185 lines
6.3 KiB
Ruby
185 lines
6.3 KiB
Ruby
# typed: false
|
|
|
|
require "rails_helper"
|
|
|
|
describe "login", type: :request do
|
|
let(:user) { create(:user, password: "asdf") }
|
|
let(:banned) { create(:user, :banned, password: "asdf") }
|
|
let(:deleted) { create(:user, :deleted, password: "asdf") }
|
|
let(:banned_wiped) { create(:user, :banned, :wiped, password: "asdf") }
|
|
let(:deleted_wiped) { create(:user, :deleted, :wiped, password: "asdf") }
|
|
|
|
describe "/login" do
|
|
describe "happy path" do
|
|
it "logs in with email and correct password" do
|
|
post "/login", params: {email: user.email, password: "asdf"}
|
|
expect(flash[:error]).to be_nil
|
|
expect(response).to redirect_to("/")
|
|
end
|
|
|
|
it "logs in with username and correct password" do
|
|
post "/login", params: {email: user.username, password: "asdf"}
|
|
expect(session[:u]).to eq(user.session_token)
|
|
expect(flash[:error]).to be_nil
|
|
expect(response).to redirect_to("/")
|
|
end
|
|
end
|
|
|
|
describe "doesn't log in without correct password" do
|
|
it "doesn't log in with wrong password" do
|
|
post "/login", params: {email: user.email, password: "wrong"}
|
|
expect(session[:u]).to be_nil
|
|
expect(flash[:error]).to match(/Invalid/i)
|
|
end
|
|
|
|
it "doesn't log in with blank password" do
|
|
post "/login", params: {email: user.email, password: ""}
|
|
expect(session[:u]).to be_nil
|
|
expect(flash[:error]).to match(/Invalid/i)
|
|
end
|
|
|
|
it "doesn't log in without any password posted" do
|
|
post "/login", params: {email: user.email}
|
|
expect(session[:u]).to be_nil
|
|
expect(flash[:error]).to match(/Invalid/i)
|
|
end
|
|
end
|
|
|
|
it "doesn't allow login by banned users" do
|
|
post "/login", params: {email: banned.email, password: "asdf"}
|
|
expect(session[:u]).to be_nil
|
|
expect(flash[:error]).to match(/banned/)
|
|
end
|
|
|
|
it "doesn't allow login by deleted users" do
|
|
post "/login", params: {email: deleted.email, password: "asdf"}
|
|
expect(session[:u]).to be_nil
|
|
expect(flash[:error]).to match(/deleted/)
|
|
end
|
|
|
|
describe "wiped accounts" do
|
|
it "doesn't allow login by banned and wiped users" do
|
|
post "/login", params: {email: banned_wiped.email, password: "asdf"}
|
|
expect(session[:u]).to be_nil
|
|
expect(flash[:error]).to match(/wiped/)
|
|
end
|
|
|
|
it "doesn't allow login by deleted and wiped users" do
|
|
post "/login", params: {email: deleted_wiped.email, password: "asdf"}
|
|
expect(session[:u]).to be_nil
|
|
expect(flash[:error]).to match(/wiped/)
|
|
end
|
|
end
|
|
|
|
it "doesn't show login form if user is already logged in" do
|
|
post "/login", params: {email: user.email, password: "asdf"}
|
|
get "/login"
|
|
expect(response).to redirect_to("/")
|
|
end
|
|
|
|
it "doesn't allow submission from logged in users" do
|
|
post "/login", params: {email: user.email, password: "asdf"}
|
|
post "/login", params: {email: user.email, password: "asdf"}
|
|
expect(response).to redirect_to("/")
|
|
end
|
|
end
|
|
|
|
describe "/login/reset_password" do
|
|
it "starts reset process" do
|
|
expect {
|
|
post "/login/reset_password", params: {email: user.email}
|
|
expect(flash[:success]).to_not be_nil
|
|
}.to(change { User.find(user.id).password_reset_token })
|
|
end
|
|
|
|
it "starts reset process for deleted users" do
|
|
expect {
|
|
post "/login/reset_password", params: {email: deleted.email}
|
|
expect(flash[:success]).to_not be_nil
|
|
}.to(change { User.find(deleted.id).password_reset_token })
|
|
end
|
|
|
|
it "doesn't start reset process if user was banned" do
|
|
expect {
|
|
post "/login/reset_password", params: {email: banned.email}
|
|
expect(flash[:success]).to be_nil
|
|
}.not_to(change { User.find(banned.id).password_reset_token })
|
|
end
|
|
|
|
it "doesn't start reset process if user was deleted and wiped" do
|
|
expect {
|
|
post "/login/reset_password", params: {email: deleted_wiped.email}
|
|
expect(flash[:success]).to be_nil
|
|
}.not_to(change { User.find(deleted_wiped.id).password_reset_token })
|
|
end
|
|
|
|
it "doesn't show forgot password form if user is already logged in" do
|
|
post "/login", params: {email: user.email, password: "asdf"}
|
|
get "/login/forgot_password"
|
|
expect(response).to redirect_to("/")
|
|
end
|
|
|
|
it "doesn't allow submission from logged in users" do
|
|
post "/login", params: {email: user.email, password: "asdf"}
|
|
post "/login/reset_password", params: {email: user.email}
|
|
expect(response).to redirect_to("/")
|
|
end
|
|
end
|
|
|
|
describe "/login/set_new_password" do
|
|
it "resets if token matches" do
|
|
user.initiate_password_reset_for_ip("127.0.0.1")
|
|
expect {
|
|
post "/login/set_new_password", params: {
|
|
token: user.password_reset_token,
|
|
password: "new",
|
|
password_confirmation: "new"
|
|
}
|
|
}.to(change { User.find(user.id).password_digest })
|
|
expect(User.find(user.id).authenticate("new")).to be_truthy
|
|
end
|
|
|
|
it "doesn't reset if token is wrong" do
|
|
user.initiate_password_reset_for_ip("127.0.0.1")
|
|
expect {
|
|
post "/login/set_new_password", params: {
|
|
token: "totes wrong",
|
|
password: "new",
|
|
password_confirmation: "new"
|
|
}
|
|
}.not_to(change { User.find(user.id).password_digest })
|
|
end
|
|
|
|
it "doesn't reset if token is missing" do
|
|
expect {
|
|
post "/login/set_new_password", params: {
|
|
password: "new",
|
|
password_confirmation: "new"
|
|
}
|
|
}.not_to(change { User.find(user.id).password_digest })
|
|
end
|
|
|
|
it "doesn't reset if token expired" do
|
|
user.update!(password_reset_token: "#{2.days.ago.to_i}-#{Utils.random_str(30)}")
|
|
expect {
|
|
post "/login/set_new_password", params: {
|
|
token: user.password_reset_token,
|
|
password: "new",
|
|
password_confirmation: "new"
|
|
}
|
|
}.not_to(change { User.find(user.id).password_digest })
|
|
end
|
|
|
|
it "doesn't reset if user is banned" do
|
|
banned.initiate_password_reset_for_ip("127.0.0.1")
|
|
expect {
|
|
post "/login/set_new_password", params: {
|
|
token: banned.password_reset_token,
|
|
password: "new",
|
|
password_confirmation: "new"
|
|
}
|
|
}.not_to(change { User.find(banned.id).password_digest })
|
|
end
|
|
end
|
|
end
|