Commit d6805f4f authored by Stan Hu's avatar Stan Hu

Merge branch '292679-add-users-request-specs' into 'master'

Replace user controller spec with its request spec

See merge request gitlab-org/gitlab!50435
parents 3d7f3074 d97cc48d
...@@ -197,7 +197,6 @@ Rails/SaveBang: ...@@ -197,7 +197,6 @@ Rails/SaveBang:
- 'spec/controllers/projects_controller_spec.rb' - 'spec/controllers/projects_controller_spec.rb'
- 'spec/controllers/sent_notifications_controller_spec.rb' - 'spec/controllers/sent_notifications_controller_spec.rb'
- 'spec/controllers/sessions_controller_spec.rb' - 'spec/controllers/sessions_controller_spec.rb'
- 'spec/controllers/users_controller_spec.rb'
- 'spec/factories_spec.rb' - 'spec/factories_spec.rb'
- 'spec/features/admin/admin_appearance_spec.rb' - 'spec/features/admin/admin_appearance_spec.rb'
- 'spec/features/admin/admin_labels_spec.rb' - 'spec/features/admin/admin_labels_spec.rb'
...@@ -399,6 +398,7 @@ Rails/SaveBang: ...@@ -399,6 +398,7 @@ Rails/SaveBang:
- 'spec/requests/api/labels_spec.rb' - 'spec/requests/api/labels_spec.rb'
- 'spec/requests/api/project_import_spec.rb' - 'spec/requests/api/project_import_spec.rb'
- 'spec/requests/projects/cycle_analytics_events_spec.rb' - 'spec/requests/projects/cycle_analytics_events_spec.rb'
- 'spec/requests/users_controller_spec.rb'
Rails/TimeZone: Rails/TimeZone:
Enabled: true Enabled: true
......
---
title: Replace user controller spec with its request spec
merge_request: 50435
author: Takuya Noguchi
type: other
...@@ -9,29 +9,26 @@ RSpec.describe UsersController do ...@@ -9,29 +9,26 @@ RSpec.describe UsersController do
let(:public_user) { create(:user) } let(:public_user) { create(:user) }
describe 'GET #show' do describe 'GET #show' do
context 'with rendered views' do shared_examples_for 'renders the show template' do
render_views it 'renders the show template' do
get user_url user.username
expect(response).to have_gitlab_http_status(:ok)
expect(response).to render_template('show')
end
end
context 'when the user exists and has public visibility' do
context 'when logged in' do context 'when logged in' do
before do before do
sign_in(user) sign_in(user)
end end
it 'renders the show template' do it_behaves_like 'renders the show template'
get :show, params: { username: user.username }
expect(response).to be_successful
expect(response).to render_template('show')
end
end end
context 'when logged out' do context 'when logged out' do
it 'renders the show template' do it_behaves_like 'renders the show template'
get :show, params: { username: user.username }
expect(response).to have_gitlab_http_status(:ok)
expect(response).to render_template('show')
end
end end
end end
...@@ -42,7 +39,8 @@ RSpec.describe UsersController do ...@@ -42,7 +39,8 @@ RSpec.describe UsersController do
context 'when logged out' do context 'when logged out' do
it 'redirects to login page' do it 'redirects to login page' do
get :show, params: { username: user.username } get user_url user.username
expect(response).to redirect_to new_user_session_path expect(response).to redirect_to new_user_session_path
end end
end end
...@@ -52,18 +50,15 @@ RSpec.describe UsersController do ...@@ -52,18 +50,15 @@ RSpec.describe UsersController do
sign_in(user) sign_in(user)
end end
it 'renders show' do it_behaves_like 'renders the show template'
get :show, params: { username: user.username }
expect(response).to have_gitlab_http_status(:ok)
expect(response).to render_template('show')
end
end end
end end
context 'when a user by that username does not exist' do context 'when a user by that username does not exist' do
context 'when logged out' do context 'when logged out' do
it 'redirects to login page' do it 'redirects to login page' do
get :show, params: { username: 'nonexistent' } get user_url 'nonexistent'
expect(response).to redirect_to new_user_session_path expect(response).to redirect_to new_user_session_path
end end
end end
...@@ -74,7 +69,8 @@ RSpec.describe UsersController do ...@@ -74,7 +69,8 @@ RSpec.describe UsersController do
end end
it 'renders 404' do it 'renders 404' do
get :show, params: { username: 'nonexistent' } get user_url 'nonexistent'
expect(response).to have_gitlab_http_status(:not_found) expect(response).to have_gitlab_http_status(:not_found)
end end
end end
...@@ -91,54 +87,55 @@ RSpec.describe UsersController do ...@@ -91,54 +87,55 @@ RSpec.describe UsersController do
end end
it 'loads events' do it 'loads events' do
get :show, params: { username: user }, format: :json # Requesting "/username?format=json" instead of "/username.json"
get user_url user.username, params: { format: :json }
expect(assigns(:events)).not_to be_empty expect(response.media_type).to eq('application/json')
expect(Gitlab::Json.parse(response.body)['count']).to eq(1)
end end
it 'hides events if the user cannot read cross project' do it 'hides events if the user cannot read cross project' do
allow(Ability).to receive(:allowed?).and_call_original allow(Ability).to receive(:allowed?).and_call_original
