diff options
| author | Rémy Coutable <remy@rymai.me> | 2018-02-22 12:44:14 +0100 |
|---|---|---|
| committer | Rémy Coutable <remy@rymai.me> | 2018-02-22 12:44:14 +0100 |
| commit | fc7f1aa244731aede4b61e5415b1c9924abba602 (patch) | |
| tree | 4fa12064de6b1ee3a2a495820c2fd93b8aa15733 /spec/features/users | |
| parent | 1e52d1f6d0155448b819d846983d76ad70d0217f (diff) | |
| download | gitlab-ce-fc7f1aa244731aede4b61e5415b1c9924abba602.tar.gz | |
Fix user feature specs that were hardcoding 'user1'43495-spec-failure-spec-features-users_spec-rb
Signed-off-by: Rémy Coutable <remy@rymai.me>
Diffstat (limited to 'spec/features/users')
| -rw-r--r-- | spec/features/users/login_spec.rb | 390 | ||||
| -rw-r--r-- | spec/features/users/logout_spec.rb | 22 | ||||
| -rw-r--r-- | spec/features/users/projects_spec.rb | 29 | ||||
| -rw-r--r-- | spec/features/users/signup_spec.rb | 135 | ||||
| -rw-r--r-- | spec/features/users/user_browses_projects_on_user_page_spec.rb | 129 |
5 files changed, 676 insertions, 29 deletions
diff --git a/spec/features/users/login_spec.rb b/spec/features/users/login_spec.rb new file mode 100644 index 00000000000..6ef235cf870 --- /dev/null +++ b/spec/features/users/login_spec.rb @@ -0,0 +1,390 @@ +require 'spec_helper' + +feature 'Login' do + scenario 'Successful user signin invalidates password reset token' do + user = create(:user) + + expect(user.reset_password_token).to be_nil + + visit new_user_password_path + fill_in 'user_email', with: user.email + click_button 'Reset password' + + user.reload + expect(user.reset_password_token).not_to be_nil + + find('a[href="#login-pane"]').click + gitlab_sign_in(user) + expect(current_path).to eq root_path + + user.reload + expect(user.reset_password_token).to be_nil + end + + describe 'initial login after setup' do + it 'allows the initial admin to create a password' do + # This behavior is dependent on there only being one user + User.delete_all + + user = create(:admin, password_automatically_set: true) + + visit root_path + expect(current_path).to eq edit_user_password_path + expect(page).to have_content('Please create a password for your new account.') + + fill_in 'user_password', with: 'password' + fill_in 'user_password_confirmation', with: 'password' + click_button 'Change your password' + + expect(current_path).to eq new_user_session_path + expect(page).to have_content(I18n.t('devise.passwords.updated_not_active')) + + fill_in 'user_login', with: user.username + fill_in 'user_password', with: 'password' + click_button 'Sign in' + + expect(current_path).to eq root_path + end + + it 'does not show flash messages when login page' do + visit root_path + expect(page).not_to have_content('You need to sign in or sign up before continuing.') + end + end + + describe 'with a blocked account' do + it 'prevents the user from logging in' do + user = create(:user, :blocked) + + gitlab_sign_in(user) + + expect(page).to have_content('Your account has been blocked.') + end + + it 'does not update Devise trackable attributes', :clean_gitlab_redis_shared_state do + user = create(:user, :blocked) + + expect { gitlab_sign_in(user) }.not_to change { user.reload.sign_in_count } + end + end + + describe 'with the ghost user' do + it 'disallows login' do + gitlab_sign_in(User.ghost) + + expect(page).to have_content('Invalid Login or password.') + end + + it 'does not update Devise trackable attributes', :clean_gitlab_redis_shared_state do + expect { gitlab_sign_in(User.ghost) }.not_to change { User.ghost.reload.sign_in_count } + end + end + + describe 'with two-factor authentication' do + def enter_code(code) + fill_in 'user_otp_attempt', with: code + click_button 'Verify code' + end + + context 'with valid username/password' do + let(:user) { create(:user, :two_factor) } + + before do + gitlab_sign_in(user, remember: true) + expect(page).to have_content('Two-Factor Authentication') + end + + it 'does not show a "You are already signed in." error message' do + enter_code(user.current_otp) + expect(page).not_to have_content('You are already signed in.') + end + + context 'using one-time code' do + it 'allows login with valid code' do + enter_code(user.current_otp) + expect(current_path).to eq root_path + end + + it 'persists remember_me