Browse Source

Update tests for user account routes

pull/400/head
Paul Robert Lloyd 3 years ago
parent
commit
45f2577805
  1. 2
      config/initializers/rack_attack.rb
  2. 4
      spec/features/auth/user_lockout_spec.rb
  3. 2
      spec/features/organisation_spec.rb
  4. 2
      spec/features/start_page_spec.rb
  5. 20
      spec/features/user_spec.rb
  6. 8
      spec/requests/auth/passwords_controller_spec.rb
  7. 4
      spec/requests/bulk_upload_controller_spec.rb
  8. 2
      spec/requests/case_logs_controller_spec.rb
  9. 6
      spec/requests/form_controller_spec.rb
  10. 6
      spec/requests/organisations_controller_spec.rb
  11. 6
      spec/requests/rack_attack_spec.rb
  12. 12
      spec/requests/users_controller_spec.rb

2
config/initializers/rack_attack.rb

@ -9,7 +9,7 @@ else
end
Rack::Attack.throttle("password reset requests", limit: 5, period: 60.seconds) do |request|
if request.params["user"].present? && request.path == "/users/password" && request.post?
if request.params["user"].present? && request.path == "/account/password" && request.post?
request.params["user"]["email"].to_s.downcase.gsub(/\s+/, "")
end
end

4
spec/features/auth/user_lockout_spec.rb

@ -9,7 +9,7 @@ RSpec.describe "User Lockout" do
context "when login-in with the wrong user password up to a maximum number of attempts" do
before do
visit("/users/sign-in")
visit("/account/sign-in")
max_login_attempts.times do
fill_in("user[email]", with: user.email)
fill_in("user[password]", with: "wrong_password")
@ -18,7 +18,7 @@ RSpec.describe "User Lockout" do
end
it "locks the user account" do
visit("/users/sign-in")
visit("/account/sign-in")
fill_in("user[email]", with: user.email)
fill_in("user[password]", with: user.password)
click_button("Sign in")

2
spec/features/organisation_spec.rb

@ -55,7 +55,7 @@ RSpec.describe "User Features" do
name: "New User",
email: "new_user@example.com",
organisation: organisation.name,
link: "http://localhost:3000/users/password/edit?reset_password_token=#{reset_password_token}",
link: "http://localhost:3000/account/password/edit?reset_password_token=#{reset_password_token}",
},
},
)

2
spec/features/start_page_spec.rb

@ -20,7 +20,7 @@ RSpec.describe "Start Page Features" do
it "takes you to sign in and then to logs" do
visit("/")
click_link("Start now")
expect(page).to have_current_path("/users/sign-in?start=true")
expect(page).to have_current_path("/account/sign-in?start=true")
fill_in("user[email]", with: user.email)
fill_in("user[password]", with: user.password)
click_button("Sign in")