expect(Ability).to receive(:allowed?).with(user, :read_cross_project) { false } expect(Ability).to receive(:allowed?).with(user, :read_cross_project) { false }
get :show, params: { username: user }, format: :json get user_url user.username, params: { format: :json }
expect(assigns(:events)).to be_empty expect(response.media_type).to eq('application/json')
expect(Gitlab::Json.parse(response.body)['count']).to eq(0)
end end
it 'hides events if the user has a private profile' do it 'hides events if the user has a private profile' do
Gitlab::DataBuilder::Push.build_sample(project, private_user) Gitlab::DataBuilder::Push.build_sample(project, private_user)
get :show, params: { username: private_user.username }, format: :json get user_url private_user.username, params: { format: :json }
expect(assigns(:events)).to be_empty expect(response.media_type).to eq('application/json')
expect(Gitlab::Json.parse(response.body)['count']).to eq(0)
end end
end end
end end
describe 'GET #activity' do describe 'GET #activity' do
context 'with rendered views' do shared_examples_for 'renders the show template' do
render_views it 'renders the show template' do
get user_activity_url user.username
expect(response).to have_gitlab_http_status(:ok)
expect(response).to render_template('show')
end
end
context 'when the user exists and has public visibility' do
context 'when logged in' do context 'when logged in' do
before do before do
sign_in(user) sign_in(user)
end end
it 'renders the show template' do it_behaves_like 'renders the show template'
get :show, params: { username: user.username }
expect(response).to be_successful
expect(response).to render_template('show')
end
end end
context 'when logged out' do context 'when logged out' do
it 'renders the show template' do it_behaves_like 'renders the show template'
get :activity, params: { username: user.username }
expect(response).to have_gitlab_http_status(:ok)
expect(response).to render_template('show')
end
end end
end end
...@@ -149,7 +146,8 @@ RSpec.describe UsersController do ...@@ -149,7 +146,8 @@ RSpec.describe UsersController do
context 'when logged out' do context 'when logged out' do
it 'redirects to login page' do it 'redirects to login page' do
get :activity, params: { username: user.username } get user_activity_url user.username
expect(response).to redirect_to new_user_session_path expect(response).to redirect_to new_user_session_path
end end
end end
...@@ -159,18 +157,15 @@ RSpec.describe UsersController do ...@@ -159,18 +157,15 @@ RSpec.describe UsersController do
sign_in(user) sign_in(user)
end end
it 'renders show' do it_behaves_like 'renders the show template'
get :activity, params: { username: user.username }
expect(response).to have_gitlab_http_status(:ok)
expect(response).to render_template('show')
end
end end
end end
context 'when a user by that username does not exist' do context 'when a user by that username does not exist' do
context 'when logged out' do context 'when logged out' do
it 'redirects to login page' do it 'redirects to login page' do
get :activity, params: { username: 'nonexistent' } get user_activity_url 'nonexistent'
expect(response).to redirect_to new_user_session_path expect(response).to redirect_to new_user_session_path
end end
end end
...@@ -181,7 +176,8 @@ RSpec.describe UsersController do ...@@ -181,7 +176,8 @@ RSpec.describe UsersController do
end end
it 'renders 404' do it 'renders 404' do
get :activity, params: { username: 'nonexistent' } get user_activity_url 'nonexistent'
expect(response).to have_gitlab_http_status(:not_found) expect(response).to have_gitlab_http_status(:not_found)
end end
end end
...@@ -198,26 +194,29 @@ RSpec.describe UsersController do ...@@ -198,26 +194,29 @@ RSpec.describe UsersController do
end end
it 'loads events' do it 'loads events' do
get :activity, params: { username: user }, format: :json get user_activity_url user.username, format: :json
expect(assigns(:events)).not_to be_empty expect(response.media_type).to eq('application/json')
expect(Gitlab::Json.parse(response.body)['count']).to eq(1)
end end
it 'hides events if the user cannot read cross project' do it 'hides events if the user cannot read cross project' do
allow(Ability).to receive(:allowed?).and_call_original allow(Ability).to receive(:allowed?).and_call_original
expect(Ability).to receive(:allowed?).with(user, :read_cross_project) { false } expect(Ability).to receive(:allowed?).with(user, :read_cross_project) { false }
get :activity, params: { username: user }, format: :json get user_activity_url user.username, format: :json
expect(assigns(:events)).to be_empty expect(response.media_type).to eq('application/json')
expect(Gitlab::Json.parse(response.body)['count']).to eq(0)
end end
it 'hides events if the user has a private profile' do it 'hides events if the user has a private profile' do
Gitlab::DataBuilder::Push.build_sample(project, private_user) Gitlab::DataBuilder::Push.build_sample(project, private_user)
