lino.jorzick/greenlight
1
0
Fork 0
forked from External/greenlight
Code Issues Pull Requests Projects Releases Wiki Activity

GRN-56: Correctly implemented the account verification flow (#367)

Browse Source 
* Correctly implemented the account verification flow

* Fixed issues with redirect locations
This commit is contained in:
farhatahmad
2019-02-22 16:47:02 -05:00
committed by Jesus Federico
parent 5521402ee7
commit c60e25f71c
17 changed files with 337 additions and 141 deletions
Download Patch File Download Diff File Expand all files Collapse all files

95
spec/controllers/account_activations_controller_spec.rb Normal file
View File

@ -0,0 +1,95 @@
# frozen_string_literal: true
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
#
# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
#
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
require "rails_helper"
describe AccountActivationsController, type: :controller do
before { allow(Rails.configuration).to receive(:allow_user_signup).and_return(true) }
before { allow(Rails.configuration).to receive(:enable_email_verification).and_return(true) }
describe "GET #show" do
it "redirects to main room if signed in" do
user = create(:user, provider: "greenlight")
@request.session[:user_id] = user.id
get :show, params: { email: user.email }
expect(response).to redirect_to(user.main_room)
end
it "renders the verify view if the user is not signed in and is not verified" do
user = create(:user, email_verified: false, provider: "greenlight")
get :show, params: { email: user.email }
expect(response).to render_template(:verify)
end
end
describe "GET #edit" do
it "activates a user if they have the correct activation token" do
@user = create(:user, email_verified: false, provider: "greenlight")
get :edit, params: { email: @user.email, token: @user.activation_token }
@user.reload
expect(@user.email_verified).to eq(true)
expect(flash[:success]).to be_present
expect(response).to redirect_to(root_path)
end
it "does not activate a user if they have the correct activation token" do
@user = create(:user, email_verified: false, provider: "greenlight")
get :edit, params: { email: @user.email, token: "fake_token" }
@user.reload
expect(@user.email_verified).to eq(false)
expect(flash[:alert]).to be_present
expect(response).to redirect_to(root_path)
end
it "does not allow the user to click the verify link again" do
@user = create(:user, provider: "greenlight")
get :edit, params: { email: @user.email, token: @user.activation_token }
expect(flash[:alert]).to be_present
expect(response).to redirect_to(root_path)
end
end
describe "GET #resend" do
it "resends the email to the current user if the resend button is clicked" do
user = create(:user, email_verified: false, provider: "greenlight")
expect { get :resend, params: { email: user.email } }.to change { ActionMailer::Base.deliveries.count }.by(1)
expect(flash[:success]).to be_present
expect(response).to redirect_to(root_path)
end
it "redirects a verified user to the root path" do
user = create(:user, provider: "greenlight")
get :resend, params: { email: user.email }
expect(flash[:alert]).to be_present
expect(response).to redirect_to(root_path)
end
end
end

18
spec/controllers/rooms_controller_spec.rb
View File

@ -72,6 +72,15 @@ describe RoomsController, type: :controller do
get :show, params: { room_uid: "non_existent" }
end.to raise_error(ActiveRecord::RecordNotFound)
end
it "redirects to root if owner of room is not verified" do
@owner.update_attribute(:email_verified, false)
post :show, params: { room_uid: @owner.main_room }
expect(flash[:alert]).to be_present
expect(response).to redirect_to(root_path)
end
end
describe "POST #create" do
@ -151,6 +160,15 @@ describe RoomsController, type: :controller do
expect(response).to redirect_to(@user.main_room.join_path(@owner.name, { user_is_moderator: true }, @owner.uid))
end
it "redirects to root if owner of room is not verified" do
@owner.update_attribute(:email_verified, false)
post :join, params: { room_uid: @room, join_name: @owner.name }
expect(flash[:alert]).to be_present
expect(response).to redirect_to(root_path)
end
end
describe "DELETE #destroy" do

15
spec/controllers/sessions_controller_spec.rb
View File

@ -72,6 +72,21 @@ describe SessionsController, type: :controller do
expect(@request.session[:user_id]).to be_nil
end
it "should not login user if account is not verified" do
@secondary_user = create(:user, email_verified: false, provider: "greenlight",
password: "example", password_confirmation: "example")
post :create, params: {
session: {
email: @secondary_user.email,
password: "example",
},
}
expect(@request.session[:user_id]).to be_nil
expect(response).to redirect_to(account_activation_path(email: @secondary_user.email))
end
end
describe "GET/POST #omniauth" do

66
spec/controllers/users_controller_spec.rb
View File

@ -166,72 +166,6 @@ describe UsersController, type: :controller do
end
end
describe "GET | POST #resend" do
before { allow(Rails.configuration).to receive(:allow_user_signup).and_return(true) }
before { allow(Rails.configuration).to receive(:enable_email_verification).and_return(true) }
it "redirects to main room if verified" do
params = random_valid_user_params
post :create, params: params
u = User.find_by(name: params[:user][:name], email: params[:user][:email])
u.email_verified = false
get :resend
expect(response).to render_template(:verify)
end
it "resend email upon click if unverified" do
params = random_valid_user_params
post :create, params: params
u = User.find_by(name: params[:user][:name], email: params[:user][:email])
u.email_verified = false
expect { post :resend, params: { email_verified: false } }.to change { ActionMailer::Base.deliveries.count }.by(1)
expect(response).to render_template(:verify)
end
it "should raise if there there is a delivery failure" do
params = random_valid_user_params
post :create, params: params
u = User.find_by(name: params[:user][:name], email: params[:user][:email])
u.email_verified = false
expect do
post :resend, params: { email_verified: false }
raise Net::SMTPAuthenticationError
end.to raise_error { Net::SMTPAuthenticationError }
end
end
describe "GET | POST #confirm" do
before { allow(Rails.configuration).to receive(:allow_user_signup).and_return(true) }
before { allow(Rails.configuration).to receive(:enable_email_verification).and_return(true) }
it "redirects to main room if already verified" do
params = random_valid_user_params
post :create, params: params
u = User.find_by(name: params[:user][:name], email: params[:user][:email])
post :confirm, params: { user_uid: u.uid, email_verified: true }
expect(response).to redirect_to(room_path(u.main_room))
end
it "renders confirmation pane if unverified" do
params = random_valid_user_params
post :create, params: params
u = User.find_by(name: params[:user][:name], email: params[:user][:email])
u.email_verified = false
get :confirm, params: { user_uid: u.uid }
expect(response).to render_template(:verify)
end
end
describe "GET #recordings" do
before do
@user1 = create(:user)

1
spec/factories.rb
View File

@ -29,6 +29,7 @@ FactoryBot.define do
password_confirmation { password }
accepted_terms { true }
email_verified { true }
activated_at { Time.zone.now }
end
factory :room do