20
spec/features/user_spec.rb

@ -17,7 +17,7 @@ RSpec.describe "User Features" do
context "when the user navigates to case logs" do
it " is required to log in" do
visit("/logs")
expect(page).to have_current_path("/users/sign-in")
expect(page).to have_current_path("/account/sign-in")
expect(page).to have_content("Sign in to your account to submit CORE data")
end
@ -59,11 +59,11 @@ RSpec.describe "User Features" do
it " is redirected to the reset password page when they click the reset password link" do
visit("/logs")
click_link("reset your password")
expect(page).to have_current_path("/users/password/new")
expect(page).to have_current_path("/account/password/new")
end
it " is shown an error message if they submit without entering an email address" do
visit("/users/password/new")
visit("/account/password/new")
click_button("Send email")
expect(page).to have_selector("#error-summary-title")
expect(page).to have_selector("#user-email-field-error")
@ -71,7 +71,7 @@ RSpec.describe "User Features" do
end
it " is shown an error message if they submit an invalid email address" do
visit("/users/password/new")
visit("/account/password/new")
fill_in("user[email]", with: "thisisn'tanemail")
click_button("Send email")
expect(page).to have_selector("#error-summary-title")
@ -80,24 +80,24 @@ RSpec.describe "User Features" do
end
it " is redirected to check your email page after submitting an email on the reset password page" do
visit("/users/password/new")
visit("/account/password/new")
fill_in("user[email]", with: user.email)
click_button("Send email")
expect(page).to have_content("Check your email")
end
it " is shown their email on the password reset confirmation page" do
visit("/users/password/new")
visit("/account/password/new")
fill_in("user[email]", with: user.email)
click_button("Send email")
expect(page).to have_content(user.email)
end
it " is shown the reset password confirmation page even if their email doesn't exist in the system" do
visit("/users/password/new")
visit("/account/password/new")
fill_in("user[email]", with: "idontexist@example.com")
click_button("Send email")
expect(page).to have_current_path("/confirmations/reset?email=idontexist%40example.com")
expect(page).to have_current_path("/account/password/reset-confirmation?email=idontexist%40example.com")
end
it " is sent a reset password email via Notify" do
@ -109,11 +109,11 @@ RSpec.describe "User Features" do
name: user.name,
email: user.email,
organisation: user.organisation.name,
link: "http://localhost:3000/users/password/edit?reset_password_token=#{reset_password_token}",
link: "http://localhost:3000/account/password/edit?reset_password_token=#{reset_password_token}",
},
},
)
visit("/users/password/new")
visit("/account/password/new")
fill_in("user[email]", with: user.email)
click_button("Send email")
end

8
spec/requests/auth/passwords_controller_spec.rb

@ -20,7 +20,7 @@ RSpec.describe Auth::PasswordsController, type: :request do
let(:email) { user.email }
it "redirects to the email sent page" do
post "/users/password", params: params
post "/account/password", params: params
expect(response).to have_http_status(:redirect)
follow_redirect!
expect(response.body).to match(/Check your email/)
@ -35,7 +35,7 @@ RSpec.describe Auth::PasswordsController, type: :request do
let(:email) { "madeup_email@test.com" }
it "redirects to the email sent page anyway" do
post "/users/password", params: params
post "/account/password", params: params
expect(response).to have_http_status(:redirect)
follow_redirect!
expect(response.body).to match(/Check your email/)
@ -59,12 +59,12 @@ RSpec.describe Auth::PasswordsController, type: :request do
let(:message) { "Your password has been changed successfully. You are now signed in" }
it "changes the password" do
expect { put "/users/password", params: update_password_params }
expect { put "/account/password", params: update_password_params }
.to(change { user.reload.encrypted_password })
end
it "after password change, the user is signed in" do
put "/users/password", params: update_password_params
put "/account/password", params: update_password_params
# Devise redirects once after re-sign in with new password and then root redirects as well.
follow_redirect!
follow_redirect!

4
spec/requests/bulk_upload_controller_spec.rb

@ -17,7 +17,7 @@ RSpec.describe BulkUploadController, type: :request do
before { get url, headers: headers, params: {} }
it "does not let you see the bulk upload page" do
expect(response).to redirect_to("/users/sign-in")
expect(response).to redirect_to("/account/sign-in")
end
end
@ -25,7 +25,7 @@ RSpec.describe BulkUploadController, type: :request do
before { post url, params: { bulk_upload: { case_log_bulk_upload: valid_file } } }
it "does not let you submit bulk uploads" do
expect(response).to redirect_to("/users/sign-in")
expect(response).to redirect_to("/account/sign-in")
end
end
end

2
spec/requests/case_logs_controller_spec.rb

@ -200,7 +200,7 @@ RSpec.describe CaseLogsController, type: :request do
context "with a user that is not signed in" do
it "does not let the user get case log tasklist pages they don't have access to" do
get "/logs/#{case_log.id}", headers: headers, params: {}
expect(response).to redirect_to("/users/sign-in")
expect(response).to redirect_to("/account/sign-in")
end
end

