|
|
|
require "rails_helper"
|
|
|
|
|
|
|
|
RSpec.describe "User Features" do
|
|
|
|
let!(:user) { FactoryBot.create(:user, last_sign_in_at: Time.zone.now) }
|
|
|
|
let(:reset_password_template_id) { User::RESET_PASSWORD_TEMPLATE_ID }
|
|
|
|
let(:notify_client) { instance_double(Notifications::Client) }
|
|
|
|
let(:reset_password_token) { "MCDH5y6Km-U7CFPgAMVS" }
|
|
|
|
let(:devise_notify_mailer) { DeviseNotifyMailer.new }
|
|
|
|
|
|
|
|
before do
|
|
|
|
allow(DeviseNotifyMailer).to receive(:new).and_return(devise_notify_mailer)
|
|
|
|
allow(devise_notify_mailer).to receive(:notify_client).and_return(notify_client)
|
|
|
|
allow(notify_client).to receive(:send_email).and_return(true)
|
|
|
|
allow(Devise.token_generator).to receive(:generate).and_return(reset_password_token)
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when the user navigates to case logs" do
|
|
|
|
it " is required to log in" do
|
|
|
|
visit("/logs")
|
|
|
|
expect(page).to have_current_path("/account/sign-in")
|
|
|
|
expect(page).to have_content("Sign in to your account to submit CORE data")
|
|
|
|
end
|
|
|
|
|
|
|
|
it "does not see the default devise error message" do
|
|
|
|
visit("/logs")
|
|
|
|
expect(page).to have_no_content("You need to sign in or sign up before continuing.")
|
|
|
|
end
|
|
|
|
|
|
|
|
it " is redirected to case logs after signing in" do
|
|
|
|
visit("/logs")
|
|
|
|
fill_in("user[email]", with: user.email)
|
|
|
|
fill_in("user[password]", with: "pAssword1")
|
|
|
|
click_button("Sign in")
|
|
|
|
expect(page).to have_current_path("/logs")
|
|
|
|
end
|
|
|
|
|
|
|
|
it " can log out again", js: true do
|
|
|
|
visit("/logs")
|
|
|
|
fill_in("user[email]", with: user.email)
|
|
|
|
fill_in("user[password]", with: "pAssword1")
|
|
|
|
click_button("Sign in")
|
|
|
|
click_link("Sign out")
|
|
|
|
expect(page).to have_current_path("/")
|
|
|
|
expect(page).to have_content("Start now")
|
|
|
|
end
|
|
|
|
|
|
|
|
it " can log out again with js disabled" do
|
|
|
|
visit("/logs")
|
|
|
|
fill_in("user[email]", with: user.email)
|
|
|
|
fill_in("user[password]", with: "pAssword1")
|
|
|
|
click_button("Sign in")
|
|
|
|
click_link("Sign out")
|
|
|
|
expect(page).to have_current_path("/")
|
|
|
|
expect(page).to have_content("Start now")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when the user has forgotten their password" do
|
|
|
|
it " is redirected to the reset password page when they click the reset password link" do
|
|
|
|
visit("/logs")
|
|
|
|
click_link("reset your password")
|
|
|
|
expect(page).to have_current_path("/account/password/new")
|
|
|
|
end
|
|
|
|
|
|
|
|
it " is shown an error message if they submit without entering an email address" do
|
|
|
|
visit("/account/password/new")
|
|
|
|
click_button("Send email")
|
|
|
|
expect(page).to have_selector("#error-summary-title")
|
|
|
|
expect(page).to have_selector("#user-email-field-error")
|
|
|
|
expect(page).to have_title("Error")
|
|
|
|
end
|
|
|
|
|
|
|
|
it " is shown an error message if they submit an invalid email address" do
|
|
|
|
visit("/account/password/new")
|
|
|
|
fill_in("user[email]", with: "thisisn'tanemail")
|
|
|
|
click_button("Send email")
|
|
|
|
expect(page).to have_selector("#error-summary-title")
|
|
|
|
expect(page).to have_selector("#user-email-field-error")
|
|
|
|
expect(page).to have_title("Error")
|
|
|
|
end
|
|
|
|
|
|
|
|
it " is redirected to check your email page after submitting an email on the reset password page" do
|
|
|
|
visit("/account/password/new")
|
|
|
|
fill_in("user[email]", with: user.email)
|
|
|
|
click_button("Send email")
|
|
|
|
expect(page).to have_content("Check your email")
|
|
|
|
end
|
|
|
|
|
|
|
|
it " is shown their email on the password reset confirmation page" do
|
|
|
|
visit("/account/password/new")
|
|
|
|
fill_in("user[email]", with: user.email)
|
|
|
|
click_button("Send email")
|
|
|
|
expect(page).to have_content(user.email)
|
|
|
|
end
|
|
|
|
|
|
|
|
