Browse Source

Don't show reinvite button to confirmed users (#1831)

* Don't show reinvite button to confirmed users

* Add specs

* show if user has never signed int
pull/1833/head
Jack 1 year ago committed by GitHub
parent
commit
2fca0c8842
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 2
      app/views/users/show.html.erb
  2. 43
      spec/features/user_spec.rb
  3. 101
      spec/requests/users_controller_spec.rb

2
app/views/users/show.html.erb

@ -107,7 +107,7 @@
<% if current_user.can_toggle_active?(@user) %> <% if current_user.can_toggle_active?(@user) %>
<% if @user.active? %> <% if @user.active? %>
<%= govuk_button_link_to "Deactivate user", deactivate_user_path(@user), warning: true %> <%= govuk_button_link_to "Deactivate user", deactivate_user_path(@user), warning: true %>
<% if current_user.support? %> <% if current_user.support? && @user.last_sign_in_at.nil? %>
<%= govuk_button_to "Resend invite link", resend_invite_user_path(@user), secondary: true %> <%= govuk_button_to "Resend invite link", resend_invite_user_path(@user), secondary: true %>
<% end %> <% end %>
<% else %> <% else %>

43
spec/features/user_spec.rb

@ -1,7 +1,7 @@
require "rails_helper" require "rails_helper"
RSpec.describe "User Features" do RSpec.describe "User Features" do
let!(:user) { FactoryBot.create(:user, last_sign_in_at: Time.zone.now) } let!(:user) { create(:user, last_sign_in_at: Time.zone.now) }
let(:reset_password_template_id) { User::RESET_PASSWORD_TEMPLATE_ID } let(:reset_password_template_id) { User::RESET_PASSWORD_TEMPLATE_ID }
let(:notify_client) { instance_double(Notifications::Client) } let(:notify_client) { instance_double(Notifications::Client) }
let(:reset_password_token) { "MCDH5y6Km-U7CFPgAMVS" } let(:reset_password_token) { "MCDH5y6Km-U7CFPgAMVS" }
@ -212,7 +212,7 @@ RSpec.describe "User Features" do
end end
context "when signed in as a data coordinator" do context "when signed in as a data coordinator" do
let!(:user) { FactoryBot.create(:user, :data_coordinator, last_sign_in_at: Time.zone.now) } let!(:user) { create(:user, :data_coordinator, last_sign_in_at: Time.zone.now) }
context "when viewing users" do context "when viewing users" do
before do before do
@ -374,8 +374,8 @@ RSpec.describe "User Features" do
end end
context "when editing someone elses account details" do context "when editing someone elses account details" do
let!(:user) { FactoryBot.create(:user, :data_coordinator, last_sign_in_at: Time.zone.now) } let!(:user) { create(:user, :data_coordinator, last_sign_in_at: Time.zone.now) }
let!(:other_user) { FactoryBot.create(:user, name: "Other name", is_dpo: false, organisation: user.organisation) } let!(:other_user) { create(:user, name: "Other name", is_dpo: false, organisation: user.organisation, last_sign_in_at: Time.zone.now) }
before do before do
visit("/lettings-logs") visit("/lettings-logs")
@ -423,8 +423,8 @@ RSpec.describe "User Features" do
end end
context "when deactivating a user" do context "when deactivating a user" do
let!(:user) { FactoryBot.create(:user, :data_coordinator, last_sign_in_at: Time.zone.now) } let!(:user) { create(:user, :data_coordinator, last_sign_in_at: Time.zone.now) }
let!(:other_user) { FactoryBot.create(:user, name: "Other name", organisation: user.organisation) } let!(:other_user) { create(:user, name: "Other name", organisation: user.organisation) }
before do before do
visit("/lettings-logs") visit("/lettings-logs")
@ -451,8 +451,8 @@ RSpec.describe "User Features" do
end end
context "when reactivating a user" do context "when reactivating a user" do
let!(:user) { FactoryBot.create(:user, :data_coordinator, last_sign_in_at: Time.zone.now) } let!(:user) { create(:user, :data_coordinator, last_sign_in_at: Time.zone.now) }
let!(:other_user) { FactoryBot.create(:user, name: "Other name", active: false, organisation: user.organisation, last_sign_in_at: Time.zone.now) } let!(:other_user) { create(:user, name: "Other name", active: false, organisation: user.organisation, last_sign_in_at: Time.zone.now) }
let(:personalisation) do let(:personalisation) do
{ {
name: other_user.name, name: other_user.name,
@ -490,8 +490,8 @@ RSpec.describe "User Features" do
end end
context "when signed in as support" do context "when signed in as support" do
let!(:user) { FactoryBot.create(:user, :support) } let!(:user) { create(:user, :support) }
let!(:other_user) { FactoryBot.create(:user, name: "new user", organisation: user.organisation, email: "new_user@example.com", confirmation_token: "abc") } let!(:other_user) { create(:user, name: "new user", organisation: user.organisation, email: "new_user@example.com", confirmation_token: "abc") }
context "when reinviting a user before initial confirmation email has been sent" do context "when reinviting a user before initial confirmation email has been sent" do