get :activity, params: { username: private_user.username }, format: :json get user_activity_url private_user.username, format: :json
expect(assigns(:events)).to be_empty expect(response.media_type).to eq('application/json')
expect(Gitlab::Json.parse(response.body)['count']).to eq(0)
end end
end end
end end
...@@ -225,29 +224,20 @@ RSpec.describe UsersController do ...@@ -225,29 +224,20 @@ RSpec.describe UsersController do
describe 'GET #ssh_keys' do describe 'GET #ssh_keys' do
context 'non existent user' do context 'non existent user' do
it 'does not generally work' do it 'does not generally work' do
get :ssh_keys, params: { username: 'not-existent' } get '/not-existent.keys'
expect(response).not_to be_successful expect(response).not_to be_successful
end end
end end
context 'user with no keys' do context 'user with no keys' do
it 'does generally work' do it 'responds the empty body with text/plain content type' do
get :ssh_keys, params: { username: user.username } get "/#{user.username}.keys"
expect(response).to be_successful expect(response).to be_successful
end expect(response.media_type).to eq("text/plain")
it 'renders all keys separated with a new line' do
get :ssh_keys, params: { username: user.username }
expect(response.body).to eq("") expect(response.body).to eq("")
end end
it 'responds with text/plain content type' do
get :ssh_keys, params: { username: user.username }
expect(response.content_type).to eq("text/plain")
end
end end
context 'user with keys' do context 'user with keys' do
...@@ -256,14 +246,11 @@ RSpec.describe UsersController do ...@@ -256,14 +246,11 @@ RSpec.describe UsersController do
let!(:deploy_key) { create(:deploy_key, user: user) } let!(:deploy_key) { create(:deploy_key, user: user) }
shared_examples_for 'renders all public keys' do shared_examples_for 'renders all public keys' do
it 'does generally work' do it 'renders all non-deploy keys separated with a new line with text/plain content type without the comment key' do
get :ssh_keys, params: { username: user.username } get "/#{user.username}.keys"
expect(response).to be_successful expect(response).to be_successful
end expect(response.media_type).to eq("text/plain")
it 'renders all non deploy keys separated with a new line' do
get :ssh_keys, params: { username: user.username }
expect(response.body).not_to eq('') expect(response.body).not_to eq('')
expect(response.body).to eq(user.all_ssh_keys.join("\n")) expect(response.body).to eq(user.all_ssh_keys.join("\n"))
...@@ -271,19 +258,9 @@ RSpec.describe UsersController do ...@@ -271,19 +258,9 @@ RSpec.describe UsersController do
expect(response.body).to include(key.key.sub(' dummy@gitlab.com', '')) expect(response.body).to include(key.key.sub(' dummy@gitlab.com', ''))
expect(response.body).to include(another_key.key.sub(' dummy@gitlab.com', '')) expect(response.body).to include(another_key.key.sub(' dummy@gitlab.com', ''))
expect(response.body).not_to include(deploy_key.key)
end
it 'does not render the comment of the key' do
get :ssh_keys, params: { username: user.username }
expect(response.body).not_to match(/dummy@gitlab.com/) expect(response.body).not_to match(/dummy@gitlab.com/)
end
it 'responds with text/plain content type' do
get :ssh_keys, params: { username: user.username }
expect(response.content_type).to eq("text/plain") expect(response.body).not_to include(deploy_key.key)
end end
end end
...@@ -308,29 +285,18 @@ RSpec.describe UsersController do ...@@ -308,29 +285,18 @@ RSpec.describe UsersController do
describe 'GET #gpg_keys' do describe 'GET #gpg_keys' do
context 'non existent user' do context 'non existent user' do
it 'does not generally work' do it 'does not generally work' do
get :gpg_keys, params: { username: 'not-existent' } get '/not-existent.keys'
expect(response).not_to be_successful expect(response).not_to be_successful
end end
end end
context 'user with no keys' do context 'user with no keys' do
it 'does generally work' do it 'responds the empty body with text/plain content type' do
get :gpg_keys, params: { username: user.username } get "/#{user.username}.gpg"
expect(response).to be_successful expect(response).to be_successful
end expect(response.media_type).to eq("text/plain")
it 'renders all keys separated with a new line' do
get :gpg_keys, params: { username: user.username }
expect(response.body).to eq("")
end
it 'responds with text/plain content type' do
get :gpg_keys, params: { username: user.username }
expect(response.content_type).to eq("text/plain")
expect(response.body).to eq("") expect(response.body).to eq("")
end end
end end
...@@ -340,16 +306,12 @@ RSpec.describe UsersController do ...@@ -340,16 +306,12 @@ RSpec.describe UsersController do
let!(:another_gpg_key) { create(:another_gpg_key, user: user) } let!(:another_gpg_key) { create(:another_gpg_key, user: user) }
shared_examples_for 'renders all verified GPG keys' do shared_examples_for 'renders all verified GPG keys' do
it 'does generally work' do it 'renders all verified keys separated with a new line with text/plain content type' do