it " is shown the reset password confirmation page even if their email doesn't exist in the system" do
|
|
|
|
visit("/account/password/new")
|
|
|
|
fill_in("user[email]", with: "idontexist@example.com")
|
|
|
|
click_button("Send email")
|
|
|
|
expect(page).to have_current_path("/account/password/reset-confirmation?email=idontexist%40example.com")
|
|
|
|
end
|
|
|
|
|
|
|
|
it " is sent a reset password email via Notify" do
|
|
|
|
expect(notify_client).to receive(:send_email).with(
|
|
|
|
{
|
|
|
|
email_address: user.email,
|
|
|
|
template_id: reset_password_template_id,
|
|
|
|
personalisation: {
|
|
|
|
name: user.name,
|
|
|
|
email: user.email,
|
|
|
|
organisation: user.organisation.name,
|
|
|
|
link: "http://localhost:3000/account/password/edit?reset_password_token=#{reset_password_token}",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
)
|
|
|
|
visit("/account/password/new")
|
|
|
|
fill_in("user[email]", with: user.email)
|
|
|
|
click_button("Send email")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when the user is not logged in" do
|
|
|
|
it "'Your account' link does not display" do
|
|
|
|
visit("/logs")
|
|
|
|
expect(page).to have_no_link("Your account")
|
|
|
|
end
|
|
|
|
|
|
|
|
it "Can navigate and sign in page with sign in button" do
|
|
|
|
visit("/")
|
|
|
|
expect(page).to have_link("Sign in")
|
|
|
|
click_link("Sign in")
|
|
|
|
fill_in("user[email]", with: user.email)
|
|
|
|
fill_in("user[password]", with: "pAssword1")
|
|
|
|
click_button("Sign in")
|
|
|
|
expect(page).to have_current_path("/logs")
|
|
|
|
end
|
|
|
|
|
|
|
|
it "tries to access account page, redirects to log in page" do
|
|
|
|
visit("/users/#{user.id}")
|
|
|
|
expect(page).to have_content("Sign in to your account to submit CORE data")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when the user is trying to log in with incorrect credentials" do
|
|
|
|
it "shows a gov uk error summary and no flash message" do
|
|
|
|
visit("/logs")
|
|
|
|
fill_in("user[email]", with: user.email)
|
|
|
|
fill_in("user[password]", with: "nonsense")
|
|
|
|
click_button("Sign in")
|
|
|
|
expect(page).to have_selector("#error-summary-title")
|
|
|
|
expect(page).to have_no_css(".govuk-notification-banner.govuk-notification-banner--success")
|
|
|
|
expect(page).to have_title("Error")
|
|
|
|
end
|
|
|
|
|
|
|
|
it "show specific field error messages if a field was omitted" do
|
|
|
|
visit("/logs")
|
|
|
|
click_button("Sign in")
|
|
|
|
expect(page).to have_selector("#error-summary-title")
|
|
|
|
expect(page).to have_selector("#user-email-field-error")
|
|
|
|
expect(page).to have_selector("#user-password-field-error")
|
|
|
|
expect(page).to have_title("Error")
|
|
|
|
end
|
|
|
|
|
|
|
|
it "show specific field error messages if an invalid email address is entered" do
|
|
|
|
visit("/logs")
|
|
|
|
fill_in("user[email]", with: "thisisn'tanemail")
|
|
|
|
click_button("Sign in")
|
|
|
|
expect(page).to have_selector("#error-summary-title")
|
|
|
|
expect(page).to have_selector("#user-email-field-error")
|
|
|
|
expect(page).to have_content(/Enter an email address in the correct format, like name@example.com/)
|
|
|
|
expect(page).to have_title("Error")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when viewing your account" do
|
|
|
|
before do
|
|
|
|
visit("/logs")
|
|
|
|
fill_in("user[email]", with: user.email)
|
|
|
|
fill_in("user[password]", with: "pAssword1")
|
|
|
|
click_button("Sign in")
|
|
|
|
end
|
|
|
|
|
|
|
|
it "shows 'Your account' link in navigation if logged in and redirect to correct page" do
|
|
|
|
visit("/logs")
|
|
|
|
expect(page).to have_link("Your account")
|
|
|
|
click_link("Your account")
|
|
|
|
expect(page).to have_current_path("/users/#{user.id}")
|
|
|
|
end
|
|
|
|
|
|
|
|
it "can navigate to change your password page from main account page" do
|
|
|
|
visit("/users/#{user.id}")
|
|
|
|
find('[data-qa="change-password"]').click
|
|
|
|
expect(page).to have_content("Change your password")
|
|
|
|
fill_in("user[password]", with: "Password123!")
