diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-10-21 10:08:36 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-10-21 10:08:36 +0300 |
| commit | 48aff82709769b098321c738f3444b9bdaa694c6 (patch) | |
| tree | e00c7c43e2d9b603a5a6af576b1685e400410dee /spec/services/users | |
| parent | 879f5329ee916a948223f8f43d77fba4da6cd028 (diff) | |
Add latest changes from gitlab-org/gitlab@13-5-stable-eev13.5.0-rc42
Diffstat (limited to 'spec/services/users')
| -rw-r--r-- | spec/services/users/approve_service_spec.rb | 106 | ||||
| -rw-r--r-- | spec/services/users/block_service_spec.rb | 10 | ||||
| -rw-r--r-- | spec/services/users/build_service_spec.rb | 20 | ||||
| -rw-r--r-- | spec/services/users/destroy_service_spec.rb | 8 | ||||
| -rw-r--r-- | spec/services/users/validate_otp_service_spec.rb | 34 |
5 files changed, 175 insertions, 3 deletions
diff --git a/spec/services/users/approve_service_spec.rb b/spec/services/users/approve_service_spec.rb new file mode 100644 index 00000000000..50f2b6b0827 --- /dev/null +++ b/spec/services/users/approve_service_spec.rb @@ -0,0 +1,106 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Users::ApproveService do + let_it_be(:current_user) { create(:admin) } + let(:user) { create(:user, :blocked_pending_approval) } + + subject(:execute) { described_class.new(current_user).execute(user) } + + describe '#execute' do + context 'failures' do + context 'when the executor user is not allowed to approve users' do + let(:current_user) { create(:user) } + + it 'returns error result' do + expect(subject[:status]).to eq(:error) + expect(subject[:message]).to match(/You are not allowed to approve a user/) + end + end + + context 'when user is not in pending approval state' do + let(:user) { create(:user, state: 'active') } + + it 'returns error result' do + expect(subject[:status]).to eq(:error) + expect(subject[:message]) + .to match(/The user you are trying to approve is not pending an approval/) + end + end + + context 'when user cannot be activated' do + let(:user) do + build(:user, state: 'blocked_pending_approval', email: 'invalid email') + end + + it 'returns error result' do + expect(subject[:status]).to eq(:error) + expect(subject[:message]).to match(/Email is invalid/) + end + + it 'does not change the state of the user' do + expect { subject }.not_to change { user.state } + end + end + end + + context 'success' do + it 'activates the user' do + expect(subject[:status]).to eq(:success) + expect(user.reload).to be_active + end + + context 'email confirmation status' do + context 'user is unconfirmed' do + let(:user) { create(:user, :blocked_pending_approval, :unconfirmed) } + + it 'sends confirmation instructions' do + expect { subject } + .to have_enqueued_mail(DeviseMailer, :confirmation_instructions) + end + end + + context 'user is confirmed' do + it 'does not send a confirmation email' do + expect { subject } + .not_to have_enqueued_mail(DeviseMailer, :confirmation_instructions) + end + end + end + + context 'pending invitiations' do + let!(:project_member_invite) { create(:project_member, :invited, invite_email: user.email) } + let!(:group_member_invite) { create(:group_member, :invited, invite_email: user.email) } + + context 'user is unconfirmed' do + let(:user) { create(:user, :blocked_pending_approval, :unconfirmed) } + + it 'does not accept pending invites of the user' do + expect(subject[:status]).to eq(:success) + + group_member_invite.reload + project_member_invite.reload + + expect(group_member_invite).to be_invite + expect(project_member_invite).to be_invite + end + end + + context 'user is confirmed' do + it 'accepts pending invites of the user' do + expect(subject[:status]).to eq(:success) + + group_member_invite.reload + project_member_invite.reload + + expect(group_member_invite).not_to be_invite + expect(project_member_invite).not_to be_invite + expect(group_member_invite.user).to eq(user) + expect(project_member_invite.user).to