Browse Source

Don't show reinvite button to confirmed users (#1831)

* Don't show reinvite button to confirmed users

* Add specs

* show if user has never signed int
pull/1833/head
Jack 1 year ago committed by GitHub
parent
commit
2fca0c8842
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 2
      app/views/users/show.html.erb
  2. 43
      spec/features/user_spec.rb
  3. 97
      spec/requests/users_controller_spec.rb

2
app/views/users/show.html.erb

@ -107,7 +107,7 @@
<% if current_user.can_toggle_active?(@user) %>
<% if @user.active? %>
<%= govuk_button_link_to "Deactivate user", deactivate_user_path(@user), warning: true %>
<% if current_user.support? %>
<% if current_user.support? && @user.last_sign_in_at.nil? %>
<%= govuk_button_to "Resend invite link", resend_invite_user_path(@user), secondary: true %>
<% end %>
<% else %>

43
spec/features/user_spec.rb

@ -1,7 +1,7 @@
require "rails_helper"
RSpec.describe "User Features" do
let!(:user) { FactoryBot.create(:user, last_sign_in_at: Time.zone.now) }
let!(:user) { create(:user, last_sign_in_at: Time.zone.now) }
let(:reset_password_template_id) { User::RESET_PASSWORD_TEMPLATE_ID }
let(:notify_client) { instance_double(Notifications::Client) }
let(:reset_password_token) { "MCDH5y6Km-U7CFPgAMVS" }
@ -212,7 +212,7 @@ RSpec.describe "User Features" do
end
context "when signed in as a data coordinator" do
let!(:user) { FactoryBot.create(:user, :data_coordinator, last_sign_in_at: Time.zone.now) }
let!(:user) { create(:user, :data_coordinator, last_sign_in_at: Time.zone.now) }
context "when viewing users" do
before do
@ -374,8 +374,8 @@ RSpec.describe "User Features" do
end
context "when editing someone elses account details" do
let!(:user) { FactoryBot.create(:user, :data_coordinator, last_sign_in_at: Time.zone.now) }
let!(:other_user) { FactoryBot.create(:user, name: "Other name", is_dpo: false, organisation: user.organisation) }
let!(:user) { create(:user, :data_coordinator, last_sign_in_at: Time.zone.now) }
let!(:other_user) { create(:user, name: "Other name", is_dpo: false, organisation: user.organisation, last_sign_in_at: Time.zone.now) }
before do
visit("/lettings-logs")
@ -423,8 +423,8 @@ RSpec.describe "User Features" do
end
context "when deactivating a user" do
let!(:user) { FactoryBot.create(:user, :data_coordinator, last_sign_in_at: Time.zone.now) }
let!(:other_user) { FactoryBot.create(:user, name: "Other name", organisation: user.organisation) }
let!(:user) { create(:user, :data_coordinator, last_sign_in_at: Time.zone.now) }
let!(:other_user) { create(:user, name: "Other name", organisation: user.organisation) }
before do
visit("/lettings-logs")
@ -451,8 +451,8 @@ RSpec.describe "User Features" do
end
context "when reactivating a user" do
let!(:user) { FactoryBot.create(:user, :data_coordinator, last_sign_in_at: Time.zone.now) }
let!(:other_user) { FactoryBot.create(:user, name: "Other name", active: false, organisation: user.organisation, last_sign_in_at: Time.zone.now) }
let!(:user) { create(:user, :data_coordinator, last_sign_in_at: Time.zone.now) }
let!(:other_user) { create(:user, name: "Other name", active: false, organisation: user.organisation, last_sign_in_at: Time.zone.now) }
let(:personalisation) do
{
name: other_user.name,
@ -490,8 +490,8 @@ RSpec.describe "User Features" do
end
context "when signed in as support" do
let!(:user) { FactoryBot.create(:user, :support) }