let(:personalisation) do let(:personalisation) do
@ -504,15 +504,14 @@ RSpec.describe "User Features" do
end end
before do before do
other_user.update!(initial_confirmation_sent: false) other_user.update!(initial_confirmation_sent: false, last_sign_in_at: nil)
allow(user).to receive(:need_two_factor_authentication?).and_return(false) allow(user).to receive(:need_two_factor_authentication?).and_return(false)
sign_in(user) sign_in(user)
visit(user_path(user.id)) other_user.legacy_users.destroy_all
visit(user_path(other_user))
end end
it "sends initial confirmable template email when the resend invite link is clicked" do it "sends initial confirmable template email when the resend invite link is clicked" do
other_user.legacy_users.destroy_all
visit(user_path(other_user))
expect(notify_client).to receive(:send_email).with(email_address: "new_user@example.com", template_id: User::CONFIRMABLE_TEMPLATE_ID, personalisation:).once expect(notify_client).to receive(:send_email).with(email_address: "new_user@example.com", template_id: User::CONFIRMABLE_TEMPLATE_ID, personalisation:).once
click_button("Resend invite link") click_button("Resend invite link")
end end
@ -532,12 +531,11 @@ RSpec.describe "User Features" do
other_user.update!(initial_confirmation_sent: true, confirmed_at: nil) other_user.update!(initial_confirmation_sent: true, confirmed_at: nil)
allow(user).to receive(:need_two_factor_authentication?).and_return(false) allow(user).to receive(:need_two_factor_authentication?).and_return(false)
sign_in(user) sign_in(user)
visit(user_path(user.id)) other_user.legacy_users.destroy_all
visit(user_path(other_user))
end end
it "sends and email when the resend invite link is clicked" do it "sends and email when the resend invite link is clicked" do
other_user.legacy_users.destroy_all
visit(user_path(other_user))
expect(notify_client).to receive(:send_email).with(email_address: "new_user@example.com", template_id: User::RECONFIRMABLE_TEMPLATE_ID, personalisation:).once expect(notify_client).to receive(:send_email).with(email_address: "new_user@example.com", template_id: User::RECONFIRMABLE_TEMPLATE_ID, personalisation:).once
click_button("Resend invite link") click_button("Resend invite link")
end end
@ -554,14 +552,13 @@ RSpec.describe "User Features" do
end end
before do before do
other_user.update!(initial_confirmation_sent: true) other_user.update!(initial_confirmation_sent: true, last_sign_in_at: nil)
allow(user).to receive(:need_two_factor_authentication?).and_return(false) allow(user).to receive(:need_two_factor_authentication?).and_return(false)
sign_in(user) sign_in(user)
visit(user_path(user.id)) visit(user_path(other_user))
end end
it "sends beta onboarding email to be sent when user is legacy" do it "sends beta onboarding email to be sent when user is legacy" do
visit(user_path(other_user))
expect(notify_client).to receive(:send_email).with(email_address: "new_user@example.com", template_id: User::BETA_ONBOARDING_TEMPLATE_ID, personalisation:).once expect(notify_client).to receive(:send_email).with(email_address: "new_user@example.com", template_id: User::BETA_ONBOARDING_TEMPLATE_ID, personalisation:).once
click_button("Resend invite link") click_button("Resend invite link")
end end
@ -569,7 +566,7 @@ RSpec.describe "User Features" do
end end
context "when the user is a customer support person" do context "when the user is a customer support person" do
let(:support_user) { FactoryBot.create(:user, :support, last_sign_in_at: Time.zone.now) } let(:support_user) { create(:user, :support, last_sign_in_at: Time.zone.now) }
let(:devise_notify_mailer) { DeviseNotifyMailer.new } let(:devise_notify_mailer) { DeviseNotifyMailer.new }
let(:notify_client) { instance_double(Notifications::Client) } let(:notify_client) { instance_double(Notifications::Client) }
let(:mfa_template_id) { User::MFA_TEMPLATE_ID } let(:mfa_template_id) { User::MFA_TEMPLATE_ID }
@ -742,8 +739,8 @@ RSpec.describe "User Features" do
context "when viewing logs" do context "when viewing logs" do
context "when filtering by owning organisation and then switching back to all organisations", js: true do context "when filtering by owning organisation and then switching back to all organisations", js: true do
let!(:organisation) { FactoryBot.create(:organisation) } let!(:organisation) { create(:organisation) }
let(:parent_organisation) { FactoryBot.create(:organisation, name: "Filtered Org") } let(:parent_organisation) { create(:organisation, name: "Filtered Org") }
before do before do
create(:organisation_relationship, child_organisation: organisation, parent_organisation:) create(:organisation_relationship, child_organisation: organisation, parent_organisation:)