eq(user) + end + end + end + end + end +end diff --git a/spec/services/users/block_service_spec.rb b/spec/services/users/block_service_spec.rb index e170a5494aa..45a5b1e5100 100644 --- a/spec/services/users/block_service_spec.rb +++ b/spec/services/users/block_service_spec.rb @@ -34,5 +34,15 @@ RSpec.describe Users::BlockService do expect { operation }.not_to change { user.state } end end + + context 'when internal user' do + let(:user) { create(:user, :bot) } + + it 'returns error result' do + expect(operation[:status]).to eq(:error) + expect(operation[:message]).to eq('An internal user cannot be blocked') + expect(operation[:http_status]).to eq(403) + end + end end end diff --git a/spec/services/users/build_service_spec.rb b/spec/services/users/build_service_spec.rb index c14fdb35bfa..446741221b3 100644 --- a/spec/services/users/build_service_spec.rb +++ b/spec/services/users/build_service_spec.rb @@ -4,11 +4,11 @@ require 'spec_helper' RSpec.describe Users::BuildService do describe '#execute' do - let(:params) do - { name: 'John Doe', username: 'jduser', email: 'jd@example.com', password: 'mydummypass' } - end + let(:params) { build_stubbed(:user).slice(:first_name, :last_name, :username, :email, :password) } context 'with an admin user' do + let(:params) { build_stubbed(:user).slice(:name, :username, :email, :password) } + let(:admin_user) { create(:admin) } let(:service) { described_class.new(admin_user, ActionController::Parameters.new(params).permit!) } @@ -16,6 +16,10 @@ RSpec.describe Users::BuildService do expect(service.execute).to be_valid end + it 'sets the created_by_id' do + expect(service.execute.created_by_id).to eq(admin_user.id) + end + context 'calls the UpdateCanonicalEmailService' do specify do expect(Users::UpdateCanonicalEmailService).to receive(:new).and_call_original @@ -128,6 +132,16 @@ RSpec.describe Users::BuildService do it 'raises AccessDeniedError exception' do expect { service.execute }.to raise_error Gitlab::Access::AccessDeniedError end + + context 'when authorization is skipped' do + subject(:built_user) { service.execute(skip_authorization: true) } + + it { is_expected.to be_valid } + + it 'sets the created_by_id' do + expect(built_user.created_by_id).to eq(user.id) + end + end end context 'with nil user' do diff --git a/spec/services/users/destroy_service_spec.rb b/spec/services/users/destroy_service_spec.rb index ff919257b3c..6de685dd89a 100644 --- a/spec/services/users/destroy_service_spec.rb +++ b/spec/services/users/destroy_service_spec.rb @@ -234,6 +234,14 @@ RSpec.describe Users::DestroyService do expect(User.exists?(user.id)).to be(false) end + + it 'allows user to be deleted if skip_authorization: true' do + other_user = create(:user) + + described_class.new(user).execute(other_user, skip_authorization: true) + + expect(User.exists?(other_user.id)).to be(false) + end end context "migrating associated records" do diff --git a/spec/services/users/validate_otp_service_spec.rb b/spec/services/users/validate_otp_service_spec.rb new file mode 100644 index 00000000000..826755d6145 --- /dev/null +++ b/spec/services/users/validate_otp_service_spec.rb @@ -0,0 +1,34 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Users::ValidateOtpService do + let_it_be(:user) { create(:user) } + let(:otp_code) { 42 } + + subject(:validate) { described_class.new(user).execute(otp_code) } + + context 'Devise' do + it 'calls Devise strategy' do + expect_next_instance_of(::Gitlab::Auth::Otp::Strategies::Devise) do |strategy| + expect(strategy).to receive(:validate).with(otp_code).once + end + + validate + end + end + + context 'FortiAuthenticator' do + before do + stub_feature_flags(forti_authenticator: true) + end + + it 'calls FortiAuthenticator strategy' do + expect_next_instance_of(::Gitlab::Auth::Otp::Strategies::FortiAuthenticator) do |strategy| + expect(strategy).to receive(:validate).with(otp_code).once + end + + validate + end + end +end |