diff options
Diffstat (limited to 'spec/controllers/users_controller_spec.rb')
-rw-r--r-- | spec/controllers/users_controller_spec.rb | 332 |
1 files changed, 331 insertions, 1 deletions
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb index 2e57a901319..916befe3f62 100644 --- a/spec/controllers/users_controller_spec.rb +++ b/spec/controllers/users_controller_spec.rb @@ -3,7 +3,8 @@ require 'spec_helper' RSpec.describe UsersController do - let(:user) { create(:user) } + # This user should have the same e-mail address associated with the GPG key prepared for tests + let(:user) { create(:user, email: GpgHelpers::User1.emails[0]) } let(:private_user) { create(:user, private_profile: true) } let(:public_user) { create(:user) } @@ -114,6 +115,335 @@ RSpec.describe UsersController do end end + describe 'GET #activity' do + context 'with rendered views' do + render_views + + describe 'when logged in' do + before do + sign_in(user) + end + + it 'renders the show template' do + get :show, params: { username: user.username } + + expect(response).to be_successful + expect(response).to render_template('show') + end + end + + describe 'when logged out' do + it 'renders the show template' do + get :activity, params: { username: user.username } + + expect(response).to have_gitlab_http_status(:ok) + expect(response).to render_template('show') + end + end + end + + context 'when public visibility level is restricted' do + before do + stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC]) + end + + context 'when logged out' do + it 'redirects to login page' do + get :activity, params: { username: user.username } + expect(response).to redirect_to new_user_session_path + end + end + + context 'when logged in' do + before do + sign_in(user) + end + + it 'renders show' do + get :activity, params: { username: user.username } + expect(response).to have_gitlab_http_status(:ok) + expect(response).to render_template('show') + end + end + end + + context 'when a user by that username does not exist' do + context 'when logged out' do + it 'redirects to login page' do + get :activity, params: { username: 'nonexistent' } + expect(response).to redirect_to new_user_session_path + end + end + + context 'when logged in' do + before do + sign_in(user) + end + + it 'renders 404' do + get :activity, params: { username: 'nonexistent' } + expect(response).to have_gitlab_http_status(:not_found) + end + end + end + + context 'json with events' do + let(:project) { create(:project) } + + before do + project.add_developer(user) + Gitlab::DataBuilder::Push.build_sample(project, user) + + sign_in(user) + end + + it 'loads events' do + get :activity, params: { username: user }, format: :json + + expect(assigns(:events)).not_to be_empty + end + + it 'hides events if the user cannot read cross project' do + allow(Ability).to receive(:allowed?).and_call_original + expect(Ability).to receive(:allowed?).with(user, :read_cross_project) { false } + + get :activity, params: { username: user }, format: :json + + expect(assigns(:events)).to be_empty + end + + it 'hides events if the user has a private profile' do + Gitlab::DataBuilder::Push.build_sample(project, private_user) + + get :activity, params: { username: private_user.username }, format: :json + + expect(assigns(:events)).to be_empty + end + end + end + + describe "#ssh_keys" do + describe "non existent user" do + it "does not generally work" do + get :ssh_keys, params: { username: 'not-existent' } + + expect(response).not_to be_successful + end + end + + describe "user with no keys" do + it "does generally work" do + get :ssh_keys, params: { username: user.username } + + expect(response).to be_successful + end + + it "renders all keys separated with a new line" do + get :ssh_keys, params: { username: user.username } + + expect(response.body).to eq("") + end + + it "responds with text/plain content type" do + get :ssh_keys, params: { username: user.username } + expect(response.content_type).to eq("text/plain") + end + end + + describe "user with keys" do + let!(:key) { create(:key, user: user) } + let!(:another_key) { create(:another_key, user: user) } + let!