101
spec/requests/users_controller_spec.rb

@ -1,8 +1,8 @@
require "rails_helper" require "rails_helper"
RSpec.describe UsersController, type: :request do RSpec.describe UsersController, type: :request do
let(:user) { FactoryBot.create(:user) } let(:user) { create(:user) }
let(:other_user) { FactoryBot.create(:user) } let(:other_user) { create(:user) }
let(:headers) { { "Accept" => "text/html" } } let(:headers) { { "Accept" => "text/html" } }
let(:page) { Capybara::Node::Simple.new(response.body) } let(:page) { Capybara::Node::Simple.new(response.body) }
let(:new_name) { "new test name" } let(:new_name) { "new test name" }
@ -152,7 +152,7 @@ RSpec.describe UsersController, type: :request do
end end
context "when the user does not have a role because they are a data protection officer only" do context "when the user does not have a role because they are a data protection officer only" do
let(:user) { FactoryBot.create(:user, role: nil) } let(:user) { create(:user, role: nil) }
before do before do
sign_in user sign_in user
@ -171,7 +171,7 @@ RSpec.describe UsersController, type: :request do
end end
context "when the user is part of the same organisation" do context "when the user is part of the same organisation" do
let(:other_user) { FactoryBot.create(:user, organisation: user.organisation) } let(:other_user) { create(:user, organisation: user.organisation) }
it "shows their details" do it "shows their details" do
expect(response).to have_http_status(:ok) expect(response).to have_http_status(:ok)
@ -384,8 +384,8 @@ RSpec.describe UsersController, type: :request do
end end
context "when user is signed in as a data coordinator" do context "when user is signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator, email: "coordinator@example.com", organisation: create(:organisation, :without_dpc)) } let(:user) { create(:user, :data_coordinator, email: "coordinator@example.com", organisation: create(:organisation, :without_dpc)) }
let!(:other_user) { FactoryBot.create(:user, organisation: user.organisation, name: "filter name", email: "filter@example.com") } let!(:other_user) { create(:user, organisation: user.organisation, name: "filter name", email: "filter@example.com") }
describe "#index" do describe "#index" do
before do before do
@ -413,9 +413,9 @@ RSpec.describe UsersController, type: :request do
end end
context "when a search parameter is passed" do context "when a search parameter is passed" do
let!(:other_user_2) { FactoryBot.create(:user, organisation: user.organisation, name: "joe", email: "other@example.com") } let!(:other_user_2) { create(:user, organisation: user.organisation, name: "joe", email: "other@example.com") }
let!(:other_user_3) { FactoryBot.create(:user, name: "User 5", organisation: user.organisation, email: "joe@example.com") } let!(:other_user_3) { create(:user, name: "User 5", organisation: user.organisation, email: "joe@example.com") }
let!(:other_org_user) { FactoryBot.create(:user, name: "User 4", email: "joe@otherexample.com") } let!(:other_org_user) { create(:user, name: "User 4", email: "joe@otherexample.com") }
before do before do
get "/organisations/#{user.organisation.id}/users?search=#{search_param}" get "/organisations/#{user.organisation.id}/users?search=#{search_param}"
@ -529,7 +529,7 @@ RSpec.describe UsersController, type: :request do
describe "CSV download" do describe "CSV download" do
let(:headers) { { "Accept" => "text/csv" } } let(:headers) { { "Accept" => "text/csv" } }
let(:user) { FactoryBot.create(:user) } let(:user) { create(:user) }
before do before do
sign_in user sign_in user
@ -636,7 +636,7 @@ RSpec.describe UsersController, type: :request do
end end
context "when the user is not part of the same organisation as the current user" do context "when the user is not part of the same organisation as the current user" do
let(:other_user) { FactoryBot.create(:user) } let(:other_user) { create(:user) }
it "returns not found 404" do it "returns not found 404" do
expect(response).to have_http_status(:not_found) expect(response).to have_http_status(:not_found)
@ -694,7 +694,7 @@ RSpec.describe UsersController, type: :request do
end end
context "when the user is not part of the same organisation as the current user" do context "when the user is not part of the same organisation as the current user" do
let(:other_user) { FactoryBot.create(:user) } let(:other_user) { create(:user) }
it "returns not found 404" do it "returns not found 404" do
expect(response).to have_http_status(:not_found) expect(response).to have_http_status(:not_found)