get :gpg_keys, params: { username: user.username } get "/#{user.username}.gpg"
expect(response).to be_successful expect(response).to be_successful
end
it 'renders all verified keys separated with a new line with text/plain content type' do
get :gpg_keys, params: { username: user.username }
expect(response.content_type).to eq("text/plain") expect(response.media_type).to eq("text/plain")
expect(response.body).not_to eq('') expect(response.body).not_to eq('')
expect(response.body).to eq(user.gpg_keys.select(&:verified?).map(&:key).join("\n")) expect(response.body).to eq(user.gpg_keys.select(&:verified?).map(&:key).join("\n"))
...@@ -376,28 +338,32 @@ RSpec.describe UsersController do ...@@ -376,28 +338,32 @@ RSpec.describe UsersController do
end end
context 'when revoked' do context 'when revoked' do
before do shared_examples_for 'doesn\'t render revoked keys' do
sign_in(user)
another_gpg_key.revoke
end
it 'doesn\'t render revoked keys' do it 'doesn\'t render revoked keys' do
get :gpg_keys, params: { username: user.username } get "/#{user.username}.gpg"
expect(response.body).not_to eq('') expect(response.body).not_to eq('')
expect(response.body).to include(gpg_key.key) expect(response.body).to include(gpg_key.key)
expect(response.body).not_to include(another_gpg_key.key) expect(response.body).not_to include(another_gpg_key.key)
end end
end
it 'doesn\'t render revoked keys for non-authorized users' do before do
sign_out(user) sign_in(user)
get :gpg_keys, params: { username: user.username } another_gpg_key.revoke
end
expect(response.body).not_to eq('') context 'while signed in' do
it_behaves_like 'doesn\'t render revoked keys'
end
expect(response.body).to include(gpg_key.key) context 'when logged out' do
expect(response.body).not_to include(another_gpg_key.key) before do
sign_out(user)
end
it_behaves_like 'doesn\'t render revoked keys'
end end
end end
end end
...@@ -417,7 +383,7 @@ RSpec.describe UsersController do ...@@ -417,7 +383,7 @@ RSpec.describe UsersController do
push_data = Gitlab::DataBuilder::Push.build_sample(project, public_user) push_data = Gitlab::DataBuilder::Push.build_sample(project, public_user)
EventCreateService.new.push(project, public_user, push_data) EventCreateService.new.push(project, public_user, push_data)
get :calendar, params: { username: public_user.username }, format: :json get user_calendar_url public_user.username, format: :json
expect(response).to have_gitlab_http_status(:ok) expect(response).to have_gitlab_http_status(:ok)
end end
...@@ -428,7 +394,7 @@ RSpec.describe UsersController do ...@@ -428,7 +394,7 @@ RSpec.describe UsersController do
push_data = Gitlab::DataBuilder::Push.build_sample(project, private_user) push_data = Gitlab::DataBuilder::Push.build_sample(project, private_user)
EventCreateService.new.push(project, private_user, push_data) EventCreateService.new.push(project, private_user, push_data)
get :calendar, params: { username: private_user.username }, format: :json get user_calendar_url private_user.username, format: :json
expect(response).to have_gitlab_http_status(:not_found) expect(response).to have_gitlab_http_status(:not_found)
end end
...@@ -453,7 +419,8 @@ RSpec.describe UsersController do ...@@ -453,7 +419,8 @@ RSpec.describe UsersController do
end end
it 'includes forked projects' do it 'includes forked projects' do
get :calendar, params: { username: user.username } get user_calendar_url user.username
expect(assigns(:contributions_calendar).projects.count).to eq(2) expect(assigns(:contributions_calendar).projects.count).to eq(2)
end end
end end
...@@ -472,9 +439,11 @@ RSpec.describe UsersController do ...@@ -472,9 +439,11 @@ RSpec.describe UsersController do
project.add_developer(user) project.add_developer(user)
end end
it 'assigns @calendar_date' do it 'renders activities on the specified day' do
get :calendar_activities, params: { username: user.username, date: '2014-07-31' } get user_calendar_activities_url user.username, date: '2014-07-31'
expect(assigns(:calendar_date)).to eq(Date.parse('2014-07-31'))
expect(response.media_type).to eq('text/html')
expect(response.body).to include('Jul 31, 2014')
end end
context 'for user' do context 'for user' do
...@@ -482,28 +451,26 @@ RSpec.describe UsersController do ...@@ -482,28 +451,26 @@ RSpec.describe UsersController do
let(:issue) { create(:issue, project: project, author: user) } let(:issue) { create(:issue, project: project, author: user) }
let(:note) { create(:note, noteable: issue, author: user, project: project) } let(:note) { create(:note, noteable: issue, author: user, project: project) }
render_views
before do before do
create_push_event create_push_event
create_note_event create_note_event
end end
it 'renders calendar_activities' do it 'renders calendar_activities' do
get :calendar_activities, params: { username: public_user.username } get user_calendar_activities_url public_user.username
expect(assigns[:events]).not_to be_empty expect(response.body).not_to be_empty
end end
