diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb
index bcdfd02b2..82fd950bc 100644
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@@ -107,7 +107,7 @@
<% if current_user.can_toggle_active?(@user) %>
<% if @user.active? %>
<%= govuk_button_link_to "Deactivate user", deactivate_user_path(@user), warning: true %>
- <% if current_user.support? %>
+ <% if current_user.support? && @user.last_sign_in_at.nil? %>
<%= govuk_button_to "Resend invite link", resend_invite_user_path(@user), secondary: true %>
<% end %>
<% else %>
diff --git a/spec/features/user_spec.rb b/spec/features/user_spec.rb
index e1cb65f66..b3ee773d1 100644
--- a/spec/features/user_spec.rb
+++ b/spec/features/user_spec.rb
@@ -1,7 +1,7 @@
require "rails_helper"
RSpec.describe "User Features" do
- let!(:user) { FactoryBot.create(:user, last_sign_in_at: Time.zone.now) }
+ let!(:user) { create(:user, last_sign_in_at: Time.zone.now) }
let(:reset_password_template_id) { User::RESET_PASSWORD_TEMPLATE_ID }
let(:notify_client) { instance_double(Notifications::Client) }
let(:reset_password_token) { "MCDH5y6Km-U7CFPgAMVS" }
@@ -212,7 +212,7 @@ RSpec.describe "User Features" do
end
context "when signed in as a data coordinator" do
- let!(:user) { FactoryBot.create(:user, :data_coordinator, last_sign_in_at: Time.zone.now) }
+ let!(:user) { create(:user, :data_coordinator, last_sign_in_at: Time.zone.now) }
context "when viewing users" do
before do
@@ -374,8 +374,8 @@ RSpec.describe "User Features" do
end
context "when editing someone elses account details" do
- let!(:user) { FactoryBot.create(:user, :data_coordinator, last_sign_in_at: Time.zone.now) }
- let!(:other_user) { FactoryBot.create(:user, name: "Other name", is_dpo: false, organisation: user.organisation) }
+ let!(:user) { create(:user, :data_coordinator, last_sign_in_at: Time.zone.now) }
+ let!(:other_user) { create(:user, name: "Other name", is_dpo: false, organisation: user.organisation, last_sign_in_at: Time.zone.now) }
before do
visit("/lettings-logs")
@@ -423,8 +423,8 @@ RSpec.describe "User Features" do
end
context "when deactivating a user" do
- let!(:user) { FactoryBot.create(:user, :data_coordinator, last_sign_in_at: Time.zone.now) }
- let!(:other_user) { FactoryBot.create(:user, name: "Other name", organisation: user.organisation) }
+ let!(:user) { create(:user, :data_coordinator, last_sign_in_at: Time.zone.now) }
+ let!(:other_user) { create(:user, name: "Other name", organisation: user.organisation) }
before do
visit("/lettings-logs")
@@ -451,8 +451,8 @@ RSpec.describe "User Features" do
end
context "when reactivating a user" do
- let!(:user) { FactoryBot.create(:user, :data_coordinator, last_sign_in_at: Time.zone.now) }
- let!(:other_user) { FactoryBot.create(:user, name: "Other name", active: false, organisation: user.organisation, last_sign_in_at: Time.zone.now) }
+ let!(:user) { create(:user, :data_coordinator, last_sign_in_at: Time.zone.now) }
+ let!(:other_user) { create(:user, name: "Other name", active: false, organisation: user.organisation, last_sign_in_at: Time.zone.now) }
let(:personalisation) do
{
name: other_user.name,
@@ -490,8 +490,8 @@ RSpec.describe "User Features" do
end
context "when signed in as support" do
- let!(:user) { FactoryBot.create(:user, :support) }
- let!(:other_user) { FactoryBot.create(:user, name: "new user", organisation: user.organisation, email: "new_user@example.com", confirmation_token: "abc") }
+ let!(:user) { create(:user, :support) }
+ let!(:other_user) { create(:user, name: "new user", organisation: user.organisation, email: "new_user@example.com", confirmation_token: "abc") }
context "when reinviting a user before initial confirmation email has been sent" do
let(:personalisation) do
@@ -504,15 +504,14 @@ RSpec.describe "User Features" do
end
before do
- other_user.update!(initial_confirmation_sent: false)
+ other_user.update!(initial_confirmation_sent: false, last_sign_in_at: nil)
allow(user).to receive(:need_two_factor_authentication?).and_return(false)
sign_in(user)
- visit(user_path(user.id))
+ other_user.legacy_users.destroy_all
+ visit(user_path(other_user))
end
it "sends initial confirmable template email when the resend invite link is clicked" do
- other_user.legacy_users.destroy_all
- visit(user_path(other_user))
expect(notify_client).to receive(:send_email).with(email_address: "new_user@example.com", template_id: User::CONFIRMABLE_TEMPLATE_ID, personalisation:).once
