Require a logged in user to accept or decline a term

This change is required to make sure that only logged in users can accept or decline terms

Require a logged in user to accept or decline a term
This change is required to make sure that only logged in users can accept or decline terms
665c8744 · manojmj · 2e069f6e · 665c8744 · 665c8744 · 665c8744
Commit 665c8744 authored Feb 10, 2020 by manojmj
3 changed files
--- a/app/controllers/users/terms_controller.rb
+++ b/app/controllers/users/terms_controller.rb
@@ -4,7 +4,7 @@ module Users
  class TermsController < ApplicationController
    include InternalRedirect
-    skip_before_action :authenticate_user!
+    skip_before_action :authenticate_user!, only: [:index]
    skip_before_action :enforce_terms!
    skip_before_action :check_password_expiration
    skip_before_action :check_two_factor_requirement

--- a/changelogs/unreleased/204723-nomethoderror-undefined-method-term_agreements-for-nil-nilclass.yml
+++ b/changelogs/unreleased/204723-nomethoderror-undefined-method-term_agreements-for-nil-nilclass.yml
+---
+title: Require a logged in user to accept or decline a term
+merge_request: 24771
+author:
+type: fixed
--- a/spec/controllers/users/terms_controller_spec.rb
+++ b/spec/controllers/users/terms_controller_spec.rb
@@ -4,7 +4,8 @@ require 'spec_helper'
 describe Users::TermsController do
  include TermsHelper
-  let(:user) { create(:user) }
+  let_it_be(:user) { create(:user) }
  let(:term) { create(:term) }
  before do
@@ -12,10 +13,11 @@ describe Users::TermsController do
  end
  describe 'GET #index' do
+    context 'when a user is signed in' do
      it 'redirects when no terms exist' do
        get :index
-      expect(response).to have_gitlab_http_status(:redirect)
+        expect(response).to redirect_to(root_path)
      end
      context 'when terms exist' do
@@ -40,7 +42,36 @@ describe Users::TermsController do
      end
    end
+    context 'when a user is not signed in' do
+      before do
+        sign_out user
+      end
+      context 'when terms exist' do
+        before do
+          stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false')
+          term
+        end
+        it 'returns success response' do
+          get :index
+          expect(response).to have_gitlab_http_status(:success)
+        end
+      end
+      context 'when no terms exist' do
+        it 'redirects' do
+          get :index
+          expect(response).to redirect_to(root_path)
+        end
+      end
+    end
+  end
  describe 'POST #accept' do
+    context 'when a user is signed in' do
      it 'saves that the user accepted the terms' do
        post :accept, params: { id: term.id }
@@ -80,7 +111,21 @@ describe Users::TermsController do
      end
    end
+    context 'when a user is not signed in' do
+      before do
+        sign_out user
+      end
+      it 'redirects to login page' do
+        post :accept, params: { id: term.id }
+        expect(response).to redirect_to(new_user_session_path)
+      end
+    end
+  end
  describe 'POST #decline' do
+    context 'when a user is signed in' do
      it 'stores that the user declined the terms' do
        post :decline, params: { id: term.id }
@@ -96,4 +141,17 @@ describe Users::TermsController do
        expect(assigns(:current_user)).to be_nil
      end
    end
+    context 'when a user is not signed in' do
+      before do
+        sign_out user
+      end
+      it 'redirects to login page' do
+        post :decline, params: { id: term.id }
+        expect(response).to redirect_to(new_user_session_path)
+      end
+    end
+  end
 end