diff options
Diffstat (limited to 'spec/features/users/email_verification_on_login_spec.rb')
-rw-r--r-- | spec/features/users/email_verification_on_login_spec.rb | 113 |
1 files changed, 91 insertions, 22 deletions
diff --git a/spec/features/users/email_verification_on_login_spec.rb b/spec/features/users/email_verification_on_login_spec.rb index 1854e812b73..7675de28f86 100644 --- a/spec/features/users/email_verification_on_login_spec.rb +++ b/spec/features/users/email_verification_on_login_spec.rb @@ -2,10 +2,12 @@ require 'spec_helper' -RSpec.describe 'Email Verification On Login', :clean_gitlab_redis_rate_limiting, feature_category: :system_access do +RSpec.describe 'Email Verification On Login', :clean_gitlab_redis_rate_limiting, :js, feature_category: :system_access do include EmailHelpers - let_it_be(:user) { create(:user) } + let_it_be_with_reload(:user) { create(:user) } + let_it_be(:another_user) { create(:user) } + let_it_be(:new_email) { build_stubbed(:user).email } let(:require_email_verification_enabled) { user } @@ -33,7 +35,7 @@ RSpec.describe 'Email Verification On Login', :clean_gitlab_redis_rate_limiting, # Expect to see the verification form on the login page expect(page).to have_current_path(new_user_session_path) - expect(page).to have_content('Help us protect your account') + expect(page).to have_content(s_('IdentityVerification|Help us protect your account')) # Expect an instructions email to be sent with a code code = expect_instructions_email_and_extract_code @@ -41,7 +43,7 @@ RSpec.describe 'Email Verification On Login', :clean_gitlab_redis_rate_limiting, # Signing in again prompts for the code and doesn't send a new one gitlab_sign_in(user) expect(page).to have_current_path(new_user_session_path) - expect(page).to have_content('Help us protect your account') + expect(page).to have_content(s_('IdentityVerification|Help us protect your account')) # Verify the code verify_code(code) @@ -54,7 +56,7 @@ RSpec.describe 'Email Verification On Login', :clean_gitlab_redis_rate_limiting, # Expect a confirmation page with a meta refresh tag for 3 seconds to the root expect(page).to have_current_path(users_successful_verification_path) - expect(page).to have_content('Verification successful') + expect(page).to have_content(s_('IdentityVerification|Verification successful')) expect(page).to have_selector("meta[http-equiv='refresh'][content='3; url=#{root_path}']", visible: false) end end @@ -69,7 +71,8 @@ RSpec.describe 'Email Verification On Login', :clean_gitlab_redis_rate_limiting, code = expect_instructions_email_and_extract_code # Request a new code - click_link 'Resend code' + click_button s_('IdentityVerification|Resend code') + expect(page).to have_content(s_('IdentityVerification|A new code has been sent.')) expect_log_message('Instructions Sent', 2) new_code = expect_instructions_email_and_extract_code @@ -83,22 +86,63 @@ RSpec.describe 'Email Verification On Login', :clean_gitlab_redis_rate_limiting, gitlab_sign_in(user) # It shows a resend button - expect(page).to have_link 'Resend code' + expect(page).to have_button s_('IdentityVerification|Resend code') # Resend more than the rate limited amount of times 10.times do - click_link 'Resend code' + click_button s_('IdentityVerification|Resend code') end - # Expect the link to be gone - expect(page).not_to have_link 'Resend code' + # Expect an error alert + expect(page).to have_content format(s_("IdentityVerification|You've reached the maximum amount of resends. "\ + 'Wait %{interval} and try again.'), interval: 'about 1 hour') + end + end - # Wait for 1 hour - travel 1.hour + describe 'updating the email address' do + it 'offers to update the email address' do + perform_enqueued_jobs do + # When logging in + gitlab_sign_in(user) - # Now it's visible again - gitlab_sign_in(user) - expect(page).to have_link 'Resend code' + # Expect an instructions email to be sent with a code + code = expect_instructions_email_and_extract_code + + # It shows an update email button + expect(page).to have_button s_('IdentityVerification|Update email') + + # Click Update email button + click_button s_('IdentityVerification|Update email') + + # Try to update with another user's email address + fill_in _('Email'), with: another_user.email + click_button s_('IdentityVerification|Update email') + expect(page).to have_content('Email has already been taken') + + # Update to a unique email