click_button("Resend invite link")
end
@@ -532,12 +531,11 @@ RSpec.describe "User Features" do
other_user.update!(initial_confirmation_sent: true, confirmed_at: nil)
allow(user).to receive(:need_two_factor_authentication?).and_return(false)
sign_in(user)
- visit(user_path(user.id))
+ other_user.legacy_users.destroy_all
+ visit(user_path(other_user))
end
it "sends and email when the resend invite link is clicked" do
- other_user.legacy_users.destroy_all
- visit(user_path(other_user))
expect(notify_client).to receive(:send_email).with(email_address: "new_user@example.com", template_id: User::RECONFIRMABLE_TEMPLATE_ID, personalisation:).once
click_button("Resend invite link")
end
@@ -554,14 +552,13 @@ RSpec.describe "User Features" do
end
before do
- other_user.update!(initial_confirmation_sent: true)
+ other_user.update!(initial_confirmation_sent: true, last_sign_in_at: nil)
allow(user).to receive(:need_two_factor_authentication?).and_return(false)
sign_in(user)
- visit(user_path(user.id))
+ visit(user_path(other_user))
end
it "sends beta onboarding email to be sent when user is legacy" do
- visit(user_path(other_user))
expect(notify_client).to receive(:send_email).with(email_address: "new_user@example.com", template_id: User::BETA_ONBOARDING_TEMPLATE_ID, personalisation:).once
click_button("Resend invite link")
end
@@ -569,7 +566,7 @@ RSpec.describe "User Features" do
end
context "when the user is a customer support person" do
- let(:support_user) { FactoryBot.create(:user, :support, last_sign_in_at: Time.zone.now) }
+ let(:support_user) { create(:user, :support, last_sign_in_at: Time.zone.now) }
let(:devise_notify_mailer) { DeviseNotifyMailer.new }
let(:notify_client) { instance_double(Notifications::Client) }
let(:mfa_template_id) { User::MFA_TEMPLATE_ID }
@@ -742,8 +739,8 @@ RSpec.describe "User Features" do
context "when viewing logs" do
context "when filtering by owning organisation and then switching back to all organisations", js: true do
- let!(:organisation) { FactoryBot.create(:organisation) }
- let(:parent_organisation) { FactoryBot.create(:organisation, name: "Filtered Org") }
+ let!(:organisation) { create(:organisation) }
+ let(:parent_organisation) { create(:organisation, name: "Filtered Org") }
before do
create(:organisation_relationship, child_organisation: organisation, parent_organisation:)
diff --git a/spec/requests/users_controller_spec.rb b/spec/requests/users_controller_spec.rb
index ec2e0dde8..1b62900fb 100644
--- a/spec/requests/users_controller_spec.rb
+++ b/spec/requests/users_controller_spec.rb
@@ -1,8 +1,8 @@
require "rails_helper"
RSpec.describe UsersController, type: :request do
- let(:user) { FactoryBot.create(:user) }
- let(:other_user) { FactoryBot.create(:user) }
+ let(:user) { create(:user) }
+ let(:other_user) { create(:user) }
let(:headers) { { "Accept" => "text/html" } }
let(:page) { Capybara::Node::Simple.new(response.body) }
let(:new_name) { "new test name" }
@@ -152,7 +152,7 @@ RSpec.describe UsersController, type: :request do
end
context "when the user does not have a role because they are a data protection officer only" do
- let(:user) { FactoryBot.create(:user, role: nil) }
+ let(:user) { create(:user, role: nil) }
before do
sign_in user
@@ -171,7 +171,7 @@ RSpec.describe UsersController, type: :request do
end
context "when the user is part of the same organisation" do
- let(:other_user) { FactoryBot.create(:user, organisation: user.organisation) }
+ let(:other_user) { create(:user, organisation: user.organisation) }
it "shows their details" do
expect(response).to have_http_status(:ok)
@@ -384,8 +384,8 @@ RSpec.describe UsersController, type: :request do
end
context "when user is signed in as a data coordinator" do
- let(:user) { FactoryBot.create(:user, :data_coordinator, email: "coordinator@example.com", organisation: create(:organisation, :without_dpc)) }
- let!(:other_user) { FactoryBot.create(:user, organisation: user.organisation, name: "filter name", email: "filter@example.com") }
+ let(:user) { create(:user, :data_coordinator, email: "coordinator@example.com", organisation: create(:organisation, :without_dpc)) }
+ let!(:other_user) { create(:user, organisation: user.organisation, name: "filter name", email: "filter@example.com") }
describe "#index" do
before do
@@ -413,9 +413,9 @@ RSpec.describe UsersController, type: :request do
end
context "when a search parameter is passed" do