@ -867,7 +867,7 @@ RSpec.describe UsersController, type: :request do
context "when the current user does not match the user ID" do context "when the current user does not match the user ID" do
context "when the user is not part of the same organisation as the current user" do context "when the user is not part of the same organisation as the current user" do
let(:other_user) { FactoryBot.create(:user) } let(:other_user) { create(:user) }
let(:params) { { id: other_user.id, user: { name: new_name } } } let(:params) { { id: other_user.id, user: { name: new_name } } }
before do before do
@ -897,7 +897,7 @@ RSpec.describe UsersController, type: :request do
end end
describe "#create" do describe "#create" do
let(:user) { FactoryBot.create(:user, :data_coordinator) } let(:user) { create(:user, :data_coordinator) }
let(:params) do let(:params) do
{ {
"user": { "user": {
@ -947,7 +947,7 @@ RSpec.describe UsersController, type: :request do
context "when the email is already taken" do context "when the email is already taken" do
before do before do
FactoryBot.create(:user, email: "new_user@example.com") create(:user, email: "new_user@example.com")
end end
it "shows an error" do it "shows an error" do
@ -1107,17 +1107,17 @@ RSpec.describe UsersController, type: :request do
end end
context "when user is signed in as a support user" do context "when user is signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support, organisation: create(:organisation, :without_dpc)) } let(:user) { create(:user, :support, organisation: create(:organisation, :without_dpc)) }
let(:other_user) { FactoryBot.create(:user, organisation: user.organisation) } let(:other_user) { create(:user, organisation: user.organisation, last_sign_in_at: Time.zone.now) }
before do before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false) allow(user).to receive(:need_two_factor_authentication?).and_return(false)
end end
describe "#index" do describe "#index" do
let!(:other_user) { FactoryBot.create(:user, organisation: user.organisation, name: "User 2", email: "other@example.com") } let!(:other_user) { create(:user, organisation: user.organisation, name: "User 2", email: "other@example.com") }
let!(:inactive_user) { FactoryBot.create(:user, organisation: user.organisation, active: false, name: "User 3", email: "inactive@example.com") } let!(:inactive_user) { create(:user, organisation: user.organisation, active: false, name: "User 3", email: "inactive@example.com") }
let!(:other_org_user) { FactoryBot.create(:user, name: "User 4", email: "otherorg@otherexample.com", organisation: create(:organisation, :without_dpc)) } let!(:other_org_user) { create(:user, name: "User 4", email: "otherorg@otherexample.com", organisation: create(:organisation, :without_dpc)) }
before do before do
sign_in user sign_in user
@ -1195,8 +1195,8 @@ RSpec.describe UsersController, type: :request do
end end
context "when our search term matches an email and a name" do context "when our search term matches an email and a name" do
let!(:other_user) { FactoryBot.create(:user, organisation: user.organisation, name: "joe", email: "other@example.com") } let!(:other_user) { create(:user, organisation: user.organisation, name: "joe", email: "other@example.com") }
let!(:other_org_user) { FactoryBot.create(:user, name: "User 4", email: "joe@otherexample.com", organisation: create(:organisation, :without_dpc)) } let!(:other_org_user) { create(:user, name: "User 4", email: "joe@otherexample.com", organisation: create(:organisation, :without_dpc)) }
let(:search_param) { "joe" } let(:search_param) { "joe" }
it "returns any results including joe" do it "returns any results including joe" do
@ -1264,10 +1264,10 @@ RSpec.describe UsersController, type: :request do
describe "CSV download" do describe "CSV download" do
let(:headers) { { "Accept" => "text/csv" } } let(:headers) { { "Accept" => "text/csv" } }
let(:user) { FactoryBot.create(:user, :support) } let(:user) { create(:user, :support) }
before do before do
FactoryBot.create_list(:user, 25) create_list(:user, 25)
sign_in user sign_in user
end end
@ -1299,7 +1299,7 @@ RSpec.describe UsersController, type: :request do
context "when there is a search param" do context "when there is a search param" do
before do before do
FactoryBot.create(:user, name: "Unusual name") create(:user, name: "Unusual name")
get "/users?search=unusual", headers:, params: {} get "/users?search=unusual", headers:, params: {}
end end
@ -1361,12 +1361,45 @@ RSpec.describe UsersController, type: :request do