let!(:other_user) { FactoryBot.create(:user, name: "new user", organisation: user.organisation, email: "new_user@example.com", confirmation_token: "abc") }
let!(:user) { create(:user, :support) }
let!(:other_user) { create(:user, name: "new user", organisation: user.organisation, email: "new_user@example.com", confirmation_token: "abc") }
context "when reinviting a user before initial confirmation email has been sent" do
let(:personalisation) do
@ -504,15 +504,14 @@ RSpec.describe "User Features" do
end
before do
other_user.update!(initial_confirmation_sent: false)
other_user.update!(initial_confirmation_sent: false, last_sign_in_at: nil)
allow(user).to receive(:need_two_factor_authentication?).and_return(false)
sign_in(user)
visit(user_path(user.id))
other_user.legacy_users.destroy_all
visit(user_path(other_user))
end
it "sends initial confirmable template email when the resend invite link is clicked" do
other_user.legacy_users.destroy_all
visit(user_path(other_user))
expect(notify_client).to receive(:send_email).with(email_address: "new_user@example.com", template_id: User::CONFIRMABLE_TEMPLATE_ID, personalisation:).once
click_button("Resend invite link")
end
@ -532,12 +531,11 @@ RSpec.describe "User Features" do
other_user.update!(initial_confirmation_sent: true, confirmed_at: nil)
allow(user).to receive(:need_two_factor_authentication?).and_return(false)
sign_in(user)
visit(user_path(user.id))
other_user.legacy_users.destroy_all
visit(user_path(other_user))
end
it "sends and email when the resend invite link is clicked" do
other_user.legacy_users.destroy_all
visit(user_path(other_user))
expect(notify_client).to receive(:send_email).with(email_address: "new_user@example.com", template_id: User::RECONFIRMABLE_TEMPLATE_ID, personalisation:).once
click_button("Resend invite link")
end
@ -554,14 +552,13 @@ RSpec.describe "User Features" do
end
before do
other_user.update!(initial_confirmation_sent: true)
other_user.update!(initial_confirmation_sent: true, last_sign_in_at: nil)
allow(user).to receive(:need_two_factor_authentication?).and_return(false)
sign_in(user)
visit(user_path(user.id))
visit(user_path(other_user))
end
it "sends beta onboarding email to be sent when user is legacy" do
visit(user_path(other_user))
expect(notify_client).to receive(:send_email).with(email_address: "new_user@example.com", template_id: User::BETA_ONBOARDING_TEMPLATE_ID, personalisation:).once
click_button("Resend invite link")
end
@ -569,7 +566,7 @@ RSpec.describe "User Features" do
end
context "when the user is a customer support person" do
let(:support_user) { FactoryBot.create(:user, :support, last_sign_in_at: Time.zone.now) }
let(:support_user) { create(:user, :support, last_sign_in_at: Time.zone.now) }
let(:devise_notify_mailer) { DeviseNotifyMailer.new }
let(:notify_client) { instance_double(Notifications::Client) }
let(:mfa_template_id) { User::MFA_TEMPLATE_ID }
@ -742,8 +739,8 @@ RSpec.describe "User Features" do
context "when viewing logs" do
context "when filtering by owning organisation and then switching back to all organisations", js: true do
let!(:organisation) { FactoryBot.create(:organisation) }
let(:parent_organisation) { FactoryBot.create(:organisation, name: "Filtered Org") }
let!(:organisation) { create(:organisation) }
let(:parent_organisation) { create(:organisation, name: "Filtered Org") }
before do
create(:organisation_relationship, child_organisation: organisation, parent_organisation:)