it 'avoids N+1 queries', :request_store do it 'avoids N+1 queries', :request_store do
get :calendar_activities, params: { username: public_user.username } get user_calendar_activities_url public_user.username
control = ActiveRecord::QueryRecorder.new { get :calendar_activities, params: { username: public_user.username } } control = ActiveRecord::QueryRecorder.new { get user_calendar_activities_url public_user.username }
create_push_event create_push_event
create_note_event create_note_event
expect { get :calendar_activities, params: { username: public_user.username } }.not_to exceed_query_limit(control) expect { get user_calendar_activities_url public_user.username }.not_to exceed_query_limit(control)
end end
end end
...@@ -512,13 +479,14 @@ RSpec.describe UsersController do ...@@ -512,13 +479,14 @@ RSpec.describe UsersController do
push_data = Gitlab::DataBuilder::Push.build_sample(project, private_user) push_data = Gitlab::DataBuilder::Push.build_sample(project, private_user)
EventCreateService.new.push(project, private_user, push_data) EventCreateService.new.push(project, private_user, push_data)
get :calendar_activities, params: { username: private_user.username } get user_calendar_activities_url private_user.username
expect(response).to have_gitlab_http_status(:not_found) expect(response).to have_gitlab_http_status(:not_found)
end end
end end
context 'external authorization' do context 'external authorization' do
subject { get :calendar_activities, params: { username: user.username } } subject { get user_calendar_activities_url user.username }
it_behaves_like 'disabled when using an external authorization service' it_behaves_like 'disabled when using an external authorization service'
end end
...@@ -538,7 +506,7 @@ RSpec.describe UsersController do ...@@ -538,7 +506,7 @@ RSpec.describe UsersController do
let(:project) { create(:project, :public) } let(:project) { create(:project, :public) }
subject do subject do
get :contributed, params: { username: author.username }, format: format get user_contributed_projects_url author.username, format: format
end end
before do before do
...@@ -553,8 +521,8 @@ RSpec.describe UsersController do ...@@ -553,8 +521,8 @@ RSpec.describe UsersController do
shared_examples_for 'renders contributed projects' do shared_examples_for 'renders contributed projects' do
it 'renders contributed projects' do it 'renders contributed projects' do
expect(assigns[:contributed_projects]).not_to be_empty
expect(response).to have_gitlab_http_status(:ok) expect(response).to have_gitlab_http_status(:ok)
expect(response.body).not_to be_empty
end end
end end
...@@ -589,7 +557,7 @@ RSpec.describe UsersController do ...@@ -589,7 +557,7 @@ RSpec.describe UsersController do
let(:project) { create(:project, :public) } let(:project) { create(:project, :public) }
subject do subject do
get :starred, params: { username: author.username }, format: format get user_starred_projects_url author.username, format: format
end end
before do before do
...@@ -602,7 +570,7 @@ RSpec.describe UsersController do ...@@ -602,7 +570,7 @@ RSpec.describe UsersController do
shared_examples_for 'renders starred projects' do shared_examples_for 'renders starred projects' do
it 'renders starred projects' do it 'renders starred projects' do
expect(response).to have_gitlab_http_status(:ok) expect(response).to have_gitlab_http_status(:ok)
expect(assigns[:starred_projects]).not_to be_empty expect(response.body).not_to be_empty
end end
end end
...@@ -640,7 +608,8 @@ RSpec.describe UsersController do ...@@ -640,7 +608,8 @@ RSpec.describe UsersController do
context 'format html' do context 'format html' do
it 'renders snippets page' do it 'renders snippets page' do
get :snippets, params: { username: user.username } get user_snippets_url user.username
expect(response).to have_gitlab_http_status(:ok) expect(response).to have_gitlab_http_status(:ok)
expect(response).to render_template('show') expect(response).to render_template('show')
end end
...@@ -648,14 +617,15 @@ RSpec.describe UsersController do ...@@ -648,14 +617,15 @@ RSpec.describe UsersController do
context 'format json' do context 'format json' do
it 'response with snippets json data' do it 'response with snippets json data' do
get :snippets, params: { username: user.username }, format: :json get user_snippets_url user.username, format: :json
expect(response).to have_gitlab_http_status(:ok) expect(response).to have_gitlab_http_status(:ok)
expect(json_response).to have_key('html') expect(json_response).to have_key('html')
end end
end end
context 'external authorization' do context 'external authorization' do
subject { get :snippets, params: { username: user.username } } subject { get user_snippets_url user.username }
it_behaves_like 'disabled when using an external authorization service' it_behaves_like 'disabled when using an external authorization service'
end end
...@@ -668,7 +638,7 @@ RSpec.describe UsersController do ...@@ -668,7 +638,7 @@ RSpec.describe UsersController do