- let!(:other_user_2) { FactoryBot.create(:user, organisation: user.organisation, name: "joe", email: "other@example.com") }
- let!(:other_user_3) { FactoryBot.create(:user, name: "User 5", organisation: user.organisation, email: "joe@example.com") }
- let!(:other_org_user) { FactoryBot.create(:user, name: "User 4", email: "joe@otherexample.com") }
+ let!(:other_user_2) { create(:user, organisation: user.organisation, name: "joe", email: "other@example.com") }
+ let!(:other_user_3) { create(:user, name: "User 5", organisation: user.organisation, email: "joe@example.com") }
+ let!(:other_org_user) { create(:user, name: "User 4", email: "joe@otherexample.com") }
before do
get "/organisations/#{user.organisation.id}/users?search=#{search_param}"
@@ -529,7 +529,7 @@ RSpec.describe UsersController, type: :request do
describe "CSV download" do
let(:headers) { { "Accept" => "text/csv" } }
- let(:user) { FactoryBot.create(:user) }
+ let(:user) { create(:user) }
before do
sign_in user
@@ -636,7 +636,7 @@ RSpec.describe UsersController, type: :request do
end
context "when the user is not part of the same organisation as the current user" do
- let(:other_user) { FactoryBot.create(:user) }
+ let(:other_user) { create(:user) }
it "returns not found 404" do
expect(response).to have_http_status(:not_found)
@@ -694,7 +694,7 @@ RSpec.describe UsersController, type: :request do
end
context "when the user is not part of the same organisation as the current user" do
- let(:other_user) { FactoryBot.create(:user) }
+ let(:other_user) { create(:user) }
it "returns not found 404" do
expect(response).to have_http_status(:not_found)
@@ -867,7 +867,7 @@ RSpec.describe UsersController, type: :request do
context "when the current user does not match the user ID" do
context "when the user is not part of the same organisation as the current user" do
- let(:other_user) { FactoryBot.create(:user) }
+ let(:other_user) { create(:user) }
let(:params) { { id: other_user.id, user: { name: new_name } } }
before do
@@ -897,7 +897,7 @@ RSpec.describe UsersController, type: :request do
end
describe "#create" do
- let(:user) { FactoryBot.create(:user, :data_coordinator) }
+ let(:user) { create(:user, :data_coordinator) }
let(:params) do
{
"user": {
@@ -947,7 +947,7 @@ RSpec.describe UsersController, type: :request do
context "when the email is already taken" do
before do
- FactoryBot.create(:user, email: "new_user@example.com")
+ create(:user, email: "new_user@example.com")
end
it "shows an error" do
@@ -1107,17 +1107,17 @@ RSpec.describe UsersController, type: :request do
end
context "when user is signed in as a support user" do
- let(:user) { FactoryBot.create(:user, :support, organisation: create(:organisation, :without_dpc)) }
- let(:other_user) { FactoryBot.create(:user, organisation: user.organisation) }
+ let(:user) { create(:user, :support, organisation: create(:organisation, :without_dpc)) }
+ let(:other_user) { create(:user, organisation: user.organisation, last_sign_in_at: Time.zone.now) }
before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false)
end
describe "#index" do
- let!(:other_user) { FactoryBot.create(:user, organisation: user.organisation, name: "User 2", email: "other@example.com") }
- let!(:inactive_user) { FactoryBot.create(:user, organisation: user.organisation, active: false, name: "User 3", email: "inactive@example.com") }
- let!(:other_org_user) { FactoryBot.create(:user, name: "User 4", email: "otherorg@otherexample.com", organisation: create(:organisation, :without_dpc)) }
+ let!(:other_user) { create(:user, organisation: user.organisation, name: "User 2", email: "other@example.com") }
+ let!(:inactive_user) { create(:user, organisation: user.organisation, active: false, name: "User 3", email: "inactive@example.com") }
+ let!(:other_org_user) { create(:user, name: "User 4", email: "otherorg@otherexample.com", organisation: create(:organisation, :without_dpc)) }
before do
sign_in user
@@ -1195,8 +1195,8 @@ RSpec.describe UsersController, type: :request do
end
context "when our search term matches an email and a name" do
- let!(:other_user) { FactoryBot.create(:user, organisation: user.organisation, name: "joe", email: "other@example.com") }
- let!(:other_org_user) { FactoryBot.create(:user, name: "User 4", email: "joe@otherexample.com", organisation: create(:organisation, :without_dpc)) }
+ let!(:other_user) { create(:user, organisation: user.organisation, name: "joe", email: "other@example.com") }