97
spec/requests/users_controller_spec.rb

@ -1,8 +1,8 @@
require "rails_helper"
RSpec.describe UsersController, type: :request do
let(:user) { FactoryBot.create(:user) }
let(:other_user) { FactoryBot.create(:user) }
let(:user) { create(:user) }
let(:other_user) { create(:user) }
let(:headers) { { "Accept" => "text/html" } }
let(:page) { Capybara::Node::Simple.new(response.body) }
let(:new_name) { "new test name" }
@ -152,7 +152,7 @@ RSpec.describe UsersController, type: :request do
end
context "when the user does not have a role because they are a data protection officer only" do
let(:user) { FactoryBot.create(:user, role: nil) }
let(:user) { create(:user, role: nil) }
before do
sign_in user
@ -171,7 +171,7 @@ RSpec.describe UsersController, type: :request do
end
context "when the user is part of the same organisation" do
let(:other_user) { FactoryBot.create(:user, organisation: user.organisation) }
let(:other_user) { create(:user, organisation: user.organisation) }
it "shows their details" do
expect(response).to have_http_status(:ok)
@ -384,8 +384,8 @@ RSpec.describe UsersController, type: :request do
end
context "when user is signed in as a data coordinator" do
let(:user) { FactoryBot.create(:user, :data_coordinator, email: "coordinator@example.com", organisation: create(:organisation, :without_dpc)) }
let!(:other_user) { FactoryBot.create(:user, organisation: user.organisation, name: "filter name", email: "filter@example.com") }
let(:user) { create(:user, :data_coordinator, email: "coordinator@example.com", organisation: create(:organisation, :without_dpc)) }
let!(:other_user) { create(:user, organisation: user.organisation, name: "filter name", email: "filter@example.com") }
describe "#index" do
before do
@ -413,9 +413,9 @@ RSpec.describe UsersController, type: :request do
end
context "when a search parameter is passed" do
let!(:other_user_2) { FactoryBot.create(:user, organisation: user.organisation, name: "joe", email: "other@example.com") }
let!(:other_user_3) { FactoryBot.create(:user, name: "User 5", organisation: user.organisation, email: "joe@example.com") }
let!(:other_org_user) { FactoryBot.create(:user, name: "User 4", email: "joe@otherexample.com") }
let!(:other_user_2) { create(:user, organisation: user.organisation, name: "joe", email: "other@example.com") }
let!(:other_user_3) { create(:user, name: "User 5", organisation: user.organisation, email: "joe@example.com") }
let!(:other_org_user) { create(:user, name: "User 4", email: "joe@otherexample.com") }
before do
get "/organisations/#{user.organisation.id}/users?search=#{search_param}"
@ -529,7 +529,7 @@ RSpec.describe UsersController, type: :request do
describe "CSV download" do
let(:headers) { { "Accept" => "text/csv" } }
let(:user) { FactoryBot.create(:user) }
let(:user) { create(:user) }
before do
sign_in user
@ -636,7 +636,7 @@ RSpec.describe UsersController, type: :request do
end
context "when the user is not part of the same organisation as the current user" do
let(:other_user) { FactoryBot.create(:user) }
let(:other_user) { create(:user) }
it "returns not found 404" do
expect(response).to have_http_status(:not_found)
@ -694,7 +694,7 @@ RSpec.describe UsersController, type: :request do
end
context "when the user is not part of the same organisation as the current user" do
let(:other_user) { FactoryBot.create(:user) }
let(:other_user) { create(:user) }
it "returns not found 404" do
expect(response).to have_http_status(:not_found)
@ -867,7 +867,7 @@ RSpec.describe UsersController, type: :request do
context "when the current user does not match the user ID" do
context "when the user is not part of the same organisation as the current user" do
let(:other_user) { FactoryBot.create(:user) }
let(:other_user) { create(:user) }
let(:params) { { id: other_user.id, user: { name: new_name } } }
before do
@ -897,7 +897,7 @@ RSpec.describe UsersController, type: :request do
end
describe "#create" do
let(:user) { FactoryBot.create(:user, :data_coordinator) }
let(:user) { create(:user, :data_coordinator) }
let(:params) do
{
"user": {
@ -947,7 +947,7 @@ RSpec.describe UsersController, type: :request do
context "when the email is already taken" do
before do
FactoryBot.create(:user, email: "new_user@example.com")
create(:user, email: "new_user@example.com")
end
it "shows an error" do
@ -1107,17 +1107,17 @@ RSpec.describe UsersController, type: :request do
end
context "when user is signed in as a support user" do
let(:user) { FactoryBot.create(:user, :support, organisation: create(:organisation, :without_dpc)) }
let(:other_user) { FactoryBot.create(:user, organisation: user.organisation) }
let(:user) { create(:user, :support, organisation: create(:organisation, :without_dpc)) }
let(:other_user) { create(:user, organisation: user.organisation, last_sign_in_at: Time.zone.now) }
before do
allow(user).to receive(:need_two_factor_authentication?).and_return(false)
end
describe "#index" do
let!(:other_user) { FactoryBot.create(:user, organisation: user.organisation, name: "User 2", email: "other@example.com") }
let!(:inactive_user) { FactoryBot.create(:user, organisation: user.organisation, active: false, name: "User 3", email: "inactive@example.com") }
let!(:other_org_user) { FactoryBot.create(:user, name: "User 4", email: "otherorg@otherexample.com", organisation: create(:organisation, :without_dpc)) }
