spec/controllers/confirmations_controller_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe ConfirmationsController do
  include DeviseHelpers

  before do
    set_devise_mapping(context: @request)
  end

  describe '#show' do
    render_views

    def perform_request
      get :show, params: { confirmation_token: confirmation_token }
    end

    context 'user is already confirmed' do
      let_it_be_with_reload(:user) { create(:user, :unconfirmed) }

      let(:confirmation_token) { user.confirmation_token }

      before do
        user.confirm
      end

      it 'renders `new`' do
        perform_request

        expect(response).to render_template(:new)
      end

      it 'displays an error message' do
        perform_request

        expect(response.body).to include('Email was already confirmed, please try signing in')
      end

      it 'does not display the email of the user' do
        perform_request

        expect(response.body).not_to include(user.email)
      end

      it 'sets the username and caller_id in the context' do
        expect(controller).to receive(:show).and_wrap_original do |m, *args|
          m.call(*args)

          expect(Gitlab::ApplicationContext.current)
            .to include('meta.user' => user.username,
                        'meta.caller_id' => 'ConfirmationsController#show')
        end

        perform_request
      end
    end

    context 'user accesses the link after the expiry of confirmation token has passed' do
      let_it_be_with_reload(:user) { create(:user, :unconfirmed) }

      let(:confirmation_token) { user.confirmation_token }

      before do
        allow(Devise).to receive(:confirm_within).and_return(1.day)
      end

      it 'renders `new`' do
        travel_to(3.days.from_now) { perform_request }

        expect(response).to render_template(:new)
      end

      it 'displays an error message' do
        travel_to(3.days.from_now) { perform_request }

        expect(response.body).to include('Email needs to be confirmed within 1 day, please request a new one below')
      end

      it 'does not display the email of the user' do
        travel_to(3.days.from_now) { perform_request }

        expect(response.body).not_to include(user.email)
      end

      it 'sets the username and caller_id in the context' do
        expect(controller).to receive(:show).and_wrap_original do |m, *args|
          m.call(*args)

          expect(Gitlab::ApplicationContext.current)
            .to include('meta.user' => user.username,
                        'meta.caller_id' => 'ConfirmationsController#show')
        end

        travel_to(3.days.from_now) { perform_request }
      end
    end

    context 'with an invalid confirmation token' do
      let(:confirmation_token) { 'invalid_confirmation_token' }

      it 'renders `new`' do
        perform_request

        expect(response).to render_template(:new)
      end

      it 'displays an error message' do
        perform_request

        expect(response.body).to include('Confirmation token is invalid')
      end

      it 'sets the the caller_id in the context' do
        expect(controller).to receive(:show).and_wrap_original do |m, *args|
          expect(Gitlab::ApplicationContext.current)
            .to include('meta.caller_id' => 'ConfirmationsController#show')

          m.call(*args)
        end

        perform_request
      end
    end
  end

  describe '#create' do
    let(:user) { create(:user) }

    subject(:perform_request) { post(:create, params: { user: { email: user.email } }) }

    context 'when reCAPTCHA is disabled' do
      before do
        stub_application_setting(recaptcha_enabled: false)
      end

      it 'successfully sends password reset when reCAPTCHA is not solved' do
        perform_request

        expect(response).to redirect_to(dashboard_projects_path)
      end
    end

    context 'when reCAPTCHA is enabled' do
      before do
        stub_application_setting(recaptcha_enabled: true)
      end

      it 'displays an error when the reCAPTCHA is not solved' do
        Recaptcha.configuration.skip_verify_env.delete('test')

        perform_request

        expect(response).to render_template(:new)
        expect(flash[:alert]).to include 'There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.'
      end

      it 'successfully sends password reset when reCAPTCHA is solved' do
        Recaptcha.configuration.skip_verify_env << 'test'

        perform_request

        expect(response).to redirect_to(dashboard_projects_path)
      end
    end
  end
end