value via hidden field' do + field = first('input#user_remember_me', visible: false) + + expect(field.value).to eq '1' + end + + it 'blocks login with invalid code' do + enter_code('foo') + expect(page).to have_content('Invalid two-factor code') + end + + it 'allows login with invalid code, then valid code' do + enter_code('foo') + expect(page).to have_content('Invalid two-factor code') + + enter_code(user.current_otp) + expect(current_path).to eq root_path + end + end + + context 'using backup code' do + let(:codes) { user.generate_otp_backup_codes! } + + before do + expect(codes.size).to eq 10 + + # Ensure the generated codes get saved + user.save + end + + context 'with valid code' do + it 'allows login' do + enter_code(codes.sample) + expect(current_path).to eq root_path + end + + it 'invalidates the used code' do + expect { enter_code(codes.sample) } + .to change { user.reload.otp_backup_codes.size }.by(-1) + end + end + + context 'with invalid code' do + it 'blocks login' do + code = codes.sample + expect(user.invalidate_otp_backup_code!(code)).to eq true + + user.save! + expect(user.reload.otp_backup_codes.size).to eq 9 + + enter_code(code) + expect(page).to have_content('Invalid two-factor code.') + end + end + end + end + + context 'logging in via OAuth' do + it 'shows 2FA prompt after OAuth login' do + stub_omniauth_saml_config(enabled: true, auto_link_saml_user: true, allow_single_sign_on: ['saml'], providers: [mock_saml_config]) + user = create(:omniauth_user, :two_factor, extern_uid: 'my-uid', provider: 'saml') + gitlab_sign_in_via('saml', user, 'my-uid') + + expect(page).to have_content('Two-Factor Authentication') + enter_code(user.current_otp) + expect(current_path).to eq root_path + end + end + end + + describe 'without two-factor authentication' do + let(:user) { create(:user) } + + it 'allows basic login' do + gitlab_sign_in(user) + expect(current_path).to eq root_path + end + + it 'does not show a "You are already signed in." error message' do + gitlab_sign_in(user) + expect(page).not_to have_content('You are already signed in.') + end + + it 'blocks invalid login' do + user = create(:user, password: 'not-the-default') + + gitlab_sign_in(user) + expect(page).to have_content('Invalid Login or password.') + end + end + + describe 'with required two-factor authentication enabled' do + let(:user) { create(:user) } + # TODO: otp_grace_period_started_at + + context 'global setting' do + before do + stub_application_setting(require_two_factor_authentication: true) + end + + context 'with grace period defined' do + before do + stub_application_setting(two_factor_grace_period: 48) + gitlab_sign_in(user) + end + + context 'within the grace period' do + it 'redirects to two-factor configuration page' do + expect(current_path).to eq profile_two_factor_auth_path + expect(page).to have_content('The global settings require you to enable Two-Factor Authentication for your account. You need to do this before ') + end + + it 'allows skipping two-factor configuration', :js do + expect(current_path).to eq profile_two_factor_auth_path + + click_link 'Configure it later' + expect(current_path).to eq root_path + end + end + + context 'after the grace period' do + let(:user) { create(:user, otp_grace_period_started_at: 9999.hours.ago) } + + it 'redirects to two-factor configuration page' do + expect(current_path).to eq profile_two_factor_auth_path + expect(page).to have_content( + 'The global settings require you to enable Two-Factor Authentication for your account.' + ) + end + + it 'disallows skipping two-factor configuration', :js do + expect(current_path).to eq profile_two_factor_auth_path + expect(page).not_to have_link('Configure it later') + end + end + end + + context 'without grace period defined' do + before do + stub_application_setting(two_factor_grace_period: 0) + gitlab_sign_in(user) + end + + it 'redirects to two-factor configuration page' do + expect(current_path).to eq profile_two_factor_auth_path + expect(page).to have_content( + 'The global settings require you to enable Two-Factor Authentication for your account.' + ) + end + end + end + + context 'group setting' do + before do + group1 = create :group, name: 'Group 1', require_two_factor_authentication: true + group1.add_user(user, GroupMember::DEVELOPER) + group2 = create :group, name: 'Group 2', require_two_factor_authentication: true + group2.add_user(user, GroupMember::DEVELOPER) + end + + context 'with grace period defined' do + before do + stub_application_setting(two_factor_grace_period: 48) + gitlab_sign_in(user) + end + + context 'within the grace period' do + it 'redirects to two-factor configuration page' do + expect(current_path).to eq profile_two_factor_auth_path + expect(page).to have_content( + 'The group settings for Group 1 and Group 2 require you to enable ' \ + 'Two-Factor Authentication for your account. You need to do this ' \ + 'before ') + end + + it 'allows skipping two-factor configuration', :js do + expect(current_path).to eq profile_two_factor_auth_path + + click_link 'Configure it later' + expect(current_path).to eq root_path + end + end + + context 'after the grace period' do + let(:user) { create(:user, otp_grace_period_started_at: 9999.hours.ago) } + + it 'redirects to two-factor configuration page' do + expect(current_path).to eq profile_two_factor_auth_path + expect(page).to have_content( + 'The group settings for Group 1 and Group 2 require you to enable ' \ + 'Two-Factor Authentication for your account.' + ) + end + + it 'disallows skipping two-factor configuration', :js do + expect(current_path).to eq profile_two_factor_auth_path + expect(page).not_to have_link('Configure it later') + end + end + end + + context 'without grace period defined' do + before do + stub_application_setting(two_factor_grace_period: 0) + gitlab_sign_in(user) + end + + it 'redirects to two-factor configuration page' do + expect(current_path).to eq profile_two_factor_auth_path + expect(page).to have_content( + 'The group settings for Group 1 and Group 2 require you to enable ' \ + 'Two-Factor Authentication for your account.' + ) + end + end + end + end + + describe 'UI tabs and panes' do + context 'when no defaults are changed' do + it 'correctly renders tabs and panes' do + ensure_tab_pane_correctness + end + end + + context 'when signup is disabled' do + before do + stub_application_setting(signup_enabled: false) + end + + it 'correctly renders tabs and panes' do + ensure_tab_pane_correctness + end + end + + context 'when ldap is enabled' do + before do + visit new_user_session_path + allow(page).to receive(:form_based_providers).and_return([:ldapmain]) + allow(page).to receive(:ldap_enabled).and_return(true) + end + + it 'correctly renders tabs and panes' do + ensure_tab_pane_correctness(false) + end + end + + context 'when crowd is enabled' do + before do + visit new_user_session_path + allow(page).to receive(:form_based_providers).and_return([:crowd]) + allow(page).to receive(:crowd_enabled?).and_return(true) + end + + it 'correctly renders tabs and panes' do + ensure_tab_pane_correctness(false) + end + end + + def ensure_tab_pane_correctness(visit_path = true) + if visit_path + visit new_user_session_path + end + + ensure_tab_pane_counts + ensure_one_active_tab + ensure_one_active_pane + end + + def ensure_tab_pane_counts + tabs_count = page.all('[role="tab"]').size + expect(page).to have_selector('[role="tabpanel"]', count: tabs_count) + end + + def ensure_one_active_tab + expect(page).to have_selector('.nav-tabs > li.active', count: 1) + end + + def ensure_one_active_pane + expect(page).to have_selector('.tab-pane.active', count: 1) + end + end +end diff --git a/spec/features/users/logout_spec.rb b/spec/features/users/logout_spec.rb new file mode 100644 index 00000000000..635729efa53 --- /dev/null +++ b/spec/features/users/logout_spec.rb @@ -0,0 +1,22 @@ +require 'spec_helper' + +describe 'Logout/Sign out', :js do + let(:user) { create(:user) } + + before do + sign_in(user) + visit root_path + end + + it 'sign out redirects to sign in page' do + gitlab_sign_out + + expect(current_path).to eq new_user_session_path + end + + it 'sign out does not show signed out flash notice' do + gitlab_sign_out + + expect(page).not_to have_selector('.flash-notice') + end +end diff --git a/spec/features/users/projects_spec.rb b/spec/features/users/projects_spec.rb deleted file mode 100644 index f079771cee1..00000000000 --- a/spec/features/users/projects_spec.rb +++ /dev/null @@ -1,29 +0,0 @@ -require 'spec_helper' - -describe 'Projects tab on a user profile', :js do - let(:user) { create(:user) } - let!(:project) { create(:project, namespace: user.namespace) } - let!(:project2) { create(:project, namespace: user.namespace) } - - before do - allow(Project).to receive(:default_per_page).and_return(1) - - sign_in(user) - - visit user_path(user) - - page.within('.user-profile-nav') do - click_link('Personal projects') - end - - wait_for_requests - end - - it 'paginates results' do - expect(page).to have_content(project2.name) - - click_link('Next') - - expect(page).to have_content(project.name) - end -end diff --git a/spec/features/users/signup_spec.rb b/spec/features/users/signup_spec.rb new file mode 100644 index 00000000000..5d539f0ccbe --- /dev/null +++ b/spec/features/users/signup_spec.rb @@ -0,0 +1,135 @@ +require 'spec_helper' + +describe 'Signup' do + let(:new_user) { build_stubbed(:user) } + + describe 'username validation', :js do + before do + visit root_path + click_link 'Register' + end + + it 'does not show an error border if the username is available' do + fill_in 'new_user_username', with: 'new-user' + wait_for_requests + + expect(find('.username')).not_to have_css '.gl-field-error-outline' + end + + it 'does not show an error border if the username contains dots (.)' do + fill_in 'new_user_username', with: 'new.user.username' + wait_for_requests + + expect(find('.username')).not_to have_css '.gl-field-error-outline' + end + + it 'shows an error border if the username already exists' do + existing_user = create(:user) + + fill_in 'new_user_username', with: existing_user.username + wait_for_requests + + expect(find('.username')).to have_css '.gl-field-error-outline' + end + + it 'shows an error border if the username contains special characters' do + fill_in 'new_user_username', with: 'new$user!username' + wait_for_requests + + expect(find('.username')).to have_css '.gl-field-error-outline' + end + end + + context 'with no errors' do + context "when sending confirmation email" do + before do + stub_application_setting(send_user_confirmation_email: true) + end + + it 'creates the user account and sends a confirmation email' do + visit root_path + + fill_in 'new_user_name', with: new_user.name + fill_in 'new_user_username', with: new_user.username + fill_in 'new_user_email', with: new_user.email + fill_in 'new_user_email_confirmation', with: new_user.email + fill_in 'new_user_password', with: new_user.password + + expect { click_button 'Register' }.to change { User.count }.by(1) + + expect(current_path).to eq users_almost_there_path + expect(page).to have_content("Please check your email to confirm your account") + end + end + + context "when sigining up with different cased emails" do + it "creates the user successfully" do + visit root_path + + fill_in 'new_user_name', with: new_user.name + fill_in 'new_user_username', with: new_user.username + fill_in 'new_user_email', with: new_user.email + fill_in 'new_user_email_confirmation', with: new_user.email.capitalize + fill_in 'new_user_password', with: new_user.password + click_button "Register" + + expect(current_path).to eq dashboard_projects_path + expect(page).to have_content("Welcome! You have signed up successfully.") + end + end + + context "when not sending confirmation email" do + before do + stub_application_setting(send_user_confirmation_email: false) + end + + it 'creates the user account and goes to dashboard' do + visit root_path + + fill_in 'new_user_name', with: new_user.name + fill_in 'new_user_username', with: new_user.username + fill_in 'new_user_email', with: new_user.email + fill_in 'new_user_email_confirmation', with: new_user.email + fill_in 'new_user_password', with: new_user.password + click_button "Register" + + expect(current_path).to eq dashboard_projects_path + expect(page).to have_content("Welcome! You have signed up successfully.") + end + end + end + + context 'with errors' do + it "displays the errors" do + existing_user = create(:user) + + visit root_path + + fill_in 'new_user_name', with: new_user.name + fill_in 'new_user_username', with: new_user.username + fill_in 'new_user_email', with: existing_user.email + fill_in 'new_user_password', with: new_user.password + click_button "Register" + + expect(current_path).to eq user_registration_path + expect(page).to have_content("errors prohibited this user from being saved") + expect(page).to have_content("Email has already been taken") + expect(page).to have_content("Email confirmation doesn't match") + end + + it 'does not redisplay the password' do + existing_user = create(:user) + + visit root_path + + fill_in 'new_user_name', with: new_user.name + fill_in 'new_user_username', with: new_user.username + fill_in 'new_user_email', with: existing_user.email + fill_in 'new_user_password', with: new_user.password + click_button "Register" + + expect(current_path).to eq user_registration_path + expect(page.body).not_to match(/#{new_user.password}/) + end + end +end diff --git a/spec/features/users/user_browses_projects_on_user_page_spec.rb b/spec/features/users/user_browses_projects_on_user_page_spec.rb new file mode 100644 index 00000000000..a70637c8370 --- /dev/null +++ b/spec/features/users/user_browses_projects_on_user_page_spec.rb @@ -0,0 +1,129 @@ +require 'spec_helper' + +describe 'Users > User browses projects on user page', :js do + let!(:user) { create :user } + let!(:private_project) do + create :project, :private, name: 'private', namespace: user.namespace do |project| + project.add_master(user) + end + end + + let!(:internal_project) do + create :project, :internal, name: 'internal', namespace: user.namespace do |project| + project.add_master(user) + end + end + + let!(:public_project) do + create :project, :public, name: 'public', namespace: user.namespace do |project| + project.add_master(user) + end + end + + def click_nav_link(name) + page.within '.nav-links' do + click_link name + end + end + + it 'paginates projects', :js do + project = create(:project, namespace: user.namespace) + project2 = create(:project, namespace: user.namespace) + allow(Project).to receive(:default_per_page).and_return(1) + + sign_in(user) + + visit user_path(user) + + page.within('.user-profile-nav') do + click_link('Personal projects') + end + + wait_for_requests + + expect(page).to have_content(project2.name) + + click_link('Next') + + expect(page).to have_content(project.name) + end + + context 'when not signed in' do + it 'renders user public project' do + visit user_path(user) + click_nav_link('Personal projects') + + expect(page).to have_css('.tab-content #projects.active') + expect(title).to start_with(user.name) + + expect(page).to have_content(public_project.name) + expect(page).not_to have_content(private_project.name) + expect(page).not_to have_content(internal_project.name) + end + end + + context 'when signed in as another user' do + let(:another_user) { create :user } + + before do + sign_in(another_user) + end + + it 'renders user public and internal projects' do + visit user_path(user) + click_nav_link('Personal projects') + + expect(title).to start_with(user.name) + + expect(page).not_to have_content(private_project.name) + expect(page).to have_content(public_project.name) + expect(page).to have_content(internal_project.name) + end + end + + context 'when signed in as user' do + before do + sign_in(user) + end + + describe 'personal projects' do + it 'renders all user projects' do + visit user_path(user) + click_nav_link('Personal projects') + + expect(title).to start_with(user.name) + + expect(page).to have_content(private_project.name) + expect(page).to have_content(public_project.name) + expect(page).to have_content(internal_project.name) + end + end + + describe 'contributed projects' do + context 'when user has contributions' do + let(:contributed_project) do + create :project, :public, :empty_repo + end + + before do + Issues::CreateService.new(contributed_project, user, { title: 'Bug in old browser' }).execute + event = create(:push_event, project: contributed_project, author: user) + create(:push_event_payload, event: event, commit_count: 3) + end + + it 'renders contributed project' do + visit user_path(user) + + expect(title).to start_with(user.name) + expect(page).to have_css('.js-contrib-calendar') + + click_nav_link('Contributed projects') + + page.within '#contributed' do + expect(page).to have_content(contributed_project.name) + end + end + end + end + end +end |