context 'when user exists' do context 'when user exists' do
it 'returns JSON indicating the user exists' do it 'returns JSON indicating the user exists' do
get :exists, params: { username: user.username } get user_exists_url user.username
expected_json = { exists: true }.to_json expected_json = { exists: true }.to_json
expect(response.body).to eq(expected_json) expect(response.body).to eq(expected_json)
...@@ -678,7 +648,7 @@ RSpec.describe UsersController do ...@@ -678,7 +648,7 @@ RSpec.describe UsersController do
let(:user) { create(:user, username: 'CamelCaseUser') } let(:user) { create(:user, username: 'CamelCaseUser') }
it 'returns JSON indicating the user exists' do it 'returns JSON indicating the user exists' do
get :exists, params: { username: user.username.downcase } get user_exists_url user.username.downcase
expected_json = { exists: true }.to_json expected_json = { exists: true }.to_json
expect(response.body).to eq(expected_json) expect(response.body).to eq(expected_json)
...@@ -688,7 +658,7 @@ RSpec.describe UsersController do ...@@ -688,7 +658,7 @@ RSpec.describe UsersController do
context 'when the user does not exist' do context 'when the user does not exist' do
it 'returns JSON indicating the user does not exist' do it 'returns JSON indicating the user does not exist' do
get :exists, params: { username: 'foo' } get user_exists_url 'foo'
expected_json = { exists: false }.to_json expected_json = { exists: false }.to_json
expect(response.body).to eq(expected_json) expect(response.body).to eq(expected_json)
...@@ -698,7 +668,7 @@ RSpec.describe UsersController do ...@@ -698,7 +668,7 @@ RSpec.describe UsersController do
let(:redirect_route) { user.namespace.redirect_routes.create(path: 'old-username') } let(:redirect_route) { user.namespace.redirect_routes.create(path: 'old-username') }
it 'returns JSON indicating a user by that username does not exist' do it 'returns JSON indicating a user by that username does not exist' do
get :exists, params: { username: 'old-username' } get user_exists_url 'old-username'
expected_json = { exists: false }.to_json expected_json = { exists: false }.to_json
expect(response.body).to eq(expected_json) expect(response.body).to eq(expected_json)
...@@ -710,7 +680,7 @@ RSpec.describe UsersController do ...@@ -710,7 +680,7 @@ RSpec.describe UsersController do
describe 'GET #suggests' do describe 'GET #suggests' do
context 'when user exists' do context 'when user exists' do
it 'returns JSON indicating the user exists and a suggestion' do it 'returns JSON indicating the user exists and a suggestion' do
get :suggests, params: { username: user.username } get user_suggests_url user.username
expected_json = { exists: true, suggests: ["#{user.username}1"] }.to_json expected_json = { exists: true, suggests: ["#{user.username}1"] }.to_json
expect(response.body).to eq(expected_json) expect(response.body).to eq(expected_json)
...@@ -720,7 +690,7 @@ RSpec.describe UsersController do ...@@ -720,7 +690,7 @@ RSpec.describe UsersController do
let(:user) { create(:user, username: 'CamelCaseUser') } let(:user) { create(:user, username: 'CamelCaseUser') }
it 'returns JSON indicating the user exists and a suggestion' do it 'returns JSON indicating the user exists and a suggestion' do
get :suggests, params: { username: user.username.downcase } get user_suggests_url user.username.downcase
expected_json = { exists: true, suggests: ["#{user.username.downcase}1"] }.to_json expected_json = { exists: true, suggests: ["#{user.username.downcase}1"] }.to_json
expect(response.body).to eq(expected_json) expect(response.body).to eq(expected_json)
...@@ -730,7 +700,7 @@ RSpec.describe UsersController do ...@@ -730,7 +700,7 @@ RSpec.describe UsersController do
context 'when the user does not exist' do context 'when the user does not exist' do
it 'returns JSON indicating the user does not exist' do it 'returns JSON indicating the user does not exist' do
get :suggests, params: { username: 'foo' } get user_suggests_url 'foo'
expected_json = { exists: false, suggests: [] }.to_json expected_json = { exists: false, suggests: [] }.to_json
expect(response.body).to eq(expected_json) expect(response.body).to eq(expected_json)
...@@ -740,7 +710,7 @@ RSpec.describe UsersController do ...@@ -740,7 +710,7 @@ RSpec.describe UsersController do
let(:redirect_route) { user.namespace.redirect_routes.create(path: 'old-username') } let(:redirect_route) { user.namespace.redirect_routes.create(path: 'old-username') }
it 'returns JSON indicating a user by that username does not exist' do it 'returns JSON indicating a user by that username does not exist' do
get :suggests, params: { username: 'old-username' } get user_suggests_url 'old-username'
expected_json = { exists: false, suggests: [] }.to_json expected_json = { exists: false, suggests: [] }.to_json
expect(response.body).to eq(expected_json) expect(response.body).to eq(expected_json)
...@@ -761,7 +731,7 @@ RSpec.describe UsersController do ...@@ -761,7 +731,7 @@ RSpec.describe UsersController do