+ let!(:other_org_user) { create(:user, name: "User 4", email: "joe@otherexample.com", organisation: create(:organisation, :without_dpc)) }
let(:search_param) { "joe" }
it "returns any results including joe" do
@@ -1264,10 +1264,10 @@ RSpec.describe UsersController, type: :request do
describe "CSV download" do
let(:headers) { { "Accept" => "text/csv" } }
- let(:user) { FactoryBot.create(:user, :support) }
+ let(:user) { create(:user, :support) }
before do
- FactoryBot.create_list(:user, 25)
+ create_list(:user, 25)
sign_in user
end
@@ -1299,7 +1299,7 @@ RSpec.describe UsersController, type: :request do
context "when there is a search param" do
before do
- FactoryBot.create(:user, name: "Unusual name")
+ create(:user, name: "Unusual name")
get "/users?search=unusual", headers:, params: {}
end
@@ -1361,12 +1361,45 @@ RSpec.describe UsersController, type: :request do
expect(page).to have_link("Change", text: "if a key contact")
end
+ it "does not show option to resend confirmation email" do
+ expect(page).not_to have_button("Resend invite link")
+ end
+
it "allows deactivating the user" do
expect(page).to have_link("Deactivate user", href: "/users/#{other_user.id}/deactivate")
end
- it "allows you to resend invitation emails" do
- expect(page).to have_button("Resend invite link")
+ context "when user never logged in" do
+ before do
+ other_user.update!(last_sign_in_at: nil)
+ get "/users/#{other_user.id}", headers:, params: {}
+ end
+
+ it "returns 200" do
+ expect(response).to have_http_status(:ok)
+ end
+
+ it "shows the user details page" do
+ expect(page).to have_content("#{other_user.name}’s account")
+ end
+
+ it "allows changing name, email, role, dpo and key contact" do
+ expect(page).to have_link("Change", text: "name")
+ expect(page).to have_link("Change", text: "email address")
+ expect(page).to have_link("Change", text: "telephone number")
+ expect(page).not_to have_link("Change", text: "password")
+ expect(page).to have_link("Change", text: "role")
+ expect(page).to have_link("Change", text: "if data protection officer")
+ expect(page).to have_link("Change", text: "if a key contact")
+ end
+
+ it "allows deactivating the user" do
+ expect(page).to have_link("Deactivate user", href: "/users/#{other_user.id}/deactivate")
+ end
+
+ it "allows you to resend invitation emails" do
+ expect(page).to have_button("Resend invite link")
+ end
end
context "when user is deactivated" do
@@ -1386,7 +1419,7 @@ RSpec.describe UsersController, type: :request do
end
context "when the user is not part of the same organisation as the current user" do
- let(:other_user) { FactoryBot.create(:user) }
+ let(:other_user) { create(:user) }
it "returns 200" do
expect(response).to have_http_status(:ok)
@@ -1455,7 +1488,7 @@ RSpec.describe UsersController, type: :request do
end
context "when the user is not part of the same organisation as the current user" do
- let(:other_user) { FactoryBot.create(:user) }
+ let(:other_user) { create(:user) }
it "returns 200" do
expect(response).to have_http_status(:ok)
@@ -1682,7 +1715,7 @@ RSpec.describe UsersController, type: :request do
context "when the current user does not match the user ID" do
context "when the user is not part of the same organisation as the current user" do
- let(:other_user) { FactoryBot.create(:user) }
+ let(:other_user) { create(:user) }
let(:params) { { id: other_user.id, user: { name: new_name } } }
before do
@@ -1820,7 +1853,7 @@ RSpec.describe UsersController, type: :request do
end
describe "#create" do
- let(:organisation) { FactoryBot.create(:organisation, :without_dpc) }
+ let(:organisation) { create(:organisation, :without_dpc) }
let(:email) { "new_user@example.com" }
let(:params) do
{
@@ -1867,7 +1900,7 @@ RSpec.describe UsersController, type: :request do
end
before do
- FactoryBot.create(:user, email: "new_user@example.com")
+ create(:user, email: "new_user@example.com")
end
it "shows an error messages for all failed validations" do
@@ -1882,7 +1915,7 @@ RSpec.describe UsersController, type: :request do
context "when the email is already taken" do
before do
- FactoryBot.create(:user, email: "new_user@example.com")
+ create(:user, email: "new_user@example.com")
end
it "shows an error" do
@@ -1912,7 +1945,7 @@ RSpec.describe UsersController, type: :request do
describe "#new" do
before do
sign_in user
- FactoryBot.create(:organisation, name: "other org")
+ create(:organisation, name: "other org")
end
context "when support user" do