let!(:other_user) { create(:user, organisation: user.organisation, name: "User 2", email: "other@example.com") }
let!(:inactive_user) { create(:user, organisation: user.organisation, active: false, name: "User 3", email: "inactive@example.com") }
let!(:other_org_user) { create(:user, name: "User 4", email: "otherorg@otherexample.com", organisation: create(:organisation, :without_dpc)) }
before do
sign_in user
@ -1195,8 +1195,8 @@ RSpec.describe UsersController, type: :request do
end
context "when our search term matches an email and a name" do
let!(:other_user) { FactoryBot.create(:user, organisation: user.organisation, name: "joe", email: "other@example.com") }
let!(:other_org_user) { FactoryBot.create(:user, name: "User 4", email: "joe@otherexample.com", organisation: create(:organisation, :without_dpc)) }
let!(:other_user) { create(:user, organisation: user.organisation, name: "joe", email: "other@example.com") }
let!(:other_org_user) { create(:user, name: "User 4", email: "joe@otherexample.com", organisation: create(:organisation, :without_dpc)) }
let(:search_param) { "joe" }
it "returns any results including joe" do
@ -1264,10 +1264,10 @@ RSpec.describe UsersController, type: :request do
describe "CSV download" do
let(:headers) { { "Accept" => "text/csv" } }
let(:user) { FactoryBot.create(:user, :support) }
let(:user) { create(:user, :support) }
before do
FactoryBot.create_list(:user, 25)
create_list(:user, 25)
sign_in user
end
@ -1299,7 +1299,7 @@ RSpec.describe UsersController, type: :request do
context "when there is a search param" do
before do
FactoryBot.create(:user, name: "Unusual name")
create(:user, name: "Unusual name")
get "/users?search=unusual", headers:, params: {}
end
@ -1361,6 +1361,38 @@ RSpec.describe UsersController, type: :request do
expect(page).to have_link("Change", text: "if a key contact")
end
it "does not show option to resend confirmation email" do
expect(page).not_to have_button("Resend invite link")
end
it "allows deactivating the user" do
expect(page).to have_link("Deactivate user", href: "/users/#{other_user.id}/deactivate")
end
context "when user never logged in" do
before do
other_user.update!(last_sign_in_at: nil)
get "/users/#{other_user.id}", headers:, params: {}
end
it "returns 200" do
expect(response).to have_http_status(:ok)
end
it "shows the user details page" do
expect(page).to have_content("#{other_user.name}’s account")
end
it "allows changing name, email, role, dpo and key contact" do
expect(page).to have_link("Change", text: "name")
expect(page).to have_link("Change", text: "email address")
expect(page).to have_link("Change", text: "telephone number")
expect(page).not_to have_link("Change", text: "password")
expect(page).to have_link("Change", text: "role")
expect(page).to have_link("Change", text: "if data protection officer")
expect(page).to have_link("Change", text: "if a key contact")
end
it "allows deactivating the user" do
expect(page).to have_link("Deactivate user", href: "/users/#{other_user.id}/deactivate")
end
@ -1368,6 +1400,7 @@ RSpec.describe UsersController, type: :request do
it "allows you to resend invitation emails" do
expect(page).to have_button("Resend invite link")
end
end
context "when user is deactivated" do
before do
@ -1386,7 +1419,7 @@ RSpec.describe UsersController, type: :request do
end
context "when the user is not part of the same organisation as the current user" do
let(:other_user) { FactoryBot.create(:user) }
let(:other_user) { create(:user) }
it "returns 200" do
expect(response).to have_http_status(:ok)
@ -1455,7 +1488,7 @@ RSpec.describe UsersController, type: :request do
end
context "when the user is not part of the same organisation as the current user" do
let(:other_user) { FactoryBot.create(:user) }
let(:other_user) { create(:user) }
it "returns 200" do
expect(response).to have_http_status(:ok)
@ -1682,7 +1715,7 @@ RSpec.describe UsersController, type: :request do
context "when the current user does not match the user ID" do
context "when the user is not part of the same organisation as the current user" do
let(:other_user) { FactoryBot.create(:user) }
let(:other_user) { create(:user) }
let(:params) { { id: other_user.id, user: { name: new_name } } }
before do
@ -1820,7 +1853,7 @@ RSpec.describe UsersController, type: :request do
end
describe "#create" do
let(:organisation) { FactoryBot.create(:organisation, :without_dpc) }
let(:organisation) { create(:organisation, :without_dpc) }
let(:email) { "new_user@example.com" }
let(:params) do
{
@ -1867,7 +1900,7 @@ RSpec.describe UsersController, type: :request do
end
before do
FactoryBot.create(:user, email: "new_user@example.com")
create(:user, email: "new_user@example.com")
end
it "shows an error messages for all failed validations" do
@ -1882,7 +1915,7 @@ RSpec.describe UsersController, type: :request do
context "when the email is already taken" do
before do
FactoryBot.create(:user, email: "new_user@example.com")
create(:user, email: "new_user@example.com")
end
it "shows an error" do
@ -1912,7 +1945,7 @@ RSpec.describe UsersController, type: :request do
describe "#new" do
before do
sign_in user
FactoryBot.create(:organisation, name: "other org")
create(:organisation, name: "other org")
end
context "when support user" do

Loading…
Cancel
Save