expect(page).to have_link("Change", text: "if a key contact") expect(page).to have_link("Change", text: "if a key contact")
end end
it "does not show option to resend confirmation email" do
expect(page).not_to have_button("Resend invite link")
end
it "allows deactivating the user" do it "allows deactivating the user" do
expect(page).to have_link("Deactivate user", href: "/users/#{other_user.id}/deactivate") expect(page).to have_link("Deactivate user", href: "/users/#{other_user.id}/deactivate")
end end
it "allows you to resend invitation emails" do context "when user never logged in" do
expect(page).to have_button("Resend invite link") before do
other_user.update!(last_sign_in_at: nil)
get "/users/#{other_user.id}", headers:, params: {}
end
it "returns 200" do
expect(response).to have_http_status(:ok)
end
it "shows the user details page" do
expect(page).to have_content("#{other_user.name}’s account")
end
it "allows changing name, email, role, dpo and key contact" do
expect(page).to have_link("Change", text: "name")
expect(page).to have_link("Change", text: "email address")
expect(page).to have_link("Change", text: "telephone number")
expect(page).not_to have_link("Change", text: "password")
expect(page).to have_link("Change", text: "role")
expect(page).to have_link("Change", text: "if data protection officer")
expect(page).to have_link("Change", text: "if a key contact")
end
it "allows deactivating the user" do
expect(page).to have_link("Deactivate user", href: "/users/#{other_user.id}/deactivate")
end
it "allows you to resend invitation emails" do
expect(page).to have_button("Resend invite link")
end
end end
context "when user is deactivated" do context "when user is deactivated" do
@ -1386,7 +1419,7 @@ RSpec.describe UsersController, type: :request do
end end
context "when the user is not part of the same organisation as the current user" do context "when the user is not part of the same organisation as the current user" do
let(:other_user) { FactoryBot.create(:user) } let(:other_user) { create(:user) }
it "returns 200" do it "returns 200" do
expect(response).to have_http_status(:ok) expect(response).to have_http_status(:ok)
@ -1455,7 +1488,7 @@ RSpec.describe UsersController, type: :request do
end end
context "when the user is not part of the same organisation as the current user" do context "when the user is not part of the same organisation as the current user" do
let(:other_user) { FactoryBot.create(:user) } let(:other_user) { create(:user) }
it "returns 200" do it "returns 200" do
expect(response).to have_http_status(:ok) expect(response).to have_http_status(:ok)
@ -1682,7 +1715,7 @@ RSpec.describe UsersController, type: :request do
context "when the current user does not match the user ID" do context "when the current user does not match the user ID" do
context "when the user is not part of the same organisation as the current user" do context "when the user is not part of the same organisation as the current user" do
let(:other_user) { FactoryBot.create(:user) } let(:other_user) { create(:user) }
let(:params) { { id: other_user.id, user: { name: new_name } } } let(:params) { { id: other_user.id, user: { name: new_name } } }
before do before do
@ -1820,7 +1853,7 @@ RSpec.describe UsersController, type: :request do
end end
describe "#create" do describe "#create" do
let(:organisation) { FactoryBot.create(:organisation, :without_dpc) } let(:organisation) { create(:organisation, :without_dpc) }
let(:email) { "new_user@example.com" } let(:email) { "new_user@example.com" }
let(:params) do let(:params) do
{ {
@ -1867,7 +1900,7 @@ RSpec.describe UsersController, type: :request do
end end
before do before do
FactoryBot.create(:user, email: "new_user@example.com") create(:user, email: "new_user@example.com")
end end
it "shows an error messages for all failed validations" do it "shows an error messages for all failed validations" do
@ -1882,7 +1915,7 @@ RSpec.describe UsersController, type: :request do
context "when the email is already taken" do context "when the email is already taken" do
before do before do
FactoryBot.create(:user, email: "new_user@example.com") create(:user, email: "new_user@example.com")
end end
it "shows an error" do it "shows an error" do
@ -1912,7 +1945,7 @@ RSpec.describe UsersController, type: :request do
describe "#new" do describe "#new" do
before do before do
sign_in user sign_in user
FactoryBot.create(:organisation, name: "other org") create(:organisation, name: "other org")
end end
context "when support user" do context "when support user" do

Loading…
Cancel
Save