Require signed in user when updating registration

To prevent errors from happening

Require signed in user when updating registration
To prevent errors from happening
3ffc9384 · Alex Buijs · 28207308 · 3ffc9384 · 3ffc9384 · 3ffc9384
Commit 3ffc9384 authored Oct 15, 2020 by Alex Buijs
4 changed files
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -58,6 +58,8 @@ class RegistrationsController < Devise::RegistrationsController
  end
  def update_registration
+    return redirect_to new_user_registration_path unless current_user
    user_params = params.require(:user).permit(:role, :setup_for_company)
    result = ::Users::SignupService.new(current_user, user_params).execute

--- a/changelogs/unreleased/267498-failed-test-qa-specs-features-browser_ui-1_manage-login-register_s.yml
+++ b/changelogs/unreleased/267498-failed-test-qa-specs-features-browser_ui-1_manage-login-register_s.yml
+---
+title: Redirect when no user is signed in when updating registration
+merge_request: 45276
+author:
+type: fixed
--- a/ee/spec/controllers/registrations_controller_spec.rb
+++ b/ee/spec/controllers/registrations_controller_spec.rb
@@ -59,12 +59,17 @@ RSpec.describe RegistrationsController do
  end
  describe '#update_registration' do
+    subject(:update_registration) { patch :update_registration, params: { user: { role: 'software_developer', setup_for_company: 'false' } } }
+    context 'without a signed in user' do
+      it { is_expected.to redirect_to new_user_registration_path }
+    end
+    context 'with a signed in user' do
      before do
        sign_in(user)
      end
-    subject(:update_registration) { patch :update_registration, params: { user: { role: 'software_developer', setup_for_company: 'false' } } }
      describe 'redirection' do
        it { is_expected.to redirect_to dashboard_projects_path }
@@ -100,6 +105,7 @@ RSpec.describe RegistrationsController do
          end
        end
      end
+    end
    describe 'recording the user and tracking events for the onboarding issues experiment' do
      using RSpec::Parameterized::TableSyntax
@@ -113,6 +119,7 @@ RSpec.describe RegistrationsController do
      let(:in_trial_flow) { false }
      before do
+        sign_in(user)
        allow(::Gitlab).to receive(:com?).and_return(on_gitlab_com)
        stub_experiment(onboarding_issues: experiment_enabled)
        stub_experiment_for_user(onboarding_issues: experiment_enabled_for_user)

--- a/spec/controllers/registrations_controller_spec.rb
+++ b/spec/controllers/registrations_controller_spec.rb
@@ -477,10 +477,16 @@ RSpec.describe RegistrationsController do
      patch :update_registration, params: { user: { role: 'software_developer', setup_for_company: 'false' } }
    end
+    context 'without a signed in user' do
+      it { is_expected.to redirect_to new_user_registration_path }
+    end
+    context 'with a signed in user' do
      before do
        sign_in(create(:user))
      end
      it { is_expected.to redirect_to(dashboard_projects_path)}
    end
+  end
 end