6
spec/requests/form_controller_spec.rb

@ -24,19 +24,19 @@ RSpec.describe FormController, type: :request do
describe "GET" do
it "does not let you get case logs pages you don't have access to" do
get "/logs/#{case_log.id}/person-1-age", headers: headers, params: {}
expect(response).to redirect_to("/users/sign-in")
expect(response).to redirect_to("/account/sign-in")
end
it "does not let you get case log check answer pages you don't have access to" do
get "/logs/#{case_log.id}/household-characteristics/check-answers", headers: headers, params: {}
expect(response).to redirect_to("/users/sign-in")
expect(response).to redirect_to("/account/sign-in")
end
end
describe "POST" do
it "does not let you post form answers to case logs you don't have access to" do
post "/logs/#{case_log.id}/form", params: {}
expect(response).to redirect_to("/users/sign-in")
expect(response).to redirect_to("/account/sign-in")
end
end
end

6
spec/requests/organisations_controller_spec.rb

@ -13,17 +13,17 @@ RSpec.describe OrganisationsController, type: :request do
describe "#show" do
it "does not let you see organisation details from org route" do
get "/organisations/#{organisation.id}", headers: headers, params: {}
expect(response).to redirect_to("/users/sign-in")
expect(response).to redirect_to("/account/sign-in")
end
it "does not let you see organisation details from details route" do
get "/organisations/#{organisation.id}/details", headers: headers, params: {}
expect(response).to redirect_to("/users/sign-in")
expect(response).to redirect_to("/account/sign-in")
end
it "does not let you see organisation users" do
get "/organisations/#{organisation.id}/users", headers: headers, params: {}
expect(response).to redirect_to("/users/sign-in")
expect(response).to redirect_to("/account/sign-in")
end
end
end

6
spec/requests/rack_attack_spec.rb

@ -31,7 +31,7 @@ describe "Rack::Attack" do
context "when the number of requests is under the throttle limit" do
it "does not throttle" do
under_limit.times do
post "/users/password", params: params
post "/account/password", params: params
follow_redirect!
end
last_response = response
@ -42,7 +42,7 @@ describe "Rack::Attack" do
context "when the number of requests is at the throttle limit" do
it "does not throttle" do
limit.times do
post "/users/password", params: params
post "/account/password", params: params
follow_redirect!
end
last_response = response
@ -53,7 +53,7 @@ describe "Rack::Attack" do
context "when the number of requests is over the throttle limit" do
it "throttles" do
over_limit.times do
post "/users/password", params: params
post "/account/password", params: params
follow_redirect!
end
last_response = response

12
spec/requests/users_controller_spec.rb

@ -20,35 +20,35 @@ RSpec.describe UsersController, type: :request do
describe "#show" do
it "does not let you see user details" do
get "/users/#{user.id}", headers: headers, params: {}
expect(response).to redirect_to("/users/sign-in")
expect(response).to redirect_to("/account/sign-in")
end
end
describe "#edit" do
it "does not let you edit user details" do
get "/users/#{user.id}/edit", headers: headers, params: {}
expect(response).to redirect_to("/users/sign-in")
expect(response).to redirect_to("/account/sign-in")
end
end
describe "#password" do
it "does not let you edit user passwords" do
get "/users/#{user.id}/password/edit", headers: headers, params: {}
expect(response).to redirect_to("/users/sign-in")
expect(response).to redirect_to("/account/sign-in")
end
end
describe "#patch" do
it "does not let you update user details" do
patch "/logs/#{user.id}", params: {}
expect(response).to redirect_to("/users/sign-in")
expect(response).to redirect_to("/account/sign-in")
end
end
describe "reset password" do
it "renders the user edit password view" do
_raw, enc = Devise.token_generator.generate(User, :reset_password_token)
get "/users/password/edit?reset_password_token=#{enc}"
get "/account/password/edit?reset_password_token=#{enc}"
expect(page).to have_css("h1", class: "govuk-heading-l", text: "Reset your password")
end
@ -88,7 +88,7 @@ RSpec.describe UsersController, type: :request do
before do
allow(User).to receive(:find_or_initialize_with_error_by).and_return(user)
allow(user).to receive(:reset_password_sent_at).and_return(4.hours.ago)
put "/users/password", headers: headers, params: params
put "/account/password", headers: headers, params: params
end
it "shows an error" do

Loading…
Cancel
Save