context 'with exactly matching casing' do context 'with exactly matching casing' do
it 'responds with success' do it 'responds with success' do
get :show, params: { username: user.username } get user_url user.username
expect(response).to be_successful expect(response).to be_successful
end end
...@@ -769,44 +739,39 @@ RSpec.describe UsersController do ...@@ -769,44 +739,39 @@ RSpec.describe UsersController do
context 'with different casing' do context 'with different casing' do
it 'redirects to the correct casing' do it 'redirects to the correct casing' do
get :show, params: { username: user.username.downcase } get user_url user.username.downcase
expect(response).to redirect_to(user) expect(response).to redirect_to(user)
expect(controller).not_to set_flash[:notice] expect(flash[:notice]).to be_nil
end end
end end
end end
context 'when requesting a redirected path' do shared_examples_for 'redirects to the canonical path' do
let(:redirect_route) { user.namespace.redirect_routes.create(path: 'old-path') }
it 'redirects to the canonical path' do it 'redirects to the canonical path' do
get :show, params: { username: redirect_route.path } get user_url redirect_route.path
expect(response).to redirect_to(user) expect(response).to redirect_to(user)
expect(controller).to set_flash[:notice].to(user_moved_message(redirect_route, user)) expect(flash[:notice]).to eq(user_moved_message(redirect_route, user))
end end
end
context 'when requesting a redirected path' do
let(:redirect_route) { user.namespace.redirect_routes.create(path: 'old-path') }
it_behaves_like 'redirects to the canonical path'
context 'when the old path is a substring of the scheme or host' do context 'when the old path is a substring of the scheme or host' do
let(:redirect_route) { user.namespace.redirect_routes.create(path: 'http') } let(:redirect_route) { user.namespace.redirect_routes.create(path: 'http') }
it 'does not modify the requested host' do # it does not modify the requested host and ...
get :show, params: { username: redirect_route.path } it_behaves_like 'redirects to the canonical path'
expect(response).to redirect_to(user)
expect(controller).to set_flash[:notice].to(user_moved_message(redirect_route, user))
end
end end
context 'when the old path is substring of users' do context 'when the old path is substring of users' do
let(:redirect_route) { user.namespace.redirect_routes.create(path: 'ser') } let(:redirect_route) { user.namespace.redirect_routes.create(path: 'ser') }
it 'redirects to the canonical path' do it_behaves_like 'redirects to the canonical path'
get :show, params: { username: redirect_route.path }
expect(response).to redirect_to(user)
expect(controller).to set_flash[:notice].to(user_moved_message(redirect_route, user))
end
end end
end end
end end
...@@ -817,7 +782,7 @@ RSpec.describe UsersController do ...@@ -817,7 +782,7 @@ RSpec.describe UsersController do
context 'with exactly matching casing' do context 'with exactly matching casing' do
it 'responds with success' do it 'responds with success' do
get :projects, params: { username: user.username } get user_projects_url user.username
expect(response).to be_successful expect(response).to be_successful
end end
...@@ -825,45 +790,41 @@ RSpec.describe UsersController do ...@@ -825,45 +790,41 @@ RSpec.describe UsersController do
context 'with different casing' do context 'with different casing' do
it 'redirects to the correct casing' do it 'redirects to the correct casing' do
get :projects, params: { username: user.username.downcase } get user_projects_url user.username.downcase
expect(response).to redirect_to(user_projects_path(user)) expect(response).to redirect_to(user_projects_path(user))
expect(controller).not_to set_flash[:notice] expect(flash[:notice]).to be_nil
end end
end end
end end
context 'when requesting a redirected path' do shared_examples_for 'redirects to the canonical path' do
let(:redirect_route) { user.namespace.redirect_routes.create(path: 'old-path') }
it 'redirects to the canonical path' do it 'redirects to the canonical path' do
get :projects, params: { username: redirect_route.path } get user_projects_url redirect_route.path
expect(response).to redirect_to(user_projects_path(user)) expect(response).to redirect_to(user_projects_path(user))
expect(controller).to set_flash[:notice].to(user_moved_message(redirect_route, user)) expect(flash[:notice]).to eq(user_moved_message(redirect_route, user))
end
end end
context 'when requesting a redirected path' do
let(:redirect_route) { user.namespace.redirect_routes.create(path: 'old-path') }
it_behaves_like 'redirects to the canonical path'
context 'when the old path is a substring of the scheme or host' do context 'when the old path is a substring of the scheme or host' do
let(:redirect_route) { user.namespace.redirect_routes.create(path: 'http') } let(:redirect_route) { user.namespace.redirect_routes.create(path: 'http') }
it 'does not modify the requested host' do # it does not modify the requested host and ...
