tildeverse
/
tilde.news
mirror of https://github.com/tildeverse/lobsters
5
3
Fork 3
Code Issues 2 Releases Wiki Activity
tilde.news/spec/requests/login_spec.rb

185 lines
6.3 KiB
Ruby
Raw Blame History

# typed: false
require "rails_helper"
describe "login", type: :request do
let(:user) { create(:user, password: "asdf") }
let(:banned) { create(:user, :banned, password: "asdf") }
let(:deleted) { create(:user, :deleted, password: "asdf") }
let(:banned_wiped) { create(:user, :banned, :wiped, password: "asdf") }
let(:deleted_wiped) { create(:user, :deleted, :wiped, password: "asdf") }
describe "/login" do
describe "happy path" do
it "logs in with email and correct password" do
post "/login", params: {email: user.email, password: "asdf"}
expect(flash[:error]).to be_nil
expect(response).to redirect_to("/")
end
it "logs in with username and correct password" do
post "/login", params: {email: user.username, password: "asdf"}
expect(session[:u]).to eq(user.session_token)
expect(flash[:error]).to be_nil
expect(response).to redirect_to("/")
end
end
describe "doesn't log in without correct password" do
it "doesn't log in with wrong password" do
post "/login", params: {email: user.email, password: "wrong"}
expect(session[:u]).to be_nil
expect(flash[:error]).to match(/Invalid/i)
end
it "doesn't log in with blank password" do
post "/login", params: {email: user.email, password: ""}
expect(session[:u]).to be_nil
expect(flash[:error]).to match(/Invalid/i)
end
it "doesn't log in without any password posted" do
post "/login", params: {email: user.email}
expect(session[:u]).to be_nil
expect(flash[:error]).to match(/Invalid/i)
end
end
it "doesn't allow login by banned users" do
post "/login", params: {email: banned.email, password: "asdf"}
expect(session[:u]).to be_nil
expect(flash[:error]).to match(/banned/)
end
it "doesn't allow login by deleted users" do
post "/login", params: {email: deleted.email, password: "asdf"}
expect(session[:u]).to be_nil
expect(flash[:error]).to match(/deleted/)
end
describe "wiped accounts" do
it "doesn't allow login by banned and wiped users" do
post "/login", params: {email: banned_wiped.email, password: "asdf"}
expect(session[:u]).to be_nil
expect(flash[:error]).to match(/wiped/)
end
it "doesn't allow login by deleted and wiped users" do
post "/login", params: {email: deleted_wiped.email, password: "asdf"}
expect(session[:u]).to be_nil
expect(flash[:error]).to match(/wiped/)
end
end
it "doesn't show login form if user is already logged in" do
post "/login", params: {email: user.email, password: "asdf"}
get "/login"
expect(response).to redirect_to("/")
end
it "doesn't allow submission from logged in users" do
post "/login", params: {email: user.email, password: "asdf"}
post "/login", params: {email: user.email, password: "asdf"}
expect(response).to redirect_to("/")
end
end
describe "/login/reset_password" do
it "starts reset process" do
expect {
post "/login/reset_password", params: {email: user.email}
expect(flash[:success]).to_not be_nil
}.to(change { User.find(user.id).password_reset_token })
end
it "starts reset process for deleted users" do
expect {
post "/login/reset_password", params: {email: deleted.email}
expect(flash[:success]).to_not be_nil
}.to(change { User.find(deleted.id).password_reset_token })
end
it "doesn't start reset process if user was banned" do
expect {
post "/login/reset_password", params: {email: banned.email}
expect(flash[:success]).to be_nil
}.not_to(change { User.find(banned.id).password_reset_token })
end
it "doesn't start reset process if user was deleted and wiped" do
expect {
post "/login/reset_password", params: {email: deleted_wiped.email}
expect(flash[:success]).to be_nil
}.not_to(change { User.find(deleted_wiped.id).password_reset_token })
end
it "doesn't show forgot password form if user is already logged in" do
post "/login", params: {email: user.email, password: "asdf"}
get "/login/forgot_password"
expect(response).to redirect_to("/")
end
it "doesn't allow submission from logged in users" do
post "/login", params: {email: user.email, password: "asdf"}
post "/login/reset_password", params: {email: user.email}
expect(response).to redirect_to("/")
end
end
describe "/login/set_new_password" do
it "resets if token matches" do
user.initiate_password_reset_for_ip("127.0.0.1")
expect {
post "/login/set_new_password", params: {
token: user.password_reset_token,
password: "new",
password_confirmation: "new"
}
}.to(change { User.find(user.id).password_digest })
expect(User.find(user.id).authenticate("new")).to be_truthy
end
it "doesn't reset if token is wrong" do
user.initiate_password_reset_for_ip("127.0.0.1")
expect {
post "/login/set_new_password", params: {
token: "totes wrong",
password: "new",
password_confirmation: "new"
}
}.not_to(change { User.find(user.id).password_digest })
end
it "doesn't reset if token is missing" do
expect {
post "/login/set_new_password", params: {
password: "new",
password_confirmation: "new"
}
}.not_to(change { User.find(user.id).password_digest })
end
it "doesn't reset if token expired" do
user.update!(password_reset_token: "#{2.days.ago.to_i}-#{Utils.random_str(30)}")
expect {
post "/login/set_new_password", params: {
token: user.password_reset_token,
password: "new",
password_confirmation: "new"
}
}.not_to(change { User.find(user.id).password_digest })
end
it "doesn't reset if user is banned" do
banned.initiate_password_reset_for_ip("127.0.0.1")
expect {
post "/login/set_new_password", params: {
token: banned.password_reset_token,
password: "new",
password_confirmation: "new"
}
}.not_to(change { User.find(banned.id).password_digest })
end
end
end
Reference in New Issue View Git Blame Copy Permalink