address + fill_in _('Email'), with: new_email + click_button s_('IdentityVerification|Update email') + expect(page).to have_content(s_('IdentityVerification|A new code has been sent to ' \ + 'your updated email address.')) + expect_log_message('Instructions Sent', 2) + + new_code = expect_email_changed_notification_to_old_address_and_instructions_email_to_new_address + + # Verify the old code is different from the new code + expect(code).not_to eq(new_code) + verify_code(new_code) + + # Expect the user to be unlocked + expect_user_to_be_unlocked + expect_user_to_be_confirmed + + # When logging in again + gitlab_sign_out + gitlab_sign_in(user) + + # It does not show an update email button anymore + expect(page).not_to have_button s_('IdentityVerification|Update email') + end end end @@ -118,8 +162,9 @@ RSpec.describe 'Email Verification On Login', :clean_gitlab_redis_rate_limiting, # Expect an error message expect_log_message('Failed Attempt', reason: 'rate_limited') - expect(page).to have_content("You've reached the maximum amount of tries. "\ - 'Wait 10 minutes or send a new code and try again.') + expect(page).to have_content( + format(s_("IdentityVerification|You've reached the maximum amount of tries. "\ + 'Wait %{interval} or send a new code and try again.'), interval: '10 minutes')) # Wait for 10 minutes travel 10.minutes @@ -139,7 +184,8 @@ RSpec.describe 'Email Verification On Login', :clean_gitlab_redis_rate_limiting, # Expect an error message expect_log_message('Failed Attempt', reason: 'invalid') - expect(page).to have_content('The code is incorrect. Enter it again, or send a new code.') + expect(page).to have_content(s_('IdentityVerification|The code is incorrect. '\ + 'Enter it again, or send a new code.')) end it 'verifies expired codes' do @@ -156,7 +202,7 @@ RSpec.describe 'Email Verification On Login', :clean_gitlab_redis_rate_limiting, # Expect an error message expect_log_message('Failed Attempt', reason: 'expired') - expect(page).to have_content('The code has expired. Send a new code and try again.') + expect(page).to have_content(s_('IdentityVerification|The code has expired. Send a new code and try again.')) end end end @@ -250,7 +296,8 @@ RSpec.describe 'Email Verification On Login', :clean_gitlab_redis_rate_limiting, it 'shows an error message on on the login page' do expect(page).to have_current_path(new_user_session_path) - expect(page).to have_content('Maximum login attempts exceeded. Wait 10 minutes and try again.') + expect(page).to have_content(format(s_('IdentityVerification|Maximum login attempts exceeded. '\ + 'Wait %{interval} and try again.'), interval: '10 minutes')) end end @@ -271,7 +318,7 @@ RSpec.describe 'Email Verification On Login', :clean_gitlab_redis_rate_limiting, stub_feature_flags(require_email_verification: false) # Resending and veryfying the code work as expected - click_link 'Resend code' + click_button s_('IdentityVerification|Resend code') new_code = expect_instructions_email_and_extract_code verify_code(code) @@ -283,7 +330,7 @@ RSpec.describe 'Email Verification On Login', :clean_gitlab_redis_rate_limiting, verify_code(new_code) expect(page).to have_content(s_('IdentityVerification|The code has expired. Send a new code and try again.')) - click_link 'Resend code' + click_button s_('IdentityVerification|Resend code') another_code = expect_instructions_email_and_extract_code verify_code(another_code) @@ -341,6 +388,28 @@ RSpec.describe 'Email Verification On Login', :clean_gitlab_redis_rate_limiting, end end + def expect_user_to_be_confirmed + aggregate_failures do + expect(user.email).to eq(new_email) + expect(user.unconfirmed_email).to be_nil + end + end + + def expect_email_changed_notification_to_old_address_and_instructions_email_to_new_address + changed_email = ActionMailer::Base.deliveries[0] + instructions_email = ActionMailer::Base.deliveries[1] + + expect(changed_email.to).to match_array([user.email]) + expect(changed_email.subject).to eq('Email Changed') + + expect(instructions_email.to).to match_array([new_email]) + expect(instructions_email.subject).to eq(s_('IdentityVerification|Verify your identity')) + + reset_delivered_emails! + + instructions_email.body.parts.first.to_s[/\d{#{Users::EmailVerification::GenerateTokenService::TOKEN_LENGTH}}/o] + end + def expect_instructions_email_and_extract_code mail = find_email_for(user) expect(mail.to).to match_array([user.email]) |