get :projects, params: { username: redirect_route.path } it_behaves_like 'redirects to the canonical path'
expect(response).to redirect_to(user_projects_path(user))
expect(controller).to set_flash[:notice].to(user_moved_message(redirect_route, user))
end
end end
context 'when the old path is substring of users' do context 'when the old path is substring of users' do
let(:redirect_route) { user.namespace.redirect_routes.create(path: 'ser') } let(:redirect_route) { user.namespace.redirect_routes.create(path: 'ser') }
# I.e. /users/ser should not become /ufoos/ser # it does not modify the /users part of the path
it 'does not modify the /users part of the path' do # (i.e. /users/ser should not become /ufoos/ser) and ...
get :projects, params: { username: redirect_route.path } it_behaves_like 'redirects to the canonical path'
expect(response).to redirect_to(user_projects_path(user))
expect(controller).to set_flash[:notice].to(user_moved_message(redirect_route, user))
end
end end
end end
end end
...@@ -871,11 +832,9 @@ RSpec.describe UsersController do ...@@ -871,11 +832,9 @@ RSpec.describe UsersController do
end end
context 'token authentication' do context 'token authentication' do
it_behaves_like 'authenticates sessionless user', :show, :atom, public: true do let(:url) { user_url(user.username, format: :atom) }
before do
default_params.merge!(username: user.username) it_behaves_like 'authenticates sessionless user for the request spec', public: true
end
end
end end
def user_moved_message(redirect_route, user) def user_moved_message(redirect_route, user)
......
# frozen_string_literal: true # frozen_string_literal: true
# This controller shared examples will be migrated to
# spec/support/shared_examples/requests/sessionless_auth_request_shared_examples.rb
# See also https://gitlab.com/groups/gitlab-org/-/epics/5076
RSpec.shared_examples 'authenticates sessionless user' do |path, format, params| RSpec.shared_examples 'authenticates sessionless user' do |path, format, params|
params ||= {} params ||= {}
......
# frozen_string_literal: true
RSpec.shared_examples 'authenticates sessionless user for the request spec' do |params|
params ||= {}
before do
stub_authentication_activity_metrics(debug: false)
end
let(:user) { create(:user) }
let(:personal_access_token) { create(:personal_access_token, user: user) }
let(:default_params) { params.except(:public) || {} }
context "when the 'personal_access_token' param is populated with the personal access token" do
it 'logs the user in' do
expect(authentication_metrics)
.to increment(:user_authenticated_counter)
.and increment(:user_session_override_counter)
.and increment(:user_sessionless_authentication_counter)
get url, params: default_params.merge(private_token: personal_access_token.token)
expect(response).to have_gitlab_http_status(:ok)
expect(controller.current_user).to eq(user)
end
it 'does not log the user in if page is public', if: params[:public] do
get url, params: default_params
expect(response).to have_gitlab_http_status(:ok)
expect(controller.current_user).to be_nil
end
end
context 'when the personal access token has no api scope', unless: params[:public] do
it 'does not log the user in' do
# Several instances of where these specs are shared route the request
# through ApplicationController#route_not_found which does not involve
# the usual auth code from Devise, so does not increment the
# :user_unauthenticated_counter
#
unless params[:ignore_incrementing]
expect(authentication_metrics)
.to increment(:user_unauthenticated_counter)
end
personal_access_token.update!(scopes: [:read_user])
get url, params: default_params.merge(private_token: personal_access_token.token)
expect(response).not_to have_gitlab_http_status(:ok)
end
end
context "when the 'PERSONAL_ACCESS_TOKEN' header is populated with the personal access token" do
it 'logs the user in' do
expect(authentication_metrics)
.to increment(:user_authenticated_counter)
.and increment(:user_session_override_counter)
.and increment(:user_sessionless_authentication_counter)
headers = { 'PRIVATE-TOKEN': personal_access_token.token }
get url, params: default_params, headers: headers
expect(response).to have_gitlab_http_status(:ok)
end
end
it "doesn't log the user in otherwise", unless: params[:public] do
# Several instances of where these specs are shared route the request
# through ApplicationController#route_not_found which does not involve
# the usual auth code from Devise, so does not increment the
# :user_unauthenticated_counter
#
unless params[:ignore_incrementing]
expect(authentication_metrics)
.to increment(:user_unauthenticated_counter)
end
get url, params: default_params.merge(private_token: 'token')
expect(response).not_to have_gitlab_http_status(:ok)
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment