1 files changed, 192 insertions, 12 deletions

diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
index bbe9aaf737f..d33e2ba1e53 100644
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@@ -4,15 +4,6 @@ describe UsersController do
   let(:user) { create(:user) }
 
   describe 'GET #show' do
-    it 'is case-insensitive' do
-      user = create(:user, username: 'CamelCaseUser')
-      sign_in(user)
-
-      get :show, username: user.username.downcase
-
-      expect(response).to be_success
-    end
-
     context 'with rendered views' do
       render_views
 
@@ -45,9 +36,9 @@ describe UsersController do
       end
 
       context 'when logged out' do
-        it 'renders 404' do
+        it 'redirects to login page' do
           get :show, username: user.username
-          expect(response).to have_http_status(404)
+          expect(response).to redirect_to new_user_session_path
         end
       end
 
@@ -61,6 +52,24 @@ describe UsersController do
         end
       end
     end
+
+    context 'when a user by that username does not exist' do
+      context 'when logged out' do
+        it 'redirects to login page' do
+          get :show, username: 'nonexistent'
+          expect(response).to redirect_to new_user_session_path
+        end
+      end
+
+      context 'when logged in' do
+        before { sign_in(user) }
+
+        it 'renders 404' do
+          get :show, username: 'nonexistent'
+          expect(response).to have_http_status(404)
+        end
+      end
+    end
   end
 
   describe 'GET #calendar' do
@@ -92,7 +101,7 @@ describe UsersController do
 
   describe 'GET #calendar_activities' do
     let!(:project) { create(:empty_project) }
-    let!(:user) { create(:user) }
+    let(:user) { create(:user) }
 
     before do
       allow_any_instance_of(User).to receive(:contributed_projects_ids).and_return([project.id])
@@ -133,4 +142,175 @@ describe UsersController do
       end
     end
   end
+
+  describe 'GET #exists' do
+    before do
+      sign_in(user)
+    end
+
+    context 'when user exists' do
+      it 'returns JSON indicating the user exists' do
+        get :exists, username: user.username
+
+        expected_json = { exists: true }.to_json
+        expect(response.body).to eq(expected_json)
+      end
+
+      context 'when the casing is different' do
+        let(:user) { create(:user, username: 'CamelCaseUser') }
+
+        it 'returns JSON indicating the user exists' do
+          get :exists, username: user.username.downcase
+
+          expected_json = { exists: true }.to_json
+          expect(response.body).to eq(expected_json)
+        end
+      end
+    end
+
+    context 'when the user does not exist' do
+      it 'returns JSON indicating the user does not exist' do
+        get :exists, username: 'foo'
+
+        expected_json = { exists: false }.to_json
+        expect(response.body).to eq(expected_json)
+      end
+
+      context 'when a user changed their username' do
+        let(:redirect_route) { user.namespace.redirect_routes.create(path: 'old-username') }
+
+        it 'returns JSON indicating a user by that username does not exist' do
+          get :exists, username: 'old-username'
+
+          expected_json = { exists: false }.to_json
+          expect(response.body).to eq(expected_json)
+        end
+      end
+    end
+  end
+
+  describe '#ensure_canonical_path' do
+    before do
+      sign_in(user)
+    end
+
+    context 'for a GET request' do
+      context 'when requesting users at the root path' do
+        context 'when requesting the canonical path' do
+          let(:user) { create(:user, username: 'CamelCaseUser') }
+
+          context 'with exactly matching casing' do
+            it 'responds with success' do
+              get :show, username: user.username
+
+              expect(response).to be_success
+            end
+          end
+
+          context 'with different casing' do
+            it 'redirects to the correct casing' do
+              get :show, username: user.username.downcase
+
+              expect(response).to redirect_to(user)
+              expect(controller).not_to set_flash[:notice]
+            end
+          end
+        end
+
+        context 'when requesting a redirected path' do
+          let(:redirect_route) { user.namespace.redirect_routes.create(path: 'old-path') }
+
+          it 'redirects to the canonical path' do
+            get :show, username: redirect_route.path
+
+            expect(response).to redirect_to(user)
+            expect(controller).to set_flash[:notice].to(user_moved_message(redirect_route, user))
+          end
+
+          context 'when the old path is a substring of the scheme or host' do
+            let(:redirect_route) { user.namespace.redirect_routes.create(path: 'http') }
+
+            it 'does not modify the requested host' do
+              get :show, username: redirect_route.path
+
+              expect(response).to redirect_to(user)
+              expect(controller).to set_flash[:notice].to(user_moved_message(redirect_route, user))
+            end
+          end
+
+          context 'when the old path is substring of users' do
+            let(:redirect_route) { user.namespace.redirect_routes.create(path: 'ser') }
+
+            it 'redirects to the canonical path' do
+              get :show, username: redirect_route.path
+
+              expect(response).to redirect_to(user)
+              expect(controller).to set_flash[:notice].to(user_moved_message(redirect_route, user))
+            end
+          end
+        end
+      end
+
+      context 'when requesting users under the /users path' do
+        context 'when requesting the canonical path' do
+          let(:user) { create(:user, username: 'CamelCaseUser') }
+
+          context 'with exactly matching casing' do
+            it 'responds with success' do
+              get :projects, username: user.username
+
+              expect(response).to be_success
+            end
+          end
+
+          context 'with different casing' do
+            it 'redirects to the correct casing' do
+              get :projects, username: user.username.downcase
+
+              expect(response).to redirect_to(user_projects_path(user))
+              expect(controller).not_to set_flash[:notice]
+            end
+          end
+        end
+
+        context 'when requesting a redirected path' do
+          let(:redirect_route) { user.namespace.redirect_routes.create(path: 'old-path') }
+
+          it 'redirects to the canonical path' do
+            get :projects, username: redirect_route.path
+
+            expect(response).to redirect_to(user_projects_path(user))
+            expect(controller).to set_flash[:notice].to(user_moved_message(redirect_route, user))
+          end
+
+          context 'when the old path is a substring of the scheme or host' do
+            let(:redirect_route) { user.namespace.redirect_routes.create(path: 'http') }
+
+            it 'does not modify the requested host' do
+              get :projects, username: redirect_route.path
+
+              expect(response).to redirect_to(user_projects_path(user))
+              expect(controller).to set_flash[:notice].to(user_moved_message(redirect_route, user))
+            end
+          end
+
+          context 'when the old path is substring of users' do
+            let(:redirect_route) { user.namespace.redirect_routes.create(path: 'ser') }
+
+            # I.e. /users/ser should not become /ufoos/ser
+            it 'does not modify the /users part of the path' do
+              get :projects, username: redirect_route.path
+
+              expect(response).to redirect_to(user_projects_path(user))
+              expect(controller).to set_flash[:notice].to(user_moved_message(redirect_route, user))
+            end
+          end
+        end
+      end
+    end
+  end
+
+  def user_moved_message(redirect_route, user)
+    "User '#{redirect_route.path}' was moved to '#{user.full_path}'. Please update any links and bookmarks that may still have the old path."
+  end
 end