|
|
|
|
fill_in("user[password_confirmation]", with: "Password123!")
|
|
|
|
click_button("Update")
|
|
|
|
expect(page).to have_current_path("/users/#{user.id}")
|
|
|
|
end
|
|
|
|
|
|
|
|
it "allow user to change name" do
|
|
|
|
visit("/users/#{user.id}")
|
|
|
|
find('[data-qa="change-name"]').click
|
|
|
|
expect(page).to have_content("Change your personal details")
|
|
|
|
fill_in("user[name]", with: "Test New")
|
|
|
|
click_button("Save changes")
|
|
|
|
expect(page).to have_current_path("/users/#{user.id}")
|
|
|
|
expect(page).to have_content("Test New")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when adding a new user" do
|
|
|
|
before do
|
|
|
|
visit("/logs")
|
|
|
|
fill_in("user[email]", with: user.email)
|
|
|
|
fill_in("user[password]", with: "pAssword1")
|
|
|
|
click_button("Sign in")
|
|
|
|
end
|
|
|
|
|
|
|
|
it "validates an email has been provided" do
|
|
|
|
visit("users/new")
|
|
|
|
fill_in("user[name]", with: "New User")
|
|
|
|
click_button("Continue")
|
|
|
|
expect(page).to have_selector("#error-summary-title")
|
|
|
|
expect(page).to have_selector("#user-email-field-error")
|
|
|
|
expect(page).to have_content(/Enter an email address/)
|
|
|
|
expect(page).to have_title("Error")
|
|
|
|
end
|
|
|
|
|
|
|
|
it "validates email" do
|
|
|
|
visit("users/new")
|
|
|
|
fill_in("user[name]", with: "New User")
|
|
|
|
fill_in("user[email]", with: "thisis'tanemail")
|
|
|
|
click_button("Continue")
|
|
|
|
expect(page).to have_selector("#error-summary-title")
|
|
|
|
expect(page).to have_selector("#user-email-field-error")
|
|
|
|
expect(page).to have_content(/Enter an email address in the correct format, like name@example.com/)
|
|
|
|
expect(page).to have_title("Error")
|
|
|
|
end
|
|
|
|
|
|
|
|
it "sets name, email, role and is_dpo" do
|
|
|
|
visit("users/new")
|
|
|
|
fill_in("user[name]", with: "New User")
|
|
|
|
fill_in("user[email]", with: "newuser@example.com")
|
|
|
|
choose("user-role-data-provider-field")
|
|
|
|
choose("user-is-dpo-true-field")
|
|
|
|
click_button("Continue")
|
|
|
|
expect(
|
|
|
|
User.find_by(name: "New User", email: "newuser@example.com", role: "data_provider", is_dpo: true),
|
|
|
|
).to be_a(User)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "defaults to is_dpo false" do
|
|
|
|
visit("users/new")
|
|
|
|
expect(page).to have_field("user[is_dpo]", with: false)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when editing someone elses account details" do
|
|
|
|
let!(:user) { FactoryBot.create(:user, :data_coordinator, last_sign_in_at: Time.zone.now) }
|
|
|
|
let!(:other_user) { FactoryBot.create(:user, name: "Other name", is_dpo: true, organisation: user.organisation) }
|
|
|
|
|
|
|
|
before do
|
|
|
|
visit("/logs")
|
|
|
|
fill_in("user[email]", with: user.email)
|
|
|
|
fill_in("user[password]", with: "pAssword1")
|
|
|
|
click_button("Sign in")
|
|
|
|
end
|
|
|
|
|
|
|
|
it "allows updating other users details" do
|
|
|
|
visit("/organisations/#{user.organisation.id}")
|
|
|
|
click_link("Users")
|
|
|
|
click_link(other_user.name)
|
|
|
|
expect(page).to have_title("Other name’s account")
|
|
|
|
first(:link, "Change").click
|
|
|
|
expect(page).to have_field("user[is_dpo]", with: true)
|
|
|
|
choose("user-is-dpo-field")
|
|
|
|
fill_in("user[name]", with: "Updated new name")
|
|
|
|
click_button("Save changes")
|
|
|
|
expect(page).to have_title("Updated new name’s account")
|
|
|
|
expect(User.find_by(name: "Updated new name", role: "data_provider", is_dpo: false)).to be_a(User)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|