(:deploy_key) { create(:deploy_key, user: user) } + + describe "while signed in" do + before do + sign_in(user) + end + + it "does generally work" do + get :ssh_keys, params: { username: user.username } + + expect(response).to be_successful + end + + it "renders all non deploy keys separated with a new line" do + get :ssh_keys, params: { username: user.username } + + expect(response.body).not_to eq('') + expect(response.body).to eq(user.all_ssh_keys.join("\n")) + + expect(response.body).to include(key.key.sub(' dummy@gitlab.com', '')) + expect(response.body).to include(another_key.key.sub(' dummy@gitlab.com', '')) + + expect(response.body).not_to include(deploy_key.key) + end + + it "does not render the comment of the key" do + get :ssh_keys, params: { username: user.username } + expect(response.body).not_to match(/dummy@gitlab.com/) + end + + it "responds with text/plain content type" do + get :ssh_keys, params: { username: user.username } + + expect(response.content_type).to eq("text/plain") + end + end + + describe 'when logged out' do + before do + sign_out(user) + end + + it "still does generally work" do + get :ssh_keys, params: { username: user.username } + + expect(response).to be_successful + end + + it "renders all non deploy keys separated with a new line" do + get :ssh_keys, params: { username: user.username } + + expect(response.body).not_to eq('') + expect(response.body).to eq(user.all_ssh_keys.join("\n")) + + expect(response.body).to include(key.key.sub(' dummy@gitlab.com', '')) + expect(response.body).to include(another_key.key.sub(' dummy@gitlab.com', '')) + + expect(response.body).not_to include(deploy_key.key) + end + + it "does not render the comment of the key" do + get :ssh_keys, params: { username: user.username } + expect(response.body).not_to match(/dummy@gitlab.com/) + end + + it "responds with text/plain content type" do + get :ssh_keys, params: { username: user.username } + + expect(response.content_type).to eq("text/plain") + end + end + end + end + + describe "#gpg_keys" do + describe "non existent user" do + it "does not generally work" do + get :gpg_keys, params: { username: 'not-existent' } + + expect(response).not_to be_successful + end + end + + describe "user with no keys" do + it "does generally work" do + get :gpg_keys, params: { username: user.username } + + expect(response).to be_successful + end + + it "renders all keys separated with a new line" do + get :gpg_keys, params: { username: user.username } + + expect(response.body).to eq("") + end + + it "responds with text/plain content type" do + get :gpg_keys, params: { username: user.username } + + expect(response.content_type).to eq("text/plain") + end + end + + describe "user with keys" do + let!(:gpg_key) { create(:gpg_key, user: user) } + let!(:another_gpg_key) { create(:another_gpg_key, user: user) } + + describe "while signed in" do + before do + sign_in(user) + end + + it "does generally work" do + get :gpg_keys, params: { username: user.username } + + expect(response).to be_successful + end + + it "renders all verified keys separated with a new line" do + get :gpg_keys, params: { username: user.username } + + expect(response.body).not_to eq('') + expect(response.body).to eq(user.gpg_keys.select(&:verified?).map(&:key).join("\n")) + + expect(response.body).to include(gpg_key.key) + expect(response.body).to include(another_gpg_key.key) + end + + it "responds with text/plain content type" do + get :gpg_keys, params: { username: user.username } + + expect(response.content_type).to eq("text/plain") + end + end + + describe 'when logged out' do + before do + sign_out(user) + end + + it "still does generally work" do + get :gpg_keys, params: { username: user.username } + + expect(response).to be_successful + end + + it "renders all verified keys separated with a new line" do + get :gpg_keys, params: { username: user.username } + + expect(response.body).not_to eq('') + expect(response.body).to eq(user.gpg_keys.map(&:key).join("\n")) + + expect(response.body).to include(gpg_key.key) + expect(response.body).to include(another_gpg_key.key) + end + + it "responds with text/plain content type" do + get :gpg_keys, params: { username: user.username } + + expect(response.content_type).to eq("text/plain") + end + end + + describe 'when revoked' do + before do + sign_in(user) + another_gpg_key.revoke + end + + it "doesn't render revoked keys" do + get :gpg_keys, params: { username: user.username } + + expect(response.body).not_to eq('') + + expect(response.body).to include(gpg_key.key) + expect(response.body).not_to include(another_gpg_key.key) + end + + it "doesn't render revoked keys for non-authorized users" do + sign_out(user) + get :gpg_keys, params: { username: user.username } + + expect(response.body).not_to eq('') + + expect(response.body).to include(gpg_key.key) + expect(response.body).not_to include(another_gpg_key.key) + end + end + end + end + describe 'GET #calendar' do context 'for user' do let(:project) { create(:project) } |