followers & following in `UserController` 2021-12-31 06:35:29 -08:00			`describe "#followers" do`
			`subject { get :followers, params: { username: user.screen_name } }`

			`context "user signed in" do`
			`before(:each) { sign_in user }`

			`it "renders the user/show_follow template" do`
			`subject`
			`expect(assigns(:user)).to eq(user)`
			`expect(response).to render_template("user/show_follow")`
			`end`
			`end`
			`end`

Update `UserController` tests to match rename of followings 2022-01-08 12:40:57 -08:00			`describe "#followings" do`
			`subject { get :followings, params: { username: user.screen_name } }`
Add basic tests for followers & following in `UserController` 2021-12-31 06:35:29 -08:00
			`context "user signed in" do`
			`before(:each) { sign_in user }`

			`it "renders the user/show_follow template" do`
			`subject`
			`expect(assigns(:user)).to eq(user)`
			`expect(response).to render_template("user/show_follow")`
			`end`
			`end`
			`end`

Add basic test for user questions 2021-12-31 06:56:15 -08:00			`describe "#questions" do`
			`subject { get :questions, params: { username: user.screen_name } }`

			`context "user signed in" do`
			`before(:each) { sign_in user }`

			`it "renders the user/questions template" do`
			`subject`
			`expect(assigns(:user)).to eq(user)`
			`expect(response).to render_template("user/questions")`
			`end`
			`end`
			`end`

Add tests for security settings page 2020-10-21 04:44:00 -07:00			`describe "#edit_security" do`
			`subject { get :edit_security }`

			`context "user signed in" do`
			`before(:each) { sign_in user }`
			`render_views`

			`it "shows a setup form for users who don't have 2FA enabled" do`
			`subject`
			`expect(response).to have_rendered(:edit_security)`
Rename settings partials to match naming conventions 2020-10-21 04:49:12 -07:00			`expect(response).to have_rendered(partial: 'settings/security/_totp_setup')`
Add tests for security settings page 2020-10-21 04:44:00 -07:00			`end`

			`it "shows the option to disable 2FA for users who have 2FA already enabled" do`
			`user.otp_module = :enabled`
			`user.save`

			`subject`
			`expect(response).to have_rendered(:edit_security)`
Rename settings partials to match naming conventions 2020-10-21 04:49:12 -07:00			`expect(response).to have_rendered(partial: 'settings/security/_totp_enabled')`
Add tests for security settings page 2020-10-21 04:44:00 -07:00			`end`
			`end`
			`end`
Add test for #update_2fa endpoint 2020-10-21 07:47:07 -07:00
			`describe "#update_2fa" do`
			`subject { post :update_2fa, params: update_params }`

			`context "user signed in" do`
			`before(:each) { sign_in user }`

			`context "user enters the incorrect code" do`
			`let(:update_params) do`
			`{`
Add tests for recovery codes 2020-11-15 01:21:06 -08:00			`user: { otp_validation: 123456 }`
Add test for #update_2fa endpoint 2020-10-21 07:47:07 -07:00			`}`
			`end`

			`it "shows an error if the user enters the incorrect code" do`
			`Timecop.freeze(Time.at(1603290888)) do`
			`subject`
			`expect(response).to redirect_to :edit_user_security`
Add tests for recovery codes 2020-11-15 01:21:06 -08:00			`expect(flash[:error]).to eq('The code you entered was invalid.')`
Add test for #update_2fa endpoint 2020-10-21 07:47:07 -07:00			`end`
			`end`
			`end`

			`context "user enters the correct code" do`
			`let(:update_params) do`
			`{`
Add tests for recovery codes 2020-11-15 01:21:06 -08:00			`user: { otp_validation: 187894 }`
Add test for #update_2fa endpoint 2020-10-21 07:47:07 -07:00			`}`
			`end`

Add tests for recovery codes 2020-11-15 01:21:06 -08:00			`it "enables 2FA for the logged in user and generates recovery keys" do`
Add test for #update_2fa endpoint 2020-10-21 07:47:07 -07:00			`Timecop.freeze(Time.at(1603290888)) do`
			`subject`
Add tests for recovery codes 2020-11-15 01:21:06 -08:00			`expect(response).to have_rendered(:recovery_keys)`

			`expect(user.totp_recovery_codes.count).to be(TotpRecoveryCode::NUMBER_OF_CODES_TO_GENERATE)`
Add test for #update_2fa endpoint 2020-10-21 07:47:07 -07:00			`end`
			`end`

			`it "shows an error if the user attempts to use the code once it has expired" do`
Fix test for expired OTP 2020-11-15 12:27:38 -08:00			`Timecop.freeze(Time.at(1603290950)) do`
Add test for #update_2fa endpoint 2020-10-21 07:47:07 -07:00			`subject`
Fix test for expired OTP 2020-11-15 12:27:38 -08:00			`expect(response).to redirect_to :edit_user_security`
Fix errors in test cases 2022-02-13 10:49:01 -08:00			`expect(flash[:error]).to eq(I18n.t("errors.invalid_otp"))`
Add test for #update_2fa endpoint 2020-10-21 07:47:07 -07:00			`end`
			`end`
			`end`
			`end`
			`end`
Add test for #destroy_2fa endpoint 2020-10-21 07:52:59 -07:00
			`describe "#destroy_2fa" do`
			`subject { delete :destroy_2fa }`

			`context "user signed in" do`
			`before(:each) do`
			`user.otp_module = :enabled`
			`user.save`
Add tests for recovery codes 2020-11-15 01:21:06 -08:00			`sign_in(user)`
Add test for #destroy_2fa endpoint 2020-10-21 07:52:59 -07:00			`end`

			`it "disables 2FA for the logged in user" do`
			`subject`
			`user.reload`
			`expect(user.otp_module_enabled?).to be_falsey`
Add tests for recovery codes 2020-11-15 01:21:06 -08:00			`expect(user.totp_recovery_codes.count).to be(0)`
			`end`
			`end`
			`end`

			`describe "#reset_user_recovery_codes" do`
			`subject { delete :reset_user_recovery_codes }`

			`context "user signed in" do`
			`before(:each) do`
			`sign_in(user)`
			`end`

			`it "regenerates codes on request" do`
			`old_codes = user.totp_recovery_codes.pluck(:code)`
			`subject`
			`new_codes = user.totp_recovery_codes.pluck(:code)`
			`expect(new_codes).not_to match_array(old_codes)`
Add test for #destroy_2fa endpoint 2020-10-21 07:52:59 -07:00			`end`
			`end`
			`end`
Add tests for `UserController#edit_blocks` 2022-06-24 17:02:43 -07:00
			`describe "#edit_blocks" do`
			`subject { get :edit_blocks }`

			`context "user signed in" do`
			`before(:each) { sign_in user }`

			`it "shows the edit_blocks page" do`
			`subject`
			`expect(response).to have_rendered(:edit_blocks)`
			`end`

			`it "only contains blocks of the signed in user" do`
			`other_user = create(:user)`
			`other_user.block(user)`

			`subject`

			`expect(assigns(:blocks)).to eq(user.active_block_relationships)`
			`end`

			`it "only contains anonymous blocks of the signed in user" do`
			`other_user = create(:user)`
			`question = create(:question)`
			`other_user.anonymous_blocks.create(identifier: "very-real-identifier", question_id: question.id)`

			`subject`

			`expect(assigns(:anonymous_blocks)).to eq(user.anonymous_blocks)`
			`end`
			`end`
			`end`
Add uploader tests 2020-05-21 13:25:43 -07:00			`end`